Commit graph

28955 commits

Author SHA1 Message Date
Thomas Szymanski
60bb677154 Add safety checks to nspawn connection plugin
This patch adds some checks on the path that is accessed as a container,
making sure it looks like one. It implements the connection method and
add adaptations to the modern way of writing connections for Ansible.
It also rewords docs and vars to use the nspawn terminology instead of
chroot.
2017-02-17 12:39:48 -05:00
Thomas Szymanski
b8125ac1a6 Remove the --nspawn-extra-args cli option
Providing extra arguments to pass to systemd-nspawn is still possible
through the `nspawn_connection` of the `ansible.cfg` file.
2017-02-17 12:39:48 -05:00
Thomas Szymanski
1fc7211181 Add a config section for systemd-nspawn driver 2017-02-17 12:39:48 -05:00
Lars Kellogg-Stedman
3597ca082b add systemd-nspawn connection driver
This commit adds a connection driver built on top of systemd-nspawn.
This is similar to the existing `chroot` driver, except that nspawn
offers a variety of additional services. For example, it takes care of
automatically mounting `/proc` and `/sys` inside the chroot environment,
which will make a variety of tools work correctly that would otherwise
fail.

You can take advantage of other system-nspawn features to perform more
complicated tasks.  For example, on my x86_64 system I have a Raspberry
Pi disk image mounted on `/rpi`.  I can't use `chroot` with this because
the binaries contained in the image are for the wrong architecture.
However, I can use the systemd-nspawn `--bind` option to automatically
insert the appropriate qemu-arm binary into the container using an
inventory file like this:

    pi ansible_host=/rpi ansible_nspawn_extra_args='--bind /usr/bin/qemu-arm --bind /lib64'

See http://www.freedesktop.org/software/systemd/man/systemd-nspawn.html
for more information about systemd-nspawn itself.
2017-02-17 12:39:48 -05:00
John R Barker
482f882798 Correct example 2017-02-17 17:31:05 +00:00
Toshio Kuratomi
3feb3d6c16 Restore validate_certs being a bool type 2017-02-17 09:17:05 -08:00
Brian Coca
0ddcde2fb2 updated docs to match 2017-02-17 12:04:24 -05:00
Monty Taylor
5d21256d9f Default verify to None for OpenStack modules
This will require a new release of os-client-config.
2017-02-17 11:59:13 -05:00
James Cammarata
1bf8c99974 Update any_errors_fatal field attributes in block/task to match play 2017-02-17 10:25:27 -06:00
John R Barker
3b9892b45b New Modules for Ansible Tower (#21584) 2017-02-17 16:24:32 +00:00
Wayne Witzel III
743d48af5c Add Tower Project module (#21479) 2017-02-17 16:19:33 +00:00
Wayne Witzel III
17f0dc3f4d Add Tower Group module (#21480) 2017-02-17 16:19:06 +00:00
Wayne Witzel III
17a2e5ead2 Add Tower Host module (#21482) 2017-02-17 16:18:40 +00:00
Wayne Witzel III
ff3023e82b Add Tower Inventory module (#21483) 2017-02-17 16:18:11 +00:00
Wayne Witzel III
2b6c13f883 Add Tower Label module (#21485) 2017-02-17 16:17:41 +00:00
Ryan Brown
d64d38a1f4 [cloud][docker] Insensitive search for docker port publishing (#21579) 2017-02-17 10:41:26 -05:00
Adrian Likins
7b6c992c46 Vault encrypt string cli (#21024)
* Add a vault 'encrypt_string' command.

The command will encrypt the string on the command
line and print out the yaml block that can be included
in a playbook.

To be prompted for a string to encrypt:
   
   ansible-vault encrypt_string --prompt

To specify a string on the command line:

   ansible-vault encrypt_string "some string to encrypt"

To read a string from stdin to encrypt:

   echo  "the plaintext to encrypt" | ansible-vault encrypt_string

If a --name or --stdin-name is provided, the output will include that name in yaml key value format: 

   $ ansible-vault encrypt_string "42" --name "the_answer"
    the_answer: !vault-encrypted |
          $ANSIBLE_VAULT;1.1;AES256
          <vault cipher text here>

plaintext provided via prompt, cli, and/or stdin can be mixed:

      $ ansible-vault encrypt_string "42" --name "the_answer" --prompt
      Vault password: 
      Variable name (enter for no name): some_variable
      String to encrypt: microfiber
      # The encrypted version of variable ("some_variable", the string #1 from the interactive prompt).
     some_variable: !vault-encrypted |
              $ANSIBLE_VAULT;1.1;AES256
              < vault cipher text here>
      # The encrypted version of variable ("the_answer", the string #2 from the command line args).
      the_answer: !vault-encrypted |
             $ANSIBLE_VAULT;1.1;AES256
             < vault cipher text here>

