From d2782f0d84c4e344c18f647b1ac3bfd903d75366 Mon Sep 17 00:00:00 2001 From: Monty Taylor Date: Mon, 11 May 2015 08:06:21 -0400 Subject: [PATCH 01/21] Remove unneeded required_one_of for openstack We're being too strict - there is a third possibility, which is that a user will have defined the OS_* environment variables and expect them to pass through. --- lib/ansible/module_utils/openstack.py | 6 +----- lib/ansible/utils/module_docs_fragments/openstack.py | 7 +++++-- v2/ansible/module_utils/openstack.py | 6 +----- 3 files changed, 7 insertions(+), 12 deletions(-) diff --git a/lib/ansible/module_utils/openstack.py b/lib/ansible/module_utils/openstack.py index b58cc53428..4069449144 100644 --- a/lib/ansible/module_utils/openstack.py +++ b/lib/ansible/module_utils/openstack.py @@ -93,11 +93,7 @@ def openstack_full_argument_spec(**kwargs): def openstack_module_kwargs(**kwargs): - ret = dict( - required_one_of=[ - ['cloud', 'auth'], - ], - ) + ret = {} for key in ('mutually_exclusive', 'required_together', 'required_one_of'): if key in kwargs: if key in ret: diff --git a/lib/ansible/utils/module_docs_fragments/openstack.py b/lib/ansible/utils/module_docs_fragments/openstack.py index 7e42841d6d..3dff423772 100644 --- a/lib/ansible/utils/module_docs_fragments/openstack.py +++ b/lib/ansible/utils/module_docs_fragments/openstack.py @@ -23,7 +23,9 @@ class ModuleDocFragment(object): options: cloud: description: - - Named cloud to operate against. Provides default values for I(auth) and I(auth_plugin) + - Named cloud to operate against. Provides default values for I(auth) and + I(auth_type). This parameter is not needed if I(auth) is provided or if + OpenStack OS_* environment variables are present. required: false auth: description: @@ -32,7 +34,8 @@ options: I(auth_url), I(username), I(password), I(project_name) and any information about domains if the cloud supports them. For other plugins, this param will need to contain whatever parameters that auth plugin - requires. This parameter is not needed if a named cloud is provided. + requires. This parameter is not needed if a named cloud is provided or + OpenStack OS_* environment variables are present. required: false auth_type: description: diff --git a/v2/ansible/module_utils/openstack.py b/v2/ansible/module_utils/openstack.py index b58cc53428..4069449144 100644 --- a/v2/ansible/module_utils/openstack.py +++ b/v2/ansible/module_utils/openstack.py @@ -93,11 +93,7 @@ def openstack_full_argument_spec(**kwargs): def openstack_module_kwargs(**kwargs): - ret = dict( - required_one_of=[ - ['cloud', 'auth'], - ], - ) + ret = {} for key in ('mutually_exclusive', 'required_together', 'required_one_of'): if key in kwargs: if key in ret: From cd14d73be8ae29ade22a9e7bad9bef1fccd1c67b Mon Sep 17 00:00:00 2001 From: Monty Taylor Date: Mon, 11 May 2015 08:10:37 -0400 Subject: [PATCH 02/21] Add defaults and a link to os-client-config docs --- lib/ansible/utils/module_docs_fragments/openstack.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/ansible/utils/module_docs_fragments/openstack.py b/lib/ansible/utils/module_docs_fragments/openstack.py index 3dff423772..99897eee6d 100644 --- a/lib/ansible/utils/module_docs_fragments/openstack.py +++ b/lib/ansible/utils/module_docs_fragments/openstack.py @@ -80,14 +80,17 @@ options: - A path to a CA Cert bundle that can be used as part of verifying SSL API requests. required: false + default: None cert: description: - A path to a client certificate to use as part of the SSL transaction required: false + default: None key: description: - A path to a client key to use as part of the SSL transaction required: false + default: None endpoint_type: description: - Endpoint URL type to fetch from the service catalog. @@ -103,5 +106,6 @@ notes: can come from a yaml config file in /etc/ansible/openstack.yaml, /etc/openstack/clouds.yaml or ~/.config/openstack/clouds.yaml, then from standard environment variables, then finally