* remove redundant remote_user for local setting
local action plugin already does and this also should fix
fork/thread issue by removing use of pwd library
fixes#59642
(cherry picked from commit 488b9d6c35)
* ensure local exposes correct user (#72543)
* ensure local exposes correct user
avoid corner case in which delegation relied on
playcontext fallback which was removed
fixes#72541
(cherry picked from commit aa4d53ccdf)
Change:
- `udev` is provided by `systemd-udev`, which our `state=present` check
doesn't match. For now, work around this so we don't end up trying to
upgrade all of systemd.
- In the future, we should discuss if the `yum` module does the right
thing here.
Test Plan:
- Locally in docker
- CI
Signed-off-by: Rick Elrod <rick@elrod.me>
When enumerating connections with psutil, catch and ignore errors to avoid returning a stack trace.
Co-authored-by: Matt Martz <matt@sivel.net>
(cherry picked from commit fb09fd2a23)
* Fix missing ansible.builtin FQCNs in hardcoded action names (#71824)
* Make sure hard-coded action names also check for FQCN.
* Use _add_internal_fqcn() to avoid hardcoded lists and typoes.
(cherry picked from commit da60525610)
ci_complete
* Replace some more FQCNs.
(cherry picked from commit 72302dd611)
* Fix another case which was already fixed in stable-2.10.
* Consolidate logic for determining whether or not session is interactive
into a single function, is_interactive()
* Increase test coverage
I wasn't able to find a good way of simulating running a backgrounded test with CI since the
whole test is essentially run not in a TTY, which is similar enough to cause the new is_interactive()
function to always return false.
(cherry picked from commit 4b8cb6582b)
Co-authored-by: Sam Doran <sdoran@redhat.com>
* file: add symlink is in a sticky directory tests
* file: handle symlink in a sticky directory
The builtins import was removed since it was unused, but it is now needed.
(cherry picked from commit b464d18fd1)
Co-authored-by: Pilou <pierre-louis.bonicoli@libregerbil.fr>
Co-Authored-By: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
* [centos6] update container for EOL
Change:
- Reference:
https://lists.centos.org/pipermail/centos-devel/2020-December/056208.html
- Bump centos6 container to 1.25.0
Test Plan:
- ci_complete
Signed-off-by: Rick Elrod <rick@elrod.me>
* update EPEL 6 too which is now archived
Signed-off-by: Rick Elrod <rick@elrod.me>
* bump to 1.26.0
Signed-off-by: Rick Elrod <rick@elrod.me>
* Pull image from Quay to avoid Dockerhub limits
CI tests are failing in certain situations due to the new Docker Hub limits on anonymous pulls. Switch
to pulling an equivalent image from Quay.io.
* Use correct layer SHAs
* Use an image with enough older shas to do the test correctly
* Use images we control on Quay for testing
* Use correct SHA for new images
* Use images from a single repo in Quay but with tags
* Use correct nginx image
* Use correct tags in docker-registry test
* Fix incorrect image name in debug message
* Use our busybox image
* Little more alpine image cleanup
Change:
- The repo we were testing with no longer seems to exist. Point to one
that does.
Test Plan:
- local test in docker
- CI
Signed-off-by: Rick Elrod <rick@elrod.me>
* [stable-2.9] [dnf] Some fixes around filtering (#72483)
Change:
- Docs: Add note that security/bugfix apply to dependencies too, like
the dnf command.
- dnf: security/bugfix only makes sense for updates, so limit the
package query sack to available updates.
- tests: Limit tests to our known-good test packages, so that RHEL
packages marked security/bugfix without similarly marked dependencies
don't fail our tests.
Test Plan:
- Tested with `dnf upgrade-minimal --bugfix` and reproduced the same
error currently seen in CI, showing that we are consistent with what
dnf does.
Tickets:
- Likely fixes#72316
Signed-off-by: Rick Elrod <rick@elrod.me>
(cherry picked from commit d8c637da37)
Co-authored-by: Rick Elrod <rick@elrod.me>
* Add changelog (#72502)
(cherry picked from commit b33d7e2e29)
Co-authored-by: Rick Elrod <rick@elrod.me>
Change:
- Previously, we only showed that something would have changed, not what
would have changed. This allows us to show what will chang as well.
Test Plan:
- Local RHEL8 VM
- New integration tests
Tickets:
- Fixes#66132
Signed-off-by: Rick Elrod <rick@elrod.me>
Change:
- Previously when `security: true` and `bugfix: true` were both given,
only security updates would get applied. Filters now accumulate so
that both get applied in this case.
Test Plan:
- New integration tests for both check_mode and not. These tests make
use of a contrived yum repository which is stored in S3.
Tickets:
- Fixes#70854
Signed-off-by: Rick Elrod <rick@elrod.me>
Co-authored-by: Matt Martz <matt@sivel.net>
Co-authored-by: Matt Martz <matt@sivel.net>
The luseradd / lusermod commands do not support the -e option. Set
the expiry time in this case via lchage after the user was
created / modified.
Fixes: #71942
In Python3 math.floor returns an integer whereas Python2 returns a float.
Hence always convert the result of math.floor to an int to ensure that
lexpires is an integer.
