Commit graph

279 commits

Author SHA1 Message Date
George Christou
bbc855c218 Make --diff lines of context configurable 2016-02-19 12:18:09 +00:00
Toshio Kuratomi
f9526b2ab2 Missed constants.py in the commit for #14557 2016-02-18 23:49:33 -08:00
Brian Coca
844754b8e3 added missing config to constants.py
fixes #14567
2016-02-18 14:37:14 -08:00
George Christou
56239ee347 Make --diff colours configurable 2016-02-17 10:25:54 +00:00
James Cammarata
78d499140c Re-implementing the retry file feature for 2.0
Fixes #13944
2016-01-26 14:11:28 -05:00
Brian Coca
d3deb24ead output color is now configurable 2015-12-29 17:40:47 -05:00
Matt Martz
630a35adb0 Add ProxyCommand support to the paramiko connection plugin 2015-12-23 15:15:07 -06:00
Toshio Kuratomi
e66c070e5c Add package module to squash list 2015-12-19 13:00:58 -08:00
Brian Coca
2bfb13bfb3 removed unused 'pattern' from ansible.cfg
also moved the config param to a 'deprecated' list in constants.py
added TODO for producing a deprecation warning for such vars
2015-12-09 08:40:06 -08:00
chouseknecht
4f84769a17 Galaxy 2.0 2015-12-09 10:51:12 -05:00
Brian Coca
d82d65ee7b keep string type filters as strings
now we don't try to convert types if using a filter that outputs a specifically formated string
made list of filters configurable
2015-12-08 12:52:20 -08:00
Luca Berruti
8ea45e8608 Make no_target_syslog consistent.
no_target_syslog = False --> do log on target
2015-12-05 19:43:02 +01:00
Toshio Kuratomi
e201a255d1 Revert "Make sudo+requiretty and ANSIBLE_PIPELINING work together"
This reverts commit f488de8599.

Reverting for now due to hard to pin down bugs: #13410  #13411
2015-12-03 08:01:05 -08:00
Abhijit Menon-Sen
0d16d16ab8 Make module_lang default to whatever LANG is set to on the control node 2015-12-02 22:25:10 +05:30
Abhijit Menon-Sen
f488de8599 Make sudo+requiretty and ANSIBLE_PIPELINING work together
Pipelining is a *significant* performance benefit, because each task can
be completed with a single SSH connection (vs. one ssh connection at the
start to mkdir, plus one sftp and one ssh per task).

Pipelining is disabled by default in Ansible because it conflicts with
the use of sudo if 'Defaults requiretty' is set in /etc/sudoers (as it
is on Red Hat) and su (which always requires a tty).

We can (and already do) make sudo/su happy by using "ssh -t" to allocate
a tty, but then the python interpreter goes into interactive mode and is
unhappy with module source being written to its stdin, per the following
comment from connections/ssh.py:

        # we can only use tty when we are not pipelining the modules.
        # piping data into /usr/bin/python inside a tty automatically
        # invokes the python interactive-mode but the modules are not
        # compatible with the interactive-mode ("unexpected indent"
        # mainly because of empty lines)

Instead of the (current) drastic solution of turning off pipelining when
we use a tty, we can instead use a tty but suppress the behaviour of the
Python interpreter to switch to interactive mode. The easiest way to do
this is to make its stdin *not* be a tty, e.g. with cat|python.

This works, but there's a problem: ssh will ignore -t if its input isn't
really a tty. So we could open a pseudo-tty and use that as ssh's stdin,
but if we then write Python source into it, it's all echoed back to us
(because we're a tty). So we have to use -tt to force tty allocation; in
that case, however, ssh puts the tty into "raw" mode (~ICANON), so there
is no good way for the process on the other end to detect EOF on stdin.
So if we do:

    echo -e "print('hello world')\n"|ssh -tt someho.st "cat|python"

…it hangs forever, because cat keeps on reading input even after we've
closed our pipe into ssh's stdin. We can get around this by writing a
special __EOF__ marker after writing in_data, and doing this:

    echo -e "print('hello world')\n__EOF__\n"|ssh -tt someho.st "sed -ne '/__EOF__/q' -e p|python"

This works fine, but in fact I use a clever python one-liner by mgedmin
to achieve the same effect without depending on sed (at the expense of a
much longer command line, alas; Python really isn't one-liner-friendly).

