You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
ansible/changelogs/CHANGELOG-v2.3.rst

582 lines
18 KiB
ReStructuredText

=====================================
Ansible 2.3 "Ramble On" Release Notes
=====================================
2.3.4 "Ramble On" - TBD
-----------------------
- Flush stdin when passing the become password. Fixes some cases of
timeout on Python3 with the ssh connection plugin:
https://github.com/ansible/ansible/pull/35049
Bugfixes
~~~~~~~~
- Fix setting of environment in a task that uses a loop:
https://github.com/ansible/ansible/issues/32685
- Fix https retrieval with TLSv1.2:
https://github.com/ansible/ansible/pull/32053
2.3.3 "Ramble On" - TBD
-----------------------
Bugfixes
~~~~~~~~
- Security fix for CVE-2017-7550 the jenkins\_plugin module was logging
the jenkins server password if the url\_password was passed via the
params field: https://github.com/ansible/ansible/pull/30875
- Fix alternatives module handlling of non existing options
- Fix synchronize traceback with the docker connection plugin
- Do not escape backslashes in the template lookup plugin to mirror
what the template module does
- Fix the expires option of the postgresq\_user module
- Fix for win\_acl when settings permissions on registry objects that
use ``ALL APPLICATION PACKAGES`` and
``ALL RESTRICTED APPLICATION PACKAGES``
- Python3 fixes
- asorted azure modules
- pause module
- hacking/env-setup script
- Fix traceback when checking for passwords in logged strings when
logging executed commands.
- docker\_login module
- Workaround python-libselinux API change in the seboolean module
- digital\_ocean\_tag module
- Fix the zip filter
- Fix user module combining bytes and text
- Fix for security groups in the amazon efs module
- Fix for the jail connection plugin not finding the named jail
- Fix for blockinfile's parameters insertbefore and insertafter
- ios\_config: Fix traceback when the efaults parameter is not set
- iosxr\_config: Fixed unicode error when UTF-8 characters are in
configs
- Fix check mode in archive module
- Fix UnboundLocalError in check mode in cs\_role module
- Fix to always use lowercase hostnames for host keys in known\_hosts
module
- Added missing return results for win\_stat
- Fix rabbitmq modules to give a helpful error if requests is not
installed
- Fix yum module not deleting rpms that it downloaded
- Fix yum module failing with a URL to an rpm
- Fix file module inappropriately expanding literal dollar signs in a
path read from the filesystem as an environment variable.
- Fix the ssh "smart" transport setting which automatically selects the
best means of transferring files over ssh (sftp, ssh, piped).
- Fix authentication by api\_key parameter in exoscale modules.
- vmware module\_utils shared code ssl/validate\_certs fixes in
connection logic
- allow 'bridge' facts to work for certain containers that create
conflicting ones with connection plugins
- Fix for win\_get\_url to use TLS 1.2/1.1 if it is available on the
host
- Fix for the filetree lookup with non-ascii group names
- Better message for invalid keywords/options in task due to undefined
expressions
- Fixed check mode for enable on Solaris for service module
- Fix cloudtrail module to allow AWS profiles other than the default
- Fix an encoding issue with secret (password) vars\_prompts
- Fix for Windows become to show the stdout and stderr strings on a
failure
- Fix the issue SSL verification can not be disabled for Tower modules
- Use safe\_load instead on load to read a yaml document
- Fix for win\_file to respect check mode when deleting directories
- Include\_role now complains about invalid arguments
- Added socket conditions to ignore for wait\_for, no need to error for
closing already closed connection
- Updated hostname module to work on newer RHEL7 releases
- Security fix to avoid provider password leaking in logs for network
modules
\* Python3 fixes for azure modules
2.3.2 "Ramble On" - 2017-08-04
------------------------------
Bugfixes
~~~~~~~~
- Fix partend i18n issues
- fixed handling of extra vars for tower\_job\_template (#25272)
- Python3 bugfixes
- Fix sorting of ec2 policies
- Fix digital\_ocean dynamic inventory script
- Fix for the docker connection plugin
- Fix pip module when using python3's pyvenv and python3 -m venv to
create virtualenvs
- Fix for the AnsiBallZ wrapper so that it gives a better error message
when there's not enough disk space to create its tempdir.
- Fix so ansilbe-galaxy install --force with unversioned roles will
once again overwrite old versions.
- Fix for RabbitMQ 3.6.7 endpoint return code changing.
