* Check if service is already masked
Newer versions of Systemd now report a 'LoadError' when the unit file
is masked. This causes the play to fail with an error stating that the
service is already masked.
Now the systemd module checks if the service is masked and doesn't
fail if it's masked and LoadError is reported.
Fixes issue #42384.
* Remove useless parens
This PR includes:
- Removal of maintainers that are listed as author in the module
- Removal of entries that do not extend the original author list
- Move ignored-statement to namespace/directory (where useful)
- In some cases, fix the authors-list or add missing github id
We end up with a list of exceptions/additions and a large set of
namespace/directory maintainers or team of maintainers.
Some entries could be further improved by discussing with some
maintainers.
* Update docs
* Add reboot action plugin
Refactor win_reboot so it is subclassed from reboot
* Use new connection methods
* Test fixes
* Use better uptime command for Linux
Use who -b to get the last time the system was booted rather than uptime, which changes every second.
* Use distribution specefic commands and flags
Query the managed node to determien its distribution, then set the appropriate command and flags.
* Tune debug messages a bit
* Update module docs with details about pre_reboot_delay
s docs
* Ensure that post_reboot_delay is a positive number
* Remove the stringification
* Add integration tests
* Make sure aliases are honored
* Handle systems that have an incorrect last boot time
SystemD and fakehw-clock do not properly set the
last boot time and instead always set it to epoch.
Use a different command if that is the case.
* Copyright and encoding fixes
* Minor fixes based on feedback
* Add exponential backoff to sucess check method
* Update integration test
Skip the integration test if it would try to reboot the control node. We need a new mechanism to account for this scenario in ansible-test, so tests must currently be run manually for this plugin.
* Update integration test
Skip the integration test if it would try to reboot the control node. We need a new mechanism to account for this scenario in ansible-test, so tests must currently be run manually for this plugin.
* Fail early with running with local connection
* Update docs based on feedback
* minor refactoring, state mgmt changes
When creating a new account, check to see if the expiration parameter is negative and pass in the appropriate parameter. Since the negative integer passed into expires is converted to time.struct_time which in turn gets converted to a formatted time string when passed to the underlying command, a -1 or large negative number would result in passing a date before 1970-01-01 to the underlying command.
This had the opposite effect of creating an account with no expiration account resulting in a newly created account that was already expired, or just throwing an error on certain systems.
Wow, this does not seem to be an uncommon misspelling. Might be there
are some left that span over two lines. I noticed the one in the git
module and then used `grep -rw 'the the'` to find some more.
This allows to parse the output when the user's locale changes the
commands' output. For example chkconfig uses 'Ein' and 'Aus' instead of
'on' and 'off' when using LANG=de_DE.UTF-8 breaking the service
detection on RHEL 6.
* New boto3_facts module
boto3_facts aims to help users see whether their python and module
versions are as expected.
* Rename to `assert_python_requirements`
* Update integration tests
* Document options
* fix imports
* boilerplate
* fix docs
* reorder import
* Make distutils optional and fail gracefully when it is not available
* fix example doc
* fix docs on requirements_facts
* Add backup option
* Only backup shadow file when the OS has one
* Only backup shadow file for SunOS
* Update docs on backup feature
* Add changelog fragment
* Add tests for shadow backup
* Remove backup option, make it automatic
Remove the option to enable/disable backups and make it automatic. Add note to docs describing this behavior.
Change tests to account for new module behavior.
Change section name in changelog fragment since minor_features is not a valid section.
* strip additional comments from /etc/default/passwd
Strip trailling comments from /etc/default/passwd like
MINWEEKS=1 #MINWEEKS=2
MAXWEEKS=12 # MAXWEEKS=8
Which otherwise cause failures with "failed to read /etc/default/passwd: too many values to unpack"
* fix carriage return typo in commit
* yet another typo in commit
* Fix indent problem
* add changelog fragment for PR 43931
* 29891 use os.path.realpath to follow keyfile symlinks
* 29891 add parameter follow
* updated changelog fragment
* add documentation and set default to false
* Check the password format
Check the password format and notify user if they
input unencrypted password.