Encryption successful
* add stdin and prompting to vault 'encrypt_string'
* add a --name to encrypt_string to optional specify a var name
* prompt for a var name to use with --prompt
* add a --stdin-name for the var name for value read from stdin
2017-02-17 10:12:14 -05:00
Zhuo Peng
fe02dbecc0 [cloud] Fix a minor doc error in docker_container module (#21033) 2017-02-17 10:01:15 -05:00
Peter Sprygada
a6cecef6bc clean up of terminal plugins (#21549)
* removes unneeded supports_multiplexing var
* refactors terminal_prompts_re to terminal_stdout_re
* refactors terminal_errors_re to terminal_stderr_re
* updates network_cli unit test cases
2017-02-17 10:00:23 -05:00
Ricardo Carrillo Cruz
c5452eef6f Removes default kwarg in iosxr_argument_spec for timeout (#21569) 2017-02-17 15:59:24 +01:00
Peter Sprygada
4cbbed0b37 fixes issue with prompt detection in network_cli (#21574)
The network_cli plugin would return immediately if an error was
detected.  This patch will force the connection plugin to still try to
detect the current prompt even if an error is found.
2017-02-17 14:13:26 +00:00
Evgeni Golov
d3d1aa2dca synchronize: quote private_key (#21570)
otherwise rsync will fail when trying to access a key with spaces:

fatal: [default]: FAILED! => {"changed": false, "cmd": "/usr/bin/rsync --delay-updates -F --compress --archive --rsh 'ssh -i /home/user/Some Folder/.vagrant/machines/default/libvirt/private_key -S none -o StrictHostKeyChecking=no -o Port=22' --out-format='<<CHANGED>>%i %n%L' \"/etc/issue\" \"vagrant@192.168.121.10:/tmp/issue2\"", "failed": true, "msg": "Warning: Identity file /home/user/Some not accessible: No such file or directory.\nssh: Could not resolve hostname folder/.vagrant/machines/default/libvirt/private_key: No address associated with hostname\r\nrsync: connection unexpectedly closed (0 bytes received so far) [sender]\nrsync error: unexplained error (code 255) at io.c(226) [sender=3.1.2]\n", "rc": 255}
2017-02-17 14:18:41 +01:00
Peter Sprygada
e77964f9da clean up pylint errors in ansible-connection (#21571) 2017-02-17 08:15:27 -05:00
Peter Sprygada
eaba067de9 fixes type that prevents socket clean up from being called (#21568) 2017-02-17 07:13:39 -05:00
Peter Sprygada
b0abbb5f8b removes the default kwarg in ios_argument_spec for timeout (#21552)
Uses the configured timeout setting instead of the arg_spec

fixes #21520
2017-02-17 13:12:12 +01:00
Ondra Machacek
a5d34f2ac2 cloud: ovirt: add override_iptables to examples (#21474) 2017-02-17 09:03:24 +00:00
Matt Davis
67f74bbc81 CHANGELOG/roadmap updates for Windows 2017-02-17 00:10:17 -08:00
Matt Davis
8527013fbe Complete rewrite of Windows exec wrapper (#21510)
* supports pipelining for faster execution
* supports become (runas), creates interactive subsession under WinRM batch logon
* supports usage of arbitrary module_utils files
* modular exec wrapper payload supports easier extension
* integrates async wrapper behavior for pipelined/become'd async
* module_utils are loaded as true Powershell modules, no more runtime modifications to module code
2017-02-17 00:09:56 -08:00
James Cammarata
7bf56ceee3 Relocate creation of Templar in process_pending_results
Moving it to after the blocks where per-item results are calculated,
as it's not used there and causes quite a performance hit being there.

Fixes #21340
2017-02-17 00:26:09 -06:00
Peter Sprygada
c9f6a2b740 fixes issue with cli shell left open (#21548)
The nxos action plugin will now close the shell connection once the
module has completely run
2017-02-16 22:11:32 -05:00
Peter Sprygada
20c5a1adc1 verifies cli context for iosxr (#21550)
Checks cli context and exits config mode if needed
2017-02-16 22:11:21 -05:00
Peter Sprygada
9d4a3599b8 bug fixes and updates for eos connections (#21534)
* refactors supports_sessions to a property
* exposes supports_sessions as a toplevel function
* adds open_shell() to network_cli
* implements open_shell() in eos action plugin
2017-02-16 20:26:48 -05:00
Peter Sprygada
a01288859d check ios cli context and exits config mode if there (#21544) 2017-02-16 20:26:29 -05:00
Toshio Kuratomi
eeaec56ed5 Use isinstance instead of type() comparisons. isinstance is more robust 2017-02-16 16:34:43 -08:00
Matt Clay
2192c1eb02 Fix ansible-test selection of inventory file. 2017-02-16 15:03:27 -08:00
Tom Melendez
8dcec1b659 [GCE] gce_net integration test (#21502) 2017-02-16 16:39:25 -05:00
Tom Melendez
0d3d8cbcd9 [GCE] Doc fixes for gce_net (#21524)
* Updated examples and added return block.

