a-c-m
/
community.general
mirror of https://github.com/ansible-collections/community.general.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
community.general/lib/ansible/constants.py

278 lines
19 KiB
Python
Raw Normal View History

Update various copyrights. Not complete, but sufficient.
2014-01-04 18:31:44 +00:00
# (c) 2012-2014, Michael DeHaan <michael.dehaan@gmail.com>
Relicensing to GPLv3, all previous committers ok'd on mailing list.
2012-02-29 00:08:09 +00:00
#
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
Making the switch to v2
2015-05-04 02:47:26 +00:00
# Make coding more python3-ish
Add python3-compat boilerplate to all .py files in lib/ansible
2015-10-20 01:36:19 +00:00
from __future__ import (absolute_import, division, print_function)
Making the switch to v2
2015-05-04 02:47:26 +00:00
__metaclass__ = type
Update constants.py to pull module path and the hosts file from the environment (ANSIBLE_{LIBRARY,HOSTS}) if defined. Update manpages to represent this. Also update the env-setup script to set ANSIBLE_{LIBRARY,HOSTS}.
2012-03-05 21:06:02 +00:00
import os
unquote strings in the ansible config file
2015-07-06 21:12:10 +00:00
from string import ascii_letters, digits
Making the switch to v2
2015-05-04 02:47:26 +00:00
Bundle a new version of python-six for compatibility along with some code to make it easy for distributions to override the bunndled copy if they have a new enough version.
2015-10-16 00:55:23 +00:00
from ansible.compat.six import string_types
from ansible.compat.six.moves import configparser
Update constants.py to pull module path and the hosts file from the environment (ANSIBLE_{LIBRARY,HOSTS}) if defined. Update manpages to represent this. Also update the env-setup script to set ANSIBLE_{LIBRARY,HOSTS}.
2012-03-05 21:06:02 +00:00
Break apart a looped dependency to show a warning when parsing playbooks Display a warning when a dict key is overwritten by pyyaml Fixes #12888
2015-10-26 21:23:09 +00:00
from ansible.parsing.quoting import unquote
now verbose mode shows config file used
2015-07-04 14:23:30 +00:00
from ansible.errors import AnsibleOptionsError
Makes host key checking the default behavior but can be disabled in ansible.cfg or by environment variable.
2013-07-03 20:47:20 +00:00
# copied from utils, avoid circular reference fun :)
def mk_boolean(value):
These fields are booleans.
2013-08-10 22:16:01 +00:00
if value is None:
return False
Makes host key checking the default behavior but can be disabled in ansible.cfg or by environment variable.
2013-07-03 20:47:20 +00:00
val = str(value)
if val.lower() in [ "true", "t", "y", "1", "yes" ]:
return True
else:
return False
Add ispath type for constants and make sure all local paths are ispath=True Fixes #12180
2015-09-01 18:47:07 +00:00
def shell_expand(path):
'''
shell_expand is needed as os.path.expanduser does not work
when path is None, which is the default for ANSIBLE_PRIVATE_KEY_FILE
'''
if path:
path = os.path.expanduser(os.path.expandvars(path))
return path
def get_config(p, section, key, env_var, default, boolean=False, integer=False, floating=False, islist=False, isnone=False, ispath=False):
Makes host key checking the default behavior but can be disabled in ansible.cfg or by environment variable.
2013-07-03 20:47:20 +00:00
''' return a configuration variable with casting '''
value = _get_config(p, section, key, env_var, default)
if boolean:
Making the switch to v2
2015-05-04 02:47:26 +00:00
value = mk_boolean(value)
if value:
if integer:
value = int(value)
elif floating:
value = float(value)
elif islist:
unquote strings in the ansible config file
2015-07-06 21:12:10 +00:00
if isinstance(value, string_types):
Making the switch to v2
2015-05-04 02:47:26 +00:00
value = [x.strip() for x in value.split(',')]
Don't convert nulls to strings. This change is similar to https://github.com/ansible/ansible/pull/10465 It extends the logic there to also support none types. Right now if you have a '!!null' in yaml, and that var gets passed around, it will get converted to a string. eg. defaults/main.yml ``` ENABLE_AWESOME_FEATURE: !!null # Yaml Null OTHER_CONFIG: secret1: "so_secret" secret2: "even_more_secret" CONFIG: hostname: "some_hostname" features: awesame_feature: "{{ ENABLE_AWESOME_FEATURE}}" secrets: "{{ OTHER_CONFIG }}" ``` If you output `CONFIG` to json or yaml, the feature flag would get represented in the output as a string instead of as a null, but secrets would get represented as a dictionary. This is a mis-match in behaviour where some "types" are retained and others are not. This change should fix the issue. I also updated the template test to test for this and made the changes to v2. Added a changelog entry specifically for the change from empty string to null as the default. Made the null representation configurable. It still defaults to the python NoneType but can be overriden to be an emptystring by updating the DEFAULT_NULL_REPRESENTATION config.
2015-05-08 14:12:36 +00:00
elif isnone:
if value == "None":
value = None
Add ispath type for constants and make sure all local paths are ispath=True Fixes #12180
2015-09-01 18:47:07 +00:00
elif ispath:
value = shell_expand(value)
Small tweak to 7551b75 to correct the ordering of tests
2015-09-01 18:48:59 +00:00
elif isinstance(value, string_types):
value = unquote(value)
Makes host key checking the default behavior but can be disabled in ansible.cfg or by environment variable.
2013-07-03 20:47:20 +00:00
return value
Remove unused parameter from _get_config
2013-12-12 16:48:02 +00:00
def _get_config(p, section, key, env_var, default):
Makes host key checking the default behavior but can be disabled in ansible.cfg or by environment variable.
2013-07-03 20:47:20 +00:00
''' helper function for get_config '''
Docs + fix variable precedence of environment variables (ok, ok, I give in!)
2012-10-16 22:40:01 +00:00
if env_var is not None:
Env var vs config priority fixing
2012-10-18 02:34:59 +00:00
value = os.environ.get(env_var, None)
if value is not None:
return value
config file support
2012-08-13 23:17:14 +00:00
if p is not None:
try:
Make ssh's ControlPath configurable via ansible.cfg This shouldn't generally be needed unless you're working in an environment that uses rediculously long FQDNs; if the name is too long, you wind up hitting unix domain socket filepath limits enforced by ssh.
2013-09-18 19:03:40 +00:00
return p.get(section, key, raw=True)
config file support
2012-08-13 23:17:14 +00:00
except:
return default
delete extra else clause
2012-10-19 00:27:39 +00:00
return default
Add support for specifying sudo passwords to both ansible & playbook. Nopasswd sudo is no longer required.
2012-04-13 23:06:11 +00:00
config file support
2012-08-13 23:17:14 +00:00
def load_config_file():
Config resoution order correction and documentation.
2014-02-14 20:34:58 +00:00
''' Load Config File order(first found is used): ENV, CWD, HOME, /etc/ansible '''
Making the switch to v2
2015-05-04 02:47:26 +00:00
p = configparser.ConfigParser()
Config resoution order correction and documentation.
