Due to a mixup of the group/role/user and policy names, policies with
the same name as the group/role/user they are attached to would never be
updated after creation. To fix that, we needed two changes to the logic
of policy comparison:
- Compare the new policy name to *all* matching policies, not just the
first in lexicographical order
- Compare the new policy name to the matching ones, not to the IAM
object the policy is attached to
The ssh_public_keys must be a list otherwise will give the error:
"argument ssh_public_keys is of type <type 'dict'> and we were unable to convert to list"
- Removed required_if.
- Fixed doc strings.
- Removed debug output being appended to actions.
- Put import of basics at bottom to be consistent with other docker modules
- Added 'containers' alias to 'connected' param
- Put facts in ansible_facts.ansible_docker_network
* Check mode fixes for ec2_vpc_net module
Returns VPC object information
Detects state change for VPC, DHCP options, and tags in check mode
* Early exit on VPC creation in check mode
The default VPC egress rules was being left in the egress rules for
purging in check mode. This ensures that the module returns the correct
change state during check mode.
AWS security groups are unique by name only by VPC (Restated, the VPC
and group name form a unique key).
When attaching security groups to an ELB, the ec2_elb_lb module would
erroneously find security groups of the same name in other VPCs thus
causing an error stating as such.
To eliminate the error, we check that we are attaching subnets (implying
that we are in a VPC), grab the vpc_id of the 0th subnet, and filtering
the list of security groups on this VPC. In other cases, no such filter
is applied (filters=None).
EC2 Security Group names are unique given a VPC. When a group_name
value is specified in a rule, if the group_name does not exist in the
provided vpc_id it should create the group as per the documentation.
The groups dictionary uses group_names as keys, so it is possible to
find a group in another VPC with the name that is desired. This causes
an error as the security group being acted on, and the security group
referenced in the rule are in two different VPCs.
To prevent this issue, we check to see if vpc_id is defined and if so
check that VPCs match, else we treat the group as new.
While from the documentation[1] one would assume that replacing
CAPABILITY_IAM with CAPABILITY_NAMED_IAM; this as empirically been shown
to not be the case.
1: "If you have IAM resources, you can specify either capability. If you
have IAM resources with custom names, you must specify
CAPABILITY_NAMED_IAM."
http://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_CreateStack.html
Previously, when the attributes of a GCE firewall change, they were ignored. This PR changes that behavior and now updates them.
Note that the "update" also removes attributes that are not specified.
An overview of the firewall rule behavior is as follows:
1. firewall name in GCP, state=absent in PLAYBOOK: Delete from GCP
2. firewall name in PLAYBOOK, not in GCP: Add to GCP.
3. firewall name in GCP, name not in PLAYBOOK: No change.
4. firewall names exist in both GCP and PLAYBOOK, attributes differ: Update GCP to match attributes from PLAYBOOK.
Current module fails when tries to assign floating-ips to server that
already have them and either fails or reports "changed=True" when no
ip was added
Removing floating-ip doesn't require address
Server name/id is enough to remove a floating ip.
This parameter was actually added in 2.0. It's just that the
documentation in previous versions of the module were wrong (it said the
name was "network" rather than "name.) I've renamed the parameter in
the documentation of prior versions so ansible-module-validate should no
longer think that this is a new parameter.
The shade update_router() call will return None if the router is
not actually updated. This will cause the module to fail if we
do not protect against that.
The os_server module could automatically generate a floating IP for
the user with auto_ip=true, but we didn't allow for this FIP to be
automatically deleted when deleting the instance, which is a bug.
Add a new option called delete_fip that enables this.
Without this, ansible 2.1 will convert some arguments that are
meant to be dict or list type to their str representation.
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
The `source_dest_check` and `termination_protection` variables are being
assigned twice in ec2.py, likely due to an incorrect merge somewhere
along the line.
The IAM group modules were not receiving the `module` object, but they
use `module.fail_json()` in their exception handlers. This patch passes
through the module object so the real errors from boto are exposed,
rather than errors about "NoneType has no method `fail_json`".
