* known_hosts: support --diff
* known_hosts: support --diff also without --check
* Add unit tests and fix incorrect diff in one corner case
Tests are good!
* Refactor for readability
* Python 3 compat
* More Python 3 compat
* Add an integration test for known_hosts
* Handle ssh-keygen -HF returning non-zero exit code
AFAICT this is a bug in ssh-keygen in some newer OpenSSH versions
(>= 6.4 probably; see commit dd9d5cc670):
when you invoke ssh-keygen with -H and -F <host> options, it always
returns exit code 1. This is because in ssh-keygen.c there's a function
do_known_hosts() which calls
exit (find_host && !ctx.found_key);
at the end, and find_host is 1 (because we passed -F on the command line),
but ctx.found_key is always 0. Why is found_key always 0? Because the
callback passed to hostkeys_foreach(), which is known_hosts_hash(),
never bothers to set found_key to 1.
* This test does not need root
* Avoid ssh-ed25519 keys in sample known_hosts file
Older versions of OpenSSH do not like them and ssh-keygen -HF
aborts with an error when it sees such keys:
line 5 invalid key: example.net...
/root/ansible_testing/known_hosts is not a valid known_hosts file.
* Fix Python 3 errors
Specifically, the default mode of tempfile.NamedTemporaryFile is 'w+b',
which means Python 3 wants us to write bytes objects to it -- but the
keys we have are all unicode strings.
* Add Check Mode capability to kernel_blacklist module
* Add suggested changes from @tmshn
* Pass a bool into `Blacklist` that'll just be `module.check_mode`
* Move detection and creation of a file to a separate function within `Blacklist`
* If there's no file on the system and we are running under `Check Mode`, set `self.filename` to `os.devnull` AND mark a change, as the module would have created an empty file.
* Whenever a `self.filename` is being opened in a mode where changes can be made, replace with an if statement that checks `self.checkmode` and if true then open up `os.devnull` instead
* Update validate-modules
* Validates ANSIBLE_METADATA
* Ensures imports happen after documentation vars
* Some pep8 cleanup
* Clean up some left over unneeded code
* Update modules for new module guidelines and validate-modules checks
* Update imports for ec2_vpc_route_table and ec2_vpc_nat_gateway
* Fix service's exec_command() for python3
exec_command() was mixing text and bytes in several places on python3.
Made changes so that we explicitly convert between the two.
Fixes#20818
* Also handle basestring and shlex.split in a python2/python3 compatible fashion
* Tweaks for SmartOS:
- prevent attempting from changing timezone in the global zone (read-only)
- provide meaningful error message in the unlikely case smtools isn't present
* Add support for FreeBSD and NetBSD to timezone module
In our environment we have custom services that need to be stopped and
restarted very gracefully to not interrupt active sessions.
A stop job, depending on the state, can take up to 20 minutes until the
process exits. It simply reacts to SIGTERM with a graceful shutdown.
By default, systemctl blocks until the job has completed, which leads to
Ansible hanging on this task for up to 20 minutes.
Thankfully systemctl supports the `--no-block` flag which lets the job
continue in the background.
This PR adds support for that flag as the `no_block` boolean option.
From the man page:
--no-block
Do not synchronously wait for the requested operation to
finish. If this is not specified, the job will be
verified, enqueued and systemctl will wait until the
unit's start-up is completed. By passing this argument,
it is only verified and enqueued. This option may not be
combined with --wait.
Not all file-related modules consistently use "path" as the attribute to specify a single filename, some use "dest", others use "name". Most do have aliases for either "name" or "destfile".
This change makes "path" the default attribute for (single) file-related modules, but also adds "dest" and "name" as aliases, so that people can use a consistent way of attributing paths, but also to ensure backward compatibility with existing playbooks.
NOTE: The reason for changing this, is that it makes Ansible needlessly harder to use if you have to remember that e.g. the xattr module requires the name attribute, the lineinfile module requires a dest attribute, and the stat module requires a path attribute.
