- add support for extending volumes in os_volume, also add module support for check_mode and diff
- ansible facts properly detect xen paravirt vs hvm
- gather Fibre Channel WWNs fact on AIX (extends https://github.com/ansible/ansible/pull/37043)
- gcp_compute - add the image field to map to disk source iamges in the configured zones bringing it in line with old gce inventory script data
- jinja2 - accesses to keys/indices on an undefined value now return further undefined values rather than throwing an exception
- openssl_certificate - the messages of the ``assertonly`` provider with respect to private key and CSR checking are now more precise.
- openssl_pkcs12 - Fixed idempotency checks, the module will regenerate the pkcs12 file if any of the parameters differ from the ones in the file. The ``ca_certificates`` parameter has been renamed to ``other_certificates``.
- paramiko is now optional. There is no compat package on certain platforms to worry about.
- rename safeConfigParser to ConfigParser to suppress DeprecationWarning (The SafeConfigParser class has been renamed to ConfigParser in Python 3.2.)
- use ansible.module_utils.six for all scripts in contrib/inventory
Bugfixes
--------
- Fixed to handle arguments correctly even if inventory and credential variables are not specified (#25017,#37567)
- Include partition tables in the ALL_IN_SCHEMA option for postgresql-privs (https://github.com/ansible/ansible/issues/54516)
- The internal key `results` in vmware_guest_snapshot module return renamed to `snapshot_results`.
- dnf - fix issue with dnf API calls to adapt to changes in upstream dnf version 4.2.2
- ec2 - Only use user_data if the user has specified a value. This prevents setting the instance's user data to b'None'.
- ec2_asg - Fix error where ASG dict has no launch config or launch template key
- facts - ensure that the default package manager for RHEL < 8 is yum, and dnf for newer
- include_role - Don't swallow errors when processing included files/roles (https://github.com/ansible/ansible/issues/54786)
- mysql_user: fix compatibility issues with various MySQL/MariaDB versions
- redhat_subscription - For compatibility using the redhat_subscription module on hosts set to use a python 3 interpreter, use string values when updating yum plugin configuration files.
- rely on method existing vs loosely related _cache attribute, also fix data persistence issue on plugin reuse across sources.
- setup - properly detect is_chroot on Btrfs (https://github.com/ansible/ansible/issues/55006)
- udm_dns_record - Fix issues when state is absent with undefined variable diff at the module return.
- udm_dns_zone - Fix issues when state is absent with undefined variable diff at the module return.
- udm_group - Fix issues when state is absent with undefined variable diff at the module return.
- udm_share - Fix issues when state is absent with undefined variable diff at the module return.
- udm_user - Fix issues when state is absent with undefined variable diff at the module return.
- ufw - when ``default`` is specified, ``direction`` does not needs to be specified. This was accidentally introduced in Ansible 2.7.8.
- user - fix a bug when checking if a local user account exists on a system using directory authentication (https://github.com/ansible/ansible/issues/50947, https://github.com/ansible/ansible/issues/38206)
- yum allows comparison operators like '>=' for selecting package version
New Plugins
-----------
Connection
~~~~~~~~~~
- vmware_tools - Execute tasks inside a VM via VMware Tools
Inventory
~~~~~~~~~
- cloudscale - cloudscale.ch inventory source
- kubevirt - KubeVirt inventory source
New Modules
-----------
Cloud
~~~~~
azure
^^^^^
- azure_rm_devtestlabcustomimage_facts - Get Azure DevTest Lab Custom Image facts.
- azure_rm_devtestlabenvironment_facts - Get Azure Environment facts.
- azure_rm_devtestlabpolicy_facts - Get Azure DTL Policy facts.
- azure_rm_devtestlabschedule_facts - Get Azure Schedule facts.
- azure_rm_hdinsightcluster_facts - Get Azure HDInsight Cluster facts.
- Experimental support for Ansible Collections and content namespacing - Ansible content can now be packaged in a collection and addressed via namespaces. This allows for easier sharing, distribution, and installation of bundled modules/roles/plugins, and consistent rules for accessing specific content via namespaces.
- Python interpreter discovery - The first time a Python module runs on a target, Ansible will attempt to discover the proper default Python interpreter to use for the target platform/version (instead of immediately defaulting to ``/usr/bin/python``). You can override this behavior by setting ``ansible_python_interpreter`` or via config. (see https://github.com/ansible/ansible/pull/50163)
- become - The deprecated CLI arguments for ``--sudo``, ``--sudo-user``, ``--ask-sudo-pass``, ``-su``, ``--su-user``, and ``--ask-su-pass`` have been removed, in favor of the more generic ``--become``, ``--become-user``, ``--become-method``, and ``--ask-become-pass``.
- become - become functionality has been migrated to a plugin architecture, to allow customization of become functionality and 3rd party become methods (https://github.com/ansible/ansible/pull/50991)
Minor Changes
-------------
- A k8s module defaults group has now been added to reduce the amount of parameters required for multiple k8s tasks. This group contains all non-deprecated kubernetes modules - `k8s`, `k8s_auth`, `k8s_facts`, `k8s_scale` and `k8s_service` as well as the CRD-handling `kubevirt_*` modules.
- AWS EC2's Autoscaling Group (`ec2_asg`) module now supports the use of Launch Templates in addition to existing support for Launch Configurations.
- Add ``ansible_play_name`` magic var (https://github.com/ansible/ansible/issues/11349)
- Add better parsing for gathering facts about free memory in Mac OS (https://github.com/ansible/ansible/pull/52917).
- Add config option for chroot binary for chroot connection plugin
- Add configurable backup path option support for network config modules
- Add examples in documentation to explain how to handle multiple conditions in changed_when and failed_when.
- Add new meta task end_host - https://github.com/ansible/ansible/issues/40904
- Add option to read zabbix inventory per each host
- Add option to set ansible_ssh_host based on first interface settings
- Add parameters to module vmware_guest for conversion of disk to thin or thick when vm is cloned or deployed with template or virtual machine.
- Add stats on rescued/ignored tasks to play recap (https://github.com/ansible/ansible/pull/48418)
- Add support for hex color values in Slack module.
- Add support for per_host:no stats for the callback plugin **json** (https://github.com/ansible/ansible/pull/43123)
- Add warning about falling back to jinja2_native=false when Jinja2 version is lower than 2.10.
- Added Ansible.Basic C# util that contains a module wrapper and handles common functions like argument parsing and module return. This is gives the user more visibility over what the module has run and aligns PowerShell modules more closely to how Python modules are defined.
- Added check for assert module for msg and failed_msg as a list or string types.
- Added documentation about using VMware dynamic inventory plugin.
- Added experimental support for connecting to Windows hosts over SSH using ``ansible_shell_type=cmd`` or ``ansible_shell_type=powershell``
- Added missing deprecation warning for param 'reboot' and use without param 'name' to the cron module.
- Added parameter checking before the module attempts to do an action to give helpful error message
- Added support for MX and SRV record in ipa_dnsrecord module (https://github.com/ansible/ansible/pull/42482).
- Added support for gateway parameter in iptables module (https://github.com/ansible/ansible/issues/53170).
- Added support for iptables module iprange and its parameters src-range and dst-range
- All environment variables defined by ansible now start with the `ANSIBLE_` prefix. The old environment vars still work for now. The new environment vars added are: ANSIBLE_LIBVIRT_LXC_NOSECLABEL, ANSIBLE_DISPLAY_SKIPPED_HOSTS, and ANSIBLE_NETWORK_GROUP_MODULES
- Allow default callback plugin to send unreachable host/task to stderr using toggle flag.
- Allow for vaulted templates in template lookup (https://github.com/ansible/ansible/issues/34209)
- An `os` module_defaults group has been added to simplify parameters for multiple OpenStack tasks. This group includes all OpenStack modules with an `os_`-prefixed module name.
- Ansible.ModuleUtils.Privilege - moved C# code to it's own util called ``Ansible.Privilege`` and expanded the tests
- Catch all connection timeout related exceptions and raise AnsibleConnectionError instead
- Change the position to search os-release since clearlinux new versions are providing /etc/os-release too
- Changed output of tags dictionary in results to standard Ansible format
- Cleaned up module code to remove all calls to the deprecated get_exception() function
- Connection plugins have been standardized to allow use of ``ansible_<conn-type>_user`` and ``ansible_<conn-type>_password`` variables. Variables such as ``ansible_<conn-type>_pass`` and ``ansible_<conn-type>_username`` are treated with lower priority than the standardized names and may be deprecated in the future. In general, the ``ansible_user`` and ``ansible_password`` vars should be used unless there is a reason to use the connection-specific variables.
- Display - Add a ``Singleton`` metaclass and apply it to ``Display`` to remove the need of using ``__main__.Display`` as a pseudo singleton
- Drop the use of pkg_resources. Importing pkg_resources was the costliest part of startup time for Ansible. pkg_resources was used so that platforms with old versions of PyCrypto and Jinja2 could use parallel installed, updated versions. Since we no longer support Python-2.6 on the controller side, we no longer have to support parallel installation to work around those old stacks.
- Embed an overridable static sanitization method into base inventory plugin class to allow individual plugins to optionally override Add override implementation to inital set of cloud plugins
- Ensures 'elapsed' is always returned, when timed out or failed
- Fix documentation of match test. Match requires zero or more characters at beginning of the string.
- Fixed bug around populating host_ip in hostvars in vmware_vm_inventory.
- Handle vault filename with UTF-8 while decrypting vault file using ansible-vault.
- Improve the deprecation message for squashing, to not give misleading advice
- Increase the default persistent command_timeout value from 10 to 30 seconds to reduce frequent timeout issues.
- Modules and plugins have been standardized on a well-defined set of TLS-related parameters. The old names remain as aliases for compatibility. In general, the new names will override the old names if both are specified. The standard names are: ``client_cert`` (certificate for client identity, might also include the private key), ``client_key`` (private key for ``client_cert``), ``ca_cert`` (public key to validate server's identity, usually a root certificate), and ``validate_certs`` (boolean to enable or disable certificate validity checking).
- Moved the FactCache code from ansible.plugins.cache.FactCache to ansible.vars.fact_cache.FactCache as it is not meant to be used to implement cache plugins.
- Now emits 'elapsed' as a return value for get_url, uri and win_uri
- On Solaris, the `ansible_product_name` fact is populated for a wider range of older hardware models, and `ansible_system_vendor` fact is populated for certain known vendors.
- Parsing plugin filter may raise TypeError, gracefully handle this exception and let user know about the syntax error in plugin filter file.
- Python-3.8 removes platform.dist() from the standard library. To maintain compatibility we've switched to an alternative library, nir0s/distro, to detect the distribution for fact gathering. Distributions facts may change slightly as nir0s/distro has bugfixes which the standard library's platform.dist() has lacked.
- Raise AnsibleConnectionError on winrm connnection errors
- Refactored the CLI code to parse the CLI arguments and then save them into a non-mutatable global singleton. This should make it easier to modify.
- Removed the private ``_options`` attribute of ``CallbackBase``. See the porting guide if you need access to the command line arguments in a callback plugin.
- Support for Cumulus Linux 2.5.4 and 3.7.3 added in setup facts (https://github.com/ansible/ansible/pull/52309).
- Support for Linux Mint 18.3 added in setup facts (https://github.com/ansible/ansible/pull/52224).
- The ``acme_account_facts`` module has been renamed to ``acme_account_info``.
- The ``docker_image_facts`` module has been renamed to ``docker_image_info``.
- The ``docker_service`` module has been renamed to ``docker_compose``.
- The restart/idempotency behavior of docker_container can now be controlled with the new comparisons parameter.
- Update docs and return section of vmware_host_service_facts module.
- Updated Ansible version help message in help section.
- Updated VMware Update tag API as new specifications (https://github.com/ansible/ansible/issues/53060).
- Windows/PSRP - Ensure that a connection timeout or connection error results in host being unreachable
-``contains`` jinja2 test - Add a ``contains`` jinja2 test designed for use in ``map`` and ``selectattr`` filters (https://github.com/ansible/ansible/pull/45798)
-``osx_say`` callback plugin was renamed into ``say``.