* Fix sanity error
* Add integration test
* Missed a task name
* Hard code the testing password
Since some testing platfrom has no passlib installed
* Add changelog fragment
* Rework some English sentences
* Fix a grammar mistake
Fixes#42310
Previously, the firewalld module was making a call to
FirewallClientConfig.getZoneNames() which doesn't exist in versions
of firwalld older than 0.4.2, this patch implements the same logic
with older API calls to not require a newer version of firewalld.
Signed-off-by: Adam Miller <admiller@redhat.com>
* Remove use of simplejson throughout code base. Fixes#42761
* Address failing tests
* Remove simplejson from contrib and other outlying files
* Add changelog fragment for simplejson removal
* Added changes for Issue #38828, adds scope paramater to systemd module
* Removed description for old paramater
* Added version_added field for new option
* Readded the user paramater as a deprecated paramater
* Changed version for the scope paramater since I missed the release window
* Documentation change for resizefs
Changed documentation to match the default value of resizefs set in the code.
Added a note on the resizefs use on the example utilizing it.
* Remove test now it validates fine
* Detect failed sysvinit module
- This checks the stderr instead of the rc to detect whether the
sysvinit module was successful or not, as even when failing, the
rc would be 0.
- It immediatly became obvious that the debug info when failing
was far too little to properly debug the role. To improve this,
I also added the rc, stderr and stdout to the debug output.
* Revert stderr check to rc check, rename out->stdout, err->stderr
* Only report change when home directory is different
Add tests with home: parameter
Have to skip macOS for now since there is a bug when specifying the home directory path for an existing user that results in a module failure. That needs to be fixed in a separate PR.
* Do not compare result to unset parameter in sysvinit module
* Fix misformed command in sysvinit module
* Small None-comparison style fix in sysvinit module
* fix a (forgotten?) change in moving createhome -> create_home
Fix for following bug on FreeBSD host whith user module:
```
fatal: [webssp]: FAILED! => {"changed": false, "module_stderr": "X11 forwarding request failed
Traceback (most recent call last):
File \"/tmp/ansible_2rmlBl/ansible_module_user.py\", line 2487, in <module>
main()\n File \"/tmp/ansible_2rmlBl/ansible_module_user.py\", line 2426, in main
(rc, out, err) = user.modify_user()
File \"/tmp/ansible_2rmlBl/ansible_module_user.py\", line 1011, in modify_user
if (info[5] != self.home and self.move_home) or (not os.path.exists(self.home) and self.createhome):
AttributeError: 'FreeBsdUser' object has no attribute 'createhome'
", "module_stdout": "", "msg": "MODULE FAILURE", "rc": 1}
```
It happenned with 'createhome' AND with 'create_home' form, with python 2.7 AND python 3.6
* Add changelog
Co-authored-by: dgeo <dgeo@users.noreply.github.com>
* Add additional puppet options
Add support for puppet options --debug, --verbose, --summary,
and extend logdest to support logging to stdout and syslog at
the same time.
Fixes issue: #37986
* Fix docs
* Doc fix, add release note
* Fix silly yaml error
* Correct changelog, add C() to params in doc
* pamd: typo fix sufficicent->sufficient
* pamd: is_valid is a property, not a method; return a tuple
* pamd: define is_valid for all PamdLine classes
* pamd: use validate() for verbose errors, define generically
* pamd: PamdRule: rule_control is always str, use _control
Fixes https://github.com/ansible/ansible/issues/41179
* add notes to service_facts about accessing fact data
Signed-off-by: Adam Miller <admiller@redhat.com>
* remove unquoted :
Signed-off-by: Adam Miller <admiller@redhat.com>
* service_facts correct meaning of state for systemd service units
Fixes#40809
Previously this module used the commend `systemctl list-unit-files
--type=service` to query state of services but list-unit-files only
shows enabled vs disabled which is not what we want for "state"
Signed-off-by: Adam Miller <admiller@redhat.com>
* make sure to define service_name before referencing it
Signed-off-by: Adam Miller <admiller@redhat.com>
* Add a module to create a java key store (jks) from a certificate
* Create a jks from a certificate and a private key (secured by a password)
* Add an option to recreate the jks (useful when you want to update the jks password)
* If the certificate changed, recreate the jks
* Version added is now 2.7
* Fixed check_mode status to be the same as normal execution
* Now when setting the status to `disabled` in check_mode it correctly
returns the state changed and prints a warning like it does in normal
model. Before it always returned changed even if everything was set
correctly and a reboot was required.
