The event loop (even after it was brought into one place in _run in the
previous commit) was hard to follow. The states and transitions weren't
clear or documented, and the privilege escalation code was non-blocking
while the rest was blocking.
Now we have a state machine with four states: awaiting_prompt,
awaiting_escalation, ready_to_send (initial data), and awaiting_exit.
The actions in each state and the transitions between then are clearly
documented.
The check_incorrect_password() method no longer checks for empty strings
(since they will always match), and check_become_success() uses equality
rather than a substring match to avoid thinking an echoed command is an
indication of successful escalation. Also adds a check_missing_password
connection method to detect the error from sudo -n/doas -n.
This change is similar to https://github.com/ansible/ansible/pull/10465
It extends the logic there to also support none types. Right now if you have
a '!!null' in yaml, and that var gets passed around, it will get converted to
a string.
eg. defaults/main.yml
```
ENABLE_AWESOME_FEATURE: !!null # Yaml Null
OTHER_CONFIG:
secret1: "so_secret"
secret2: "even_more_secret"
CONFIG:
hostname: "some_hostname"
features:
awesame_feature: "{{ ENABLE_AWESOME_FEATURE}}"
secrets: "{{ OTHER_CONFIG }}"
```
If you output `CONFIG` to json or yaml, the feature flag would get represented in the output
as a string instead of as a null, but secrets would get represented as a dictionary. This is
a mis-match in behaviour where some "types" are retained and others are not. This change
should fix the issue.
I also updated the template test to test for this and made the changes to v2.
Added a changelog entry specifically for the change from empty string to null as the default.
Made the null representation configurable.
It still defaults to the python NoneType but can be overriden to be an emptystring by updating
the DEFAULT_NULL_REPRESENTATION config.
* enable batch mode (configurable with a config option, on by default)
for sftp transfers, so we can catch errors more easily
* general cleanup in the local connection plugin and fetch action plugin
Fixes#11612
This PR adds the option to retry failed ssh executions, if the failure
is caused by ssh itself, not the remote command. This can be helpful if
there are transient network issues. Retries are only implemented in the
openssh connection plugin and are disabled by default. Retries are
enabled by setting ssh_connection > retries to an integer greater
than 0.
Running a long series of playbooks, or a short playbook against a large
cluster may result in transient ssh failures, some examples logged
[here](https://trello.com/c/1yh6csEQ/13-ssh-errors).
Ansible should be able to retry an ssh connection in order to survive
transient failures.
Ansible marks a host as failed the first time it fails to contact it.
The --force-handlers command line argument was not correctly running
handlers on hosts which had tasks that later failed. This corrects that,
and also allows you to specify force_handlers in ansible.cfg or in a
play.
- become constants inherit existing sudo/su ones
- become command line options, marked sudo/su as deprecated and moved sudo/su passwords to runas group
- changed method signatures as privlege escalation is collapsed to become
- added tests for su and become, diabled su for lack of support in local.py
- updated playbook,play and task objects to become
- added become to runner
- added whoami test for become/sudo/su
- added home override dir for plugins
- removed useless method from ask pass
- forced become pass to always be string also uses to_bytes
- fixed fakerunner for tests
- corrected reference in synchronize action plugin
- added pfexec (needs testing)
- removed unused sudo/su in runner init
- removed deprecated info
- updated pe tests to allow to run under sudo and not need root
- normalized become options into a funciton to avoid duplication and inconsistencies
- pushed suppored list to connection classs property
- updated all connection plugins to latest 'become' pe
- includes fixes from feedback (including typos)
- added draft docs
- stub of become_exe, leaving for future v2 fixes
Adds new settings for managing retry files:
* retry_files_enabled, defaults to True
* retry_files_save_path, defaults to ~/.ansible-retry
This change was adapted from PR #5515.
Generate warnings when users are shelling out to commands
rather than using modules
Can be turned off on a per-action line with the documented
warn=False flag. Can be turned off globally using
command_warnings = False in ansible config file.
Print out warnings using the standard playbook callbacks.
