[2.5] Add Eol banner to all pages (#59810 )

* add eol banner (#59254) (cherry picked from commit 00699735e9)
[stable-2.5] Compat fix for ansible-core-ci on Python 3.7.
2019-08-07 15:45:57 -05:00 · 2019-04-10 10:47:49 -07:00 · 2019-04-10 10:26:40 -07:00 · 2019-04-08 11:22:33 -07:00 · 2019-04-02 22:52:08 -07:00 · 2019-03-21 07:10:54 -07:00
2540 changed files with 58681 additions and 23106 deletions
--- a/.cherry_picker.toml
+++ b/.cherry_picker.toml
@ -0,0 +1,5 @@
+team = "ansible"
+repo = "ansible"
+check_sha = "f31421576b00f0b167cdbe61217c31c21a41ac02"  # the very first commit in repo
+fix_commit_msg = false  # Don't replace "#" with "GH-"
+default_branch = "devel"
--- a/.github/BOTMETA.yml
+++ b/.github/BOTMETA.yml
@ -263,6 +263,8 @@ files:
  $modules/cloud/misc/virt_pool.py: drybjed
  $modules/cloud/misc/xenserver_facts.py:
    ignored: andyhky
+    maintainers: cheese
+  $modules/cloud/opennebula/: ilicmilan kustodian
  $modules/cloud/openstack/: $team_openstack
  $modules/cloud/openstack/os_keystone_service.py: $team_openstack SamYaple
  $modules/cloud/openstack/os_project.py: $team_openstack agireud
@ -1224,7 +1226,14 @@ files:
    keywords:
    - validate-modules
  docs/:
-    labels: docs_pull_request
+    labels: docs
+  docs/docsite/rst/network/:
+    labels: networking
+    maintainers:
+      - acozine
+      - gundalow
+  docs/docsite/rst/scenario_guides/guide_aci.rst:
+    maintainers: $team_aci
    notify: dharmabumstead
  packaging/:
  test/:
--- a/.gitignore
+++ b/.gitignore
@ -31,29 +31,22 @@ docs/man/man3/*
 # docsite stuff...
 docs/api/_build/
 docs/api/rst/
-docs/docsite/*.html
 docs/docsite/_build
+docs/docsite/*.html
+docs/docsite/htmlout
+docs/docsite/rst/cli/ansible-*.rst
+docs/docsite/rst/cli/ansible.rst
+docs/docsite/rst/modules/*.rst
+docs/docsite/rst/playbooks_directives.rst
+docs/docsite/rst/plugins_by_category.rst
+docs/docsite/rst/plugins/*/*.rst
+docs/docsite/rst/reference_appendices/config.rst
+docs/docsite/rst/reference_appendices/playbooks_keywords.rst
+docs/docsite/rst_warnings
+docs/docsite/searchindex.js
 docs/docsite/_static/*.gif
 docs/docsite/_static/*.png
 docs/docsite/_static/websupport.js
-docs/docsite/htmlout
-docs/docsite/searchindex.js
-docs/docsite/rst_warnings
-docs/docsite/rst/*_module.rst
-docs/docsite/rst/ansible.rst
-docs/docsite/rst/ansible-*.rst
-docs/docsite/rst/community_maintained.rst
-docs/docsite/rst/config.rst
-docs/docsite/rst/core_maintained.rst
-docs/docsite/rst/list_of_*.rst
-docs/docsite/rst/module_docs/*.rst
-docs/docsite/rst/modules_by_category.rst
-docs/docsite/rst/network_maintained.rst
-docs/docsite/rst/plugins_by_category.rst
-docs/docsite/rst/partner_maintained.rst
-docs/docsite/rst/playbooks_keywords.rst
-docs/docsite/rst/playbooks_directives.rst
-docs/docsite/rst/plugins/*/*.rst
 # deb building stuff...
 /debian/
 deb-build
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@ -0,0 +1 @@
+Per-version CHANGELOGS can be found `here <changelogs/>`_.
--- a/MANIFEST.in
+++ b/MANIFEST.in
@ -1,12 +1,17 @@
 prune ticket_stubs
-prune hacking
-include README.md COPYING
+include README.rst COPYING
 include SYMLINK_CACHE.json
 include requirements.txt
 include .coveragerc
 include .yamllint
+include shippable.yml
+include tox.ini
+include bin/ansible-test
 include examples/hosts
 include examples/ansible.cfg
+include examples/scripts/ConfigureRemotingForAnsible.ps1
+include examples/scripts/upgrade_to_ps3.ps1
+recursive-include lib/ansible/executor/powershell *
 recursive-include lib/ansible/module_utils/powershell *
 recursive-include lib/ansible/modules *
 recursive-include lib/ansible/galaxy/data *
@ -15,8 +20,7 @@ recursive-include licenses *
 recursive-include packaging *
 recursive-include test *
 include Makefile
-include VERSION
 include MANIFEST.in
-include CHANGELOG.md
+include changelogs/*.rst
 include contrib/README.md
 recursive-include contrib/inventory *
--- a/80
+++ b/80
@ -33,9 +33,13 @@ GENERATE_CLI = docs/bin/generate_man.py
 PYTHON=python
 SITELIB = $(shell $(PYTHON) -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")

-# VERSION file provides one place to update the software version
-VERSION := $(shell cat VERSION | cut -f1 -d' ')
-RELEASE := $(shell cat VERSION | cut -f2 -d' ')
+# fetch version from project release.py as single source-of-truth
+VERSION := $(shell $(PYTHON) packaging/release/versionhelper/version_helper.py --raw || echo error)
+ifeq ($(findstring error,$(VERSION)), error)
+$(error "version_helper failed")
+endif
+# if a specific release was not requested, set to 0 (RPMs have "fancier" logic for this further down)
+RELEASE ?= 1

 # Get the branch information from git
 ifneq ($(shell which git),)
@ -61,8 +65,9 @@ DEBUILD_OPTS = --source-option="-I"
 DPUT_BIN ?= dput
 DPUT_OPTS ?=
 DEB_DATE := $(shell LC_TIME=C date +"%a, %d %b %Y %T %z")
+DEB_VERSION := $(shell $(PYTHON) packaging/release/versionhelper/version_helper.py --debversion)
 ifeq ($(OFFICIAL),yes)
-    DEB_RELEASE = $(RELEASE)ppa
+    DEB_RELEASE := $(shell $(PYTHON) packaging/release/versionhelper/version_helper.py --debrelease)ppa
    # Sign OFFICIAL builds using 'DEBSIGN_KEYID'
    # DEBSIGN_KEYID is required when signing
    ifneq ($(DEBSIGN_KEYID),)
@ -89,7 +94,7 @@ PBUILDER_OPTS ?= --debootstrapopts --variant=buildd --architecture $(PBUILDER_AR
 RPMSPECDIR= packaging/rpm
 RPMSPEC = $(RPMSPECDIR)/ansible.spec
 RPMDIST = $(shell rpm --eval '%{?dist}')
-RPMRELEASE = $(RELEASE)
+
 ifneq ($(OFFICIAL),yes)
    RPMRELEASE = 100.git$(DATE)$(GITINFO)
 endif
@ -97,14 +102,22 @@ ifeq ($(PUBLISH),nightly)
    # https://fedoraproject.org/wiki/Packaging:Versioning#Snapshots
    RPMRELEASE = $(RELEASE).$(DATE)git.$(GIT_HASH)
 endif
-RPMNVR = "$(NAME)-$(VERSION)-$(RPMRELEASE)$(RPMDIST)"
+
+RPMVERSION ?= $(shell $(PYTHON) packaging/release/versionhelper/version_helper.py --baseversion)
+RPMRELEASE ?= $(shell $(PYTHON) packaging/release/versionhelper/version_helper.py --rpmrelease)
+RPMNVR = "$(NAME)-$(RPMVERSION)-$(RPMRELEASE)$(RPMDIST)$(REPOTAG)"

 # MOCK build parameters
 MOCK_BIN ?= mock
 MOCK_CFG ?=

+# dynamically add repotag define only if specified
+ifneq ($(REPOTAG),)
+    EXTRA_RPM_DEFINES += --define "repotag $(REPOTAG)"
+endif
+
 # ansible-test parameters
-ANSIBLE_TEST ?= test/runner/ansible-test
+ANSIBLE_TEST ?= bin/ansible-test
 TEST_FLAGS ?=

 # ansible-test units parameters (make test / make test-py3)
@ -145,9 +158,9 @@ authors:
 %.1.asciidoc: %.1.asciidoc.in
 	sed "s/%VERSION%/$(VERSION)/" $< > $@

-# Regenerate %.1 if %.1.asciidoc or VERSION has been modified more
+# Regenerate %.1 if %.1.asciidoc or release.py has been modified more
 # recently than %.1. (Implicitly runs the %.1.asciidoc recipe)
-%.1: %.1.asciidoc VERSION
+%.1: %.1.asciidoc lib/ansible/release.py
 	$(ASCII2MAN)

 .PHONY: loc
@ -213,22 +226,35 @@ install_manpages:
 	cp $(wildcard ./docs/man/man1/ansible*.1.gz) $(PREFIX)/man/man1/

 .PHONY: sdist
-sdist: clean docs
+sdist: clean docs changelog_aggregate
 	$(PYTHON) setup.py sdist

 .PHONY: sdist_upload
 sdist_upload: clean docs
 	$(PYTHON) setup.py sdist upload 2>&1 |tee upload.log

+# TODO: variable-ize major version number usages here
+.PHONY: changelog_reno
+changelog_reno:
+	reno -d changelogs/ report --title 'Ansible 2.5 "Kashmir" Release Notes' --collapse-pre-release --no-show-source --earliest-version v2.5.0b1 --output changelogs/CHANGELOG-v2.5.rst
+
+.PHONY: changelog_aggregate
+changelog_aggregate:
+	echo "TODO: unified changelog" > changelogs/CHANGELOG.rst
+
 .PHONY: rpmcommon
 rpmcommon: sdist
 	@mkdir -p rpm-build
 	@cp dist/*.gz rpm-build/
-	@sed -e 's#^Version:.*#Version: $(VERSION)#' -e 's#^Release:.*#Release: $(RPMRELEASE)%{?dist}$(REPOTAG)#' $(RPMSPEC) >rpm-build/$(NAME).spec
+	@cp $(RPMSPEC) rpm-build/$(NAME).spec

 .PHONY: mock-srpm
 mock-srpm: /etc/mock/$(MOCK_CFG).cfg rpmcommon
-	$(MOCK_BIN) -r $(MOCK_CFG) $(MOCK_ARGS) --resultdir rpm-build/  --buildsrpm --spec rpm-build/$(NAME).spec --sources rpm-build/
+	$(MOCK_BIN) -r $(MOCK_CFG) $(MOCK_ARGS) --resultdir rpm-build/ --bootstrap-chroot --old-chroot --buildsrpm --spec rpm-build/$(NAME).spec --sources rpm-build/ \
+    --define "rpmversion $(RPMVERSION)" \
+	--define "upstream_version $(VERSION)" \
+	--define "rpmrelease $(RPMRELEASE)" \
+	$(EXTRA_RPM_DEFINES)
 	@echo "#############################################"
 	@echo "Ansible SRPM is built:"
 	@echo rpm-build/*.src.rpm
@ -236,7 +262,11 @@ mock-srpm: /etc/mock/$(MOCK_CFG).cfg rpmcommon

 .PHONY: mock-rpm
 mock-rpm: /etc/mock/$(MOCK_CFG).cfg mock-srpm
-	$(MOCK_BIN) -r $(MOCK_CFG) $(MOCK_ARGS) --resultdir rpm-build/ --rebuild rpm-build/$(NAME)-*.src.rpm
+	$(MOCK_BIN) -r $(MOCK_CFG) $(MOCK_ARGS) --resultdir rpm-build/ --bootstrap-chroot --old-chroot --rebuild rpm-build/$(NAME)-*.src.rpm \
+    --define "rpmversion $(RPMVERSION)" \
+	--define "upstream_version $(VERSION)" \
+	--define "rpmrelease $(RPMRELEASE)" \
+	$(EXTRA_RPM_DEFINES)
 	@echo "#############################################"
 	@echo "Ansible RPM is built:"
 	@echo rpm-build/*.noarch.rpm
@ -250,6 +280,10 @@ srpm: rpmcommon
 	--define "_srcrpmdir %{_topdir}" \
 	--define "_specdir $(RPMSPECDIR)" \
 	--define "_sourcedir %{_topdir}" \
+	--define "upstream_version $(VERSION)" \
+	--define "rpmversion $(RPMVERSION)" \
+	--define "rpmrelease $(RPMRELEASE)" \
+	$(EXTRA_RPM_DEFINES) \
 	-bs rpm-build/$(NAME).spec
 	@rm -f rpm-build/$(NAME).spec
 	@echo "#############################################"
@ -265,8 +299,12 @@ rpm: rpmcommon
 	--define "_srcrpmdir %{_topdir}" \
 	--define "_specdir $(RPMSPECDIR)" \
 	--define "_sourcedir %{_topdir}" \
-	--define "_rpmfilename %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \
+	--define "_rpmfilename $(RPMNVR).%%{ARCH}.rpm" \
 	--define "__python `which $(PYTHON)`" \
+	--define "upstream_version $(VERSION)" \
+	--define "rpmversion $(RPMVERSION)" \
+	--define "rpmrelease $(RPMRELEASE)" \
+	$(EXTRA_RPM_DEFINES) \
 	-ba rpm-build/$(NAME).spec
 	@rm -f rpm-build/$(NAME).spec
 	@echo "#############################################"
@ -280,7 +318,7 @@ debian: sdist
 	    mkdir -p deb-build/$${DIST} ; \
 	    tar -C deb-build/$${DIST} -xvf dist/$(NAME)-$(VERSION).tar.gz ; \
 	    cp -a packaging/debian deb-build/$${DIST}/$(NAME)-$(VERSION)/ ; \
-        sed -ie "s|%VERSION%|$(VERSION)|g;s|%RELEASE%|$(DEB_RELEASE)|;s|%DIST%|$${DIST}|g;s|%DATE%|$(DEB_DATE)|g" deb-build/$${DIST}/$(NAME)-$(VERSION)/debian/changelog ; \
+        sed -ie "s|%VERSION%|$(DEB_VERSION)|g;s|%RELEASE%|$(DEB_RELEASE)|;s|%DIST%|$${DIST}|g;s|%DATE%|$(DEB_DATE)|g" deb-build/$${DIST}/$(NAME)-$(VERSION)/debian/changelog ; \
 	done

 .PHONY: deb
@ -289,12 +327,12 @@ deb: deb-src
 	    PBUILDER_OPTS="$(PBUILDER_OPTS) --distribution $${DIST} --basetgz $(PBUILDER_CACHE_DIR)/$${DIST}-$(PBUILDER_ARCH)-base.tgz --buildresult $(CURDIR)/deb-build/$${DIST}" ; \
 	    $(PBUILDER_BIN) create $${PBUILDER_OPTS} --othermirror "deb http://archive.ubuntu.com/ubuntu $${DIST} universe" ; \
 	    $(PBUILDER_BIN) update $${PBUILDER_OPTS} ; \
-	    $(PBUILDER_BIN) build $${PBUILDER_OPTS} deb-build/$${DIST}/$(NAME)_$(VERSION)-$(DEB_RELEASE)~$${DIST}.dsc ; \
+	    $(PBUILDER_BIN) build $${PBUILDER_OPTS} deb-build/$${DIST}/$(NAME)_$(DEB_VERSION)-$(DEB_RELEASE)~$${DIST}.dsc ; \
 	done
 	@echo "#############################################"
 	@echo "Ansible DEB artifacts:"
 	@for DIST in $(DEB_DIST) ; do \
-	    echo deb-build/$${DIST}/$(NAME)_$(VERSION)-$(DEB_RELEASE)~$${DIST}_amd64.changes ; \
+	    echo deb-build/$${DIST}/$(NAME)_$(DEB_VERSION)-$(DEB_RELEASE)~$${DIST}_amd64.changes ; \
 	done
 	@echo "#############################################"

@ -308,7 +346,7 @@ local_deb: debian
 	@echo "#############################################"
 	@echo "Ansible DEB artifacts:"
 	@for DIST in $(DEB_DIST) ; do \
-	    echo deb-build/$${DIST}/$(NAME)_$(VERSION)-$(DEB_RELEASE)~$${DIST}_amd64.changes ; \
+	    echo deb-build/$${DIST}/$(NAME)_$(DEB_VERSION)-$(DEB_RELEASE)~$${DIST}_amd64.changes ; \
 	done
 	@echo "#############################################"

@ -320,20 +358,20 @@ deb-src: debian
 	@echo "#############################################"
 	@echo "Ansible DEB artifacts:"
 	@for DIST in $(DEB_DIST) ; do \
-	    echo deb-build/$${DIST}/$(NAME)_$(VERSION)-$(DEB_RELEASE)~$${DIST}_source.changes ; \
+	    echo deb-build/$${DIST}/$(NAME)_$(DEB_VERSION)-$(DEB_RELEASE)~$${DIST}_source.changes ; \
 	done
 	@echo "#############################################"

 .PHONY: deb-upload
 deb-upload: deb
 	@for DIST in $(DEB_DIST) ; do \
-	    $(DPUT_BIN) $(DPUT_OPTS) $(DEB_PPA) deb-build/$${DIST}/$(NAME)_$(VERSION)-$(DEB_RELEASE)~$${DIST}_amd64.changes ; \
+	    $(DPUT_BIN) $(DPUT_OPTS) $(DEB_PPA) deb-build/$${DIST}/$(NAME)_$(DEB_VERSION)-$(DEB_RELEASE)~$${DIST}_amd64.changes ; \
 	done