We also enable pipelining by default as a consequence.
2015-12-01 23:32:20 +05:30
James Cammarata
efbc6054a4 Add variable compression option 2015-11-05 16:22:37 -05:00
Toshio Kuratomi
9e758d3d97 Do not optimize with_items loop if the items are not strings
The code isn't sophisticated enough to understand lists and dicts yet.
This mirrors how 1.9.x handled non-string items so its not a regression.

One portion of a fix for #12976
2015-11-04 18:48:41 -08:00
Brian Coca
b2fc5142eb moved sudo -S and -n into configurable flags as they might be absent in much older systems
if password is supplied exsiting -n would get remove from flags
2015-10-28 02:06:25 -04:00
Toshio Kuratomi
4203850d1a Break apart a looped dependency to show a warning when parsing playbooks
Display a warning when a dict key is overwritten by pyyaml
Fixes #12888
2015-10-27 12:39:42 -07:00
Brian Coca
f78c82b9ee don't set user to current user
also remove condition to bypass setting user if user matches current user
this enables forcing user when set to the same user as current user and ignoring .ssh/config
while keeping .ssh/config with current user if nothing is specified.
2015-10-23 23:15:45 -04:00
Toshio Kuratomi
f34b55ac2b Add python3-compat boilerplate to all .py files in lib/ansible 2015-10-19 18:36:19 -07:00
Toshio Kuratomi
baa309309d Bundle a new version of python-six for compatibility along with some code to make it easy for distributions to override the bunndled copy if they have a new enough version. 2015-10-16 08:21:28 -07:00
James Cammarata
dce58a78c9 Make random cowsay truly random
Also adds a cowsay whitelist config option, because there are some
truly NSFW stencils that come with cowsay by default.
2015-10-15 10:52:53 -04:00
Abhijit Menon-Sen
96c4dc273a Set explicit default for ANSIBLE_SSH_ARGS
The earlier code behaved exactly as though this default had been set,
but it was actually handled as a(n unnecessary) special case inside the
connection plugin, rather than set as an explicit default.

If the default is overriden either in ansible.cfg or the environment,
the new code will continue to work (in fact, it won't know or care,
since it just uses the value set in the PlayContext).

This is submitted as a separate commit for easier review to address
backwards-compatibility concerns.
2015-10-02 21:26:25 +05:30
Brian Coca
bb6141ec41 renamed managed_syslog to no_target_syslog 2015-09-26 08:22:32 -04:00
Brian Coca
37a918438b task logging revamp
* allow global no_log setting, no need to set at play or task level, but can be overriden by them
 * allow turning off syslog only on task execution from target host (manage_syslog), overlaps with no_log functionality
 * created log function for task modules to use, now we can remove all syslog references, will use systemd journal if present
 * added debug flag to modules, so they can make it call new log function conditionally
 * added debug logging in module's run_command
2015-09-25 23:57:28 -04:00
Abhijit Menon-Sen
ac98fe9e89 Implement ssh connection handling as a state machine
The event loop (even after it was brought into one place in _run in the
previous commit) was hard to follow. The states and transitions weren't
clear or documented, and the privilege escalation code was non-blocking
while the rest was blocking.

Now we have a state machine with four states: awaiting_prompt,
awaiting_escalation, ready_to_send (initial data), and awaiting_exit.
The actions in each state and the transitions between then are clearly
documented.

The check_incorrect_password() method no longer checks for empty strings
(since they will always match), and check_become_success() uses equality
rather than a substring match to avoid thinking an echoed command is an
indication of successful escalation. Also adds a check_missing_password
connection method to detect the error from sudo -n/doas -n.
2015-09-23 01:55:00 -04:00
Brian Coca
f96255f7fd fixed typo 2015-09-21 10:10:21 -04:00
Florian Apolloner
d9f873495e Ported over #7158 to support SELinux context switches. 2015-09-17 15:03:46 +02:00
Brian Coca
4aea1f6568 normalized plugin paths and names and configs 2015-09-15 11:44:09 -04:00
Brian Coca
a7231c2203 actually implemented flags correctly for all priv escalation methods 2015-09-02 11:31:39 -04:00
Brian Coca
e156d9b677 fixed and generalized privilege escalation exe settings 2015-09-02 09:29:34 -04:00
James Cammarata
2761df232e Small tweak to 7551b75 to correct the ordering of tests 2015-09-01 14:48:59 -04:00
James Cammarata
7551b75e61 Add ispath type for constants and make sure all local paths are ispath=True
Fixes #12180
2015-09-01 14:47:45 -04:00
Brian Coca
a4ffa09414 Merge pull request #11880 from bcoca/configurable_squash
made squashable with_ plugin list configurable
2015-08-23 13:32:15 -04:00
Feanil Patel
892e230514 Don't convert nulls to strings.
This change is similar to https://github.com/ansible/ansible/pull/10465

