* Catch SSH authentication errors and don't retry multiple times to prevent account lock out
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Subclass AnsibleAuthenticationFailure from AnsibleConnectionFailure
Use comparison rather than range() because it's much more efficient.
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Add tests
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Make paramiko_ssh connection plugin behave the same way
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Add changelog
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Move relative time handling to module_utils and rewrite it
* Fix cases with no seconds defined
* fix a small typo along the way
* add relative time handling to the ownca provider in openssl_certificate
* add initial integration test for relative time ownca
* quote the documentation to produce valid yaml
* move timespec conversion and validation to the init function
* fix small edge case in conversion function
* add relative timestamp handling to the selfsigned provider
* add get_relative_time_option
* add relative timestamp handling to valid_in
* pep8 fix indentation
* add quotes in error message
* add changelog fragment
* Update changelogs/fragments/50570-relative_time_crypto.yaml
Co-Authored-By: MarkusTeufelberger <mteufelberger@mgit.at>
* Added support for labels for Docker Network
* Fixed missing comma in Docker Network module
* Specified minimal versions for dependencies and added changelog
* Fixes based on suggestions after code review
* Added integration tests
* Add command option
* Fix test task name
* Changelog fragment
* Fix indendation
* Add version_added
* Better command description
* Test passing command as list
* Handle invalid command types
* Cleaner command type checking
* Check that all items in command list are strings
* Better error about command list items
* Better type checking errors
* Add tests for command type checking
* Update command tests
* Fix messed up rebase
* Fix publish idempotency when mode is None
* Add changelog fragment
* Python 2.6 compat
* Use self.publish
* Check length of publish before comparing content
* Sort publish lists before zipping
* Enable publish tests
* python3 compat
* Don’t sort by mode as it is not safe
* Document publish suboptions and add them to args
* Add type to publish documentation
* Add choices to publish argument_spec suboptions
* Make tcp the default protocol
* Make documentation reflect protocol default
* Simplify setting mode
* Remove redundant string quoting
* Test order of publish
* Add comment about publish change detection
* Revert "Revert "openssl_csr: Allow to use cryptography as backend (#50324)""
This reverts commit bbd2e31e9f.
* Remove more complicated selection copy'n'pasted from openssl_privatekey.
* Add tests for backend selection.
* Add openssl_csr test for arbitrary string commonName.
* Allow to disable commonName -> SAN copying (fixes#36690).
* Increase persistent command_timeout default value
* Increase command_timeout default value from 10 to 30 sec
to reduce frequent timeout issue for network connection
types (netconf/network_cli/httpapi/napalm)
* Fix review comments
* Corner case in which import_role would add another instance of a role with the same signature into roles: when it already existed there.
roles:
- name: a
tasks:
- import_role: name=a
would execute role 'a' 3 times instead of the intended 2 (x2 in roles: phase +1 in tasks:)
* added tests
* Add object_type param to checkpoint_object_facts
* Add changelog fragment
* Fix sanity
* Fix sanity
* Pass type param to payload
Otherwise it does not do what is expected to do
* Add ip-only default to docstring
* Revert "avoid x2 setting of set_fact when 'cacheable' (#50564)"
This reverts commit 207848f354.
* clarify clear_facts with set_fact cacheable
revert previous 'fix' as it will break playbooks by changing precedence
opted to leave current behaviour but document it on both plugins to mitigate confusion
fixes#50556
also fix grammer, add comment, remove unused e
* Bubble up import exception content for k8s module
Signed-off-by: Fabian von Feilitzsch <fabian@fabianism.us>
* Track down other places import exception is reported
* Add changelog fragment
When a user home dir is not created with `useradd`, the home dir will now
be created with umask from /etc/login.defs. Also fixed a bug in which
after a local user is deleted, and the same user exists in the central
user management system, the module would create that user's home.
* check for result['status'] in systemd module
* instead of checking for result['state'], actually check for chroot and warn
* allow systemctl status to work if in a chroot, update warn text
* simply change warning message
* Allow to use cryptography as backend for openssl_csr.
* Use different curve.
* Adding changelog.
Includes changelog fragment for #49416, which didn't include one.
* Describe labels and container_labels correctly
* Clarify reserve_memory and limit_memory docs
* Remove default from container_labels doc
* Remove trailing whitespace
* Document min api version for configs and secrets
* Add changelog fragment
* Specify type on labels and container_labels
* Consolidate required API version descriptions
* Update reserve and limit memory docs
* Use correct power-of-two units
* Remove description about limit_memory minimum 4mb
* docker_swarm_service: use exact name match when finding services
The Docker API's filtering support allows filtering for substring
matches which means that when we filter the list of running services we
may accidentally match a service called "foobar" when looking for a
service named "foo".
Fix this by filtering the list of services returned from the Docker API
so that name matches are exact. It is still worth passing the filter
parameter to the Docker API because it reduces the number of results
passed back which may be important for remote Docker connections.
Closes 50654.
* add changelog fragment for #50654
* Added documentation around using vmware dynamic inventory plugin
* Fixed bug for populating host_ip in hostvars for given inventory host
* VMware: Add properties in vmware_vm_inventory
Fixes: #50249
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* fixes issue 50296
* fixes the indentation of the return statement
* Adds a conditional test into `_find_systems_resource()` to check the existence
of the Members of System resource
* updates the error message
* harden the conditional test
* Add a changelog
Provide toggle flag to allow display of unreachable task to stderr
using default callback plugin.