-``to_yaml`` filter updated to maintain formatting consistency when used with ``pyyaml`` versions 5.1 and later (https://github.com/ansible/ansible/pull/53772)
- acme_account: add support for diff mode.
- acme_account_facts: also return ``public_account_key`` in JWK format.
- acme_certificate - add experimental support for IP address identifiers.
- acme_challenge_cert_helper - add support for IP address identifiers.
- add ``STRING_CONVERSION_ACTION`` option to warn, error, or ignore when a module parameter is string type but the value from YAML is not a string type and it is converted (https://github.com/ansible/ansible/issues/50503)
- add facility for playbook attributes that are not templatable, i.e register
- add from_handlers option to include_role/import_role
- add option to azure_rm inventory plugin which will allow the legacy script host names to be used
- add option to shell/command to control stripping of empty lines at end of outputs
- add parameter to checkpoint_object_facts to filter out by object type
- add toggle to allow user to override invalid group character filter
- added 'unsafe' keyword to vars_prompt so users can signal 'template unsafe' content
- adds launch type to ecs task to support fargate launch type.
- allow user to force install a role and it's dependencies
- allow user to force verbose messages to stderr
- ansible-galaxy: properly warn when git isn't found in an installed bin path instead of traceback
- assert - added ``quiet`` option to the ``assert`` module to avoid verbose output (https://github.com/ansible/ansible/issues/27124).
- aws_kms is now able to create keys and manage grants and tags
- azure_rm_appgateway - add redirect configurations and probes
- become - Change the default value for `AGNOSTIC_BECOME_PROMPT` to `True` so become prompts display `BECOME password:` regardless of the become method used. To display the become method in the prompt (for example, `SUDO password:`), set this config option to `False`.
- callbacks - New ``v2_runner_on_start`` callback added to indicate the start of execution for a host in a specific task (https://github.com/ansible/ansible/pull/47684)
- change default connection plugin on macOS when using smart mode to ssh instead of paramiko (https://github.com/ansible/ansible/pull/54738)
- change default value for ``configs`` from ``[]`` to ``null`` and for ``update_order`` from ``stop-first`` to ``null``, matching docker API and allowing the module to interact with older docker daemons.
- cloudstack - The choice list for the param 'hypervisor' had been removed to allow the API to validate depending on your setup directly.
- cmdline fact parsing can return multiple values of a single key. Deprecate cmdline fact in favor of proc_cmdline.
- command/shell - new `stdin_add_newline` arg allows suppression of automatically-added newline `\n` character to the specified in the `stdin` arg.
- conn_limit type is set to 'int' in postgresql_user module. This will allow module to compare conn_limit with record value without type casting.
- copy - support recursive copying with remote_src
- cs_network_offering - new for_vpc parameter which allows the creation of network offers for VPC.
- cs_volume - add volumes extraction and upload features.
- cs_zone - The option network_type uses capitalized values for the types e.g. 'Advanced' and 'Basic' to match the return from the API.
- default value for ``INVENTORY_ENABLED`` option was ``['host_list', 'script', 'yaml', 'ini', 'toml', 'auto']`` and is now ``['host_list', 'script', 'auto', 'yaml', 'ini', 'toml']``
- diff mode outputs in YAML form when used with yaml callback plugin
- dnf - added the module option ``install_weak_deps`` to control whether DNF will install weak dependencies
- dnf - group removal does not work if group was installed with Ansible because of dnf upstream bug https://bugzilla.redhat.com/show_bug.cgi?id=1620324
- dnf properly honor disable_gpg_check for local (on local disk of remote node) package installation
- dnf properly support modularity appstream installation via overloaded group modifier syntax
- dnf removal with wildcards now works: Fixes https://github.com/ansible/ansible/issues/27744
- docker_container - Add runtime option.
- docker_container - Add support for device I/O rate limit parameters. This includes ``device_read_bps``, ``device_write_bps``, ``device_read_iops`` and ``device_write_iops``
- docker_container - Added support for ``pids_limit`` parameter in docker_container.
- docker_container - Added support for healthcheck.
- docker_container - Allow to use image ID instead of image name.
- docker_container - ``stop_timeout`` is now also used to set the ``StopTimeout`` property of the docker container when creating the container.
- docker_container - a new option ``networks_cli_compatible`` with default value ``no`` has been added. The default value will change to ``yes`` in Ansible 2.12. Setting it to ``yes`` lets the module behave similar to ``docker create --network`` when at least one network is specified, i.e. the default network is not automatically attached to the container in this case.
- docker_container - improved ``diff`` mode to show output.
- docker_container - mount modes in ``volumes`` allow more values, similar to when using the ``docker`` executable.
- docker_container - published_ports now supports port ranges, IPv6 addresses, and no longer accepts hostnames, which were never used correctly anyway.
- docker_container, docker_network, docker_volume - return facts as regular variables ``container``, ``network`` respectively ``volume`` additionally to facts. This is now the preferred way to obtain results. The facts will be removed in Ansible 2.12.
- docker_image - Add ``build.cache_from`` option.
- docker_image - Allow to use image ID instead of image name for deleting images.
- docker_image - add option ``build.use_proxy_config`` to pass proxy config from the docker client configuration to the container while building.
- docker_image - all build-related options have been moved into a suboption ``build``. This affects the ``dockerfile``, ``http_timeout``, ``nocache``, ``path``, ``pull``, ``rm``, and ``buildargs`` options.
- docker_image - set ``changed`` to ``false`` when using ``force: yes`` to load or build an image that ends up being identical to one already present on the Docker host.
- docker_image - set ``changed`` to ``false`` when using ``force: yes`` to tag or push an image that ends up being identical to one already present on the Docker host or Docker registry.
- docker_image - the ``force`` option has been deprecated; more specific options ``force_source``, ``force_absent`` and ``force_tag`` have been added instead.
- docker_image - the ``source`` option has been added to clarify the action performed by the module.
- docker_image - the default for ``build.pull`` will change from ``yes`` to ``no`` in Ansible 2.12. Please update your playbooks/roles now.
- docker_image - the deprecated settings ``state: build`` and ``use_tls`` now display warnings when being used. They will be removed in Ansible 2.11.
- docker_image_facts - Allow to use image ID instead of image name.
- docker_network - Add support for IPv6 networks.
- docker_network - Minimum docker API version explcitly set to ``1.22``.
- docker_network - Minimum docker server version increased from ``1.9.0`` to ``1.10.0``.
- docker_network - Minimum docker-py version increased from ``1.8.0`` to ``1.10.0``.
- docker_network - ``attachable`` is now used to set the ``Attachable`` property of the docker network during creation.
- docker_network - ``internal`` is now used to set the ``Internal`` property of the docker network during creation.
- docker_network - ``scope`` is now used to set the ``Scope`` property of the docker network during creation.
- docker_network - add new option ``ipam_driver_options``.
- docker_network - added support for specifying labels
- docker_network - changed return value ``diff`` from ``list`` to ``dict``; the original list is contained in ``diff.differences``.
- docker_network - improved ``diff`` mode to show output.
- docker_secret - ``data`` can now accept Base64-encoded data via the new ``data_is_b64`` option. This allows to pass binary data or JSON data in unmodified form. (https://github.com/ansible/ansible/issues/35119)
- docker_service - return results as regular variable ``services``; this is a dictionary mapping service names to container dictionaries. The old ansible facts are still returned, but it is recommended to use ``register`` and ``services`` in the future. The facts will be removed in Ansible 2.12.
- docker_swarm - Added support for ``default_addr_pool`` and ``subnet_size``.
- docker_swarm - ``UnlockKey`` will now be returned when ``autolock_managers`` is ``true``.
- docker_swarm - module now supports ``--diff`` mode.
- docker_swarm_service - Add option ``limits`` as a grouper for resource limit options.
- docker_swarm_service - Add option ``logging`` as a grouper for logging options.
- docker_swarm_service - Add option ``placement`` as a grouper for placement options.
- docker_swarm_service - Add option ``reservations`` as a grouper for resource reservation options.
- docker_swarm_service - Add option ``restart_config`` as a grouper for restart options.
- docker_swarm_service - Add option ``update_config`` as a grouper for update options.
- docker_swarm_service - Added option ``resolve_image`` which enables resolving image digests from registry to detect and deploy changed images.
- docker_swarm_service - Added support for ``command`` parameter.
- docker_swarm_service - Added support for ``env_files`` parameter.
- docker_swarm_service - Added support for ``groups`` parameter.
- docker_swarm_service - Added support for ``healthcheck`` parameter.
- docker_swarm_service - Added support for ``hosts`` parameter.
- docker_swarm_service - Added support for ``rollback_config`` parameter.
- docker_swarm_service - Added support for ``stop_grace_period`` parameter.
- docker_swarm_service - Added support for ``stop_signal`` parameter.
- docker_swarm_service - Added support for ``working_dir`` parameter.
- docker_swarm_service - Added support for passing period as string to ``restart_policy_delay``.
- docker_swarm_service - Added support for passing period as string to ``restart_policy_window``.
- docker_swarm_service - Added support for passing period as string to ``update_delay``.
- docker_swarm_service - Added support for passing period as string to ``update_monitor``.
- docker_swarm_service - Extended ``mounts`` options. It now also accepts ``labels``, ``propagation``, ``no_copy``, ``driver_config``, ``tmpfs_size``, ``tmpfs_mode``.
- docker_swarm_service - ``env`` parameter now supports setting values as a dict.
- docker_swarm_service - added ``diff`` mode.
- docker_swarm_service: use docker defaults for the ``user`` parameter if it is set to ``null``
- docker_volume - changed return value ``diff`` from ``list`` to ``dict``; the original list is contained in ``diff.differences``.
- docker_volume - improved ``diff`` mode to show output.
- docker_volume - option minimal versions now checked. (https://github.com/ansible/ansible/issues/38833)
- docker_volume - reverted changed behavior of ``force``, which was released in Ansible 2.7.1 to 2.7.5, and Ansible 2.6.8 to 2.6.11. Volumes are now only recreated if the parameters changed **and**``force`` is set to ``true`` (instead of or). This is the behavior which has been described in the documentation all the time.
- docker_volume - the ``force`` option has been deprecated, and a new option ``recreate`` has been added with default value ``never``. If you use ``force: yes`` in a playbook, change it to ``recreate: options-changed`` instead.
- ecs_service - adds support for service_registries and scheduling_strategies. desired_count may now be none to support scheduling_strategies
- facts - Alias ``ansible_model`` to ``ansible_product_name`` to more closely match other OSes (https://github.com/ansible/ansible/issues/52233)
- fetch - Removed deprecated validate_md5 alias (https://github.com/ansible/ansible/issues/45039)
- fix yum and dnf autoremove input sanitization to properly warn user if invalid options passed and update documentation to match
- hashi_vault lookup plugin now supports username and password method for the authentication (https://github.com/ansible/ansible/issues/38878).
- identity - Added support for GSSAPI authentication for the FreeIPA modules. This is enabled by either using the KRB5CCNAME or the KRB5_CLIENT_KTNAME environment variables when calling the ansible playbook. Note that to enable this feature, one has to install the urllib_gssapi python library.
- include better error handling for Windows errors to help with debugging module errors
- include/import - Promote ``include_tasks``, ``import_tasks``, ``include_role``, and ``import_role`` to ``stableinterface``
- influxdb_user - Implemented the update of the admin role of a user
- inheritance - Improve ``FieldAttribute`` inheritance, by using a sentinel instead of ``None`` to indicate that the option has not been explicitly set
- inventory - added new TOML inventory plugin (https://github.com/ansible/ansible/pull/41593)
- inventory keyed_groups - allow the parent_group to be specified as a variable by using brackets, such as "{{ placement.region }}", or as a string if brackets are not used.
- inventory plugins - Inventory plugins that support caching can now use any cache plugin shipped with Ansible.
