On OpenBSD, 13 asterisk characters as a password hash, marks the
account as disabled. Otherwise daily(8) script which executes
security(8) will email operator about not properly locked accounts.
Before the diff, we see following warning:
> [WARNING]: The input password appears not to have been hashed. The 'password' argument must be encrypted for this module to work properly.
After the diff, warning is gone..
(cherry picked from commit 1dea661ce8)
Co-authored-by: kucharskim <mikolaj@kucharski.name>
* Make sure postgresql tests are run for all postgres_* modules (#61647)
(cherry picked from commit 4d057e0331)
* Make sure postgresql tests are run for all postgres_* modules (#61647), remove non-existent
This should be ansible_connection, not connection_type. We can also
update local testing logic.
Remove nxos_install_os/tasks/network_local.yaml as it is nolonger used.
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
(cherry picked from commit 9e1b19e364)
* Backport to stable-2.8: Fix#56640: Map k8s ansible keys to api keys (#57418)
* Fix#56643: Map ansible keys to api keys
* Remove errant print line
* Fix pep8 issue
* Fix doc line
* Added test for validate_certs -> verify_ssl translation for k8s module
(cherry picked from commit 6e94b472e8)
* Removed proxy from AUTH_ARG_MAP and added fragment for backport
* Rename backport-57418.yaml to 60683-backport-57418.yaml
* Update 60683-backport-57418.yaml
* fix: docker_swarm_service does not publish both tcp and udp ports for same published port
* fix the linting problems and add the changelog fragment.
* add test
* modify test to ensure result rather than return value
(cherry picked from commit 064cd63f3d)
* [stable-2.8] Fix sanity tests based on newer version of shellcheck (#60423)
- change egrep to grep -E
- store exit codes and check them directly
- ignore SC1091.
(cherry picked from commit c485a1b91e)
Co-authored-by: Sam Doran <sdoran@redhat.com>
* Fix sanity test
- Split the key validation to separate private and public.
- In case public key does not exist, recreate it.
- Validate comment of the key.
- In case comment changed, update the private and public keys.
(cherry picked from commit 27e414200f)
* Move plugin loader playbook dir additions back to Playbook instead of PlaybookCLI. Fixes#59548
* Restore cli additions
(cherry picked from commit 923e218)
Co-authored-by: Matt Martz <matt@sivel.net>
When targeting 'foo*' in tests, it pulled in packages other than the dummy packages in our testing repo that have many dependencies, some of which were causing tests to fail.
Also change 'bar' package name to avoid the same issue in the future.
(cherry picked from commit 47796af64f)
Co-authored-by: Sam Doran <sdoran@redhat.com>
Only error out if the gid exists with a different group name as
otherwise it will error out if the group with this gid already
exists, like on a rerun of the playbook. This fixes a regression
introduced by 4898b0a4a298448677c2aee2a03157ba5b662759.(cherry picked from commit f94772f807)
* cosmetic: Remove useless call to ec2_argument_spec()
* aws_s3: Improve ETag handling
* Extract ETag calculation into a utility function for reuse by
aws_s3_sync.
* Reduce code duplication in put/get by restructuring the logic
* Only calculate ETag when overwrite == different
* Fail gracefully when overwrite == different and MD5 isn't available
(e.g. due to FIPS-140-2).
* aws_s3: clean up integration tests
Clean up tests, add tests for overwrite settings in both directions.
(cherry picked from commit c513c1e2d3)
If the 'local' parameter of the 'user' Ansible module is enabled, and
the user has been found in the local user database, don't emit
a warning, because this is an expected outcome.
Add changelog and integration tests
Co-authored-by: drybed <drybjed@gmail.com>
(cherry picked from commit 75be309242)
Co-authored-by: Maciej Delmanowski <drybjed@drybjed.net>
A recent update to lxml for Python >= 3.6 now preserves key order. Change the test input so the input is sorted, making tests pass on previous versions of lxml as well as the latest version.
