This change is in response to issue #1515.
Original pull request #1580.
The original problem is: in authorized_key module you have no idea about users
which will be created by Ansible at first run. I can propose next two ways to
solve this problem:
1. Combine modules system/user.py and system/authorized_key.py in one module
(so you will know everything about users in that module)
2. Use small workaround: add my commit and always provide 'path' parameter
for authorized_key module during runs with --check option.
Fixes#530.
It's more generic than #578 which only fixes spaces escaping in name (target dir to mount).
Escaping is used in both `set_mount` (important for `src`, `name` and `opts`) and
`unset_mount` (for `name`).
It's shouldn't be used in `mount` and `umount` since `name` parameter is passed as array element
to `module.run_command`.
Signed-off-by: Konstantin Gribov <grossws@gmail.com>
* Fix docs to specify when python2.6+ is required (due to a library
dep). This helps us know when it is okay to use python2.6+ syntax in
the file.
* remove BabyJson returns. See #1211 This commit fixes all but the
openstack modules.
* Use if __name__ == '__main__' to only run the main part of the module
if the module is run as a program. This allows for the potential to
unittest the code later.
Add working status detection for pf on FreeBSD
i'm going to merge this to give you a usable workaround, still I consider this a bug in the init script.
Includes commits for:
* Don't return change if the password is not set
* Set the group to nogroup if none is specified
* Set an uid if none is specified
* Test if SHADOWFILE is set (for Darwin)
* remove unused uid
Upstart scripts are being incorrectly identified as SysV init scripts
due to a logic error in the `service` module.
Because upstart uses multiple commands (`/sbin/start`, `/sbin/stop`,
etc.) for managing service state, the codepath for upstart sets
`self.svc_cmd` to an empty string on line 451.
Empty strings are considered a non-truthy value in Python, so
conditionals which are checking the state of `self.svc_cmd` should
explicitly compare it to `None` to avoid overlooking the fact that
the service may be controlled by an upstart script.
I have a task like this in a playbook. The ansible_ssh_user is 'root'
for this host.
- cron:
hour: 00
job: /home/backup/backup.sh
name: baserock.org data backup
user: backup
Running it gave me the following error:
TASK: [backup cron job, runs every day at midnight] ***************************
failed: [baserock-backup1] => {"failed": true}
msg: crontab: can't open '/tmp/crontabvVjoZe': Permission denied
crontab: user backup cannot read /tmp/crontabvVjoZe
The temporary file created by the 'cron' module is created with the
Python tempfile.mkstemp() function. This creates a file that is readable
only by 'root' (mode 600). The Busybox `crontab` program then checks if
the file is readable by the 'backup' user, and fails if it isn't. So we
need to make sure the file is world-readable before running `crontab`.
I tried a playbook with the following (accidentally wrong) task:
tasks:
- name: authorized key test
authorized_key: key=/home/sam/.ssh/id_rsa.pub key_options='command="/foo/bar"' user=sam
I got the following traceback:
TASK: [authorized key test] ***************************************************
failed: [localhost] => {"failed": true, "parsed": false}
Traceback (most recent call last):
File "/home/sam/.ansible/tmp/ansible-tmp-1427110003.65-277897441194582/authorized_key", line 2515, in <module>
main()
File "/home/sam/.ansible/tmp/ansible-tmp-1427110003.65-277897441194582/authorized_key", line 460, in main
results = enforce_state(module, module.params)
File "/home/sam/.ansible/tmp/ansible-tmp-1427110003.65-277897441194582/authorized_key", line 385, in enforce_state
parsed_new_key = (parsed_new_key[0], parsed_new_key[1], parsed_options, parsed_new_key[3])
TypeError: 'NoneType' object has no attribute '__getitem__'
With this fix, I see the expected error instead:
TASK: [authorized key test] ***************************************************
failed: [localhost] => {"failed": true}
msg: invalid key specified: /home/sam/.ssh/id_rsa.pub
This option allows the module to ensure that ONLY the specified keys
exist in the authorized_keys file. All others will be removed. This is
quite useful when rotating keys and ensuring no other key will be
accepted.
This adds a must_exist option to the service module, which gives callers the
ability to be tolerant to services that do not exist. This allows for
opportunistic manipulation of a list of services if they happen to exist on the
host. While failed_when could be used, it's difficult to track all the
different error strings that might come from various service tools regarding a
missing service.