- inventory/docker - Group containers by docker-swarm "service" and "stack"
- jenkins_plugin - Set new default value for the update_url parameter (https://github.com/ansible/ansible/issues/52086)
- jinja2 - Add ``now()`` function for getting the current time
- jinja2 - accesses to attributes on an undefined value now return further undefined values rather than throwing an exception
- junit callback plug-in - introduce a new option to consider a task only as test case if it has this value as prefix.
- junit callback plug-in - introduce a new option to hide task arguments similar to no_log.
- k8s - add ability to wait for some kinds of Kubernetes resources to be in the desired state
- k8s - add validate parameter to k8s module to allow resources to be validated against their specification
- k8s - append_hash parameter adds a hash to the name of ConfigMaps and Secrets for easier immutable resources
- keyed_groups now has a 'parent_group' keyword that allows assigning all generated groups to the same parent group
- loop - expose loop var name as ``ansible_loop_var``
- loop_control - Add new ``extended`` option to return extended loop information (https://github.com/ansible/ansible/pull/42134)
- loop_control's pause now allows for fractions of a second
- macports - add upgrade parameter and replace update_ports parameter with selfupdate (https://github.com/ansible/ansible/pull/45049)
- magic variabels - added a new ``ansible_play_role_names`` magic variable to mimic the old functionality of ``role_names``. This variable only lists the names of roles being applied to the host directly, and does not include those added via dependencies
- magic variables - added a new ``ansible_dependent_role_names`` magic variable to contain the names of roles applied to the host indirectly, via dependencies.
- magic variables - added a new ``ansible_role_names`` magic variable to include the names of roles being applied to the host both directly and indirectly (via dependencies).
- meraki_device - Add support for attaching notes to a device.
- meraki_network - type parameter no longer accepts combined. Instead, the network types should be specified in a list.
- mongodb_user - Change value for parameter roles to empty (https://github.com/ansible/ansible/issues/46443)
- more complete information when pear module has an error message
- mount - make last two fields optional (https://github.com/ansible/ansible/issues/43855)
- moved some operations to inside VariableManager to make using it simpler and slightly optimized, but creating API changes
- now galaxy shows each path where it finds roles when listing them
- npm ci feature added which allows to install a project with a clean slate: https://docs.npmjs.com/cli/ci.html
- openssl_certificate - Add support for relative time offsets in the ``selfsigned_not_before``/``selfsigned_not_after``/``ownca_not_before``/``ownca_not_after`` and ``valid_in`` parameters.
- openssl_certificate - add ``backup`` option.
- openssl_certificate - change default value for ``acme_chain`` from ``yes`` to ``no``. Current versions of `acme-tiny <https://github.com/diafygi/acme-tiny/>`_ do not support the ``--chain`` command anymore. This default setting caused the module not to work with such versions of acme-tiny until ``acme_chain: no`` was explicitly set.
- openssl_certificate - now works with both PyOpenSSL and cryptography Python libraries. Autodetection can be overridden with ``select_crypto_backend`` option.
- openssl_csr - add ``backup`` option.
- openssl_csr - add ``useCommonNameForSAN`` option which allows to disable using the common name as a SAN if no SAN is specified.
- openssl_csr - now works with both PyOpenSSL and cryptography Python libraries. Autodetection can be overridden with ``select_crypto_backend`` option.
- openssl_dhparam - add ``backup`` option.
- openssl_pkcs12 - add ``backup`` option.
- openssl_pkcs12, openssl_privatekey, openssl_publickey - These modules no longer delete the output file before starting to regenerate the output, or when generating the output failed.
- openssl_privatekey - add ``backup`` option.
- openssl_privatekey - now works with both PyOpenSSL and cryptography Python libraries. Autodetection can be overridden with ``select_crypto_backend`` option.
- openssl_publickey - add ``backup`` option.
- os_server_facts - added all_projects option to gather server facts from all available projects
- package_facts, now supports multiple package managers per system. New systems supported include Gentoo's portage with portage-utils installed, as well as FreeBSD's pkg
- pamd: remove description from RETURN values as it is unnecessary
- postgres_privs now accepts 'ALL_IN_SCHEMA' objs for 'function' type (https://github.com/ansible/ansible/pull/35331).
- postgresql_db - Added paramter conn_limit to limit the number of concurrent connection to a certain database
- postgresql_privs - add fail_on_role parameter to control the behavior (fail or warn) when target role does not exist.
- postgresql_privs - introduces support for FOREIGN DATA WRAPPER and FOREIGN SERVER as object types in postgresql_privs module. (https://github.com/ansible/ansible/issues/38801)
- postgresql_privs - introduces support to postgresql_privs to use 'FOR { ROLE | USER } target_role' in 'ALTER DEFAULT PRIVILEGES'. (https://github.com/ansible/ansible/issues/50877)
- reboot - Expose timeout value in error message
- reboot - add parameter for specifying paths to search for the ``shutdown`` command (https://github.com/ansible/ansible/issues/51190)
This distinction is necessary because escaping non-special chars such as
'(' or '{' turns them into special chars, the opposite of what is intended
by using regex_escape on strings being passed as a Basic Regular
Expression.
- renamed `dellemc_idrac_firmware` module to `idrac_firmware`
- retry_files_enabled now defaults to False instead of True.
- run_command - Add a new keyword argument expand_user_and_vars, which defaults to True, allowing the module author to decide whether or paths and variables are expanded before running the command when use_unsafe_shell=False (https://github.com/ansible/ansible/issues/45418)
- s3_bucket - Walrus users: ``s3_url`` must be a FQDN without scheme not path.
- s3_bucket - avoid failure when ``policy``, ``requestPayment``, ``tags`` or ``versioning`` operations aren't supported by the endpoint and related parameters aren't set
- service_facts - provide service state and status information about disabled systemd service units
- setup - gather iSCSI facts for HP-UX (https://github.com/ansible/ansible/pull/44644)
- slack: Explicitly set Content-Type header to "application/json" for improved compatibility with non-Slack chat systems
- sns - Ported to boto3 and added support for additional protocols
- spotinst - Added "SPOTINST_ACCOUNT_ID" or "ACCOUNT" env var
- spotinst - Added Instance Health Check Validation on creation of Elastigroup if "health_check_type" parameter set in playbook
- synchronize module - Warn when the empty string is present in rsync_opts as it is likely unexpected that it will transfer the current working directory.
- tower_credential - Expect ssh_key_data to be the content of a ssh_key file instead of the path to the file (https://github.com/ansible/ansible/pull/45158)
- tower_project - getting project credential falls back to project organization if there's more than one cred with the same name
- ufw - ``proto`` can now also be ``gre`` and ``igmp``.
- ufw - enable "changed" status while check mode is enabled
- ufw - new ``insert_relative_to`` option allows to specify rule insertion position relative to first/last IPv4/IPv6 address.
- ufw - type of option ``insert`` is now enforced to be ``int``.
- uri/urls - Support unix domain sockets (https://github.com/ansible/ansible/pull/43560)
- vmware_deploy_ovf - Add support for 'inject_ovf_env' for injecting user input properties in OVF environment.
- when showing defaults for CLI options in manpage/docs/--help avoid converting paths
- win_chocolatey - Added the ability to pin a package using the ``pinned`` option - https://github.com/ansible/ansible/issues/38526
- win_chocolatey - added the allow_multiple module option to allow side by side installs of the same package
- win_chocolatey - support bootstrapping Chocolatey from other URLs with any PS script that ends with ``.ps1``, originally this script had to be ``install.ps1``
- win_dsc - Display the warnings produced by the DSC engine for better troubleshooting - https://github.com/ansible/ansible/issues/51543
- win_dsc - The Verbose logs will be returned when running with ``-vvv``.
- win_dsc - The module invocation and possible options will be displayed when running with ``-vvv``.
- win_dsc - The win_dsc module will now fail if an invalid DSC property is set.
- win_get_url - Add idempotency check if the remote file has the same contents as the dest file.
- win_get_url - Add the ``checksum`` option to verify the integrity of a downloaded file.
- win_nssm - Add support for check and diff modes.
- win_nssm - Add the ``executable`` option to specify the location of the NSSM utility.
- win_nssm - Add the ``working_directory``, ``display_name`` and ``description`` options.
- win_nssm - Change default value for ``state`` from ``start`` to ``present``.
- win_package - added the ``chdir`` option to specify the working directory used when installing and uninstalling a package.
- win_psmodule - The ``url`` parameter is deprecated and will be removed in Ansible 2.12. Use the ``win_psrepository`` module to manage repositories instead
- win_say - If requested voice is not found a warning is now displayed.
- win_say - Ported code to use Ansible.Basic.
- win_say - Some error messages worded differently now that the module uses generic module parameter validation.
- win_scheduled_task - defining a trigger repetition as an array is deprecated and will be removed in Ansible 2.12. Define the repetition as a dictionary instead.
- win_script - added support for running a script with become
- win_security_policy - warn users to use win_user_right instead when editing ``Privilege Rights``
- win_shortcut - Added support for setting the ``Run as administrator`` flag on a shortcut pointing to an executable
- win_stat - added the ``follow`` module option to follow ``path`` when getting the file or directory info
- win_updates - Reworked filtering updates based on category classification - https://github.com/ansible/ansible/issues/45476
- windows async - async directory is now controlled by the ``async_dir`` shell option and not ``remote_tmp`` to match the POSIX standard.
- windows async - change default directory from ``$env:TEMP\.ansible_async`` to ``$env:USERPROFILE\.ansible_async`` to match the POSIX standard.
- windows become - Add support for passwordless become.
- windows become - Moved to shared C# util so modules can utilise the code.
- yum - provide consistent return data structure when run in check mode and not in check mode
- yum - when checking for updates, now properly include Obsoletes (both old and new) package data in the module JSON output, fixes https://github.com/ansible/ansible/issues/39978
- yum and dnf can now handle installing packages from URIs that are proxy redirects and don't end in the .rpm file extension
- yum and dnf can now perform C(update_cache) as a standalone operation for consistency with other package manager modules
- zabbix_template - Module no longer requires ``template_name`` to be provided when importing with ``template_json`` option (https://github.com/ansible/ansible/issues/50833)
Deprecated Features
-------------------
- Ansible-defined environment variables not starting with `ANSIBLE_` have been deprecated. New names match the old name plus the `ANSIBLE_` prefix. These environment variables have been deprecated: LIBVIRT_LXC_NOSECLABEL, DISPLAY_SKIPPED_HOSTS, and NETWORK_GROUP_MODULES
- async - setting the async directory using ``ANSIBLE_ASYNC_DIR`` as an environment key in a task or play is deprecated and will be removed in Ansible 2.12. Set a var name ``ansible_async_dir`` instead.
- cache plugins - Importing cache plugins directly is deprecated and will be removed in 2.12. Cache plugins should use the cache_loader instead so cache options can be reconciled via the configuration system rather than constants.
- docker_network - Deprecate ``ipam_options`` in favour of ``ipam_config``.
- docker_swarm_service - Deprecate ``constraints`` in favour of ``placement``.
- docker_swarm_service - Deprecate ``limit_cpu`` and ``limit_memory`` in favour of ``limits``.
- docker_swarm_service - Deprecate ``log_driver`` and ``log_driver_options`` in favour of ``logging``.
- docker_swarm_service - Deprecate ``reserve_cpu`` and ``reserve_memory`` in favour of ``reservations``.
- docker_swarm_service - Deprecate ``restart_policy``, ``restart_policy_attempts``, ``restart_policy_delay`` and ``restart_policy_window`` in favour of ``restart_config``.
- docker_swarm_service - Deprecate ``update_delay``, ``update_parallelism``, ``update_failure_action``, ``update_monitor``, ``update_max_failure_ratio`` and ``update_order`` in favour of ``update_config``.
- inventory plugins - Inventory plugins using self.cache is deprecated and will be removed in 2.12. Inventory plugins should use self._cache as a dictionary to store results.
- magic variables - documented the deprecation of the ``role_names`` magic variable in favor of either ``ansible_role_names`` (including dependency role names) or ``ansible_play_role_names`` (excluding dependencies).
- win_nssm - Deprecate ``app_parameters`` option in favor of ``arguments``.
- win_nssm - Deprecate ``dependencies``, ``start_mode``, ``user``, and ``password`` options, in favor of using the ``win_service`` module.