It extends the logic there to also support none types.  Right now if you have
a '!!null' in yaml, and that var gets passed around, it will get converted to
a string.

eg. defaults/main.yml
```
ENABLE_AWESOME_FEATURE: !!null # Yaml Null
OTHER_CONFIG:
  secret1: "so_secret"
  secret2: "even_more_secret"

CONFIG:
  hostname: "some_hostname"
  features:
    awesame_feature: "{{ ENABLE_AWESOME_FEATURE}}"
  secrets: "{{ OTHER_CONFIG }}"
```

If you output `CONFIG` to json or yaml, the feature flag would get represented in the output
as a string instead of as a null, but secrets would get represented as a dictionary.  This is
a mis-match in behaviour where some "types" are retained and others are not.  This change
should fix the issue.

I also updated the template test to test for this and made the changes to v2.

Added a changelog entry specifically for the change from empty string to null as the default.

Made the null representation configurable.

It still defaults to the python NoneType but can be overriden to be an emptystring by updating
the DEFAULT_NULL_REPRESENTATION config.
2015-08-19 18:35:07 -04:00
Brian Coca
961bee00d5 centralized the definition of 'localhost' 2015-08-19 15:49:37 -04:00
Brian Coca
e081a73aa1 make new inventory config take precedence over old hostfile config
fixes #11907
2015-08-18 03:29:14 -04:00
Damian Gerow
1c5611100e Add become support for OpenBSD doas 2015-08-17 21:31:18 -04:00
Brian Coca
49d88cef9c meta: refresh_inventory and several inventory fixes 2015-08-12 10:35:12 -04:00
Brian Coca
4d853a5d3c implemented for v2, missing --tree option for adhoc 2015-08-11 19:18:10 -04:00
Abhijit Menon-Sen
3d581e5306 Don't stat None
Fixes #11794, regression introduced by #11010
2015-07-30 08:02:27 +05:30
Brian Coca
4b8e368039 Merge pull request #11010 from sillydong/devel
Add judgment to to fix path0 if ANSIBLE_CONFIG is set to a dir
2015-07-29 21:36:07 -04:00
James Cammarata
3a50c08c01 Merge branch 'pluggable_jinja_tests' of https://github.com/quixoten/ansible into quixoten-pluggable_jinja_tests 2015-07-29 15:16:27 -04:00
Brian Coca
0b6fadaad7 started implementing diff
diff now works with template
also fixed check mode for template and copy
2015-07-26 12:22:22 -04:00
Brian Coca
a6ba149c49 implemented simplified output for adhoc adn command modules as in v1 2015-07-23 13:42:20 -04:00
James Cammarata
7a9916422a Fixing up error handling for fetch_file ops in connection plugins
* enable batch mode (configurable with a config option, on by default)
  for sftp transfers, so we can catch errors more easily
* general cleanup in the local connection plugin and fetch action plugin

