Commit Graph

859 Commits (7e5b0641393d42b1e7e1bf27c9283ea05aa8209f)

Author SHA1 Message Date
Alex Willmer 7e5b064139 ansible_mitogen: Support templated become passwords 2 days ago
Alex Willmer 8a34b925a4 tests: Re-enable become/sudo tests, fix them on macOS runners
The tasks in tests/imageprep/_user_accounts.yml that create users did not
specify a primary group for those users - this left the decision to Ansible's
user module, and/or the underlying OS. In Ansible 9+ (ansible-core 2.16+ the
user module defaults to primary group "staff." Earlier don't supply a default,
which releases probably results in a primary group nameed "None" (due to
stringifying the Python singleton of the same name), or whatever the macOS
Directory Services has for no data/NULL.

The invalid GID 4294967295 (MAX_UINT32 == 2**32-1) in the sudo error probably
enters the mix via something similar to sudo CVE-2019-14287.

Fixes #692

See
- https://github.com/ansible/ansible/pull/79999
- https://github.com/ansible/ansible/commit/c69c83c962f987c78af98da0746527df
- https://www.sudo.ws/security/advisories/minus_1_uid/

> Bruce Wayne : [confused]  Am I meant to understand any of that?
> Lucius Fox : Not at all, I just wanted you to know how hard it was.
> -- Batman Begins
2 days ago
Alex Willmer cdfaf31ebc ansible_mitogen: Template ssh_*_args connection options
This expands support to setting them in Play scoped variables. Task scoped
variables are also very likely to work, but untested for now.

refs #905
6 days ago
Alex Willmer d35ca3e4af Begin 0.3.15.dev 2 weeks ago
Alex Willmer c4ca015266 Prepare v0.3.14 2 weeks ago
Alex Willmer bf6607e27e ansible_mitogen: Support templated become_user
This reads the become username from the `become_user` attribute of the play
context, to the `"become_user"` option of the loaded become plugin. This has
been supported by vanilla Ansible since Ansible 2.10 (ansible-base 2.10).

To support this I've also switched from using the `play_context.become` (a
bool), to `connection.become` (an instance of the appropriate) become plugin.

New tests have been added, modelled on those for templated connection
parameters (see #1147, #1153, #1159).

See
- 480b106d65

refs #1083

Co-authored-by: mordek <m.pirog@bonasoft.pl>
2 weeks ago
Alex Willmer 28e08ef94c ci: Reduce number of Jobs by parameterizing Mitogen Docker SSH tests
This reduces the number of jobs from 48 to 24. The Mitogen part of the test
suite has been parameterized on the Linux container targets to be run against.
Both the Ansible tests & Mitogen tests now use the same source of truth to
control which targets to use: environment variable MITOGEN_TEST_DISTRO_SPECS.
This replaces the two mutually exclusive env vars DISTRO and DISTROS. I've
also removed vestgial traces of an unused env var MITOGEN_TEST_DISTRO.

Parameterization adapted from
https://eli.thegreenplace.net/2014/04/02/dynamically-generating-python-test-cases

refs #1058, #1059
3 weeks ago
Alex Willmer 47e25eb8c5 Begin 0.3.14 development 3 weeks ago
Alex Willmer 8dec038941 Prepare v0.3.13 3 weeks ago
Alex Willmer b91407a779 docs: Correct v0.3.12 version in changelog
fixes #1149
3 weeks ago
Alex Willmer 9cdd51cf5b Declare Python 3.13 support
No code changes needed, that I could find.
3 weeks ago
Alex Willmer 77a01ff8d6 ansible_mitogen: Support templated SSH port
fixes #978
3 weeks ago
Joshua K 2c4316fa16
Fix rST whitespace error in changelog entry.
Co-authored-by: Alex Willmer <alex@moreati.org.uk>
3 weeks ago
Joshua M. Keyes 6053e1b5cf ansible_mitogen: Handle templated ansible_ssh_user. 3 weeks ago
Alex Willmer 1773c9aba6 trivia: Fix trailing whitespace 3 weeks ago
Alex Willmer 9f0566b522 docs: Changelog entry for migration to GitHub Actions
refs #1138
3 weeks ago
Alex Willmer 61b800781b Begin v0.3.13 development 3 weeks ago
Alex Willmer 298d28a650 Prep v0.3.12 3 weeks ago
Alex Willmer 3f288f934a docs: Correct 0.3.11 release month
Reports of Mitogen's time machine will have been greatly exaggerated.
3 weeks ago
Alex Willmer b05b2c8c8e CI: Add re-actors/alls-green GitHub Actions job
This will allow a single job to be required in the GitHub branch protection
web UI; regardless of which jobs are added to or removed from the matrix of
platform specific, Ansible specific jobs.
3 weeks ago
Alex Willmer 3504bea3bb tests: Ignore inventory files of inactive tests & benchmarks
These targets are not used by any active tests, and the large numbers of hosts
multiply the size of the taskvars disctionary in memory to many (10s) MiB.

