ansible/changelogs/CHANGELOG_legacy.rst
Matt Davis 6f62dd66bb convert CHANGELOG to per-major-ver and generated
* CHANGELOGs are now per-version
* CHANGELOGs are now RST format
* CHANGELOGs are now generated via reno from YAML fragments located in changelogs/fragements. This allows feature/bugfix changelog fragments to be cherry-picked alongside the code changes
* each version's CHANGELOG_vX.Y.rst is generatd at release-time and can be easily copied/cherry-picked into other branches
2018-02-15 23:06:39 -08:00

2341 lines
98 KiB
ReStructuredText

===============================================
Ansible Release Notes for Legacy Versions < 2.0
===============================================
1.9.7 "Dancing in the Street" - TBD
-----------------------------------
- Fix for lxc\_container backport which was broken because it tried to
use a feature from ansible-2.x
1.9.6 "Dancing in the Street" - Apr 15, 2016
--------------------------------------------
- Fix a regression in the loading of inventory variables where they
were not found when placed inside of an inventory directory.
- Fix lxc\_container having predictable temp file names. Addresses
CVE-2016-3096
1.9.5 "Dancing In the Street" - Mar 21, 2016
--------------------------------------------
- Compatibility fix with docker 1.8.
- Fix a bug with the crypttab module omitting certain characters from
the name of the device
- Fix bug with uri module not handling all binary files
- Fix bug with ini\_file not removing options set to an empty string
- Fix bug with script and raw modules not honoring parameters passed
via yaml dict syntax
- Fix bug with plugin loading finding the wrong modules because the
suffix checking was not ordered
- Fix bug in the literal\_eval module code used when we need python-2.4
compat
- Added --ignore-certs, -c option to ansible-galaxy. Allows
ansible-galaxy to work behind a proxy when the proxy fails to forward
server certificates.
- Fixed bug where tasks marked no\_log were showing hidden values in
output if ansible's --diff option was used.
- Fix bug with non-english locales in git and apt modules
- Compatibility fix for using state=absent with the pip ansible module
and pip-6.1.0+
- Backported support for ansible\_winrm\_server\_cert\_validation flag
to disable cert validation on Python 2.7.9+ (and support for other
passthru args to pywinrm transport).
- Backported various updates to user module (prevent accidental OS X
group membership removals, various checkmode fixes).
1.9.4 "Dancing In the Street" - Oct 9, 2015
-------------------------------------------
- Fixes a bug where yum state=latest would error if there were no
updates to install.
- Fixes a bug where yum state=latest did not work with wildcard package
names.
- Fixes a bug in lineinfile relating to escape sequences.
- Fixes a bug where vars\_prompt was not keeping passwords private by
default.
- Fix ansible-galaxy and the hipchat callback plugin to check that the
host it is contacting matches its TLS Certificate.
1.9.3 "Dancing In the Street" - Sep 3, 2015
-------------------------------------------
- Fixes a bug related to keyczar messing up encodings internally,
resulting in decrypted messages coming out as empty strings.
- AES Keys generated for use in accelerated mode are now 256-bit by
default instead of 128.
- Fix url fetching for SNI with python-2.7.9 or greater. SNI does not
work with python < 2.7.9. The best workaround is probably to use the
command module with curl or wget.
- Fix url fetching to allow tls-1.1 and tls-1.2 if the system's openssl
library supports those protocols
- Fix ec2\_ami\_search module to check TLS Certificates
- Fix the following extras modules to check TLS Certificates:
- campfire
- layman
- librarto\_annotate
- twilio
- typetalk
- Fix docker module's parsing of docker-py version for dev checkouts
- Fix docker module to work with docker server api 1.19
- Change yum module's state=latest feature to update all packages
specified in a single transaction. This is the same type of fix as
was made for yum's state=installed in 1.9.2 and both solves the same
problems and with the same caveats.
- Fixed a bug where stdout from a module might be blank when there were
were non-printable ASCII characters contained within it
1.9.2 "Dancing In the Street" - Jun 26, 2015
--------------------------------------------
- Security fixes to check that hostnames match certificates with https
urls (CVE-2015-3908)
- get\_url and uri modules
- url and etcd lookup plugins
- Security fixes to the zone (Solaris containers), jail (bsd
containers), and chroot connection plugins. These plugins can be used
to connect to their respective container types in leiu of the
standard ssh connection. Prior to this fix being applied these
connection plugins didn't properly handle symlinks within the
containers which could lead to files intended to be written to or
read from the container being written to or read from the host system
instead. (CVE pending)
- Fixed a bug in the service module where init scripts were being
incorrectly used instead of upstart/systemd.
- Fixed a bug where sudo/su settings were not inherited from
ansible.cfg correctly.
