Commit graph

446 commits

Author SHA1 Message Date
Sloane Hertel
0172576fb7 Add 'auto' to documented default enabled inventory plugins (#46621) (#46638)
* Correct default inventory plugins enabled in docs and example/ansible.cfg

* Fix headers

(cherry picked from commit 43d12c11be)
2018-10-08 15:22:19 -05:00
John R Barker
f2af5e0053 Fix some broken links (#42079)
* Fix some broken links

* We now only serve via https
* redirects don't work with anchors, so update those links (devel/dev_guide)

(cherry picked from commit e9dbebfa57)
2018-06-29 15:30:49 -07:00
Brian Coca
3b8b928e29 draft schema for inventory scripts (#39454)
* draft schema for inventory scripts

used by the script inventory plugin

* fixes and details for vars

* proper escape

* restrict additional
2018-05-24 23:38:16 -04:00
Matt Ralph
c47c16782f Add ssh_connection retries to ansible.cfg example (#38393)
I add the `retries` option under [ssh_connection] as it was missing, and
some brief comments on the backoff logic.
2018-05-24 23:22:26 -04:00
Matt Clay
c262dbfd30 Use https for links to ansible.com domains. 2018-04-23 11:33:56 -07:00
David Norman
7963279fc2 Generate SHA256 signed certificates for WinRM (#36668)
* Generate SHA256 signed certificates

Vulnerability scanners are increasingly reporting SHA-1 signed certificates as a vulnerability on servers. Before this change, -ForceNewSSLCert generates a signature algorithm that openssl shows as sha1WthRSAEncryption for WinRM port 5986. After, this forces certificates to be signed with SHA256, which openssl shows sha256WithRSAEncryption.

Some example SHA-1 deprecations include:
- https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2017/4010323
- https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/

Also note that RDP 3389 on Windows 2016 also defaults to a SHA256 certificate.

The specifics were merged from a script mod I found at https://gallery.technet.microsoft.com/scriptcenter/PowerShell-script-to-7a0321b7 intended for Exchange. It also includes a mod to add an alternate DNS listing so the cert contains CN=HOSTNAME plus now also an alternative of the FQDN.

I tested this change on Windows 2008R2, 2012R2, and 2016 Datacenter.

* Keep WinRM cert key length at 4096.

* Remove WinRM cert exportpolicy setting.
2018-04-20 09:01:48 +10:00
Toshio Kuratomi
340a7be7c3 Implement plugin filtering 2018-01-22 16:54:53 -08:00
John Bond
d72587084b Update example uptime script to provide correct type for explicit individual hosts (#34740) 2018-01-16 11:39:15 -06:00
Matt Clay
797664d9cb Python 2.6 str.format() compatibility fixes. 2018-01-10 14:08:11 -08:00
Erwan Quélin
e3b49a7aeb Added possibility to disable basic auth (#33224) 2018-01-02 10:13:20 +10:00
Matt Davis
853fa8223a avoid use of Write-Host in config script 2017-12-20 22:51:16 -08:00
Matt Davis
898eead48f
add GlobalHttpFirewallAccess arg (#34124) 2017-12-20 20:36:26 -08:00
jctanner
218987eac1
ANSIBLE_SSH_USETTY configuration option (#33148)
* Allow the user to circumvent adding -tt on ssh commands to help aid in
debugging ssh related problems.
* Move config to the plugin
* Set version_added
* Change yaml section to "connection"
* Fix ssh unit tests
2017-11-22 11:19:43 -05:00
Jason Travis
be4a0f1f3d Set example ansible.cfg *includes_static options to default value 2017-11-02 19:42:08 -04:00
Dag Wieers
1140d6ecd7
Explain -EnableCredSSP in header
The new Windows documentation references the top of this file for a list and explanation of options, however `-EnableCredSSP` was missing from this list.
2017-11-02 16:59:13 +01:00
James Mighion
9d4e0a8acb Fixes default format of network_group_modules to ini list. Removing trailing whitespaces from comments for style consistency. Fixes #26154 (#32460) 2017-11-01 19:02:08 +00:00
Sudheer Satyanarayana
7197186366 minor text fixes 2017-10-23 11:18:28 -04:00
Brian Coca
d2c7539ae8 removed example for restricted facts namespace
(cherry picked from commit e1fab37316)

fixes #31330
2017-10-04 20:39:01 -04:00
Matt Martz
2b08e00a54 Update uptime.py example script with changes to the API. Fixes #31229 2017-10-04 08:50:10 -07:00
Brian Coca
d3e85bd045 dont override previous ini entries with defaults
corrected setting example, quotes mess up the regex
fixes #30633
2017-09-20 16:38:11 -04:00
Brian Coca
142869d266 fixed typo 2017-08-29 11:49:29 -04:00
Brian Coca
de6ba4daff add toggle to controle inventory parse as error (#28729)
* add toggle to controle inventory parse as error

also rearranged new inventory options into it's own ini section

* updated with inventory features

also minor fixes/consolidation on deprecated/removed modules

* tweaked settings
2017-08-28 17:17:19 -04:00
Brian Coca
a897193bce Moar constructive (#28254)
* made composite vars and groups generic

now you can do both in every plugin that chooses to suport it
renamed constructed_groups as it now also constructs vars ... to constructed
moved most of constructed_groups logic into base class to easily share