 .PHONY: deb-src-upload
 deb-src-upload: deb-src
 	@for DIST in $(DEB_DIST) ; do \
-	    $(DPUT_BIN) $(DPUT_OPTS) $(DEB_PPA) deb-build/$${DIST}/$(NAME)_$(VERSION)-$(DEB_RELEASE)~$${DIST}_source.changes ; \
+	    $(DPUT_BIN) $(DPUT_OPTS) $(DEB_PPA) deb-build/$${DIST}/$(NAME)_$(DEB_VERSION)-$(DEB_RELEASE)~$${DIST}_source.changes ; \
 	done

 .PHONY: epub
--- a/README.md
+++ b/README.md
@ -1,56 +0,0 @@
-[![PyPI version](https://img.shields.io/pypi/v/ansible.svg)](https://pypi.python.org/pypi/ansible)
-[![Build Status](https://api.shippable.com/projects/573f79d02a8192902e20e34b/badge?branch=devel)](https://app.shippable.com/projects/573f79d02a8192902e20e34b)
-
-
-Ansible
-=======
-
-Ansible is a radically simple IT automation system.  It handles configuration-management, application deployment, cloud provisioning, ad-hoc task-execution, and multinode orchestration - including trivializing things like zero-downtime rolling updates with load balancers.
-
-Read the documentation and more at https://ansible.com/
-
-You can find installation instructions [here](https://docs.ansible.com/ansible/intro_installation.html) for a variety of platforms. Most users should probably install a released version of Ansible from `pip`, a package manager or our [release repository](https://releases.ansible.com/ansible/). [Officially supported](https://www.ansible.com/ansible-engine) builds of Ansible are also available. Some power users run directly from the development branch - while significant efforts are made to ensure that `devel` is reasonably stable, you're more likely to encounter breaking changes when running Ansible this way.
-
-Design Principles
-=================
-
-   * Have a dead simple setup process and a minimal learning curve
-   * Manage machines very quickly and in parallel
-   * Avoid custom-agents and additional open ports, be agentless by leveraging the existing SSH daemon
-   * Describe infrastructure in a language that is both machine and human friendly
-   * Focus on security and easy auditability/review/rewriting of content
-   * Manage new remote machines instantly, without bootstrapping any software
-   * Allow module development in any dynamic language, not just Python
-   * Be usable as non-root
-   * Be the easiest IT automation system to use, ever.
-
-Get Involved
-============
-
-   * Read [Community Information](https://docs.ansible.com/community.html) for all kinds of ways to contribute to and interact with the project, including mailing list information and how to submit bug reports and code to Ansible.
-   * All code submissions are done through pull requests.  Take care to make sure no merge commits are in the submission, and use `git rebase` vs `git merge` for this reason.  If submitting a large code change (other than modules), it's probably a good idea to join ansible-devel and talk about what you would like to do or add first and to avoid duplicate efforts.  This not only helps everyone know what's going on, it also helps save time and effort if we decide some changes are needed.
-   * Users list: [ansible-project](https://groups.google.com/group/ansible-project)
-   * Development list: [ansible-devel](https://groups.google.com/group/ansible-devel)
-   * Announcement list: [ansible-announce](https://groups.google.com/group/ansible-announce) - read only
-   * irc.freenode.net: #ansible
-
-Branch Info
-===========
-
-   * Releases are named after Led Zeppelin songs. (Releases prior to 2.0 were named after Van Halen songs.)
-   * The devel branch corresponds to the release actively under development.
-   * Various release-X.Y branches exist for previous releases.
-   * We'd love to have your contributions, read [Community Information](https://docs.ansible.com/community.html) for notes on how to get started.
-
-Authors
-=======
-
-Ansible was created by [Michael DeHaan](https://github.com/mpdehaan) (michael.dehaan/gmail/com) and has contributions from over 1000 users (and growing).  Thanks everyone!
-
-Ansible is sponsored by [Ansible, Inc](https://ansible.com)
-
-License
-=======
-GNU General Public License v3.0
-
-See [COPYING](COPYING) to see the full text.
--- a/README.rst
+++ b/README.rst
@ -0,0 +1,100 @@
+|PyPI version| |Docs badge| |Build Status|
+
+*******
+Ansible
+*******
+
+Ansible is a radically simple IT automation system. It handles
+configuration-management, application deployment, cloud provisioning,
+ad-hoc task-execution, and multinode orchestration -- including
+trivializing things like zero-downtime rolling updates with load
+balancers.
+
+Read the documentation and more at https://ansible.com/
+
+You can find installation instructions
+`here <https://docs.ansible.com/intro_getting_started.html>`_ for a
+variety of platforms.
+
+Most users should probably install a released version of Ansible from ``pip``, a package manager or
+our `release repository <https://releases.ansible.com/ansible/>`_. `Officially supported
+<https://www.ansible.com/ansible-engine>`_ builds of Ansible are also available. Some power users
+run directly from the development branch - while significant efforts are made to ensure that
+``devel`` is reasonably stable, you're more likely to encounter breaking changes when running
+Ansible this way.
+
+Design Principles
+=================
+
+*  Have a dead simple setup process and a minimal learning curve
+*  Manage machines very quickly and in parallel
+*  Avoid custom-agents and additional open ports, be agentless by
+   leveraging the existing SSH daemon
+*  Describe infrastructure in a language that is both machine and human
+   friendly
+*  Focus on security and easy auditability/review/rewriting of content
+*  Manage new remote machines instantly, without bootstrapping any
+   software
+*  Allow module development in any dynamic language, not just Python
+*  Be usable as non-root
+*  Be the easiest IT automation system to use, ever.
+
+Get Involved
+============
+
+*  Read `Community
+   Information <https://docs.ansible.com/community.html>`_ for all
+   kinds of ways to contribute to and interact with the project,
+   including mailing list information and how to submit bug reports and
+   code to Ansible.
+*  All code submissions are done through pull requests. Take care to
+   make sure no merge commits are in the submission, and use
+   ``git rebase`` vs ``git merge`` for this reason. If submitting a
+   large code change (other than modules), it's probably a good idea to
+   join ansible-devel and talk about what you would like to do or add
+   first to avoid duplicate efforts. This not only helps everyone
+   know what's going on, it also helps save time and effort if we decide
+   some changes are needed.
+*  Users list:
+   `ansible-project <https://groups.google.com/group/ansible-project>`_
+*  Development list:
+   `ansible-devel <https://groups.google.com/group/ansible-devel>`_
+*  Announcement list:
+   `ansible-announce <https://groups.google.com/group/ansible-announce>`_
+   -- read only
+*  irc.freenode.net: #ansible
+
+Branch Info
+===========
+
+*  Releases are named after Led Zeppelin songs. (Releases prior to 2.0
+   were named after Van Halen songs.)
+*  The devel branch corresponds to the release actively under
+   development.
+*  Various release-X.Y branches exist for previous releases.
+*  We'd love to have your contributions, read `Community
+   Information <https://docs.ansible.com/community.html>`_ for notes on
+   how to get started.
+
+Authors
+=======
+
+Ansible was created by `Michael DeHaan <https://github.com/mpdehaan>`_
+(michael.dehaan/gmail/com) and has contributions from over 1000 users
+(and growing). Thanks everyone!
+
+Ansible is sponsored by `Ansible, Inc <https://ansible.com>`_
+
+License
+=======
+
+GNU General Public License v3.0
+
+See `COPYING <COPYING>`_ to see the full text.
+
+.. |PyPI version| image:: https://img.shields.io/pypi/v/ansible.svg
+   :target: https://pypi.org/project/ansible
+.. |Docs badge| image:: https://img.shields.io/badge/docs-latest-brightgreen.svg
+   :target: http://docs.ansible.com/ansible
+.. |Build Status| image:: https://api.shippable.com/projects/573f79d02a8192902e20e34b/badge?branch=devel
+   :target: https://app.shippable.com/projects/573f79d02a8192902e20e34b
--- a/RELEASES.txt
+++ b/RELEASES.txt
@ -4,11 +4,15 @@ Ansible Releases at a Glance
 VERSION  RELEASE     CODE NAME
 ++++++++++++++++++++++++++++++

-2.5.0    TBD         "Kashmir"
+2.5.2    2018-04-26  "Kashmir"
+2.5.1    2018-04-18  "Kashmir"
+2.5.0    2018-03-22  "Kashmir"
+2.4.4    2018-04-04  "Dancing Days"
 2.4.3    01-31.2018  "Dancing Days"
 2.4.2    11-29-2017  "Dancing Days"
 2.4.1    10-25-2017  "Dancing Days"
 2.4.0    09-19-2017  "Dancing Days"
+2.3.3    12-20-2017  "Ramble On"
 2.3.2    2017-08-04  "Ramble On"
 2.3.1    2017-06-01  "Ramble On"
 2.3.0    2017-04-12  "Ramble On"
--- a/1
+++ b/1
@ -1 +0,0 @@
-2.5.0 0.0.devel
--- a/bin/ansible
+++ b/bin/ansible
@ -157,7 +157,7 @@ if __name__ == '__main__':
        display.display(u"the full traceback was:\n\n%s" % to_text(traceback.format_exc()), log_only=log_only)
        exit_code = 250
    finally:
-        # Remove ansible tempdir
+        # Remove ansible tmpdir
        shutil.rmtree(C.DEFAULT_LOCAL_TMP, True)

    sys.exit(exit_code)
--- a/bin/ansible-connection
+++ b/bin/ansible-connection
@ -20,6 +20,8 @@ import traceback
 import errno
 import json

+from contextlib import contextmanager
+
 from ansible import constants as C
 from ansible.module_utils._text import to_bytes, to_native, to_text
 from ansible.module_utils.six import PY3
@ -33,6 +35,21 @@ from ansible.utils.display import Display
 from ansible.utils.jsonrpc import JsonRpcServer


+@contextmanager
+def file_lock(lock_path):
+    """
+    Uses contextmanager to create and release a file lock based on the
+    given path. This allows us to create locks using `with file_lock()`
+    to prevent deadlocks related to failure to unlock properly.
+    """
+
+    lock_fd = os.open(lock_path, os.O_RDWR | os.O_CREAT, 0o600)
+    fcntl.lockf(lock_fd, fcntl.LOCK_EX)
+    yield
+    fcntl.lockf(lock_fd, fcntl.LOCK_UN)
+    os.close(lock_fd)
+
+
 class ConnectionProcess(object):
    '''
    The connection process wraps around a Connection object that manages
@ -70,6 +87,7 @@ class ConnectionProcess(object):
            self.connection._connect()
            self.connection._socket_path = self.socket_path
            self.srv.register(self.connection)
+            messages.extend(sys.stdout.getvalue().splitlines())
            messages.append('connection to remote device started successfully')

            self.sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
@ -189,6 +207,7 @@ def main():

        play_context = PlayContext()
        play_context.deserialize(pc_data)
+        display.verbosity = play_context.verbosity

    except Exception as e:
        rc = 1
@ -207,60 +226,54 @@ def main():
        tmp_path = unfrackpath(C.PERSISTENT_CONTROL_PATH_DIR)
        makedirs_safe(tmp_path)

-        lock_path = unfrackpath("%s/.ansible_pc_lock" % tmp_path)
+        lock_path = unfrackpath("%s/.ansible_pc_lock_%s" % (tmp_path, play_context.remote_addr))
        socket_path = unfrackpath(cp % dict(directory=tmp_path))

-        # if the socket file doesn't exist, spin up the daemon process
-        lock_fd = os.open(lock_path, os.O_RDWR | os.O_CREAT, 0o600)
-        fcntl.lockf(lock_fd, fcntl.LOCK_EX)
+        with file_lock(lock_path):
+            if not os.path.exists(socket_path):
+                messages.append('local domain socket does not exist, starting it')
+                original_path = os.getcwd()
+                r, w = os.pipe()
+                pid = fork_process()

-        if not os.path.exists(socket_path):
-            messages.append('local domain socket does not exist, starting it')
-            original_path = os.getcwd()
-            r, w = os.pipe()
-            pid = fork_process()
+                if pid == 0:
+                    try:
+                        os.close(r)
+                        wfd = os.fdopen(w, 'w')
+                        process = ConnectionProcess(wfd, play_context, socket_path, original_path, ansible_playbook_pid)
+                        process.start()
+                    except Exception:
+                        messages.append(traceback.format_exc())
+                        rc = 1

-            if pid == 0:
-                try:
-                    os.close(r)
-                    wfd = os.fdopen(w, 'w')
-                    process = ConnectionProcess(wfd, play_context, socket_path, original_path, ansible_playbook_pid)
-                    process.start()
-                except Exception:
-                    messages.append(traceback.format_exc())
-                    rc = 1
+                    if rc == 0:
+                        process.run()

-                fcntl.lockf(lock_fd, fcntl.LOCK_UN)
-                os.close(lock_fd)
+                    sys.exit(rc)

-                if rc == 0:
-                    process.run()
-
-                sys.exit(rc)
+                else:
+                    os.close(w)
+                    rfd = os.fdopen(r, 'r')
+                    data = json.loads(rfd.read())
+                    messages.extend(data.pop('messages'))
+                    result.update(data)

            else:
-                os.close(w)
-                rfd = os.fdopen(r, 'r')
-                data = json.loads(rfd.read())
-                messages.extend(data.pop('messages'))
-                result.update(data)
-
-        else:
-            messages.append('found existing local domain socket, using it!')
-            conn = Connection(socket_path)
-            pc_data = to_text(init_data)
-            try:
-                messages.extend(conn.update_play_context(pc_data))
-            except Exception as exc:
-                # Only network_cli has update_play context, so missing this is
-                # not fatal e.g. netconf
-                if isinstance(exc, ConnectionError) and getattr(exc, 'code', None) == -32601:
-                    pass
-                else:
-                    result.update({
-                        'error': to_text(exc),
-                        'exception': traceback.format_exc()
-                    })
+                messages.append('found existing local domain socket, using it!')
+                conn = Connection(socket_path)
+                pc_data = to_text(init_data)
+                try:
+                    messages.extend(conn.update_play_context(pc_data))
+                except Exception as exc:
+                    # Only network_cli has update_play context, so missing this is
+                    # not fatal e.g. netconf
+                    if isinstance(exc, ConnectionError) and getattr(exc, 'code', None) == -32601:
+                        pass
+                    else:
+                        result.update({
+                            'error': to_text(exc),
+                            'exception': traceback.format_exc()
+                        })

    messages.append(sys.stdout.getvalue())
    result.update({
@ -278,6 +291,7 @@ def main():

    sys.exit(rc)