- Fixed a bug in the rds module where a traceback may occur due to an
unbound variable.
- Fixed a bug where certain remote file systems where the SELinux
context was not being properly set.
- Re-enabled several windows modules which had been partially merged
(via action plugins):
- win\_copy.ps1
- win\_copy.py
- win\_file.ps1
- win\_file.py
- win\_template.py
- Fix bug using with\_sequence and a count that is zero. Also allows
counting backwards isntead of forwards
- Fix get\_url module bug preventing use of custom ports with https
urls
- Fix bug disabling repositories in the yum module.
- Fix giving yum module a url to install a package from on RHEL/CENTOS5
- Fix bug in dnf module preventing it from working when yum-utils was
not already installed
1.9.1 "Dancing In the Street" - Apr 27, 2015
--------------------------------------------
- Fixed a bug related to Kerberos auth when using winrm with a domain
account.
- Fixing several bugs in the s3 module.
- Fixed a bug with upstart service detection in the service module.
- Fixed several bugs with the user module when used on OSX.
- Fixed unicode handling in some module situations (assert and
shell/command execution).
- Fixed a bug in redhat\_subscription when using the activationkey
parameter.
- Fixed a traceback in the gce module on EL6 distros when multiple
pycrypto installations are available.
- Added support for PostgreSQL 9.4 in rds\_param\_group
- Several other minor fixes.
1.9 "Dancing In the Street" - Mar 25, 2015
------------------------------------------
Major changes:
- Added kerberos support to winrm connection plugin.
- Tags rehaul: added 'all', 'always', 'untagged' and 'tagged' special
tags and normalized tag resolution. Added tag information to
--list-tasks and new --list-tags option.
- Privilege Escalation generalization, new 'Become' system and
variables now will handle existing and new methods. Sudo and su have
been kept for backwards compatibility. New methods pbrun and pfexec
in 'alpha' state, planned adding 'runas' for winrm connection plugin.
- Improved ssh connection error reporting, now you get back the
specific message from ssh.
- Added facility to document task module return values for registered
vars, both for ansible-doc and the docsite. Documented copy, stats
and acl modules, the rest must be updated individually (we will start
doing so incrementally).
- Optimize the plugin loader to cache available plugins much more
efficiently. For some use cases this can lead to dramatic
improvements in startup time.
- Overhaul of the checksum system, now supports more systems and more
cases more reliably and uniformly.
- Fix skipped tasks to not display their parameters if no\_log is
specified.
- Many fixes to unicode support, standarized functions to make it
easier to add to input/output boundaries.
- Added travis integration to github for basic tests, this should speed
up ticket triage and merging.
- environment: directive now can also be applied to play and is
inhertited by tasks, which can still override it.
- expanded facts and OS/distribution support for existing facts and
improved performance with pypy.
- new 'wantlist' option to lookups allows for selecting a list typed
variable vs a comma delimited string as the return.
- the shared module code for file backups now uses a timestamp
resolution of seconds (previously minutes).
- allow for empty inventories, this is now a warning and not an error
(for those using localhost and cloud modules).
- sped up YAML parsing in ansible by up to 25% by switching to CParser
loader.
New Modules:
- cryptab *-- manages linux encrypted block devices*
- gce\_img *-- for utilizing GCE image resources*
- gluster\_volume *-- manage glusterfs volumes*
- haproxy *-- for the load balancer of same name*
- known\_hosts *-- manages the ssh known\_hosts file*
- lxc\_container *-- manage lxc containers*
- patch *-- allows for patching files on target systems*
- pkg5 *-- installing and uninstalling packages on Solaris*
- pkg5\_publisher *-- manages Solaris pkg5 repository configuration*
- postgresql\_ext *-- manage postgresql extensions*
- snmp\_facts *-- gather facts via snmp*
- svc *-- manages daemontools based services*
- uptimerobot *-- manage monitoring with this service*
New Filters:
- ternary: allows for trueval/falseval assignment dependent on
conditional
- cartesian: returns the Cartesian product of 2 lists
- to\_uuid: given a string it will return an ansible domain specific
UUID
- checksum: uses the ansible internal checksum to return a hash from a
string
- hash: get a hash from a string (md5, sha1, etc)
- password\_hash: get a hash form as string that can be used as a
password in the user module (and others)
- A whole set of ip/network manipulation filters:
ipaddr,ipwrap,ipv4,ipv6ipsubnet,nthhost,hwaddr,macaddr
Other Notable Changes:
- New lookup plugins:
- dig: does dns resolution and returns IPs.
- url: allows pulling data from a url.