by explicit parameters in - plays. + plays. More information can be found at + U(http://docs.openstack.org/developer/os-client-config) ''' From 3775dd5ec82265fe5aec909accffe950d08a38d2 Mon Sep 17 00:00:00 2001 From: Etienne CARRIERE Date: Mon, 25 May 2015 09:53:23 +0200 Subject: [PATCH 03/21] Factor F5 primitives --- lib/ansible/module_utils/f5.py | 64 ++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 lib/ansible/module_utils/f5.py diff --git a/lib/ansible/module_utils/f5.py b/lib/ansible/module_utils/f5.py new file mode 100644 index 0000000000..2d97662a0b --- /dev/null +++ b/lib/ansible/module_utils/f5.py @@ -0,0 +1,64 @@ +# This code is part of Ansible, but is an independent component. +# This particular file snippet, and this file snippet only, is BSD licensed. +# Modules you write using this snippet, which is embedded dynamically by Ansible +# still belong to the author of the module, and may assign their own license +# to the complete work. +# +# Copyright (c), Etienne Carrière ,2015 +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without modification, +# are permitted provided that the following conditions are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright notice, +# this list of conditions and the following disclaimer in the documentation +# and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE +# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +try: + import bigsuds +except ImportError: + bigsuds_found = False +else: + bigsuds_found = True + + +def f5_argument_spec(): + return dict( + server=dict(type='str', required=True), + user=dict(type='str', required=True), + password=dict(type='str', aliases=['pass', 'pwd'], required=True, no_log=True), + validate_certs = dict(default='yes', type='bool'), + state = dict(type='str', default='present', choices=['present', 'absent']), + partition = dict(type='str', default='Common') + ) + + +def f5_parse_arguments(module): + if not bigsuds_found: + module.fail_json(msg="the python bigsuds module is required") + if not module.params['validate_certs']: + disable_ssl_cert_validation() + return (module.params['server'],module.params['user'],module.params['password'],module.params['state'],module.params['partition']) + +def bigip_api(bigip, user, password): + api = bigsuds.BIGIP(hostname=bigip, username=user, password=password) + return api + +def disable_ssl_cert_validation(): + # You probably only want to do this for testing and never in production. + # From https://www.python.org/dev/peps/pep-0476/#id29 + import ssl + ssl._create_default_https_context = ssl._create_unverified_context + From 1ccf2a4685d136a81d266ed5728c7f2c9b7351e4 Mon Sep 17 00:00:00 2001 From: Toshio Kuratomi Date: Thu, 28 May 2015 12:35:37 -0700 Subject: [PATCH 04/21] Make fetch_url check the server's certificate on https connections --- lib/ansible/module_utils/urls.py | 49 ++++++++++++------- .../roles/test_get_url/tasks/main.yml | 20 ++++++++ 2 files changed, 52 insertions(+), 17 deletions(-) diff --git a/lib/ansible/module_utils/urls.py b/lib/ansible/module_utils/urls.py index d56cc89395..18317e86ae 100644 --- a/lib/ansible/module_utils/urls.py +++ b/lib/ansible/module_utils/urls.py @@ -50,6 +50,15 @@ try: except: HAS_SSL=False +HAS_MATCH_HOSTNAME = True +try: + from ssl import match_hostname, CertificateError +except ImportError: + try: + from backports.ssl_match_hostname import match_hostname, CertificateError + except ImportError: + HAS_MATCH_HOSTNAME = False + import httplib import os import re @@ -293,11 +302,13 @@ class SSLValidationHandler(urllib2.BaseHandler): connect_result = s.recv(4096) self.validate_proxy_response(connect_result) ssl_s = ssl.wrap_socket(s, ca_certs=tmp_ca_cert_path, cert_reqs=ssl.CERT_REQUIRED) + match_hostname(ssl_s.getpeercert(), self.hostname) else: self.module.fail_json(msg='Unsupported proxy scheme: %s. Currently ansible only supports HTTP proxies.' % proxy_parts.get('scheme')) else: s.connect((self.hostname, self.port)) ssl_s = ssl.wrap_socket(s, ca_certs=tmp_ca_cert_path, cert_reqs=ssl.CERT_REQUIRED) + match_hostname(ssl_s.getpeercert(), self.hostname) # close the ssl connection #ssl_s.unwrap() s.close() @@ -311,6 +322,9 @@ class SSLValidationHandler(urllib2.BaseHandler): 'Use validate_certs=no or make sure your managed systems have a valid CA certificate installed. ' + \ 'Paths checked for this platform: %s' % ", ".join(paths_checked) ) + except CertificateError: + self.module.fail_json(msg="SSL Certificate does not belong to %s. Make sure the url has a certificate that belongs to it or use validate_certs=no (insecure)" % self.hostname) + try: # cleanup the temp file created, don't worry # if it fails for some reason @@ -363,28 +377,29 @@ def fetch_url(module, url, data=None, headers=None, method=None, # FIXME: change the following to use the generic_urlparse function # to remove the indexed references for 'parsed' parsed = urlparse.urlparse(url) - if parsed[0] == 'https': - if not HAS_SSL and validate_certs: + if parsed[0] == 'https' and validate_certs: + if not HAS_SSL: if distribution == 'Redhat': module.fail_json(msg='SSL validation is not available in your version of python. You can use validate_certs=no, however this is unsafe and not recommended. You can also install python-ssl from EPEL') else: module.fail_json(msg='SSL validation is not available in your version of python. You can use validate_certs=no, however this is unsafe and not recommended') + if not HAS_MATCH_HOSTNAME: + module.fail_json(msg='Available SSL validation does not check that the certificate matches the hostname. You can install backports.ssl_match_hostname or update your managed machine to python-2.7.9 or newer. You could also use validate_certs=no, however this is unsafe and not recommended') - elif validate_certs: - # do the cert validation - netloc = parsed[1] - if '@' in netloc: - netloc = netloc.split('@', 1)[1] - if ':' in netloc: - hostname, port = netloc.split(':', 1) - port = int(port) - else: - hostname = netloc - port = 443 - # create the SSL validation handler and - # add it to the list of handlers - ssl_handler = SSLValidationHandler(module, hostname, port) - handlers.append(ssl_handler) + # do the cert validation + netloc = parsed[1] + if '@' in netloc: + netloc = netloc.split('@', 1)[1] + if ':' in netloc: + hostname, port = netloc.split(':', 1) + port = int(port) + else: + hostname = netloc + port = 443 + # create the SSL validation handler and + # add it to the list of handlers + ssl_handler = SSLValidationHandler(module, hostname, port) + handlers.append(ssl_handler) if parsed[0] != 'ftp': username = module.params.get('url_username', '') diff --git a/test/integration/roles/test_get_url/tasks/main.yml b/test/integration/roles/test_get_url/tasks/main.yml index 1aa4b287ea..6d016fe6be 100644 --- a/test/integration/roles/test_get_url/tasks/main.yml +++ b/test/integration/roles/test_get_url/tasks/main.yml @@ -25,3 +25,23 @@ that: - result.changed - '"OK" in result.msg' + +- name: test https fetch to a site with invalid domain + get_url: + url: "https://kennethreitz.org/" + dest: "{{ output_dir }}/shouldnotexist.html" + ignore_errors: True + register: result + +- stat: + path: "{{ output_dir }}/shouldnotexist.html" + register: stat_result + +- debug: var=result + +- name: Assert that the file was not downloaded + assert: + that: + - "result.failed == true" + - "'Certificate does not belong to ' in result.msg" + - "stat_result.stat.exists == false" From 4d8427538dbf3b15e65622b56ff20a6fc67429fd Mon Sep 17 00:00:00 2001 From: Toshio Kuratomi Date: Thu, 28 May 2015 15:10:06 -0700 Subject: [PATCH 05/21] Update submodule refs --- lib/ansible/modules/core | 2 +- lib/ansible/modules/extras | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/ansible/modules/core b/lib/ansible/modules/core index 2b5e932cfb..7fea93835c 160000 --- a/lib/ansible/modules/core +++ b/lib/ansible/modules/core @@ -1 +1 @@ -Subproject commit 2b5e932cfb4df42f46812aee2476fdf5aabab172 +Subproject commit 7fea93835c172d23638959cbe2d00a3be8d14557 diff --git a/lib/ansible/modules/extras b/lib/ansible/modules/extras index b2e4f31beb..c223716bc7 160000 --- a/lib/ansible/modules/extras +++ b/lib/ansible/modules/extras @@ -1 +1 @@ -Subproject commit b2e4f31bebfec49380659b9d65b5828f1c1ed8d9 +Subproject commit c223716bc7ccf2d0ac7995b36f76cca8ccd5bfda From 0f4a3409d851c658a765c95442d985ea7b9a13ec Mon Sep 17 00:00:00 2001 From: Toshio Kuratomi Date: Thu, 28 May 2015 15:35:25 -0700 Subject: [PATCH 06/21] Add test that validate_certs=no works --- .../roles/test_get_url/tasks/main.yml | 21 ++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/test/integration/roles/test_get_url/tasks/main.yml b/test/integration/roles/test_get_url/tasks/main.yml index 6d016fe6be..3a6bc509c0 100644 --- a/test/integration/roles/test_get_url/tasks/main.yml +++ b/test/integration/roles/test_get_url/tasks/main.yml @@ -26,7 +26,7 @@ - result.changed - '"OK" in result.msg' -- name: test https fetch to a site with invalid domain +- name: test https fetch to a site with mismatched hostname and certificate get_url: url: "https://kennethreitz.org/" dest: "{{ output_dir }}/shouldnotexist.html" @@ -37,11 +37,26 @@ path: "{{ output_dir }}/shouldnotexist.html" register: stat_result -- debug: var=result - - name: Assert that the file was not downloaded assert: that: - "result.failed == true" - "'Certificate does not belong to ' in result.msg" - "stat_result.stat.exists == false" + +- name: test https fetch to a site with mismatched hostname and certificate and validate_certs=no + get_url: + url: "https://kennethreitz.org/" + dest: "{{ output_dir }}/kreitz.html" + validate_certs: no + register: result + +- stat: + path: "{{ output_dir }}/kreitz.html" + register: stat_result + +- name: Assert that the file was not downloaded + assert: + that: + - "result.failed == false" + - "stat_result.stat.exists == true" From 1bda7cc200d5bd1054d1bcb3b1986afe80b30dbd Mon Sep 17 00:00:00 2001 From: Toshio Kuratomi Date: Thu, 28 May 2015 15:35:45 -0700 Subject: [PATCH 07/21] Test that uri module validates certs --- .../integration/roles/test_uri/tasks/main.yml | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/test/integration/roles/test_uri/tasks/main.yml b/test/integration/roles/test_uri/tasks/main.yml index 66e01ae8e5..da4bf65574 100644 --- a/test/integration/roles/test_uri/tasks/main.yml +++ b/test/integration/roles/test_uri/tasks/main.yml @@ -91,3 +91,38 @@ with_together: - fail_checksum.results - fail.results + +- name: test https fetch to a site with mismatched hostname and certificate + uri: + url: "https://kennethreitz.org/" + dest: "{{ output_dir }}/shouldnotexist.html" + ignore_errors: True + register: result + +- stat: + path: "{{ output_dir }}/shouldnotexist.html" + register: stat_result + +- name: Assert that the file was not downloaded + assert: + that: + - "result.failed == true" + - "'certificate does not match ' in result.msg" + - "stat_result.stat.exists == false" + +- name: test https fetch to a site with mismatched hostname and certificate and validate_certs=no + get_url: + url: "https://kennethreitz.org/" + dest: "{{ output_dir }}/kreitz.html" + validate_certs: no + register: result + +- stat: + path: "{{ output_dir }}/kreitz.html" + register: stat_result + +- name: Assert that the file was not downloaded + assert: + that: + - "result.failed == false" + - "stat_result.stat.exists == true" From 2f4ad2714f773b0a34dfc5ba4be4e3e62719df53 Mon Sep 17 00:00:00 2001 From: Toshio Kuratomi Date: Thu, 28 May 2015 15:36:35 -0700 Subject: [PATCH 08/21] Update core module ref --- lib/ansible/modules/core | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/ansible/modules/core b/lib/ansible/modules/core index 7fea93835c..a7a3ef54d7 160000 --- a/lib/ansible/modules/core +++ b/lib/ansible/modules/core @@ -1 +1 @@ -Subproject commit 