+
 if __name__ == '__main__':
    display = Display()
    main()
--- a/bin/ansible-test
+++ b/bin/ansible-test
@ -0,0 +1,15 @@
+#!/usr/bin/env python
+# PYTHON_ARGCOMPLETE_OK
+"""Primary entry point for ansible-test."""
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+import os
+import sys
+
+if __name__ == '__main__':
+    sys.path.insert(0, os.path.abspath(os.path.join(os.path.dirname(os.path.dirname(__file__)), 'test', 'runner')))
+    import lib.cli
+    lib.cli.main()
--- a/changelogs/CHANGELOG-legacy.rst
+++ b/changelogs/CHANGELOG-legacy.rst
--- a/changelogs/CHANGELOG-v2.0.rst
+++ b/changelogs/CHANGELOG-v2.0.rst
@ -0,0 +1,588 @@
+=======================================================
+Ansible 2.0 "Over the Hills and Far Away" Release Notes
+=======================================================
+2.0.3 "Over the Hills and Far Away"
+-----------------------------------
+
+-  Backport fix to uri module to return the body of an error response
+-  Backport fix to uri module to handle file:/// uris.
+-  Backport fix to uri module to fix traceback when handling certain
+   server error types.
+
+2.0.2 "Over the Hills and Far Away"
+-----------------------------------
+
+-  Backport of the 2.1 feature to ensure per-item callbacks are sent as
+   they occur, rather than all at once at the end of the task.
+-  Fixed bugs related to the iteration of tasks when certain
+   combinations of roles, blocks, and includes were used, especially
+   when handling errors in rescue/always portions of blocks.
+-  Fixed handling of redirects in our helper code, and ported the uri
+   module to use this helper code. This removes the httplib dependency
+   for this module while fixing some bugs related to redirects and SSL
+   certs.
+-  Fixed some bugs related to the incorrect creation of extra temp
+   directories for uploading files, which were not cleaned up properly.
+-  Improved error reporting in certain situations, to provide more
+   information such as the playbook file/line.
+-  Fixed a bug related to the variable precedence of role parameters,
+   especially when a role may be used both as a dependency of a role and
+   directly by itself within the same play.
+-  Fixed some bugs in the 2.0 implementation of do/until.
+-  Fixed some bugs related to run\_once:
+-  Ensure that all hosts are marked as failed if a task marked as
+   run\_once fails.
+-  Show a warning when using the free strategy when a run\_once task is
+   encountered, as there is no way for the free strategy to guarantee
+   the task is not run more than once.
+-  Fixed a bug where the assemble module was not honoring check mode in
+   some situations.
+-  Fixed a bug related to delegate\_to, where we were incorrectly using
+   variables from the inventory host rather than the delegated-to host.
+-  The 'package' meta-module now properly squashes items down to a
+   single execution (as the apt/yum/other package modules do).
+-  Fixed a bug related to the ansible-galaxy CLI command dealing with
+   paged results from the Galaxy server.
+-  Pipelining support is now available for the local and jail connection
+   plugins, which is useful for users who do not wish to have temp
+   files/directories created when running tasks with these connection
+   types.
+-  Improvements in support for additional shell types.
+-  Improvements in the code which is used to calculate checksums for
+   remote files.
+-  Some speed ups and bug fixes related to the variable merging code.
+-  Workaround bug in python subprocess on El Capitan that was making
+   vault fail when attempting to encrypt a file
+-  Fix lxc\_container module having predictable temp file names and
+   setting file permissions on the temporary file too leniently on a
+   temporary file that was executed as a script. Addresses CVE-2016-3096
+-  Fix a bug in the uri module where setting headers via module params
+   that start with ``HEADER_`` were causing a traceback.
+-  Fix bug in the free strategy that was causing it to synchronize its
+   workers after every task (making it a lot more like linear than it
+   should have been).
+
+2.0.1 "Over the Hills and Far Away"
+-----------------------------------
+
+-  Fixes a major compatibility break in the synchronize module shipped
+   with 2.0.0.x. That version of synchronize ran sudo on the controller
+   prior to running rsync. In 1.9.x and previous, sudo was run on the
+   host that rsync connected to. 2.0.1 restores the 1.9.x behaviour.
+-  Additionally, several other problems with where synchronize chose to
+   run when combined with delegate\_to were fixed. In particular, if a
+   playbook targetted localhost and then delegated\_to a remote host the
+   prior behavior (in 1.9.x and 2.0.0.x) was to copy files between the
+   src and destination directories on the delegated host. This has now
+   been fixed to copy between localhost and the delegated host.
+-  Fix a regression where synchronize was unable to deal with unicode
+   paths.
+-  Fix a regression where synchronize deals with inventory hosts that
+   use localhost but with an alternate port.
+-  Fixes a regression where the retry files feature was not implemented.
+-  Fixes a regression where the any\_errors\_fatal option was
+   implemented in 2.0 incorrectly, and also adds a feature where
+   any\_errors\_fatal can be set at the block level.
+-  Fix tracebacks when playbooks or ansible itself were located in
+   directories with unicode characters.
+-  Fix bug when sending unicode characters to an external pager for
+   display.
+-  Fix a bug with squashing loops for special modules (mostly package
+   managers). The optimization was squashing when the loop did not apply
+   to the selection of packages. This has now been fixed.
+-  Temp files created when using vault are now "shredded" using the unix
+   shred program which overwrites the file with random data.
+-  Some fixes to cloudstack modules for case sensitivity
+-  Fix non-newstyle modules (non-python modules and old-style modules)
+   to disabled pipelining.
+-  Fix fetch module failing even if fail\_on\_missing is set to False
+-  Fix for cornercase when local connections, sudo, and raw were used
+   together.
+-  Fix dnf module to remove dependent packages when state=absent is
+   specified. This was a feature of the 1.9.x version that was left out
+   by mistake when the module was rewritten for 2.0.
+-  Fix bugs with non-english locales in yum, git, and apt modules
+-  Fix a bug with the dnf module where state=latest could only upgrade,
+   not install.
+-  Fix to make implicit fact gathering task correctly inherit settings
+   from play, this might cause an error if settings environment on play
+   depending on 'ansible\_env' which was previously ignored
+
+2.0 "Over the Hills and Far Away" - Jan 12, 2016
+------------------------------------------------
+
+Major Changes:
+~~~~~~~~~~~~~~
+
+-  Releases are now named after Led Zeppelin songs, 1.9 will be the last
+   Van Halen named release.
+-  The new block/rescue/always directives allow for making task blocks
+   and exception-like semantics
+-  New strategy plugins (e.g. ``free``) allow control over the flow of
+   task execution per play. The default (``linear``) will be the same as
+   before.
+-  Improved error handling, with more detailed parser messages. General
+   exception handling and display has been revamped.
+-  Task includes are now evaluated during execution, allowing more
+   dynamic includes and options. Play includes are unchanged both still
+   use the ``include`` directive.
+-  "with\_" loops can now be used with task includes since they are
+   dynamic.
+-  Callback, connection, cache and lookup plugin APIs have changed.
+   Existing plugins might require modification to work with the new
+   versions.
+-  Callbacks are now shipped in the active directory and don't need to
+   be copied, just whitelisted in ansible.cfg.
+-  Many API changes. Those integrating directly with Ansible's API will
+   encounter breaking changes, but the new API is much easier to use and
+   test.
+-  Settings are now more inheritable; what you set at play, block or
+   role will be automatically inherited by the contained tasks. This
+   allows for new features to automatically be settable at all levels,
+   previously we had to manually code this.
+-  Vars are now settable at play, block, role and task level with the
+   ``vars`` directive and scoped to the tasks contained.
+-  Template code now retains types for bools and numbers instead of
+   turning them into strings. If you need the old behaviour, quote the
+   value and it will get passed around as a string
+-  Empty variables and variables set to null in yaml will no longer be
+   converted to empty strings. They will retain the value of ``None``.
+   To go back to the old behaviour, you can override the
+   ``null_representation`` setting to an empty string in your config
+   file or by setting the ``ANSIBLE_NULL_REPRESENTATION`` environment
+   variable.
+-  Added ``meta: refresh_inventory`` to force rereading the inventory in
+   a play. This re-executes inventory scripts, but does not force them
+   to ignore any cache they might use.
+-  New delegate\_facts directive, a boolean that allows you to apply
+   facts to the delegated host (true/yes) instead of the
+   inventory\_hostname (no/false) which is the default and previous
+   behaviour.
+-  local connections now work with 'su' as a privilege escalation method
+-  Ansible 2.0 has deprecated the "ssh" from ansible\_ssh\_user,
+   ansible\_ssh\_host, and ansible\_ssh\_port to become ansible\_user,
+   ansible\_host, and ansible\_port.
+-  New ssh configuration variables (``ansible_ssh_common_args``,
+   ``ansible_ssh_extra_args``) can be used to configure a per-group or
+   per-host ssh ProxyCommand or set any other ssh options.
+   ``ansible_ssh_extra_args`` is used to set options that are accepted
+   only by ssh (not sftp or scp, which have their own analogous
+   settings).
+-  ansible-pull can now verify the code it runs when using git as a
+   source repository, using git's code signing and verification
+   features.
+-  Backslashes used when specifying parameters in jinja2 expressions in
+   YAML dicts sometimes needed to be escaped twice. This has been fixed
+   so that escaping once works. Here's an example of how playbooks need
+   to be modified:
+
+   .. code:: yaml
+
+       # Syntax in 1.9.x
+       - debug:
+           msg: "{{ 'test1_junk 1\\\\3' | regex_replace('(.*)_junk (.*)', '\\\\1 \\\\2') }}"
+       # Syntax in 2.0.x
+       - debug:
+           msg: "{{ 'test1_junk 1\\3' | regex_replace('(.*)_junk (.*)', '\\1 \\2') }}"
+
+       # Output:
+       "msg": "test1 1\\3"
+
+-  When a string with a trailing newline was specified in the playbook
+   via yaml dict format, the trailing newline was stripped. When
+   specified in key=value format the trailing newlines were kept. In v2,
+   both methods of specifying the string will keep the trailing
+   newlines. If you relied on the trailing newline being stripped you
+   can change your playbook like this:
+
+   .. code:: yaml
+
+       # Syntax in 1.9.2
+       vars:
+         message: >
+           Testing
+           some things
+       tasks:
+       - debug:
+           msg: "{{ message }}"
+
+       # Syntax in 2.0.x
+       vars:
+         old_message: >
+           Testing
+           some things
+         message: "{{ old_messsage[:-1] }}"
+       - debug:
+           msg: "{{ message }}"
+       # Output
+       "msg": "Testing some things"
+
+-  In 1.9.x, newlines in templates were converted to Unix EOL
+   conventions. If someone wanted a templated file to end up with
+   Windows or Mac EOL conventions, this could cause problems for them.
+   In 2.x newlines now remain as specified in the template file.
+
+-  When specifying complex args as a variable, the variable must use the
+   full jinja2 variable syntax ('{{var\_name}}') - bare variable names
+   there are no longer accepted. In fact, even specifying args with
+   variables has been deprecated, and will not be allowed in future
+   versions:
+
+   .. code:: yaml
+
+       ---
+       - hosts: localhost
+         connection: local
+         gather_facts: false
+         vars:
+           my_dirs:
+             - { path: /tmp/3a, state: directory, mode: 0755 }
+             - { path: /tmp/3b, state: directory, mode: 0700 }
+         tasks:
+           - file:
+             args: "{{item}}"
+             with_items: my_dirs
+
+-  The bigip\* networking modules have a new parameter, validate\_certs.
+   When True (the default) the module will validate any hosts it
+   connects to against the TLS certificates it presents when run on new
+   enough python versions. If the python version is too old to validate
+   certificates or you used certificates that cannot be validated
+   against available CAs you will need to add validate\_certs=no to your
+   playbook for those tasks.
+
+Plugins
+~~~~~~~
+
+-  Rewritten dnf module that should be faster and less prone to
+   encountering bugs in cornercases
+-  WinRM connection plugin passes all vars named ``ansible_winrm_*`` to
+   the underlying pywinrm client. This allows, for instance,
+   ``ansible_winrm_server_cert_validation=ignore`` to be used with newer
+   versions of pywinrm to disable certificate validation on Python
+   2.7.9+.
+-  WinRM connection plugin put\_file is significantly faster and no
+   longer has file size limitations.
+
+Deprecated Modules (new ones in parens):
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+-  ec2\_ami\_search (ec2\_ami\_find)
+-  quantum\_network (os\_network)
+-  glance\_image
+-  nova\_compute (os\_server)
+-  quantum\_floating\_ip (os\_floating\_ip)
+-  quantum\_router (os\_router)
+-  quantum\_router\_gateway (os\_router)
+-  quantum\_router\_interface (os\_router)
+
+New Modules:
+^^^^^^^^^^^^
+
+-  amazon: ec2\_ami\_copy
+-  amazon: ec2\_ami\_find
+-  amazon: ec2\_elb\_facts
+-  amazon: ec2\_eni
+-  amazon: ec2\_eni\_facts
+-  amazon: ec2\_remote\_facts
+-  amazon: ec2\_vpc\_igw
+-  amazon: ec2\_vpc\_net
+-  amazon: ec2\_vpc\_net\_facts
+-  amazon: ec2\_vpc\_route\_table
+-  amazon: ec2\_vpc\_route\_table\_facts
+-  amazon: ec2\_vpc\_subnet
+-  amazon: ec2\_vpc\_subnet\_facts
+-  amazon: ec2\_win\_password
+-  amazon: ecs\_cluster
+-  amazon: ecs\_task
+-  amazon: ecs\_taskdefinition
+-  amazon: elasticache\_subnet\_group\_facts
+-  amazon: iam
+-  amazon: iam\_cert
+-  amazon: iam\_policy
+-  amazon: route53\_facts
+-  amazon: route53\_health\_check
+-  amazon: route53\_zone
+-  amazon: sts\_assume\_role
+-  amazon: s3\_bucket
+-  amazon: s3\_lifecycle
+-  amazon: s3\_logging
+-  amazon: sqs\_queue
+-  amazon: sns\_topic
+-  amazon: sts\_assume\_role
+-  apk
+-  bigip\_gtm\_wide\_ip
+-  bundler
+-  centurylink: clc\_aa\_policy
+-  centurylink: clc\_alert\_policy
+-  centurylink: clc\_blueprint\_package
+-  centurylink: clc\_firewall\_policy
+-  centurylink: clc\_group
+-  centurylink: clc\_loadbalancer
+-  centurylink: clc\_modify\_server
+-  centurylink: clc\_publicip
+-  centurylink: clc\_server
+-  centurylink: clc\_server\_snapshot
+-  circonus\_annotation
+-  consul
+-  consul\_acl
+-  consul\_kv
+-  consul\_session
+-  cloudtrail
+-  cloudstack: cs\_account
+-  cloudstack: cs\_affinitygroup
+-  cloudstack: cs\_domain
+-  cloudstack: cs\_facts
+-  cloudstack: cs\_firewall
+-  cloudstack: cs\_iso
+-  cloudstack: cs\_instance
+-  cloudstack: cs\_instancegroup
+-  cloudstack: cs\_ip\_address
+-  cloudstack: cs\_loadbalancer\_rule
+-  cloudstack: cs\_loadbalancer\_rule\_member
+-  cloudstack: cs\_network
+-  cloudstack: cs\_portforward
+-  cloudstack: cs\_project
+-  cloudstack: cs\_sshkeypair
+-  cloudstack: cs\_securitygroup
+-  cloudstack: cs\_securitygroup\_rule
+-  cloudstack: cs\_staticnat
+-  cloudstack: cs\_template
+-  cloudstack: cs\_user
+-  cloudstack: cs\_vmsnapshot
+-  cronvar
+-  datadog\_monitor
+-  deploy\_helper
+-  docker: docker\_login
+-  dpkg\_selections
+-  elasticsearch\_plugin
+-  expect
+-  find
+-  google: gce\_tag
+-  hall
+-  ipify\_facts
+-  iptables
+-  libvirt: virt\_net
+-  libvirt: virt\_pool
+-  maven\_artifact
+-  openstack: os\_auth
+-  openstack: os\_client\_config
+-  openstack: os\_image
+-  openstack: os\_image\_facts