Created some additional tests in TestRunner.test_command
and also a demonstration playbook.
* Added capability to support multiple keys, so clients from different
machines can connect to a single daemon instance
* Any activity on the daemon will cause the timeout to extend, so that the
daemon must be idle for the full number of minutes before it will auto-
shutdown
* Various other small fixes to remove some redundancy
Fixes#5171
* Adds another module utility file which generalizes the
access of urls via the urllib* libraries.
* Adds a new spec generator for common arguments.
* Makes the user-agent string configurable.
Fixes#6211
The ansible remote port should be None, not 22. Having a default value
of 22 means that '-o Port 22' will be appended to the ssh connection
all of the time. This is incorrect as when one would like to use
something like an ssh configuration file (-F) that sets the port to
something other than 22.
Part of this change requires that we check that, in get_config, the
value is not None before trying to cast it into an integer or float.
- Move all the supported YAML file extensions into a constant
- Use helper functions to avoid duplicate code for group/host vars
- Catch and disallow some confusing situations, such as the presence of
multiple group/host vars files for the same group/host, but with
different extensions. For example having both group_vars/all.yml and
group_vars/all.yaml.
- Catch and report file system permission issues, symlink errors,
unexpected file system objects
- Trivial performance improvement from making fewer stat system calls
- Restructuring that makes it easy for a following patch to support
directory recursion
Using ANSIBLE_ROLE_PATH environment variable or role_path in ansible.cfg
can configure paths where roles will be searched for
extra paths will only be used as a backup once regular locations are exhausted
If a user supplies a string in the config (rather than an int), the code
should fix that- or blow up immediately- rather than allowing that value to
work it's way down and break w/in the connection object; when that happens,
the actual error is opaque and requires pdb.set_trace() to run down.
This shouldn't generally be needed unless you're working in an environment
that uses rediculously long FQDNs; if the name is too long, you wind up
hitting unix domain socket filepath limits enforced by ssh.
Still needs:
* chunked file transfer/receive
* should probably move all send/recv operations to separate
functions to reduce code duplication
* initial connection setup over ssh? or do we handle that in runner?
-c ssh is preferred in most cases if you have ControlPersist available, otherwise if you are comfortable you
can turn off recording while leaving host key checking on, etc.
ansible.constants was calling expanduser (by way of shell_expand_path)
on the entire configured value for the library and *_plugins
configuration values, but these values have always been interpreted as
multiple directories separated by os.pathsep. Thus, if you supplied
multiple directories for one of these values, typically only the first
(at least on *nix) would have e.g. "~" expanded to HOME.
Now PluginLoader does expansion on each individual path in each of
these variables.
commit c36b66dc952dfff91043ecbca56cf3f1f8f00703
Merge: 240d7bf f4cf934
Author: Michael DeHaan <michael@ansibleworks.com>
Date: Tue Jun 18 13:04:51 2013 -0400
Merge branch 'unevaluated-vars' of git://github.com/lorin/ansible into lorin_undefined
Conflicts:
lib/ansible/runner/__init__.py
commit f4cf93436767f73b62a16067ab5e628830045896
Merge: 2531440 07a1365
Author: Lorin Hochstein <lorin@nimbisservices.com>
Date: Thu Jun 6 11:07:41 2013 -0400
Merge branch 'devel' into unevaluated-vars
commit 253144045cbafd7d72836f1017c62ac4ba623186
Author: Lorin Hochstein <lorin@nimbisservices.com>
Date: Thu Jun 6 11:06:37 2013 -0400
Fail template from file on undefined vars
If config option is set, raise an exception if templating from a
file and a variable is undefined.
commit aecb71d8b75257f0f3e11a9b176fc3737aecef8d
Author: Lorin Hochstein <lorin@nimbisservices.com>
Date: Wed Jun 5 17:12:12 2013 -0400
Add fail_on_undefined flag
Add a fail_on_undefined flag to the template and template_from_string methods.