* Add changelog entry
Co-authored by: Strahinja Kustudic <kustodian@gmail.com>
* The module now correctly sets the timezone in both the config file and
in /etc/localtime; while hwclock is set in both the config and
/etc/adjtime.
* Module checks if the timezone is actually set by checking
/etc/localtime. Before it only checked if it was set in the config file.
* Fixed module not setting the timezone on RedHat systems if
/etc/localtime was a symbolic link.
* Fixed module failures in case of missing config files or incorrect data
in them.
* Added a lot of integrations tests to cover most of these situations.
* Add documentation for setting multiple options.
* Do not set `cluster' to myhostname, if cluster is not set. This will cause
parse error, since module will try to parse the brick and hosts.
* Also fixes issue #40410
* parted module not idempotent for esp flag and name
Fixes#40452
Currently the parted module doesn't take into account names with
spaces in them which leads to non-idempotent transactions on the
state of the system because the name comparison will never succeed.
Also, when the esp flag is set, parted infers the boot flag and the
parted module did not previously account for this. This lead to
non-idempotent transactions as well.
Signed-off-by: Adam Miller <admiller@redhat.com>
* fix unit tests, expected command changed in the patch
Signed-off-by: Adam Miller <admiller@redhat.com>
In the last commit I modified the code to run commands when they are
daemonized. But the execution of "chkconfig" is not daemonized so it
uses "self.module.run_command(cmd)".
This commit set the default localize to allow proper screen scraping of
chkconfig command.
* Do not join flag parameters
This put a comma between every character of the tcp flag parameters, resulting in a bad iptables command.
Fixes#36490
* Use suboptions to ensure tcp_flags options are lists
* Add unit tests for tcp_flags
* Add example of how to use tcp_flags
* Allow negative values to expires to unexpire a user
Fixes#20096
(cherry picked from commit 34f8080a19c09cd20ec9c045fca1e37ef74bb1e6)
(cherry picked from commit 54619f70f4b79f121c5062d54e9732d3cbb24377)
(cherry picked from commit 8c2fae27d6e2af810112032bb1dfef5459035b7e)
(cherry picked from commit db1a32f8caa8c8b9f989baa65784d4b2b5cad1f8)
* tweaked and normalized
- also added tests, made checking resilient
Using Ubuntu 14.04, test fails because 'blkid' < 2.21 doesn't recognize
'ocfs2' filesystem smaller than 108Mo:
6baa150398
filesystem: fix MKFS_FORCE_FLAGS for ocfs2
mkfs.ocfs2 -F won't work because mkfs.ocfs2 asks for a confirmation:
$ mkfs.ocfs2 -F img
mkfs.ocfs2 1.6.4
Cluster stack: classic o2cb
Overwriting existing ocfs2 partition.
WARNING: Cluster check disabled.
Proceed (y/N):
The undocumented 'x' switch must be used too.
add new line and update choice documentation
adding description for ocfs2 support
use correct variable ansible_distribution to test ocfs2 with Debian
distribution
use ansible_os_family for Debian
increase ocfs2 fs size to 20M (minimal size 11 instead of 10M)
add ocfs2 support for module filesystem
Update setup.yml
delete trailing spaces
add ocsfs2 defaut var
Install ocfs2-tools for all linux
Testing ocfs2 on for Ubuntu - restrict blkid to be be done
* configurable list of facts modules
- allow for args dict for specific modules
- add way to pass parameters
- avoid facts poluting test
- move to 'facts gathered' flag
- add 'gathering' setting tests
* Only change expiration date if it is different
Modify user_info() method to also return the password expiration.