7fea93835c172d23638959cbe2d00a3be8d14557 +Subproject commit a7a3ef54d7e917fb81d44cda4266ff2b4e8870c9 From 5ffc1183dd18397048d9a82d720cb79882c88bfd Mon Sep 17 00:00:00 2001 From: Toshio Kuratomi Date: Thu, 28 May 2015 15:37:12 -0700 Subject: [PATCH 09/21] WHoops, that was the core module stable branch --- lib/ansible/modules/core | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/ansible/modules/core b/lib/ansible/modules/core index a7a3ef54d7..5983d64d77 160000 --- a/lib/ansible/modules/core +++ b/lib/ansible/modules/core @@ -1 +1 @@ -Subproject commit a7a3ef54d7e917fb81d44cda4266ff2b4e8870c9 +Subproject commit 5983d64d7728ea88ef27606e95e4aa34cde5ff46 From 5d213cab23ced2664fdd0d77a9c1e1b11a3d489b Mon Sep 17 00:00:00 2001 From: Toshio Kuratomi Date: Thu, 28 May 2015 16:00:58 -0700 Subject: [PATCH 10/21] Update extras submodule ref for doc fix --- lib/ansible/modules/extras | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/ansible/modules/extras b/lib/ansible/modules/extras index c223716bc7..1276420a3a 160000 --- a/lib/ansible/modules/extras +++ b/lib/ansible/modules/extras @@ -1 +1 @@ -Subproject commit c223716bc7ccf2d0ac7995b36f76cca8ccd5bfda +Subproject commit 1276420a3a39340fcd9e053a1e621cdd89f480fa From 73b7d96501420fcce7bc002bd839ec9cafde6a0a Mon Sep 17 00:00:00 2001 From: Toshio Kuratomi Date: Thu, 28 May 2015 17:01:18 -0700 Subject: [PATCH 11/21] Test on fields that exist --- test/integration/roles/test_get_url/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/integration/roles/test_get_url/tasks/main.yml b/test/integration/roles/test_get_url/tasks/main.yml index 3a6bc509c0..88ff3b2e21 100644 --- a/test/integration/roles/test_get_url/tasks/main.yml +++ b/test/integration/roles/test_get_url/tasks/main.yml @@ -55,8 +55,8 @@ path: "{{ output_dir }}/kreitz.html" register: stat_result -- name: Assert that the file was not downloaded +- name: Assert that the file was downloaded assert: that: - - "result.failed == false" + - "result.changed == true" - "stat_result.stat.exists == true" From ac14ad1419aff12aa9b7186dae129fe9aa770106 Mon Sep 17 00:00:00 2001 From: Toshio Kuratomi Date: Thu, 28 May 2015 17:02:48 -0700 Subject: [PATCH 12/21] Test on fields that are actually set --- test/integration/roles/test_uri/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/integration/roles/test_uri/tasks/main.yml b/test/integration/roles/test_uri/tasks/main.yml index da4bf65574..99c6048a59 100644 --- a/test/integration/roles/test_uri/tasks/main.yml +++ b/test/integration/roles/test_uri/tasks/main.yml @@ -121,8 +121,8 @@ path: "{{ output_dir }}/kreitz.html" register: stat_result -- name: Assert that the file was not downloaded +- name: Assert that the file was downloaded assert: that: - - "result.failed == false" + - "result.changed == true" - "stat_result.stat.exists == true" From 9371c38af928f750114525e5f447ebad73446caa Mon Sep 17 00:00:00 2001 From: Jon Hawkesworth Date: Fri, 29 May 2015 14:50:08 +0100 Subject: [PATCH 13/21] Add -Compress to ConvertTo-Json calls in common powershell code --- lib/ansible/module_utils/powershell.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/ansible/module_utils/powershell.ps1 b/lib/ansible/module_utils/powershell.ps1 index ee7d3ddeca..9606f47783 100644 --- a/lib/ansible/module_utils/powershell.ps1 +++ b/lib/ansible/module_utils/powershell.ps1 @@ -65,7 +65,7 @@ Function Exit-Json($obj) $obj = New-Object psobject } - echo $obj | ConvertTo-Json -Depth 99 + echo $obj | ConvertTo-Json -Compress -Depth 99 Exit } @@ -89,7 +89,7 @@ Function Fail-Json($obj, $message = $null) Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true - echo $obj | ConvertTo-Json -Depth 99 + echo $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } From a8c290cc3bb4b2549a0e5b64beb985ff78bf8d23 Mon Sep 17 00:00:00 2001 From: Brian Coca Date: Fri, 29 May 2015 16:13:30 -0400 Subject: [PATCH 14/21] fixed ubuntu facts for all versions made sure NA is option of last resort --- lib/ansible/module_utils/facts.py | 9 ++++++--- lib/ansible/modules/core | 2 +- lib/ansible/modules/extras | 2 +- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/lib/ansible/module_utils/facts.py b/lib/ansible/module_utils/facts.py index 3485690b83..6f5f35f831 100644 --- a/lib/ansible/module_utils/facts.py +++ b/lib/ansible/module_utils/facts.py @@ -99,8 +99,9 @@ class Facts(object): ('/etc/os-release', 'SuSE'), ('/etc/gentoo-release', 'Gentoo'), ('/etc/os-release', 'Debian'), + ('/etc/lsb-release', 'Mandriva'), ('/etc/os-release', 'NA'), - ('/etc/lsb-release', 'Mandriva')) + ) SELINUX_MODE_DICT = { 1: 'enforcing', 0: 'permissive', -1: 'disabled' } # A list of dicts. If there is a platform with more than one @@ -416,11 +417,13 @@ class Facts(object): self.facts['distribution_version'] = self.facts['distribution_version'] + '.' + release.group(1) elif name == 'Debian': data = get_file_content(path) - if 'Debian' in data or 'Raspbian' in data: + if 'Ubuntu' in data: + break # Ubuntu gets correct info from python functions + elif 'Debian' in data or 'Raspbian' in data: release = re.search("PRETTY_NAME=[^(]+ \(?([^)]+?)\)", data) if release: self.facts['distribution_release'] = release.groups()[0] - break + break elif name == 'Mandriva': data = get_file_content(path) if 'Mandriva' in data: diff --git a/lib/ansible/modules/core b/lib/ansible/modules/core index 5983d64d77..9cc23c749a 160000 --- a/lib/ansible/modules/core +++ b/lib/ansible/modules/core @@ -1 +1 @@ -Subproject commit 5983d64d7728ea88ef27606e95e4aa34cde5ff46 +Subproject commit 9cc23c749a8cd5039db7aa1998d310bbb04d1e13 diff --git a/lib/ansible/modules/extras b/lib/ansible/modules/extras index 1276420a3a..a07fc88ba0 160000 --- a/lib/ansible/modules/extras +++ b/lib/ansible/modules/extras @@ -1 +1 @@ -Subproject commit 1276420a3a39340fcd9e053a1e621cdd89f480fa +Subproject commit a07fc88ba0d2546b92fbe93b2bede699fdf2bc48 From 529726d0baa5a34cff8dcd5ffaf81b904f842b4f Mon Sep 17 00:00:00 2001 From: Brian Coca Date: Fri, 29 May 2015 16:22:55 -0400 Subject: [PATCH 15/21] fixed mistaken module update in prev commit --- lib/ansible/modules/core | 2 +- lib/ansible/modules/extras | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/ansible/modules/core b/lib/ansible/modules/core index 9cc23c749a..5983d64d77 160000 --- a/lib/ansible/modules/core +++ b/lib/ansible/modules/core @@ -1 +1 @@ -Subproject commit 9cc23c749a8cd5039db7aa1998d310bbb04d1e13 +Subproject commit 5983d64d7728ea88ef27606e95e4aa34cde5ff46 diff --git a/lib/ansible/modules/extras b/lib/ansible/modules/extras index a07fc88ba0..1276420a3a 160000 --- a/lib/ansible/modules/extras +++ b/lib/ansible/modules/extras @@ -1 +1 @@ -Subproject commit a07fc88ba0d2546b92fbe93b2bede699fdf2bc48 +Subproject commit 1276420a3a39340fcd9e053a1e621cdd89f480fa From d8bfb4c6290e1da3f281c728c5ad8a77598830f1 Mon Sep 17 00:00:00 2001 From: Rob Szarka Date: Fri, 29 May 2015 21:49:52 -0400 Subject: [PATCH 16/21] Update guide_aws.rst Fixed typos. --- docsite/rst/guide_aws.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docsite/rst/guide_aws.rst b/docsite/rst/guide_aws.rst index c4e12eab49..e0d0c12630 100644 --- a/docsite/rst/guide_aws.rst +++ b/docsite/rst/guide_aws.rst @@ -13,7 +13,7 @@ Requirements for the AWS modules are minimal. All of the modules require and are tested against recent versions of boto. You'll need this Python module installed on your control machine. Boto can be installed from your OS distribution or python's "pip install boto". -Whereas classically ansible will execute tasks in it's host loop against multiple remote machines, most cloud-control steps occur on your local machine with reference to the regions to control. +Whereas classically ansible will execute tasks in its host loop against multiple remote machines, most cloud-control steps occur on your local machine with reference to the regions to control. In your playbook steps we'll typically be using the following pattern for