SELinux since 2012 use a configuration file to
convert boolean names from a old name to a new name,
for preserving backward compatibility.
However, this has to be done explicitely when using the python
bindings, and the module was not doing it.
Openshift ansible script use this construct to detect if
a boolean exist or not:
- name: Check for existence of virt_sandbox_use_nfs seboolean
command: getsebool virt_sandbox_use_nfs
register: virt_sandbox_use_nfs_output
failed_when: false
changed_when: false
- name: Set seboolean to allow nfs storage plugin access from containers(sandbox)
seboolean:
name: virt_sandbox_use_nfs
state: yes
persistent: yes
when: virt_sandbox_use_nfs_output.rc == 0
On a system where virt_sandbox_use_nfs do not exist, this work. But
on a system where virt_sandbox_use_nfs is a alias to virt_use_nfs (like
Fedora 24), this fail because the seboolean is not aware of the alias.
Using something like:
- name: Create ssh keys
user:
name: root
generate_ssh_key: yes
register: key
result into this traceback on F24
Traceback (most recent call last):
File \"/tmp/ansible_jm5d4vlh/ansible_module_user.py\", line 2170, in <module>
main()
File \"/tmp/ansible_jm5d4vlh/ansible_module_user.py\", line 2108, in main
(rc, out, err) = user.modify_user()
File \"/tmp/ansible_jm5d4vlh/ansible_module_user.py\", line 660, in modify_user
return self.modify_user_usermod()
File \"/tmp/ansible_jm5d4vlh/ansible_module_user.py\", line 417, in modify_user_usermod
has_append = self._check_usermod_append()
File \"/tmp/ansible_jm5d4vlh/ansible_module_user.py\", line 405, in _check_usermod_append
lines = helpout.split('\\n')
TypeError: a bytes-like object is required, not 'str'
Traceback (most recent call last):
File "/tmp/ansible_csqv781s/ansible_module_systemd.py", line 374, in <module>
main()
File "/tmp/ansible_csqv781s/ansible_module_systemd.py", line 263, in main
for line in out.split('\\n'): # systemd can have multiline values delimited with {}
Now that there is general purpose `Fact` helper to detect if systemd
is active, we would be able to rely on that to apply SystemdStrategy.
Detecting presence of systemd at runtime would be more reliable than
distribution version based heuristics. (e.g., Debian, Ubuntu allows
user to change the default init system, Gentoo allows switching as
well, and so on).
By default, ssh-keygen will pick a suitable default for ssh keys
for all type of keys. By hardocing the number of bits to the
RSA default, we make life harder for people picking Elliptic
Curve keys, so this commit make ssh-keygen use its own default
unless specificed otherwise by the playbook
sysrc(8) does not exit with non-zero status when encountering a
permission error.
By using service(8) `service <name> enabled`, we now check the actual
semantics expressed through calling sysrc(8), i.e. we check if the
service enablement worked from the rc(8) system's perspective.
Note that in case service(8) detects the wrong value is still set,
we still output the sysrc(8) output in the fail_json() call:
the user can derive the exact reason of failure from sysrc(8) output.
* service module: use sysrc on FreeBSD
sysrc(8) is the designated userland program to edit rc files on FreeBSD.
It first appeared in FreeBSD 9.2, hence is available on all supported
versions of FreeBSD.
Side effect: fixes#2664
* Incorporate changes suggested by bcoca.
- Use `get_bin_path` to find sysrc binary.
- Only use sysrc when available (support for legacy versions of FreeBSD)
Currently, when writing user's crontab, ansible calls
crontab <file> -u <user>
This is incorrect according to crontab(1) on both FreeBSD and Linux,
which suggest that file argument should be the last.
At least on FreeBSD, this leads to incorrect cron module bahavior which
writes to root's crontab instead of users's
Michael Scherer
Levi Morales
Ali Ok
jctanner
Brian Coca
Indrajit Raychaudhuri
Evan Kaufman
BradLook
Christian Schwarz
Marcos Diez
Michael LoSapio
Allen Sanabria
Thomas Quinot
Robin Naundorf
Erik Nadel
Dmitry Marakasov
Brian Coca
Ken Mitchell
Toshio Kuratomi
TheSameCH