+-  openstack: os\_floating\_ip
+-  openstack: os\_ironic
+-  openstack: os\_ironic\_node
+-  openstack: os\_keypair
+-  openstack: os\_network
+-  openstack: os\_network\_facts
+-  openstack: os\_nova\_flavor
+-  openstack: os\_object
+-  openstack: os\_port
+-  openstack: os\_project
+-  openstack: os\_router
+-  openstack: os\_security\_group
+-  openstack: os\_security\_group\_rule
+-  openstack: os\_server
+-  openstack: os\_server\_actions
+-  openstack: os\_server\_facts
+-  openstack: os\_server\_volume
+-  openstack: os\_subnet
+-  openstack: os\_subnet\_facts
+-  openstack: os\_user
+-  openstack: os\_user\_group
+-  openstack: os\_volume
+-  openvswitch\_db.
+-  osx\_defaults
+-  pagerduty\_alert
+-  pam\_limits
+-  pear
+-  profitbricks: profitbricks
+-  profitbricks: profitbricks\_datacenter
+-  profitbricks: profitbricks\_nic
+-  profitbricks: profitbricks\_volume
+-  profitbricks: profitbricks\_volume\_attachments
+-  profitbricks: profitbricks\_snapshot
+-  proxmox: proxmox
+-  proxmox: proxmox\_template
+-  puppet
+-  pushover
+-  pushbullet
+-  rax: rax\_clb\_ssl
+-  rax: rax\_mon\_alarm
+-  rax: rax\_mon\_check
+-  rax: rax\_mon\_entity
+-  rax: rax\_mon\_notification
+-  rax: rax\_mon\_notification\_plan
+-  rabbitmq\_binding
+-  rabbitmq\_exchange
+-  rabbitmq\_queue
+-  selinux\_permissive
+-  sendgrid
+-  sensu\_check
+-  sensu\_subscription
+-  seport
+-  slackpkg
+-  solaris\_zone
+-  taiga\_issue
+-  vertica\_configuration
+-  vertica\_facts
+-  vertica\_role
+-  vertica\_schema
+-  vertica\_user
+-  vmware: vca\_fw
+-  vmware: vca\_nat
+-  vmware: vmware\_cluster
+-  vmware: vmware\_datacenter
+-  vmware: vmware\_dns\_config
+-  vmware: vmware\_dvs\_host
+-  vmware: vmware\_dvs\_portgroup
+-  vmware: vmware\_dvswitch
+-  vmware: vmware\_host
+-  vmware: vmware\_migrate\_vmk
+-  vmware: vmware\_portgroup
+-  vmware: vmware\_target\_canonical\_facts
+-  vmware: vmware\_vm\_facts
+-  vmware: vmware\_vm\_vss\_dvs\_migrate
+-  vmware: vmware\_vmkernel
+-  vmware: vmware\_vmkernel\_ip\_config
+-  vmware: vmware\_vsan\_cluster
+-  vmware: vmware\_vswitch
+-  vmware: vsphere\_copy
+-  webfaction\_app
+-  webfaction\_db
+-  webfaction\_domain
+-  webfaction\_mailbox
+-  webfaction\_site
+-  win\_acl
+-  win\_dotnet\_ngen
+-  win\_environment
+-  win\_firewall\_rule
+-  win\_iis\_virtualdirectory
+-  win\_iis\_webapplication
+-  win\_iis\_webapppool
+-  win\_iis\_webbinding
+-  win\_iis\_website
+-  win\_lineinfile
+-  win\_nssm
+-  win\_package
+-  win\_regedit
+-  win\_scheduled\_task
+-  win\_unzip
+-  win\_updates
+-  win\_webpicmd
+-  xenserver\_facts
+-  zabbix\_host
+-  zabbix\_hostmacro
+-  zabbix\_screen
+-  znode
+
+New Inventory scripts:
+^^^^^^^^^^^^^^^^^^^^^^
+
+-  cloudstack
+-  fleetctl
+-  openvz
+-  nagios\_ndo
+-  nsot
+-  proxmox
+-  rudder
+-  serf
+
+New Lookups:
+^^^^^^^^^^^^
+
+-  credstash
+-  hashi\_vault
+-  ini
+-  shelvefile
+
+New Filters:
+^^^^^^^^^^^^
+
+-  combine
+
+New Connection:
+^^^^^^^^^^^^^^^
+
+-  docker: for talking to docker containers on the ansible controller
+   machine without using ssh.
+
+New Callbacks:
+^^^^^^^^^^^^^^
+
+-  logentries: plugin to send play data to logentries service
+-  skippy: same as default but does not display skip messages
+
+Minor changes:
+~~~~~~~~~~~~~~
+
+-  Many more tests. The new API makes things more testable and we took
+   advantage of it.
+-  big\_ip modules now support turning off ssl certificate validation
+   (use only for self-signed certificates).
+-  Consolidated code from modules using urllib2 to normalize features,
+   TLS and SNI support.
+-  synchronize module's dest\_port parameter now takes precedence over
+   the ansible\_ssh\_port inventory setting.
+-  Play output is now dynamically sized to terminal with a minimum of 80
+   coluumns (old default).
+-  vars\_prompt and pause are now skipped with a warning if the play is
+   called noninteractively (i.e. pull from cron).
+-  Support for OpenBSD's 'doas' privilege escalation method.
+-  Most vault operations can now be done over multilple files.
+-  ansible-vault encrypt/decrypt read from stdin if no other input file
+   is given, and can write to a given ``--output file`` (including
+   stdout, '-'). This lets you avoid ever writing sensitive plaintext to
+   disk.
+-  ansible-vault rekey accepts the --new-vault-password-file option.
+-  ansible-vault now preserves file permissions on edit and rekey and
+   defaults to restrictive permissions for other options.
+-  Configuration items defined as paths (local only) now all support
+   shell style interpolations.
+-  Many fixes and new options added to modules, too many to list here.
+-  Now you can see task file and line number when using verbosity of 3
+   or above.
+-  The ``[x-y]`` host range syntax is no longer supported. Note that
+   ``[0:1]`` matches two hosts, i.e. the range is inclusive of its
+   endpoints.
+-  We now recommend the use of ``pattern1,pattern2`` to combine host
+   matching patterns.
+-  The use of ':' as a separator conflicts with IPv6 addresses and host
+   ranges. It will be deprecated in the future.
+-  The undocumented use of ';' as a separator is now deprecated.
+-  modules and callbacks have been extended to support no\_log to avoid
+   data disclosure.
+-  new managed\_syslog option has been added to control output to syslog
+   on managed machines, no\_log supersedes this settings.
+-  Lookup, vars and action plugin pathing has been normalized, all now
+   follow the same sequence to find relative files.
+-  We do not ignore the explicitly set login user for ssh when it
+   matches the 'current user' anymore, this allows overriding
+   .ssh/config when it is set explicitly. Leaving it unset will still
+   use the same user and respect .ssh/config. This also means
+   ansible\_ssh\_user can now return a None value.
+-  environment variables passed to remote shells now default to
+   'controller' settings, with fallback to en\_US.UTF8 which was the
+   previous default.
+-  add\_hosts is much stricter about host name and will prevent invalid
+   names from being added.
+-  ansible-pull now defaults to doing shallow checkouts with git, use
+   ``--full`` to return to previous behaviour.
+-  random cows are more random
+-  when: now gets the registered var after the first iteration, making
+   it possible to break out of item loops
+-  Handling of undefined variables has changed. In most places they will
+   now raise an error instead of silently injecting an empty string. Use
+   the default filter if you want to approximate the old behaviour:
+
+   ::
+
+       - debug: msg="The error message was: {{error_code |default('') }}"
+
+-  The yum module's detection of installed packages has been made more
+   robust by using /usr/bin/rpm in cases where it woud have used
+   repoquery before.
+-  The pip module now properly reports changes when packages are coming
+   from a VCS.
+-  Fixes for retrieving files over https when a CONNECT-only proxy is in
+   the middle.
--- a/changelogs/CHANGELOG-v2.1.rst
+++ b/changelogs/CHANGELOG-v2.1.rst
@ -0,0 +1,394 @@
+=====================================================
+Ansible 2.1 "The Song Remains the Same" Release Notes
+=====================================================
+2.1.6 "The Song Remains the Same" - 06-01-2017
+----------------------------------------------
+
+-  Security fix for CVE-2017-7481 - data for lookup plugins used as
+   variables was not being correctly marked as "unsafe".
+
+2.1.5 "The Song Remains the Same" - 03-27-2017
+----------------------------------------------
+
+-  Security continued fix for CVE-2016-9587 - Handle some additional
+   corner cases in the way conditionals are parsed and evaluated.
+
+2.1.4 "The Song Remains the Same" - 2017-01-16
+----------------------------------------------
+
+-  Security fix for CVE-2016-9587 - An attacker with control over a
+   client system being managed by Ansible and the ability to send facts
+   back to the Ansible server could use this flaw to execute arbitrary
+   code on the Ansible server as the user and group Ansible is running
+   as.
+-  Fixed a bug with conditionals in loops, where undefined variables and
+   other errors will defer raising the error until the conditional has
+   been evaluated.
+-  Added a version check for jinja2-2.9, which does not fully work with
+   Ansible currently.
+
+2.1.3 "The Song Remains the Same" - 2016-11-04
+----------------------------------------------
+
+-  Security fix for CVE-2016-8628 - Command injection by compromised
+   server via fact variables. In some situations, facts returned by
+   modules could overwrite connection-based facts or some other special
+   variables, leading to injected commands running on the Ansible
+   controller as the user running Ansible (or via escalated
+   permissions).
+-  Security fix for CVE-2016-8614 - apt\_key module not properly
+   validating keys in some situations.
+
+Minor Changes:
+~~~~~~~~~~~~~~
+
+-  The subversion module from core now marks its password parameter as
+   no\_log so the password is obscured when logging.
+-  The postgresql\_lang and postgresql\_ext modules from extras now mark
+   login\_password as no\_log so the password is obscured when logging.
+-  Fixed several bugs related to locating files relative to
+   role/playbook directories.
+-  Fixed a bug in the way hosts were tested for failed states, resulting
+   in incorrectly skipped block sessions.
+-  Fixed a bug in the way our custom JSON encoder is used for the
+   ``to_json*`` filters.
+-  Fixed some bugs related to the use of non-ascii characters in become
+   passwords.
+-  Fixed a bug with Azure modules which may be using the latest rc6
+   library.
+-  Backported some docker\_common fixes.
+
+2.1.2 "The Song Remains the Same" - 2016-09-29
+----------------------------------------------
+
+Minor Changes
+~~~~~~~~~~~~~
+
+-  Fixed a bug related to creation of retry files (#17456)
+-  Fixed a bug in the way include params are used when an include task
+   is dynamic (#17064)
+-  Fixed a bug related to including blocks in an include task (#15963)
+-  Fixed a bug related to the use of hostvars internally when creating
+   the connection plugin. This prevents things like variables using
+   lookups from being evaluated unnecessarily (#17024)
+-  Fixed a bug where using a variable containing a list for the
+   ``hosts`` of a play resulted in an list of lists (#16583)
+-  Fixed a bug where integer values would cause an error if a module
+   param was of type ``float`` (no issue)
+-  Fixed a bug with net\_template failing if src was not specified
+   (#17726)
+-  Fixed a bug in "ansible-galaxy import" (#17417)
+-  Fixed a bug in which INI files incorrectly treated a hosts range as a
+   section header (#15331)
+-  Fixed a bug in which the max\_fail\_percentage calculation
+   erroneously caused a series of plays to stop executing (#15954)
+-  Fixed a bug in which the task names were not properly templated
+   (#16295)
+-  Fixed a bug causing "squashed" loops (ie. yum, apt) to incorrectly
+   report results (ansible-modules-core#4214)
+-  Fixed several bugs related to includes:
+-  when including statically, make sure that all parents were also
+   included statically (issue #16990)
+-  properly resolve nested static include paths
+-  print a message when a file is statically included
+-  Fixed a bug in which module params expected to be float types were
+   not converted from integers (only strings) (#17325)
+-  Fixed a bug introduced by static includes in 2.1, which prevented
+   notifications from going to the "top level" handler name.
+-  Fixed a bug where a group\_vars or host\_vars directory in the
+   current working directory would be used (and would take precedence)
+   over those in the inventory and/or playbook directory.
+-  Fixed a bug which could occur when the result of an async task did
+   not parse as valid JSON.
+-  (re)-allowed the use of ansible\_python\_interpreter lines with more
+   than one argument.
+-  Fixed several bugs related to the creation of the implicit localhost
+   in inventory.
+-  Fixed a bug related to an unspecified number of retries when using
+   until.
+-  Fixed a race-condition bug when creating temp directories before the
+   worker process is forked.
+-  Fix a bug with async's poll keyword not making use of
+   ansible\_python\_interpreter to run (and thus breaking when
+   /usr/bin/python is not present on the remote machine.)
+-  Fix a bug where hosts that started with a range in inventory were
+   being treated as an invalid section header.
+
+Module fixes: \* Fixed a bug where the temporary CA files created by the
+module helper code were not being deleted properly in some situations
+(#17073) \* Fixed many bugs in the unarchive module \* Fixes for module
+ec2: - Fixed a bug related to source\_dest\_check when used with non-vpc
+instances (core#3243) - Fixed a bug in ec2 where instances were not
+powering of when referenced via tags only (core#4765) - Fixed a bug
+where instances with multiple interfaces were not powering up/down
+correctly (core#3234) \* Fixes for module get\_url: - Fixed a bug in
+get\_url module to force a download if there is a checksum mismatch
+regardless of the last modified time (core#4262) - Fixed a bug in
+get\_url module to properly process FTP results (core#3661 and
+core#4601) \* Fixed a bug in win\_user related to users with disabled
+accounts/expired passwords (core#4369) \* ini\_file: - Fixed a bug where
+option lines are now inserted before blank lines. - Fixed a bug where
+leading whitespace prevented matches on options. \* Fixed a bug in
+iam\_cert when dup\_ok is used as a string. \* Fixed a bug in
+postgresql\_db related to the changed logic when state=absent. \* Fixed
+a bug where single\_transaction and quick were not passed into db\_dump
+for the mysql\_db module. \* Fixed a bug where the fetch module was not
+idempotent when retrieving the target of a symlink. \* Many minor fixes
+for bugs in extras modules.
+
+Deprecations
+~~~~~~~~~~~~
+
+-  Deprecated the use of ``_fixup_perms``. Use ``_fixup_perms2``
+   instead. This change only impacts custom action plugins using
+   ``_fixup_perms``.
+
+Incompatible Changes
+~~~~~~~~~~~~~~~~~~~~
+
+-  Use of ``_fixup_perms`` with ``recursive=True`` (the default) is no
+   longer supported. Custom action plugins using ``_fixup_perms`` will
+   require changes unless they already use ``recursive=False``. Use
+   ``_fixup_perms2`` if support for previous releases is not required.
+   Otherwise use ``_fixup_perms`` with ``recursive=False``.
+
+2.1 "The Song Remains the Same"
+-------------------------------
+
+Major Changes:
+~~~~~~~~~~~~~~
+
+-  Official support for the networking modules, originally available in
+   2.0 as a tech preview.
+-  Refactored and expanded support for Docker with new modules and many
+   improvements to existing modules, as well as a new Kubernetes module.
+-  Added new modules for Azure (see below for the full list)
+-  Added the ability to specify includes as "static" (either through a
+   configuration option or on a per-include basis). When includes are
+   static, they are loaded at compile time and cannot contain dynamic
+   features like loops.
+-  Added a new strategy ``debug``, which allows per-task debugging of
+   playbooks, for more details see
+   https://docs.ansible.com/ansible/playbooks\_debugger.html
+-  Added a new option for tasks: ``loop_control``. This currently only
+   supports one option - ``loop_var``, which allows a different loop
+   variable from ``item`` to be used.
+-  Added the ability to filter facts returned by the fact gathering
+   setup step using the ``gather_subset`` option on the play or in the
+   ansible.cfg configuration file. See
+   http://docs.ansible.com/ansible/intro\_configuration.html#gathering
+   for details on the format of the option.
+-  Added the ability to send per-item callbacks, rather than a batch
+   update (this more closely resembles the behavior of Ansible 1.x).
+-  Added facility for modules to send back 'diff' for display when
+   ansible is called with --diff, updated several modules to return this
+   info
+-  Added ansible-console tool, a REPL shell that allows running adhoc
+   tasks against a chosen inventory (based on
