* Add a mount_facts module capable of gathering mounts skipped by default
fact gathering
* By default, collect mount facts from standard locations including
/etc/mtab, /proc/mounts, /etc/fstab, /etc/mnttab, /etc/vfstab, and on AIX,
/etc/filesystems.
When no file-based source for the current mounts can be found
(like /proc/mounts), the module falls back to using mount as a source.
This allows BSD and AIX to collect the existing mounts by default, without
causing Linux hosts to use both /proc/mounts and mount output.
* Non-standard locations and "mount" can be configured as a sources.
* Support returning an aggregate list of mount points in addition to first
found.
When there are multiple mounts for the same mount point in an
individual source, a warning is given if the include_aggregate_mounts
option is not configured.
* Add options to filter on fstypes and devices (supporting UNIX shell
wildcards).
* Support configuring a timeout and timeout behavior to make it easier
to use the module as a default facts module without risking a hang.
* Include the source and line(s) corresponding to a mount for easier
debugging.
Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
Co-authored-by: Matt Clay <matt@mystile.com>
Co-authored-by: Matt Davis <6775756+nitzmahone@users.noreply.github.com>
* add descriptions for `ansible-galaxy install` and `ansible-galaxy role|collection install`
* fix the usage for installing roles and collections together and include collections in the description for -r
Closes#81159
Co-authored-by: Alan Rominger <arominge@redhat.com>
Co-authored-by: Sandra McCann <samccann@redhat.com>
Instead of re-using the token used in impersonation, this change will
create a new token for the SYSTEM account as returned by LogonUser. The
benefits of this is that the token will contain the full privileges for
the SYSTEM account rather than potentially one that has restricted
privileges we used during impersonation. It should also help avoid
problems on Windows that fails on status 0x0000016F when the
impersonated token during become was from a process that is restricted
from creating sub processes.
* add a loop_control break_when directive to break out of a loop after any item
* remove loop var as normal exit would
* example usage:
- name: generate a random password up to 10 times, until it matches the policy
set_fact:
password: "{{ lookup('password', '/dev/null', chars=character_set, length=length) }}"
loop: "{{ range(0, 10) }}"
loop_control:
break_when:
- password is match(password_policy)
Co-authored-by: s-hertel <19572925+s-hertel@users.noreply.github.com>
* psrp - Remove extras lookups
Removed the extras variable lookups for the psrp connection plugin. All
valid options are already documented and the extras functionality is
slated to be deprecated at a future point in time. This should have
affect on existing user's playbooks.
* Fix up sanity tests and add explicit boolean conversion test
Adds the datastore details to the parser error when attempting to
include tasks that contain include_tasks without a filename set. This
change will now display the exact location of the include_tasks that
failed like any normal syntax error.
Expands the test matrix used for testing on Windows to cover the three
connection plugins we support for all the tasks. This change also
changes how raw commands are run over SSH to avoid starting a
`powershell.exe` process that was uneeded in the majority of cases used
in Ansible. This simplifies our code a bit more by removing extra
Windows specific actions in the ssh plugin and improves the efficiency
when running tasks.
Added configuration options, including environment variables to control the polling
No-Issue
---------
Signed-off-by: James Tanner <tanner.jc@gmail.com>
Co-authored-by: s-hertel <19572925+s-hertel@users.noreply.github.com>
Co-authored-by: Jordan Borean <jborean93@gmail.com>
* Rely on dnf.base.remove, no special handling isn't needed,
let the dnf internals figure out what is needed to be done.
This is more in line with what dnf cli does.
* "already installed" in Exception (if it is even a thing) should be
caught by special exceptions like MarkingError or CompsError. This
appears to be a historic check that is no longer needed.
Supersedes: #83295
Currently we match the load name, which can be an fqcn, but most users expect the 'naked' name
Now plugins can declare that name by setting _extras_prefix property or fallback to 'non fqcn' if no extras prefix
* ssh and psrp - Support more complex chars in fetch_file
Fixes the psrp and ssh (with piped) fetch function to work with paths
that contains glob like characters in the path. For Windows this was
needed when using paths that contain `[]` in the path. For ssh this was
a problem with FreeBSD when using the piped transfer method with similar
characters.
Also tidies up the psrp logic to not inject the paths and buffer size
in the script but pass it as an object through an argument/parameter.