2014-02-14 20:34:58 +00:00
path0 = os.getenv("ANSIBLE_CONFIG", None)
if path0 is not None:
path0 = os.path.expanduser(path0)
Don't stat None Fixes #11794, regression introduced by #11010
2015-07-30 02:28:30 +00:00
if os.path.isdir(path0):
path0 += "/ansible.cfg"
GH-4452 Corrected config load order to match docs with cwd > ~ > /etc Signed-off-by: Philip Schwartz <philip.schwartz@rackspace.com>
2013-10-11 13:25:57 +00:00
path1 = os.getcwd() + "/ansible.cfg"
Config resoution order correction and documentation.
2014-02-14 20:34:58 +00:00
path2 = os.path.expanduser("~/.ansible.cfg")
Add support for ./ansible.cfg file Ansible support configuration in: ``` ~/.ansible.cfg /etc/ansible/ansible.cfg ``` this patch add current user (usefull where user have some different projects) with the oreder: ``` ./ansible.cfg ~/.ansible.cfg /etc/ansible/ansible.cfg ```
2012-09-10 14:57:32 +00:00
path3 = "/etc/ansible/ansible.cfg"
Config resoution order correction and documentation.
2014-02-14 20:34:58 +00:00
for path in [path0, path1, path2, path3]:
if path is not None and os.path.exists(path):
Handle exceptions during config file parsing Handle uncaught exceptions during config file parsing
2014-08-29 14:43:30 +00:00
try:
p.read(path)
Making the switch to v2
2015-05-04 02:47:26 +00:00
except configparser.Error as e:
now verbose mode shows config file used
2015-07-04 14:23:30 +00:00
raise AnsibleOptionsError("Error reading config file: \n{0}".format(e))
return p, path
return empty string when config file is not used
2015-07-05 16:50:36 +00:00
return None, ''
config file support
2012-08-13 23:17:14 +00:00
now verbose mode shows config file used
2015-07-04 14:23:30 +00:00
p, CONFIG_FILE = load_config_file()
config file support
2012-08-13 23:17:14 +00:00
refactor to catch edge cases, remove repeated code - Move all the supported YAML file extensions into a constant - Use helper functions to avoid duplicate code for group/host vars - Catch and disallow some confusing situations, such as the presence of multiple group/host vars files for the same group/host, but with different extensions. For example having both group_vars/all.yml and group_vars/all.yaml. - Catch and report file system permission issues, symlink errors, unexpected file system objects - Trivial performance improvement from making fewer stat system calls - Restructuring that makes it easy for a following patch to support directory recursion
2013-10-31 17:05:52 +00:00
# check all of these extensions when looking for yaml files for things like
Also search .json filenames
2014-03-07 02:47:49 +00:00
# group variables -- really anything we can load
YAML_FILENAME_EXTENSIONS = [ "", ".yml", ".yaml", ".json" ]
refactor to catch edge cases, remove repeated code - Move all the supported YAML file extensions into a constant - Use helper functions to avoid duplicate code for group/host vars - Catch and disallow some confusing situations, such as the presence of multiple group/host vars files for the same group/host, but with different extensions. For example having both group_vars/all.yml and group_vars/all.yaml. - Catch and report file system permission issues, symlink errors, unexpected file system objects - Trivial performance improvement from making fewer stat system calls - Restructuring that makes it easy for a following patch to support directory recursion
2013-10-31 17:05:52 +00:00
Make random cowsay truly random Also adds a cowsay whitelist config option, because there are some truly NSFW stencils that come with cowsay by default.
2015-10-15 14:32:55 +00:00
# the default whitelist for cow stencils
DEFAULT_COW_WHITELIST = ['bud-frogs', 'bunny', 'cheese', 'daemon', 'default', 'dragon', 'elephant-in-snake', 'elephant',
'eyes', 'hellokitty', 'kitty', 'luke-koala', 'meow', 'milk', 'moofasa', 'moose', 'ren', 'sheep',
'small', 'stegosaurus', 'stimpy', 'supermilker', 'three-eyes', 'turkey', 'turtle', 'tux', 'udder',
'vader-koala', 'vader', 'www',]
config file support
2012-08-13 23:17:14 +00:00
# sections in config file
DEFAULTS='defaults'
Add ispath type for constants and make sure all local paths are ispath=True Fixes #12180
2015-09-01 18:47:07 +00:00
DEPRECATED_HOST_LIST = get_config(p, DEFAULTS, 'hostfile', 'ANSIBLE_HOSTS', '/etc/ansible/hosts', ispath=True)
make new inventory config take precedence over old hostfile config fixes #11907
2015-08-18 07:27:39 +00:00
minor spelling changes
2015-07-10 16:42:59 +00:00
# generally configurable things
Making the switch to v2
2015-05-04 02:47:26 +00:00
DEFAULT_DEBUG = get_config(p, DEFAULTS, 'debug', 'ANSIBLE_DEBUG', False, boolean=True)
Add ispath type for constants and make sure all local paths are ispath=True Fixes #12180
2015-09-01 18:47:07 +00:00
DEFAULT_HOST_LIST = get_config(p, DEFAULTS,'inventory', 'ANSIBLE_INVENTORY', DEPRECATED_HOST_LIST, ispath=True)
DEFAULT_MODULE_PATH = get_config(p, DEFAULTS, 'library', 'ANSIBLE_LIBRARY', None, ispath=True)
DEFAULT_ROLES_PATH = get_config(p, DEFAULTS, 'roles_path', 'ANSIBLE_ROLES_PATH', '/etc/ansible/roles', ispath=True)
Don't expand remote_tmp path locally
2014-07-29 12:13:50 +00:00
DEFAULT_REMOTE_TMP = get_config(p, DEFAULTS, 'remote_tmp', 'ANSIBLE_REMOTE_TEMP', '$HOME/.ansible/tmp')
config file support
2012-08-13 23:17:14 +00:00
DEFAULT_MODULE_NAME = get_config(p, DEFAULTS, 'module_name', None, 'command')
DEFAULT_PATTERN = get_config(p, DEFAULTS, 'pattern', None, '*')
For defaults that are integers, enforce it for config supplied values. If a user supplies a string in the config (rather than an int), the code should fix that- or blow up immediately- rather than allowing that value to work it's way down and break w/in the connection object; when that happens, the actual error is opaque and requires pdb.set_trace() to run down.
2013-08-22 23:04:11 +00:00
DEFAULT_FORKS = get_config(p, DEFAULTS, 'forks', 'ANSIBLE_FORKS', 5, integer=True)
config file support
2012-08-13 23:17:14 +00:00
DEFAULT_MODULE_ARGS = get_config(p, DEFAULTS, 'module_args', 'ANSIBLE_MODULE_ARGS', '')
Make module_lang default to whatever LANG is set to on the control node
2015-12-02 16:55:10 +00:00
DEFAULT_MODULE_LANG = get_config(p, DEFAULTS, 'module_lang', 'ANSIBLE_MODULE_LANG', os.getenv('LANG', 'en_US.UTF-8'))
For defaults that are integers, enforce it for config supplied values. If a user supplies a string in the config (rather than an int), the code should fix that- or blow up immediately- rather than allowing that value to work it's way down and break w/in the connection object; when that happens, the actual error is opaque and requires pdb.set_trace() to run down.
2013-08-22 23:04:11 +00:00
DEFAULT_TIMEOUT = get_config(p, DEFAULTS, 'timeout', 'ANSIBLE_TIMEOUT', 10, integer=True)
DEFAULT_POLL_INTERVAL = get_config(p, DEFAULTS, 'poll_interval', 'ANSIBLE_POLL_INTERVAL', 15, integer=True)
don't set user to current user also remove condition to bypass setting user if user matches current user this enables forcing user when set to the same user as current user and ignoring .ssh/config while keeping .ssh/config with current user if nothing is specified.