+   https://github.com/dominis/ansible-shell)
+-  Added two new variables, which are set when the ``rescue`` portion of
+   a ``block`` is started:
+-  ``ansible_failed_task``, which contains the serialized version of the
+   failed task.
+-  ``ansible_failed_result``, which contains the result of the failed
+   task.
+-  New meta action, ``meta: clear_host_errors`` which will clear any
+   hosts which were marked as failed (but not unreachable hosts).
+-  New meta action, ``meta: clear_facts`` which will remove existing
+   facts for the current host from current memory and facts cache.
+-  copy module can now transparently use a vaulted file as source, if
+   vault passwords were provided it will decrypt and copy on the fly.
+-  The way new-style python modules (which include all of the
+   non-windows modules shipped with Ansible) are assembled before
+   execution on the remote machine has been changed. The new way stays
+   closer to how python imports modules which will make it easier to
+   write modules which rely heavily on shared code.
+-  Reduce the situations in which a module can end up as world readable.
+   For details, see:
+   https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user
+-  Re-implemented the retry file feature, which had been left out of 2.0
+   (fix was backported to 2.0.1 originally).
+-  Improved winrm argument validation and feature sniffing (for upcoming
+   pywinrm NTLM support).
+-  Improved winrm error handling: basic parsing of stderr from CLIXML
+   stream.
+
+New Modules
+^^^^^^^^^^^
+
+-  aws
+-  ec2\_vol\_facts
+-  ec2\_vpc\_dhcp\_options
+-  ec2\_vpc\_net\_facts
+-  ec2\_snapshot\_facts
+-  azure:
+-  azure\_rm\_deployment
+-  azure\_rm\_networkinterface
+-  azure\_rm\_networkinterface\_facts (TECH PREVIEW)
+-  azure\_rm\_publicipaddress
+-  azure\_rm\_publicipaddress\_facts (TECH PREVIEW)
+-  azure\_rm\_resourcegroup
+-  azure\_rm\_resourcegroup\_facts (TECH PREVIEW)
+-  azure\_rm\_securitygroup
+-  azure\_rm\_securitygroup\_facts (TECH PREVIEW)
+-  azure\_rm\_storageaccount
+-  azure\_rm\_storageaccount\_facts (TECH PREVIEW)
+-  azure\_rm\_storageblob
+-  azure\_rm\_subnet
+-  azure\_rm\_virtualmachine
+-  azure\_rm\_virtualmachineimage\_facts (TECH PREVIEW)
+-  azure\_rm\_virtualnetwork
+-  azure\_rm\_virtualnetwork\_facts (TECH PREVIEW)
+-  cloudflare\_dns
+-  cloudstack
+-  cs\_cluster
+-  cs\_configuration
+-  cs\_instance\_facts
+-  cs\_pod
+-  cs\_resourcelimit
+-  cs\_volume
+-  cs\_zone
+-  cs\_zone\_facts
+-  clustering
+-  kubernetes
+-  cumulus
+-  cl\_bond
+-  cl\_bridge
+-  cl\_img\_install
+-  cl\_interface
+-  cl\_interface\_policy
+-  cl\_license
+-  cl\_ports
+-  eos
+-  eos\_command
+-  eos\_config
+-  eos\_eapi
+-  eos\_template
+-  gitlab
+-  gitlab\_group
+-  gitlab\_project
+-  gitlab\_user
+-  ios
+-  ios\_command
+-  ios\_config
+-  ios\_template
+-  iosxr
+-  iosxr\_command
+-  iosxr\_config
+-  iosxr\_template
+-  junos
+-  junos\_command
+-  junos\_config
+-  junos\_facts
+-  junos\_netconf
+-  junos\_package
+-  junos\_template
+-  make
+-  mongodb\_parameter
+-  nxos
+-  nxos\_command
+-  nxos\_config
+-  nxos\_facts
+-  nxos\_feature
+-  nxos\_interface
+-  nxos\_ip\_interface
+-  nxos\_nxapi
+-  nxos\_ping
+-  nxos\_switchport
+-  nxos\_template
+-  nxos\_vlan
+-  nxos\_vrf
+-  nxos\_vrf\_interface
+-  nxos\_vrrp
+-  openstack
+-  os\_flavor\_facts
+-  os\_group
+-  os\_ironic\_inspect
+-  os\_keystone\_domain\_facts
+-  os\_keystone\_role
+-  os\_port\_facts
+-  os\_project\_facts
+-  os\_user\_facts
+-  os\_user\_role
+-  openswitch
+-  ops\_command
+-  ops\_config
+-  ops\_facts
+-  ops\_template
+-  softlayer
+-  sl\_vm
+-  vmware
+-  vmware\_maintenancemode
+-  vmware\_vm\_shell
+-  windows
+-  win\_acl\_inheritance
+-  win\_owner
+-  win\_reboot
+-  win\_regmerge
+-  win\_timezone
+-  yum\_repository
+
+New Strategies
+^^^^^^^^^^^^^^
+
+-  debug
+
+New Filters
+^^^^^^^^^^^
+
+-  extract
+-  ip4\_hex
+-  regex\_search
+-  regex\_findall
+
+New Callbacks
+^^^^^^^^^^^^^
+
+-  actionable (only shows changed and failed)
+-  slack
+-  json
+
+New Tests
+^^^^^^^^^
+
+-  issubset
+-  issuperset
+
+New Inventory scripts:
+^^^^^^^^^^^^^^^^^^^^^^
+
+-  brook
+-  rackhd
+-  azure\_rm
+
+Minor Changes:
+~~~~~~~~~~~~~~
+
+-  Added support for pipelining mode to more connection plugins, which
+   helps prevent module data from being written to disk.
+-  Added a new '!unsafe' YAML decorator, which can be used in playbooks
+   to ensure a string is not templated. For example:
+   ``foo: !unsafe "Don't template {{me}}"``.
+-  Callbacks now have access to the options with which the CLI was
+   called
+-  Debug now has verbosity option to control when to display by matching
+   number of -v in command line
+-  Modules now get verbosity, diff and other flags as passed to ansible
+-  Mount facts now also show 'network mounts' that use the pattern
+   ``<host>:/<mount>``
+-  Plugins are now sorted before loading. This means, for instance, if
+   you want two custom callback plugins to run in a certain order you
+   can name them 10-first-callback.py and 20-second-callback.py.
+-  Added (alpha) Centirfy's dzdo as another become meethod (privilege
+   escalation)
+
+Deprecations:
+~~~~~~~~~~~~~
+
+-  Deprecated the use of "bare" variables in loops (ie.
+   ``with_items: foo``, where ``foo`` is a variable). The full jinja2
+   variable syntax of ``{{foo}}`` should always be used instead. This
+   warning will be removed completely in 2.3, after which time it will
+   be an error.
+-  play\_hosts magic variable, use ansible\_play\_batch or
+   ansible\_play\_hosts instead.
--- a/changelogs/CHANGELOG-v2.2.rst
+++ b/changelogs/CHANGELOG-v2.2.rst
@ -0,0 +1,515 @@
+==================================================
+Ansible 2.2 "The Battle of Evermore" Release Notes
+==================================================
+2.2.4 "The Battle of Evermore" - TBD
+------------------------------------
+
+-  avoid vault view writing to logs
+-  moved htpasswd module to use LooseVersion vs StrictVersion to make
+   usable on Debian
+-  fix for adhoc not obeying callback options
+
+2.2.3 "The Battle of Evermore" - 05-09-2017
+-------------------------------------------
+
+Major Changes:
+~~~~~~~~~~~~~~
+
+-  [SECURITY] (HIGH): fix for CVE-2017-7466, which was caused by an
+   incomplete cherry-picking of commits related to CVE-2016-9587. This
+   can lead to some jinja2 syntax not being stripped out of templated
+   results.
+-  [SECURITY] (MODERATE): fix for CVE-2017-7481, in which data for
+   lookup plugins used as variables was not being correctly marked as
+   "unsafe".
+
+Minor Changes:
+~~~~~~~~~~~~~~
+
+-  Fixes a bug when using YAML inventory where hosts were not put in the
+   'all' group, and some other 'ungrouped' issues in inventory.
+-  Fixes a bug when using ansible commands without a tty for stdin.
+-  Split on newlines when searching for become prompt.
+-  Fix crash upon pass prompt in py3 when using the paramiko connection
+   type.
+
+2.2.2 "The Battle of Evermore" - 03-27-2017
+-------------------------------------------
+
+Major Changes:
+~~~~~~~~~~~~~~
+
+-  [SECURITY] (HIGH): (continued fix for CVE-2016-9587) Handle some
+   additional corner cases in the way conditionals are parsed and
+   evaluated.
+-  [SECURITY] (LOW): properly filter passwords out of URLs when
+   displaying output from some modules.
+
+Minor Changes:
+~~~~~~~~~~~~~~
+
+-  Fix azure\_rm version checks (#22270).
+-  Fix for traceback when we encounter non-utf8 characters when using
+   --diff.
+-  Ensure ssh hostkey checks respect server port.
+-  Use proper PyYAML classes for safe loading YAML files.
+-  Fix for bug related to when statements for older jinja2 versions.
+-  Fix a bug/traceback when using to\_yaml/to\_nice\_yaml.
+-  Properly clean data of jinja2-like syntax, even if that data came
+   from an unsafe source.
+-  Fix bug regarding undefined entries in HostVars.
+-  Skip fact gathering if the entire play was included via conditional
+   which evaluates to False.
+-  Fixed a performance regression when using a large number of items in
+   a with loop.
+-  Fixed a bug in the way the end of role was detected, which in some
+   cases could cause a role to be run more than once.
+-  Add jinja2 groupby filter override to cast namedtuple to tuple to
+   handle a non-compatible change in jinja2 2.9.4-2.9.5.
+-  Fixed several bugs related to temp directory creation on remote
+   systems when using shell expansions and become privilege escalation.
+-  Fixed a bug related to spliting/parsing the output of a become
+   privilege escalation when looking for a password prompt.
+-  Several unicode/bytes fixes.
+
+2.2.1 "The Battle of Evermore" - 01-16-2017
+-------------------------------------------
+
+Major Changes:
+~~~~~~~~~~~~~~
+
+-  Security fix for CVE-2016-9587 - An attacker with control over a
+   client system being managed by Ansible and the ability to send facts
+   back to the Ansible server could use this flaw to execute arbitrary
+   code on the Ansible server as the user and group Ansible is running
+   as.
+
+Minor Changes
+~~~~~~~~~~~~~
+
+-  Fixes a bug where undefined variables in with\_\* loops would cause a
+   task failure even if the when condition would cause the task to be
+   skipped.
+-  Fixed a bug related to roles where in certain situations a role may
+   be run more than once despite not allowing duplicates.
+-  Fixed some additional bugs related to atomic\_move for modules.
+-  Fixes multiple bugs related to field/attribute inheritance in nested
+   blocks and includes, as well as task iteration logic during failures.
+-  Fixed pip installing packages into virtualenvs using the system pip
+   instead of the virtualenv pip.
+-  Fixed dnf on systems with dnf-2.0.x (some changes in the API).
+-  Fixed traceback with dnf install of groups.
+-  Fixes a bug in which include\_vars was not working with failed\_when.
+-  Fix for include\_vars only loading files with .yml, .yaml, and .json
+   extensions. This was only supposed to apply to loading a directory of
+   vars files.
+-  Fixes several bugs related to properly incrementing the failed count
+   in the host statistics.
+-  Fixes a bug with listening handlers which did not specify a ``name``
+   field.
+-  Fixes a bug with the ``play_hosts`` internal variable, so that it
+   properly reflects the current list of hosts.
+-  Fixes a bug related to the v2\_playbook\_on\_start callback method
+   and legacy (v1) plugins.
+-  Fixes an openssh related process exit race condition, related to the
+   fact that connections using ControlPersist do not close stderr.
+-  Improvements and fixes to OpenBSD fact gathering.
+-  Updated ``make deb`` to use pbuilder. Use ``make local_deb`` for the
+   previous non-pbuilder build.
+-  Fixed Windows async to avoid blocking due to handle inheritance.
+-  Fixed bugs in the mount module on older Linux kernels and \*BSDs
+-  Fix regression in jinja2 include search path.
+-  Various minor fixes for Python 3
+-  Inserted some checks for jinja2-2.9, which can cause some issues with
+   Ansible currently.
+
+2.2 "The Battle of Evermore" - 11-01-2016
+-----------------------------------------
+
+Major Changes:
+~~~~~~~~~~~~~~
+
+-  Security fix for CVE-2016-8628 - Command injection by compromised
+   server via fact variables. In some situations, facts returned by
+   modules could overwrite connection-based facts or some other special
+   variables, leading to injected commands running on the Ansible
+   controller as the user running Ansible (or via escalated
+   permissions).
+-  Security fix for CVE-2016-8614 - apt\_key module not properly
+   validating keys in some situations.
+-  Added the ``listen`` feature for modules. This feature allows tasks
+   to more easily notify multiple handlers, as well as making it easier
+   for handlers from decoupled roles to be notified.
+-  Major performance improvements.
+-  Added support for binary modules
+-  Added the ability to specify serial batches as a list
+   (``serial: [1, 5, 10]``), which allows for so-called "canary" actions
+   in one play.
+-  Fixed 'local type' plugins and actions to have a more predictable
+   relative path. Fixes a regression of 1.9 (PR #16805). Existing users
+   of 2.x will need to adjust related tasks.
+-  ``meta`` tasks can now use conditionals.
+-  ``raw`` now returns ``changed: true`` to be consistent with
+   shell/command/script modules. Add ``changed_when: false`` to ``raw``
+   tasks to restore the pre-2.2 behavior if necessary.
+-  New privilege escalation become method ``ksu``
+-  Windows ``async:`` support for long-running or background tasks.
+-  Windows ``environment:`` support for setting module environment vars
+   in play/task.
+-  Added a new ``meta`` option: ``end_play``, which can be used to skip
+   to the end of a play.
+-  roles can now be included in the middle of a task list via the new
+   ``include_role`` module, this also allows for making the role import
+   'loopable' and/or conditional.
+-  The service module has been changed to use system specific modules if
+   they exist and fall back to the old service module if they cannot be
+   found or detected.
+-  Add ability to specify what ssh client binary to use on the
+   controller. This can be configured via ssh\_executable in the ansible
+   config file or by setting ansible\_ssh\_executable as an inventory
+   variable if different ones are needed for different hosts.
+-  Windows:
+-  several facts were modified or renamed for consistency with their
+   Unix counterparts, and many new facts were added. If your playbooks
+   rely on any of the following keys, please ensure they are using the
+   correct key names and/or values:
+
+   -  ansible\_date\_time.date (changed to use yyyy-mm-dd format instead
+      of default system-locale format)
+   -  ansible\_date\_time.iso8601 (changed to UTC instead of local time)
+   -  ansible\_distribution (now uses OS caption string, e.g.:
+      "Microsoft Windows Server 2012 R2 Standard", version is still
+      available on ansible\_distribution\_version)
+   -  ansible\_totalmem (renamed to ansible\_memtotal\_mb, units changed
+      to MB instead of bytes)
+
+-  ``async:`` support for long-running or background tasks.
+-  ``environment:`` support for setting module environment vars in
+   play/task.
+-  Tech Preview: Work has been done to get Ansible running under
+   Python3. This work is not complete enough to depend upon in
+   production environments but it is enough to begin testing it.
+-  Most of the controller side should now work. Users should be able to
+   run python3 /usr/bin/ansible and python3 /usr/bin/ansible-playbook
+   and have core features of ansible work.
+-  A few of the most essential modules have been audited and are known
+   to work. Others work out of the box.
+-  We are using unit and integration tests to help us port code and not
+   regress later. Even if you are not familiar with python you can still
+   help by contributing integration tests (just ansible roles) that
+   exercise more of the code to make sure it continues to run on both
+   Python2 and Python3.
+-  scp\_if\_ssh now supports True, False and "smart". "smart" is the
+   default and will retry failed sftp transfers with scp.
+-  Network:
+-  Refactored all network modules to remove duplicate code and take
+   advantage of Ansiballz implementation
+-  All functionality from \*\_template network modules have been
+   combined into \*\_config module
+-  Network \*\_command modules not longer allow configuration mode
+   statements
+
+New Modules
+^^^^^^^^^^^
+
+-  apache2\_mod\_proxy
+-  asa
+-  asa\_acl
+-  asa\_command
+-  asa\_config
+-  atomic
+-  atomic\_host
+-  atomic\_image
+-  aws
+-  cloudformation\_facts
+-  ec2\_asg\_facts
+-  ec2\_customer\_gateway
+-  ec2\_lc\_find
+-  ec2\_vpc\_dhcp\_options\_facts
+-  ec2\_vpc\_nacl
+-  ec2\_vpc\_nacl\_facts
+-  ec2\_vpc\_nat\_gateway
+-  ec2\_vpc\_peer
+-  ec2\_vpc\_vgw
+-  efs
+-  efs\_facts
+-  execute\_lambda
+-  iam\_mfa\_device\_facts
+-  iam\_server\_certificate\_facts
+-  kinesis\_stream
+-  lambda
+-  lambda\_alias
+-  lambda\_event
+-  lambda\_facts
+-  redshift
+-  redshift\_subnet\_group
+-  s3\_website
+-  sts\_session\_token
+-  cloudstack
