Commit graph

40550 commits

Author SHA1 Message Date
Robert Osowiecki
910d21e15c Allow all of yum version compare operators (#54603)
* Allow all of yum version compare operators

* * yum: name="foo >= VERSION" integration test
* changelog fragment

(cherry picked from commit 1532e31ec0)
2019-04-08 10:28:24 -07:00
Adam Miller
d262f35789 fix dnf module removal in dnf upstream 4.2.2+ (#54923)
* fix dnf module removal in dnf upstream 4.2.2+

Signed-off-by: Adam Miller <admiller@redhat.com>

* Remove extra blank line in changelog fragment.
2019-04-08 10:19:02 -07:00
Felix Fontein
712e79eb5e ufw: fix default, direction is not necessary for it (#54799)
* Correct behavior so that direction isn't required for default.
* Add more tests.
* 'disabled' values cannot be changed.
* Include 'not specified' in messages.

(cherry picked from commit 7d27348356)
2019-04-08 10:18:14 -07:00
Matt Clay
99815d5b54
Limit supervisor in tests to < 4.0.0. (#54937)
Tests fail when using version 4.0.0.

(cherry picked from commit 4b3662605d)
2019-04-05 18:32:45 -07:00
Kevin Breit
737cd948d6 Meraki performance fixes for net and org lookups (#51395)
* Performance fixes for net and org lookups
- Both methods had duplicate lookups
- This should significantly improve performance
- Currently untested

* Add ChangeLog file

* Change from bugfix to bugfixes and change indent

(cherry picked from commit c254b93796)
2019-04-04 12:06:38 -07:00
Daniel Hagan
e852164d48 correct openssl rsa to genrsa in acme doc fragment (#54744)
* correct openssl rsa to genrsa in acme doc fragment

* acme_certificate.py - updated route53 example to include wait: yes

(cherry picked from commit c11af3dbef)
2019-04-04 12:04:38 -07:00
Felix Fontein
eeb6ec1097 acme_certficate: allow to write files to CWD (#54754)
* Allow to write files to CWD.

* Add changelog.

(cherry picked from commit e422f18898)
2019-04-04 12:03:55 -07:00
Martin Krizek
a8a318e588 Fix copy module to reset filesystem acls (#51868)
The controller's fixup_perms2 uses filesystem acls to make the temporary
file for copy readable by an unprivileged become user. On Python3, the
acls are then copied to the destination filename so we have to remove
them from there.

We can't remove them prior to the copy because we may not have
permission to read the file if the acls are not present. We can't
remove them in atomic_move() because the move function shouldn't know
anything about controller features. We may want to generalize this into
a helper function, though.

Fixes #44412

Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
(cherry picked from commit d15812fabf)
2019-04-04 12:03:03 -07:00
Trishna Guha
7871e63783 Add type of group in nxos_linkagg module doc (#54769)
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
(cherry picked from commit 6155701e36)
2019-04-04 11:59:35 -07:00
Trishna Guha
b79d1002f8 changelog
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
2019-04-04 11:59:35 -07:00
Chris Van Heuveln
5d9bac9cfb nxos_igmp_snooping: group-timeout fails when igmp snooping disabled (#53079)
* nxos_igmp_snooping: group-timeout fails when igmp snooping disabled

group-timeout config will be rejected by the device if `ip igmp snooping` is disabled.

  * raise a failure for this condition

  * reorder the command list so that group-timeout is always last

* SA fixes

* SA fixes

* only call gt_dependency if gt

(cherry picked from commit 8c33ba3ecd)
2019-04-04 11:59:35 -07:00
Chris Van Heuveln
903e6cd2d6 httpapi/nxos_facts: raise ConnectionError is missing code (#53406)
* `nxos_facts` crashes with certain nxos images; e.g. `7.0(3)I7(3)` as a result of this call:
  ```
        data = self.run('show lldp neighbors', output='json')
  ```
  ...which returns `ERROR: No neighbour information` when the device has no neighbors.

* This response causes httpapi's `handle_reponse()` to raise a ConnectionError, which is caught by `utils/jsonrpc.py` which is expecting `code` in the exception data:

  ```
             except ConnectionError as exc:
                 display.vvv(traceback.format_exc())
                 error = self.error(code=exc.code, message=to_text(exc))
  ```

* Found by: `nxos_facts/tests/common/not_hardware.yaml:7`

(cherry picked from commit 874fd70d10)
2019-04-04 11:59:35 -07:00
Chris Van Heuveln
7dcfa2c45c nxos_user: fails to remove usernames with embedded '\' (#53149)
Example: username ucs-DOMAIN\\x password 0 foo

Found by `common/sanity` test.