* Small tweaks for timezone module:
- small textual fixes
- ensure the generated docs list either hwclock or name as required
by using a non-generated value for required_one_of
* Update docs with the DOCUMENTATION block about either name/hwclock being required
* Add modules for gathering facts about ZFS datasets and pools
* Move zfs module to storage/zfs subcategory
* Replace dict.iteritems() with iteritems(dict)
* Add ANSIBLE_METADATA
Document return values
Make imports explicit
Use native YAML syntax in EXAMPLES
* Add zfs_facts and zpool_facts modules to CHANGELOG.md
* Add facts to return values
* Add module for managing boot environments on FreeBSD/Solaris/illumos systems
* Add ANSIBLE_METADATA
Document return values
Make imports explicit
Use native YAML syntax in EXAMPLES
* Add beadm module to CHANGELOG.md
* Update version to 2.3
In modern ansible, parameters default to string type. This causes
issues for polymorphic parameters like this module's value param. note
that this fix restores ansible-2.0 and previous behaviour but it is not
perfect. If a parameter is specified via key=value or given on the
commandline then it will be a string before it reaches the module code.
There's nothing we can do about that.
Fixes#19585
* Refactoring: split readkeys() into readfile() and parsekeys()
* Refactoring: split writekeys() into writefile() and serialize()
* authorized_key: support --diff
* Refactoring: remove no-longer used readkeys()/writekeys()
* Integration test for authorized_key in check mode
* Update system/user.py module.
Add ability to add real system users with next free system uid (< 500) on macOS.
* Improve syntax in system/user.py module.
Remove complex if else line and replace by simple comparison which yields the same boolean value.
* Remove "True" comparison of user.py.
Remove comparison to true, as it is not pep8 conform.
* Code smell test for iteritems and itervalues
* Change the keydict object in authorized_keys so it doesn't throw a false postive
keydict is a bad data structure anyway. We don't use the iteritems and
itervalues methods so just disable them so that the code-smell tests do
not trigger on it.
* Change release templates so they work with py3
* Do not use the fstab parameter on openbsd for mounting
OpenBSD's mount command doesn't allow selecting which fstab file to use.
So if we're operating on the live filesystem (mount or remount) return
an error if the user specified an fstab file.
Fixes#5591
* Fix the logic inversion (thanks to @landryb)
The `service` module starts services that are not running when
`action=restarted` or `action=reloaded`, which is especially convenient
for initial deployments because it eliminates an extraneous operation
for when the service starts for the first time. This commit adjusts the
behavior of the `systemd` module to match.
* allow mount to try remount
falls back to unmount/mount
* fixed fstab handling and switched to ismount
custom function deals with bind mounts unlike built in
* un ** args
* last ** args
Allow some operations on missing services
Better sysv handling
Rearranged error reporting
fixed load error catching and order logic
also minor doc/comment updates
added warnings
* Change example syntax on authorized_key module
* Change example syntax on cron module
* Change example syntax on group module
* Change example syntax on hostname module
* Change example syntax on seboolean module
* Change example syntax on selinux module
* Change example syntax on service module
* Change example syntax on sysctl module
* Change example syntax on systemd module
* Change example syntax on user module
* Change example syntax on debug module
* Change example syntax on fail module
* Change example syntax on include module
* Change example syntax on include_role module
* Change example syntax on include_vars module
* Change example syntax on pause module
* Change example syntax on wait_for module
* Change example syntax on apache2_module module
* > Change example syntax on django_manage module
* Change example syntax on htpasswd module
After installing a package from the ports collection on a
fresh FreeBSD 11.0, Ansible was unable to enable it, failing with
"unable to get current rcvar value". Debugging showed that sysrc
didn't see the variable from /usr/local/etc/rc.d/myservice, but
adding the value was working.
So we will just fallback to the default value if we can't find it.
* updated `find_job` method to find by exact match of job, when no matching header comment is found
* note this fallback injects a header comment for later calls to `update_job` or `remove_job`
* abstracted header comment building to `do_comment` method
Fixes#3256
Marius Gedminas
Brian Coca
Imran Hussain
Matt Martz
Brian Coca
Matt Clay
Toshio Kuratomi
James Sumners
Jasper Lievisse Adriaanse
Fabio Alessandro Locati
Tobias Wolf
Dag Wieers
Michael Kwardakov
James Cooke
Evan Kaufman
Valentín Gutiérrez
Adam Števko
Ken Evensen
Fabrizio Colonna
Joseph Price
tmshn
George Brighton
Adrian Likins
Rezart Qelibari
Artur Molchanov
Carlos E. Garcia
Michael Scherer
Andrea Tartaglia
Alexandre Garnier
James Cammarata
Fabio Alessandro Locati
Evan Kaufman
Dustin C. Hatch
ekultails
jctanner
Jiri Tyr
Sam Doran
Hiroaki Nakamura
Jonathan Mainguy