=================================== Ansible 2.5 "Kashmir" Release Notes =================================== v2.5.0b2 ======== Release Summary --------------- | Release Date: 2018-02-15 | Estimated Final Release: mid-March 2018 | `Porting Guide `_ Major Changes ------------- - New simpler and more intuitive 'loop' keyword for task loops. The ``with_`` loops will likely be deprecated in the near future and eventually removed. - Added fact namespacing, from now on facts will be available under ``ansible_facts`` namespace (i.e. ``ansible_facts.os_distribution``) w/o the ``ansible_`` prefix. They will continue to be added into the main namespace directly, but now with a configuration toggle to enable this, currently on by default, in the future it will be off. - Added a configuration file to filter modules that a site administrator wants to exclude from being used. Minor Changes ------------- - Added a few new magic vars corresponding to configuration/command line options: ``ansible_diff_mode``, ``ansible_inventory_sources``, ``ansible_limit``, ``ansible_run_tags`` , ``ansible_forks`` and ``ansible_skip_tags`` - Updated the bundled copy of the six library to 1.11.0 - Added support to ``become`` ``NT AUTHORITY\System``, ``NT AUTHORITY\LocalService``, and ``NT AUTHORITY\NetworkService`` on Windows hosts - Fixed ``become`` to work with async on Windows hosts - Improved ``become`` elevation process to work on standard Administrator users without disabling UAC on Windows hosts - The jenkins\_plugin and yum\_repository plugins had their ``params`` option removed due to circumventing Ansible's option processing. - combine filter now accepts a list of dicts as well as dicts directly - New CLI options for ansible-inventory, ansible-console and ansible to allow specifying a playbook\_dir to be used for relative search paths. - ``stat`` and ``win_stat`` have changed the default value of ``get_md5`` to ``False`` which will result in the ``md5`` return value not being returned. This option will be removed altogether in Ansible 2.9. use ``get_checksum: True`` with ``checksum_algorithm: md5`` to return an md5 hash of the file under the ``checksum`` return value. - ``osx_say`` module was renamed into ``say``. - Task debugger functionality was moved into ``StrategyBase``, and extended to allow explicit invocation from use of the ``debugger`` keyword. The ``debug`` strategy is still functional, and is now just a trigger to enable this functionality - Reorganized the documentation into distinct guides for different target audiences. - The ANSIBLE\_REMOTE\_TMP environment variable has been added to supplement (and override) ANSIBLE\_REMOTE\_TEMP. This matches with the spelling of the config value. ANSIBLE\_REMOTE\_TEMP will be deprecated in the future. Deprecated Features ------------------- - Previously deprecated 'hostfile' config settings have been 're-deprecated' as previously code did not warn about deprecated configuration settings. - Using Ansible provided Jinja tests as filters is deprecated and will be removed in Ansible 2.9 - ``stat`` and ``win_stat`` have deprecated ``get_md5`` and the ``md5`` return value and these options will become undocumented in Ansible 2.9 and removed in a later version. - The ``redis_kv`` lookup in favor of new ``redis`` lookup - Passing arbitrary parameters that begin with ``HEADER_`` to the uri module, used for passing http headers, is deprecated. Use the ``headers`` parameter with a dictionary of header names to value instead. This will be removed in Ansible-2.9 - Passing arbitrary parameters to the zfs module to set zfs properties is deprecated. Use the ``extra_zfs_properties`` parameter with a dictionary of property names to values instead. This will be removed in Ansible-2.9. - Use of the AnsibleModule parameter, check\_invalid\_arguments, in custom modules is deprecated. In the future, all parameters will be checked to see whether they are listed in the arg