- Fix for Foreman organization creation
- fixed incorrect fail\_json ref in rpm\_key
- Corrected requried on hash\_name for dynamodb\_table
- Fix for fetch action plugin not validating correctly
- Avoid vault view writing display to logs
- htpasswd: fix passlib module version comparison
- Fix for flowdock error message when external\_user\_name is missing
- fixed corner case for delegate\_to, loops and delegate\_facts
- fixed wait\_for python2.4/2.5 compatibility (this is last version
this is needed)
- fix for adhoc not obeying callback options
- fix for win\_find where it fails to recursively scan empty nested
directories
- fix non-pipelined code paths for Windows (eg,
ANSIBLE\_KEEP\_REMOTE\_FILES, non-pipelined connection plugins)
- fix for win\_updates where args and check mode were ignored due to
common code change
- fix for unprivileged users to Windows runas become method
- fix starttls code path for mail module
- fix missing LC\_TYPE in parted module
- fix CN parsing with OpenSSL 1.1 in letsencrypt module
- fix params assignment in jabber module
- fix TXT record type handling in exo\_dns\_record module
- fix message queue message ttl can't be 0 in rabbitmq\_queue module
- CloudStack bugfixes:
- fix template upload for users in cs\_template module, change default
to is\_routing=None
- several fixes in cs\_host module fixes hypervisor handling
- fix network param ignored due typo in cs\_nic module
- fix missing type bool in module cs\_zone
- fix KeyError: 'sshkeypair' in cs\_instance module for CloudStack v4.5
and before
- fix for win\_chocolatey where trying to upgrade all the packages as
per the example docs fails
- fix for win\_chocolatey where it did not fail if the version set did
not exist
- fix for win\_regedit always changing a reg key if the dword values
set is a hex
- fix for wait\_for on non-Linux systems with newer versions of psutil
- fix eos\_banner code and test issues
- run tearup and teardown of EAPI service only on EAPI tests
- fix eos\_config tests so only Eth1 and Eth2 are used
- Fix for potential bug when using legacy inventory vars for
configuring the su password.
- Fix crash in file module when directories contain non-utf8 filenames
- Fix for dnf groupinstall with dnf-2.x
- Fix seboolean module for incompatibility in newer Python3 selinux
bindings
- Optimization for inventory, no need to dedup at every stage, its
redundant and slow
- Fix fact gathering for package and service action plugins
- make random\_choice more error resilient (#27380)
- ensure prefix in plugin loading to avoid conflicts
- fix for a small number of modules (tempfile, possibly copy) which
could fail if the tempdir on the remote box was a symlink
- fix non-pipelined code paths for Windows (eg,
ANSIBLE\_KEEP\_REMOTE\_FILES, non-pipelined connection plugins)
- fix for win\_updates where args and check mode were ignored due to
common code change
2.3.1 "Ramble On" - 2017-06-01
------------------------------
Bugfixes
~~~~~~~~
- Security fix for CVE-2017-7481 - data for lookup plugins used as
variables was not being correctly marked as "unsafe".
- Fix default value of fetch module's validate\_checksum to be True
- Added fix for "meta: refresh\_connection" not working with default
'smart' connection.
- Fix template so that the --diff command line option works when the
destination is a directory
- Fix python3 bugs in pam\_limits
- Fix unbound error when using module deprecation as a single string
- Several places in which error handling was broken due to bad
conversions or just typos
- Fix to user module for appending/setting groups on OpenBSD (flags
were reversed)
- assemble fix to use safer os.join.path, avoids charset issues
- fixed issue with solaris facts and i18n
- added python2.4 compatiblity fix to sysctl module
- Fix comparison of exisiting container security opts in the
docker\_container module
- fixed service module invocation of insserv on certain platforms
- Fix traceback in os\_user in an error case.
- Fix docker container to restart a container when changing to fewer
exposed ports
- Fix tracebacks in docker\_network
- Fixes to detection of updated docker images
- Handle detection of docker image changes when published ports is
changed
- Fix for docker\_container restarting images when links list is empty.
2.3 "Ramble On" - 2017-04-12
----------------------------
Moving to Ansible 2.3 guide
http://docs.ansible.com/ansible/porting\_guide\_2.3.html
Major Changes
~~~~~~~~~~~~~
- Documented and renamed the previously released 'single var vaulting'
feature, allowing user to use vault encryption for single variables
in a normal YAML vars file.
- Allow module\_utils for custom modules to be placed in site-specific
directories and shipped in roles
- On platforms that support it, use more modern system polling API
instead of select in the ssh connection plugin. This removes one
limitation on how many parallel forks are feasible on these systems.
- Windows/WinRM supports (experimental) become method "runas" to run
modules and scripts as a different user, and to transparently access
network resources.
- The WinRM connection plugin now uses pipelining when executing
modules, resulting in significantly faster execution for small tasks.
- The WinRM connection plugin can now manage Kerberos tickets
automatically when ``ansible_winrm_transport=kerberos`` and
``ansible_user``/``ansible_password`` are specified.