- New callback plugins:
- syslog\_json: allows logging play output to a syslog network server
using json format
- Many new enhancements to the amazon web service modules:
- ec2 now applies all specified security groups when creating a new
instance. Previously it was only applying one
- ec2\_vol gained the ability to specify the EBS volume type
- ec2\_vol can now detach volumes by specifying instance=None
- Fix ec2\_group to purge specific grants rather than whole rules
- Added tenancy support for the ec2 module
- rds module has gained the ability to manage tags and set charset and
public accessibility
- ec2\_snapshot module gained the capability to remove snapshots
- Add alias support for route53
- Add private\_zones support to route53
- ec2\_asg: Add wait\_for\_instances parameter that waits until an
instance is ready before ending the ansible task
- Many new docker improvements:
- restart\_policy parameters to configure when the container
automatically restarts
- If the docker client or server doesn't support an option, the task
will now fail instead of silently ignoring the option
- Add insecure\_registry parameter for connecting to registries via
http
- New parameter to set a container's domain name
- Undeprecated docker\_image module until there's replacement
functionality
- Allow setting the container's pid namespace
- Add a pull parameter that chooses when ansible will look for more
recent images in the registry
- docker module states have been greatly enhanced. The reworked and new
states are:
- present now creates but does not start containers
- restarted always restarts a container
- reloaded restarts a container if ansible detects that the
configuration is different than what is specified
- reloaded accounts for exposed ports, env vars, and volumes
- Can now connect to the docker server using TLS
- Several source control modules had force parameters that defaulted to
true. These have been changed to default to false so as not to
accidentally lose work. Playbooks that depended on the former
behaviour simply need to add force=True to the task that needs it.
Affected modules:
- bzr: When local modifications exist in a checkout, the bzr module
used to default to removing the modifications on any operation. Now
the module will not remove the modifications unless force=yes is
specified. Operations that depend on a clean working tree may fail
unless force=yes is added.
- git: When local modifications exist in a checkout, the git module
will now fail unless force is explicitly specified. Specifying
force=yes will allow the module to revert and overwrite local
modifications to make git actions succeed.
- hg: When local modifications exist in a checkout, the hg module used
to default to removing the modifications on any operation. Now the
module will not remove the modifications unless force=yes is
specified.
- subversion: When updating a checkout with local modifications, you
now need to add force=yes so the module will revert the modifications
before updating.
- New inventory scripts:
- vbox: virtualbox
- consul: use consul as an inventory source
- gce gained the ip\_forward parameter to forward ip packets
- disk\_auto\_delete parameter to gce that will remove the boot disk
after an instance is destroyed
- gce can now spawn instances with no external ip
- gce\_pd gained the ability to choose a disk type
- gce\_net gained target\_tags parameter for creating firewall rules
- rax module has new parameters for making use of a boot volume
- Add scheduler\_hints to the nova\_compute module for optional
parameters
- vsphere\_guest now supports deploying guests from a template
- Many fixes for hardlink and softlink handling in file-related modules
- Implement user, group, mode, and selinux parameters for the unarchive
module
- authorized\_keys can now use url as a key source
- authorized\_keys has a new exclusive parameter that determines if
keys that weren't specified in the task
- The selinux module now sets the current running state to permissive
if state='disabled'
- Can now set accounts to expire via the user module
- Overhaul of the service module to make code simpler and behave better
for systems running several popular init systems
- yum module now has a parameter to refresh its cache of package
metadata
- apt module gained a build\_dep parameter to install a package's build
dependencies
- Add parameters to the postgres modules to specify a unix socket to
connect to the db
- The mount module now supports bind mounts
- Add a clone parameter to git module that allows you to get
information about a remote repo even if it doesn't exist locally.
- Add a refspec argument to the git module that allows pulling commits
that aren't part of a branch
- Many documentation additions and fixes.
1.8.4 "You Really Got Me" - Feb 19, 2015
----------------------------------------
- Fixed regressions in ec2 and mount modules, introduced in 1.8.3
1.8.3 "You Really Got Me" - Feb 17, 2015
----------------------------------------
- Fixing a security bug related to the default permissions set on a
temporary file created when using "ansible-vault view ".
- Many bug fixes, for both core code and core modules.
1.8.2 "You Really Got Me" - Dec 04, 2014
----------------------------------------
- Various bug fixes for packaging issues related to modules.
- Various bug fixes for lookup plugins.
- Various bug fixes for some modules (continued cleanup of postgresql
issues, etc.).
- Add a clone parameter to git module that allows you to get
information about a remote repo even if it doesn't exist locally.
1.8.1 "You Really Got Me" - Nov 26, 2014
----------------------------------------
- Various bug fixes in postgresql and mysql modules.
- Fixed a bug related to lookup plugins used within roles not finding
files based on the relative paths to the roles files/ directory.
- Fixed a bug related to vars specified in plays being templated too
early, resulting in incorrect variable interpolation.