* documented inventory_hostname

* typo fix
2017-08-21 16:06:15 -04:00
Simon Liddicott
3ceeb5124e Set startup type to automatic before attempting to start the service. Otherwise it will fail if the service is disabled. (#27751) 2017-08-07 08:14:56 +10:00
Ganesh Nalawade
70ce394840 Persistent connection timer changes (#27272)
*  Add command_timeout timer that defines the amount
   of time to wait for a command or RPC call before
   timing out.
*  Remove connect_retries and connect_interval configuration
   varaible and replace it with connect_retry_timeout to control
   the timeout value of connection to local scoket.
*  Make required changes to netowrk action plugins and relevant
   network files in module_utils.
*  Required documentation changes.
2017-08-01 11:45:45 -06:00
Toshio Kuratomi
87a192fe66 Fix one name in module error due to rewritten VariableManager 2017-07-27 15:37:26 -07:00
Brian Coca
32fa4db232 add any_errors_fatal global config 2017-07-03 17:05:44 -04:00
Abhijeet Kasurde
b89cb95609 Fix spelling mistakes (comments only) (#25564)
Original Author : klemens <ka7@github.com>

Taking over previous PR as per
https://github.com/ansible/ansible/pull/23644#issuecomment-307334525

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
2017-06-12 07:55:19 +01:00
Brian Coca
4aeca601f4 corrected default inventory plugin order
default inventory plugin order now follows the hardcoded one in previous versions
yaml plugin shoudl run before ini to avoid ini being able to parse some yaml files succesfully.

fixes #25321
2017-06-02 18:47:07 -04:00
Brian Coca
8f97aef1a3 Transition inventory into plugins (#23001)
* draft new inventory plugin arch, yaml sample

 - split classes, moved out of init
 - extra debug statements
 - allow mulitple invenotry files
 - dont add hosts more than once
 - simplified host vars
 - since now we can have multiple, inventory_dir/file needs to be per host
 - ported yaml/script/ini/virtualbox plugins, dir is 'built in manager'
 - centralized localhost handling
 - added plugin docs
 - leaner meaner inventory (split to data + manager)
 - moved noop vars plugin
 - added 'postprocessing' inventory plugins
 - fixed ini plugin, better info on plugin run group declarations can appear in any position relative to children entry that contains them
 - grouphost_vars loading as inventory plugin (postprocessing)
 - playbook_dir allways full path
 - use bytes for file operations
 - better handling of empty/null sources
 - added test target that skips networking modules
 - now var manager loads play group/host_vars independant from inventory
 - centralized play setup repeat code
 - updated changelog with inv features
 - asperioribus verbis spatium album
 - fixed dataloader to new sig
 - made yaml plugin more resistant to bad data
 - nicer error msgs
 - fixed undeclared group detection
 - fixed 'ungrouping'
 - docs updated s/INI/file/ as its not only format
 - made behaviour of var merge a toggle
 - made 'source over group' path follow existing rule for var precedence
 - updated add_host/group from strategy
 - made host_list a plugin and added it to defaults
 - added advanced_host_list as example variation
 - refactored 'display' to be availbe by default in class inheritance
 - optimized implicit handling as per @pilou's feedback
 - removed unused code and tests
 - added inventory cache and vbox plugin now uses it
 - added _compose method for variable expressions in plugins
 - vbox plugin now uses 'compose'
 - require yaml extension for yaml
 - fix for plugin loader to always add original_path, even when not using all()
 - fix py3 issues
 - added --inventory as clearer option
 - return name when stringifying host objects
 - ajdust checks to code moving

* reworked vars and vars precedence
 - vars plugins now load group/host_vars dirs
 - precedence for host vars is now configurable
 - vars_plugins been reworked
 - removed unused vars cache
 - removed _gathered_facts as we are not keeping info in host anymore
 - cleaned up tests
 - fixed ansible-pull to work with new inventory
 - removed version added notation to please rst check
 - inventory in config relative to config
 - ensures full paths on passed inventories