- Refactored/standardized most Windows modules, adding check-mode and
diff support where possible.
- Extended Windows module API with parameter-type support, helper
functions. (i.e. Expand-Environment, Add-Warning,
Add-DeprecatationWarning)
- restructured how async works to allow it to apply to action plugins
that choose to support it.
Minor Changes
~~~~~~~~~~~~~
- The version and release facts for OpenBSD hosts were reversed. This
has been changed so that version has the numeric portion and release
has the name of the release.
- removed 'package' from default squash actions as not all package
managers support it and it creates errors when using loops, any user
can add back via config options if they don't use those package
managers or otherwise avoid the errors.
- Blocks can now have a ``name`` field, to aid in playbook readability.
- default strategy is now configurable via ansible.cfg or environment
variable.
- Added 'ansible\_playbook\_python' which contains 'current python
executable', it can be blank in some cases in which Ansible is not
invoked via the standard CLI (sys.executable limitation).
- Added 'metadata' to modules to enable classification
- ansible-doc now displays path to module and existing 'metadata'
- added optional 'piped' transfer method to ssh plugin for when scp and
sftp are missing, ssh plugin is also now 'smarter' when using these
options
- default controlpersist path is now a custom hash of host-port-user to
avoid the socket path length errors for long hostnames
- Various fixes for Python3 compatibility
- Fixed issues with inventory formats not handling 'all' and
'ungrouped' in an uniform way.
- 'service' tasks can now use async again, we had lost this capability
when changed into an action plugin.
- made any\_errors\_fatal inheritable from play to task and all other
objects in between.
- many small performance improvements in inventory and variable
handling and in task execution.
- Added a retry class to the ec2\_asg module since customers were
running into throttling errors (AWSRetry is a solution for modules
using boto3 which isn't applicable here).
Deprecations
~~~~~~~~~~~~
- Specifying --tags (or --skip-tags) multiple times on the command line
currently leads to the last one overriding all the previous ones.
This behaviour is deprecated. In the future, if you specify --tags
multiple times the tags will be merged together. From now on, using
--tags multiple times on one command line will emit a deprecation
warning. Setting the merge\_multiple\_cli\_tags option to True in the
ansible.cfg file will enable the new behaviour. In 2.4, the default
will be to merge and you can enable the old overwriting behaviour via
the config option. In 2.5, multiple --tags options will be merged
with no way to go back to the old behaviour.
- Modules (scheduled for removal in 2.5)
- ec2\_vpc
- cl\_bond
- cl\_bridge
- cl\_img\_install
- cl\_interface
- cl\_interface\_policy
- cl\_license
- cl\_ports
- nxos\_mtu, use nxos\_system instead
New: Callbacks
^^^^^^^^^^^^^^
- dense: minimal stdout output with fallback to default when verbose
New: lookups
^^^^^^^^^^^^
- keyring: allows getting password from the 'controller' system's
keyrings
New: cache
^^^^^^^^^^
- pickle (uses python's own serializer)
- yaml
New: inventory scripts
^^^^^^^^^^^^^^^^^^^^^^
- oVirt/RHV
New: filters
^^^^^^^^^^^^
- combinations
- permutations
- zip
- zip\_longest
Module Notes
~~~~~~~~~~~~
- AWS lambda: previously ignored changes that only affected one
parameter. Existing deployments may have outstanding changes that
this bugfix will apply.
- oVirt/RHV: Added support for 4.1 features and the following:
- data centers, clusters, hosts, storage domains and networks
management.
- hosts and virtual machines affinity groups and labels.
- users, groups and permissions management.
- Improved virtual machines and disks management.
- Mount: Some fixes so bind mounts are not mounted each time the
playbook runs.