- Fixed a bug related to git submodules in bare repos.
1.8 "You Really Got Me" - Nov 25, 2014
--------------------------------------
Major changes:
- fact caching support, pluggable, initially supports Redis (DOCS
pending)
- 'serial' size in a rolling update can be specified as a percentage
- added new Jinja2 filters, 'min' and 'max' that take lists
- new 'ansible\_version' variable available contains a dictionary of
version info
- For ec2 dynamic inventory, ec2.ini can has various new configuration
options
- 'ansible vault view filename.yml' opens filename.yml decrypted in a
pager.
- no\_log parameter now surpressess data from callbacks/output as well
as syslog
- ansible-galaxy install -f requirements.yml allows advanced options
and installs from non-galaxy SCM sources and tarballs.
- command\_warnings feature will warn about when usage of the
shell/command module can be simplified to use core modules - this can
be enabled in ansible.cfg
- new omit value can be used to leave off a parameter when not set,
like so module\_name: a=1 b={{ c \| default(omit) }}, would not pass
value for b (not even an empty value) if c was not set.
- developers: 'baby JSON' in module responses, originally intended for
writing modules in bash, is removed as a feature to simplify logic,
script module remains available for running bash scripts.
- async jobs started in "fire & forget" mode can now be checked on at a
later time.
- added ability to subcategorize modules for docs.ansible.com
- added ability for shipped modules to have aliases with symlinks
- added ability to deprecate older modules by starting with "\_" and
including "deprecated: message why" in module docs
New Modules:
- cloud
- rax\_cdb *-- manages Rackspace Cloud Database instances*
- rax\_cdb\_database *-- manages Rackspace Cloud Databases*
- rax\_cdb\_user *-- manages Rackspace Cloud Database users*
- monitoring
- bigpanda *-- support for bigpanda*
- zabbix\_maintaince *-- handles outage windows with Zabbix*
- net\_infrastructure
- a10\_server *-- manages server objects on A10 devices*
- a10\_service\_group *-- manages service group objects on A10 devices*
- a10\_virtual\_server *-- manages virtual server objects on A10
devices*
- system
- getent *-- read getent databases*
Some other notable changes:
- added the ability to set "instance filters" in the ec2.ini to limit
results from the inventory plugin.
- upgrades for various variable precedence items and parsing related
items
- added a new "follow" parameter to the file and copy modules, which
allows actions to be taken on the target of a symlink rather than the
symlink itself.
- if a module should ever traceback, it will return a standard error,
catchable by ignore\_errors, versus an 'unreachable'
- ec2\_lc: added support for multiple new parameters like kernel\_id,
ramdisk\_id and ebs\_optimized.
- ec2\_elb\_lb: added support for the connection\_draining\_timeout and
cross\_az\_load\_balancing options.
- support for symbolic representations (ie. u+rw) for file permission
modes (file/copy/template modules etc.).
- docker: Added support for specifying the net type of the container.
- docker: support for specifying read-only volumes.
- docker: support for specifying the API version to use for the remote
connection.
- openstack modules: various improvements
- irc: ssl support for the notification module
- npm: fix flags passed to package installation
- windows: improved error handling
- setup: additional facts on System Z
- apt\_repository: certificate validation can be disabled if requested
- pagerduty module: misc improvements
- ec2\_lc: public\_ip boolean configurable in launch configurations
- ec2\_asg: fixes related to proper termination of an autoscaling group
- win\_setup: total memory fact correction
- ec2\_vol: ability to list existing volumes
- ec2: can set optimized flag
- various parser improvements
- produce a friendly error message if the SSH key is too permissive
- ec2\_ami\_search: support for SSD and IOPS provisioned EBS images
- can set ansible\_sudo\_exe as an inventory variable which allows
specifying a different sudo (or equivalent) command
- git module: Submodule handling has changed. Previously if you used
the ``recursive`` parameter to handle submodules, ansible would track
the submodule upstream's head revision. This has been changed to
checkout the version of the submodule specified in the superproject's
git repository. This is inline with what git submodule update does.
If you want the old behaviour use the new module parameter
track\_submodules=yes
- Checksumming of transferred files has been made more portable and now
uses the sha1 algorithm instead of md5 to be compatible with
FIPS-140.
- As a small side effect, the fetch module no longer returns a useful
value in remote\_md5. If you need a replacement, switch to using
remote\_checksum which returns the sha1sum of the remote file.
- ansible-doc CLI tool contains various improvements for working with
different terminals
And various other bug fixes and improvements ...
1.7.2 "Summer Nights" - Sep 24, 2014
------------------------------------
- Fixes a bug in accelerate mode which caused a traceback when trying
to use that connection method.