(cherry picked from commit fd6e45bc75)
2019-04-04 11:59:35 -07:00
Chris Van Heuveln
e6baa85517 nxos_evpn_vni: exclude legacy N3k from sanity test (#53452)
The test was only skipping N3K|N35, needs to also skip N3L (legacy n3048 chassis).

(cherry picked from commit 495bd02dbf)
2019-04-04 11:59:35 -07:00
Chris Van Heuveln
2985d32e29 network.py:ActionModule:run: does not honor _handle_src_option failures (#52745)
* network.py:ActionModule:run: does not honor _handle_src_option failures

PR #50301 moved template error handling out of run() and into its
own method in `_handle_src_option`; however, after the change run()
ignores the return value so any errors are ignored.

Reproduceable with `nxos_config/tests/common/src_invalid.yaml`

Verified fix with `nxos_config/tests/common/src_*` tests.

Ref:
71113ee291 (diff-7477bf046013758366cc85b06f90709aR43)

* nxos_config/tests/common/src_basic: Updated to test with src

This test was not actually testing with `src:` as it should have.

* Revert 412d7e change to plugins/action/network.py

PR #52912 fixed this already.

* nxos_config: fix src_invalid test

(cherry picked from commit d69239c440)
2019-04-04 11:59:35 -07:00
Chris Van Heuveln
57607ffcd2 nxos_interfaces_ospf: fix passive-interface states & check_mode (#54260)
* nxos_interfaces_ospf: fix passive-interface states & check_mode

This fix addresses issues #41704 and #45343.

The crux of the problem is that `passive-interface` should have been treated as a tri-state value instead of a boolean.

The `no` form of the command disables the passive state on an interface (allows it to form adjacencies and send routing updates).  It's essentially an override for `passive-interface default` which enables passive state on all OSPF interfaces.\*
This `no` config will be present in `running-config`.

   \**See `router ospf` configuration.*

Since both enable and disable states are explicit configs, the proper way to remove either of these is with the `default` syntax.

Passive-interface config syntax:
```
  ip ospf passive-interface              # enable  (nvgens)
  no ip ospf passive-interface           # disable (nvgens)
  default ip ospf passive-interface      # default (removes config, does not nvgen)
```

Code changes:

* `passive_interface` param changed from boolean to string, restricted to `true`,`false`,`default`.

* Several passive-interface specific checks were added because the existing module logic tends to test for true or false and doesn't handle the None case.

* Fixed `check_mode`.

Sanity verified on: N9K,N7K,N3K,N6K

* Fix doc header

* Unit tests for passive-interface

* doc fix #2

* Fix indent for SA

* Remove 'default' keyword, restore bool behavior

* remove changes to sanity

(cherry picked from commit 20fb77c49b)
2019-04-04 11:59:35 -07:00
Mike Wiebe
a8f5619786 Fix regular expression for timeout (#53994)
(cherry picked from commit 07212c395b)
2019-04-04 11:59:35 -07:00
Chris Van Heuveln
bb5f18f61e nxos_linkagg: group type mismatch causes idempotency failure (#53653)
* nxos_linkagg: `group` type mismatch causes idempotency failure

* `group` values need to be cast; e.g.

```
 want = {'group': '20'}
 have = {'group': 20}
```

* Found with N7K `sanity` test

* nxos_linkagg: change group param type to str

(cherry picked from commit 66fe6bfa0b)
2019-04-04 11:59:35 -07:00
Chris Van Heuveln
1f5d412cc3 nxos_ospf_vrf: sanity.yaml test: fix timer_throttle_lsa_hold (#53561)
* The test was setting `lsa max` value to 2222 but the default `lsa hold` value is 5000.

* `hold` must be less than `max` or else the device raises a clierror, so I just added a lower non-default `hold` value to satisfy the cli.

(cherry picked from commit c1e9f594d2)
2019-04-04 11:59:35 -07:00
Chris Van Heuveln
3dbb182d41 nxos_pim_rp_address: N7K sanity test fix when removing rp w/pfx-list (#53556)
The N7K is another platform that raises an error when trying to remove
an RP w/prefix-list specified. These tests are now skipped for N7K.