Compare current and desired expiration times and only change if they are different.
* Improve formatting on user tests
* Add integration test for expiration
* Add changelog fragment
* Improve integration test
Skip macOS and use getent module for validating expiration date.
* Fix expiration change for FreeBSD
* Don't use datetime since the total_seconds method isn't available on CentOS 6
* Use better name for expiration index field
Use separate tasks for verifying expiration date on BSD
* Use calendar.timegm() rather than time.mktime()
calendar.timegm() is the inverse of time.gmtime() and returns a timestamp in UTC not localtime
Add tests that change the system timezone away from UTC
* Mark tests as destructive and use test for change status
* Fix account expiration for FreeBSD
Use DATE_FORMAT when setting expiration date on FreeBSD. Previously the argument passed to -e was an integer of days since epoch when the account will expire which was inserted directly into master.passwd. This value is interpreted as seconds since epoch by the system, meaning the account expiration was actually set to a few hours past epoch.
Greatly simply comparing desired and current expiration time by using the first three values of the struct_time tuple rather than doing a whole bunch of manipulations of the seconds since epoch.
* refactor firewalld module, add firewalld module_util
This change is meant to enable the addition of advanced feature
specific firewalld modules that will have different module option
patterns than what fits in the current firewalld module, while
keeping as much common code as possible in the module_util
Signed-off-by: Adam Miller <admiller@redhat.com>
* Add note about sefcontext doing no restorecon
To someone like me who is relatively new to SELinux, setting the
"reload" option to yes might suggest that a restorecon is automatically
executed after the semanage call, making the new file context effective
immediately. I have found out that this is not the case and would like
to clarify this to others.
+label: docsite_pr
* Replace note by one suggested by reviewer
Reviewer dagwieers suggested a better notice text during review of my
original one, giving recommendations about what to do to actually get
the newly chosen SELinux context applied to the file.
The VDO Ansible module currently cannot modify the block map cache
size (but can configure the block map cache size for new volumes).
Add the "Block map cache size" parameter to the list of modifiable
parameters.
In the particular case of executin "chkconfig --list NAME", ansible
checks the stderr looking for a particular english message.
This message is different in other languages, Spanish for example
(although it have been corrected in the latests versions)
Fixes#29818
* add user password lock option to user module
* fixup! add user password lock option to user module
* add unlock, set no default
* fixup! add unlock, set no default
* fixup! fixup! add unlock, set no default
* add lock password for FreeBSD, netBSD
* fixup! add lock password for FreeBSD, netBSD
* respect skeleton argument in usermod mode for FreeBSD
* use FreeBSD's own (more sophisticated) home creation function rather than ansible's create_home(), which does not handle skeleton files correctly for FreeBSD
Error was:
File "/tmp/ansible_qY_BMb/ansible_module_firewalld.py", line 703, in <module>
main()
File "/tmp/ansible_qY_BMb/ansible_module_firewalld.py", line 548, in main
module.fail(msg='firewall is not currently running, unable to perform immediate actions without a running firewall daemon')
AttributeError: 'AnsibleModule' object has no attribute 'fail'
Physical devices are listed using 'pvs' command. Then, for
'/dev/dm-*' devices 'dmsetup' command is used to find pv_name.
An error occurs when 'pvs' command list an unknown device:
$ pvs --noheadings -o pv_name,vg_name --separator ';'
/dev/dm-0;vg_var
/dev/mapper/sdb3_backups;vg_data_backups
$ dmsetup info -C --noheadings -o name /dev/dm-0
Device dm-0 not found
Then the module fails:
{
"changed": false,
"err": "Device dm-0 not found\nCommand failed\n",
"msg": "Failed executing dmsetup command.",
"rc": 1
}
This failure can be avoided when the unknown device isn't used in
module parameter 'pvs'.