- win_nssm - Deprecate ``start``, ``stop``, and ``restart`` values for ``state`` option, in favor of using the ``win_service`` module.
- win_package - Removed deprecated 'exit_code' returned int, use standardized 'rc' instead
- win_package - Removed deprecated 'restart_required' returned boolean, use standardized 'reboot_required' instead
Bugfixes
--------
- ACME modules support `POST-as-GET <https://community.letsencrypt.org/t/acme-v2-scheduled-deprecation-of-unauthenticated-resource-gets/74380>`__ and will be able to access Let's Encrypt ACME v2 endpoint after November 1st, 2019.
- ACME modules: improve error messages in some cases (include error returned by server).
- AWS plugins - before 2.8 the environment variable precedence was incorrectly reversed.
- Add code to detect correctly a host running openSUSE Tumbleweed
- Add new ``AnsibleTemplateError`` that various templating related exceptions inherit from, making it easier to catch them without enumerating. (https://github.com/ansible/ansible/issues/50154)
- Added missing domain module fields to the ibm_sa_utils module.
- Added unit test for VMware module_utils.
- All K8S_AUTH_* environment variables are now properly loaded by the k8s lookup plugin
- Allow to use rundeck_acl_policy with python 2 and 3
- Also check stdout for interpreter errors for more intelligent messages to user
- Ansible JSON Decoder - Switch from decode to object_hook to support nested use of __ansible_vault and __ansible_unsafe (https://github.com/ansible/ansible/pull/45514)
- Attempt to avoid race condition based on incorrect buffer size assumptions
- Correctly detect multiple ipv6 addresses per device in facts (https://github.com/ansible/ansible/issues/49473)
- Detect FreeBSD KVM guests in facts (https://github.com/ansible/ansible/issues/49158)
- Detect IP addresses on a system with busybox properly (https://github.com/ansible/ansible/issues/50871)
- Enhance the conditional check to include main.yml if it is not from 'role/vars/' (https://github.com/ansible/ansible/pull/51926).
- Extend support for Devuan ascii distribution
- FieldAttribute - Do not use mutable defaults, instead allow supplying a callable for defaults of mutable types (https://github.com/ansible/ansible/issues/46824)
- Fix Amazon system-release version parsing (https://github.com/ansible/ansible/issues/48823)
- Fix VMware module utils for self usage.
- Fix aws_ec2 inventory plugin code to automatically populate regions when missing as documentation states, also leverage config system vs self default/type validation
- Fix bug where some inventory parsing tracebacks were missing or reported under the wrong plugin.
- Fix consistency issue in grafana_dashboard module where the module would detect absence of 'dashboard' key on dashboard create but not dashboard update.
- Fix detection string for SUSE distribution variants like Leap and SLES (SUSE Enterprise Linux Server).
- Fix for callback plugins on Python3 when a module returns non-string field names in its results. (https://github.com/ansible/ansible/issues/49343)
- Fix handlers to allow for templated values in run_once (https://github.com/ansible/ansible/issues/27237)
- Fix how debconf handles boolean questions to accurately compare
- Fix issue getting output from failed ios commands when ``check_rc=False``
- Fix rabbitmq_plugin idempotence due to information message in new version of rabbitmq (https://github.com/ansible/ansible/pull/52166)
- Fix searchpath in the template lookup to work the same way as in the template module.
- Fix the password lookup when run from a FIPS enabled system. FIPS forbids the use of md5 but we can use sha1 instead. https://github.com/ansible/ansible/issues/47297
- Fix unexpected error when using Jinja2 native types with non-strict constructed keyed_groups (https://github.com/ansible/ansible/issues/52158).
- Fix unwanted ACLs when using copy module (https://github.com/ansible/ansible/issues/44412)
- Fix using omit on play keywords (https://github.com/ansible/ansible/issues/48673)
- Fix using vault encrypted data with jinja2_native (https://github.com/ansible/ansible/issues/48950)
- Fixed KeyError issue in vmware_host_config_manager when a supported option isn't already set (https://github.com/ansible/ansible/issues/44561).
- Fixed an issue with ansible-doc -l failing when parsing some plugin documentation.
- Fixed issue related to --yaml flag in vmware_vm_inventory. Also fixed caching issue in vmware_vm_inventory (https://github.com/ansible/ansible/issues/52381).
- Give user better error messages and more information on verbose about inventory plugin behaviour
- Guard ``HTTPSClientAuthHandler`` under HTTPS checks, to avoid tracebacks when python is compiled without SSL support (https://github.com/ansible/ansible/issues/50339)
- Handle ClientError exceptions when describing VPC peering connections.
- Handle error paginating object versions when bucket does not exist (https://github.com/ansible/ansible/issues/49393)
- Handle exception when there is no snapshot available in virtual machine or template while cloning using vmware_guest.
- Hardware fact gathering now completes on Solaris 8. Previously, it aborted with error `Argument 'args' to run_command must be list or string`.
- If large integers are passed as options to modules under Python 2, module argument parsing will reject them as they are of type ``long`` and not of type ``int``.
- Last loaded handler with the same name is used
- Meraki - Lookups using org_name or net_name no longer query Meraki twice, only once. Major performance improvements.
- Narrow the cases in which we warn about Jinja2 unique filters https://github.com/ansible/ansible/issues/46189
- Now be specific about the entry that trips an error
- PLUGIN_FILTERS_CFG - Ensure that the value is treated as type=path, and that we use the standard section of ``defaults`` instead of ``default`` (https://github.com/ansible/ansible/pull/45994)
- Remove recommendation to use sort_json_policy_dict in the AWS guidelines
- Replace the fix for https://github.com/ansible/ansible/issues/39412 made in https://github.com/ansible/ansible/pull/39483 when using a compression program. This now uses a FIFO file to ensure failure detection of pg_dump. The Windows compatibility is completely dropped in this case.
- Restore SIGPIPE to SIG_DFL when creating subprocesses to avoid it being ignored under Python 2.
- Restore timeout in set_vm_power_state operation in vmware_guest_powerstate module.
- Retry deleting the autoscaling group if there are scaling activities in progress.
- States ``dump`` and ``restore`` only need pg_dump and pg_restore. These tools don't use psycopg2 so this change tries to avoid the use of it in these cases. Fixes https://github.com/ansible/ansible/issues/35906
- The patch fixing the regression of no longer preferring matching security groups in the same VPC https://github.com/ansible/ansible/pull/45787 (which was also backported to 2.6) broke EC2-Classic accounts. https://github.com/ansible/ansible/pull/46242 removes the assumption that security groups must be in a VPC.
- This reverts some changes from commit 723daf3. If a line is found in the file, exactly or via regexp matching, it must not be added again. `insertafter`/`insertbefore` options are used only when a line is to be inserted, to specify where it must be added.
- Use custom JSON encoder in conneciton.py so that ansible objects (AnsibleVaultEncryptedUnicode, for example) can be sent to the persistent connection process
- Windows - prevent sensitive content from appearing in scriptblock logging (CVE 2018-16859)
- aci_aaa_user - Fix setting user description (https://github.com/ansible/ansible/issues/51406)
- aci_access_port_to_interface_policy_leaf_profile - Support missing policy_group
- aci_interface_policy_leaf_policy_group - Support missing aep
- aci_rest - Fix issue ignoring custom port
- aci_switch_leaf_selector - Support empty policy_group
- acme_certificate - writing result failed when no path was specified (i.e. destination in current working directory).
- acme_challenge_cert_helper - the module no longer crashes when the required ``cryptography`` library cannot be found.
- adhoc always added async_val and poll to tasks, but now includes are enforcing non valid parameters, this bypasses the error.
- allow 'dict()' jinja2 global to function the same even though it has changed in jinja2 versions
- allow nice error to work when auto plugin reads file w/o `plugin` field
- allow using openstack inventory plugin w/o a cache
- ansible-doc, --json now is 'type intelligent' and reinstated --all option
- ansible-doc, removed local hardcoded listing, now uses the 'central' list from constants and other minor issues
- ansible-galaxy - Prevent unicode errors when searching - https://github.com/ansible/ansible/issues/42866
- apt - Show a warning hint in case apt auto-installs its dependecies.
- apt_repository - do not require a tty to prevent errors parsing GPG keys (https://github.com/ansible/ansible/issues/49949)
- assemble - avoid extra newline on Python 3 (https://github.com/ansible/ansible/issues/44739)
- async - fixed issue where the shell option ``async_dir`` was not being used when setting the async directory.
- async_wrapper - Allocate an explicit stdin (https://github.com/ansible/ansible/issues/50758)
- avoid empty groups in ansbile-inventory JSON output as they will be interpreted as hosts
- avoid making multiple 'sub copies' when traversing already 'clean copy' of dict
- aws_ec2 - fixed issue where cache did not contain the computed groups
- azure_rm_postgresqlserver - fixed issues with passing parameters while updating existing server instance
- basic - modify the correct variable when determining available hashing algorithms to avoid errors when md5 is not available (https://github.com/ansible/ansible/issues/51355)
- better error message when bad type in config, deal with EVNAR= more gracefully https://github.com/ansible/ansible/issues/22470
- blockinfile - use bytes rather than a native string to prevent a stacktrace in Python 3 when writing to the file (https://github.com/ansible/ansible/issues/46237)
- callbacks - Do not filter out exception, warnings, deprecations on failure when using debug (https://github.com/ansible/ansible/issues/47576)
- change function to in place replacement, compose with module_args_copy for 'new clean copy'
- chroot connection - Support empty files with copying to target (https://github.com/ansible/ansible/issues/36725)
- clear all caches in plugin loader for a plugin type when adding new paths, otherwise new versions of already loaded plugin won't be discovered
- cloudscale - Fix compatibilty with Python3 in version 3.5 and lower.
- configuration retrieval would fail on non primed plugins
- convert input into text to ensure valid comparisons in nmap inventory plugin
- copy - Ensure that the src file contents is converted to unicode in diff information so that it is properly wrapped by AnsibleUnsafeText to prevent unexpected templating of diff data in Python3 (https://github.com/ansible/ansible/issues/45717)
- copy - align invocation in return value between check and normal mode
- cs_ip_address - fix vpc use case failed if network param provided. Ensured vpc and network are mutually exclusive.
- cs_iso - Add the 'is_public' param into argument_spec to allow the registering of public iso.
- cs_network_offering - Add a choice list for supported_services parameter in arg_spec.
- cs_template - Fixed a KeyError on state=extracted.
- delegate_to - Fix issue where delegate_to was upplied via ``apply`` on an include, where a loop was present on the include
- delegate_to - When templating ``delegate_to`` in a loop, don't use the task for a cache, return a special cache through ``get_vars`` allowing looping over a hostvar (https://github.com/ansible/ansible/issues/47207)
- dict2items - Allow dict2items to work with hostvars
- disallow non dict results from module and allow user to continue using with a warning.
- distribution - add check to remove incorrect matches of Clear Linux when processing distribution files (https://github.com/ansible/ansible/issues/50009)
- dnf - allow to operate on file paths (https://github.com/ansible/ansible/issues/50843)
- dnf - enable package name specification for absent
- dnf - fix issue where ``conf_file`` was not being loaded properly
- dnf - fix update_cache combined with install operation to not cause dnf transaction failure
- do not return ``state: absent`` when the module returns either ``path`` or ``dest`` but the file does not exists (https://github.com/ansible/ansible/issues/35382)
- docker connection - Support empty files with copying to target (https://github.com/ansible/ansible/issues/36725)
- docker_compose - fixed an issue where ``remove_orphans`` doesn't work reliably.
- docker_container - Fix idempotency problems with ``cap_drop`` and ``groups`` (when numeric group IDs were used).
- docker_container - Fix type conversion errors for ``log_options``.
- docker_container - Fixing various comparison/idempotency problems related to wrong comparisons. In particular, comparisons for ``command`` and ``entrypoint`` (both lists) no longer ignore missing elements during idempotency checks.
- docker_container - Makes ``blkio_weight``, ``cpuset_mems``, ``dns_opts`` and ``uts`` options actually work.