* Change documented options for os_networks_facts
os_network_facts currently lists 'network' as an available option, taking the Name or ID. In Ansible 2.0.2 to 2.2.0, this is not valid. Options 'name' and 'id' should be used instead.
* Update os_networks_facts.py
* Update os_networks_facts.py
Set version_added to the only accepted value
* Update os_networks_facts.py
Removed inappropriate 'ID' parameter
Ceph Object Gateway (Ceph RGW) is an object storage interface built on top of
librados to provide applications with a RESTful gateway to Ceph Storage
Clusters:
http://docs.ceph.com/docs/master/radosgw/
This patch adds the required bits to use the RGW S3 RESTful API properly.
Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>
The "Developing Modules" documentation states:
Include a minimum of dependencies if possible. If there are
dependencies, document them at the top of the module file, and have
the module raise JSON error messages when the import fails.
When docker_service runs on a remote host without PyYAML it crashes with
ImportError.
This patch raises a JSON error message when import fails, but only if
the PyYAML module is actually used. It's only needed when the
"definition" parameter is given.
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
Reading the entire tar file into memory can result in out-of-memory
conditions such as this traceback:
Traceback (most recent call last):
File "/tmp/ansible_YELTSu/ansible_module_docker_image.py", line 486, in load_image
self.client.load_image(image_data)
File "/usr/local/lib/python2.7/dist-packages/docker/api/image.py", line 147, in load_image
res = self._post(self._url("/images/load"), data=data)
...
File "/usr/lib/python2.7/httplib.py", line 997, in endheaders
self._send_output(message_body)
File "/usr/lib/python2.7/httplib.py", line 848, in _send_output
msg += message_body
MemoryError
Luckily docker-py's load_image(), which calls requests post(), accepts a
file-like object instead of a string. Pass in the file object to avoid
reading the full file into memory. This allows larger tar files to load
succesfully.
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
* This moves the lines in the code that parse the `env` and `env_file` options for docker to the end of the `__init__()` function.
This is needed because the `_check_capabilites` function needs both a working `self.client` and a proper `self.docker_py_versioninfo`.
`_check_capabilities` is used by `ensure_capabilities` which is, in turn, used by `get_environment`
This means that before this commit, the environment variables could not be loaded because both `self.client` and `self.docker_py_versioninfo` were not set at that time.
This commit fixes that by putting the environment variable parsing after those two.
* This moves the lines in the code that parse the `env` and `env_file` options for docker to the end of the `__init__()` function.
This is needed because the `_check_capabilites` function needs both a working `self.client` and a proper `self.docker_py_versioninfo`.
`_check_capabilities` is used by `ensure_capabilities` which is, in turn, used by `get_environment`
This means that before this commit, the environment variables could not be loaded because both `self.client` and `self.docker_py_versioninfo` were not set at that time.
This commit fixes that by putting the environment variable parsing after those two.
The default pagination is every 100 items with a maximum of 1000 from
Amazon. This properly uses the marker returned by Amazon to concatenate
the various pages from the results.
This fixes#2440.
* Fixing error exception handling for python. Does not need to be compatible with Python2.4 b/c boto is Python 2.6 and above.
* Fixing error exception handling for python. Does not need to be compatible with Python2.4 b/c boto is Python 2.6 and above.
* Fixing compile time errors IRT error exception handling for Python 3.5.
This does not need to be compatible with Python2.4 b/c Boto is Python 2.6 and above.
This is to address this error:
fatal: [site]: FAILED! => {"changed": false, "failed": true, "msg": "Failed to connect to S3: Region does not seem to be available for awsmodule boto.s3. If the region definitely exists, you may need to upgrade boto or extend with endpoints_path"}
Commit 0dd58e9 changed the logic so an exception is thrown (by
`connect_to_aws`) before the `s3 is None` check is performed. This
changes the `None` check to a catch so the old logic can compensate.
* Adding docker_container
* If state absent, stop the container before attempting to remove. Fixed status running check.
* If container absent, stop before removing. Fix container status check.