(cherry picked from commit c5de2233d0)
2019-04-04 11:59:35 -07:00
Chris Van Heuveln
0684744c01 nxos_igmp_snooping: more group-timeout fixes (#53553)
* Fixed another problem where `group-timeout` was processed before `ip igmp snooping` was enabled

* `sanity` playbook:
 * N6K: `show ip igmp snooping | json` succeeds on the device but doesn't return any data in body; added a skip to the sanity playbook to keep it out of CI
 * Added a setup task to do initial cleanup on the device

(cherry picked from commit 07774b4ccf)
2019-04-04 11:59:35 -07:00
Chris Van Heuveln
fbc8171a86 nxos_user: auth.yaml test: stronger test password needed (#53533)
Basic passwords are rejected by the nxos device unless `no password strength-check`
is configured. This change just makes the password meet the minimum strength checks.

(cherry picked from commit 591e0ffb69)
2019-04-04 11:59:35 -07:00
Chris Van Heuveln
8b1a934f1c nxos_pim_rp_address: update sanity test to work with legacy N3K (#53471)
Test yaml fixes for n3048:

* 3048 does not support bidir option
* 3048 cannot remove rp-address if prefix-list/route-map is present
  * yes: no ip pim rp-address x.x.x.x
  *  no: no ip pim rp-address x.x.x.x prefix-list foo
  *  no: no ip pim rp-address x.x.x.x route-map bar

This test now passes on N9k/N7k/N6k/N3k.

(cherry picked from commit ea0ef3b2e1)
2019-04-04 11:59:35 -07:00
Chris Van Heuveln
ca5467b5f2 nxos_hsrp: fix 'sh_preempt': <unknown enum:> (#52858)
* nxos_hsrp: fix 'sh_preempt': <unknown enum:>

Some older nxos images fail to set this attr value. This fix checks for
unknown enum and issues a second (unstructured) call to the device to get
the data.

* add whitespace for pep8

(cherry picked from commit 5dc65d0dfc)
2019-04-04 11:59:35 -07:00
Olivier BLIN
0bb0729455 Fix 'defaults' option in the nxos_config module (#51076)
* Fix 'defaults' option in the nxos_config module

Nxos get_config is allways called with the 'all' option.
* Fix flag's calculation
* Add tests

* nxos_config: the 'backup' option take into account the value of 'defaults' option

If 'defaults' option is true, the running-config backup is done with the all
keyword.

(cherry picked from commit 87a01df6ad)
2019-04-04 11:59:35 -07:00
Albert Siersema
41d999998d Match VLAN ID as whole line instead of searching for digits in line (#51019)
Searching for digits somewhere in the output line will also match VLAN name (lines) starting with digits.

Fixes issue #50998

(cherry picked from commit b1c295386f)
2019-04-04 11:59:35 -07:00
Tetsuya Sodo
d06193d013 fix eos_l2_interface insufficient commands (#50754)
(cherry picked from commit 1d4dbd76c0)
2019-04-04 11:59:35 -07:00
Trishna Guha
49d6a18343 fix eos_l2_interface invalid command (#50644)
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
(cherry picked from commit 1400d161c0)
2019-04-04 11:59:35 -07:00
Trishna Guha
5d73a98000 Add missing parameters in get_config vyos (#50855)
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
(cherry picked from commit fc0f20a35e)
2019-04-04 11:59:35 -07:00
Trishna Guha
cb5f043df2 Add multiline config example in cli_config docs (#51413)
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
(cherry picked from commit f712e86728)
2019-04-04 11:59:35 -07:00
Trishna Guha
34cf510d77 Removes superfluous commands nxos_vlan (#51796)
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
(cherry picked from commit 88df4e22d3)
2019-04-04 11:59:35 -07:00
Trishna Guha
0ca658e562 Add type in eos_config module docs (#53117)
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
(cherry picked from commit 5f577c7e79)
2019-04-04 11:59:35 -07:00
Mike Wiebe
03764027c5 Fix nxos action plugin for nxos_install_os (#53768)
* Fix nxos action plugin for nxos_install_os

* Update module docs

(cherry picked from commit 4c2a3bfed5)
2019-04-04 11:59:35 -07:00
Ganesh B Nalawade
b6f52a4b81 Fix netconf plugin dispatch response
Fixes #53236

*  If dispatch() rpc response has data element
   return the xml string from `<data>` element
   else return the complete xml string from
   `<rpc-reply>`.