- docker_container - ``init`` and ``shm_size`` are now checked for idempotency.
- docker_container - ``publish_ports: all`` was not used correctly when checking idempotency.
- docker_container - do not fail when removing a container which has ``auto_remove: yes``.
- docker_container - fail if ``ipv4_address`` or ``ipv6_address`` is used with a too old docker-py version.
- docker_container - fail when non-string env values are found, avoiding YAML parsing issues. (https://github.com/ansible/ansible/issues/49802)
- docker_container - fix ``ipc_mode`` and ``pid_mode`` idempotency if the ``host:<container-name>`` form is used (as opposed to ``host:<container-id>``).
- docker_container - fix ``network_mode`` idempotency if the ``container:<container-name>`` form is used (as opposed to ``container:<container-id>``) (https://github.com/ansible/ansible/issues/49794)
- docker_container - fix ``paused`` option (which never worked).
- docker_container - fix behavior of ``detach: yes`` if ``auto_remove: yes`` is specified.
- docker_container - fix idempotency check for published_ports in some special cases.
- docker_container - fix idempotency problems with docker-py caused by previous ``init`` idempotency fix.
- docker_container - fix interplay of docker-py version check with argument_spec validation improvements.
- docker_container - fixing race condition when ``detach`` and ``auto_remove`` are both ``true``.
- docker_container - now returns warnings from docker daemon on container creation and updating.
- docker_container - refactored minimal docker-py/API version handling, and fixing such handling of some options.
- docker_container - the behavior is improved in case ``image`` is not specified, but needed for (re-)creating the container.
- docker_container, docker_image, docker_image_facts - also find local image when image name is prefixed with ``docker.io/library/`` or ``docker.io/``.
- docker_network - ``driver_options`` containing Python booleans would cause Docker to throw exceptions.
- docker_network - now returns warnings from docker daemon on network creation.
- docker_swarm - Fixed node_id parameter not working for node removal (https://github.com/ansible/ansible/issues/53501)
- docker_swarm - do not crash with older docker daemons (https://github.com/ansible/ansible/issues/51175).
- docker_swarm - fixes idempotency for the ``ca_force_rotate`` option.
- docker_swarm - improve Swarm detection.
- docker_swarm - improve idempotency checking; ``rotate_worker_token`` and ``rotate_manager_token`` are now also used when all other parameters have not changed.
- docker_swarm - now supports docker-py 1.10.0 and newer for most operations, instead only docker 2.6.0 and newer.
- docker_swarm - the ``force`` option was ignored when ``state: present``.
- docker_swarm_service - Added support for ``read_only`` parameter.
- docker_swarm_service - Document ``labels`` and ``container_labels`` with correct type.
- docker_swarm_service - Document ``limit_memory`` and ``reserve_memory`` correctly on how to specify sizes.
- docker_swarm_service - Document minimal API version for ``configs`` and ``secrets``.
- docker_swarm_service - Don't recreate service when ``networks`` parameter changes when running Docker API >= 1.29.
- docker_swarm_service - Don't set ``10`` as default for ``update_delay``.
- docker_swarm_service - Don't set ``1`` as default for ``update_parallelism``.
- docker_swarm_service - Don't set ``root`` as the default user.
- docker_swarm_service - Raise minimum required docker-py version for ``secrets`` to 2.4.0.
- docker_swarm_service - Raise minimum required docker-py version for module to 2.0.2.
- docker_swarm_service - Removed redundant defaults for ``uid``, ``gid``, and ``mode`` from ``configs`` and ``secrets``.
- docker_swarm_service - The ``publish``.``mode`` parameter was being ignored if docker-py version was < 3.0.0. Added a parameter validation test.
- docker_swarm_service - Validate choices for option ``mode``.
- docker_swarm_service - Validate minimum docker-py version of 2.4.0 for option ``constraints``.
- docker_swarm_service - When docker fails to update a container with an ``update out of sequence`` error, the module will retry to update up to two times, and only fail if all three attempts do not succeed.
- docker_swarm_service - fix use of Docker API so that services are not detected as present if there is an existing service whose name is a substring of the desired service
- docker_swarm_service - fixing falsely reporting ``publish`` as changed when ``publish.mode`` is not set.
- docker_swarm_service - fixing falsely reporting ``update_order`` as changed when option is not used.
- docker_swarm_service - fixing wrong option type for ``update_order`` which prevented using that option.
- docker_swarm_service - now returns warnings from docker daemon on service creation.
- docker_swarm_service - the return value was documented as ``ansible_swarm_service``, but the module actually returned ``ansible_docker_service``. Documentation and code have been updated so that the variable is now called ``swarm_service``. In Ansible 2.7.x, the old name ``ansible_docker_service`` can still be used to access the result.
- docker_swarm_service: fails because of default "user: root" (https://github.com/ansible/ansible/issues/49199)
- docker_volume - ``labels`` now work (and are a ``dict`` and no longer a ``list``).
- docker_volume - fix ``force`` and change detection logic. If not both evaluated to ``True``, the volume was not recreated.
- document debug's var already having implicit moustaches
- document old option that was initally missed
- dynamic includes - Add missed ``run_once`` to valid include attributes (https://github.com/ansible/ansible/pull/48068)
- dynamic includes - Use the copied and merged task for calculating task vars in the free strategy (https://github.com/ansible/ansible/issues/47024)
- ec2 - Correctly sets the end date of the Spot Instance request. Sets `ValidUntil` value in proper way so it will be auto-canceled through `spot_wait_timeout` interval.
- ec2 - if the private_ip has been provided for the new network interface it shouldn't also be added to top level parameters for run_instances()
- ec2_asg - Fix scenario where min_size can end up passing None type to boto
- ec2_group - Sanitize the ingress and egress rules before operating on them by flattening any lists within lists describing the target CIDR(s) into a list of strings. Prior to Ansible 2.6 the ec2_group module accepted a list of strings, a list of lists, or a combination of strings and lists within a list. https://github.com/ansible/ansible/pull/45594
- ec2_group - There can be multiple security groups with the same name in different VPCs. Prior to 2.6 if a target group name was provided, the group matching the name and VPC had highest precedence. Restore this behavior by updated the dictionary with the groups matching the VPC last.
- ec2_instance - Correctly adds description when adding a single ENI to the instance
- ec2_instance - Does not return ``instances`` when ``wait: false`` is specified
- ecs_ecr and iam_role - replace uses of sort_json_policy_dict with compare_policies which is compatible with Python 3
- elb_target_group - cast target ports to integers before making API calls after the key 'Targets' is in params.
- ensure we always have internal module attributes set, even if not being passed (fixes using modules as script)
- ensure we have a XDG_RUNTIME_DIR, as it is not handled correctly by some privilege escalation configurations
- explain 'bare variables' in error message
- fact gathering to obey play tags
- facts - detect VMs from google cloud engine and scaleway
- facts - properly detect package manager for a Fedora/RHEL/CentOS system that has rpm-ostree installed
- facts - set virtualization_role for KVM hosts (https://github.com/ansible/ansible/issues/49734)
- fetch_url did not always return lower-case header names in case of HTTP errors (https://github.com/ansible/ansible/pull/45628).
- file - Allow state=touch on file the user does not own https://github.com/ansible/ansible/issues/50943
- fix DNSimple to ensure check works even when the number of records is larger than 100
- fix FactCache.update() to conform to the dict API.
- fix ansible-pull hanlding of extra args, complex quoting is needed for inline JSON
- fix elasticsearch_plugin force to be bool (https://github.com/ansible/ansible/pull/47134)
- fix handling of firewalld port if protocol is missing
- flatpak - Makes querying of present flatpak name more robust, fixes
- gce inventory plugin was misusing the API and needlessly doing late validation.
- gcp_compute inventory plugin - apply documented default when one is not provided.
- gcp_compute_instance - fix crash when the instance metadata is not set
- gcp_utils - fix google auth scoping issue with application default credentials or google cloud engine credentials. Only scope credentials that can be scoped.
- get_url - Don't re-download files unnecessarily when force=no (https://github.com/ansible/ansible/issues/45491)
- get_url - Fix issue with checksum validation when using a file to ensure we skip lines in the file that do not contain exactly 2 parts. Also restrict exception handling to the minimum number of necessary lines (https://github.com/ansible/ansible/issues/48790)
- get_url - support remote checksum files with paths specified with leading dots (`./path/to/file`)
- handle non strings in requirements version for ansible-galaxy
- handle option json errors more gracefully, also document options are not vaultable.
- handle xmlrpc errors in the correct fashion for rhn_channel
- handlers - fix crash when handler task include tasks
- host execution order - Fix ``reverse_inventory`` not to change the order of the items before reversing on python2 and to not backtrace on python3
- icinga2_host - fixed the issue with not working ``use_proxy`` option of the module.
- imports - Prevent the name of an import from being addressable as a handler, only the tasks within should be addressable. Use an include instead of an import if you need to execute many tasks from a single handler (https://github.com/ansible/ansible/issues/48936)
- include_tasks - Ensure we give IncludedFile the same context as TaskExecutor when templating the parent include path allowing for lookups in the included file path (https://github.com/ansible/ansible/issues/49969)
- include_tasks - Fixed an unexpected exception if no file was given to include.
- include_vars - error handlers now generate proper error messages with non-ASCII args
- influxdb_user - An unspecified password now sets the password to blank, except on existing users. This previously caused an unhandled exception.
- influxdb_user - Fixed unhandled exception when using invalid login credentials (https://github.com/ansible/ansible/issues/50131)
- inventory plugins - Fix creating groups from composed variables by getting the latest host variables
- inventory_aws_ec2 - fix no_log indentation so AWS temporary credentials aren't displayed in tests
- ipaddr - fix issue where network address was blank for 0-size networks (https://github.com/ansible/ansible/issues/17872)
- issue a warning when local fact is not correctly loaded, old behaviour just updated fact value with the error.
- jail connection - Support empty files with copying to target (https://github.com/ansible/ansible/issues/36725)
- jenkins_plugin - Prevent plugin to be reinstalled when state=present (https://github.com/ansible/ansible/issues/43728)
- jenkins_plugin - ``version: latest`` should install new plugins with their dependencies
- jira - description field is not always required
- k8s modules and plugins now bubble up error message when the openshift python client fails to import.
- k8s_facts now returns a resources key in all situations
- k8s_facts: fix handling of unknown resource types
- kubectl connection - Support empty files with copying to target (https://github.com/ansible/ansible/issues/36725)
- libvirt_lxc connection - Support empty files with copying to target (https://github.com/ansible/ansible/issues/36725)
- lineinfile - fix index out of range error when using insertbefore on a file with only one line (https://github.com/ansible/ansible/issues/46043)
- loop - Do not evaluate a empty literal list ``[]`` as falsy, it should instead cause the task to skip ()
- loop - Ensure that a loop with a when condition that evaluates to false and delegate_to, will short circuit if the loop references an undefined variable. This matches the behavior in the same scenario without delegate_to (https://github.com/ansible/ansible/issues/45189)
- loop_control - Catch exceptions when templating label individually for loop iterations which caused the templating failure as the full result. This instead only registers the templating exception for a single loop result (https://github.com/ansible/ansible/issues/48879)
- lvg - Take into account current PV in the VG to fix PV removal
- lvol - fixed ValueError when using float size (https://github.com/ansible/ansible/issues/32886, https://github.com/ansible/ansible/issues/29429)
- mail - fix python 2.7 regression
- make YAML inventory more tolerant to comments/empty/None entries
- meraki_config_template - Fix conditions which prevented code from executing when specifying net_id
- meraki_ssid - Fix module to actually perform changes when state is present and SSID is referenced by number and not name.
- modprobe - The modprobe module now detects builtin kernel modules. If a kernel module is builtin the modprobe module will now: succeed (without incorrectly reporting changed) if ``state`` is ``present``; and fail if ``state`` is ``absent`` (with an error message like ``modprobe: ERROR: Module nfs is builtin.``). (https://github.com/ansible/ansible/pull/37150)
- mysql - MySQLdb doesn't import the cursors module for its own purposes so it has to be imported in MySQL module utilities before it can be used in dependent modules like the proxysql module family.