Fixes #11612
2015-07-22 14:25:47 -04:00
Brian Coca
b76cb8f655 now that invocation is only async again, no need to sanitize 2015-07-15 10:40:37 -04:00
James Cammarata
6971e92f39 Fixing up some output stuff 2015-07-14 00:23:17 -04:00
Brian Coca
1274ce565d added result sanitation to registered var and to callbacks
removed time display as it only is provided by command module
2015-07-11 01:05:29 -04:00
Carlos E. Garcia
657495d13f minor spelling changes 2015-07-10 12:42:59 -04:00
James Cammarata
b520d5bc60 Lots of fixes for integration test bugs 2015-07-10 01:53:59 -04:00
Brian Coca
897e098b27 minor fixes to constants 2015-07-08 16:33:51 -04:00
Brian Coca
50efeb13ba made squashable with_ plugin list configurable
partially deals with #11383
2015-07-07 11:59:20 -04:00
Toshio Kuratomi
5b0b1f8da6 unquote strings in the ansible config file 2015-07-06 14:12:10 -07:00
Brian Coca
05be30168d return empty string when config file is not used 2015-07-05 12:51:05 -04:00
Brian Coca
5f791329ce now verbose mode shows config file used 2015-07-04 10:23:49 -04:00
Brian Coca
9e37402cb7 added ramfs to selinux ignored filesystems
as reported in #11442
2015-07-02 17:25:05 -04:00
James Cammarata
b6c52ce115 Allow role variables to be optionally kept in a private scope 2015-07-01 11:33:14 -04:00
James Cammarata
21c14363fd Allow callback plugins to be whitelisted 2015-06-29 10:56:28 -04:00
Brian Coca
b89071e485 now detects incorrect password with sudo and su (at least in english) 2015-06-15 01:30:03 -04:00
Brian Coca
ff15f374ad fixed new become settings, rearranged constants to find PE related vars easier 2015-06-14 20:50:38 -04:00
Brian Coca
eaddc0b309 removed duplicate retry config entries 2015-05-25 11:06:04 -04:00
Hugh Saunders
2e07567c16 Retry exec command via ssh_retry
This PR adds the option to retry failed ssh executions, if the failure
is caused by ssh itself, not the remote command. This can be helpful if
there are transient network issues. Retries are only implemented in the
openssh connection plugin and are disabled by default. Retries are
enabled by setting ssh_connection > retries to an integer greater
than 0.

Running a long series of playbooks, or a short playbook against a large
cluster may result in transient ssh failures, some examples logged
[here](https://trello.com/c/1yh6csEQ/13-ssh-errors).

Ansible should be able to retry an ssh connection in order to survive
transient failures.

Ansible marks a host as failed the first time it fails to contact it.
2015-05-18 14:22:52 -07:00
Brian Coca
0913b8263c made special treatment of certain filesystem for selinux configurable 2015-05-15 13:52:27 -04:00
Chen Zhidong
14719a6f08 Add judgment to to fix path0 if ANSIBLE_CONFIG is set to a dir 2015-05-14 22:02:30 +08:00
James Cammarata
ce3ef7f4c1 Making the switch to v2 2015-05-03 21:47:26 -05:00
Devin Christensen
1bf5224f82 Enable writing plugins for jinja2 tests 2015-04-28 09:32:11 -06:00
Jesse Rusak
652cd6cd5e Fix --force-handlers, and allow it in plays and ansible.cfg
The --force-handlers command line argument was not correctly running
handlers on hosts which had tasks that later failed. This corrects that,
and also allows you to specify force_handlers in ansible.cfg or in a
play.
2015-04-10 19:38:59 -04:00
Brian Coca
5ec1f3bd6e removed folding sudo/su to become logic from constants as it is already present downstream in playbook/play/tasks 2015-03-27 08:45:04 -04:00
Brian Coca
587ab17f10 fixes password error detection for ssh connection plugin
removes sycnronize test that does not work with current sudo setup
Fixes #10434
2015-03-11 16:11:27 -04:00
Brian Coca
5f6db0e164 preliminary privlege escalation unification + pbrun
- become constants inherit existing sudo/su ones
- become command line options, marked sudo/su as deprecated and moved sudo/su passwords to runas group
- changed method signatures as privlege escalation is collapsed to become
- added tests for su and become, diabled su for lack of support in local.py
- updated playbook,play and task objects to become
- added become to runner
- added whoami test for become/sudo/su
- added home override dir for plugins
- removed useless method from ask pass
- forced become pass to always be string also uses to_bytes
- fixed fakerunner for tests
- corrected reference in synchronize action plugin
- added pfexec (needs testing)
- removed unused sudo/su in runner init
- removed deprecated info
- updated pe tests to allow to run under sudo and not need root
- normalized become options into a funciton to avoid duplication and inconsistencies
- pushed suppored list to connection classs property
- updated all connection plugins to latest 'become' pe