- Fixes a bug in vault where the password file option was not being
used correctly internally.
- Improved multi-line parsing when using YAML literal blocks (using >
or \|).
- Fixed a bug with the file module and the creation of relative
symlinks.
- Fixed a bug where checkmode was not being honoured during the
templating of files.
- Other various bug fixes.
1.7.1 "Summer Nights" - Aug 14, 2014
------------------------------------
- Security fix to disallow specifying 'args:' as a string, which could
allow the insertion of extra module parameters through variables.
- Performance enhancements related to previous security fixes, which
could cause slowness when modules returned very large JSON results.
This specifically impacted the unarchive module frequently, which
returns the details of all unarchived files in the result.
- Docker module bug fixes:
- Fixed support for specifying rw/ro bind modes for volumes
- Fixed support for allowing the tag in the image parameter
- Various other bug fixes
1.7 "Summer Nights" - Aug 06, 2014
----------------------------------
Major new features:
- Windows support (alpha) using native PowerShell remoting
- Tasks can now specify ``run_once: true``, meaning they will be
executed exactly once. This can be combined with delegate\_to to
trigger actions you want done just the one time versus for every host
in inventory.
New inventory scripts:
- SoftLayer
- Windows Azure
New Modules:
- cloud
- azure
- rax\_meta
- rax\_scaling\_group
- rax\_scaling\_policy
- windows
- *version of setup module*
- *version of slurp module*
- win\_feature
- win\_get\_url
- win\_group
- win\_msi
- win\_ping
- win\_service
- win\_user
Other notable changes:
- Security fixes
- Prevent the use of lookups when using legacy "{{ }}" syntax around
variables and with\_\* loops.
- Remove relative paths in TAR-archived file names used by
ansible-galaxy.
- Inventory speed improvements for very large inventories.
- Vault password files can now be executable, to support scripts that
fetch the vault password.
1.6.10 "And the Cradle Will Rock" - Jul 25, 2014
------------------------------------------------
- Fixes an issue with the copy module when copying a directory that
fails when changing file attributes and the target file already
exists
- Improved unicode handling when splitting args
1.6.9 "And the Cradle Will Rock" - Jul 24, 2014
-----------------------------------------------
- Further improvements to module parameter parsing to address
additional regressions caused by security fixes
1.6.8 "And the Cradle Will Rock" - Jul 22, 2014
-----------------------------------------------
- Corrects a regression in the way shell and command parameters were
being parsed
1.6.7 "And the Cradle Will Rock" - Jul 21, 2014
-----------------------------------------------
- Security fixes:
- Strip lookup calls out of inventory variables and clean unsafe data
returned from lookup plugins (CVE-2014-4966)
- Make sure vars don't insert extra parameters into module args and
prevent duplicate params from superseding previous params
(CVE-2014-4967)
1.6.6 "And the Cradle Will Rock" - Jul 01, 2014
-----------------------------------------------
- Security updates to further protect against the incorrect execution
of untrusted data
1.6.4, 1.6.5 "And the Cradle Will Rock" - Jun 25, 2014
------------------------------------------------------
- Security updates related to evaluation of untrusted remote inputs
1.6.3 "And the Cradle Will Rock" - Jun 09, 2014
-----------------------------------------------
- Corrects a regression where handlers were run across all hosts, not
just those that triggered the handler.
- Fixed a bug in which modules did not support properly moving a file
atomically when su was in use.
- Fixed two bugs related to symlinks with directories when using the
file module.
- Fixed a bug related to MySQL master replication syntax.
- Corrects a regression in the order of variable merging done by the
internal runner code.
- Various other minor bug fixes.
1.6.2 "And the Cradle Will Rock" - May 23, 2014
-----------------------------------------------
- If an improper locale is specified, core modules will now
automatically revert to using the 'C' locale.
- Modules using the fetch\_url utility will now obey proxy environment
variables.
- The SSL validation step in fetch\_url will likewise obey proxy
settings, however only proxies using the http protocol are supported.
- Fixed multiple bugs in docker module related to version changes
upstream.
- Fixed a bug in the ec2\_group module where egress rules were lost
when a VPC was specified.
- Fixed two bugs in the synchronize module:
- a trailing slash might be lost when calculating relative paths,
resulting in an incorrect destination.
- the sync might use the inventory directory incorrectly instead of the
playbook or role directory.
- Files will now only be chown'd on an atomic move if the src/dest
uid/gid do not match.
1.6.1 "And the Cradle Will Rock" - May 7, 2014
----------------------------------------------
- Fixed a bug in group\_by, where systems were being grouped
incorrectly.
- Fixed a bug where file descriptors may leak to a child process when
using accelerate.
- Fixed a bug in apt\_repository triggered when python-apt not being
installed/available.