Fixes: #48069
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Add auth_timeout parameter when supported
Paramiko 2.2 introduces the auth_timeout parameter. This will set the
parameter to the same value of the timeout parameter to prevent
"Authentication timeout" errors.
* Conditionally add auth_timeout to ssh.connect
Renamed sock_kwarg to ssh_connect_kwargs and conditionally added the
auth_timeout parameter based on the installed paramiko version.
* Add changelog fragment
* Add a porting guide entry for ansible_distribution facts
Switching away from platform.distro() will cause changes sometimes due
to the new code using new sources of information that may be out of sync
with the old ones. Just have to make people aware of that and also what
we are doing to mitigate it when appropriate.
* wordsmithed, added links for new distro backend
* Once cli args are parsed, they're constant. So, save the parsed args
into the global context for everyone else to use them from now on.
* Port cli scripts to use the CLIARGS in the context
* Refactor call to parse cli args into the run() method
* Fix unittests for changes to the internals of CLI arg parsing
* Port callback plugins to use context.CLIARGS
* Got rid of the private self._options attribute
* Use context.CLIARGS in the individual callback plugins instead.
* Also output positional arguments in default and unixy plugins
* Code has been simplified since we're now dealing with a dict rather
than Optparse.Value
Added examples in playbooks_error_handling doc for handlining
multiple conditions in changed_when and failed_when
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* fix order of dnf api operations so transactions don't fail
Previously dnf.base.fill_sack() was called before
dnf.base.update_cache() which apparently breaks dnf transaction
logic as per https://bugzilla.redhat.com/show_bug.cgi?id=1658694Fixes#49060
Signed-off-by: Adam Miller <admiller@redhat.com>
* add changelog and test case
Signed-off-by: Adam Miller <admiller@redhat.com>
* Combine systemd units/unit-files output for service_facts
Fixes#47118
Previously we were only taking the output of `systemd units` which
would leave out information about the service units that were
disabled, static, masked, etc. Now we're aggregating the results so
that anything not active/inactive/dead at least is pulled as fact
data with it's state provided.
Signed-off-by: Adam Miller <admiller@redhat.com>
* provide state and status information about services
Fixes#45730
Signed-off-by: Adam Miller <admiller@redhat.com>
conn_limit type is set to 'int'. This will allow module to compare conn_limit with record value without type casting.
Fixes: #38118
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Without this modprobe always reports changed when modprobe-ing a builtin module.
With this, if a kernel module is a builtin, the modprobe module will:
- succeed (without incorrectly reporting changed) if ``state`` is ``present``;
- fail if ``state`` is ``absent``
The failure will have whatever error message modprobe returns when
attempting to remove a builtin module. For example:
``modprobe: ERROR: Module nfs is builtin.``
* Handle 'latest' version when installing module for first time
Otherwise, a fresh install of a plugin with 'version: latest' gets installed without its dependencies, rendering the plugin effectively useless.
* Add changelog
* Refactor integration test for lvg module to introduce grow/reduce test
* List correctly current PV in lvg module: fix lvg reduce
Previous behaviour was to only take into account PV passed in 'pvs'
argument. This lead to reduce not working as expecting:
* with state=present and list of wanted pvs, lvg found only the pvs to
add or already present and ignored the pv to remove (obviously absent
from the list of given PV)
* with state=absent and a pv to remove, lvg found that the remaining pvs
list is empty (ignoring possible other PV in the vg) and decides to
remove the vg entirely (as supposely no PV are left anymore to store
lvm metadata)
* Add changelog fragment
When the security group the rule belongs to does not exist and
the state is absent, the module is not properly exited, leading
to a playbook execution failure.
Fixes issue #50057
* Added organization in the scm_credential get
* Fallback looking for cred in project org
* Tests project with multi org credential
* Fixed CI issue
* Added changelog fragment
* Change test suite to fit expected behaviour
This reverts some changes from ansible/ansible@723daf3
If a line is found in the file, exactly or via regexp matching, it must
not be added again.
insertafter/insertbefore options are used only when a line is to be
inserted, to specify where it must be added.
* Implement the change in behaviour mentioned in the previous commit
* Fix comment to reflect what the code does
* Set the correct return message.
In these cases, the lines are added, not replaced.
* Add a changelog
* Allow tags to be templated from a variable. Fixes#49825
* Restore _load_tags to ensure we do csv tag splitting
* Add tests for csv tags and templated tags
* evaluate_tags doesn't need to accept strings, because _load_tags handles this
* Windows Privileges - moved util code to it's own C# util
* Rename Enabler class to PrivilegeEnabler to remove ambiguity
* rename Utils to PrivilegeUtil
* fix missing util name changes
* win become: refactor and add support for passwordless become
* make tests more stable
* fix up dep message for Load-CommandUtils
* Add further check for System impersonation token
* re-add support for become with accounts that have no password
* doc fixes and slight code improvements
* fix doc sanity issue
- Require username and password for unregistering and avoid "cannot marshal None unless allow_none is enabled" error when using an activation key and no channels specified.
- Update test fixtures and add changelog
Co-authored-by: WhyIsThisOpen <WhyIsThisOpen@users.noreply.github.com>