2015-10-24 03:15:45 +00:00
DEFAULT_REMOTE_USER = get_config(p, DEFAULTS, 'remote_user', 'ANSIBLE_REMOTE_USER', None)
Makes host key checking the default behavior but can be disabled in ansible.cfg or by environment variable.
2013-07-03 20:47:20 +00:00
DEFAULT_ASK_PASS = get_config(p, DEFAULTS, 'ask_pass', 'ANSIBLE_ASK_PASS', False, boolean=True)
Add ispath type for constants and make sure all local paths are ispath=True Fixes #12180
2015-09-01 18:47:07 +00:00
DEFAULT_PRIVATE_KEY_FILE = get_config(p, DEFAULTS, 'private_key_file', 'ANSIBLE_PRIVATE_KEY_FILE', None, ispath=True)
Make default ANSIBLE_REMOTE_PORT None The ansible remote port should be None, not 22. Having a default value of 22 means that '-o Port 22' will be appended to the ssh connection all of the time. This is incorrect as when one would like to use something like an ssh configuration file (-F) that sets the port to something other than 22. Part of this change requires that we check that, in get_config, the value is not None before trying to cast it into an integer or float.
2014-01-23 17:49:07 +00:00
DEFAULT_REMOTE_PORT = get_config(p, DEFAULTS, 'remote_port', 'ANSIBLE_REMOTE_PORT', None, integer=True)
Ansible vault: a framework for encrypting any playbook or var file.
2014-02-11 17:03:11 +00:00
DEFAULT_ASK_VAULT_PASS = get_config(p, DEFAULTS, 'ask_vault_pass', 'ANSIBLE_ASK_VAULT_PASS', False, boolean=True)
Add ispath type for constants and make sure all local paths are ispath=True Fixes #12180
2015-09-01 18:47:07 +00:00
DEFAULT_VAULT_PASSWORD_FILE = get_config(p, DEFAULTS, 'vault_password_file', 'ANSIBLE_VAULT_PASSWORD_FILE', None, ispath=True)
Default to 'smart' transport, which will use OpenSSH if it can support ControlPersist.
2013-07-04 20:47:17 +00:00
DEFAULT_TRANSPORT = get_config(p, DEFAULTS, 'transport', 'ANSIBLE_TRANSPORT', 'smart')
Makes host key checking the default behavior but can be disabled in ansible.cfg or by environment variable.
2013-07-03 20:47:20 +00:00
DEFAULT_SCP_IF_SSH = get_config(p, 'ssh_connection', 'scp_if_ssh', 'ANSIBLE_SCP_IF_SSH', False, boolean=True)
Fixing up error handling for fetch_file ops in connection plugins * enable batch mode (configurable with a config option, on by default) for sftp transfers, so we can catch errors more easily * general cleanup in the local connection plugin and fetch action plugin Fixes #11612
2015-07-22 18:25:47 +00:00
DEFAULT_SFTP_BATCH_MODE = get_config(p, 'ssh_connection', 'sftp_batch_mode', 'ANSIBLE_SFTP_BATCH_MODE', True, boolean=True)
Allow user-specified $ansible_managed string with named parameters
2012-10-03 13:59:38 +00:00
DEFAULT_MANAGED_STR = get_config(p, DEFAULTS, 'ansible_managed', None, 'Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host}')
Add ability to specify syslog facility for modules Update constants.py so that one can specify environmental variable ANSIBLE_SYSLOG_FACILITY or syslog_facility in ansible.cfg to define the syslog facility to use. Alternatively, you can specify ansible_syslog_facility in inventory. Runner now replaces the syslog facility in the openlog() call with the default or the injected variables ansible_syslog_facility. This also updates hacking/test-module to behave similarly.
2012-11-10 06:13:00 +00:00
DEFAULT_SYSLOG_FACILITY = get_config(p, DEFAULTS, 'syslog_facility', 'ANSIBLE_SYSLOG_FACILITY', 'LOG_USER')
now ANSIBLE_KEEP_REMOTE_FILE acts as boolean Signed-off-by: Brian Coca <briancoca+dev@gmail.com>
2013-07-15 02:08:36 +00:00
DEFAULT_KEEP_REMOTE_FILES = get_config(p, DEFAULTS, 'keep_remote_files', 'ANSIBLE_KEEP_REMOTE_FILES', False, boolean=True)
Adds user-selectable hash merging support in vars Hash variables are currently overriden if they are redefined. This doesn't let the user refine hash entries or overriding selected keys, which can, for some, be a desirable feature. This patch let the user force hash merging by setting the hash_behaviour value to "merge" (without the quotes) in ansible.cfg However, by default, ansible behaves like it always did and if any value besides "merge" is used ("replace" is suggested in the example ansible.cfg file), it will also behave as always.
2013-01-23 20:39:34 +00:00
DEFAULT_HASH_BEHAVIOUR = get_config(p, DEFAULTS, 'hash_behaviour', 'ANSIBLE_HASH_BEHAVIOUR', 'replace')
Allow role variables to be optionally kept in a private scope
2015-07-01 15:32:44 +00:00
DEFAULT_PRIVATE_ROLE_VARS = get_config(p, DEFAULTS, 'private_role_vars', 'ANSIBLE_PRIVATE_ROLE_VARS', False, boolean=True)
Fixes jina typos Moved *jina* to *jinja2*
2013-02-13 16:33:43 +00:00
DEFAULT_JINJA2_EXTENSIONS = get_config(p, DEFAULTS, 'jinja2_extensions', 'ANSIBLE_JINJA2_EXTENSIONS', None)
Added DEFAULT_EXECUTABLE as a constant Use DEFAULT_EXECUTABLE when no executable is passed to _low_level_command_exec Works as a standard constant - can be overridden in all the normal ways and defaults to /bin/sh Motiviation is for a user that only has /bin/bash in /etc/sudoers
2013-04-04 03:10:30 +00:00
DEFAULT_EXECUTABLE = get_config(p, DEFAULTS, 'executable', 'ANSIBLE_EXECUTABLE', '/bin/sh')
Change safe_eval to a strict white list
2014-06-24 14:56:33 +00:00
DEFAULT_GATHERING = get_config(p, DEFAULTS, 'gathering', 'ANSIBLE_GATHERING', 'implicit').lower()
Add ispath type for constants and make sure all local paths are ispath=True Fixes #12180
2015-09-01 18:47:07 +00:00
DEFAULT_LOG_PATH = get_config(p, DEFAULTS, 'log_path', 'ANSIBLE_LOG_PATH', '', ispath=True)
Lots of fixes for integration test bugs
2015-07-10 05:53:59 +00:00
DEFAULT_FORCE_HANDLERS = get_config(p, DEFAULTS, 'force_handlers', 'ANSIBLE_FORCE_HANDLERS', False, boolean=True)
meta: refresh_inventory and several inventory fixes
2015-07-18 19:24:44 +00:00
DEFAULT_INVENTORY_IGNORE = get_config(p, DEFAULTS, 'inventory_ignore_extensions', 'ANSIBLE_INVENTORY_IGNORE', ["~", ".orig", ".bak", ".ini", ".cfg", ".retry", ".pyc", ".pyo"], islist=True)
Add variable compression option
2015-11-05 21:21:34 +00:00
DEFAULT_VAR_COMPRESSION_LEVEL = get_config(p, DEFAULTS, 'var_compression_level', 'ANSIBLE_VAR_COMPRESSION_LEVEL', 0, integer=True)
made special treatment of certain filesystem for selinux configurable
2015-05-14 14:50:22 +00:00
task logging revamp * allow global no_log setting, no need to set at play or task level, but can be overriden by them * allow turning off syslog only on task execution from target host (manage_syslog), overlaps with no_log functionality * created log function for task modules to use, now we can remove all syslog references, will use systemd journal if present * added debug flag to modules, so they can make it call new log function conditionally * added debug logging in module's run_command
2015-09-26 03:57:03 +00:00
# disclosure
DEFAULT_NO_LOG = get_config(p, DEFAULTS, 'no_log', 'ANSIBLE_NO_LOG', False, boolean=True)
renamed managed_syslog to no_target_syslog
2015-09-26 12:22:32 +00:00
DEFAULT_NO_TARGET_SYSLOG = get_config(p, DEFAULTS, 'no_target_syslog', 'ANSIBLE_NO_TARGET_SYSLOG', True, boolean=True)
task logging revamp * allow global no_log setting, no need to set at play or task level, but can be overriden by them * allow turning off syslog only on task execution from target host (manage_syslog), overlaps with no_log functionality * created log function for task modules to use, now we can remove all syslog references, will use systemd journal if present * added debug flag to modules, so they can make it call new log function conditionally * added debug logging in module's run_command
2015-09-26 03:57:03 +00:00
made special treatment of certain filesystem for selinux configurable
2015-05-14 14:50:22 +00:00
# selinux
added ramfs to selinux ignored filesystems as reported in #11442
2015-07-02 21:24:13 +00:00
DEFAULT_SELINUX_SPECIAL_FS = get_config(p, 'selinux', 'special_context_filesystems', None, 'fuse, nfs, vboxsf, ramfs', islist=True)
Adds a logfile for ansible playbooks that can be set by the environment or configuration file.