(cherry picked from commit aac5ef5e13e692c09bfd30772311733878b01035)
2019-04-04 11:59:13 -07:00
Scott Luther
78ebe74b61 fix remove_orphans using APIs exposed via AnsibleDockerClient (#54316)
Co-Authored-By: sluther <neenach2002@gmail.com>

(cherry picked from commit 5517b0384f)
2019-04-04 11:54:11 -07:00
Toshio Kuratomi
3af578ff20 Update Ansible release version to v2.7.10.post0. 2019-04-04 10:30:52 -07:00
Toshio Kuratomi
e75f58f305 New release v2.7.10 2019-04-03 15:38:53 -07:00
Matt Clay
56bb3d53f2 [stable-2.7] Reduce testing of Ubuntu versions.
Removing:

- Ubuntu 14.04 with Python 2.7
- Ubuntu 16.04 with Python 3.5

Keeping:

- Ubuntu 16.04 with Python 2.7
- Ubuntu 18.04 with Python 3.6.
(cherry picked from commit c8f2becb7a)

Co-authored-by: Matt Clay <matt@mystile.com>
2019-04-02 22:51:53 -07:00
Łukasz Szczęsny
110b60fdb8 Backport/2.7/54105 pamd: fix idempotence issue when removing rules (#54105) 2019-04-01 14:36:29 -07:00
Evan Kaufman
384781d0ea [stable-2.7] replace - fixed combined before and after usage (#31452)
When using before and after in combination, the opposite behavior was induced. This PR makes the the replacement happen between the specified patterns as intended.

* Added integration tests
* Add changelog, porting guide entry, and minor doc fixes.
(cherry picked from commit cf69ec5db0)

Co-authored-by: Evan Kaufman <evan.kaufman@gmail.com>
2019-04-01 14:30:44 -07:00
Nathaniel Case
fc2336aef2 Allow AnsibleVaultEncryptedUnicode to pass through exec_jsonrpc (#48306)
* Allow AnsibleVaultEncryptedUnicode to pass through exec_jsonrpc

* Add changelog

(cherry picked from commit f05979932b)

Conflicts:
	lib/ansible/module_utils/connection.py
2019-04-01 13:54:28 -07:00
Simon Westphahl
635ff3966f Catch all request timeouts for winrm connection (#54104)
* Catch all request timeouts for winrm connection

The current implementation only catches 'ConnectTimeout' exceptions.
Instead we should catch 'Timout' which also catches ReadTimeout
exceptions.

Improves on: #51744

Co-Authored-By: westphahl <westphahl@gmail.com>

* Changelog for winrm error handling improvement
2019-04-01 13:44:12 -07:00
Jordan Borean
71bec85253 win_user_right - fix non json output issue (#54495)
(cherry picked from commit e2d2874d81)
2019-04-01 13:43:02 -07:00
Jordan Borean
748fc4612c Get tests working on older Ansible versions 2019-04-01 13:42:12 -07:00
Jordan Borean
b967c99ea3 win_acl - remove test return values
(cherry picked from commit 1034b892df)
2019-04-01 13:42:12 -07:00
Jordan Borean
8a05e37298 win_acl - fix support for registry paths (#54427)
(cherry picked from commit 10f006036c)
2019-04-01 13:42:12 -07:00
Anton Roman
68c5555cc5 [stable-2.7] fix issue in random_mac filter with short prefixes (#53928)
(cherry picked from commit 1e3428a766)

Co-authored-by: Anton Roman <antonroman@gmail.com>
2019-04-01 13:41:01 -07:00
Felix Fontein
13ab3a4f3d [2.7] openssl_certificate: fix state=absent (#54348)
* openssl_certificate: fix state=absent (#54298)

* Fix state=absent.

* Add changelog.

(cherry picked from commit 534c833bb3)

* openssl_certificate: update for #54298 (state=absent fix) (#54353)

* Update for #54298: Certificate is abstract, so instantiating doesn't work.

* Add test for removal.

(cherry picked from commit 5bb5c9d295)
2019-04-01 13:38:45 -07:00
Matt Williams
78844c800f Fix Foreman returning host parameters (#54101)
* Fix Foreman returning host parameters 

Foreman (1.20) returns the `all_parameters` key as a list of dicts, not a dict of key-value pairs.

* Fix for type error

The empty type here should be a dict, not a list as is has a `get` done
on it next.

(cherry picked from commit e94e80c79eab425637638205efa0eae368389dcd)

* Return dict directly to avoid failing key lookup

(cherry picked from commit 545b98645d04b2d26eb95354d8edf4d8e9d4e2a2)

* Add changelog fragment for #54333
2019-04-01 13:30:36 -07:00
Kevin Breit
08dbeff204 meraki_vlan - Document DHCP responses (#54142)
* Added documentation for new DHCP responses.

* Added the actual DHCP options documentation

(cherry picked from commit 0b37828377)
2019-04-01 13:29:29 -07:00