The apt-key command takes an optional --keyring parameter representing
the path to a specific GPG keyring to operate on. If it's not given,
the command operates on all keyring files, i.e., /etc/apt/trusted.gpg
and /etc/apt/trusted.gpg.d/*.gpg.
This change adds a 'keyring' parameter to the apt_key module and
propagates it down to the apt-key command line. The main use case this
supports is organizing keys for third-party repos into individual
keyrings in /etc/apt/trusted.gpg.d, rather than putting them all in
the default keyring.
When revoking privileges from a user, the GRANT OPTION is always
revoked, even if the user doesn't have it. If the user exists, this
doesn't give an error, but if the user doesn't exist, it does:
mysql> GRANT ALL ON test.* TO 'test'@'localhost';
Query OK, 0 rows affected (0.00 sec)
mysql> REVOKE GRANT OPTION ON test.* FROM 'test'@'localhost';
Query OK, 0 rows affected (0.00 sec)
mysql> REVOKE GRANT OPTION ON test.* FROM 'test'@'localhost';
Query OK, 0 rows affected (0.00 sec)
mysql> REVOKE ALL ON test.* FROM 'test'@'localhost';
Query OK, 0 rows affected (0.00 sec)
mysql> REVOKE GRANT OPTION ON test.* FROM 'test'@'localhost';
ERROR 1141 (42000): There is no such grant defined for user 'test' on
host 'localhost'
Additionally, in MySQL 5.6 this breaks replication because of
http://bugs.mysql.com/bug.php?id=68892.
Rather than revoking the GRANT OPTION and catching the error, check if
the user actually has it and only revoke it when he does.
This fixes an asterisk glob problem in get_package_state() where a file
in /root/ could cause shell expansion if it matched the package name.
The actual problem is solved by running with shell=False.
Git is unable to checkout the specified `version` when the repository is
cloned with a reduced history (`depth`). However, if the repository is
already cloned, subsequent git module calls will update the repository
(default update=True), then properly checkout the specified `version`.
To allow the initial call to properly clone the specified `version`, at
the specified `depth`, this patch adds the `--branch` parameter when
cloning the repository.
Add follow parameter to stat module that controls whether to follow
symlinks. It defaults to no.
This then calls os.stat or os.lstat based on the value of follow.
Add lnk_source key/value pair if path is a symlink and follow=no.
Drop the statement that sets isdir=False and islnk=True when path is a
symlink that points to a directory.
Converting the argument list to a string with ' '.join causes
the shell interpreter to misparse spaces in property values.
Since the zfs command does not need shell anywhere, using
a list instead of a string works just as well with run_command.
Fixes#3545.
Current property parser breaks when values contain spaces. Since
zfs get -H returns tab separated lines, it is better to explicitly
split on tabs than on whitespace.
The file module would in some cases return dest=/path/to/file, and in other cases return path=/path/to/file, this change makes it more consistent and in line with all the other file-related modules (i.e. copy, assemble, template, ...) by using dest= instead of path= as the input and output argument. (Of course, path is still there as an alias for compatibility).
Sometimes when using digital_ocean with wait=no I get the error "No ip is found". But with wait=no I wouldn't expect there to be any IP, that gets allocated later. However, looking at the code, it turns out that with even with wait=no it waits up to 10 seconds for an IP to be allocated. We could wait longer, but with wait=no that seems like the wrong choice; it's easy enough to grab an IP later with a wait=yes command.
To make this change I removed the call to update_attr in @classmethod add. An add is always followed by an ensure_powered_on which will do the update_attr if wait=yes. It would be possible to instead do a call to update_attr with no retries and ignore the errors but I figured it would be better to be consistently not return an IP than to sometimes return it and sometimes not. Inconsistent behaviour makes debugging deployment scripts very difficult.
This diff syncs package_latest() with the changes to package_present().
I have not managed to figure out how to handle the cornercases where
stderr is set but the command has not failed, so leave a FIXME blob for
other adventurers.
* Add '-m' to pkg_add incovation to get access to the "packagename-1.0: ok"
message.
* Watch for that message if we are about to fail because of stderr in
package_present().
The keystone client needs to be passed tenant_name when authenticating the
user/password way. Also it needs auth_url instead of endpoint.
This fix adds login_tenant_name as a module parameter which is consistent
with the other OpenStack modules.