- mysql - fixing unexpected keyword argument 'cursorclass' issue after migration from MySQLdb to PyMySQL.
- mysql_*, proxysql_* - PyMySQL (a pure-Python MySQL driver) is now a preferred dependency also supporting Python 3.X.
- mysql_user: fix the working but incorrect regex used to check the user privileges.
- mysql_user: match backticks, single and double quotes when checking user privileges.
- now default is ``list`` so ``None`` is bad comparison for gathering
- now no log is being respected on retry and high verbosity. CVE-2018-16876
- omit - support list types containing dicts (https://github.com/ansible/ansible/issues/45907)
- onepassword_facts - Fix an issue looking up some 1Password items which have a 'password' attribute alongside the 'fields' attribute, not inside it.
- openshift inventory plugin - do not default create client if auth parameters were given.
- openssl_* - fix error when ``path`` contains a file name without path.
- openssl_certificate - ``has_expired`` correctly checks if the certificate is expired or not
- openssl_certificate - fix ``state=absent``.
- openssl_certificate - make sure that extensions are actually present when their values should be checked.
- openssl_certificate, openssl_csr, openssl_pkcs12, openssl_privatekey, openssl_publickey - The modules are now able to overwrite write-protected files (https://github.com/ansible/ansible/issues/48656).
- openssl_csr - fix byte encoding issue on Python 3
- openssl_csr - fix problem with idempotency of keyUsage option.
- openssl_csr - fixes idempotence problem with PyOpenSSL backend when no Subject Alternative Names were specified.
- openssl_csr - improve ``subject`` validation.
- openssl_csr - improve error messages for invalid SANs.
- openssl_csr, openssl_certificate, openssl_publickey - properly validate private key passphrase; if it doesn't match, fail (and not crash or ignore).
- openssl_dhparam - fix ``state=absent`` idempotency and ``changed`` flag.
- openssl_pkcs12 - No need to specify ``privatekey_path`` when ``friendly_name`` is specified.
- openssl_pkcs12 - fix byte encoding issue on Python 3
- openssl_pkcs12, openssl_privatekey - These modules now accept the output file mode in symbolic form or as a octal string (https://github.com/ansible/ansible/issues/53476).
- openssl_privatekey - no longer hang or crash when passphrase does not match or was not specified, but key is protected with one. Also regenerate key if passphrase is specified but existing key has no passphrase.
- openssl_publickey - fixed crash on Python 3 when OpenSSH private keys were used with passphrases.
- openstack inventory plugin - send logs from sdk to stderr so they do not combine with output
- os_network - According to the OpenStack Networking API the attribute provider:segmentation_id of a network has to be an integer. (https://github.com/ansible/ansible/issues/51655)
- os_security_group_rule - os_security_group_rule doesn't exit properly when secgroup doesn't exist and state=absent (https://github.com/ansible/ansible/issues/50057)
- ovirt_host_network - Fix type conversion (https://github.com/ansible/ansible/pull/47617).
- pamd - Allow for validation of definitive control in pamd module.
- pamd - fix idempotence issue when removing rules
- pamd: add delete=False to NamedTemporaryFile() fixes OSError on module completion, and removes print statement from module code. (see https://github.com/ansible/ansible/pull/47281 and https://github.com/ansible/ansible/issues/47080)
- pamd: fix state: args_present idempotence (see https://github.com/ansible/ansible/issues/47197)
- pamd: fix state: updated idempotence (see https://github.com/ansible/ansible/issues/47083)
- pamd: update regex to allow leading dash and retain EOF newline (see https://github.com/ansible/ansible/issues/47418)
- paramiko_ssh - add auth_timeout parameter to ssh.connect when supported by installed paramiko version. This will prevent "Authentication timeout" errors when a slow authentication step (>30s) happens with a host (https://github.com/ansible/ansible/issues/42596)
- pip - idempotence in check mode now works correctly.
- play order is now applied under all circumstances, fixes
- postgresql_db - the module fails not always when pg_dump errors occured (https://github.com/ansible/ansible/issues/40424).
- postgresql_privs - change fail to warn if PostgreSQL role does not exist (https://github.com/ansible/ansible/issues/46168).
- postgresql_user - create pretty error message when creating a user without an encrypted password on newer PostgreSQL versions
- preserve Noneness of pwdfile when it is None in virtualbox inventory plugin
- prevent import_role from inserting dupe into `roles:` execution when duplicate signature role already exists in the section.
- profile_tasks callback - Fix the last task time when running multiple plays (https://github.com/ansible/ansible/issues/52760)
- properly report errors when k=v syntax is mixed with YAML syntax in a task (https://github.com/ansible/ansible/issues/27210)
- psrp - Fix issue when dealing with unicode values in the output for Python 2
- psrp - do not display bootstrap wrapper for each module exec run
- purefa_facts and purefb_facts now correctly adds facts into main ansible_fact dictionary (https://github.com/ansible/ansible/pull/50349)
- rabbitmq_binding - Delete binding when ``state`` is ``absent``.
- random_mac - generate a proper MAC address when the provided vendor prefix is two or four characters (https://github.com/ansible/ansible/issues/50838)
- rds_instance - Cluster_id which is an alias of db_cluster_identifier is a mandatory check target.
- reboot - Fix bug where the connection timeout was not reset in the same task after rebooting
- reboot - add appropriate commands to make the plugin work with VMware ESXi (https://github.com/ansible/ansible/issues/48425)
- reboot - add reboot_timeout parameter to the list of parameters so it can be used.
- reboot - add support for OpenBSD
- reboot - add support for rebooting AIX (https://github.com/ansible/ansible/issues/49712)
- reboot - change default reboot time command to prevent hanging on certain systems (https://github.com/ansible/ansible/issues/46562)
- reboot - gather distribution information in order to support Alpine and other distributions (https://github.com/ansible/ansible/issues/46723)
- reboot - search common paths for the shutdown command and use the full path to the binary rather than depending on the PATH of the remote system (https://github.com/ansible/ansible/issues/47131)
- reboot - use IndexError instead of TypeError in exception
- reboot - use a common set of commands for older and newer Solaris and SunOS variants (https://github.com/ansible/ansible/pull/48986)
- reboot - use unicode instead of bytes for stdout and stderr to match the type returned from low_level_execute()
- redfish_utils - fix reference to local variable 'systems_service'
- redis cache - Support version 3 of the redis python library (https://github.com/ansible/ansible/issues/49341)
- remote home directory - Disallow use of remote home directories that include relative pathing by means of `..` (CVE-2019-3828) (https://github.com/ansible/ansible/pull/52133)
- remote_management foreman - Fixed issue where it was impossible to createdelete a product because product was missing in dict choices ( https://github.com/ansible/ansible/issues/48594 )
- remove bare var handling from conditionals (not needed since we removed bare vars from `with_` loops) to normalize handling of variable values, no matter if the string value comes from a top level variable or from a dictionary key or subkey
- remove deprecation notice since validation makes it very noisy
- remove rendundant path uniquifying in inventory plugins. This removes use of md5 hashing and fixes inventory plugins when run in FIPS mode.
- replace - fix behavior when ``before`` and ``after`` are used together (https://github.com/ansible/ansible/issues/31354)
- replaced if condition requester_pays is None with True or False instead
- reverted change in af55b8e which caused the overwrite parameter to be ignored
- rhn_register - require username/password when unregistering and provide useful error message (https://github.com/ansible/ansible/issues/22300)
- rhsm_repository - compile regular expressions to improve performance when looping over available repositories
- rhsm_repository - handle systems without any repos
- rhsm_repository - prevent duplicate repository entries from being entered in the final command
- roles - Ensure that we don't overwrite roles that have been registered (from imports) while parsing roles under the roles header (https://github.com/ansible/ansible/issues/47454)
- s3_bucket - Prior to 2.6 using non-text tags worked, although was not idempotent. In 2.6 waiters were introduced causing non-text tags to be fatal to the module's completion. This fixes the module failure as well as idempotence using integers as tags.
- script inventory plugin - Don't pass file_name to DataLoader.load, which will prevent misleading error messages (https://github.com/ansible/ansible/issues/34164)
- setup - properly gather iSCSI information for AIX (https://github.com/ansible/ansible/pull/44644)
- simple code collapse, avoid a lot of repetition
- skip invalid plugin after warning in loader
- slurp - Fix issues when using paths on Windows with glob like characters, e.g. ``[``, ``]``
- small code cleanup to make method signatures match their parents and nicer 'unsafe' handling.
- ssh - Check the return code of the ssh process before raising AnsibleConnectionFailure, as the error message for the ssh process will likely contain more useful information. This will improve the missing interpreter messaging when using modules such as setup which have a larger payload to transfer when combined with pipelining. (https://github.com/ansible/ansible/issues/53487)
- ssh - Properly quote the username to allow usernames containing spaces (https://github.com/ansible/ansible/issues/49968)
- ssh connection - Support empty files with piped transfer_method (https://github.com/ansible/ansible/issues/45426)
- ssh connection - do not retry with invalid credentials to prevent account lockout (https://github.com/ansible/ansible/issues/48422)
- systemd - warn when exeuting in a chroot environment rather than failing (https://github.com/ansible/ansible/pull/43904)
- tags - allow tags to be specified by a variable (https://github.com/ansible/ansible/issues/49825)
- templar - Do not strip new lines in native jinja - https://github.com/ansible/ansible/issues/46743
- terraform - fixed issue where state "planned" wouldn't return an output and the project_path had to exist in two places (https://github.com/ansible/ansible/issues/39689)
- tweak inv plugin skip msg to be more precise, also require higher verbosity to view
- ufw: make sure that only valid values for ``direction`` are passed on.
- unarchive - add two more error conditions to unarchive to present more accurate error message (https://github.com/ansible/ansible/issues/51848)
- unsafe - Add special casing to sets, to support wrapping elements of sets correctly in Python 3 (https://github.com/ansible/ansible/issues/47372)
- uri - Ensure the ``uri`` module supports async (https://github.com/ansible/ansible/issues/47660)
- uri - do not write the file after failure (https://github.com/ansible/ansible/issues/53491)
- uri: fix TypeError when file can't be saved
- urls - When validating SSL certs using an a non-SSL proxy, do not send "Connection: close" when requesting a tunnel. This prevents some proxy servers from dropping the connection (https://github.com/ansible/ansible/issues/32750)
- use to_native (py2/3 safe) instead of str for 'textualizing' intput in async_status
- user - add documentation on what underlying tools are used on each platform (https://github.com/ansible/ansible/issues/44266)
- user - do not report changes every time when setting password_lock (https://github.com/ansible/ansible/issues/43670)
- user - fixed the fallback mechanism for creating a user home directory when the directory isn't created with `useradd` command. Home directory will now have a correct mode and it won't be created in a rare situation when a local user is being deleted but it exists on a central user system (https://github.com/ansible/ansible/pull/49262).
