* Tweaks for SmartOS:
- prevent attempting from changing timezone in the global zone (read-only)
- provide meaningful error message in the unlikely case smtools isn't present
* Add support for FreeBSD and NetBSD to timezone module
In our environment we have custom services that need to be stopped and
restarted very gracefully to not interrupt active sessions.
A stop job, depending on the state, can take up to 20 minutes until the
process exits. It simply reacts to SIGTERM with a graceful shutdown.
By default, systemctl blocks until the job has completed, which leads to
Ansible hanging on this task for up to 20 minutes.
Thankfully systemctl supports the `--no-block` flag which lets the job
continue in the background.
This PR adds support for that flag as the `no_block` boolean option.
From the man page:
--no-block
Do not synchronously wait for the requested operation to
finish. If this is not specified, the job will be
verified, enqueued and systemctl will wait until the
unit's start-up is completed. By passing this argument,
it is only verified and enqueued. This option may not be
combined with --wait.
Not all file-related modules consistently use "path" as the attribute to specify a single filename, some use "dest", others use "name". Most do have aliases for either "name" or "destfile".
This change makes "path" the default attribute for (single) file-related modules, but also adds "dest" and "name" as aliases, so that people can use a consistent way of attributing paths, but also to ensure backward compatibility with existing playbooks.
NOTE: The reason for changing this, is that it makes Ansible needlessly harder to use if you have to remember that e.g. the xattr module requires the name attribute, the lineinfile module requires a dest attribute, and the stat module requires a path attribute.
* Small tweaks for timezone module:
- small textual fixes
- ensure the generated docs list either hwclock or name as required
by using a non-generated value for required_one_of
* Update docs with the DOCUMENTATION block about either name/hwclock being required
* Add modules for gathering facts about ZFS datasets and pools
* Move zfs module to storage/zfs subcategory
* Replace dict.iteritems() with iteritems(dict)
* Add ANSIBLE_METADATA
Document return values
Make imports explicit
Use native YAML syntax in EXAMPLES
* Add zfs_facts and zpool_facts modules to CHANGELOG.md
* Add facts to return values
* Add module for managing boot environments on FreeBSD/Solaris/illumos systems
* Add ANSIBLE_METADATA
Document return values
Make imports explicit
Use native YAML syntax in EXAMPLES
* Add beadm module to CHANGELOG.md
* Update version to 2.3
In modern ansible, parameters default to string type. This causes
issues for polymorphic parameters like this module's value param. note
that this fix restores ansible-2.0 and previous behaviour but it is not
perfect. If a parameter is specified via key=value or given on the
commandline then it will be a string before it reaches the module code.
There's nothing we can do about that.
Fixes#19585
* Refactoring: split readkeys() into readfile() and parsekeys()
* Refactoring: split writekeys() into writefile() and serialize()
* authorized_key: support --diff
* Refactoring: remove no-longer used readkeys()/writekeys()
* Integration test for authorized_key in check mode
* Update system/user.py module.
Add ability to add real system users with next free system uid (< 500) on macOS.
* Improve syntax in system/user.py module.
Remove complex if else line and replace by simple comparison which yields the same boolean value.
* Remove "True" comparison of user.py.
Remove comparison to true, as it is not pep8 conform.
* Code smell test for iteritems and itervalues
* Change the keydict object in authorized_keys so it doesn't throw a false postive
keydict is a bad data structure anyway. We don't use the iteritems and
itervalues methods so just disable them so that the code-smell tests do
not trigger on it.
* Change release templates so they work with py3
* Do not use the fstab parameter on openbsd for mounting
OpenBSD's mount command doesn't allow selecting which fstab file to use.
So if we're operating on the live filesystem (mount or remount) return
an error if the user specified an fstab file.
Fixes#5591
* Fix the logic inversion (thanks to @landryb)
The `service` module starts services that are not running when
`action=restarted` or `action=reloaded`, which is especially convenient
for initial deployments because it eliminates an extraneous operation
for when the service starts for the first time. This commit adjusts the
behavior of the `systemd` module to match.
* allow mount to try remount
falls back to unmount/mount
* fixed fstab handling and switched to ismount
custom function deals with bind mounts unlike built in
* un ** args
* last ** args
Allow some operations on missing services
Better sysv handling
Rearranged error reporting
fixed load error catching and order logic
also minor doc/comment updates
added warnings
* Change example syntax on authorized_key module
* Change example syntax on cron module
* Change example syntax on group module
* Change example syntax on hostname module
* Change example syntax on seboolean module
* Change example syntax on selinux module
* Change example syntax on service module
* Change example syntax on sysctl module
* Change example syntax on systemd module
* Change example syntax on user module
* Change example syntax on debug module
* Change example syntax on fail module
* Change example syntax on include module
* Change example syntax on include_role module
* Change example syntax on include_vars module
* Change example syntax on pause module
* Change example syntax on wait_for module
* Change example syntax on apache2_module module
* > Change example syntax on django_manage module
* Change example syntax on htpasswd module
After installing a package from the ports collection on a
fresh FreeBSD 11.0, Ansible was unable to enable it, failing with
"unable to get current rcvar value". Debugging showed that sysrc
didn't see the variable from /usr/local/etc/rc.d/myservice, but
adding the value was working.
