This patch allows the hostname module to detect and set the hostname for a
Kali Linux 2.0 installation. Without this patch, the hostname module raises
the following error
hostname module cannot be used on platform Linux (Kali)
Kali is based off of Debian.
Fixes https://github.com/ansible/ansible/issues/11768
Test plan:
- (in a Vagrant VM) created a user 'bob' with no ssh key
- ran the following playbook in check mode:
---
- hosts: trusty
tasks:
- user: name=bob state=present generate_ssh_key=yes
- saw that ansible-playbook reported "changes=1"
- saw that /home/bob/.ssh was still absent
- ran the playbook for real
- saw that /home/bob/.ssh was created
- ran the playbook in check mode again
- saw that ansible-playbook reported no changes
- tried a variation with a different username for a user that didn't
exist: ansible-playbook --check worked correctly (no errors, reported
"changed")
PR #1651 fixed issue #1515 but the requirement for path to be defined is unecessarily strict. If the user has previously been created a path isn't necessary.
I have a task like this in a playbook. The ansible_ssh_user is 'root'
for this host.
- cron:
hour: 00
job: /home/backup/backup.sh
name: baserock.org data backup
user: backup
Running it gave me the following error:
TASK: [backup cron job, runs every day at midnight] ***************************
failed: [baserock-backup1] => {"failed": true}
msg: crontab: can't open '/tmp/crontabvVjoZe': Permission denied
crontab: user backup cannot read /tmp/crontabvVjoZe
The temporary file created by the 'cron' module is created with the
Python tempfile.mkstemp() function. This creates a file that is readable
only by 'root' (mode 600). The Busybox `crontab` program then checks if
the file is readable by the 'backup' user, and fails if it isn't. So we
need to make sure the file is world-readable before running `crontab`.
If `password` is defined as `*` `useradd` or `usermod` returns an error:
msg: usermod: Invalid password: `*'
This works very well on Linux host to not define any password for a
user (mainly useful if your setup is only based on SSH keys for
auth). On OpenBSD this does not work, so we have to ignore the encrypted
password parameter if it defined as `*`.
This change is in response to issue #1515.
Original pull request #1580.
The original problem is: in authorized_key module you have no idea about users
which will be created by Ansible at first run. I can propose next two ways to
solve this problem:
1. Combine modules system/user.py and system/authorized_key.py in one module
(so you will know everything about users in that module)
2. Use small workaround: add my commit and always provide 'path' parameter
for authorized_key module during runs with --check option.
Fixes#530.
It's more generic than #578 which only fixes spaces escaping in name (target dir to mount).
Escaping is used in both `set_mount` (important for `src`, `name` and `opts`) and
`unset_mount` (for `name`).
It's shouldn't be used in `mount` and `umount` since `name` parameter is passed as array element
to `module.run_command`.
Signed-off-by: Konstantin Gribov <grossws@gmail.com>
This adds a must_exist option to the service module, which gives callers the
ability to be tolerant to services that do not exist. This allows for
opportunistic manipulation of a list of services if they happen to exist on the
host. While failed_when could be used, it's difficult to track all the
different error strings that might come from various service tools regarding a
missing service.
* Fix docs to specify when python2.6+ is required (due to a library
dep). This helps us know when it is okay to use python2.6+ syntax in
the file.
* remove BabyJson returns. See #1211 This commit fixes all but the
openstack modules.
* Use if __name__ == '__main__' to only run the main part of the module
if the module is run as a program. This allows for the potential to
unittest the code later.
Includes commits for:
* Don't return change if the password is not set
* Set the group to nogroup if none is specified
* Set an uid if none is specified
* Test if SHADOWFILE is set (for Darwin)
* remove unused uid
Upstart scripts are being incorrectly identified as SysV init scripts
due to a logic error in the `service` module.
Because upstart uses multiple commands (`/sbin/start`, `/sbin/stop`,
etc.) for managing service state, the codepath for upstart sets
`self.svc_cmd` to an empty string on line 451.
Empty strings are considered a non-truthy value in Python, so
conditionals which are checking the state of `self.svc_cmd` should
explicitly compare it to `None` to avoid overlooking the fact that
the service may be controlled by an upstart script.
The return code of "service pf onestatus" is usually zero on FreeBSD (tested with FreeBSD 10.0), even if pf is not running. So the service module always thinks that pf is running, even when it needs to be started.
I tried a playbook with the following (accidentally wrong) task:
tasks:
- name: authorized key test
authorized_key: key=/home/sam/.ssh/id_rsa.pub key_options='command="/foo/bar"' user=sam
I got the following traceback:
TASK: [authorized key test] ***************************************************
failed: [localhost] => {"failed": true, "parsed": false}
Traceback (most recent call last):
File "/home/sam/.ansible/tmp/ansible-tmp-1427110003.65-277897441194582/authorized_key", line 2515, in <module>
main()
File "/home/sam/.ansible/tmp/ansible-tmp-1427110003.65-277897441194582/authorized_key", line 460, in main
results = enforce_state(module, module.params)
File "/home/sam/.ansible/tmp/ansible-tmp-1427110003.65-277897441194582/authorized_key", line 385, in enforce_state
parsed_new_key = (parsed_new_key[0], parsed_new_key[1], parsed_options, parsed_new_key[3])
TypeError: 'NoneType' object has no attribute '__getitem__'
With this fix, I see the expected error instead:
TASK: [authorized key test] ***************************************************
failed: [localhost] => {"failed": true}
msg: invalid key specified: /home/sam/.ssh/id_rsa.pub
This option allows the module to ensure that ONLY the specified keys
exist in the authorized_keys file. All others will be removed. This is
quite useful when rotating keys and ensuring no other key will be
accepted.
Sina Sadeghi
Brian Coca
Veaceslav (Slava) Mindru
Martin André
Jordi De Groof
Greg DeKoenigsberg
Simon Hafner
Toshio Kuratomi
Achilleas Pipinellis
gekmihesg
Simon Li
Mike Boone
Marius Gedminas
Tim Rupp
Simon Li
Александр Костырев
Evgeny Vereshchagin
Austin Hyde
Evan Kaufman
Sam Thursfield
James Cammarata
saito-hideki
KIKUCHI Koichiro
Sébastien Gross
fti7
bambou
Mischa ter Smitten
Sean Chittenden
0tmc
verm666
Matt Martz
Konstantin Gribov
Arata Notsu
Alexis Seigneurin
sysadmin75
Hagai Kariti
Patrik Lundin
Jonathan Mainguy
Vladislav Lewin
Semyon Deviatkin
Jesse Keating
macbeth76
louis
Evgenii Terechkov
Michael Scherer
Keith Johnson
David Wittman
David Fritzsche
Mario Loria
Dag Wieers
Carlo Mandelli
Oleg A. Mamontov
Edward Larkey
Stefan J. Betz
Jon Hadfield
Graham Hay
Dagobert Michelsen
Paul Geraghty
Philippe ALEXANDRE
Jeff Gonzalez