refs #1058
3 weeks ago
Alex Willmer 6accc87da1 tests: Improve Ansible fail_msg formatting
By switching to block style (`|`) with clip (no `-` or `+`) the failure
messages don't require quoting and gain a single trailing newline. This causes
Ansible to print them as block style, when using the yaml stdout callback
plugin. As a result the values have one less layer of quoting and quote
escaping, making them much easier to read.
3 weeks ago
Alex Willmer 551690ee1d ansible_mitogen: Handle templated connection passwords and ansible_ssh_password
This switches `ansible_mitogen.transport_config.PlayContextSpec.password()` to
Ansible's plugin option framework. As a result
- The relatively recent `ansible_ssh_password` variable is now respected.
- The SSH connection password can be templated and specified as a play
  variable. Task variables will probably also work, but testing was blocked
  by #1132.

There is a chance this change will cause a regression in another connection
plugin (e.g. mitogen_docker), but nothing turned up in the test suite.
I intend ot migrate other connection configuration to
`ansible_mitogen.transport_config.PlayContextSpec._connect_option()`, the next
candidate is the remote port.

fixes #1106
3 weeks ago
Alex Willmer 3bdd3e237a tests: Coverage of support for ansible_ssh_password variable 3 weeks ago
michael.dsilva d0993e9918 allow ansible_ssh_password as it is documented as valid in current ansible documentation
Co-authored-by: Alex Willmer <alex@moreati.org.uk>
4 weeks ago
Alex Willmer 809d169d36 Begin v0.3.12dev 4 weeks ago
Alex Willmer c63dc0e080 Prepare v0.3.11 4 weeks ago
Alex Willmer 4f60d01f09 CI: Enable GitHub Actions testing workflow
This replicate the existing Azure DevOps workflow, and adds a couple of new
jobs (Python 2.7 on macOS, Python + vanilla Ansible on Linux).

The GitHub Actions use container images hosted on GitHub Container Registry
(GHCR, ghcr.io/mitogen-hq). These images have been copied straight from the
existing Amazon Elastic Cloud Registry (AWS ECR, public.ecr.aws/n5z0e8q9).

A short period of parallel running is planned. Then a second PR will remove
the Azure DevOps workflow.
1 month ago
Alex Willmer 34088a8b7f ansible_mitogen: Consolidate Python 2 & 3 compatibility
Rough guidelines, in decending preference:
- Use mitogen.core if possible
- Use ansible.module_utils.six if possible
- Embed a getattr() or try/except

viewkeys() et al can't be brought into mitogen.core because that package still
targets Python 2.4. dict.viewkeys() were introduced in Python 2.7.
1 month ago
Alex Willmer 0a908d76da ansible_mitogen: Remove fallback imports for Ansible < 2.10 1 month ago
Alex Willmer b1fd6038bf ansible_mitogen: Remove Python 2.4 and 2.5 backward compatibility fallbacks
Because ansible_mitogen >= 0.3 supports Ansible >= 2.10 and Ansible 2.10
requires supports Python >= 2.7 on controllers and Python >= 2.6 on targets
these are dead weight.