So we will just fallback to the default value if we can't find it.
* updated `find_job` method to find by exact match of job, when no matching header comment is found
* note this fallback injects a header comment for later calls to `update_job` or `remove_job`
* abstracted header comment building to `do_comment` method
Fixes#3256
Records whether existing cron file (or CRONCMD output) has a terminating newline, and ensures a trailing newline is written as necessary EVEN IF NO CHANGE WAS MADE to the target env/job
Fixes#2316
* Make authorized_key preserve key order
Track the ordering of keys in the original file (rank)
and try to preserve it when writing out updates.
Fixes#4780
The last fix allowing multiple definitions of the same option key (for
permitopen support) introduced a set() which removed the guaranteed
ordering of the options.
This change restores ordering. The change is larger than simply
removing the set because we do need to handle the non-dict semantics
around keys not being unique in the data structure. The new code make
use of __setitem__() and items() to do its work. Trying to use
getitem() or keys() should be looked upon with suspicion as neither of
those follow dictionary semantics and it is quite possible the coder
doesn't realize this. The next time we need to touch or enhance the
keydict code it should probably be rewritten to not pretend to extend
the dictionary interface.
Since dict.keys return a dictkeys under python 3, we hav to cast it
to a list to avoid traceback:
Traceback (most recent call last):
File "/tmp/ansible_sh16ejbd/ansible_module_authorized_key.py", line 496, in <module>
main()
File "/tmp/ansible_sh16ejbd/ansible_module_authorized_key.py", line 490, in main
results = enforce_state(module, module.params)
File "/tmp/ansible_sh16ejbd/ansible_module_authorized_key.py", line 410, in enforce_state
parsed_new_key = parsekey(module, new_key)
File "/tmp/ansible_sh16ejbd/ansible_module_authorized_key.py", line 308, in parsekey
options = parseoptions(module, options)
File "/tmp/ansible_sh16ejbd/ansible_module_authorized_key.py", line 259, in parseoptions
options_dict[key] = value
File "/tmp/ansible_sh16ejbd/ansible_module_authorized_key.py", line 164, in __setitem__
self.itemlist.append(key)
AttributeError: 'dict_keys' object has no attribute 'append'
Yet another fix for https://github.com/ansible/ansible/pull/18053
Test suite block on:
Traceback (most recent call last):
File "/tmp/ansible_fhootp1e/ansible_module_authorized_key.py", line 496, in <module>
main()
File "/tmp/ansible_fhootp1e/ansible_module_authorized_key.py", line 490, in main
results = enforce_state(module, module.params)
File "/tmp/ansible_fhootp1e/ansible_module_authorized_key.py", line 410, in enforce_state
parsed_new_key = parsekey(module, new_key)
File "/tmp/ansible_fhootp1e/ansible_module_authorized_key.py", line 308, in parsekey
options = parseoptions(module, options)
File "/tmp/ansible_fhootp1e/ansible_module_authorized_key.py", line 253, in parseoptions
if options_dict.has_key(key):
AttributeError: 'keydict' object has no attribute 'has_key'
With keydict being a subclass of dict.
On python 3, bools is a list of bytes:
>>> rc,bools = selinux.security_get_boolean_names()
>>> 'virt_use_nfs' in bools
False
>>> bools
[b'abrt_anon_write', b'abrt_handle_event', ...]
* Fixing bind mount on Linux
* The latest update from jtyr doesn't pass integration tests.
Manually select the changes that are necessary to fix the bug with
unmounting
* Add support for password aging on Solaris
* Fix shadow file editing when {MIN,MAX,WARN}WEEKS is not set in /etc/default/passwd
* Un-break with python3
* _Really_ un-break with python3
CERN maintains its own fork of "Scientific Linux",
which identifies as "Scientific Linux CERN SLC".
This commit lets Ansible know that this is again
another variant of RHEL.
* Added Solaris support to the mount module.
* Added checking so that if a non-standard fstab file is specified it will
still work in Solaris without breaking existing functionality.
* Added a check to avoid writing duplicate vfstab entries on Solaris
* Added "version_added" to new boot option
os.getlogin() returns the user logged in on the controlling terminal. However
'crontab' only looks for the login name of the process' real user id which
pwd.getpwuid(os.getuid())[0] does provide.
While in most cases there is no difference, the former might fail under certain
circumstances (e.g. a lxc container connected by attachment without login),
throwing the error 'OSError: [Errno 25] Inappropriate ioctl for device'.
SELinux since 2012 use a configuration file to
convert boolean names from a old name to a new name,
for preserving backward compatibility.
However, this has to be done explicitely when using the python
bindings, and the module was not doing it.