2013-04-27 14:24:26 +00:00
fixed new become settings, rearranged constants to find PE related vars easier
2015-06-15 00:50:38 +00:00
### PRIVILEGE ESCALATION ###
# Backwards Compat
DEFAULT_SU = get_config(p, DEFAULTS, 'su', 'ANSIBLE_SU', False, boolean=True)
DEFAULT_SU_USER = get_config(p, DEFAULTS, 'su_user', 'ANSIBLE_SU_USER', 'root')
fixed and generalized privilege escalation exe settings
2015-09-02 13:29:34 +00:00
DEFAULT_SU_EXE = get_config(p, DEFAULTS, 'su_exe', 'ANSIBLE_SU_EXE', None)
actually implemented flags correctly for all priv escalation methods
2015-09-02 15:31:39 +00:00
DEFAULT_SU_FLAGS = get_config(p, DEFAULTS, 'su_flags', 'ANSIBLE_SU_FLAGS', None)
fixed new become settings, rearranged constants to find PE related vars easier
2015-06-15 00:50:38 +00:00
DEFAULT_ASK_SU_PASS = get_config(p, DEFAULTS, 'ask_su_pass', 'ANSIBLE_ASK_SU_PASS', False, boolean=True)
DEFAULT_SUDO = get_config(p, DEFAULTS, 'sudo', 'ANSIBLE_SUDO', False, boolean=True)
DEFAULT_SUDO_USER = get_config(p, DEFAULTS, 'sudo_user', 'ANSIBLE_SUDO_USER', 'root')
fixed and generalized privilege escalation exe settings
2015-09-02 13:29:34 +00:00
DEFAULT_SUDO_EXE = get_config(p, DEFAULTS, 'sudo_exe', 'ANSIBLE_SUDO_EXE', None)
moved sudo -S and -n into configurable flags as they might be absent in much older systems if password is supplied exsiting -n would get remove from flags
2015-10-28 06:02:43 +00:00
DEFAULT_SUDO_FLAGS = get_config(p, DEFAULTS, 'sudo_flags', 'ANSIBLE_SUDO_FLAGS', '-H -S -n')
fixed new become settings, rearranged constants to find PE related vars easier
2015-06-15 00:50:38 +00:00
DEFAULT_ASK_SUDO_PASS = get_config(p, DEFAULTS, 'ask_sudo_pass', 'ANSIBLE_ASK_SUDO_PASS', False, boolean=True)
# Become
Add become support for OpenBSD doas
2015-08-18 01:31:18 +00:00
BECOME_ERROR_STRINGS = {'sudo': 'Sorry, try again.', 'su': 'Authentication failure', 'pbrun': '', 'pfexec': '', 'runas': '', 'doas': 'Permission denied'} #FIXME: deal with i18n
Implement ssh connection handling as a state machine The event loop (even after it was brought into one place in _run in the previous commit) was hard to follow. The states and transitions weren't clear or documented, and the privilege escalation code was non-blocking while the rest was blocking. Now we have a state machine with four states: awaiting_prompt, awaiting_escalation, ready_to_send (initial data), and awaiting_exit. The actions in each state and the transitions between then are clearly documented. The check_incorrect_password() method no longer checks for empty strings (since they will always match), and check_become_success() uses equality rather than a substring match to avoid thinking an echoed command is an indication of successful escalation. Also adds a check_missing_password connection method to detect the error from sudo -n/doas -n.
2015-09-06 13:00:39 +00:00
BECOME_MISSING_STRINGS = {'sudo': 'sorry, a password is required to run sudo', 'su': '', 'pbrun': '', 'pfexec': '', 'runas': '', 'doas': 'Authorization required'} #FIXME: deal with i18n
Add become support for OpenBSD doas
2015-08-18 01:31:18 +00:00
BECOME_METHODS = ['sudo','su','pbrun','pfexec','runas','doas']
Ported over #7158 to support SELinux context switches.