- Fixed a bug in the apache2\_module module, where modules were not
being disabled correctly.
1.6 "And the Cradle Will Rock" - May 5, 2014
--------------------------------------------
Major features/changes:
- The deprecated legacy variable templating system has been finally
removed. Use {{ foo }} always not $foo or ${foo}.
- Any data file can also be JSON. Use sparingly -- with great power
comes great responsibility. Starting file with "{" or "[" denotes
JSON.
- Added 'gathering' param for ansible.cfg to change the default
gather\_facts policy.
- Accelerate improvements:
- multiple users can connect with different keys, when
``accelerate_multi_key = yes`` is specified in the ansible.cfg.
- daemon lifetime is now based on the time from the last activity, not
the time from the daemon's launch.
- ansible-playbook now accepts --force-handlers to run handlers even if
tasks result in failures.
- Added VMWare support with the vsphere\_guest module.
New Modules:
- files
- replace
- packaging
- apt\_rpm
- composer *(PHP)*
- cpanm *(Perl)*
- homebrew\_cask *(OS X)*
- homebrew\_tap *(OS X)*
- layman
- portage
- monitoring
- librato\_annotation
- logentries
- rollbar\_deployment
- notification
- nexmo *(SMS)*
- slack *(Slack.com)*
- sns *(Amazon)*
- twilio *(SMS)*
- typetalk *(Typetalk.in)*
- system
- alternatives
- capabilities
- debconf
- locale\_gen
- ufw
- net\_infrastructure
- bigip\_facts
- dnssimple
- lldp
- web\_infrastructure
- apache2\_module
- cloud
- digital\_ocean\_domain
- digital\_ocean\_sshkey
- ec2\_asg *(configure autoscaling groups)*
- ec2\_metric\_alarm
- ec2\_scaling\_policy
- rax\_identity
- rax\_cbs *(cloud block storage)*
- rax\_cbs\_attachments
- vsphere\_guest
Other notable changes:
- example callback plugin added for hipchat
- added example inventory plugin for vcenter/vsphere
- added example inventory plugin for doing really trivial inventory
from SSH config files
- libvirt module now supports destroyed and paused as states
- s3 module can specify metadata
- security token additions to ec2 modules
- setup module code moved into module\_utils/, facts now accessible by
other modules
- synchronize module sets relative dirs based on inventory or role path
- misc bugfixes and other parameters
- the ec2\_key module now has wait/wait\_timeout parameters
- added version\_compare filter (see docs)
- added ability for module documentation YAML to utilize shared module
snippets for common args
- apt module now accepts "deb" parameter to install local dpkg files
- regex\_replace filter plugin added
- added an inventory script for Docker
- added an inventory script for Abiquo
- the get\_url module now accepts url\_username and url\_password as
parameters, so sites which require authentication no longer need to
have them embedded in the url
- ... to be filled in from changelogs ...
1.5.5 "Love Walks In" - April 18, 2014
--------------------------------------
- Security fix for vault, to ensure the umask is set to a restrictive
mode before creating/editing vault files.
- Backported apt\_repository security fixes relating to filename/mode
upon sources list file creation.
1.5.4 "Love Walks In" - April 1, 2014
-------------------------------------
- Security fix for safe\_eval, which further hardens the checking of
the evaluation function.
- Changing order of variable precedence for system facts, to ensure
that inventory variables take precedence over any facts that may be
set on a host.
1.5.3 "Love Walks In" - March 13, 2014
--------------------------------------
- Fix validate\_certs and run\_command errors from previous release
- Fixes to the git module related to host key checking
1.5.2 "Love Walks In" - March 11, 2014
--------------------------------------
- Fix module errors in airbrake and apt from previous release
1.5.1 "Love Walks In" - March 10, 2014
--------------------------------------
- Force command action to not be executed by the shell unless
specifically enabled.
- Validate SSL certs accessed through urllib\*.
- Implement new default cipher class AES256 in ansible-vault.
- Misc bug fixes.
1.5 "Love Walks In" - February 28, 2014
---------------------------------------
Major features/changes:
- when\_foo which was previously deprecated is now removed, use "when:"
instead. Code generates appropriate error suggestion.
- include + with\_items which was previously deprecated is now removed,
ditto. Use with\_nested / with\_together, etc.
- only\_if, which is much older than when\_foo and was deprecated, is
similarly removed.
- ssh connection plugin is now more efficient if you add
'pipelining=True' in ansible.cfg under [ssh\_connection], see
example.cfg
- localhost/127.0.0.1 is not required to be in inventory if referenced,
if not in inventory, it does not implicitly appear in the 'all'
group.
- git module has new parameters (accept\_hostkey, key\_file, ssh\_opts)
to ease the usage of git and ssh protocols.