- removed actions feature as this should be global and not per module
- removed default fields from return docs
- moved tags docs to shared fragments
- removed unused imports
* Add more example on how to use module ec2_tags to list tags on an instance
* Add more example on how to use module ec2_tags to list tags on an instance
'key_ids' is referenced before it is assigned, causing the module to fail with a UnboundLocalError instead of failing gracefully with a helpful error message. This very small patch moves the assignment of 'key_ids' to before the variable is referenced.
This allows a user to modify the state of the virtual cdrom in a VM
by using the state == reconfigured action. This is useful for
provisioning VMs from templates which do not have ISO images connected.
ec2_elb_lb doesn't react well to AWS API throttling errors. This
implements an exponential backoff operation around some of the AWS API
calls (with random jitter, in line with AWS recommendations) to make
this more resilient.
* Speed up AMI code by not attempting to create the AMI without checking on the name first. Also simplifies code for reporting errors from AMI creation, greatly.
* remove sys.exit
A cloud/domain admin should be able to create a subnet on any
project it is granted on.
This change adds the 'project' parameter that accepts either
a name (admin-only) or id.
A cloud/domain admin should be able to create a network on any project
it is granted to.
This changes adds the possibility to pass either a project ID or
project name.
A change was merged to the main Ansible core code that can cause
a potential hang if any libraries are called that use threading.
This change was:
4b0aa1214c
This affected the os_object module by causing a hang on the shade
create_object() API call (which in turn calls swiftclient which
uses threading). The fix is to make sure all modules have a main()
that is wrapped with an "if __name__ == '__main__'" check.
In case role policy was deleted, we did not handle at all if there
was authorization issue to do the deletion. Also add message when
role is not found and the policy is skipped.
The default_project is checked at the beginning of the module.
This raises an exception if the project passed does not exist.
This logic only makes sense on resource creation, if a user
puts state=absent the module fails, even though the default
project is not relevant
If a server already exists when os_server is run, but a floating
IP was not assigned to the server when one was requested, the
module will attempt to add an IP to the existing server. But it
would not pass the wait/timeout params to the floating IP APIs.
If wait was True, you could get back a server dict that did not
show the floating IP because it did not wait.
route53 creates Record objects using `health check` and `failover`
parameters. Those parameters only became available in boto 2.28.0.
As some prominent LTS Linux releases (e.g.: Ubuntu 14.04) only ship
older boto versions (e.g.: 2.20.1 for Ubuntu 14.04), users are getting
unhelpful error messages like
TypeError: __init__() got an unexpected keyword argument 'health_check'
when running Ansible 2 against their LTS install's default boto.
We improve upon this error message by checking the boto version
beforehand.
Fixesansible/ansible#13646
Apologies, but I no longer use this module day-to-day myself, and I don't have the bandwidth right now to effectively triage changes in any kind of timely fashion.
Hello!
I wanted stop the containers matched only by image name, but can't do this, if I not set cmd in playbook.
This behavior confused me.
If cmd or entrypoint is defined for running container, but not defined in playbook, makes matching behavior as this sample:
https://github.com/ansible/ansible-modules-core/blob/devel/cloud/docker/docker.py#L463
Commit f71542c set the incorrect type for these two parameters to
dict when they are actually list of dicts.
Also, the extra_dhcp_opts was incorrectly named (without the terminal
's') and NEVER worked, so this was corrected.
Fixes#3301
I like to use ~/somepath instead of absolute paths because
that's more shareable. Without expansion, the path wasn't
considered a file, and the resulting cloud-config user_data
contained a string for the file path instead of the file context.
So, expand it.
restart_containers(containers.running) may try to restart containers
that are deleted when looping through get_differing_containers()
fix this by refreshing list after first loop
The ulimit will be specified as a list and separated by colons. The
hard limit is optional, in which case it is equal to the soft limit.
The ulimits are compared to the ulimits of the container and added
or adjusted accordingly on by a reload.
The module ensures that ulimits are available in the capabilities
iff ulimits is passes as a parameter.
A change is coming to Ansible where module params will default to str.
Many of our modules were taking advantage of this by not being explicit
about the type, so they will break when that change merges. This hopefully
catches those cases.