spec and an error raised if they are not listed. This behaviour is the current and future default so most custom modules can simply remove check\_invalid\_arguments if they set it to the default of True. check\_invalid\_arguments will be removed in Ansible-2.9. - nxos\_ip\_interface module is deprecated in Ansible 2.5. Use nxos\_l3\_interface module instead. - nxos\_portchannel module is deprecated in Ansible 2.5. Use nxos\_linkagg module instead. - nxos\_switchport module is deprecated in Ansible 2.5. Use nxos\_l2\_interface module instead. - ec2\_ami\_find has been deprecated, use ec2\_ami\_facts. - panos\_security\_policy: Use panos\_security\_rule - the old module uses deprecated API calls - vsphere\_guest is deprecated in Ansible 2.5 and will be removed in Ansible-2.9. Use vmware\_guest module instead. Removed Features (previously deprecated) ---------------------------------------- - accelerate. - boundary\_meter: There was no deprecation period for this but the hosted service it relied on has gone away so the module has been removed. `#29387 `__ - cl\_ : cl\_interface, cl\_interface\_policy, cl\_bridge, cl\_img\_install, cl\_ports, cl\_license, cl\_bond. Use ``nclu`` instead - docker, use docker\_container and docker\_image instead. - ec2\_vpc. - ec2\_ami\_search, use ec2\_ami\_facts instead. - nxos\_mtu, use nxos\_system's ``system_mtu`` option. To specify an interface's MTU use nxos\_interface. - panos\_nat\_policy: Use panos\_nat\_rule the old module uses deprecated API calls New Lookup Plugins ------------------ - aws\_account\_attribute: Query AWS account attributes such as EC2-Classic availability - aws\_service\_ip\_ranges: Query AWS IP ranges for services such as EC2/S3 - aws\_ssm: Query AWS ssm data - config: Lookup Ansible settings - conjur\_variable: Fetch credentials from CyberArk Conjur - k8s: Query the K8s API - nios: Query Infoblox NIOS objects - openshift: Return info from Openshift installation - redis: look up date from Redis DB, deprecates the redis\_kv one. New Callback Plugins -------------------- - null - unixy - yaml New Connection Plugins ---------------------- - kubectl - oc - netconf - network\_cli - While neither network\_cli nor netconf are technically new plugins, these connections may now be used directly with network modules. See `Network Best Practices for Ansible 2.5 `__ for more details. New Filter Plugins ------------------ - parse\_xml New Modules ----------- - Cloud (amazon) - aws\_acm\_facts - aws\_application\_scaling\_policy - aws\_az\_facts - aws\_batch\_compute\_environment - aws\_batch\_job\_definition - aws\_batch\_job\_queue - aws\_direct\_connect\_gateway - aws\_direct\_connect\_virtual\_interface - aws\_elasticbeanstalk\_app - aws\_kms\_facts - aws\_region\_facts - aws\_s3\_cors - aws\_ses\_identity - aws\_ssm\_parameter\_store - aws\_waf\_condition - aws\_waf\_rule - aws\_waf\_web\_acl - cloudfront\_distribution - cloudfront\_invalidation - cloudfront\_origin\_access\_identity - cloudwatchlogs\_log\_group - cloudwatchlogs\_log\_group\_facts - ec2\_ami\_facts - ec2\_asg\_lifecycle\_hook - ec2\_customer\_gateway\_facts - ec2\_instance - ec2\_placement\_group - ec2\_placement\_group\_facts - ec2\_vpc\_egress\_igw - ecs\_taskdefinition\_facts - elasticache\_facts - elb\_target - iam\_role\_facts - iam\_user - Cloud (azure) - azure\_rm\_containerinstance - azure\_rm\_containerregistry - azure\_rm\_image - azure\_rm\_keyvault - azure\_rm\_keyvaultkey - azure\_rm\_keyvaultsecret - azure\_rm\_mysqldatabase - azure\_rm\_mysqlserve - azure\_rm\_postgresqldatabase - azure\_rm\_postgresqlserver - azure\_rm\_sqldatabase - azure\_rm\_sqlserver - azure\_rm\_sqlserver\_facts - Cloud (cloudstack) - cs\_network\_offering - cs\_service\_offering - cs\_vpc\_offering - cs\_vpn\_connection - cs\_vpn\_customer\_gateway - Cloud (digital\_ocean) - digital\_ocean\_certificate - digital\_ocean\_floating\_ip\_facts - digital\_ocean\_sshkey\_facts - Cloud (google) - gcp\_dns\_managed\_zone - Cloud (misc) - cloudscale\_floating\_ip - spotinst\_aws\_elastigroup - terraform - Cloud (oneandone) - oneandone\_firewall\_policy - oneandone\_load\_balancer - oneandone\_monitoring\_policy - oneandone\_private\_network - oneandone\_public\_ip - oneandone\_server - Cloud (openstack) - os\_keystone\_endpoint - os\_project\_access - Cloud (ovirt) - ovirt\_api\_facts - ovirt\_disk\_facts - Cloud (vmware) - vcenter\_folder - vmware\_cfg\_backup - vmware\_datastore\_facts - vmware\_drs\_rule\_facts - vmware\_guest\_file\_operation - vmware\_guest\_powerstate - vmware\_host\_acceptance - vmware\_host\_config\_facts - vmware\_host\_config\_manager - vmware\_host\_datastore - vmware\_host\_dns\_facts - vmware\_host\_facts - vmware\_host\_firewall\_facts - vmware\_host\_firewall\_manager - vmware\_host\_lockdown - vmware\_host\_ntp - vmware\_host\_package\_facts - vmware\_host\_service\_facts - vmware\_host\_service\_manager - vmware\_host\_vmnic\_facts - vmware\_local\_role\_manager - vmware\_vm\_vm\_drs\_rule - vmware\_vmkernel\_facts - Cloud (vultr) - vr\_account\_facts - vr\_dns\_domain - vr\_dns\_record - vr\_firewall\_group - vr\_firewall\_rule - vr\_server - vr\_ssh\_key - vr\_startup\_script - vr\_user - Clustering - etcd3 - k8s - k8s\_raw - k8s\_scale - openshift - openshift\_raw - openshift\_scale - Crypto - openssl\_dhparam - Database - influxdb - influxdb\_query - influxdb\_user - influxdb\_write - Identity - ipa - ipa\_dnszone - ipa\_service - ipa\_subca - keycloak - keycloak\_client - keycloak\_clienttemplate - Monitoring - grafana\_dashboard - grafana\_datasource - grafana\_plugin - icinga2\_host - zabbix - zabbix\_proxy - zabbix\_template - Net Tools - ip\_netns - nios - nios\_dns\_view - nios\_host\_record - nios\_network - nios\_network\_view - nios\_zone - Network (aci) - aci\_aaa\_user - aci\_aaa\_user\_certificate - aci\_access\_port\_to\_interface\_policy\_leaf\_profile - aci\_aep\_to\_domain - aci\_domain - aci\_domain\_to\_encap\_pool - aci\_domain\_to\_vlan\_pool - aci\_encap\_pool - aci\_encap\_pool\_range - aci\_fabric\_node - aci\_firmware\_source - aci\_interface\_policy\_leaf\_policy\_group - aci\_interface\_policy\_leaf\_profile - aci\_interface\_selector\_to\_switch\_policy\_leaf\_profile - aci\_static\_binding\_to\_epg - aci\_switch\_leaf\_selector - aci\_switch\_policy\_leaf\_profile - aci\_switch\_policy\_vpc\_protection\_group - aci\_vlan\_pool - aci\_vlan\_pool\_encap\_block - Network (avi) - avi\_api\_version - avi\_clusterclouddetails - avi\_customipamdnsprofile - avi\_errorpagebody - avi\_errorpageprofile - avi\_gslbservice\_patch\_member - avi\_wafpolicy - avi\_wafprofile - Network (dimension data) - dimensiondata\_vlan - Network (edgeos) - edgeos\_command - edgeos\_config - edgeos\_facts - Network (enos) - enos\_command - enos\_config - enos\_facts - Network (eos) - eos\_interface - eos\_l2\_interface - eos\_l3\_interface - eos\_linkagg - eos\_lldp - eos\_static\_route - Network (f5) - bigip\_asm\_policy - bigip\_device\_connectivity - bigip\_device\_group - bigip\_device\_group\_member - bigip\_device\_httpd - bigip\_device\_trust - bigip\_gtm\_server - bigip\_iapplx\_package - bigip\_monitor\_http - bigip\_monitor\_https - bigip\_monitor\_snmp\_dca - bigip\_monitor\_udp - bigip\_partition - bigip\_policy - bigip\_policy\_rule - bigip\_profile\_client\_ssl - bigip\_remote\_syslog - bigip\_security\_address\_list - bigip\_security\_port\_list - bigip\_software\_update - bigip\_ssl\_key - bigip\_static\_route - bigip\_traffic\_group - bigip\_ucs\_fetch - bigip\_vcmp\_guest - bigip\_wait - bigiq\_regkey\_license - bigiq\_regkey\_pool - Network (fortimanager) - fmgr\_script - Network (ios) - ios\_l2\_interface - ios\_l3\_interface - ios\_linkagg - ios\_lldp - ios\_vlan - Network (iosxr) - iosxr\_netconf - Network (ironware) - ironware\_command - ironware\_config - ironware\_facts - Network (junos) - junos\_l2\_interface - junos\_scp - Network (netact) - netact\_cm\_command - Network (netscaler) - netscaler\_nitro\_request - Network (nso) - nso\_action - nso\_config - nso\_query - nso\_show - nso\_verify - Network (nxos) - nxos\_l2\_interface - nxos\_l3\_interface - nxos\_linkagg - nxos\_lldp - Network (onyx) - onyx\_bgp - onyx\_command - onyx\_config - onyx\_facts - onyx\_interface - onyx\_l2\_interface - onyx\_l3\_interface - onyx\_linkagg - onyx\_lldp - onyx\_lldp\_interface - onyx\_magp - onyx\_mlag\_ipl - onyx\_mlag\_vip - onyx\_ospf - onyx\_pfc\_interface - onyx\_protocol - onyx\_vlan - Network (panos) - panos\_dag\_tags - panos\_match\_rule - panos\_op - panos\_query\_rules - Network (radware) - vdirect\_commit - vdirect\_runnable - Network (vyos) - vyos\_vlan - Notification - logentries\_msg - say - snow\_record - Packaging - os - package\_facts - rhsm\_repository - Remote Management (manageiq) - manageiq\_alert\_profiles - manageiq\_alerts - manageiq\_policies - manageiq\_tags - Remote Management (oneview) - oneview\_datacenter\_facts - oneview\_enclosure\_facts - oneview\_logical\_interconnect\_group - oneview\_logical\_interconnect\_group\_facts - oneview\_san\_manager\_facts - Remote Management (ucs) - ucs\_ip\_pool - ucs\_lan\_connectivity - ucs\_mac\_pool - ucs\_san\_connectivity - ucs\_vhba\_template - ucs\_vlans - ucs\_vnic\_template - ucs\_vsans - ucs\_wwn\_pool - System - mksysb - nosh - service\_facts - vdo - Web Infrastructure - jenkins\_job\_facts - Windows - win\_audit\_policy\_system - win\_audit\_rule - win\_certificate\_store - win\_disk\_facts - win\_product\_facts - win\_scheduled\_task\_stat - win\_whoami Bugfixes -------- - azure_rm modules - internal changes to use API profiles and kwargs for future Azure Stack support and better stability between SDK updates. (https://github.com/ansible/ansible/pull/35538) - fix memory bloat on nested includes by preventing blocks from self-parenting (https://github.com/ansible/ansible/pull/36075) - ensure displayed messages under peristent connections are returned to the controller (https://github.com/ansible/ansible/pull/36064) - eos_vrf and eos_eapi - fix vrf parsing (https://github.com/ansible/ansible/pull/35791) - interface_file - accept interfaces without address family or method (https://github.com/ansible/ansible/pull/34200) - lineinfile - fix insertion if pattern already exists (https://github.com/ansible/ansible/pull/33393) - nxos_evpn_vni - fixed a number of issues (https://github.com/ansible/ansible/pull/35930) - nxos_igmp_interface - fix response handling for different nxos versions (https://github.com/ansible/ansible/pull/35959) - nxos_interface_ospf - various bugfixes (https://github.com/ansible/ansible/pull/35988) - openshift modules - update to client version 0.4.0 (https://github.com/ansible/ansible/pull/35127) - fix templating issues in loop_control (https://github.com/ansible/ansible/pull/36124) - ansible-config - fix traceback when no config file is present (https://github.com/ansible/ansible/issues/35965) - misc fixes to Linux virtualization facts (https://github.com/ansible/ansible/issues/36038) - fix failure when remote_tmp is a subdir of a system tempdir (https://github.com/ansible/ansible/pull/36143) - ios_ping - allow for count > 70 (https://github.com/ansible/ansible/pull/36142) - vmware_guest_snapshot - always check for root snapshot (https://github.com/ansible/ansible/pull/36001) - vyos - fixes to check mode support (https://github.com/ansible/ansible/pull/35977) - vyos_l3_interface - add support for localhost (https://github.com/ansible/ansible/pull/36141) - win_domain_controller - only specify ReadOnlyReplica when necessary (https://github.com/ansible/ansible/pull/36017) - win_updates - fix regresion with string category names(https://github.com/ansible/ansible/pull/36015) - win_uri - fixed issues with the creates and removes options (https://github.com/ansible/ansible/pull/36016)