- when using accelerate mode, the daemon will now be restarted when
specifying a different remote\_user between plays.
- added no\_log: option for tasks. When used, no logging information
will be sent to syslog during the module execution.
- acl module now handles 'default' and allows for either shorthand
entry or specific fields per entry section
- play\_hosts is a new magic variable to provide a list of hosts in
scope for the current play.
- ec2 module now accepts 'exact\_count' and 'count\_tag' as a way to
enforce a running number of nodes by tags.
- all ec2 modules that work with Eucalyptus also now support a
'validate\_certs' option, which can be set to 'off' for installations
using self-signed certs.
- Start of new integration test infrastructure (WIP, more details TBD)
- if repoquery is unavailable, the yum module will automatically
attempt to install yum-utils
- ansible-vault: a framework for encrypting your playbooks and variable
files
- added support for privilege escalation via 'su' into bin/ansible and
bin/ansible-playbook and associated keywords 'su', 'su\_user',
'su\_pass' for tasks/plays
New modules:
- cloud
- docker\_image
- ec2\_elb\_lb
- ec2\_key
- ec2\_snapshot
- rax\_dns
- rax\_dns\_record
- rax\_files
- rax\_files\_objects
- rax\_keypair
- rax\_queue
- messaging
- rabbitmq\_policy
- system
- at
- utilities
- assert
Other notable changes (many new module params & bugfixes may not be
listed):
- no\_reboot is now defaulted to "no" in the ec2\_ami module to ensure
filesystem consistency in the resulting AMI.
- sysctl module overhauled
- authorized\_key module overhauled
- synchronized module now handles local transport better
- apt\_key module now ignores case on keys
- zypper\_repository now skips on check mode
- file module now responds to force behavior when dealing with
hardlinks
- new lookup plugin 'csvfile'
- fixes to allow hash\_merge behavior to work with dynamic inventory
- mysql module will use port argument on dump/import
- subversion module now ignores locale to better intercept status
messages
- rax api\_key argument is no longer logged
- backwards/forwards compatibility for OpenStack modules, 'quantum'
modules grok neutron renaming
- hosts properly uniqueified if appearing in redundant groups
- hostname module support added for ScientificLinux
- ansible-pull can now show live stdout and pass verbosity levels to
ansible-playbook
- ec2 instances can now be stopped or started
- additional volumes can be created when creating new ec2 instances
- user module can move a home directory
- significant enhancement and cleanup of rackspace modules
- ansible\_ssh\_private\_key\_file can be templated
- docker module updated to support docker-py 0.3.0
- various other bug fixes
- md5 logic improved during sudo operation
- support for ed25519 keys in authorized\_key module
- ability to set directory permissions during a recursive copy
(directory\_mode parameter)
1.4.5 "Could This Be Magic" - February 12, 2014
-----------------------------------------------
- fixed issue with permissions being incorrect on fireball/accelerate
keys when the umask setting was too loose.
1.4.4 "Could This Be Magic" - January 6, 2014
---------------------------------------------
- fixed a minor issue with newer versions of pip dropping the
"use-mirrors" parameter.
1.4.3 "Could This Be Magic" - December 20, 2013
-----------------------------------------------
- Fixed role\_path parsing from ansible.cfg
- Fixed default role templates
1.4.2 "Could This Be Magic" - December 18, 2013
-----------------------------------------------
- Fixed a few bugs related to unicode
- Fixed errors in the ssh connection method with large data returns
- Miscellaneous fixes for a few modules
- Add the ansible-galaxy command
1.4.1 "Could This Be Magic" - November 27, 2013
-----------------------------------------------
- Misc fixes to accelerate mode and various modules.
1.4 "Could This Be Magic" - November 21, 2013
---------------------------------------------
Highlighted new features:
- Added do-until feature, which can be used to retry a failed task a
specified number of times with a delay in-between the retries.
- Added failed\_when option for tasks, which can be used to specify
logical statements that make it easier to determine when a task has
failed, or to make it easier to ignore certain non-zero return codes
for some commands.
- Added the "subelement" lookup plugin, which allows iteration of the
keys of a dictionary or items in a list.
- Added the capability to use either paramiko or ssh for the initial
setup connection of an accelerated playbook.
- Automatically provide advice on common parser errors users encounter.
- Deprecation warnings are now shown for legacy features:
when\_integer/etc, only\_if, include+with\_items, etc. Can be
disabled in ansible.cfg
- The system will now provide helpful tips around possible YAML syntax
errors increasing ease of use for new users.
- warnings are now shown for using {{ foo }} in loops and conditionals,
and suggest leaving the variable expressions bare as per docs.
- The roles search path is now configurable in ansible.cfg.
