Commit graph

28105 commits

Author SHA1 Message Date
James Cammarata
b7cdc21aee Additional security fixes for CVE-2016-9587 2017-01-13 16:22:53 -06:00
Tobias Wolf
f1ae2eb4f1 systemd: Add boolean option to enable --no-block
In our environment we have custom services that need to be stopped and
restarted very gracefully to not interrupt active sessions.

A stop job, depending on the state, can take up to 20 minutes until the
process exits. It simply reacts to SIGTERM with a graceful shutdown.

By default, systemctl blocks until the job has completed, which leads to
Ansible hanging on this task for up to 20 minutes.

Thankfully systemctl supports the `--no-block` flag which lets the job
continue in the background.

This PR adds support for that flag as the `no_block` boolean option.

From the man page:

   --no-block
       Do not synchronously wait for the requested operation to
       finish. If this is not specified, the job will be
       verified, enqueued and systemctl will wait until the
       unit's start-up is completed. By passing this argument,
       it is only verified and enqueued. This option may not be
       combined with --wait.
2017-01-13 16:26:06 -05:00
Dag Wieers
1ad55ec9de Consistent path attribute for file-related modules
Not all file-related modules consistently use "path" as the attribute to specify a single filename, some use "dest", others use "name". Most do have aliases for either "name" or "destfile".

This change makes "path" the default attribute for (single) file-related modules, but also adds "dest" and "name" as aliases, so that people can use a consistent way of attributing paths, but also to ensure backward compatibility with existing playbooks.

NOTE: The reason for changing this, is that it makes Ansible needlessly harder to use if you have to remember that e.g. the xattr module requires the name attribute, the lineinfile module requires a dest attribute, and the stat module requires a path attribute.
2017-01-13 15:49:42 -05:00
Scott Butler
1c8b85a6f1 Added support statement for older releases. 2017-01-13 11:59:16 -08:00
Brian Coca
4e27530e77 only warn if non whitespace junk (#19983) 2017-01-13 14:52:05 -05:00
Brian Coca
08ef0aee25 removed bad iteration from execute meta (#19958)
* removed bad iteration from execute meta

most of the tasks should not be iterated over, others needed to include unreachable hosts
fixes #19673

* corrected host var
2017-01-13 14:51:39 -05:00
Jasper Lievisse Adriaanse
e9038d8dc1 Add support for OpenBSD and SmartOS to timezone module 2017-01-13 14:45:54 -05:00
Adrian Likins
a560a2d512 Use portable CPUS detect for docsite make default.
Some folks run 'make webdocs' from docs/docsite, so
use the portable CPUS detections as the default here as
well.
2017-01-13 14:41:14 -05:00
Adrian Likins
c0263b3020 Pass CPUS from top Makefile to docs Makefile 2017-01-13 14:41:14 -05:00
Jasper Lievisse Adriaanse
64692e7a89 Annotate boto3 dependency in the standard location. 2017-01-13 14:36:17 -05:00
Adrian Likins
b3e7794c08 Fix docs/api paths so api docs build (#20240)
Add a 'webdocs' target to docs/api to be consistent
with docsite/
2017-01-13 14:35:37 -05:00
Adrian Likins
0381bc170c Docsite sphinx rm buildsite (and speed up docs build) (#20237)
Replace docs build-site.py with default-ish sphinx build

This seems to speed up docsite build _alot_. 

The Makefile.sphinx is the sphinx-quickstart generated makefile with a few changes.

The CPUS env var or 'nproc' output is used for the number of cpus passed to 'sphinx-build -j'
2017-01-13 14:32:27 -05:00
Matt Martz
8928adf62e Updates uri to use six for isinstance comparison for py3 compatibility (#20239) 2017-01-13 13:16:21 -06:00
Matt Martz
d25a70846f Only add Content-Type if not specified in headers. Fixes #20046 (#20234)
* Only add Content-Type if not specified in headers. Fixes #20046

* Update documentation to indicate body_format will not override Content-Type if specified in headers
2017-01-13 13:19:38 -05:00
Jasper Lievisse Adriaanse
0988de8c4c Remove outdated requirements and add a note trying to reflect reality. 2017-01-13 12:16:23 -05:00
Brian Coca
1880027da1 better cleaning of module return, also warn
disallow any internal _ansible_ vars and also warn when those or any on the restricted list are attempted
harden and parameterize key cleaning
2017-01-13 12:12:56 -05:00
Mark Maglana
b598575213 module_utils/dimensiondata (#17604)
* Add dimensiondata.py in module_utils

This is required by the Dimension Data modules under
lib/ansible/modules/extras/cloud/dimensiondata

* Implement change requests from PR #17604

Requests are listed in:
 https://github.com/ansible/ansible/pull/17604#pullrequestreview-819380

* Changes requested for Ansible PR #16704.