- user - on FreeBSD set the user expiration time as seconds since the epoch in UTC to avoid timezone issues
- user - properly remove expiration when set to a negative value (https://github.com/ansible/ansible/issues/47114)
- user - remove warning when creating a disabled account with '!' or '*' in the password field (https://github.com/ansible/ansible/issues/46334)
- user module - do not pass ssh_key_passphrase on cmdline (CVE-2018-16837)
- win_certificate_store - Fix issues when using paths with glob like characters, e.g. ``[``, ``]``
- win_chocolatey - Fix hang when used with proxy for the first time - https://github.com/ansible/ansible/issues/47669
- win_chocolatey - Fix incompatibilities with the latest release of Chocolatey ``v0.10.12+``
- win_chocolatey - Fix issue when parsing a beta Chocolatey install - https://github.com/ansible/ansible/issues/52331
- win_chocolatey_source - fix bug where a Chocolatey source could not be disabled unless ``source`` was also set - https://github.com/ansible/ansible/issues/50133
- win_copy - Fix copy of a dir that contains an empty directory - https://github.com/ansible/ansible/issues/50077
- win_copy - Fix issue where the dest return value would be enclosed in single quote when dest is a folder - https://github.com/ansible/ansible/issues/45281
- win_copy - Fix issues when using paths with glob like characters, e.g. ``[``, ``]``
- win_domain - Do not fail if DC is already promoted but a reboot is required, return ``reboot_required: True``
- win_domain - Fix when running without credential delegated authentication - https://github.com/ansible/ansible/issues/53182
- win_file - Fix issue when managing hidden files and directories - https://github.com/ansible/ansible/issues/42466
- win_file - Fix issues when using paths with glob like characters, e.g. ``[``, ``]``
- win_find - Ensure found files are sorted alphabetically by the path instead of it being random
- win_find - Fix issues when using paths with glob like characters, e.g. ``[``, ``]``
- zabbix_template - Fixed idempotency of the module when using ``link_templates``, ``macros`` or ``template_json`` options (https://github.com/ansible/ansible/issues/48337)
- zone connection - Support empty files with copying to target (https://github.com/ansible/ansible/issues/36725)
New Plugins
-----------
Become
~~~~~~
- doas - Do As user
- dzdo - Centrify's Direct Authorize
- enable - Switch to elevated permissions on a network device
- fmgr_ha - Manages the High-Availability State of FortiManager Clusters and Nodes.
- fmgr_query - Query FortiManager data objects for use in Ansible workflows.
- fmgr_secprof_appctrl - Manage application control security profiles
- fmgr_secprof_av - Manage security profile
- fmgr_secprof_dns - Manage DNS security profiles in FortiManager
- fmgr_secprof_ips - Managing IPS security profiles in FortiManager
- fmgr_secprof_profile_group - Manage security profiles within FortiManager
- fmgr_secprof_proxy - Manage proxy security profiles in FortiManager
- fmgr_secprof_spam - spam filter profile for FMG
- fmgr_secprof_ssl_ssh - Manage SSL and SSH security profiles in FortiManager
- fmgr_secprof_voip - VOIP security profiles in FMG
- fmgr_secprof_waf - FortiManager web application firewall security profile
- fmgr_secprof_wanopt - WAN optimization
- fmgr_secprof_web - Manage web filter security profiles in FortiManager
fortios
^^^^^^^
- fortios_antivirus_heuristic - Configure global heuristic options in Fortinet's FortiOS and FortiGate.
- fortios_antivirus_profile - Configure AntiVirus profiles in Fortinet's FortiOS and FortiGate.
- fortios_antivirus_quarantine - Configure quarantine options in Fortinet's FortiOS and FortiGate.
- fortios_antivirus_settings - Configure AntiVirus settings in Fortinet's FortiOS and FortiGate.
- fortios_application_custom - Configure custom application signatures in Fortinet's FortiOS and FortiGate.
- fortios_application_group - Configure firewall application groups in Fortinet's FortiOS and FortiGate.
- fortios_application_list - Configure application control lists.
- fortios_application_name - Configure application signatures in Fortinet's FortiOS and FortiGate.
- fortios_application_rule_settings - Configure application rule settings in Fortinet's FortiOS and FortiGate.
- fortios_authentication_rule - Configure Authentication Rules in Fortinet's FortiOS and FortiGate.
- fortios_authentication_scheme - Configure Authentication Schemes in Fortinet's FortiOS and FortiGate.
- fortios_authentication_setting - Configure authentication setting in Fortinet's FortiOS and FortiGate.
- fortios_dlp_filepattern - Configure file patterns used by DLP blocking in Fortinet's FortiOS and FortiGate.
- fortios_dlp_fp_doc_source - Create a DLP fingerprint database by allowing the FortiGate to access a file server containing files from which to create fingerprints in Fortinet's FortiOS and FortiGate.
- fortios_dlp_fp_sensitivity - Create self-explanatory DLP sensitivity levels to be used when setting sensitivity under config fp-doc-source in Fortinet's FortiOS and FortiGate.
- fortios_dlp_sensor - Configure DLP sensors in Fortinet's FortiOS and FortiGate.
- fortios_dlp_settings - Designate logical storage for DLP fingerprint database in Fortinet's FortiOS and FortiGate.
- fortios_dnsfilter_domain_filter - Configure DNS domain filters in Fortinet's FortiOS and FortiGate.
- fortios_dnsfilter_profile - Configure DNS domain filter profiles in Fortinet's FortiOS and FortiGate.
- fortios_endpoint_control_client - Configure endpoint control client lists in Fortinet's FortiOS and FortiGate.
- fortios_endpoint_control_forticlient_ems - Configure FortiClient Enterprise Management Server (EMS) entries in Fortinet's FortiOS and FortiGate.
- fortios_endpoint_control_forticlient_registration_sync - Configure FortiClient registration synchronization settings in Fortinet's FortiOS and FortiGate.
- fortios_endpoint_control_profile - Configure FortiClient endpoint control profiles in Fortinet's FortiOS and FortiGate.
- fortios_endpoint_control_settings - Configure endpoint control settings in Fortinet's FortiOS and FortiGate.
- fortios_extender_controller_extender - Extender controller configuration in Fortinet's FortiOS and FortiGate.
- fortios_firewall_DoS_policy - Configure IPv4 DoS policies in Fortinet's FortiOS and FortiGate.
- fortios_firewall_DoS_policy6 - Configure IPv6 DoS policies in Fortinet's FortiOS and FortiGate.
- fortios_firewall_policy46 - Configure IPv4 to IPv6 policies in Fortinet's FortiOS and FortiGate.
- fortios_firewall_policy6 - Configure IPv6 policies in Fortinet's FortiOS and FortiGate.
- fortios_firewall_policy64 - Configure IPv6 to IPv4 policies in Fortinet's FortiOS and FortiGate.
- fortios_firewall_profile_group - Configure profile groups in Fortinet's FortiOS and FortiGate.
- fortios_firewall_profile_protocol_options - Configure protocol options in Fortinet's FortiOS and FortiGate.
- fortios_firewall_proxy_address - Web proxy address configuration in Fortinet's FortiOS and FortiGate.
- fortios_firewall_proxy_addrgrp - Web proxy address group configuration in Fortinet's FortiOS and FortiGate.
- fortios_firewall_proxy_policy - Configure proxy policies in Fortinet's FortiOS and FortiGate.
- fortios_firewall_schedule_group - Schedule group configuration in Fortinet's FortiOS and FortiGate.
- fortios_firewall_schedule_onetime - Onetime schedule configuration in Fortinet's FortiOS and FortiGate.
- fortios_firewall_schedule_recurring - Recurring schedule configuration in Fortinet's FortiOS and FortiGate.
- fortios_firewall_service_category - Configure service categories in Fortinet's FortiOS and FortiGate.
- fortios_firewall_service_custom - Configure custom services in Fortinet's FortiOS and FortiGate.
- fortios_firewall_service_group - Configure service groups in Fortinet's FortiOS and FortiGate.
- fortios_firewall_shaper_per_ip_shaper - Configure per-IP traffic shaper in Fortinet's FortiOS and FortiGate.
- fortios_firewall_shaper_traffic_shaper - Configure shared traffic shaper in Fortinet's FortiOS and FortiGate.
- fortios_firewall_shaping_policy - Configure shaping policies in Fortinet's FortiOS and FortiGate.
- fortios_firewall_shaping_profile - Configure shaping profiles in Fortinet's FortiOS and FortiGate.
- fortios_firewall_sniffer - Configure sniffer in Fortinet's FortiOS and FortiGate.
- fortios_firewall_ssh_host_key - SSH proxy host public keys in Fortinet's FortiOS and FortiGate.
- fortios_firewall_ssh_local_ca - SSH proxy local CA in Fortinet's FortiOS and FortiGate.
- fortios_firewall_ssh_local_key - SSH proxy local keys in Fortinet's FortiOS and FortiGate.
- fortios_firewall_ssh_setting - SSH proxy settings in Fortinet's FortiOS and FortiGate.
- fortios_firewall_ssl_server - Configure SSL servers in Fortinet's FortiOS and FortiGate.
- fortios_firewall_ssl_setting - SSL proxy settings in Fortinet's FortiOS and FortiGate.
- fortios_firewall_ssl_ssh_profile - Configure SSL/SSH protocol options in Fortinet's FortiOS and FortiGate.
- fortios_firewall_ttl_policy - Configure TTL policies in Fortinet's FortiOS and FortiGate.
- fortios_firewall_vip - Configure virtual IP for IPv4 in Fortinet's FortiOS and FortiGate.
- fortios_firewall_vip46 - Configure IPv4 to IPv6 virtual IPs in Fortinet's FortiOS and FortiGate.
- fortios_firewall_vip6 - Configure virtual IP for IPv6 in Fortinet's FortiOS and FortiGate.
- fortios_firewall_vip64 - Configure IPv6 to IPv4 virtual IPs in Fortinet's FortiOS and FortiGate.
- fortios_firewall_vipgrp - Configure IPv4 virtual IP groups in Fortinet's FortiOS and FortiGate.
- fortios_firewall_vipgrp46 - Configure IPv4 to IPv6 virtual IP groups in Fortinet's FortiOS and FortiGate.
- fortios_firewall_vipgrp6 - Configure IPv6 virtual IP groups in Fortinet's FortiOS and FortiGate.
- fortios_firewall_vipgrp64 - Configure IPv6 to IPv4 virtual IP groups in Fortinet's FortiOS and FortiGate.
- fortios_firewall_wildcard_fqdn_custom - Config global/VDOM Wildcard FQDN address in Fortinet's FortiOS and FortiGate.
- fortios_firewall_wildcard_fqdn_group - Config global Wildcard FQDN address groups in Fortinet's FortiOS and FortiGate.
- fortios_ftp_proxy_explicit - Configure explicit FTP proxy settings in Fortinet's FortiOS and FortiGate.
- fortios_icap_profile - Configure ICAP profiles in Fortinet's FortiOS and FortiGate.
- fortios_icap_server - Configure ICAP servers in Fortinet's FortiOS and FortiGate.
- fortios_ips_custom - Configure IPS custom signature in Fortinet's FortiOS and FortiGate.
- fortios_ips_decoder - Configure IPS decoder in Fortinet's FortiOS and FortiGate.
- fortios_ips_global - Configure IPS global parameter in Fortinet's FortiOS and FortiGate.
- fortios_ips_rule - Configure IPS rules in Fortinet's FortiOS and FortiGate.
- fortios_ips_rule_settings - Configure IPS rule setting in Fortinet's FortiOS and FortiGate.
- fortios_ips_sensor - Configure IPS sensor.
- fortios_ips_settings - Configure IPS VDOM parameter in Fortinet's FortiOS and FortiGate.
- fortios_log_custom_field - Configure custom log fields in Fortinet's FortiOS and FortiGate.
- fortios_log_disk_filter - Configure filters for local disk logging. Use these filters to determine the log messages to record according to severity and type in Fortinet's FortiOS and FortiGate.
- fortios_log_disk_setting - Settings for local disk logging in Fortinet's FortiOS and FortiGate.
- fortios_log_eventfilter - Configure log event filters in Fortinet's FortiOS and FortiGate.
- fortios_log_fortianalyzer2_filter - Filters for FortiAnalyzer in Fortinet's FortiOS and FortiGate.
- fortios_log_fortianalyzer2_setting - Global FortiAnalyzer settings in Fortinet's FortiOS and FortiGate.
- fortios_log_fortianalyzer3_filter - Filters for FortiAnalyzer in Fortinet's FortiOS and FortiGate.
- fortios_log_fortianalyzer3_setting - Global FortiAnalyzer settings in Fortinet's FortiOS and FortiGate.
- fortios_log_fortianalyzer_filter - Filters for FortiAnalyzer in Fortinet's FortiOS and FortiGate.
- fortios_log_fortianalyzer_override_filter - Override filters for FortiAnalyzer in Fortinet's FortiOS and FortiGate.
- fortios_log_fortianalyzer_override_setting - Override FortiAnalyzer settings in Fortinet's FortiOS and FortiGate.
- fortios_log_fortianalyzer_setting - Global FortiAnalyzer settings in Fortinet's FortiOS and FortiGate.