+-  cs\_router
+-  cs\_snapshot\_policy
+-  dellos6
+-  dellos6\_command
+-  dellos6\_config
+-  dellos6\_facts
+-  dellos9
+-  dellos9\_command
+-  dellos9\_config
+-  dellos9\_facts
+-  dellos10
+-  dellos10\_command
+-  dellos10\_config
+-  dellos10\_facts
+-  digital\_ocean\_block\_storage
+-  docker
+-  docker\_network
+-  eos
+-  eos\_facts
+-  exoscale:
+-  exo\_dns\_domain
+-  exo\_dns\_record
+-  f5:
+-  bigip\_device\_dns
+-  bigip\_device\_ntp
+-  bigip\_device\_sshd
+-  bigip\_gtm\_datacenter
+-  bigip\_gtm\_virtual\_server
+-  bigip\_irule
+-  bigip\_routedomain
+-  bigip\_selfip
+-  bigip\_ssl\_certificate
+-  bigip\_sys\_db
+-  bigip\_vlan
+-  github
+-  github\_key
+-  github\_release
+-  google
+-  gcdns\_record
+-  gcdns\_zone
+-  gce\_mig
+-  honeybadger\_deployment
+-  illumos
+-  dladm\_etherstub
+-  dladm\_vnic
+-  flowadm
+-  ipadm\_if
+-  ipadm\_prop
+-  ipmi
+-  ipmi\_boot
+-  ipmi\_power
+-  ios
+-  ios\_facts
+-  iosxr
+-  iosxr\_facts
+-  include\_role
+-  jenkins
+-  jenkins\_job
+-  jenkins\_plugin
+-  kibana\_plugin
+-  letsencrypt
+-  logicmonitor
+-  logicmonitor\_facts
+-  lxd
+-  lxd\_profile
+-  lxd\_container
+-  netapp
+-  netapp\_e\_amg
+-  netapp\_e\_amg\_role
+-  netapp\_e\_amg\_sync
+-  netapp\_e\_auth
+-  netapp\_e\_facts
+-  netapp\_e\_flashcache
+-  netapp\_e\_hostgroup
+-  netapp\_e\_host
+-  netapp\_e\_lun\_mapping
+-  netapp\_e\_snapshot\_group
+-  netapp\_e\_snapshot\_images
+-  netapp\_e\_snapshot\_volume
+-  netapp\_e\_storage\_system
+-  netapp\_e\_storagepool
+-  netapp\_e\_volume
+-  netapp\_e\_volume\_copy
+-  netconf\_config
+-  netvisor
+-  pn\_cluster
+-  pn\_ospfarea
+-  pn\_ospf
+-  pn\_show
+-  pn\_trunk
+-  pn\_vlag
+-  pn\_vlan
+-  pn\_vrouterbgp
+-  pn\_vrouterif
+-  pn\_vrouterlbif
+-  pn\_vrouter
+-  nxos
+-  nxos\_aaa\_server\_host
+-  nxos\_aaa\_server
+-  nxos\_acl\_interface
+-  nxos\_acl
+-  nxos\_bgp\_af
+-  nxos\_bgp\_neighbor\_af
+-  nxos\_bgp\_neighbor
+-  nxos\_bgp
+-  nxos\_evpn\_global
+-  nxos\_evpn\_vni
+-  nxos\_file\_copy
+-  nxos\_gir\_profile\_management
+-  nxos\_gir
+-  nxos\_hsrp
+-  nxos\_igmp\_interface
+-  nxos\_igmp
+-  nxos\_igmp\_snooping
+-  nxos\_install\_os
+-  nxos\_interface\_ospf
+-  nxos\_mtu
+-  nxos\_ntp\_auth
+-  nxos\_ntp\_options
+-  nxos\_ntp
+-  nxos\_ospf
+-  nxos\_ospf\_vrf
+-  nxos\_overlay\_global
+-  nxos\_pim\_interface
+-  nxos\_pim
+-  nxos\_pim\_rp\_address
+-  nxos\_portchannel
+-  nxos\_rollback
+-  nxos\_smu
+-  nxos\_snapshot
+-  nxos\_snmp\_community
+-  nxos\_snmp\_contact
+-  nxos\_snmp\_host
+-  nxos\_snmp\_location
+-  nxos\_snmp\_traps
+-  nxos\_snmp\_user
+-  nxos\_static\_route
+-  nxos\_udld\_interface
+-  nxos\_udld
+-  nxos\_vpc\_interface
+-  nxos\_vpc
+-  nxos\_vrf\_af
+-  nxos\_vtp\_domain
+-  nxos\_vtp\_password
+-  nxos\_vtp\_version
+-  nxos\_vxlan\_vtep
+-  nxos\_vxlan\_vtep\_vni
+-  mssql\_db
+-  ovh\_ip\_loadbalancing\_backend
+-  opendj\_backendprop
+-  openstack
+-  os\_keystone\_service
+-  os\_recordset
+-  os\_server\_group
+-  os\_stack
+-  os\_zone
+-  ovirt
+-  ovirt\_auth
+-  ovirt\_disks
+-  ovirt\_vms
+-  rhevm
+-  rocketchat
+-  sefcontext
+-  sensu\_subscription
+-  smartos
+-  smartos\_image\_facts
+-  sros
+-  sros\_command
+-  sros\_config
+-  sros\_rollback
+-  statusio\_maintenance
+-  systemd
+-  telegram
+-  univention
+-  udm\_dns\_record
+-  udm\_dns\_zone
+-  udm\_group
+-  udm\_share
+-  udm\_user
+-  vmware
+-  vmware\_guest
+-  vmware\_local\_user\_manager
+-  vmware\_vmotion
+-  vyos
+-  vyos\_command
+-  vyos\_config
+-  vyos\_facts
+-  wakeonlan
+-  windows
+-  win\_command
+-  win\_robocopy
+-  win\_shell
+
+New Callbacks
+^^^^^^^^^^^^^
+
+-  foreman
+
+Minor Changes
+~~~~~~~~~~~~~
+
+-  now -vvv shows exact path from which 'currently executing module' was
+   picked up from.
+-  loop\_control now has a label option to allow fine grained control
+   what gets displayed per item
+-  loop\_control now has a pause option to allow pausing for N seconds
+   between loop iterations of a task.
+-  New privilege escalation become method ``ksu``
+-  ``raw`` now returns ``changed: true`` to be consistent with
+   shell/command/script modules. Add ``changed_when: false`` to ``raw``
+   tasks to restore the pre-2.2 behavior if necessary.
+-  removed previously deprecated ';' as host list separator.
+-  Only check if the default ssh client supports ControlPersist once
+   instead of once for each host + task combination.
+-  Fix a problem with the pip module updating the python pip package
+   itself.
+-  ansible\_play\_hosts is a new magic variable to provide a list of
+   hosts in scope for the current play. Unlike play\_hosts it is not
+   subject to the 'serial' keyword.
+-  ansible\_play\_batch is a new magic variable meant to substitute the
+   current play\_hosts.
+-  The subversion module from core now marks its password parameter as
+   no\_log so the password is obscured when logging.
+-  The postgresql\_lang and postgresql\_ext modules from extras now mark
+   login\_password as no\_log so the password is obscured when logging.
+-  Fix for yum module incorrectly thinking it succeeded in installing
+   packages
+-  Make the default ansible\_managed template string into a static
+   string since all of the replacable values lead to non-idempotent
+   behaviour.
+
+For custom front ends using the API:
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  ansible.parsing.vault:
+-  VaultLib.is\_encrypted() has been deprecated. It will be removed in
+   2.4. Use ansible.parsing.vault.is\_encrypted() instead
+-  VaultFile has been removed. This unfinished code was never used
+   inside of Ansible. The feature it was intended to support has now
+   been implemented without using this.
+-  VaultAES, the older, insecure encrypted format that debuted in
+   Ansible-1.5 and was replaced by VaultAES256 less than a week later,
+   now has a deprecation warning. **It will be removed in 2.3**. In the
+   unlikely event that you wrote a vault file in that 1 week window and
+   have never modified the file since (ansible-vault automatically
+   re-encrypts the file using VaultAES256 whenever it is written to but
+   not read), run ``ansible-vault rekey [filename]`` to move to
+   VaultAES256.
+
+Removed Deprecated
+~~~~~~~~~~~~~~~~~~
+
+-  ';' as host list separator.
+-  with\_ 'bare variable' handling, now loop items must always be
+   templated ``{{ }}`` or they will be considered as plain strings.
+-  skipping task on 'missing attribute' in loop variable, now in a loop
+   an undefined attribute will return an error instead of skipping the
+   task.
+-  skipping on undefined variables in loop, now loops will have to
+   define a variable or use ``|default`` to avoid errors.
+
+Deprecations
+~~~~~~~~~~~~
+
+Notice given that the following will be removed in Ansible 2.4: \*
+Modules \* eos\_template \* ios\_template \* iosxr\_template \*
+junos\_template \* nxos\_template \* ops\_template
--- a/changelogs/CHANGELOG-v2.3.rst
+++ b/changelogs/CHANGELOG-v2.3.rst
@ -0,0 +1,581 @@
+=====================================
+Ansible 2.3 "Ramble On" Release Notes
+=====================================
+2.3.4 "Ramble On" - TBD
+-----------------------
+
+-  Flush stdin when passing the become password. Fixes some cases of
+   timeout on Python3 with the ssh connection plugin:
+   https://github.com/ansible/ansible/pull/35049
+
+Bugfixes
+~~~~~~~~
+
+-  Fix setting of environment in a task that uses a loop:
+   https://github.com/ansible/ansible/issues/32685
+-  Fix https retrieval with TLSv1.2:
+   https://github.com/ansible/ansible/pull/32053
+
+2.3.3 "Ramble On" - TBD
+-----------------------
+
+Bugfixes
+~~~~~~~~
+
+-  Security fix for CVE-2017-7550 the jenkins\_plugin module was logging
+   the jenkins server password if the url\_password was passed via the
+   params field: https://github.com/ansible/ansible/pull/30875
+-  Fix alternatives module handlling of non existing options
+-  Fix synchronize traceback with the docker connection plugin
+-  Do not escape backslashes in the template lookup plugin to mirror
+   what the template module does
+-  Fix the expires option of the postgresq\_user module
+-  Fix for win\_acl when settings permissions on registry objects that
+   use ``ALL APPLICATION PACKAGES`` and
+   ``ALL RESTRICTED APPLICATION PACKAGES``
+-  Python3 fixes
+-  asorted azure modules
+-  pause module
+-  hacking/env-setup script
+-  Fix traceback when checking for passwords in logged strings when
+   logging executed commands.
+-  docker\_login module
+-  Workaround python-libselinux API change in the seboolean module
+-  digital\_ocean\_tag module
+-  Fix the zip filter
+-  Fix user module combining bytes and text
+-  Fix for security groups in the amazon efs module
+-  Fix for the jail connection plugin not finding the named jail
+-  Fix for blockinfile's parameters insertbefore and insertafter
+-  ios\_config: Fix traceback when the efaults parameter is not set
+-  iosxr\_config: Fixed unicode error when UTF-8 characters are in
+   configs
+-  Fix check mode in archive module
+-  Fix UnboundLocalError in check mode in cs\_role module
+-  Fix to always use lowercase hostnames for host keys in known\_hosts
+   module
+-  Added missing return results for win\_stat
+-  Fix rabbitmq modules to give a helpful error if requests is not
+   installed
+-  Fix yum module not deleting rpms that it downloaded
+-  Fix yum module failing with a URL to an rpm
+-  Fix file module inappropriately expanding literal dollar signs in a
+   path read from the filesystem as an environment variable.
+-  Fix the ssh "smart" transport setting which automatically selects the
+   best means of transferring files over ssh (sftp, ssh, piped).
+-  Fix authentication by api\_key parameter in exoscale modules.
+-  vmware module\_utils shared code ssl/validate\_certs fixes in
+   connection logic
+-  allow 'bridge' facts to work for certain containers that create
+   conflicting ones with connection plugins
+-  Fix for win\_get\_url to use TLS 1.2/1.1 if it is available on the
+   host
+-  Fix for the filetree lookup with non-ascii group names
+-  Better message for invalid keywords/options in task due to undefined
+   expressions
+-  Fixed check mode for enable on Solaris for service module
+-  Fix cloudtrail module to allow AWS profiles other than the default
+-  Fix an encoding issue with secret (password) vars\_prompts
+-  Fix for Windows become to show the stdout and stderr strings on a
+   failure
+-  Fix the issue SSL verification can not be disabled for Tower modules
+-  Use safe\_load instead on load to read a yaml document
+-  Fix for win\_file to respect check mode when deleting directories
+-  Include\_role now complains about invalid arguments
+-  Added socket conditions to ignore for wait\_for, no need to error for
+   closing already closed connection
+-  Updated hostname module to work on newer RHEL7 releases
+-  Security fix to avoid provider password leaking in logs for network
+   modules
+
+ \* Python3 fixes for azure modules
+
+2.3.2 "Ramble On" - 2017-08-04
+------------------------------
+
+Bugfixes
+~~~~~~~~
+
+-  Fix partend i18n issues
+-  fixed handling of extra vars for tower\_job\_template (#25272)
+-  Python3 bugfixes
+-  Fix sorting of ec2 policies
+-  Fix digital\_ocean dynamic inventory script
+-  Fix for the docker connection plugin
+-  Fix pip module when using python3's pyvenv and python3 -m venv to
+   create virtualenvs
+-  Fix for the AnsiBallZ wrapper so that it gives a better error message
+   when there's not enough disk space to create its tempdir.
+-  Fix so ansilbe-galaxy install --force with unversioned roles will
+   once again overwrite old versions.
+-  Fix for RabbitMQ 3.6.7 endpoint return code changing.
+-  Fix for Foreman organization creation
+-  fixed incorrect fail\_json ref in rpm\_key
+-  Corrected requried on hash\_name for dynamodb\_table
+-  Fix for fetch action plugin not validating correctly
+-  Avoid vault view writing display to logs
+-  htpasswd: fix passlib module version comparison
+-  Fix for flowdock error message when external\_user\_name is missing
+-  fixed corner case for delegate\_to, loops and delegate\_facts
+-  fixed wait\_for python2.4/2.5 compatibility (this is last version
+   this is needed)
+-  fix for adhoc not obeying callback options
+-  fix for win\_find where it fails to recursively scan empty nested
+   directories
+-  fix non-pipelined code paths for Windows (eg,
+   ANSIBLE\_KEEP\_REMOTE\_FILES, non-pipelined connection plugins)
+-  fix for win\_updates where args and check mode were ignored due to
+   common code change
+-  fix for unprivileged users to Windows runas become method
+-  fix starttls code path for mail module
+-  fix missing LC\_TYPE in parted module
+-  fix CN parsing with OpenSSL 1.1 in letsencrypt module
+-  fix params assignment in jabber module
+-  fix TXT record type handling in exo\_dns\_record module
+-  fix message queue message ttl can't be 0 in rabbitmq\_queue module
+-  CloudStack bugfixes:
+-  fix template upload for users in cs\_template module, change default
+   to is\_routing=None
+-  several fixes in cs\_host module fixes hypervisor handling
+-  fix network param ignored due typo in cs\_nic module
+-  fix missing type bool in module cs\_zone
+-  fix KeyError: 'sshkeypair' in cs\_instance module for CloudStack v4.5
+   and before
+-  fix for win\_chocolatey where trying to upgrade all the packages as
+   per the example docs fails
+-  fix for win\_chocolatey where it did not fail if the version set did
+   not exist
+-  fix for win\_regedit always changing a reg key if the dword values
+   set is a hex
+-  fix for wait\_for on non-Linux systems with newer versions of psutil
+-  fix eos\_banner code and test issues
+-  run tearup and teardown of EAPI service only on EAPI tests
+-  fix eos\_config tests so only Eth1 and Eth2 are used
+-  Fix for potential bug when using legacy inventory vars for
+   configuring the su password.
+-  Fix crash in file module when directories contain non-utf8 filenames
+-  Fix for dnf groupinstall with dnf-2.x
+-  Fix seboolean module for incompatibility in newer Python3 selinux
+   bindings
+-  Optimization for inventory, no need to dedup at every stage, its
+   redundant and slow
+-  Fix fact gathering for package and service action plugins
+-  make random\_choice more error resilient (#27380)
+-  ensure prefix in plugin loading to avoid conflicts
+-  fix for a small number of modules (tempfile, possibly copy) which
+   could fail if the tempdir on the remote box was a symlink
+-  fix non-pipelined code paths for Windows (eg,
+   ANSIBLE\_KEEP\_REMOTE\_FILES, non-pipelined connection plugins)
+-  fix for win\_updates where args and check mode were ignored due to
+   common code change
+
+2.3.1 "Ramble On" - 2017-06-01
+------------------------------
+
+Bugfixes
+~~~~~~~~
+
+-  Security fix for CVE-2017-7481 - data for lookup plugins used as
+   variables was not being correctly marked as "unsafe".
+-  Fix default value of fetch module's validate\_checksum to be True
+-  Added fix for "meta: refresh\_connection" not working with default
+   'smart' connection.
+-  Fix template so that the --diff command line option works when the
+   destination is a directory
+-  Fix python3 bugs in pam\_limits
+-  Fix unbound error when using module deprecation as a single string
+-  Several places in which error handling was broken due to bad
+   conversions or just typos
+-  Fix to user module for appending/setting groups on OpenBSD (flags
+   were reversed)
+-  assemble fix to use safer os.join.path, avoids charset issues
+-  fixed issue with solaris facts and i18n
+-  added python2.4 compatiblity fix to sysctl module
+-  Fix comparison of exisiting container security opts in the
+   docker\_container module
+-  fixed service module invocation of insserv on certain platforms
+-  Fix traceback in os\_user in an error case.
+-  Fix docker container to restart a container when changing to fewer
+   exposed ports
+-  Fix tracebacks in docker\_network
+-  Fixes to detection of updated docker images
+-  Handle detection of docker image changes when published ports is
+   changed
+-  Fix for docker\_container restarting images when links list is empty.
+
+2.3 "Ramble On" - 2017-04-12