provisioning steps:: @@ -214,7 +214,7 @@ AWS Image Building With Ansible ``````````````````````````````` Many users may want to have images boot to a more complete configuration rather than configuring them entirely after instantiation. To do this, -one of many programs can be used with Ansible playbooks to define and upload a base image, which will then get it's own AMI ID for usage with +one of many programs can be used with Ansible playbooks to define and upload a base image, which will then get its own AMI ID for usage with the ec2 module or other Ansible AWS modules such as ec2_asg or the cloudformation module. Possible tools include Packer, aminator, and Ansible's ec2_ami module. From 5954892457a89cbd61133cc2e95377c04c83bca1 Mon Sep 17 00:00:00 2001 From: Toshio Kuratomi Date: Fri, 29 May 2015 19:00:16 -0700 Subject: [PATCH 17/21] Update submodule refs --- lib/ansible/modules/core | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/ansible/modules/core b/lib/ansible/modules/core index 5983d64d77..f8d8af17cd 160000 --- a/lib/ansible/modules/core +++ b/lib/ansible/modules/core @@ -1 +1 @@ -Subproject commit 5983d64d7728ea88ef27606e95e4aa34cde5ff46 +Subproject commit f8d8af17cdc72500af8319c96004b86ac702a0a4 From 908d6c0ef25384d126a488d3be4196803eb5f06e Mon Sep 17 00:00:00 2001 From: sysadmin75 Date: Sun, 31 May 2015 20:05:02 -0400 Subject: [PATCH 18/21] Fixes #11046 --- lib/ansible/module_utils/facts.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/ansible/module_utils/facts.py b/lib/ansible/module_utils/facts.py index 6f5f35f831..1162e05b9c 100644 --- a/lib/ansible/module_utils/facts.py +++ b/lib/ansible/module_utils/facts.py @@ -2163,7 +2163,7 @@ class DarwinNetwork(GenericBsdIfconfigNetwork, Network): current_if['media'] = 'Unknown' # Mac does not give us this current_if['media_select'] = words[1] if len(words) > 2: - current_if['media_type'] = words[2][1:] + current_if['media_type'] = words[2][1:-1] if len(words) > 3: current_if['media_options'] = self.get_options(words[3]) From 8d742df1deba75d0e7ebfbb73db3f030827b0283 Mon Sep 17 00:00:00 2001 From: Chris Church Date: Sun, 31 May 2015 23:15:28 -0400 Subject: [PATCH 19/21] Allow prepare_win_tests role to run multiple times, before each role that depends on it. --- test/integration/roles/prepare_win_tests/meta/main.yml | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 test/integration/roles/prepare_win_tests/meta/main.yml diff --git a/test/integration/roles/prepare_win_tests/meta/main.yml b/test/integration/roles/prepare_win_tests/meta/main.yml new file mode 100644 index 0000000000..cf5427b608 --- /dev/null +++ b/test/integration/roles/prepare_win_tests/meta/main.yml @@ -0,0 +1,3 @@ +--- + +allow_duplicates: yes From d2ba0de6aab12a136d71959d45b4158bfbf45ce9 Mon Sep 17 00:00:00 2001 From: Chris Church Date: Sun, 31 May 2015 23:16:45 -0400 Subject: [PATCH 20/21] When running winrm tests against multiple hosts, fail the play when any host has a failure. --- test/integration/test_winrm.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/test/integration/test_winrm.yml b/test/integration/test_winrm.yml index 69d3b652a6..b249224cb8 100644 --- a/test/integration/test_winrm.yml +++ b/test/integration/test_winrm.yml @@ -18,6 +18,7 @@ - hosts: windows gather_facts: false + max_fail_percentage: 1 roles: - { role: test_win_raw, tags: test_win_raw } - { role: test_win_script, tags: test_win_script } From 46a72d108acbe6e194aa44592203dd7206fdfdbb Mon Sep 17 00:00:00 2001 From: Brian Coca Date: Mon, 1 Jun 2015 10:17:18 -0400 Subject: [PATCH 21/21] added cs_project new module --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9800650369..f806cbfb1f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -30,6 +30,7 @@ New Modules: * cloudstack: cs_instance * cloudstack: cs_instancegroup * cloudstack: cs_portforward + * cloudstack: cs_project * cloudstack: cs_sshkeypair * cloudstack: cs_securitygroup * cloudstack: cs_securitygroup_rule