New Modules
~~~~~~~~~~~
- a10\_server\_axapi3
- amazon:
- aws\_kms
- cloudfront\_facts
- ec2\_group\_facts
- ec2\_lc\_facts
- ec2\_vpc\_igw\_facts
- ec2\_vpc\_nat\_gateway\_facts
- ec2\_vpc\_vgw\_facts
- ecs\_ecr
- elasticache\_parameter\_group
- elasticache\_snapshot
- iam\_role
- s3\_sync
- archive
- beadm
- bigswitch:
- bigmon\_chain
- bigmon\_policy
- cloudengine:
- ce\_command
- cloudscale\_server
- cloudstack:
- cs\_host
- cs\_nic
- cs\_region
- cs\_role
- cs\_vpc
- dimensiondata\_network
- eos:
- eos\_banner
- eos\_system
- eos\_user
- f5:
- bigip\_gtm\_facts
- bigip\_hostname
- bigip\_snat\_pool
- bigip\_sys\_global
- foreman:
- foreman
- katello
- fortios
- fortios\_config
- gconftool2
- google:
- gce\_eip
- gce\_snapshot
- gcpubsub
- gcpubsub\_facts
- hpilo:
- hpilo\_boot
- hpilo\_facts
- hponcfg
- icinga2\_feature
- illumos:
- dladm\_iptun
- dladm\_linkprop
- dladm\_vlan
- ipadm\_addr
- ipadm\_addrprop
- ipadm\_ifprop
- infinidat:
- infini\_export
- infini\_export\_client
- infini\_fs
- infini\_host
- infini\_pool
- infini\_vol
- ipa:
- ipa\_group
- ipa\_hbacrule
- ipa\_host
- ipa\_hostgroup
- ipa\_role
- ipa\_sudocmd
- ipa\_sudocmdgroup
- ipa\_sudorule
- ipa\_user
- ipinfoio\_facts
- ios:
- ios\_banner
- ios\_system
- ios\_vrf
- iosxr\_system
- iso\_extract
- java\_cert
- jenkins\_script
- ldap:
- ldap\_attr
- ldap\_entry
- logstash\_plugin
- mattermost
- net\_command
- netapp:
- sf\_account\_manager
- sf\_snapshot\_schedule\_manager
- sf\_volume\_manager
- sf\_volume\_access\_group\_manager
- nginx\_status\_facts
- nsupdate
- omapi\_host
- openssl:
- openssl\_privatekey
- openssl\_publickey
- openstack:
- os\_nova\_host\_aggregate
- os\_quota
- openwrt\_init
- ordnance:
- ordnance\_config
- ordnance\_facts
- ovirt:
- ovirt\_affinity\_groups
- ovirt\_affinity\_labels
- ovirt\_affinity\_labels\_facts
- ovirt\_clusters
- ovirt\_clusters\_facts
- ovirt\_datacenters
- ovirt\_datacenters\_facts
- ovirt\_external\_providers
- ovirt\_external\_providers\_facts
- ovirt\_groups
- ovirt\_groups\_facts
- ovirt\_host\_networks
- ovirt\_host\_pm
- ovirt\_hosts
- ovirt\_hosts\_facts
- ovirt\_mac\_pools
- ovirt\_networks
- ovirt\_networks\_facts
- ovirt\_nics
- ovirt\_nics\_facts
- ovirt\_permissions
- ovirt\_permissions\_facts
- ovirt\_quotas
- ovirt\_quotas\_facts
- ovirt\_snapshots
- ovirt\_snapshots\_facts
- ovirt\_storage\_domains
- ovirt\_storage\_domains\_facts
- ovirt\_tags
- ovirt\_tags\_facts
- ovirt\_templates
- ovirt\_templates\_facts
- ovirt\_users
- ovirt\_users\_facts
- ovirt\_vmpools
- ovirt\_vmpools\_facts
- ovirt\_vms\_facts
- pacemaker\_cluster
- packet:
- packet\_device
- packet\_sshkey
- pamd
- panos:
- panos\_address
- panos\_admin
- panos\_admpwd
- panos\_cert\_gen\_ssh
- panos\_check
- panos\_commit
- panos\_dag
- panos\_import
- panos\_interface
- panos\_lic
- panos\_loadcfg
- panos\_mgtconfig
- panos\_nat\_policy
- panos\_pg
- panos\_restart
- panos\_security\_policy
- panos\_service
- postgresql\_schema
- proxmox\_kvm
- proxysql:
- proxysql\_backend\_servers
- proxysql\_global\_variables
- proxysql\_manage\_config
- proxysql\_mysql\_users
- proxysql\_query\_rules
- proxysql\_replication\_hostgroups
- proxysql\_scheduler
- pubnub\_blocks
- pulp\_repo
- runit
- serverless
- set\_stats
- panos:
- panos\_security\_policy
- smartos:
- imgadm
- vmadm
- sorcery
- stacki\_host
- swupd
- tempfile
- tower:
- tower\_credential
- tower\_group
- tower\_host
- tower\_inventory
- tower\_job\_template
- tower\_label
- tower\_organization
- tower\_project
- tower\_role
- tower\_team
- tower\_user
- vmware:
- vmware\_guest\_facts
- vmware\_guest\_snapshot
- web\_infrastructure:
- jenkins\_script
- system
- parted
- windows:
- win\_disk\_image
- win\_dns\_client
- win\_domain
- win\_domain\_controller
- win\_domain\_membership
- win\_find
- win\_msg
- win\_path
- win\_psexec
- win\_reg\_stat
- win\_region
- win\_say
- win\_shortcut
- win\_tempfile
- xbps
- zfs:
- zfs\_facts
- zpool\_facts