- includes fixes from feedback (including typos)
- added draft docs
- stub of become_exe, leaving for future v2 fixes
2015-03-10 18:42:36 -04:00
Brian Coca
13d788021f Merge pull request #4820 from mscherer/add_local_config
Add path for user defined plugin
2015-02-11 14:44:07 -05:00
Brian Coca
17666a1939 changed default for new retry path to be teh same as current
also added commented out entries in ansible.cfg to show other options
2015-01-30 15:18:58 -05:00
Brian Coca
540d13cf52 Merge pull request #9404 from mmoya/configure-retry-files
Configure retry file usage and location
2015-01-30 15:14:27 -05:00
Brian Coca
c73254543a made env var also consistent 2015-01-29 13:32:00 -05:00
Brian Coca
4fd760467b made inventory consistent in config file, deprecated old config hostfile 2015-01-29 13:28:33 -05:00
Brian Coca
78e1a7ed93 Revert "Fix: Add support for SSL protocol version configuration option" 2015-01-19 08:36:17 -05:00
Jason Holland
eedc51f213 Add support for SSL protocol version configuration option. Also fix 2 places where the SSL version was not being set properly. 2014-12-13 21:20:33 -06:00
Michael Scherer
7bffc1a29e add a default path in ~/.ansible to place plugins, so ansible is a bit
more usable out of the box as simple user
2014-12-11 23:33:51 +01:00
Maykel Moya
c15b47fb7b Configure retry file usage and location
Adds new settings for managing retry files:
* retry_files_enabled, defaults to True
* retry_files_save_path, defaults to ~/.ansible-retry

This change was adapted from PR #5515.
2014-10-23 00:38:30 +02:00
Michael DeHaan
e5116d2f9b changes for package loading of modules 2014-09-26 11:25:56 -04:00
Michael DeHaan
2064d26085 Add documentation about bin_ansible_callbacks setting. Standardization and cleanup. 2014-09-10 09:38:24 -04:00
Bruno BAILLUET
16108e4a99 Adding a new 'load_callback_plugins' config option, defaults to False
This option, when set to True, allows "ansible" command to load callback plugins
2014-09-06 16:41:16 +02:00
Dionysis Grigoropoulos
f948b4f293 Handle exceptions during config file parsing
Handle uncaught exceptions during config file parsing
2014-08-29 17:55:42 +03:00
Michael DeHaan
a419ffdf41 Make command warnings off by default to minimize surprises. 2014-08-22 16:12:48 -04:00
Will Thames
ab8490d003 Added warnings to command module
Generate warnings when users are shelling out to commands
rather than using modules

Can be turned off on a per-action line with the documented
warn=False flag. Can be turned off globally using
command_warnings = False in ansible config file.

Print out warnings using the standard playbook callbacks.

Created some additional tests in TestRunner.test_command
and also a demonstration playbook.
2014-08-22 15:37:07 -04:00
Michael DeHaan
3035f2dcc8 Merge pull request #8367 from msabramo/make_pip_install_editable_work
Make `pip install -e` work
2014-08-15 07:46:54 -04:00
Michael DeHaan
02b0e102e6 Rename some INI keys for fact caching defaults 2014-08-11 15:16:51 -04:00
Michael DeHaan
542aaa6ffe Use JSON instead of pickles for compatibility. 2014-08-11 12:23:05 -04:00
Michael DeHaan
2629cd3fce Fix some copyrights, fix a misc test. 2014-08-11 12:23:05 -04:00
Josh Drake
aa419044c4 WIP on the re-implementation of fact caching and various backends. 2014-08-11 12:23:05 -04:00
Marc Abramowitz
44b9f5e752 Make pip install -e work
This allows `pip install -e` and `python setup.py develop` to work
without having to do the stuff in
http://docs.ansible.com/intro_installation.html#running-from-source so
it's a tad nicer for Python programmers who are accustomed to installing
packages as editable/in development mode.

Fixes GH-8355 (https://github.com/ansible/ansible/issues/8355)
2014-07-30 13:35:11 -07:00
Veeti Paananen
5780f3a8b4 Expand variables in configuration files, take two
e.g. $HOME.
2014-07-29 15:20:59 +03:00
Veeti Paananen
e6bd049892 Don't expand remote_tmp path locally 2014-07-29 15:19:54 +03:00
Michael DeHaan
106f4ccc01 Revert "Expand variables in configuration files" - I feel I've been here before.
Breaks some test runs.

This reverts commit a9eef029b6.
2014-07-28 17:10:42 -04:00
Veeti Paananen
a9eef029b6 Expand variables in configuration files
e.g. $HOME. Fixes #6373.
2014-07-28 17:36:14 +03:00
James Cammarata
4fc8d4b6fe Merge pull request #7649 from sivel/vault-password-script
Allow --vault-password-file to work with a script as well as a flat file
2014-07-14 10:57:16 -05:00
James Cammarata
5429b85b9f Change safe_eval to a strict white list 2014-06-25 14:00:21 -05:00
Matt Martz
19f5ce2c9c Allow --vault-password-file to work with a script as well as a flat file 2014-06-24 15:02:24 -05:00