2015-09-17 12:59:22 +00:00
BECOME_ALLOW_SAME_USER = get_config(p, 'privilege_escalation', 'become_allow_same_user', 'ANSIBLE_BECOME_ALLOW_SAME_USER', False, boolean=True)
preliminary privlege escalation unification + pbrun - become constants inherit existing sudo/su ones - become command line options, marked sudo/su as deprecated and moved sudo/su passwords to runas group - changed method signatures as privlege escalation is collapsed to become - added tests for su and become, diabled su for lack of support in local.py - updated playbook,play and task objects to become - added become to runner - added whoami test for become/sudo/su - added home override dir for plugins - removed useless method from ask pass - forced become pass to always be string also uses to_bytes - fixed fakerunner for tests - corrected reference in synchronize action plugin - added pfexec (needs testing) - removed unused sudo/su in runner init - removed deprecated info - updated pe tests to allow to run under sudo and not need root - normalized become options into a funciton to avoid duplication and inconsistencies - pushed suppored list to connection classs property - updated all connection plugins to latest 'become' pe - includes fixes from feedback (including typos) - added draft docs - stub of become_exe, leaving for future v2 fixes
2014-11-24 21:36:31 +00:00
DEFAULT_BECOME_METHOD = get_config(p, 'privilege_escalation', 'become_method', 'ANSIBLE_BECOME_METHOD','sudo' if DEFAULT_SUDO else 'su' if DEFAULT_SU else 'sudo' ).lower()
fixed new become settings, rearranged constants to find PE related vars easier
2015-06-15 00:50:38 +00:00
DEFAULT_BECOME = get_config(p, 'privilege_escalation', 'become', 'ANSIBLE_BECOME',False, boolean=True)
Making the switch to v2
2015-05-04 02:47:26 +00:00
DEFAULT_BECOME_USER = get_config(p, 'privilege_escalation', 'become_user', 'ANSIBLE_BECOME_USER', 'root')
fixed new become settings, rearranged constants to find PE related vars easier
2015-06-15 00:50:38 +00:00
DEFAULT_BECOME_EXE = get_config(p, 'privilege_escalation', 'become_exe', 'ANSIBLE_BECOME_EXE', None)
DEFAULT_BECOME_FLAGS = get_config(p, 'privilege_escalation', 'become_flags', 'ANSIBLE_BECOME_FLAGS', None)
removed folding sudo/su to become logic from constants as it is already present downstream in playbook/play/tasks
2015-03-27 12:45:04 +00:00
DEFAULT_BECOME_ASK_PASS = get_config(p, 'privilege_escalation', 'become_ask_pass', 'ANSIBLE_BECOME_ASK_PASS', False, boolean=True)
preliminary privlege escalation unification + pbrun - become constants inherit existing sudo/su ones - become command line options, marked sudo/su as deprecated and moved sudo/su passwords to runas group - changed method signatures as privlege escalation is collapsed to become - added tests for su and become, diabled su for lack of support in local.py - updated playbook,play and task objects to become - added become to runner - added whoami test for become/sudo/su - added home override dir for plugins - removed useless method from ask pass - forced become pass to always be string also uses to_bytes - fixed fakerunner for tests - corrected reference in synchronize action plugin - added pfexec (needs testing) - removed unused sudo/su in runner init - removed deprecated info - updated pe tests to allow to run under sudo and not need root - normalized become options into a funciton to avoid duplication and inconsistencies - pushed suppored list to connection classs property - updated all connection plugins to latest 'become' pe - includes fixes from feedback (including typos) - added draft docs - stub of become_exe, leaving for future v2 fixes
2014-11-24 21:36:31 +00:00
made squashable with_ plugin list configurable partially deals with #11383
2015-07-07 15:59:20 +00:00
# PLUGINS
Do not optimize with_items loop if the items are not strings The code isn't sophisticated enough to understand lists and dicts yet. This mirrors how 1.9.x handled non-string items so its not a regression. One portion of a fix for #12976
2015-11-05 02:46:47 +00:00
# Modules that can optimize with_items loops into a single call. Currently
# these modules must (1) take a "name" or "pkg" parameter that is a list. If
# the module takes both, bad things could happen.
# In the future we should probably generalize this even further
# (mapping of param: squash field)
made squashable with_ plugin list configurable partially deals with #11383
2015-07-07 15:59:20 +00:00
DEFAULT_SQUASH_ACTIONS = get_config(p, DEFAULTS, 'squash_actions', 'ANSIBLE_SQUASH_ACTIONS', "apt, yum, pkgng, zypper, dnf", islist=True)
# paths
normalized plugin paths and names and configs
2015-09-15 15:38:42 +00:00
DEFAULT_ACTION_PLUGIN_PATH = get_config(p, DEFAULTS, 'action_plugins', 'ANSIBLE_ACTION_PLUGINS', '~/.ansible/plugins/action:/usr/share/ansible/plugins/action', ispath=True)
DEFAULT_CACHE_PLUGIN_PATH = get_config(p, DEFAULTS, 'cache_plugins', 'ANSIBLE_CACHE_PLUGINS', '~/.ansible/plugins/cache:/usr/share/ansible/plugins/cache', ispath=True)
DEFAULT_CALLBACK_PLUGIN_PATH = get_config(p, DEFAULTS, 'callback_plugins', 'ANSIBLE_CALLBACK_PLUGINS', '~/.ansible/plugins/callback:/usr/share/ansible/plugins/callback', ispath=True)
DEFAULT_CONNECTION_PLUGIN_PATH = get_config(p, DEFAULTS, 'connection_plugins', 'ANSIBLE_CONNECTION_PLUGINS', '~/.ansible/plugins/connection:/usr/share/ansible/plugins/connection', ispath=True)
DEFAULT_LOOKUP_PLUGIN_PATH = get_config(p, DEFAULTS, 'lookup_plugins', 'ANSIBLE_LOOKUP_PLUGINS', '~/.ansible/plugins/lookup:/usr/share/ansible/plugins/lookup', ispath=True)
fixed typo
2015-09-21 14:10:21 +00:00
DEFAULT_INVENTORY_PLUGIN_PATH = get_config(p, DEFAULTS, 'inventory_plugins', 'ANSIBLE_INVENTORY_PLUGINS', '~/.ansible/plugins/inventory:/usr/share/ansible/plugins/inventory', ispath=True)
normalized plugin paths and names and configs
2015-09-15 15:38:42 +00:00
DEFAULT_VARS_PLUGIN_PATH = get_config(p, DEFAULTS, 'vars_plugins', 'ANSIBLE_VARS_PLUGINS', '~/.ansible/plugins/vars:/usr/share/ansible/plugins/vars', ispath=True)
DEFAULT_FILTER_PLUGIN_PATH = get_config(p, DEFAULTS, 'filter_plugins', 'ANSIBLE_FILTER_PLUGINS', '~/.ansible/plugins/filter:/usr/share/ansible/plugins/filter', ispath=True)
DEFAULT_TEST_PLUGIN_PATH = get_config(p, DEFAULTS, 'test_plugins', 'ANSIBLE_TEST_PLUGINS', '~/.ansible/plugins/test:/usr/share/ansible/plugins/test', ispath=True)
Making the switch to v2
2015-05-04 02:47:26 +00:00
DEFAULT_STDOUT_CALLBACK = get_config(p, DEFAULTS, 'stdout_callback', 'ANSIBLE_STDOUT_CALLBACK', 'default')
made squashable with_ plugin list configurable partially deals with #11383
2015-07-07 15:59:20 +00:00
# cache
Fix some copyrights, fix a misc test.
2014-08-11 15:37:30 +00:00
CACHE_PLUGIN = get_config(p, DEFAULTS, 'fact_caching', 'ANSIBLE_CACHE_PLUGIN', 'memory')
Rename some INI keys for fact caching defaults
2014-08-11 19:16:51 +00:00
CACHE_PLUGIN_CONNECTION = get_config(p, DEFAULTS, 'fact_caching_connection', 'ANSIBLE_CACHE_PLUGIN_CONNECTION', None)
CACHE_PLUGIN_PREFIX = get_config(p, DEFAULTS, 'fact_caching_prefix', 'ANSIBLE_CACHE_PLUGIN_PREFIX', 'ansible_facts')
CACHE_PLUGIN_TIMEOUT = get_config(p, DEFAULTS, 'fact_caching_timeout', 'ANSIBLE_CACHE_PLUGIN_TIMEOUT', 24 * 60 * 60, integer=True)
WIP on the re-implementation of fact caching and various backends.
2014-07-03 01:02:28 +00:00
fixed new become settings, rearranged constants to find PE related vars easier
2015-06-15 00:50:38 +00:00
# Display
Merge commit.