The generated file was completely unusable by the system
therefore the fix which ensures that diffing the file
prior to changes and after only shows diffs
Furthermore the code did not work for Python 3.6
> f.writelines(to_bytes(lines, errors='surrogate_or_strict'))
E TypeError: a bytes-like object is required, not 'int'
The other modifications (lambda variable renaming) is to
comply with default flake8 rules
* Add fat filesystem support
fatresize is temporarily disabled
* Refactor Filesystem.get_dev_size
For more sharing with vFAT class
* Fix filesystem tests on some OSs
I think this is due to older mke2fs on those systems.
* Fix vFAT command on FreeBSD
newfs doesn't seem to work on image files
* Refactor filesystem.grow()
Split out grow_cmd generation and Device operations
* Use swap as unsupported filesystem
Except FreeBSD, which doesn't have mkswap
* Be consistent about str(dev) vs dev.path
Prefer str(dev), this works transparently with '%s' formatting.
* Enable vfat resize, only test fatresize >= 1.0.4
Lower versions have a segfault bug.
* Only install fatresize where available
FreeBSD, OpenSUSE, RHEL and CentOS < 7 don't ship it.
Add an Ansible module for VDO (Virtual Data Optimizer), a
device-mapper module that provides deduplication, compression,
and thin provisioning. This module provides the ability to create,
remove, and modify parameters on storage volumes created by VDO.
* add functionality to create thin pool / volume on Linux LVM to lvol module
add `thinpool' parameter.
change `lv' parameter to not required.
To create thin poll, specify `thinpool'(, `vg' and `size') parameter and omit `lv' parameter.
It will create thin pool, nameed by `thinpool' parameter.
To create thin volume, specify both `thinpool' and `lv' parameter (also `vg' and `size' paramter is need).
It will create thin volume on `thinpool' pool, named by `lv' parameter.
Thin volume and pool can delete whith 'state=absent' parameter.
Thin volume is resizable like normal volume.
Thin pool can extend, but not reduce. This limitation is in Linux's LVM.
* Add thin volume support
- Based on f816618
- Indicate that either lv or thinpool are required parameters using
AnsibleModule's required_one_of.
- Resolve conflict with snapshot functionality
* Fix typo in documentation
* Fix and simplify logical volume check
* Rebase fixes
* Convert examples to native YAML syntax
* Fix failure with snapshot creation
* Properly fail when trying to snapshot a thinpool volume
* Don't fail when no size given for thin volume snapshot
Fixesansible/ansible-modules-extras#2478
* Convert old style required property sneaked in through rebase
* Fix 'too many leading #' syntax check
* Clarify which ping module to use
Ensure each of the ping modules link to each other
ping - Requires Python on remote-node
nxos_ping - Only on Cisco NXOS
ios_ping - Only on Cisco IOS
net_ping - For network devices
win_ping - only for Windows
* Module DOCUMENTATION should match argspec
Large update of many modules so that DOCUMENTATION option name and
aliases match those defined in the argspec.
Issues identified by https://github.com/ansible/ansible/pull/34809
In addition to many typos and missing aliases, the following notable
changes were made:
* Create `module_docs_fragments/url.py` for `url_argument_spec`
* `dellos*_command` shouldn't have ever had `waitfor` (was incorrectly copied)
* `ce_aaa_server_host.py` `s/raduis_server_type/radius_server_type/g`
* `Junos_lldp` enable should be part of `state`.
* filesystem: list used tools
* filesystem: btrfs and reiserfs don't support resizing
* filesystem: list supported filesystems
use formatting functions and 'filesystem' instead of 'file system'
* filesystem: PEP8
* filesystem: remove useless calls to module.boolean
* filesystem: fail when the requested action isn't implemented
* filesystem: resizefs: list supported FS rather than unsupported
* filesystem: refactor
* filesystem: add integration tests
* filesystem: allow to use image file with 'dev' param
* filesystem: test resizefs (ext2/3/4 filesystems only)
* filesystem: Btrfs, handle older version than v0.20-rc1
* filesystem: use loop keyword (integration tests)
* filesystem: new test, check when another filesystem already exists
* filesystem: add myself as a maintainer
* filesystem: fix tests as filters
* When inserting a new rule in `insert_after_rule`, check if the old rule is
the last rule, to avoid a list index out of range error when attempting to
access the next rule.