If this flag is true, then re-raise the ninja2.excpetions.UndefinedError instead of
swallowing it.
commit cbb1808f0585f01536240aee05a1bfd06c4b4647
Merge: d4bbf49 41425fb
Author: Lorin Hochstein <lorin@nimbisservices.com>
Date: Wed Jun 5 16:14:12 2013 -0400
Merge branch 'devel' into unevaluated-vars
commit d4bbf492b0b63c789d66ab60d0ec634d100fca82
Author: Lorin Hochstein <lorin@nimbisservices.com>
Date: Mon Jun 3 19:46:13 2013 -0400
template: Raise UndefinedError exception
In template_from_string, raise an undefined error if it occurs.
Have the caller catch it and throw an AnsibleUndefinedVariable
commit c94780280515f1f3756fdc429b2b1e87b365e9b7
Merge: 8d919d6 be33bcf
Author: Lorin Hochstein <lorin@nimbisservices.com>
Date: Mon Jun 3 10:09:43 2013 -0400
Merge branch 'devel' into unevaluated-vars
commit 8d919d6c97b28a42f47ca7248c542695baf6175f
Merge: 0f68ad8 b8630d2
Author: Lorin Hochstein <lorin@nimbisservices.com>
Date: Thu May 30 16:27:48 2013 -0400
Merge branch 'devel' into unevaluated-vars
commit 0f68ad8193ac17488e339a258f8c63fdae399c26
Author: Lorin Hochstein <lorin@nimbisservices.com>
Date: Thu May 30 14:32:03 2013 -0400
Optionally fail task on undefined variables
This patch introduces a new configuration option called
error_on_undefined_vars, which defaults to false.
If this option is set to true, then a task which has unevaluated
variables in its arguments will fail instead of running. Output looks
like this:
TASK: [set rabbitmq password] *************************************************
fatal: [10.20.0.7] => Undefined variables: rabbitmq_user, rabbitmq_password
Use DEFAULT_EXECUTABLE when no executable is passed to
_low_level_command_exec
Works as a standard constant - can be overridden in all the normal ways
and defaults to /bin/sh
Motiviation is for a user that only has /bin/bash in /etc/sudoers
Jinja extensions adds features to the jinja2 templating engine. This
patch allows module loading for the templating engine vian an
ansible.cfg configuration key (jinja_extensions).
The default behaviour doesn't change (no module loading).
Requested modules can be added coma separated in ansible.cfg
Adds whitespace handling in jinja_extension config
Added whitespace handling in jinja_extension configuration directive, so
things stay safe if user adds spaces around comas in the directives
list.
Adds config example for jinja_extensions
Added config example with multiple extentions for jinja_extensions
Hash variables are currently overriden if they are redefined. This
doesn't let the user refine hash entries or overriding selected keys,
which can, for some, be a desirable feature.
This patch let the user force hash merging by setting the
hash_behaviour value to "merge" (without the quotes) in ansible.cfg
However, by default, ansible behaves like it always did and if any value
besides "merge" is used ("replace" is suggested in the example ansible.cfg
file), it will also behave as always.
Add constant DEFAULT_MODULE_LANG that defaults to C. Can be set via
environment variable ANSIBLE_MODULE_LANG or configuration variable
module_lang. Updated test-module to have same behavior.
Update constants.py so that one can specify environmental variable
ANSIBLE_SYSLOG_FACILITY or syslog_facility in ansible.cfg to define
the syslog facility to use. Alternatively, you can specify
ansible_syslog_facility in inventory. Runner now replaces
the syslog facility in the openlog() call with the default or
the injected variables ansible_syslog_facility.
This also updates hacking/test-module to behave similarly.
Test for when environment variable and configuration file
variable both set now tests that the environment variable takes
precedence
Removed logic that would never be triggered from
lib/ansible/constants.py
Ansible support configuration in:
```
~/.ansible.cfg
/etc/ansible/ansible.cfg
```
this patch add current user (usefull where user have some different projects) with the oreder:
```
./ansible.cfg
~/.ansible.cfg
/etc/ansible/ansible.cfg
```
Added an ANSIBLE_CONFIG variable to poteentially override
~/.ansible.cfg
Used os.path.expanduser against all paths that might be read in to allow
~ to be used in config files. I'd have preferred it if os.path.expanduser
took None as an argument but it doesn't.