See
- https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix
- tox.ini
1 month ago
Alex Willmer c6cf08ab39 mitogen: Consolidate back compatibility fallbacks and polyfills in mitogen.core
This saves some bytes on the wire ad simplifies reasoning about the code.
1 month ago
Alex Willmer ce6297b0e9 Begin v0.3.11 1 month ago
Alex Willmer cea2e7b98d Prepare v0.3.10 1 month ago
Gaige B Paulsen 2ba1b2b3f8
Fix: termios.error: (22, 'Invalid argument') during `become` on Solaris/Illumos/SmartOS (#1089)
This fixes compatibility with Solaris/Illumos/SmartOS, addressing an issue that shows up most frequently with become. The issue was mostly due to differences in how the TTY driver is handled and the pty driver not supporting echo on both sides of the pipe (as designed, from a Solaris point of view).

Fixes #950

Co-authored-by: Alex Willmer <alex@moreati.org.uk>
1 month ago
Alex Willmer d032c591c2 tests: Retry container process check during teardown
I'm about 75% sure the check is an unavoidable race condition, see
https://github.com/mitogen-hq/mitogen/issues/694#issuecomment-2338001694. If
it occurs again, then reopen the issue.

Fixes #694
2 months ago
Alex Willmer 79ed797bad tests: Test templating of ansible_ssh_common_args et al
refs #905
2 months ago
Alex Willmer 5af6534a70 tests: Test AnsibleUnsafeText when copying files larger SMALL_FILE_LIMIT
The bug was fixed in a previous commit by Jonathan Rosser. This adds testing.
The bug is only triggered when the copy module is used inside a `with_items:`
loop and the destination filename has an extension. A `loop:` loop is not
sufficient.

refs #1110
2 months ago
Alex Willmer 5ab872f289 ansible_mitogen: Add regression test for ActionModuleMixin._remote_chmod()
Adapted from Jonathon's reproducer in #1087.
2 months ago
Alex Willmer d15051b187 Begin v0.3.10dev 3 months ago
Alex Willmer 6fbad3ae7d Prepare v0.3.9 3 months ago
Alex Willmer c948e6668a docs: Remove email form from website
https://networkgenomics.com is no longer served, so the form submission would
fail.
3 months ago
Alex Willmer 2edcb31996 docs: Remove piwik analytics hooks from website
https://networkgenomics.com is no longer served, so the javascript and other
attempts to beacon or redirect result in HTTP errors.
3 months ago
Alex Willmer 357fe38766 Ansible 10 (ansible-core 2.17) support
Notably
- Python 2.7 and 3.6 are no longer supported by Ansible on targets
- The yum module has been removed, and redirected to dnf
- _INTERPRETER_PYTHON_DISTRO_MAP has been neutered. Interpreter discovery
  always favours specific `python3.<x>` interpreters in decending version
  order, then generic `python3` or `python`.
- Add the ability for an action plugin to call self._execute_module(*,
  ignore_unknown_opts=True) to execute a module with options that may not be
  supported for the version being called.

https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_10.html
https://github.com/ansible-community/ansible-build-data/blob/main/10/CHANGELOG-v10.md
https://github.com/ansible/ansible/blob/stable-2.17/changelogs/CHANGELOG-v2.17.rst

fixes #1074, refs #1082

Co-authored-by: Claude Becker <becker@phys.ethz.ch>
3 months ago
Alex Willmer 40695f413b ansible_mitogen: Respect ansible_facts.discovered_interpreter_python more
fixes #1097
3 months ago
Alex Willmer 62cde17150 Start v0.3.9 development 3 months ago
Alex Willmer e334b50d9d Prepare v0.3.8 3 months ago
Alex Willmer 924dbd6f0c CI: Migrate macOS integration tests to macOS 12, drop Python 2.7 jobs
macOS 11 is not longer an available runner on Azure Devops. The minimum is now
macOS 12. This runner does not have Python 2.7 installed, so running them
would require a custom install - which I'm declaring too much effort for too
little gain.

refs #1090
3 months ago
Alex Willmer 05d98e5b49 tests: Speed up ssh timeout tests 6 months ago
Philippe Kueck ec05e542b4
Fix 'ansible_host_key_checking' and 'ansible_ssh_host_key_checking' for
adding new hosts to the inventory using 'add_hosts'

Co-authored-by: Alex Willmer <alex@moreati.org.uk>
6 months ago