(cherry picked from commit 19299f3310)
Co-authored-by: Sam Doran <sdoran@redhat.com>
* consul_session: Python 2.6 is always required on managed node
* consul_session: document all types
* consul_session: add doc for 'id' parameter
* consul_session: improve parameter descriptions
- use formatting functions in descriptions
- 'name' parameter is required when state=node
* consul_session: use required_if
* consul_session: add integration tests
* consul_session: use 'retry' with network dependent tasks
* Use ansible-ci-files bucket for consul binaries
Co-Authored-By: Matt Clay <matt@mystile.com>
(cherry picked from commit 5f8080aaa0)
* add a changelog fragment
Previously if `sysctl_set=no` (which is the default) this module only
checked for changes in the sysctl.conf file to decide whether it should
reload it or not. This means that if the values in the conf file are the
same as they are set with the module, but the current values on the
system are different, that this module wouldn't apply the changes on the
system and thus the value set with the module wouldn't be applied on the
OS. This isn't obvious and it doesn't make sense that the module works
like that by default, especially because there is a separate option
`reload`. Now sysctl will also check if the current value differs on the
system and if it does, it will reload the file again.
(cherry picked from commit 5fc769f6b1)
* Clear 'connection related' plugin vars for next loop iteration (#59024)
Fixes#58876
(cherry picked from commit a752e2a467)
* Preserve original variables when using a loop (#59426)
Fixes#59414
(cherry picked from commit 1010363c0b)
* Mark Docker tests unstable
- docker_swarm is unstable on RHEL 8
- docker_container is unstable on RHEL 7
* Disable docker_container test.
(cherry picked from commit 67c69f3)
Co-authored-by: Sam Doran <sdoran@redhat.com>
* [stable-2.8] Omit -A and -G options in local mode since luseradd does not support these (#55401)
Add integration tests
(cherry picked from commit 20ad120829)
Co-authored-by: Sam Doran <sdoran@redhat.com>
* User - make groups and append mutually exclusive with local (#59309)
* Update intigration tests
(cherry picked from commit 8edad83ae0)
vmware_guest accepts 0MB as valid value for memory reservation in
virtual machine hardware configuration. This fixes the regression
introduced via 193f69064f.
Fixes: #59190
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 1f49abb51c)
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* tower_role: ensure alias of validate_certs is handled
* tower modules: remove tower_verify_ssl alias too
Error was:
Failed to update role: The Tower server claims it was sent a bad request.
GET https://tower/api/v2/projects/22/object_roles/
Params: [('tower_verify_ssl', False), ('role_field', 'admin_role')]
Data: None
Response: {"detail": "Role has no field named 'tower_verify_ssl'"}
Full traceback:
File "/tmp/ansible_tower_role_payload_7_2p0X/__main__.py", line 145, in main
result = role.grant(**params)
File "/usr/local/lib/python2.7/dist-packages/tower_cli/resources/role.py", line 365, in grant
return self.role_write(fail_on_found=fail_on_found, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/tower_cli/resources/role.py", line 242, in role_write
fail_on_multiple_results=True, **data)
File "/usr/local/lib/python2.7/dist-packages/tower_cli/models/base.py", line 301, in read
r = client.get(url, params=params)
File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 546, in get
return self.request('GET', url, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/tower_cli/api.py", line 299, in request
kwargs.get('data', None), r.content.decode('utf8'))
(cherry picked from commit 77e01e6abc)
- use include_vars to set appropriate packages and pip packages per distribution and version
- install an older version of Docker CE on RHEL 8 since a dependency is unavailable
- disable warnings on tasks that are ok
- skip tests for CentOS/RHEL 6
(cherry picked from commit d50c8c2b83)
Co-authored-by: Sam Doran <sdoran@redhat.com>
- use single include_vars task rather than multiple set_fact tasks
- use multi-line YAML to break up long conditionals
- use version() test rather than direct comparisions
- use different appstream package on RHEL since '@swig:3.0/default' is not working in the GA
(cherry picked from commit 16d6fcf514)
Co-authored-by: Sam Doran <sdoran@redhat.com>
* yum: take care of stale/invalid yum.pid (#58457)
* yum: take care of stale/invalid yum.pid
* Add changelog
(cherry picked from commit 5064e67d37)
* yum: check whether the lock file disappeared (#58581)
(cherry picked from commit b0f38931b0)
* Changing LBName used by same task inside azure_rm_loadbalancer (#58936)
fixes#58933
(cherry picked from commit 00d7aed56b)
* Backporting #58933 to stable-2.8
kucharskim