Move local expires tests in a separate file and import the tasks to the
main.yml to keep main.yml smaller.
(cherry picked from commit a7170da851)
Change:
- This enables the inventory_kubevirt_conformance test to pass again on
freebsd.
- This was due to a google-auth version bump. The dep chain looks like
this: openshift -> kubernetes -> google-auth -> aiohttp -> multidict
Test Plan:
- ansible-test integration inventory_kubevirt_conformance --remote
freebsd/12.0
Signed-off-by: Rick Elrod <rick@elrod.me>
Change:
- pip packages should get removed after, not try to add them again
- Try removing containerd.io package too
- Backport of #71949
Test Plan:
- CI
- ci_complete
Signed-off-by: Rick Elrod <rick@elrod.me>
Change:
- Newer docker versions report the same message whether or not a logout
actually happened.
- Determine change status from looking at the config instead if we can.
- This also allows us to restore check_mode in logout and re-enable that
test.
Test Plan:
- CI, re-enabled tests
Tickets:
- Refs 6248f2fb6f
Signed-off-by: Rick Elrod <rick@elrod.me>
Change:
- The docker-ce.repo file for centos does not work on RHEL since it uses
$releasever and on RHEL that is, e.g., "7Server".
- Instead, set up the repo manually.
- Additionally, the docker centos8 repo no longer has old versions, so
we use the (only) version in the repo instead.
Test Plan:
- CI
Signed-off-by: Rick Elrod <rick@elrod.me>
(cherry picked from commit 31ddca4c0d)
The file test will no longer attempt to test attributes if `lsattr -vd` does not work on the system under test.
(cherry picked from commit 17765cd4e8)
Co-authored-by: Matt Clay <mclay@redhat.com>
The stat time granularity on macOS is one second. We recently upgrade
to faster macOS hosts, so some tests that run closely together to
see if something changed will have the same timestamp intermittently.
A recent update to cffi that was yanked is still being installed on our
Mac OS X 10.11 test image since the version of pip there is very old and
does not ignore yanked packages.
Pin the version of pyOpenSSL and its dependencies to fix this and avoid
future spontaneous failures.
(cherry picked from commit 65cdb86c8a)
Co-authored-by: Sam Doran <sdoran@redhat.com>
* Add encoding.py from devel to support backports.
* Add io.py from devel to support backports.
* Update ansible-test support for CI providers. (#69522)
Refactored CI provider code to simplify multiple provider support and addition of new providers.
(cherry picked from commit d8e0aadc0d)
* Add Shippable request signing to ansible-test. (#69526)
(cherry picked from commit e7c2eb519b)
* ansible-test local change detection: use --base-branch if specified (#69508)
(cherry picked from commit 43acd61901)
* Add Azure Pipelines support to ansible-test.
(cherry picked from commit 8ffaed00f8)
* Update ansible-test remote endpoint handling. (#71413)
* Request ansible-core-ci resources by provider.
* Remove obsolete us-east-2 CI endpoint.
* Add new --remote-endpoint option.
* Add warning for --remote-aws-region option.
* Update service endpoints.
* Allow non-standard remote stages.
* Add changelog fragment.
(cherry picked from commit d099591964)
* Fix ansible-test coverage traceback. (#71446)
* Add integration test for ansible-test coverage.
* Fix ansible-test coverage traceback.
* Fix coverage reporting on Python 2.6.
(cherry picked from commit f5b6df14ab)
* Use new endpoint for Parallels based instances.
(cherry picked from commit 98febab975)
* Add pause to avoid same mtime in test.
(cherry picked from commit 3d769f3a76)
Co-authored-by: Felix Fontein <felix@fontein.de>
Change:
- By default the dnf API does not gpg-verify packages. This is a feature
that is executed in its CLI code. It never made it into Ansible's
usage of the API, so packages were previously not verified.
- This fixes CVE-2020-14365.
Test Plan:
- New integration tests
Signed-off-by: Rick Elrod <rick@elrod.me>
The message generated by systemctl has been updated in 9321e23c40, which requires a corresponding change in the systemd module.
In addition, this fixes the module when the SYSTEMD_OFFLINE environment variable is set.
(cherry picked from commit a1a50bb3cd)
* tests: Use `hg serve` instead of bitbucket for hg
Change:
- Uses `hg serve` instead of a bitbucket repo for hg tests
- bitbucket no longer serves hg
Test Plan:
- CI, fixed integration tests
Signed-off-by: Rick Elrod <rick@elrod.me>
* Disable mongodb_replicaset tests for now
Change:
- 4.0.20 breaks tests, disable for now
Test Plan:
- CI
Tickets:
- https://github.com/ansible-collections/community.mongodb/issues/136
Signed-off-by: Rick Elrod <rick@elrod.me>
* setup_mongodb: Nix RH package installation/removal
Change:
- Our RHEL and CentOS images make these unnecessary and they were
broken.
Test Plan:
- CI
Signed-off-by: Rick Elrod <rick@elrod.me>
* Disable mongodb_shard tests for now
Change:
- 4.0.20 breaks tests, disable for now
Test Plan:
- CI
Tickets:
- https://github.com/ansible-collections/community.mongodb/issues/136
Signed-off-by: Rick Elrod <rick@elrod.me>
Brian Coca