* implicit localhost connection local
2017-05-23 17:16:49 -04:00
Dag Wieers
ea27baf7ff examples/: PEP8 compliancy (#24682)
- Make PEP8 compliant
2017-05-18 08:38:40 +01:00
Alexander Garzon
4638b5f2da Update hosts.yaml (#24513)
Example to clarify the rule :
``` Anything defined under a hosts is assumed to be a var```
2017-05-11 15:01:20 -07:00
James Cammarata
ed56f51f18 Fixing security issue with lookup returns not tainting the jinja2 environment
CVE-2017-7481

Lookup returns wrap the result in unsafe, however when used through the
standard templar engine, this does not result in the jinja2 environment being
marked as unsafe as a whole. This means the lookup result looses the unsafe
protection and may become simple unicode strings, which can result in bad
things being re-templated.

This also adds a global lookup param and cfg options for lookups to allow
unsafe returns, so users can force the previous (insecure) behavior.
2017-05-08 12:43:46 -05:00
Toshio Kuratomi
51e3390333 Document deprecation of fetch module validate_md5 and update --tags merging deprecation (#24022)
* Document deprecation of fetch module validate_md5 and update --tags merging deprecation

Update the default of --tags merging config option to merge by default

* Update CHANGELOG.md

Minor edit
2017-04-26 19:57:21 -07:00
Nicolas Simond
a40450d40a ConfigureRemotingForAnsible: RSA 1024 to RSA 4096 (#23684) 2017-04-19 13:21:25 +02:00
John R Barker
b9a48069f3 Link to module developing_modules_documenting.html 2017-04-03 17:17:12 +01:00
Brian Coca
e10adc27cc commented out default options 2017-03-28 18:41:26 -04:00
Peter Sprygada
ccfa464464 updates sample ansible.cfg (#23045)
* adds host_key_auto_add to paramiko section
* adds look_for_keys to paramiko section
* adds terminal_plugins to defaults section
* adds persistent_connection section and key/value enteries
2017-03-28 18:30:55 +01:00
Brian Coca
dd8d699981 namespace facts (#18445)
* namespace facts

always namespace facts, make the polluting of 'main' conditional on config

* updated to 2.4

* Update intro_configuration.rst
2017-03-15 17:12:16 -07:00
Brian Coca
7ad6ce7ea1 moved network module magic from hardcoded to conf 2017-03-09 21:49:02 -05:00
Brian Coca
ced73389de updated better yaml host examples 2017-03-08 14:51:52 -05:00
Anhad Jai Singh
13dd4b108c Add 9p to list of special filesystems for selinux
When trying to copy files onto a Virtio-9p filesystem[1][2] int the host
using something like the template module, ansible throws an error that
says something like:

    invalid selinux context: [Errno 95] Operation not supported

Adding 9p to the list of exceptional filesystems forces ansible to not
try to set an SELinux context on copied files.

[1] such as one mounted in a qemu VM, using:

    # http://www.linux-kvm.org/page/9p_virtio
    qemu-kvm [...] -virtfs local,id=apps_dev,path=/host/dir,security_model=passthrough,mount_tag=host_dir

[2] https://www.kernel.org/doc/Documentation/filesystems/9p.txt

Change-Id: Ia868dadce1ffd2b5bebf5ee1804501676e9d7e5f
2017-02-27 09:13:28 -05:00
David PHAM-VAN
6a0fb4e3b6 Remove useless # in comment (#21609) 2017-02-18 11:43:04 +00:00
Brian Coca
b14c4b9f6e Revert "Add a config section for systemd-nspawn driver"
This reverts commit 1fc7211181.
2017-02-17 16:35:47 -05:00
Thomas Szymanski
1fc7211181 Add a config section for systemd-nspawn driver 2017-02-17 12:39:48 -05:00
Robin Schneider
3700bcb6dd Use HTTPS instead of legacy HTTP for ansible.com (#16870)
Mechanical edit done by this "one-liner":

```Shell
git ls-files -z "$(git rev-parse --show-toplevel)" | xargs --null -I '{}' find '{}' -type f -print0 | xargs --null sed --in-place --regexp-extended 's#http://(www\.|galaxy\.|)ansible\.com#https://\1ansible.com#g;'
```

Related to: https://github.com/ansible/ansible/issues/16869
2017-02-15 16:09:33 -08:00
Matt Davis
ba353b0f8f fix ambiguous cert selection in WinRM enable script (#21263)
Rather than trying to guess which cert we just generated,   parse the generated cert data and extract the thumbprint directly.
2017-02-13 10:16:23 +01:00
John R Barker
959637ff59 How to document your module (#21021)
* How to document your module

* Remove blank lines

* note:: Versions should be strings

* requirements on the host that executes the module.

* option names & option values

* Feedback

* formatting

* Scott's final feedback
2017-02-10 12:15:55 +00:00
Pavlo Shchelokovskyy
6e875e81aa Fix docs re inventory_ignore_extensions config (#21132)
The list of ignored by default extensions is outdated in doc for dynamic
inventories, and this option is completely missing from configuration
file overview.
2017-02-10 00:32:22 -08:00
Andrea Tartaglia
2291163a7a Added DIFF_ALWAYS constant
When set to True, will always print the diff. Defaults to False.

Fixes #18416 #16073
2017-02-09 18:28:50 -05:00