2014-03-16 21:08:26 +00:00
ANSIBLE_FORCE_COLOR = get_config(p, DEFAULTS, 'force_color', 'ANSIBLE_FORCE_COLOR', None, boolean=True)
These fields are booleans.
2013-08-10 22:16:01 +00:00
ANSIBLE_NOCOLOR = get_config(p, DEFAULTS, 'nocolor', 'ANSIBLE_NOCOLOR', None, boolean=True)
ANSIBLE_NOCOWS = get_config(p, DEFAULTS, 'nocows', 'ANSIBLE_NOCOWS', None, boolean=True)
Make random cowsay truly random Also adds a cowsay whitelist config option, because there are some truly NSFW stencils that come with cowsay by default.
2015-10-15 14:32:55 +00:00
ANSIBLE_COW_SELECTION = get_config(p, DEFAULTS, 'cow_selection', 'ANSIBLE_COW_SELECTION', 'default')
ANSIBLE_COW_WHITELIST = get_config(p, DEFAULTS, 'cow_whitelist', 'ANSIBLE_COW_WHITELIST', DEFAULT_COW_WHITELIST, islist=True)
Optionally display Skipping [host] messages.
2013-09-26 14:03:23 +00:00
DISPLAY_SKIPPED_HOSTS = get_config(p, DEFAULTS, 'display_skipped_hosts', 'DISPLAY_SKIPPED_HOSTS', True, boolean=True)
Deprecation warnings of several flavors, nice and purple and can be disabled in ansible.cfg.
2013-10-11 22:37:39 +00:00
DEFAULT_UNDEFINED_VAR_BEHAVIOR = get_config(p, DEFAULTS, 'error_on_undefined_vars', 'ANSIBLE_ERROR_ON_UNDEFINED_VARS', True, boolean=True)
HOST_KEY_CHECKING = get_config(p, DEFAULTS, 'host_key_checking', 'ANSIBLE_HOST_KEY_CHECKING', True, boolean=True)
Adding a new system_warnings config option to supress warnings
2014-04-30 19:44:10 +00:00
SYSTEM_WARNINGS = get_config(p, DEFAULTS, 'system_warnings', 'ANSIBLE_SYSTEM_WARNINGS', True, boolean=True)
Deprecation warnings of several flavors, nice and purple and can be disabled in ansible.cfg.
2013-10-11 22:37:39 +00:00
DEPRECATION_WARNINGS = get_config(p, DEFAULTS, 'deprecation_warnings', 'ANSIBLE_DEPRECATION_WARNINGS', True, boolean=True)
Change safe_eval to a strict white list
2014-06-24 14:56:33 +00:00
DEFAULT_CALLABLE_WHITELIST = get_config(p, DEFAULTS, 'callable_whitelist', 'ANSIBLE_CALLABLE_WHITELIST', [], islist=True)
meta: refresh_inventory and several inventory fixes
2015-07-18 19:24:44 +00:00
COMMAND_WARNINGS = get_config(p, DEFAULTS, 'command_warnings', 'ANSIBLE_COMMAND_WARNINGS', True, boolean=True)
Add documentation about bin_ansible_callbacks setting. Standardization and cleanup.
2014-09-10 13:38:24 +00:00
DEFAULT_LOAD_CALLBACK_PLUGINS = get_config(p, DEFAULTS, 'bin_ansible_callbacks', 'ANSIBLE_LOAD_CALLBACK_PLUGINS', False, boolean=True)
minor fixes to constants
2015-07-08 20:33:00 +00:00
DEFAULT_CALLBACK_WHITELIST = get_config(p, DEFAULTS, 'callback_whitelist', 'ANSIBLE_CALLBACK_WHITELIST', [], islist=True)
Making the switch to v2
2015-05-04 02:47:26 +00:00
RETRY_FILES_ENABLED = get_config(p, DEFAULTS, 'retry_files_enabled', 'ANSIBLE_RETRY_FILES_ENABLED', True, boolean=True)
Add ispath type for constants and make sure all local paths are ispath=True Fixes #12180
2015-09-01 18:47:07 +00:00
RETRY_FILES_SAVE_PATH = get_config(p, DEFAULTS, 'retry_files_save_path', 'ANSIBLE_RETRY_FILES_SAVE_PATH', '~/', ispath=True)
Don't convert nulls to strings. This change is similar to https://github.com/ansible/ansible/pull/10465 It extends the logic there to also support none types. Right now if you have a '!!null' in yaml, and that var gets passed around, it will get converted to a string. eg. defaults/main.yml ``` ENABLE_AWESOME_FEATURE: !!null # Yaml Null OTHER_CONFIG: secret1: "so_secret" secret2: "even_more_secret" CONFIG: hostname: "some_hostname" features: awesame_feature: "{{ ENABLE_AWESOME_FEATURE}}" secrets: "{{ OTHER_CONFIG }}" ``` If you output `CONFIG` to json or yaml, the feature flag would get represented in the output as a string instead of as a null, but secrets would get represented as a dictionary. This is a mis-match in behaviour where some "types" are retained and others are not. This change should fix the issue. I also updated the template test to test for this and made the changes to v2. Added a changelog entry specifically for the change from empty string to null as the default. Made the null representation configurable. It still defaults to the python NoneType but can be overriden to be an emptystring by updating the DEFAULT_NULL_REPRESENTATION config.
2015-05-08 14:12:36 +00:00
DEFAULT_NULL_REPRESENTATION = get_config(p, DEFAULTS, 'null_representation', 'ANSIBLE_NULL_REPRESENTATION', None, isnone=True)
Deprecation warnings of several flavors, nice and purple and can be disabled in ansible.cfg.
2013-10-11 22:37:39 +00:00
# CONNECTION RELATED
Set explicit default for ANSIBLE_SSH_ARGS The earlier code behaved exactly as though this default had been set, but it was actually handled as a(n unnecessary) special case inside the connection plugin, rather than set as an explicit default. If the default is overriden either in ansible.cfg or the environment, the new code will continue to work (in fact, it won't know or care, since it just uses the value set in the PlayContext). This is submitted as a separate commit for easier review to address backwards-compatibility concerns.
2015-10-02 07:43:49 +00:00
ANSIBLE_SSH_ARGS = get_config(p, 'ssh_connection', 'ssh_args', 'ANSIBLE_SSH_ARGS', '-o ControlMaster=auto -o ControlPersist=60s')
Make ssh's ControlPath configurable via ansible.cfg This shouldn't generally be needed unless you're working in an environment that uses rediculously long FQDNs; if the name is too long, you wind up hitting unix domain socket filepath limits enforced by ssh.