Openshift ansible script use this construct to detect if
a boolean exist or not:
- name: Check for existence of virt_sandbox_use_nfs seboolean
command: getsebool virt_sandbox_use_nfs
register: virt_sandbox_use_nfs_output
failed_when: false
changed_when: false
- name: Set seboolean to allow nfs storage plugin access from containers(sandbox)
seboolean:
name: virt_sandbox_use_nfs
state: yes
persistent: yes
when: virt_sandbox_use_nfs_output.rc == 0
On a system where virt_sandbox_use_nfs do not exist, this work. But
on a system where virt_sandbox_use_nfs is a alias to virt_use_nfs (like
Fedora 24), this fail because the seboolean is not aware of the alias.
Using something like:
- name: Create ssh keys
user:
name: root
generate_ssh_key: yes
register: key
result into this traceback on F24
Traceback (most recent call last):
File \"/tmp/ansible_jm5d4vlh/ansible_module_user.py\", line 2170, in <module>
main()
File \"/tmp/ansible_jm5d4vlh/ansible_module_user.py\", line 2108, in main
(rc, out, err) = user.modify_user()
File \"/tmp/ansible_jm5d4vlh/ansible_module_user.py\", line 660, in modify_user
return self.modify_user_usermod()
File \"/tmp/ansible_jm5d4vlh/ansible_module_user.py\", line 417, in modify_user_usermod
has_append = self._check_usermod_append()
File \"/tmp/ansible_jm5d4vlh/ansible_module_user.py\", line 405, in _check_usermod_append
lines = helpout.split('\\n')
TypeError: a bytes-like object is required, not 'str'
Traceback (most recent call last):
File "/tmp/ansible_csqv781s/ansible_module_systemd.py", line 374, in <module>
main()
File "/tmp/ansible_csqv781s/ansible_module_systemd.py", line 263, in main
for line in out.split('\\n'): # systemd can have multiline values delimited with {}
Now that there is general purpose `Fact` helper to detect if systemd
is active, we would be able to rely on that to apply SystemdStrategy.
Detecting presence of systemd at runtime would be more reliable than
distribution version based heuristics. (e.g., Debian, Ubuntu allows
user to change the default init system, Gentoo allows switching as
well, and so on).
By default, ssh-keygen will pick a suitable default for ssh keys
for all type of keys. By hardocing the number of bits to the
RSA default, we make life harder for people picking Elliptic
Curve keys, so this commit make ssh-keygen use its own default
unless specificed otherwise by the playbook
sysrc(8) does not exit with non-zero status when encountering a
permission error.
By using service(8) `service <name> enabled`, we now check the actual
semantics expressed through calling sysrc(8), i.e. we check if the
service enablement worked from the rc(8) system's perspective.
Note that in case service(8) detects the wrong value is still set,
we still output the sysrc(8) output in the fail_json() call:
the user can derive the exact reason of failure from sysrc(8) output.
* service module: use sysrc on FreeBSD
sysrc(8) is the designated userland program to edit rc files on FreeBSD.
It first appeared in FreeBSD 9.2, hence is available on all supported
versions of FreeBSD.
Side effect: fixes#2664
* Incorporate changes suggested by bcoca.
- Use `get_bin_path` to find sysrc binary.
- Only use sysrc when available (support for legacy versions of FreeBSD)
Currently, when writing user's crontab, ansible calls
crontab <file> -u <user>
This is incorrect according to crontab(1) on both FreeBSD and Linux,
which suggest that file argument should be the last.
At least on FreeBSD, this leads to incorrect cron module bahavior which
writes to root's crontab instead of users's
Jasper Lievisse Adriaanse
Brian Coca
Fabio Alessandro Locati
Toshio Kuratomi
Tobias Wolf
Dag Wieers
Michael Kwardakov
James Cooke
Evan Kaufman
Valentín Gutiérrez
Adam Števko
Ken Evensen
Fabrizio Colonna
Joseph Price
tmshn
Marius Gedminas
George Brighton
Adrian Likins
Rezart Qelibari
Artur Molchanov
Carlos E. Garcia
Michael Scherer
Andrea Tartaglia
Alexandre Garnier
Matt Clay
James Cammarata
Fabio Alessandro Locati
Evan Kaufman
Brian Coca
Dustin C. Hatch
ekultails
jctanner
Jiri Tyr
Sam Doran
Hiroaki Nakamura
Jonathan Mainguy
Steven de Vries
John R Barker
Laurent Godet
Jiri Tyr
Lars Engels
Riccardo Murri
Antonio Murdaca
glovenglaven
Gregor Giesen
Michael Scherer
Levi Morales
Ali Ok
Indrajit Raychaudhuri
BradLook
Christian Schwarz
Marcos Diez
Michael LoSapio
Allen Sanabria
Thomas Quinot
Robin Naundorf
Erik Nadel
Dmitry Marakasov
Brian Coca
Ken Mitchell