Commit Graph

3654 Commits (3a1b5ec620f1f822e9c78f0d0ab84d8b1e8b7f59)
 

Author SHA1 Message Date
Alex Willmer 3a1b5ec620 CI: Increase sshd MaxAuthRetries to 50 on macOS runners
refs #1186
3 weeks ago
Alex Willmer 8cfcb66cda CI: Refactor sshd configuration into a role
Prep for applying it to macOS 13 GitHub runners.

refs #1186
3 weeks ago
Alex Willmer 9e0dad2a1a ansible_mitogen: Templated SSH host key checking
refs #1083
3 weeks ago
Alex Willmer 9189c01c16
Merge pull request #1181 from moreati/issue1083-private_key_file
ansible_mitogen: Templated SSH private key file
3 weeks ago
Alex Willmer c7df5c97c1 ansible_mitogen: Templated SSH private key file 3 weeks ago
Alex Willmer 5895ccadd2
Merge pull request #1183 from moreati/issue1182
CI: Fix incorrect u=r,g=r,o=rw file permissions on mitogen__has_sudo_pubkey.key
3 weeks ago
Alex Willmer 43cc937bc6 CI: Fix incorrect u=r,g=r,o=rw file permissions on mitogen__has_sudo_pubkey.key
The wrong base was used when calculating the mode. So the file became world
readable and writable on a CI runner, until
ansible/integration/ssh/variables.yml happened to correct it near the end of
the integration tests.

I believe this was the only instance.

```console
mitogen git:(issue1182) ✗ ag --python 'int\(.+7\)' . .ci | wc -l
       0
```

fixes #1182
3 weeks ago
Alex Willmer a35b208acd
Merge pull request #1179 from moreati/prep-v0.3.16
Prepare v0.3.16
3 weeks ago
Alex Willmer 757527635d Begin v0.3.17dev 3 weeks ago
Alex Willmer d28dd09e23 Prepare v0.3.16 3 weeks ago
Alex Willmer df8f11d731
Merge pull request #1176 from moreati/issue1133
CI: Migrate to from macOS 12 to 13 test runners
3 weeks ago
Alex Willmer 06df62c8b8 CI: Migrated macOS 12 runners to macOS 13, due to EOL.
macOS Python 2.7 jobs have been removed because the macOS 13 image doesn't
include CPython 2.7.
3 weeks ago
Alex Willmer 88e7c568d2
Merge pull request #1175 from moreati/issue1083-ssh_executable
ansible_mitogen: Templated ssh executable
3 weeks ago
Alex Willmer 833e2845e9 ansible_mitogen: Templated ssh executable, templated reset_connection fix
Adding a the tt-ssh-executable test target uncovered an Ansible bug during
`meta: reset_connection` tasks. So this commit includes a workaround for
affected versions of Ansible.
3 weeks ago
Alex Willmer 89244703ff
Merge pull request #1174 from moreati/issue1083-become_flags
ansible_mitogen: Template become command arguments (become_flags)
4 weeks ago
Alex Willmer 66ea10d577 ansible_mitogen: Template become command arguments (become_flags)
Uses the same fallback for (mitogen_sudo et al) as become_exe (see #1173).

The new `Spec.become_flags()` is not yet explicitly tested. Note that it
returns a string (matching the Ansible option of the same name), whereas
`Spec.sudo_args()` returns a list.

refs #1083
4 weeks ago
Alex Willmer 04f7b7a282
Merge pull request #1172 from moreati/issue1083-become_exe
ansible_mitogen: Support templated become_exe option
4 weeks ago
Alex Willmer ec9b3e5c5d ansible_mitogen: Support templated become_exe option
Some ansible_mitogen connection plugins look more like become plugins (e.g.
mitogen_sudo) & use become plugin options. For now there's special handling in
PlayContextSpec._become_option(). Further design/discussion can go in #1173.

Refs #1087.
4 weeks ago
Alex Willmer 06a82d3944
Merge pull request #1170 from moreati/prep-v0.3.15
Prep v0.3.15
4 weeks ago
Alex Willmer 26c4c33ad3 Begin 0.3.16dev 4 weeks ago
Alex Willmer 7634e2c469 Prepare v0.3.15 4 weeks ago
Alex Willmer 0526f8e167
Merge pull request #1169 from moreati/issue1083-become_pass
ansible_mitogen: Support templated become passwords
4 weeks ago
Alex Willmer 7e5b064139 ansible_mitogen: Support templated become passwords 4 weeks ago
Alex Willmer 21e002af2d
Merge pull request #1168 from moreati/issue1083-become_pass
tests: Re-enable become/sudo tests, fix them on macOS runners
1 month ago
Alex Willmer 8a34b925a4 tests: Re-enable become/sudo tests, fix them on macOS runners
The tasks in tests/imageprep/_user_accounts.yml that create users did not
specify a primary group for those users - this left the decision to Ansible's
user module, and/or the underlying OS. In Ansible 9+ (ansible-core 2.16+ the
user module defaults to primary group "staff." Earlier don't supply a default,
which releases probably results in a primary group nameed "None" (due to
stringifying the Python singleton of the same name), or whatever the macOS
Directory Services has for no data/NULL.