+----------------------------
+
+Moving to Ansible 2.3 guide
+http://docs.ansible.com/ansible/porting\_guide\_2.3.html
+
+Major Changes
+~~~~~~~~~~~~~
+
+-  Documented and renamed the previously released 'single var vaulting'
+   feature, allowing user to use vault encryption for single variables
+   in a normal YAML vars file.
+-  Allow module\_utils for custom modules to be placed in site-specific
+   directories and shipped in roles
+-  On platforms that support it, use more modern system polling API
+   instead of select in the ssh connection plugin. This removes one
+   limitation on how many parallel forks are feasible on these systems.
+-  Windows/WinRM supports (experimental) become method "runas" to run
+   modules and scripts as a different user, and to transparently access
+   network resources.
+-  The WinRM connection plugin now uses pipelining when executing
+   modules, resulting in significantly faster execution for small tasks.
+-  The WinRM connection plugin can now manage Kerberos tickets
+   automatically when ``ansible_winrm_transport=kerberos`` and
+   ``ansible_user``/``ansible_password`` are specified.
+-  Refactored/standardized most Windows modules, adding check-mode and
+   diff support where possible.
+-  Extended Windows module API with parameter-type support, helper
+   functions. (i.e. Expand-Environment, Add-Warning,
+   Add-DeprecatationWarning)
+-  restructured how async works to allow it to apply to action plugins
+   that choose to support it.
+
+Minor Changes
+~~~~~~~~~~~~~
+
+-  The version and release facts for OpenBSD hosts were reversed. This
+   has been changed so that version has the numeric portion and release
+   has the name of the release.
+-  removed 'package' from default squash actions as not all package
+   managers support it and it creates errors when using loops, any user
+   can add back via config options if they don't use those package
+   managers or otherwise avoid the errors.
+-  Blocks can now have a ``name`` field, to aid in playbook readability.
+-  default strategy is now configurable via ansible.cfg or environment
+   variable.
+-  Added 'ansible\_playbook\_python' which contains 'current python
+   executable', it can be blank in some cases in which Ansible is not
+   invoked via the standard CLI (sys.executable limitation).
+-  Added 'metadata' to modules to enable classification
+-  ansible-doc now displays path to module and existing 'metadata'
+-  added optional 'piped' transfer method to ssh plugin for when scp and
+   sftp are missing, ssh plugin is also now 'smarter' when using these
+   options
+-  default controlpersist path is now a custom hash of host-port-user to
+   avoid the socket path length errors for long hostnames
+-  Various fixes for Python3 compatibility
+-  Fixed issues with inventory formats not handling 'all' and
+   'ungrouped' in an uniform way.
+-  'service' tasks can now use async again, we had lost this capability
+   when changed into an action plugin.
+-  made any\_errors\_fatal inheritable from play to task and all other
+   objects in between.
+-  many small performance improvements in inventory and variable
+   handling and in task execution.
+-  Added a retry class to the ec2\_asg module since customers were
+   running into throttling errors (AWSRetry is a solution for modules
+   using boto3 which isn't applicable here).
+
+Deprecations
+~~~~~~~~~~~~
+
+-  Specifying --tags (or --skip-tags) multiple times on the command line
+   currently leads to the last one overriding all the previous ones.
+   This behaviour is deprecated. In the future, if you specify --tags
+   multiple times the tags will be merged together. From now on, using
+   --tags multiple times on one command line will emit a deprecation
+   warning. Setting the merge\_multiple\_cli\_tags option to True in the
+   ansible.cfg file will enable the new behaviour. In 2.4, the default
+   will be to merge and you can enable the old overwriting behaviour via
+   the config option. In 2.5, multiple --tags options will be merged
+   with no way to go back to the old behaviour.
+
+-  Modules (scheduled for removal in 2.5)
+-  ec2\_vpc
+-  cl\_bond
+-  cl\_bridge
+-  cl\_img\_install
+-  cl\_interface
+-  cl\_interface\_policy
+-  cl\_license
+-  cl\_ports
+-  nxos\_mtu, use nxos\_system instead
+
+New: Callbacks
+^^^^^^^^^^^^^^
+
+-  dense: minimal stdout output with fallback to default when verbose
+
+New: lookups
+^^^^^^^^^^^^
+
+-  keyring: allows getting password from the 'controller' system's
+   keyrings
+
+New: cache
+^^^^^^^^^^
+
+-  pickle (uses python's own serializer)
+-  yaml
+
+New: inventory scripts
+^^^^^^^^^^^^^^^^^^^^^^
+
+-  oVirt/RHV
+
+New: filters
+^^^^^^^^^^^^
+
+-  combinations
+-  permutations
+-  zip
+-  zip\_longest
+
+Module Notes
+~~~~~~~~~~~~
+
+-  AWS lambda: previously ignored changes that only affected one
+   parameter. Existing deployments may have outstanding changes that
+   this bugfix will apply.
+-  oVirt/RHV: Added support for 4.1 features and the following:
+-  data centers, clusters, hosts, storage domains and networks
+   management.
+-  hosts and virtual machines affinity groups and labels.
+-  users, groups and permissions management.
+-  Improved virtual machines and disks management.
+-  Mount: Some fixes so bind mounts are not mounted each time the
+   playbook runs.
+
+New Modules
+~~~~~~~~~~~
+
+-  a10\_server\_axapi3
+-  amazon:
+-  aws\_kms
+-  cloudfront\_facts
+-  ec2\_group\_facts
+-  ec2\_lc\_facts
+-  ec2\_vpc\_igw\_facts
+-  ec2\_vpc\_nat\_gateway\_facts
+-  ec2\_vpc\_vgw\_facts
+-  ecs\_ecr
+-  elasticache\_parameter\_group
+-  elasticache\_snapshot
+-  iam\_role
+-  s3\_sync
+-  archive
+-  beadm
+-  bigswitch:
+-  bigmon\_chain
+-  bigmon\_policy
+-  cloudengine:
+-  ce\_command
+-  cloudscale\_server
+-  cloudstack:
+-  cs\_host
+-  cs\_nic
+-  cs\_region
+-  cs\_role
+-  cs\_vpc
+-  dimensiondata\_network
+-  eos:
+-  eos\_banner
+-  eos\_system
+-  eos\_user
+-  f5:
+-  bigip\_gtm\_facts
+-  bigip\_hostname
+-  bigip\_snat\_pool
+-  bigip\_sys\_global
+-  foreman:
+-  foreman
+-  katello
+-  fortios
+-  fortios\_config
+-  gconftool2
+-  google:
+-  gce\_eip
+-  gce\_snapshot
+-  gcpubsub
+-  gcpubsub\_facts
+-  hpilo:
+-  hpilo\_boot
+-  hpilo\_facts
+-  hponcfg
+-  icinga2\_feature
+-  illumos:
+-  dladm\_iptun
+-  dladm\_linkprop
+-  dladm\_vlan
+-  ipadm\_addr
+-  ipadm\_addrprop
+-  ipadm\_ifprop
+-  infinidat:
+-  infini\_export
+-  infini\_export\_client
+-  infini\_fs
+-  infini\_host
+-  infini\_pool
+-  infini\_vol
+-  ipa:
+-  ipa\_group
+-  ipa\_hbacrule
+-  ipa\_host
+-  ipa\_hostgroup
+-  ipa\_role
+-  ipa\_sudocmd
+-  ipa\_sudocmdgroup
+-  ipa\_sudorule
+-  ipa\_user
+-  ipinfoio\_facts
+-  ios:
+-  ios\_banner
+-  ios\_system
+-  ios\_vrf
+-  iosxr\_system
+-  iso\_extract
+-  java\_cert
+-  jenkins\_script
+-  ldap:
+-  ldap\_attr
+-  ldap\_entry
+-  logstash\_plugin
+-  mattermost
+-  net\_command
+-  netapp:
+-  sf\_account\_manager
+-  sf\_snapshot\_schedule\_manager
+-  sf\_volume\_manager
+-  sf\_volume\_access\_group\_manager
+-  nginx\_status\_facts
+-  nsupdate
+-  omapi\_host
+-  openssl:
+-  openssl\_privatekey
+-  openssl\_publickey
+-  openstack:
+-  os\_nova\_host\_aggregate
+-  os\_quota
+-  openwrt\_init
+-  ordnance:
+-  ordnance\_config
+-  ordnance\_facts
+-  ovirt:
+-  ovirt\_affinity\_groups
+-  ovirt\_affinity\_labels
+-  ovirt\_affinity\_labels\_facts
+-  ovirt\_clusters
+-  ovirt\_clusters\_facts
+-  ovirt\_datacenters
+-  ovirt\_datacenters\_facts
+-  ovirt\_external\_providers
+-  ovirt\_external\_providers\_facts
+-  ovirt\_groups
+-  ovirt\_groups\_facts
+-  ovirt\_host\_networks
+-  ovirt\_host\_pm
+-  ovirt\_hosts
+-  ovirt\_hosts\_facts
+-  ovirt\_mac\_pools
+-  ovirt\_networks
+-  ovirt\_networks\_facts
+-  ovirt\_nics
+-  ovirt\_nics\_facts
+-  ovirt\_permissions
+-  ovirt\_permissions\_facts
+-  ovirt\_quotas
+-  ovirt\_quotas\_facts
+-  ovirt\_snapshots
+-  ovirt\_snapshots\_facts
+-  ovirt\_storage\_domains
+-  ovirt\_storage\_domains\_facts
+-  ovirt\_tags
+-  ovirt\_tags\_facts
+-  ovirt\_templates
+-  ovirt\_templates\_facts
+-  ovirt\_users
+-  ovirt\_users\_facts
+-  ovirt\_vmpools
+-  ovirt\_vmpools\_facts
+-  ovirt\_vms\_facts
+-  pacemaker\_cluster
+-  packet:
+-  packet\_device
+-  packet\_sshkey
+-  pamd
+-  panos:
+-  panos\_address
+-  panos\_admin
+-  panos\_admpwd
+-  panos\_cert\_gen\_ssh
+-  panos\_check
+-  panos\_commit
+-  panos\_dag
+-  panos\_import
+-  panos\_interface
+-  panos\_lic
+-  panos\_loadcfg
+-  panos\_mgtconfig
+-  panos\_nat\_policy
+-  panos\_pg
+-  panos\_restart
+-  panos\_security\_policy
+-  panos\_service
+-  postgresql\_schema
+-  proxmox\_kvm
+-  proxysql:
+-  proxysql\_backend\_servers
+-  proxysql\_global\_variables
+-  proxysql\_manage\_config
+-  proxysql\_mysql\_users
+-  proxysql\_query\_rules
+-  proxysql\_replication\_hostgroups
+-  proxysql\_scheduler
+-  pubnub\_blocks
+-  pulp\_repo
+-  runit
+-  serverless
+-  set\_stats
+-  panos:
+-  panos\_security\_policy
+-  smartos:
+-  imgadm
+-  vmadm
+-  sorcery
+-  stacki\_host
+-  swupd
+-  tempfile
+-  tower:
+-  tower\_credential
+-  tower\_group
+-  tower\_host
+-  tower\_inventory
+-  tower\_job\_template
+-  tower\_label
+-  tower\_organization
+-  tower\_project
+-  tower\_role
+-  tower\_team
+-  tower\_user
+-  vmware:
+-  vmware\_guest\_facts
+-  vmware\_guest\_snapshot
+-  web\_infrastructure:
+-  jenkins\_script
+-  system
+-  parted
+-  windows:
+-  win\_disk\_image
+-  win\_dns\_client
+-  win\_domain
+-  win\_domain\_controller
+-  win\_domain\_membership
+-  win\_find
+-  win\_msg
+-  win\_path
+-  win\_psexec
+-  win\_reg\_stat
+-  win\_region
+-  win\_say
+-  win\_shortcut
+-  win\_tempfile
+-  xbps
+-  zfs:
+-  zfs\_facts
+-  zpool\_facts
--- a/changelogs/CHANGELOG-v2.4.rst
+++ b/changelogs/CHANGELOG-v2.4.rst
--- a/changelogs/CHANGELOG-v2.5.rst
+++ b/changelogs/CHANGELOG-v2.5.rst
--- a/changelogs/config.yaml
+++ b/changelogs/config.yaml
@ -0,0 +1,18 @@
+---
+release_tag_re: '(v(?:[\d.ab\-]|rc)+)'
+pre_release_tag_re: '(?P<pre_release>(?:[ab]|rc)+\d*)$'
+notesdir: fragments
+prelude_section_name: release_summary
+sections:
+- ['major_changes', 'Major Changes']
+- ['minor_changes', 'Minor Changes']
+- ['deprecated_features', 'Deprecated Features']
+- ['removed_features', 'Removed Features (previously deprecated)']
+- ['new_lookup_plugins', 'New Lookup Plugins']
+- ['new_callback_plugins', 'New Callback Plugins']
+- ['new_connection_plugins', 'New Connection Plugins']
+- ['new_test_plugins', 'New Test Plugins']
+- ['new_filter_plugins', 'New Filter Plugins']
+- ['new_modules', 'New Modules']
+- ['bugfixes', 'Bugfixes']
+- ['known_issues', 'Known Issues']
--- a/changelogs/fragments/30786-verbose_info_on_os_stack_error.yaml
+++ b/changelogs/fragments/30786-verbose_info_on_os_stack_error.yaml
@ -0,0 +1,2 @@
+bugfixes:
+- openstack.os_stack - extend failure message with the server response (https://github.com/ansible/ansible/pull/39660).
--- a/changelogs/fragments/36980-eos_check_mode_without_config_session.yaml
+++ b/changelogs/fragments/36980-eos_check_mode_without_config_session.yaml
@ -0,0 +1,2 @@
+bugfixes:
+- EOS can not check configuration without use of config session (ANSIBLE_EOS_USE_SESSIONS=0). Fix is to throw error when hiting into this exception case. Configs would neither be checked nor be played on the eos device.
--- a/changelogs/fragments/37056-vmware_guest_no_permission.yaml
+++ b/changelogs/fragments/37056-vmware_guest_no_permission.yaml
@ -0,0 +1,2 @@
+bugfixes:
+- Adds exception handling which is raised when user does not have correct set of permissions/privileges to read virtual machine facts.
--- a/changelogs/fragments/37651-onxy_pfc_interface-onyx-version-3.6.0.yaml
+++ b/changelogs/fragments/37651-onxy_pfc_interface-onyx-version-3.6.0.yaml
@ -0,0 +1,2 @@
+bugfixes:
+- onyx_pfc_interface - Add support for changes in pfc output in onyx 3.6.6000 https://github.com/ansible/ansible/pull/37651
--- a/changelogs/fragments/38167-onxy_linkagg-add-support-for-onyx-version-3.6.0.yaml
+++ b/changelogs/fragments/38167-onxy_linkagg-add-support-for-onyx-version-3.6.0.yaml
@ -0,0 +1,2 @@
+bugfixes:
+- Fix mlag summary json parsing for onyx version 3.6.6000 and above https://github.com/ansible/ansible/pull/38191
--- a/changelogs/fragments/38290-doc_update_vmware_guest_find.yaml
+++ b/changelogs/fragments/38290-doc_update_vmware_guest_find.yaml
@ -0,0 +1,2 @@
+bugfixes:
+- Update documentation related to datacenter in vmware_guest_find module. Mark datacenter as optional.
--- a/changelogs/fragments/38398-vmware_guest_typecast_vlan.yaml
+++ b/changelogs/fragments/38398-vmware_guest_typecast_vlan.yaml
@ -0,0 +1,2 @@
+bugfixes:
+- vmware_guest - typecast VLAN ID to match various conditions. (https://github.com/ansible/ansible/pull/39793)
--- a/changelogs/fragments/38466-vmware_guest_set_dhcp_as_default.yaml
+++ b/changelogs/fragments/38466-vmware_guest_set_dhcp_as_default.yaml
@ -0,0 +1,2 @@
+bugfixes:
+- Set default network type as 'dhcp' if user has not specified any.
--- a/changelogs/fragments/38654-update_vmware_cfg_backup_variable_usage.yml
+++ b/changelogs/fragments/38654-update_vmware_cfg_backup_variable_usage.yml
@ -0,0 +1,2 @@
+bugfixes:
+- Changed hostname variable in order for the esxi host to be found when authentication against a vcenter was done.
--- a/changelogs/fragments/38671-nmcli_autoconnect_value_correction.yaml
+++ b/changelogs/fragments/38671-nmcli_autoconnect_value_correction.yaml
@ -0,0 +1,2 @@
+bugfixes:
+- nmcli change default value of autoconnect
--- a/changelogs/fragments/38941-vmware_guest_update_cpu_memory_if_required.yaml
+++ b/changelogs/fragments/38941-vmware_guest_update_cpu_memory_if_required.yaml
@ -0,0 +1,2 @@
+bugfixes:
+- vmware_guest - Do not update cpu/memory allocation in configspec if there is no change (https://github.com/ansible/ansible/pull/39865)
--- a/changelogs/fragments/39138-facts-fix_virtualization_facts_for_vmware_linux.yaml
+++ b/changelogs/fragments/39138-facts-fix_virtualization_facts_for_vmware_linux.yaml
@ -0,0 +1,2 @@
+bugfixes:
+- Fix unset 'ansible_virtualization_role' fact while setting virtualization facts for real hardware.
--- a/changelogs/fragments/39818-loop_control_task_vars.yaml
+++ b/changelogs/fragments/39818-loop_control_task_vars.yaml
@ -0,0 +1,2 @@
+bugfixes:
+  - loop_control - update template vars for loop_control fields on each loop iteration (https://github.com/ansible/ansible/pull/39818).
--- a/changelogs/fragments/40600-apt-mark-availability.yml
+++ b/changelogs/fragments/40600-apt-mark-availability.yml
@ -0,0 +1,2 @@
+bugfixes:
+- skip marking packages as manually installed when apt-mark is not available (https://github.com/ansible/ansible/pull/40600)
--- a/changelogs/fragments/40645-jenkins_plugin.yaml
+++ b/changelogs/fragments/40645-jenkins_plugin.yaml
@ -0,0 +1,2 @@
+bugfixes:
+- jenkins_plugin - fix plugin always updated even if already uptodate (https://github.com/ansible/ansible/pull/40645)
--- a/changelogs/fragments/41530-apt-mark-deb6.yaml
+++ b/changelogs/fragments/41530-apt-mark-deb6.yaml
@ -0,0 +1,2 @@
+bugfixes:
+  - apt - fix apt-mark on debian6 (https://github.com/ansible/ansible/pull/41530)
--- a/changelogs/fragments/43931-strip-trailing-comments.yml
+++ b/changelogs/fragments/43931-strip-trailing-comments.yml
@ -0,0 +1,2 @@
+bugfixes:
+  - user - Strip trailing comments in /etc/default/passwd (https://github.com/ansible/ansible/pull/43931)
--- a/changelogs/fragments/admin-users-default-change.yaml
+++ b/changelogs/fragments/admin-users-default-change.yaml
@ -0,0 +1,4 @@
+---
+bugfixes:
+  - Changed the admin_users config option to not include "admin" by default as
+    admin is frequently used for a non-privileged account  (https://github.com/ansible/ansible/pull/41164)
--- a/changelogs/fragments/adoc_keys.yml
+++ b/changelogs/fragments/adoc_keys.yml
@ -0,0 +1,2 @@
+bugfixes:
+    - allow ansible-doc to handle 'keywords' configuration entries https://github.com/ansible/ansible/pull/40620
--- a/changelogs/fragments/ansible-inv-export.yaml
+++ b/changelogs/fragments/ansible-inv-export.yaml
@ -0,0 +1,2 @@
+minor_changes:
+- ansible-inventory - now supports a ``--export`` option to preserve group_var data (https://github.com/ansible/ansible/pull/36188)