This commit allows the connection information for
the vsphere_guest module to be provided as environment
variables, which makes it possible to use Cloud
Credentials from Ansible Tower in playbooks that utilize
vsphere_guest.
| ENV VAR | vsphere_guest param |
| --------------- | ---------------------- |
| VMWARE_HOST | vcenter_hostname |
| VMWARE_USER | username |
| VMWARE_PASSWORD | password |
Fix the OpenStack os_server module for when region_name is specified.
This should not be passed through to the shade create_server() call
as it's only used with the auth parameters.
Fixes bug: https://github.com/ansible/ansible-modules-core/issues/2797
OCD is making me fix the inconsistency with how None is typed. First Letter Capitalized All Over Now.
cleaning up the default object that was created for the cache_security_groups and removing checks dealing with it.
clean up space
Changing default cache_security_groups from [default] to None.
Add the ability to completely delete a floating IP from the pool
when disassociating it from a server. When state is absent and
purge is true, the IP will be completely deleted. The default
keeps the current behavior, which is to only disassociate the IP
from the server.
The exception message, when shade fails, will contain much more
specific information about the failure if the exception is treated
as a string. The 'message' attribute alone is usually not helpful.
Victor Volle
Arun prasath
David J Peacock
Ryan Brown
Rick Mendes
Matías Pizarro
Ilja Bauer
chouseknecht
Patrick Marques
Richard Adams
Karthik Suresh
nishiokay
Linus Arver
PikachuEXE
Chris Houseknecht
Brian Coca
muxator
chouseknecht
Shawn Siefkas
Rick Mendes
Lyle Mantooth
Julien Vey
Monty Taylor
Jasmine Hegman
Shaun Brady
John Baublitz
Ryan
chrisweaver
Matthew Martin
Michael Baydoun
Tom Melendez
Kai Kousa
yfried-redhat
Andrei Lukovenko
Toshio Kuratomi
h-hirokawa
jjshoe
David Shrewsbury
Qi Luo
Rene Moser
Adrian Moisey
Patrick Uiterwijk
Hrishikesh Barua
Rodríguez, Jorge
Graham Goldstein
Mario David
Javier M. Mellid
Adam Butler
Hagen Kuehn
Stefan Hajnoczi
Bradley Phipps
Vince v. Oosten
Matt Davis
mansunkuo
nitzmahone
Elena Washington
Gilles Gagniard
Jonathan A. Sternberg
pic
Michael Pappas
@
Mike Mars
Jirayut 'Dear' Nimsaeng
Anton Simernia
Dan Schmidt
David Fischer
Ghe Rivero
Roberto Bampi
Brian Coca
Alvaro Aleman
Doug Luce
Michael Scherer
Kenny Woodson
Nathan Brown
kwerey
Lloyd Hazlett
Matt Martz
Toshio Kuratomi
Cheuk Lam
Kaz Cheng
Shubham
hyperized
John R Barker
cspollar
Bill W
deyvsh
tonyqui
Darek Kaczyński
Sumit Roy
ThomasSteinbach
Constantin
Dennis Conrad
Marcin
Michael Fenn
Alexey Wasilyev
Joel Thompson
Donovan Jones
Michael Moussa
William Holroyd
Rob
Fabian von Feilitzsch
Ricardo Carrillo Cruz
Kalle Lehtonen
David Shrewsbury
Christian Aistleitner
Arnaud Lachaume
whiter
Michael Scherer
Ash Wilson
Ashwanth Kumar
Victor Beresnev
curious-eyes
Yannig Perré
Ted Timmons
Taras Lipatov
Fabian Fülling
Jonathan Davila
David Hocky
Neil Saunders
Joel
Schlueter
Terry Howe
Constantin07
Andrey Gubarev
Tom Bamford
Ryan-Neal Mes
Tobias Gesellchen
Kanwei Li
Will Thames
Tim Alkemade
Jonathan Davila
Pete Travis
Konstantin Suvorov
Daan Oosterveld
Scott Brown
Daniel Petty
Jason Kohles
Mike Caspar
Michael Baydoun
James Cammarata
Alexey Wasilyev
Ben Visser
Sebastien Couture
Stewart Rutledge
Shawn Silva
techraf
Julia Kreger
Yoichi Imai
Jason Paige
Bermudez, Jaime