This fixes a problem when trying to install a package with a specific version
number from a local directory and the local directory is checked after a remote
repository:
Error from http://ftp.eu.openbsd.org/pub/OpenBSD/[...]/packagename-1.0.tgz
ftp: Error retrieving file: 404 Not Found
packagename-1.0: ok
Bugs:
(1) no longer allow empty jobs
(2) strip the header added by crontab package used in openSuSE and SuSE
(3) try not to leak temp files when things go wrong
(4) issue returning job names under certain conditions
Enhancements:
(1) Allow all special times not just reboot.
(2) Fail earlier by performing more input validation
(3) Add feature to allow removing cron file under /etc/cron.d
ToDo:
(1) Validate times (minute, hour, ...)
(2) Strip white space from fields such as name and job such that name=foo equals name=' foo'.
(3) More testing
Adds more parameters which may be passed to supervisorctl: config,
serverurl, username, password
Also refactored the various `module.run_command(build_a_string)` calls
into a single `run_supervisorctl` function.
Some services have a knob (i.e. rc.conf setting) whose name
differs from that of the script. For example, lockd process
is controlled with a script called lockd, but the rc.conf
value is rpc_lockd_enable.
Fixes issue #3382.
Previously, a configuration file name of None was being passed into
up2dateInitConfig(). This resulted in a correct configuration import,
but failed to properly save the configuration back to disk in the event
a different serverURL was supplied. This change removes support for
customizing the up2date filename entirely, and relies on up2date to
choose the default config filename.
Syntax like "'foo' if bar else 'baz'" is not supported by all Python
versions targetted by Ansible. Hence we break it up.
Signed-off-by: martin f. krafft <madduck@madduck.net>
When update-rc.d is used to enable/disable service, the changed flag was
always true (see #2189). This commit fixes that.
Signed-off-by: martin f. krafft <madduck@madduck.net>
This does two things:
* add --recursive option to git clone command in clone(). This will
initialize all submodules when cloning a remote repository.
* Add submodule_update() and call that from fetch(). submodule_update()
calls two git commands iff the file .gitmodules exists in the
repository:
* 'git submodule sync' - synchronizes the submodules' remote URL
configuration setting to the value in .gitmodules.
* 'git submodule update --init --recursive' - initialize and update
registered submodules to the commit specified in the index of the
containing repository.
If a repository was cloned without --recursive, submodule_update() will
ensure that the submodules are initialized and updated.
A small error in the reuse of a variable caused packages to never get
purged. This commit fixes that.
Signed-off-by: martin f. krafft <madduck@madduck.net>
Older python-apt modules don't export Package.installed_files and there
seems to be no other way to figure out if a package is
removed-but-not-purged, so we just always assume it's purged.
Signed-off-by: martin f. krafft <madduck@madduck.net>
A package may be removed but not purged with APT. The only way to
identify this state is by looking at the list of installed files of
a package. Even if the package has no files installed, this list will be
non-empty until the package is removed:
# python -c "import apt; c=apt.Cache(); c.update(); c.open(); p=c['ruby1.8']; print p, p.installed, p.installed_files"
<Package: name:'ruby1.8' id:1425> None [u'']
# dpkg --purge ruby1.8
(Reading database ... 27904 files and directories currently installed.)
Removing ruby1.8 ...
Purging configuration files for ruby1.8 ...
# python -c "import apt; c=apt.Cache(); c.update(); c.open(); p=c['ruby1.8']; print p, p.installed, p.installed_files"
<Package: name:'ruby1.8' id:1425> None []
See http://bugs.debian.org/712749 too.
If a package is not marked installed but it still 'has_files', then it
should be processed if the request is to purge it.
Signed-off-by: martin f. krafft <madduck@madduck.net>
A small error in the reuse of a variable caused packages to never get
purged. This commit fixes that.
Signed-off-by: martin f. krafft <madduck@madduck.net>
name is used throughout Ansible, it's the "standard". This change
applies that standard to the add_host routine and updates the docs to
reflect that. Related to https://github.com/ansible/ansible/pull/3254
On machines with multiple pci domains get_device_facts would fail to
find a matching pci device causing setup to fail. Also on some platforms
there is additional information between the pci information and 'host'.
Modified get_device_facts to call lspci with the -D option and modified
the regex to account for the pci domain and to be more selective.