* Add a test for inserting a new rule after the last rule.
* firewalld: Implement zone operations
Zones are removed or added when no other operations are used in
conjunction with the keywords 'present' or 'absent'.
This leads to a logical and natural syntax of:
- firewalld:
zone: foo
state: present
for adding or removing zones.
Signed-off-by: Felix Kaechele <felix@kaechele.ca>
* firewalld: zone ops: addressed review concerns
- Added more documentation on the peculiarities of the zone operations
- Output meaningful error messages when trying to use zones incorrectly
Signed-off-by: Felix Kaechele <felix@kaechele.ca>
This fixes an issue where the check for an import error would occur
before checking to see if firewalld is in "offline mode" and if it
is, then checking to ensure the version of the firewall python
library was new enough to support offline operations. This patch
will now fail with a correct error message in the scenario that
someone attempts to perform an offline operation but has a version
of the firewall python library that is too old.
Signed-off-by: Adam Miller <maxamillion@fedoraproject.org>
* Added . and / to rule args regexp
Things like pam_echo.so file=/etc/foo.txt weren't being matched and
causing incorrect change counts. Adding / and . fixed that.
Fixes#33351
* pamd: test argument with value
Relates #33351
'true' needs to be quoted as a string, otherwise it is stored as boolean and ends up getting capitalized to 'True' when presented to debconf
Subsequent install of oracle-java8-installer fails with "oracle-license-v1-1 license could not be presented"
ansible version: 2.3.1.0
Actual: value: true
debconf-show oracle-java8-installer
* shared/accepted-oracle-license-v1-1: True
Expected: value: 'true'
debconf-show oracle-java8-installer
* shared/accepted-oracle-license-v1-1: true
Christian Kotte
Dag Wieers
Alex Mayer
Sam Doran
♫ Christian Krause ♫
Till Maas
Florian Apolloner
Ryan Brown
Matt Martz
Dmitrii Shuvar
Tom Matthews
Michael Mayorov
Andreas Calminder
Zhikang Zhang
Adam Miller
curry9999
Branko Majic
Pierre-Louis Bonicoli
hi117
Timo Sand
Jiri Tyr
Joren Vrancken
tomelrod
Gregory Hellings
uwila
Joe Abbey
Alexander Gubin
dgeo
Dennis Conrad
Chris Brown
Pilou
Jill R
James Cassell
Troy Murray
Shinichi TAMURA
Guillaume Grossetie
Brian Coca
Strahinja Kustudic
Sachidananda Urs
Antonio Huete Jimenez
Ken Evensen
Matt Clay
Adrian Lopez
Artem Goncharov
bengerman
Brian Coca
Luc
lchantre
Colin Nolan
Toshio Kuratomi
Felix Kaechele
lu1as
Ed Schaller
Ikrom
Olivier Bourdon
Zeust the Unoobian
Bryan Gurney
John R Barker
Adrian Lopez
nekottyo
lazouz
Adam Furbee
Job Evers‐Meltzer
abelbabel
Lutz Reinhardt
tobald
Fabian Zimmermann
alu
JP Mens
Jack
Simon Dodsley
Sam Doran
Sebastian Gumprich
Tim Smith
John Smith
Kevin M. Gallagher
James Vornhagen
Bobby Watson
Giorgio Crivellari
Jonathan Towne
Kai
Abhijeet Kasurde
Ken Evensen
Colins-Git
Reto Gantenbein
Ryan Groten
Aron Szekely
Gert Goet
André Nähring
David Kretch
Russell Parks
Mans Matulewicz
Adam Miller
R. Francis Smith
Rowin Andruscavage