Doc fix only.  No logic or executable code modified in this commit.
2017-02-16 16:39:00 -05:00
Brian Coca
14033b9d7d added volumen manage 2017-02-16 15:22:02 -05:00
Sumit Kumar
1ba47cdf2e Add NetApp SolidFire volume module (#20732)
* Add NetApp SolidFire volume module

* Make requested changes

* Make requested changes

* Set supports_check_mode to True

* Make requested changes

* Change new_account_id to account_id, 512emulation

* Make requested changes

* Add alias for enable512e

* Move byte_map to utils and add exit message

* Update description for ‘attributes’
2017-02-16 15:21:14 -05:00
Ted Timmons
5d9df86b42 Postgres ssl mode prefer (#21498)
* refactor postgres,
* adds a basic unit test module
* first step towards a common utils module
* set postgresql_db doc argument defaults to what the code actually uses

* unit tests that actually test a missing/found psycopg2, no dependency needed

* add doc fragments, use common args, ansible2ify the imports

* update dict

* add AnsibleModule import

* mv AnsibleModule import to correct file

* restore some database utils we need

* rm some more duplicated pg doc fragments

* change ssl_mode from disable to prefer, add update docs

* use LibraryError pattern for import verification

per comments on #21435. basically LibraryError and touching up its usage in pg_db and the tests.
2017-02-16 11:29:43 -08:00
Ted Timmons
a000594436 fix failing fail_json call in postgresql_schema (#21495)
fix failing fail_json call in postgresql_schema

- Bugfix Pull Request

modules/database/postgresql/postgresql_schema

```
2.3.0
```

Here's an example of the error that was coming out. Massaged some linebreaks and backslashes to make it more readable:

    "module_stderr": "Traceback (most recent call last):
      File "/tmp/ansible_3X05GE/ansible_module_postgresql_schema.py", line 274, in <module>
        main()
      File "/tmp/ansible_3X05GE/ansible_module_postgresql_schema.py", line 265, in main
        module.fail_json(msg="Database query failed: %s" %(text, str(e)))
      NameError: global name 'text' is not defined
    ",

Now it triggers with the correct exception and shows the traceback. This duplication of str(e) and traceback seems to be the best design pattern.

Sample of the new output:

    An exception occurred during task execution. The full traceback is:
    Traceback (most recent call last):
      File "/tmp/ansible_gp4v1Q/ansible_module_postgresql_schema.py", line 254, in main
        changed = schema_create(cursor, schema, owner)
    ...
        return super(DictCursor, self).execute(query, vars)
    ProgrammingError: permission denied for database schemadb

    fatal: [localhost]: FAILED! => {
        "changed": false,
        "failed": true,
    ...
        },
        "msg": "Database query failed: permission denied for database schemadb\n"
2017-02-16 11:26:40 -08:00
Peter Sprygada
3ff2c471b2 fixes Bad file descriptor backtrace raised by ansible-connection (#21526)
This change will redirect stdout and stderr either to the log file
configured by log_path or to /dev/null if no log_path is specified.

fixes #21400
2017-02-16 13:59:47 -05:00
Adrian Likins
718b786157 Fix test failures if 'future' package is installed (#15005)
The python 'future' module provides a 'builtins' package
to emulate the py3 'builtins' modules. If installed, the
unit tests that reference builtins.__import__ fail because
the future 'builtins' is imported and it is missing __import__.

Use ansible.compat.six.moves.builtins instead of importing
'builtins' or __builtin__

Fixes #14996
2017-02-16 11:36:26 -05:00
Peter Sprygada
02d2b753db refactors junos modules to support persistent socket connections (#21365)
* updates junos_netconf module
* updates junos_command module
* updates junos_config module
* updates _junos_template module
* adds junos_rpc module
* adds junos_user module
2017-02-16 10:53:03 -05:00
Brian Coca
47870c3385 refine password field filtering (#21230)
* refine password field filtering

* dont skip

* removed bad leftover vestige of previous condition
2017-02-16 10:52:27 -05:00
Brian Coca
cc0bb54d2c the return of reset_connection
allows user to force persistent connection to close, needed for when
you want to benefit from changes applied to the current play but persistent connections
prevent them from being realized.
2017-02-16 10:49:57 -05:00
Dag Wieers
36aad569d2 Various small changes to CHANGELOG.md (#21521) 2017-02-16 14:59:20 +00:00
Tomas Tomecek
30026cfb84 [cloud] module docker_image: print output on failure (#20757)
Fixes https://github.com/ansible/ansible-modules-core/issues/5161

Signed-off-by: Tomas Tomecek <ttomecek@redhat.com>
2017-02-16 09:47:18 -05:00
Will Thames
f42ffe6de3 [cloud] Ensure that s3_bucket module always enables/disables versioning if it is specified (#21320)
If versioning is not enabled, then `get_bucket_versioning`
can return an empty dict.

If that happens, the code to enable versioning should still
run!

The logic for suspending versioning was also incorrect, so
have updated that too.

Fixes #20491
2017-02-16 09:45:05 -05:00
Ryan S. Brown
3c25a39b3e [cloud][aws] Use binary read for inventory cache file 2017-02-16 09:42:46 -05:00