As noted by @abadger:

- Use Py3-compatible import syntax for ConfigParser.
- Use comprehensions instead of filter function.
- Fix buggy comparison of False to 'False'.
- Change b_dict to block_dict.
- Fix invalid syntax for except block that handles multiple exception types.

* Additional changes requested for Ansible PR #16704.

As noted by @abadger:

- Missed a couple of places where we still had invalid exception-handling syntax.

* Remove shebang from dimensiondata.py (Ansible PR #16704).

* Switch to MCP_USER / MCP_PASSWORD.

This is consistent with other Dimension Data Tooling.

* Implement get_configured_credentials.

* Fix typo (missing comma).

* Unify get_credentials implementation (ansible/ansible#17604).

get_credentials will now look in environment, dotfile, and module configuration for credentials (in that order).

* Resolve user Id and password from module configuration before trying environment or dotfile (ansible/ansible#17604).
2017-01-12 20:50:43 -08:00
Ivan Bojer
c7638be525 new module to manipulate DAG table (#19885)
* new module to manipulate DAG table

* changes based on the review comments; remove unecessary if statements; change returned value docstring
2017-01-12 22:27:09 -05:00
Ivan Bojer
8b674cd903 Panos check module to test FW readiness to accept new configuration(s) (#19882)
* new module to check FW readines

* added missing parameter

* changes based on the review comments; remove unecessary if statements; change returned value docstring
2017-01-12 22:26:19 -05:00
Ivan Bojer
05adfd6d8c new panos module that allows for NAT policy creation (#20161)
* - panos module that allows NAT policy creation

* remove terciart operator

* minor doc changes
2017-01-12 22:24:29 -05:00
Bernie Schelberg
2b4afd23eb Update docker example on Inventory page (#20209)
The docker module has been deprecated, so the example should be
updated to use the newer docker_container module.
2017-01-12 18:57:27 -08:00
Peter Sprygada
6ef9a0af4b fixes up doc strings in ios modules (#20210) 2017-01-12 21:48:58 -05:00
Matt Clay
f534573dcf Enable first network tests on Shippable. (#20208) 2017-01-12 18:23:53 -08:00
Will Thames
4bfed06514 Make ModuleArgsParser more understandable (#13974)
* Make ModuleArgsParser more understandable

Both comments and method names for handling new/old
style parameters are switched around

Made comments and method names reflect actual code paths
taken.

* Further improve mod_args.py comments

Ensure output formats are correctly documented,
remove some of the 'opinion' about which formats are
valid, and try and clarify the situations under which
certain code paths are hit.

Stop talking about the YAML command-type form as 'extra
gross' when it's the documented example form for command
etc.!
2017-01-12 18:22:54 -08:00
berenddeschouwer
b1c57ea443 Installroot OS version check fix (#20180)
Cast to int before checking the OS version.
This prevents the DNF tests from running on
Fedora < 23
2017-01-12 18:02:35 -08:00
Brian Coca
4b3977d5af added note about custom modules/plugins in roles 2017-01-12 20:15:09 -05:00
defunct
92b26a28b8 Update ec2_ami_copy to boto3, fix encrypted support (#20009)
* Update ec2_ami_copy to boto3, fix encrypted support

* docs, backwards compat options, more verbose exception handling

* minor option changes, fix documentation

* update documentation
2017-01-12 19:39:32 -05:00
Peter Sprygada
fec773a2b4 better error handling and log messages in network_cli (#20204) 2017-01-12 19:31:35 -05:00
Peter Sprygada
3f949358c7 adds some more logging to ansible-connection (#20205) 2017-01-12 19:20:25 -05:00
Matthew Dawson
0ffacedb3e Fixes #3539 "win_robocopy does not return changed properly" (#20158)
* Fixes #3539 "win_robocopy does not return changed properly"

Remove .win_robocopy from $result so that ansible can see the values properly. This also matches up with the existing documentation.