* Fix sanity check
Ensure we force mtime/atime update when using copystat
Co-authored-by: Sloane Hertel <19572925+s-hertel@users.noreply.github.com>
Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
* fix creating file in directory with setgid bit
* add a test using the copy module's content option to create a file in a directory with setgid bit
Co-authored-by: Martin Krizek <martin.krizek@gmail.com>
* Enable validation of subkeys in rpm key module
A gpg subkey may change while the primary key remains the same. Due to
this behavior, there are situations where validation of the primary gpg
key fingerprint is not sufficient because the desired target is actually
the gpg subkey. This change allows the user to validate against either
the fingerprint of the primary gpg key or its subkey.
Signed-off-by: Kellin <kellin@retromud.org>
* Improve tests, add multi-fingerprint
- Improve tests to cover all cases
- add multi fingerprint validation
Signed-off-by: Kellin <kellin@retromud.org>
add caplevel to display to pass through
also reverse dict order as 'last update wins'
added tests ... and also log severity to log
Co-authored-by: Sloane Hertel <19572925+s-hertel@users.noreply.github.com>
* winrm - quota retry handling
Add a retry attempt when receiving ERROR_WSMAN_QUOTA_MAX_OPERATIONS when
starting a command. This can occur when running a loop with multiple
iterations or an action plugin that runs multiple commands.
* Update pywinrm constraint for test
* Add verbose hint and mark test as destructive
Removes the docs for the environment keyword in the shell base plugins
as they are a no-op in the plugins themselves. The environment value is
provided by the action base which gets it from the action base on the
task.environment value. This should avoid confusion around how its being
set and removes some code that is not used at all.
While upgrade process removes a package, module should
report changed=True instead of changed=False
Fixes: #46314
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* lift code that normalizes value type for boolean vtype to cover both
branches of conditional.
* remove obsolete and incomplete conversion of type in set_selection.
Fixes: #83594
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
Previous change overlooked 'uncommenting' the variable entry as a way to update this to keep the functionality.
Co-authored-by: Glandos <bugs-github@antipoul.fr>
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
Using this dictionary to store the return values results in
the return values showing up in the returned
`invocation['module_args']`, which is confusing. It also causes all
module arguments to be returned, which is preserved by this change but
should ideally be removed in the future.
* Reject option/alias names equal up to casing belonging to different options.
* Update test/lib/ansible_test/_util/controller/sanity/validate-modules/validate_modules/main.py
Co-authored-by: Sloane Hertel <19572925+s-hertel@users.noreply.github.com>
previouslly we recorded but did not show to avoid spam
since we could not dedup from forks, that was already
fixed in another PR so now we can show/display them.
Also:
* funcitonalize deprecation msg construct from docs
* reuse formatting func in cli
* normalize alternatives: most of the code used intended plural
but some and most data/tests used the singular
* update schemas and tests
Co-authored-by: Matt Davis <6775756+nitzmahone@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
Previously, `support_discard` simply returned the value of
`/sys/block/{device}/queue/discard_granularity`. When its value is `0`, then
the block device doesn't support discards; _however_, it being greater than
zero doesn't necessarily mean that the block device _does_ support discards.
But another indication that a block device doesn't support discards is
`/sys/block/{device}/queue/discard_max_hw_bytes` being equal to `0` (with the
same caveat as above). So if either of those are `0`, set `support_discard` to
zero, otherwise set it to the value of `discard_granularity` for backwards
compatibility.
Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>
* Enable Ubuntu 24.04 group 6 in CI
* Disable rootfull Podman on Ubuntu
* Disable unix-chkpwd AppArmor profile on Ubuntu for Fedora 40 tests
* Document AppArmor and rootfull issues
Previously, if the checksum of the downloaded file did not match the
specified checksum, the *destination* file was removed. This possibly
leaves the system that is being provisioned in an invalid state.
Instead, the checksum should be calculated on the temporary file only.
If there's a mismatch, delete the *temporary* file, not the destination
file.
This requires checking the checksum before moving the file.
When vault password file env variable is set to blank,
this value is converted to CWD and passed for further
processing.
Check if ANSIBLE_VAULT_PASSWORD_FILE is not a directory.
Fixes: #42960
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Felix Fontein