- fortios_log_fortiguard_filter - Filters for FortiCloud in Fortinet's FortiOS and FortiGate.
- fortios_log_fortiguard_override_filter - Override filters for FortiCloud in Fortinet's FortiOS and FortiGate.
- fortios_log_fortiguard_override_setting - Override global FortiCloud logging settings for this VDOM in Fortinet's FortiOS and FortiGate.
- fortios_log_fortiguard_setting - Configure logging to FortiCloud in Fortinet's FortiOS and FortiGate.
- fortios_log_gui_display - Configure how log messages are displayed on the GUI in Fortinet's FortiOS and FortiGate.
- fortios_log_memory_filter - Filters for memory buffer in Fortinet's FortiOS and FortiGate.
- fortios_log_memory_global_setting - Global settings for memory logging in Fortinet's FortiOS and FortiGate.
- fortios_log_memory_setting - Settings for memory buffer in Fortinet's FortiOS and FortiGate.
- fortios_log_null_device_filter - Filters for null device logging in Fortinet's FortiOS and FortiGate.
- fortios_log_null_device_setting - Settings for null device logging in Fortinet's FortiOS and FortiGate.
- fortios_log_setting - Configure general log settings in Fortinet's FortiOS and FortiGate.
- fortios_log_syslogd2_filter - Filters for remote system server in Fortinet's FortiOS and FortiGate.
- fortios_log_syslogd2_setting - Global settings for remote syslog server in Fortinet's FortiOS and FortiGate.
- fortios_log_syslogd3_filter - Filters for remote system server in Fortinet's FortiOS and FortiGate.
- fortios_log_syslogd3_setting - Global settings for remote syslog server in Fortinet's FortiOS and FortiGate.
- fortios_log_syslogd4_filter - Filters for remote system server in Fortinet's FortiOS and FortiGate.
- fortios_log_syslogd4_setting - Global settings for remote syslog server in Fortinet's FortiOS and FortiGate.
- fortios_log_syslogd_filter - Filters for remote system server in Fortinet's FortiOS and FortiGate.
- fortios_log_syslogd_override_filter - Override filters for remote system server in Fortinet's FortiOS and FortiGate.
- fortios_log_syslogd_override_setting - Override settings for remote syslog server in Fortinet's FortiOS and FortiGate.
- fortios_log_syslogd_setting - Global settings for remote syslog server in Fortinet's FortiOS and FortiGate.
- fortios_log_threat_weight - Configure threat weight settings in Fortinet's FortiOS and FortiGate.
- fortios_log_webtrends_filter - Filters for WebTrends in Fortinet's FortiOS and FortiGate.
- fortios_log_webtrends_setting - Settings for WebTrends in Fortinet's FortiOS and FortiGate.
- fortios_report_chart - Report chart widget configuration in Fortinet's FortiOS and FortiGate.
- fortios_report_dataset - Report dataset configuration in Fortinet's FortiOS and FortiGate.
- fortios_report_layout - Report layout configuration in Fortinet's FortiOS and FortiGate.
- fortios_report_setting - Report setting configuration in Fortinet's FortiOS and FortiGate.
- fortios_report_style - Report style configuration in Fortinet's FortiOS and FortiGate.
- fortios_report_theme - Report themes configuratio in Fortinet's FortiOS and FortiGate.
- fortios_router_access_list - Configure access lists in Fortinet's FortiOS and FortiGate.
- fortios_router_auth_path - Configure authentication based routing in Fortinet's FortiOS and FortiGate.
- fortios_router_bfd - Configure BFD in Fortinet's FortiOS and FortiGate.
- fortios_router_bfd6 - Configure IPv6 BFD in Fortinet's FortiOS and FortiGate.
- fortios_router_bgp - Configure BGP in Fortinet's FortiOS and FortiGate.
- fortios_router_multicast - Configure router multicast in Fortinet's FortiOS and FortiGate.
- fortios_router_multicast6 - Configure IPv6 multicast in Fortinet's FortiOS and FortiGate.
- fortios_router_multicast_flow - Configure multicast-flow in Fortinet's FortiOS and FortiGate.
- fortios_router_ospf - Configure OSPF in Fortinet's FortiOS and FortiGate.
- fortios_router_ospf6 - Configure IPv6 OSPF in Fortinet's FortiOS and FortiGate.
- fortios_router_policy - Configure IPv4 routing policies in Fortinet's FortiOS and FortiGate.
- fortios_router_policy6 - Configure IPv6 routing policies in Fortinet's FortiOS and FortiGate.
- fortios_router_prefix_list - Configure IPv4 prefix lists in Fortinet's FortiOS and FortiGate.
- fortios_router_rip - Configure RIP in Fortinet's FortiOS and FortiGate.
- fortios_router_setting - Configure router settings in Fortinet's FortiOS and FortiGate.
- fortios_router_static - Configure IPv4 static routing tables in Fortinet's FortiOS and FortiGate.
- fortios_spamfilter_profile - Configure AntiSpam profiles in Fortinet's FortiOS and FortiGate.
- fortios_ssh_filter_profile - SSH filter profile in Fortinet's FortiOS and FortiGate.
- fortios_switch_controller_global - Configure FortiSwitch global settings in Fortinet's FortiOS and FortiGate.
- fortios_switch_controller_lldp_profile - Configure FortiSwitch LLDP profiles in Fortinet's FortiOS and FortiGate.
- fortios_switch_controller_lldp_settings - Configure FortiSwitch LLDP settings in Fortinet's FortiOS and FortiGate.
- fortios_switch_controller_mac_sync_settings - Configure global MAC synchronization settings in Fortinet's FortiOS and FortiGate.
- fortios_switch_controller_managed_switch - Configure FortiSwitch devices that are managed by this FortiGate in Fortinet's FortiOS and FortiGate.
- fortios_switch_controller_network_monitor_settings - Configure network monitor settings in Fortinet's FortiOS and FortiGate.
- fortios_system_accprofile - Configure access profiles for system administrators in Fortinet's FortiOS and FortiGate.
- fortios_system_admin - Configure admin users in Fortinet's FortiOS and FortiGate.
- fortios_system_api_user - Configure API users in Fortinet's FortiOS and FortiGate.
- fortios_system_central_management - Configure central management.
- fortios_system_dhcp_server - Configure DHCP servers in Fortinet's FortiOS and FortiGate.
- fortios_system_dns - Configure DNS in Fortinet's FortiOS and FortiGate.
- fortios_system_global - Configure global attributes in Fortinet's FortiOS and FortiGate.
- fortios_system_interface - Configure interfaces in Fortinet's FortiOS and FortiGate.
- fortios_system_sdn_connector - Configure connection to SDN Connector.
- fortios_system_settings - Configure VDOM settings in Fortinet's FortiOS and FortiGate.
- fortios_system_vdom - Configure virtual domain in Fortinet's FortiOS and FortiGate.
- fortios_system_virtual_wan_link - Configure redundant internet connections using SD-WAN (formerly virtual WAN link) in Fortinet's FortiOS and FortiGate.
- fortios_user_adgrp - Configure FSSO groups in Fortinet's FortiOS and FortiGate.
- fortios_user_radius - Configure RADIUS server entries in Fortinet's FortiOS and FortiGate.
- fortios_user_tacacsplus - Configure TACACS+ server entries in Fortinet's FortiOS and FortiGate.
- fortios_voip_profile - Configure VoIP profiles in Fortinet's FortiOS and FortiGate.
- fortios_vpn_ipsec_concentrator - Concentrator configuration in Fortinet's FortiOS and FortiGate.
- fortios_vpn_ipsec_forticlient - Configure FortiClient policy realm in Fortinet's FortiOS and FortiGate.
- fortios_vpn_ipsec_manualkey - Configure IPsec manual keys in Fortinet's FortiOS and FortiGate.
- fortios_vpn_ipsec_manualkey_interface - Configure IPsec manual keys in Fortinet's FortiOS and FortiGate.
- fortios_vpn_ipsec_phase1 - Configure VPN remote gateway in Fortinet's FortiOS and FortiGate.
- fortios_vpn_ipsec_phase1_interface - Configure VPN remote gateway in Fortinet's FortiOS and FortiGate.
- fortios_vpn_ipsec_phase2 - Configure VPN autokey tunnel in Fortinet's FortiOS and FortiGate.
- fortios_vpn_ipsec_phase2_interface - Configure VPN autokey tunnel in Fortinet's FortiOS and FortiGate.
- fortios_vpn_ssl_settings - Configure SSL VPN in Fortinet's FortiOS and FortiGate.
- fortios_vpn_ssl_web_portal - Portal in Fortinet's FortiOS and FortiGate.
- fortios_waf_profile - Web application firewall configuration in Fortinet's FortiOS and FortiGate.
- fortios_wanopt_profile - Configure WAN optimization profiles in Fortinet's FortiOS and FortiGate.
- fortios_wanopt_settings - Configure WAN optimization settings in Fortinet's FortiOS and FortiGate.
- fortios_web_proxy_explicit - Configure explicit Web proxy settings in Fortinet's FortiOS and FortiGate.
- fortios_web_proxy_global - Configure Web proxy global settings in Fortinet's FortiOS and FortiGate.
- fortios_web_proxy_profile - Configure web proxy profiles in Fortinet's FortiOS and FortiGate.
- fortios_webfilter_content - Configure Web filter banned word table in Fortinet's FortiOS and FortiGate.
- fortios_webfilter_content_header - Configure content types used by Web filter.
- fortios_webfilter_fortiguard - Configure FortiGuard Web Filter service.
- fortios_webfilter_ftgd_local_cat - Configure FortiGuard Web Filter local categories.
- fortios_webfilter_ftgd_local_rating - Configure local FortiGuard Web Filter local ratings.
- fortios_webfilter_ips_urlfilter_setting6 - Configure IPS URL filter settings for IPv6.
- fortios_webfilter_override - Configure FortiGuard Web Filter administrative overrides.
- fortios_webfilter_profile - Configure Web filter profiles.
- fortios_webfilter_search_engine - Configure web filter search engines.
- fortios_webfilter_urlfilter - Configure URL filter lists in Fortinet's FortiOS and FortiGate.
- fortios_wireless_controller_global - Configure wireless controller global settings in Fortinet's FortiOS and FortiGate.
- fortios_wireless_controller_setting - VDOM wireless controller configuration in Fortinet's FortiOS and FortiGate.
- fortios_wireless_controller_utm_profile - Configure UTM (Unified Threat Management) profile in Fortinet's FortiOS and FortiGate.
- fortios_wireless_controller_vap - Configure Virtual Access Points (VAPs) in Fortinet's FortiOS and FortiGate.
- fortios_wireless_controller_wids_profile - Configure wireless intrusion detection system (WIDS) profiles in Fortinet's FortiOS and FortiGate.
- fortios_wireless_controller_wtp - Configure Wireless Termination Points (WTPs), that is, FortiAPs or APs to be managed by FortiGate in Fortinet's FortiOS and FortiGate.
- fortios_wireless_controller_wtp_profile - Configure WTP profiles or FortiAP profiles that define radio settings for manageable FortiAP platforms in Fortinet's FortiOS and FortiGate.
frr
^^^
- frr_bgp - Configure global BGP settings on Free Range Routing(FRR).
- frr_facts - Collect facts from remote devices running Free Range Routing (FRR).
ftd
^^^
- ftd_install - Installs FTD pkg image on the firewall
ingate
^^^^^^
- ig_config - Manage the configuration database on an Ingate SBC.
- ig_unit_information - Get unit information from an Ingate SBC.
ios
^^^
- ios_bgp - Configure global BGP protocol settings on Cisco IOS.
- ios_ntp - Manages core NTP configuration.
iosxr
^^^^^
- iosxr_bgp - Configure global BGP protocol settings on Cisco IOS-XR
itential
^^^^^^^^
- iap_start_workflow - Start a workflow in the Itential Automation Platform
- iap_token - Get token for the Itential Automation Platform
junos
^^^^^
- junos_ping - Tests reachability using ping from devices running Juniper JUNOS