If remote_port *is* set in the ansible config file, then it will be
interpreted as a string (at which point ssh.connect fails with an
obscure message). Most other numeric variables are handled by
the OptionsParser which takes a type variable when setting up the option -
but remote_port is not an option, so never cast to int.
It might be worth adding a type field to get_config that defaults to a string.
That could be e.g. file or int, which then casts it correctly.
to an additional pattern (a subset) specified on the command line. For instance, a playbook could be reusable
and target "webservers" and "dbservers", but you want to test only in the stage environment, or a few boxes at a time.
commit e00368e7c65c65bed11fcaaf83fe8b093dbf492e
Merge: 2ea7110 c039aa0
Author: Michael DeHaan <michael.dehaan@gmail.com>
Date: Thu May 10 01:43:10 2012 -0400
Merge branch 'devel' of https://github.com/weaselkeeper/ansible into weaselkeeper-devel
commit c039aa091582cd31e206692df6f4f148394b41d6
Author: Jim Richardson <weaselkeeper@gmail.com>
Date: Fri May 11 17:55:13 2012 -0700
cleanup and simplification of ANSIBLE_REMOTE_TMP feature
commit d87f15b796b799c375808edc7cc0932d7809d325
Merge: 5917aba 4c2fd25
Author: Jim Richardson <weaselkeeper@gmail.com>
Date: Fri May 11 17:30:16 2012 -0700
Merge branch 'devel' of github.com:weaselkeeper/ansible into devel
commit 5917aba761af2e4163772d2d74e7efc0d169273a
Author: Jim Richardson <jrichardson@classmates.com>
Date: Wed May 9 11:25:45 2012 -0700
ANSIBLE_REMOTE_TMP environment variable sets where ansible will stuf tmp files on remote host. Default is /var/tmp for root, and $HOME/.ansible/tmp for non-root
commit 4c2fd2577769a6392187585828168bcb4a1476da
Author: Jim Richardson <jrichardson@classmates.com>
Date: Wed May 9 11:25:45 2012 -0700
ANSIBLE_REMOTE_TMP environment variable sets where ansible will stuf tmp files on remote host. Default is /var/tmp for root, and $HOME/.ansible/tmp for non-root
* Pattern in API now has a default
* Fixed bug in template module operation detected from running playbook (tests for that pending)
* Workaround for multiprocessing lib being harmlessly squeaky (feeder thread got sentinel)
Abhijit Menon-Sen
Brian Coca
Florian Apolloner
James Cammarata
Brian Coca
Feanil Patel
Damian Gerow
Carlos E. Garcia
Toshio Kuratomi
Hugh Saunders
Chen Zhidong
Devin Christensen
Jesse Rusak
Jason Holland
Michael Scherer
Maykel Moya
Michael DeHaan
Bruno BAILLUET
Dionysis Grigoropoulos
Michael DeHaan
Will Thames
Josh Drake
Marc Abramowitz
Veeti Paananen
Matt Martz
Chris Hoffman
Michael DeHaan
James Tanner
James Cammarata
Richard C Isaacson
xyrix
Craig Tracey
jeromew
Paul Durivage
Ferenc Grecu
Marcus Cobden
Alan Fairless
Jan-Piet Mens
Thomas Omans
Philip Schwartz
Brian Harring
James Martin
nextus
Skylar Saveland
Abhijit Menon-Sen
Brian Coca
Andreas Piesk
Ton Kersten
Dale Sedivec
Matt Coddington
Michel Blanc
Daniel Hokka Zakrisson
fdavis
ron1
Stephen Fromm
Jeroen Hoekx
Chandler Latour
Stavros Korokithakis
Brian Coca
willthames
Tim Bielawa
Lorin Hochstein
Marco Vito Moscaritolo
willthames
Timothy Appnel
Dave Hatton
Seth Vidal
Jim Richardson
Stephen Fromm
Christopher Johnston