--- a/changelogs/fragments/ansible-managed-encoding.yaml
+++ b/changelogs/fragments/ansible-managed-encoding.yaml
@ -0,0 +1,5 @@
+---
+bugfixes:
+- template - Fix for encoding issues when a template path contains non-ascii
+  characters and using the template path in ansible_managed
+  (https://github.com/ansible/ansible/issues/27262)
--- a/changelogs/fragments/ansible_tower_credential.yaml
+++ b/changelogs/fragments/ansible_tower_credential.yaml
@ -0,0 +1,2 @@
+bugfixes:
+- tower_* modules - fix credentials to work with v1 and v2 of Ansible Tower API
--- a/changelogs/fragments/apt-fixes.yaml
+++ b/changelogs/fragments/apt-fixes.yaml
@ -0,0 +1,3 @@
+bugfixes:
+- apt - Auto install of python-apt without recommends (https://github.com/ansible/ansible/pull/37121)
+- apt - Mark installed packages manual (https://github.com/ansible/ansible/pull/37751)
--- a/changelogs/fragments/async_status_env.yaml
+++ b/changelogs/fragments/async_status_env.yaml
@ -0,0 +1,2 @@
+bugfixes:
+- async - Ensure that the implicit async_status gets the env from a task with async (https://github.com/ansible/ansible/pull/39764)
--- a/changelogs/fragments/avoid_cwd_vars.yml
+++ b/changelogs/fragments/avoid_cwd_vars.yml
@ -0,0 +1,2 @@
+bugfixes:
+    - '**Security Fix** - avoid loading host/group vars from cwd when not specifying a playbook or playbook base dir'
--- a/changelogs/fragments/avoid_ssh_retry_discolsures.yml
+++ b/changelogs/fragments/avoid_ssh_retry_discolsures.yml
@ -0,0 +1,2 @@
+bugfixes:
+    - now no log is being respected on retry and high verbosity. CVE-2018-16876
--- a/changelogs/fragments/aws_ec2_inventory_fallback_to_instance_role_credentials.yaml
+++ b/changelogs/fragments/aws_ec2_inventory_fallback_to_instance_role_credentials.yaml
@ -0,0 +1,3 @@
+---
+bugfixes:
+  - Fallback to instance role STS credentials if none are explicitly provided for the aws_ec2 inventory plugin
--- a/changelogs/fragments/aws_ec2_inventory_support_tag_value_hostnames.yaml
+++ b/changelogs/fragments/aws_ec2_inventory_support_tag_value_hostnames.yaml
@ -0,0 +1,3 @@
+---
+bugfixes:
+  - Support tag values as hostnames in aws_ec2 inventory plugin
--- a/changelogs/fragments/aws_lightsail_documentation_fix.yml
+++ b/changelogs/fragments/aws_lightsail_documentation_fix.yml
@ -0,0 +1,3 @@
+---
+bugfixes:
+- fix  example code for AWS lightsail documentation
--- a/changelogs/fragments/aws_s3_async_fix.yaml
+++ b/changelogs/fragments/aws_s3_async_fix.yaml
@ -0,0 +1,3 @@
+---
+bugfixes:
+- aws_s3 - add async support to the action plugin (https://github.com/ansible/ansible/pull/40826)
--- a/changelogs/fragments/aws_s3_decryption_fix.yaml
+++ b/changelogs/fragments/aws_s3_decryption_fix.yaml
@ -0,0 +1,3 @@
+---
+bugfixes:
+- aws_s3 - fix decrypting vault files (https://github.com/ansible/ansible/pull/39634)
--- a/changelogs/fragments/aws_s3_fix_uploading_src_on_target.yaml
+++ b/changelogs/fragments/aws_s3_fix_uploading_src_on_target.yaml
@ -0,0 +1,3 @@
+---
+bugfixes:
+  - Fix regression in aws_s3 to allow uploading files on the remote host to an S3 bucket
--- a/changelogs/fragments/azure_api_profiles.yaml
+++ b/changelogs/fragments/azure_api_profiles.yaml
@ -0,0 +1,2 @@
+bugfixes:
+- azure_rm modules - updated with internal changes to use API profiles and kwargs for future Azure Stack support and better stability between SDK updates. (https://github.com/ansible/ansible/pull/35538)
--- a/changelogs/fragments/azure_rm_image.yaml
+++ b/changelogs/fragments/azure_rm_image.yaml
@ -0,0 +1,2 @@
+bugfixes:
+- azure_rm_image - Allow Azure images to be created with tags, bug was introduced in Ansible v2.5.0
--- a/changelogs/fragments/azure_rm_networkinterface-fix-creation-ignore-nsg-name.yaml
+++ b/changelogs/fragments/azure_rm_networkinterface-fix-creation-ignore-nsg-name.yaml
@ -0,0 +1,2 @@
+bugfixes:
+- azure_rm_networkinterface - Network interface can attach an existing NSG or create a new NSG with specified name in Ansible v2.5.0.
--- a/changelogs/fragments/azure_rm_networkinterface-specify-no-public-ip.yaml
+++ b/changelogs/fragments/azure_rm_networkinterface-specify-no-public-ip.yaml
@ -0,0 +1,2 @@
+bugfixes:
+- azure_rm_networkinterface - fixed examples in module documentation and added fix to allow an IP configuration with no public IP (https://github.com/ansible/ansible/pull/36824)
--- a/changelogs/fragments/azure_rm_virtualmachine-docs-images.yaml
+++ b/changelogs/fragments/azure_rm_virtualmachine-docs-images.yaml
@ -0,0 +1,2 @@
+bugfixes:
+- azure_rm_virtualmachine - removed docs note that says on marketplace images can be used, custom images were added in 2.5
--- a/changelogs/fragments/basic_booleans_backward_compat.yaml
+++ b/changelogs/fragments/basic_booleans_backward_compat.yaml
@ -0,0 +1,3 @@
+---
+minor_changes:
+- Restore module_utils.basic.BOOLEANS variable for backwards compatibility with the module API in older ansible releases.
--- a/changelogs/fragments/block_parenting.yaml
+++ b/changelogs/fragments/block_parenting.yaml
@ -0,0 +1,2 @@
+bugfixes:
+- fixed memory bloat on nested includes by preventing blocks from self-parenting (https://github.com/ansible/ansible/pull/36075)
--- a/changelogs/fragments/cb_ignore.yml
+++ b/changelogs/fragments/cb_ignore.yml
@ -0,0 +1,2 @@
+bugfixes:
+    - dont require property for older callbacks to load https://github.com/ansible/ansible/pull/38281
--- a/changelogs/fragments/constructed_inventory_keyed_groups_and_configurable_separator.yaml
+++ b/changelogs/fragments/constructed_inventory_keyed_groups_and_configurable_separator.yaml
@ -0,0 +1,5 @@
+bugfixes:
+  - Improve keyed groups for complex inventory
+  - Made separator configurable
+  - Fixed some exception types
+  - Better error messages
--- a/changelogs/fragments/copy-files-default-follow.yaml
+++ b/changelogs/fragments/copy-files-default-follow.yaml
@ -0,0 +1,4 @@
+---
+bugfixes:
+- copy - fixed copy to only follow symlinks for files in the non-recursive case
+- file - fixed the default follow behaviour of file to be true
--- a/changelogs/fragments/copy-recursive-copy.yml
+++ b/changelogs/fragments/copy-recursive-copy.yml
@ -0,0 +1,3 @@
+---
+bugfixes:
+- copy module - fixed recursive copy with relative paths (https://github.com/ansible/ansible/pull/40166)
--- a/changelogs/fragments/dd-put-empty-files.yaml
+++ b/changelogs/fragments/dd-put-empty-files.yaml
@ -0,0 +1,7 @@
+bugfixes:
+- docker connection - Support empty files with copying to target (https://github.com/ansible/ansible/issues/36725)
+- chroot connection - Support empty files with copying to target (https://github.com/ansible/ansible/issues/36725)
+- jail connection - Support empty files with copying to target (https://github.com/ansible/ansible/issues/36725)
+- kubectl connection - Support empty files with copying to target (https://github.com/ansible/ansible/issues/36725)
+- libvirt_lxc connection - Support empty files with copying to target (https://github.com/ansible/ansible/issues/36725)
+- zone connection - Support empty files with copying to target (https://github.com/ansible/ansible/issues/36725)
--- a/changelogs/fragments/debug_fixes.yml
+++ b/changelogs/fragments/debug_fixes.yml
@ -0,0 +1,2 @@
+bugfixes:
+    - correct debug display for all cases https://github.com/ansible/ansible/pull/41331
--- a/changelogs/fragments/depreciate_aos.yaml
+++ b/changelogs/fragments/depreciate_aos.yaml
@ -0,0 +1,2 @@
+deprecated_features:
+  - Apstra's ``aos_*`` modules are deprecated as they do not work with AOS 2.1 or higher. See new modules at `https://github.com/apstra <https://github.com/apstra>`_.
--- a/changelogs/fragments/diff-callback-for-task.yml
+++ b/changelogs/fragments/diff-callback-for-task.yml
@ -0,0 +1,2 @@
+bugfixes:
+  - fix diff callback only being called when global diff option was set and not honoring task diff (https://github.com/ansible/ansible/issues/31129)
--- a/changelogs/fragments/disallow-relative-homedir.yaml
+++ b/changelogs/fragments/disallow-relative-homedir.yaml
@ -0,0 +1,3 @@
+bugfixes:
+- remote home directory - Disallow use of remote home directories that include
+  relative pathing by means of `..` (CVE-2019-3828) (https://github.com/ansible/ansible/pull/52133)
--- a/changelogs/fragments/display_fix.yaml
+++ b/changelogs/fragments/display_fix.yaml
@ -0,0 +1,2 @@
+bugfixes:
+- updated to ensure displayed messages under peristent connections are returned to the controller (https://github.com/ansible/ansible/pull/36064)
--- a/changelogs/fragments/doc_chnages_for_network_config_modules.yaml
+++ b/changelogs/fragments/doc_chnages_for_network_config_modules.yaml
@ -0,0 +1,2 @@
+bugfixes:
+- backup options doc change to reflect backup directory location in case playbook is run from a role
--- a/changelogs/fragments/doc_fix.yml
+++ b/changelogs/fragments/doc_fix.yml
@ -0,0 +1,2 @@
+bugfixes:
+  - minor doc fix https://github.com/ansible/ansible/pull/39111
--- a/changelogs/fragments/docker-api-update.yaml
+++ b/changelogs/fragments/docker-api-update.yaml
@ -0,0 +1,2 @@
+bugfixes:
+- docker_container, docker_image, docker_network modules - Update to work with Docker SDK 3.1
--- a/changelogs/fragments/docker_prevent_docker_and_docker_py.yaml
+++ b/changelogs/fragments/docker_prevent_docker_and_docker_py.yaml
@ -0,0 +1,2 @@
+bugfixes:
+- docker modules - Error with useful message is both docker and docker-py are found to both be installed (https://github.com/ansible/ansible/pull/38884)
--- a/changelogs/fragments/dont-overwrite-builtin-jinja2-filters-with-tests.yaml
+++ b/changelogs/fragments/dont-overwrite-builtin-jinja2-filters-with-tests.yaml
@ -0,0 +1,2 @@
+bugfixes:
+- filters - Don't overwrite builtin jinja2 filters with tests (https://github.com/ansible/ansible/pull/37881)
--- a/changelogs/fragments/dyanmic-include-copy-enhancements.yaml
+++ b/changelogs/fragments/dyanmic-include-copy-enhancements.yaml
@ -0,0 +1,2 @@
+bugfixes:
+- dynamic includes - Improved performance by fixing re-parenting on copy (https://github.com/ansible/ansible/pull/38747)
--- a/changelogs/fragments/ec2_ami_fix_block_device_mapping_volume_size_type.yaml
+++ b/changelogs/fragments/ec2_ami_fix_block_device_mapping_volume_size_type.yaml
@ -0,0 +1,3 @@
+---
+bugfixes:
+- ec2_ami - cast the device_mapping volume size to an int (https://github.com/ansible/ansible/pull/40938)
--- a/changelogs/fragments/ec2_asg_wait_for_lifecycle_hooks.yaml
+++ b/changelogs/fragments/ec2_asg_wait_for_lifecycle_hooks.yaml
@ -0,0 +1,2 @@
+bugfixes:
+- ec2_asg - wait for lifecycle hooks to complete (https://github.com/ansible/ansible/issues/37281)
--- a/changelogs/fragments/ec2_vpc_route_table_vpc_endpoint_fix.yaml
+++ b/changelogs/fragments/ec2_vpc_route_table_vpc_endpoint_fix.yaml
@ -0,0 +1,3 @@
+---
+bugfixes:
+  - ec2_vpc_route_table - fix regression by skipping routes without DestinationCidrBlock (https://github.com/ansible/ansible/pull/37010)
--- a/changelogs/fragments/ec2_vpc_subnet_waiters.yaml
+++ b/changelogs/fragments/ec2_vpc_subnet_waiters.yaml
@ -0,0 +1,6 @@
+---
+bugfixes:
+  - Use custom waiters
+  - Add integration tests for check mode
+  - Fix non-monotonic AWS behavior by waiting until attributes are the correct value before returning the subnet
+  - Don't use custom waiter configs for older versions of botocore
--- a/changelogs/fragments/edgeos-module-connection-warning.yml
+++ b/changelogs/fragments/edgeos-module-connection-warning.yml
@ -0,0 +1,2 @@
+bugfixes:
+  - edgeos modules - add note and warning that the modules require network_cli connection (https://github.com/ansible/ansible/issues/39499)
--- a/changelogs/fragments/edgeos_backup.yaml
+++ b/changelogs/fragments/edgeos_backup.yaml
@ -0,0 +1,2 @@
+bugfixes:
+  - edgeos_command - add action plugin to backup config (https://github.com/ansible/ansible/pull/37619)
--- a/changelogs/fragments/edgeos_config-set-delete.yaml
+++ b/changelogs/fragments/edgeos_config-set-delete.yaml
@ -0,0 +1,2 @@
+bugfixes:
+  - edgeos_config - check for a corresponding set command when issuing delete commands to ensure the desired state is met (https://github.com/ansible/ansible/issues/40437)
--- a/changelogs/fragments/edgeos_facts_empty_commit_history.yaml
+++ b/changelogs/fragments/edgeos_facts_empty_commit_history.yaml
@ -0,0 +1,2 @@
+bugfixes:
+  - edgeos_facts - fix error when there are no commit revisions (https://github.com/ansible/ansible/issues/37123)
--- a/changelogs/fragments/empty_host_pattern.yml
+++ b/changelogs/fragments/empty_host_pattern.yml
@ -0,0 +1,2 @@
+bugfixes:
+    - return empty list if host pattern is empty https://github.com/ansible/ansible/pull/37931
--- a/changelogs/fragments/encoding-docs-plugin-parsing.yaml
+++ b/changelogs/fragments/encoding-docs-plugin-parsing.yaml
@ -0,0 +1,3 @@
+---
+bugfixes:
+- Fix an encoding issue when parsing the examples from a plugins' documentation
--- a/changelogs/fragments/eos_cliconf_api_fix.yml
+++ b/changelogs/fragments/eos_cliconf_api_fix.yml
@ -0,0 +1,2 @@
+bugfixes:
+  - eos cliconf get_config() format type fix (https://github.com/ansible/ansible/pull/38682)
--- a/changelogs/fragments/eos_facts-failure.yml
+++ b/changelogs/fragments/eos_facts-failure.yml
@ -0,0 +1,4 @@
+---
+bugfixes:
+  - eos_facts - fix failure when lldp will be disabled 
+    (https://github.com/ansible/ansible/pull/42347)
--- a/changelogs/fragments/eos_l2_interface_fix_2.5.6.yaml
+++ b/changelogs/fragments/eos_l2_interface_fix_2.5.6.yaml
@ -0,0 +1,2 @@
+bugfixes:
+- eos_l2_interface - fix eapi (https://github.com/ansible/ansible/pull/42270)
--- a/changelogs/fragments/eos_logging_fix.yaml
+++ b/changelogs/fragments/eos_logging_fix.yaml
@ -0,0 +1,2 @@
+bugfixes:
+- eos_logging - fix idempotency issues (https://github.com/ansible/ansible/pull/40604)
--- a/changelogs/fragments/eos_module_utils_bugfix.yaml
+++ b/changelogs/fragments/eos_module_utils_bugfix.yaml
@ -0,0 +1,2 @@
+bugfixes:
+  - Fix misuse of self in module_utils/network/eos/eos.py (https://github.com/ansible/ansible/pull/39074)
--- a/changelogs/fragments/eos_vlan_interface_name_fix.yaml
+++ b/changelogs/fragments/eos_vlan_interface_name_fix.yaml
@ -0,0 +1,2 @@
+bugfixes:
+  - eos_vlan - Fix eos_vlan associated interface name check (https://github.com/ansible/ansible/pull/39661)
--- a/changelogs/fragments/eos_vlan_more_than_6_nics.yaml
+++ b/changelogs/fragments/eos_vlan_more_than_6_nics.yaml
@ -0,0 +1,2 @@
+bugfixes:
+  - eos_vlan - fixed eos_vlan not working when having more than 6 interfaces (https://github.com/ansible/ansible/pull/38347)
--- a/changelogs/fragments/eos_vrf_parsing_fix.yaml
+++ b/changelogs/fragments/eos_vrf_parsing_fix.yaml
@ -0,0 +1,2 @@
+bugfixes:
+  - eos_vrf and eos_eapi - fixed vrf parsing (https://github.com/ansible/ansible/pull/35791)
--- a/changelogs/fragments/facts_vmware_detection.yaml
+++ b/changelogs/fragments/facts_vmware_detection.yaml
@ -0,0 +1,2 @@
+minor_changes:
+- Return virtual_facts after VMware platform detection, otherwise we're falling back to 'NA' for virtualization type and virtualization role.
--- a/changelogs/fragments/file-nonexistent-link.yaml
+++ b/changelogs/fragments/file-nonexistent-link.yaml
@ -0,0 +1,5 @@
+---
+bugfixes:
+  - file module - Fix error when running a task which assures a symlink to
+    a nonexistent file exists for the second and subsequent times
+    (https://github.com/ansible/ansible/issues/39558)
--- a/changelogs/fragments/file-nonexitent-link-recurse.yaml
+++ b/changelogs/fragments/file-nonexitent-link-recurse.yaml
@ -0,0 +1,5 @@
+---
+bugfixes:
+  - file module - Fix error when recursively assigning permissions and
+    a symlink to a nonexistent file is present in the directory tree
+    (https://github.com/ansible/ansible/issues/39456)
--- a/changelogs/fragments/file-succeed-if-already-absent.yaml
+++ b/changelogs/fragments/file-succeed-if-already-absent.yaml
@ -0,0 +1,5 @@
+---
+bugfixes:
+- file - Eliminate an error if we're asked to remove a file but
+  something removes it while we are processing the request
+  (https://github.com/ansible/ansible/pull/39466)
--- a/changelogs/fragments/fix-os_router.yaml
+++ b/changelogs/fragments/fix-os_router.yaml
@ -0,0 +1,3 @@
+bugfixes:
+    - fix the enable_snat parameter that is only supposed to be used by an user
+      with the right policies. https://github.com/ansible/ansible/pull/44418
--- a/Show more
+++ b/Show more
				`@ -0,0 +1 @@`
				Per-version CHANGELOGS can be found `here <changelogs/>`_.