* Update documentation to match new return values
2017-01-12 15:04:14 -08:00
Jasper Lievisse Adriaanse
232cb764da Add RETURN section, fix identation and apply flake8 recommendations (#20148) 2017-01-12 14:58:07 -08:00
Matt Clay
d8733a5455 Complete initial network-integration support. 2017-01-12 12:39:00 -08:00
Tareq Alayan
e40ad1ac17 cloud: ovirt: add ability to override luns (#20144)
Add the ability to wipe used luns when adding new iscsi storage
2017-01-12 14:13:50 -05:00
Brian Coca
8c6b5621f8 deal with remote_src and tmp dirs properly
fixes #20128
2017-01-12 14:10:11 -05:00
Boris Manojlovic
02b548dba2 add AIX mounts information (#10431)
* add support for AIX mount facts

* add nfs mount support for AIX mount facts

* make nfs parsing a bit more resilient and correctly parse options if provided

* self.module.xxx call instead of wrong module.xxx
2017-01-12 13:15:08 -05:00
Brian Coca
74421f42e1 ansible doc does not need plugin deprecation error 2017-01-12 13:09:15 -05:00
Jasper Lievisse Adriaanse
2ea5bb8dbb Fix required_one_of in timezone module (#20185) 2017-01-12 16:35:14 +00:00
Brian Coca
2538383cf4 updated docs to make clear new option scope
this does not affect user tasks with `setup`
2017-01-12 10:53:24 -05:00
Alvaro Aleman
1b2ad94496 Configurable fact path (#18147)
* Make fact_path configurable

* Add docs for fact_path

* Add tests for localfacts

* Default fact gathering settings in PlayContext
2017-01-12 10:49:04 -05:00
Brian Coca
f078946ed3 no calls plz 2017-01-12 10:35:26 -05:00
Loïc Blot
35f6fb1383 vmware_inventory: permit to group by custom field & customize skip_keys (#20125)
* vmware_inventory: permit to group by custom field

This permits to create instances, affect some custom fields like EC2 tags and then retrieve groups from custom fields like EC2 inventory

* vmware_inventory: Customize skip_keys & add resourceconfig to skip_keys

Verify if customfield is a str before processing custom fields for a host
2017-01-12 09:37:18 -05:00
Brian Coca
e35a757ee7 fixed typo 2017-01-11 21:11:12 -05:00
William Shallum
1e2bd3d483 maven_artifact: Make default repository_url work again (#19194) 2017-01-11 18:59:00 -05:00
Michael Kwardakov
0183a148c5 Update cronvar.py (#19227) 2017-01-11 18:56:34 -05:00
Michael Scherer
6221327b13 Add DHCP leases to the facts return by the module (#19700)
On RHEL 6, where the feature is not present, this will
be ignored and return nothing.
2017-01-11 18:38:38 -05:00
Toshio Kuratomi
eeebd51f21 Rename the type filter to type_debug
Because we add the names of all filters to the callable whitelist used
by safe_eval, adding a filter named type makes it so code calling "type()"
gets eval'd.  We can't think of a way to exploit this but it's
sufficiently sketchy that we're renaming it in case someone smarter than
us can think of a problem.
2017-01-11 14:48:21 -08:00
Peter Sprygada
4cdb266dac adds iosxr_system declarative module (#20134)
* adds new module iosxr_system
* adds unit test cases for module
2017-01-11 17:17:37 -05:00
Jamie Lennox
27d218f85d Don't use rsync-path in synchronize with docker
When you become: with synchronize and docker it sets the rsync-path to
"sudo rsync" to launch rsync on the server as root. Unfortunately due to
docker exec doing stricter argument parsing than ssh this fails to
launch rsync on the server and the sync fails.

For docker though we don't need to launch rsync with sudo we can simply
docker exec -u <user> and rsync as normal to get around the problem.

Closes #20117
2017-01-11 14:01:11 -08:00
James Cammarata
a94a48f85f Partial revert of 76f7ce55 2017-01-11 15:53:04 -06:00
James Cammarata
d316068831 Additional fixes for security related to CVE-2016-9587 2017-01-11 15:53:04 -06:00