The invalid GID 4294967295 (MAX_UINT32 == 2**32-1) in the sudo error probably
enters the mix via something similar to sudo CVE-2019-14287.

Fixes #692

See
- https://github.com/ansible/ansible/pull/79999
- https://github.com/ansible/ansible/commit/c69c83c962f987c78af98da0746527df
- https://www.sudo.ws/security/advisories/minus_1_uid/

> Bruce Wayne : [confused]  Am I meant to understand any of that?
> Lucius Fox : Not at all, I just wanted you to know how hard it was.
> -- Batman Begins
1 month ago
Alex Willmer 257d602a11
Merge pull request #1167 from moreati/issue905
ansible_mitogen: Template `ssh_args`, `ssh_common_args`, `ssh_extra_args`
1 month ago
Alex Willmer cdfaf31ebc ansible_mitogen: Template ssh_*_args connection options
This expands support to setting them in Play scoped variables. Task scoped
variables are also very likely to work, but untested for now.

refs #905
1 month ago
Alex Willmer a1d079acd7
Merge pull request #1163 from moreati/prep-v0.3.14
Prep v0.3.14
1 month ago
Alex Willmer d35ca3e4af Begin 0.3.15.dev 1 month ago
Alex Willmer c4ca015266 Prepare v0.3.14 1 month ago
Alex Willmer a07489dbd4
Merge pull request #1148 from mordekasg/#1083
ansible_mitogen: Support templated `become_user`
1 month ago
Alex Willmer bf6607e27e ansible_mitogen: Support templated become_user
This reads the become username from the `become_user` attribute of the play
context, to the `"become_user"` option of the loaded become plugin. This has
been supported by vanilla Ansible since Ansible 2.10 (ansible-base 2.10).

To support this I've also switched from using the `play_context.become` (a
bool), to `connection.become` (an instance of the appropriate) become plugin.

New tests have been added, modelled on those for templated connection
parameters (see #1147, #1153, #1159).

See
- 480b106d65

refs #1083

Co-authored-by: mordek <m.pirog@bonasoft.pl>
1 month ago
Alex Willmer 3b2b03bd97
Merge pull request #1150 from moreati/local-options
Add and test templated local connection parameters
2 months ago
Alex Willmer e9bddf0c03 CI: Use templated ansible_user for localhost Ansible tests
refs #1022, #1116
2 months ago
Alex Willmer f384fc33d0
Merge pull request #1159 from moreati/test-distro-specs
ci: Consolidate Mitogen jobs
2 months ago
Alex Willmer 28e08ef94c ci: Reduce number of Jobs by parameterizing Mitogen Docker SSH tests
This reduces the number of jobs from 48 to 24. The Mitogen part of the test
suite has been parameterized on the Linux container targets to be run against.
Both the Ansible tests & Mitogen tests now use the same source of truth to
control which targets to use: environment variable MITOGEN_TEST_DISTRO_SPECS.
This replaces the two mutually exclusive env vars DISTRO and DISTROS. I've
also removed vestgial traces of an unused env var MITOGEN_TEST_DISTRO.

Parameterization adapted from
https://eli.thegreenplace.net/2014/04/02/dynamically-generating-python-test-cases

refs #1058, #1059
2 months ago
Alex Willmer 9859e44ee8 tests: Standardise on DockerizedSshDaemon.host & .port 2 months ago
Alex Willmer c45b13bee3
Merge pull request #1154 from moreati/test-port-keyword
tests: templated remote_user keyword with delegate_to
2 months ago
Alex Willmer 5e816be12c tests: Templated connection keywords with delegated_to 2 months ago
Alex Willmer 825a84a0d1
Merge pull request #1153 from moreati/issue1040
tests: Templated "remote_user" provided as Ansible playbook keyword
2 months ago
Alex Willmer 5d6a185242 tests: Templated "remote_user" provided as Ansible playbook keyword
The password is provided as a variable because there is no corresponding
keyword. I get the impression that keywords are considered a legacy mechanism,
so most (new) options are only overridable by variables.

The port is proved as a variable for now, to test remote_name in isolation.
2 months ago
Alex Willmer 24e39b241f
Merge pull request #1151 from moreati/prep-0.3.13
Prepare 0.3.13
2 months ago
Alex Willmer 47e25eb8c5 Begin 0.3.14 development 2 months ago
Alex Willmer 8dec038941 Prepare v0.3.13 2 months ago
Alex Willmer b91407a779 docs: Correct v0.3.12 version in changelog
fixes #1149
2 months ago
Alex Willmer 11fe832a79
Merge pull request #1075 from moreati/issue1073
Python 3.13 support
2 months ago
Alex Willmer 62b75f7750 docs: shields.io badges for PyPI version & supported Python versions 2 months ago
Alex Willmer 9cdd51cf5b Declare Python 3.13 support
No code changes needed, that I could find.
2 months ago
Alex Willmer e2c112d2fe
Merge pull request #1146 from stefanor/python3.13
Remove get_password_hash, unused
2 months ago
Stefano Rivera 34d441fb87 Remove get_password_hash, unused
spwd is removed in Python 3.13. But fortunately, this function itself is
never used.

Part of: #1073
2 months ago