2013-09-18 19:03:40 +00:00
ANSIBLE_SSH_CONTROL_PATH = get_config(p, 'ssh_connection', 'control_path', 'ANSIBLE_SSH_CONTROL_PATH', "%(directory)s/ansible-ssh-%%h-%%p-%%r")
Make sudo+requiretty and ANSIBLE_PIPELINING work together Pipelining is a *significant* performance benefit, because each task can be completed with a single SSH connection (vs. one ssh connection at the start to mkdir, plus one sftp and one ssh per task). Pipelining is disabled by default in Ansible because it conflicts with the use of sudo if 'Defaults requiretty' is set in /etc/sudoers (as it is on Red Hat) and su (which always requires a tty). We can (and already do) make sudo/su happy by using "ssh -t" to allocate a tty, but then the python interpreter goes into interactive mode and is unhappy with module source being written to its stdin, per the following comment from connections/ssh.py: # we can only use tty when we are not pipelining the modules. # piping data into /usr/bin/python inside a tty automatically # invokes the python interactive-mode but the modules are not # compatible with the interactive-mode ("unexpected indent" # mainly because of empty lines) Instead of the (current) drastic solution of turning off pipelining when we use a tty, we can instead use a tty but suppress the behaviour of the Python interpreter to switch to interactive mode. The easiest way to do this is to make its stdin *not* be a tty, e.g. with cat|python. This works, but there's a problem: ssh will ignore -t if its input isn't really a tty. So we could open a pseudo-tty and use that as ssh's stdin, but if we then write Python source into it, it's all echoed back to us (because we're a tty). So we have to use -tt to force tty allocation; in that case, however, ssh puts the tty into "raw" mode (~ICANON), so there is no good way for the process on the other end to detect EOF on stdin. So if we do: echo -e "print('hello world')\n"|ssh -tt someho.st "cat|python" …it hangs forever, because cat keeps on reading input even after we've closed our pipe into ssh's stdin. We can get around this by writing a special __EOF__ marker after writing in_data, and doing this: echo -e "print('hello world')\n__EOF__\n"|ssh -tt someho.st "sed -ne '/__EOF__/q' -e p|python" This works fine, but in fact I use a clever python one-liner by mgedmin to achieve the same effect without depending on sed (at the expense of a much longer command line, alas; Python really isn't one-liner-friendly). We also enable pipelining by default as a consequence.
2015-11-05 12:01:31 +00:00
ANSIBLE_SSH_PIPELINING = get_config(p, 'ssh_connection', 'pipelining', 'ANSIBLE_SSH_PIPELINING', True, boolean=True)
Retry exec command via ssh_retry This PR adds the option to retry failed ssh executions, if the failure is caused by ssh itself, not the remote command. This can be helpful if there are transient network issues. Retries are only implemented in the openssh connection plugin and are disabled by default. Retries are enabled by setting ssh_connection > retries to an integer greater than 0. Running a long series of playbooks, or a short playbook against a large cluster may result in transient ssh failures, some examples logged [here](https://trello.com/c/1yh6csEQ/13-ssh-errors). Ansible should be able to retry an ssh connection in order to survive transient failures. Ansible marks a host as failed the first time it fails to contact it.
2015-03-27 18:24:33 +00:00
ANSIBLE_SSH_RETRIES = get_config(p, 'ssh_connection', 'retries', 'ANSIBLE_SSH_RETRIES', 0, integer=True)
Make it possible to tell paramiko to not record new host keys, which can be slow with a large number of hosts. -c ssh is preferred in most cases if you have ControlPersist available, otherwise if you are comfortable you can turn off recording while leaving host key checking on, etc.
2013-07-06 01:42:41 +00:00
PARAMIKO_RECORD_HOST_KEYS = get_config(p, 'paramiko_connection', 'record_host_keys', 'ANSIBLE_PARAMIKO_RECORD_HOST_KEYS', True, boolean=True)
Retry exec command via ssh_retry This PR adds the option to retry failed ssh executions, if the failure is caused by ssh itself, not the remote command. This can be helpful if there are transient network issues. Retries are only implemented in the openssh connection plugin and are disabled by default. Retries are enabled by setting ssh_connection > retries to an integer greater than 0. Running a long series of playbooks, or a short playbook against a large cluster may result in transient ssh failures, some examples logged [here](https://trello.com/c/1yh6csEQ/13-ssh-errors). Ansible should be able to retry an ssh connection in order to survive transient failures. Ansible marks a host as failed the first time it fails to contact it.
2015-03-27 18:24:33 +00:00
made squashable with_ plugin list configurable partially deals with #11383
2015-07-07 15:59:20 +00:00
preliminary privlege escalation unification + pbrun - become constants inherit existing sudo/su ones - become command line options, marked sudo/su as deprecated and moved sudo/su passwords to runas group - changed method signatures as privlege escalation is collapsed to become - added tests for su and become, diabled su for lack of support in local.py - updated playbook,play and task objects to become - added become to runner - added whoami test for become/sudo/su - added home override dir for plugins - removed useless method from ask pass - forced become pass to always be string also uses to_bytes - fixed fakerunner for tests - corrected reference in synchronize action plugin - added pfexec (needs testing) - removed unused sudo/su in runner init - removed deprecated info - updated pe tests to allow to run under sudo and not need root - normalized become options into a funciton to avoid duplication and inconsistencies - pushed suppored list to connection classs property - updated all connection plugins to latest 'become' pe - includes fixes from feedback (including typos) - added draft docs - stub of become_exe, leaving for future v2 fixes
2014-11-24 21:36:31 +00:00
# obsolete -- will be formally removed
For defaults that are integers, enforce it for config supplied values. If a user supplies a string in the config (rather than an int), the code should fix that- or blow up immediately- rather than allowing that value to work it's way down and break w/in the connection object; when that happens, the actual error is opaque and requires pdb.set_trace() to run down.
2013-08-22 23:04:11 +00:00
ZEROMQ_PORT = get_config(p, 'fireball_connection', 'zeromq_port', 'ANSIBLE_ZEROMQ_PORT', 5099, integer=True)
ACCELERATE_PORT = get_config(p, 'accelerate', 'accelerate_port', 'ACCELERATE_PORT', 5099, integer=True)
Merge branch 'devel' of git://github.com/nextus/ansible into devel Conflicts: lib/ansible/constants.py
2013-10-07 12:39:23 +00:00
ACCELERATE_TIMEOUT = get_config(p, 'accelerate', 'accelerate_timeout', 'ACCELERATE_TIMEOUT', 30, integer=True)
ACCELERATE_CONNECT_TIMEOUT = get_config(p, 'accelerate', 'accelerate_connect_timeout', 'ACCELERATE_CONNECT_TIMEOUT', 1.0, floating=True)
Adding in a configurable option for the accelerate daemon timeout This was apparently an oversite, as it has never been configurable despite having a module parameter for the timeout.
2014-03-23 19:45:05 +00:00
ACCELERATE_DAEMON_TIMEOUT = get_config(p, 'accelerate', 'accelerate_daemon_timeout', 'ACCELERATE_DAEMON_TIMEOUT', 30, integer=True)
made accelerate keys directory configurable, and permissions for the file and dir configurable, and gave them a safe default
2014-02-06 08:53:43 +00:00
ACCELERATE_KEYS_DIR = get_config(p, 'accelerate', 'accelerate_keys_dir', 'ACCELERATE_KEYS_DIR', '~/.fireball.keys')
ACCELERATE_KEYS_DIR_PERMS = get_config(p, 'accelerate', 'accelerate_keys_dir_perms', 'ACCELERATE_KEYS_DIR_PERMS', '700')
ACCELERATE_KEYS_FILE_PERMS = get_config(p, 'accelerate', 'accelerate_keys_file_perms', 'ACCELERATE_KEYS_FILE_PERMS', '600')
Acclerate improvements * Added capability to support multiple keys, so clients from different machines can connect to a single daemon instance * Any activity on the daemon will cause the timeout to extend, so that the daemon must be idle for the full number of minutes before it will auto- shutdown * Various other small fixes to remove some redundancy Fixes #5171
2014-03-19 17:59:06 +00:00
ACCELERATE_MULTI_KEY = get_config(p, 'accelerate', 'accelerate_multi_key', 'ACCELERATE_MULTI_KEY', False, boolean=True)
#4227 in upstream repo
2013-09-25 12:15:49 +00:00
PARAMIKO_PTY = get_config(p, 'paramiko_connection', 'pty', 'ANSIBLE_PARAMIKO_PTY', True, boolean=True)
Load additional plugins from path specified in configuration
2012-09-18 12:41:27 +00:00
Making the switch to v2
2015-05-04 02:47:26 +00:00
# galaxy related
DEFAULT_GALAXY_URI = get_config(p, 'galaxy', 'server_uri', 'ANSIBLE_GALAXY_SERVER_URI', 'https://galaxy.ansible.com')
# this can be configured to blacklist SCMS but cannot add new ones unless the code is also updated
minor fixes to constants
2015-07-08 20:33:00 +00:00
GALAXY_SCMS = get_config(p, 'galaxy', 'scms', 'ANSIBLE_GALAXY_SCMS', 'git, hg', islist=True)
Making the switch to v2
2015-05-04 02:47:26 +00:00
Revised patch for more password entropy
2013-11-01 14:51:35 +00:00
# characters included in auto-generated passwords
DEFAULT_PASSWORD_CHARS = ascii_letters + digits + ".,:-_"
cleanup example config file + Squashed commit of the following: commit c36b66dc952dfff91043ecbca56cf3f1f8f00703 Merge: 240d7bf f4cf934 Author: Michael DeHaan <michael@ansibleworks.com> Date: Tue Jun 18 13:04:51 2013 -0400 Merge branch 'unevaluated-vars' of git://github.com/lorin/ansible into lorin_undefined Conflicts: lib/ansible/runner/__init__.py commit f4cf93436767f73b62a16067ab5e628830045896 Merge: 2531440 07a1365 Author: Lorin Hochstein <lorin@nimbisservices.com> Date: Thu Jun 6 11:07:41 2013 -0400 Merge branch 'devel' into unevaluated-vars commit 253144045cbafd7d72836f1017c62ac4ba623186 Author: Lorin Hochstein <lorin@nimbisservices.com> Date: Thu Jun 6 11:06:37 2013 -0400 Fail template from file on undefined vars If config option is set, raise an exception if templating from a file and a variable is undefined. commit aecb71d8b75257f0f3e11a9b176fc3737aecef8d Author: Lorin Hochstein <lorin@nimbisservices.com> Date: Wed Jun 5 17:12:12 2013 -0400 Add fail_on_undefined flag Add a fail_on_undefined flag to the template and template_from_string methods. If this flag is true, then re-raise the ninja2.excpetions.UndefinedError instead of swallowing it. commit cbb1808f0585f01536240aee05a1bfd06c4b4647 Merge: d4bbf49 41425fb Author: Lorin Hochstein <lorin@nimbisservices.com> Date: Wed Jun 5 16:14:12 2013 -0400 Merge branch 'devel' into unevaluated-vars commit d4bbf492b0b63c789d66ab60d0ec634d100fca82 Author: Lorin Hochstein <lorin@nimbisservices.com> Date: Mon Jun 3 19:46:13 2013 -0400 template: Raise UndefinedError exception In template_from_string, raise an undefined error if it occurs. Have the caller catch it and throw an AnsibleUndefinedVariable commit c94780280515f1f3756fdc429b2b1e87b365e9b7 Merge: 8d919d6 be33bcf Author: Lorin Hochstein <lorin@nimbisservices.com> Date: Mon Jun 3 10:09:43 2013 -0400 Merge branch 'devel' into unevaluated-vars commit 8d919d6c97b28a42f47ca7248c542695baf6175f Merge: 0f68ad8 b8630d2 Author: Lorin Hochstein <lorin@nimbisservices.com> Date: Thu May 30 16:27:48 2013 -0400 Merge branch 'devel' into unevaluated-vars commit 0f68ad8193ac17488e339a258f8c63fdae399c26 Author: Lorin Hochstein <lorin@nimbisservices.com> Date: Thu May 30 14:32:03 2013 -0400 Optionally fail task on undefined variables This patch introduces a new configuration option called error_on_undefined_vars, which defaults to false. If this option is set to true, then a task which has unevaluated variables in its arguments will fail instead of running. Output looks like this: TASK: [set rabbitmq password] ************************************************* fatal: [10.20.0.7] => Undefined variables: rabbitmq_user, rabbitmq_password
2013-06-18 17:24:30 +00:00
config file support
2012-08-13 23:17:14 +00:00
# non-configurable things
Making the switch to v2
2015-05-04 02:47:26 +00:00
MODULE_REQUIRE_ARGS = ['command', 'shell', 'raw', 'script']
implemented simplified output for adhoc adn command modules as in v1
2015-07-23 17:42:20 +00:00
MODULE_NO_JSON = ['command', 'shell', 'raw']
preliminary privlege escalation unification + pbrun - become constants inherit existing sudo/su ones - become command line options, marked sudo/su as deprecated and moved sudo/su passwords to runas group - changed method signatures as privlege escalation is collapsed to become - added tests for su and become, diabled su for lack of support in local.py - updated playbook,play and task objects to become - added become to runner - added whoami test for become/sudo/su - added home override dir for plugins - removed useless method from ask pass - forced become pass to always be string also uses to_bytes - fixed fakerunner for tests - corrected reference in synchronize action plugin - added pfexec (needs testing) - removed unused sudo/su in runner init - removed deprecated info - updated pe tests to allow to run under sudo and not need root - normalized become options into a funciton to avoid duplication and inconsistencies - pushed suppored list to connection classs property - updated all connection plugins to latest 'become' pe - includes fixes from feedback (including typos) - added draft docs - stub of become_exe, leaving for future v2 fixes
2014-11-24 21:36:31 +00:00
DEFAULT_BECOME_PASS = None
config file support
2012-08-13 23:17:14 +00:00
DEFAULT_SUDO_PASS = None
Added config option to control default of asking or not for sudo password Signed-off-by: Brian Coca <briancoca+ansible@gmail.com>
2012-10-26 18:49:56 +00:00
DEFAULT_REMOTE_PASS = None
config file support
2012-08-13 23:17:14 +00:00
DEFAULT_SUBSET = None
Revert "Revert "Merge pull request #5325 from angstwad/add-su-support"" This reverts commit c17d0e0357f1f3bdc7389eaa3171444fccda8b76. Conflicts: lib/ansible/runner/connection_plugins/paramiko_ssh.py
2014-01-21 01:19:03 +00:00
DEFAULT_SU_PASS = None
Ansible vault: a framework for encrypting any playbook or var file.
2014-02-11 17:03:11 +00:00
VAULT_VERSION_MIN = 1.0
VAULT_VERSION_MAX = 1.0
started implementing diff diff now works with template also fixed check mode for template and copy
2015-07-26 16:21:38 +00:00
MAX_FILE_SIZE_FOR_DIFF = 1*1024*1024
implemented for v2, missing --tree option for adhoc
2015-08-11 23:18:10 +00:00
TREE_DIR = None
centralized the definition of 'localhost'
2015-08-19 00:02:03 +00:00
LOCALHOST = frozenset(['127.0.0.1', 'localhost', '::1'])