'roles\_path' in the config setting.
- Includes with parameters can now be done like roles for consistency:
- { include: song.yml, year:1984, song:'jump' }
- The name of each role is now shown before each task if roles are
being used
- Adds a "var=" option to the debug module for debugging variable data.
"debug: var=hostvars['hostname']" and "debug: var=foo" are all valid
syntax.
- Variables in {{ format }} can be used as references even if they are
structured data
- Can force binding of accelerate to ipv6 ports.
- the apt module will auto-install python-apt if not present rather
than requiring a manual installation
- the copy module is now recursive if the local 'src' parameter is a
directory.
- syntax checks now scan included task and variable files as well as
main files
New modules and plugins.
- cloud
- docker *- instantiates/removes/manages docker containers*
- ec2\_eip *-- manage AWS elastic IPs*
- ec2\_vpc *-- manage ec2 virtual private clouds*
- elasticcache *-- Manages clusters in Amazon Elasticache*
- ovirt *-- VM lifecycle controls for ovirt*
- rax\_network *-- sets up Rackspace networks*
- rax\_facts *-- retrieve facts about a Rackspace Cloud Server*
- rax\_clb\_nodes *-- manage Rackspace cloud load balanced nodes*
- rax\_clb *-- manages Rackspace cloud load balancers*
- files
- acl *-- set or get acls on a file*
- synchronize *-- a useful wrapper around rsyncing trees of files*
- unarchive *-- pushes and extracts tarballs*
- system
- blacklist *-- add or remove modules from the kernel blacklist*
- firewalld *-- manage the firewalld configuration*
- hostname *-- sets the systems hostname*
- modprobe *-- manage kernel modules on systems that support
modprobe/rmmod*
- open\_iscsi *-- manage targets on an initiator using open-iscsi*
- utilities
- include\_vars *-- dynamically load variables based on conditions.*
- packaging
- swdepot *-- a module for working with swdepot*
- urpmi *-- work with urpmi packages*
- zypper\_repository *-- adds or removes Zypper repositories*
- notification
- grove *-- notifies to Grove hosted IRC channels*
- web\_infrastructure
- ejabberd\_user *-- add and remove users to ejabberd*
- jboss *-- deploys or undeploys apps to jboss*
- source\_control
- github\_hooks *-- manages GitHub service hooks*
- net\_infrastructure
- bigip\_monitor\_http *-- manages F5 BIG-IP LTM http monitors*
- bigip\_monitor\_tcp *-- manages F5 BIG-IP LTM TCP monitors*
- bigip\_node *-- manages F5 BIG-IP LTM nodes*
- bigip\_pool\_member *-- manages F5 BIG-IP LTM pool members*
- openvswitch\_port
- openvswitch\_bridge
Plugins:
- jail connection module (FreeBSD)
- lxc connection module
- added inventory script for listing FreeBSD jails
- added md5 as a Jinja2 filter: {{ path \| md5 }}
- added a fileglob filter that will return files matching a glob
pattern. with\_items: "/foo/pattern/\*.txt \| fileglob"
- 'changed' filter returns whether a previous step was changed easier.
when: registered\_result \| changed
- DOCS NEEDED: 'unique' and 'intersect' filters are added for dealing
with lists.
- DOCS NEEDED: new lookup plugin added for etcd
- a 'func' connection type to help people migrating from
func/certmaster.
Misc changes (all module additions/fixes may not listed):
- (docs pending) New features for accelerate mode: configurable
timeouts and a keepalives for long running tasks.
- Added a ``delimiter`` field to the assemble module.
- Added ``ansible_env`` to the list of facts returned by the setup
module.
- Added ``state=touch`` to the file module, which functions similarly
to the command-line version of ``touch``.
- Added a -vvvv level, which will show SSH client debugging information
in the event of a failure.
- Includes now support the more standard syntax, similar to that of
role includes and dependencies.
- Changed the ``user:`` parameter on plays to ``remote_user:`` to
prevent confusion with the module of the same name. Still backwards
compatible on play parameters.
- Added parameter to allow the fetch module to skip the md5 validation
step ('validate\_md5=false'). This is useful when fetching files that
are actively being written to, such as live log files.
- Inventory hosts are used in the order they appear in the inventory.
- in hosts: foo[2-5] type syntax, the iterators now are zero indexed
and the last index is non-inclusive, to match Python standards.
- There is now a way for a callback plugin to disable itself. See
osx\_say example code for an example.
- Many bugfixes to modules of all types.
- Complex arguments now can be used with async tasks
- SSH ControlPath is now configurable in ansible.cfg. There is a limit
to the lengths of these paths, see how to shorten them in
ansible.cfg.
- md5sum support on AIX with csum.
- Extremely large documentation refactor into subchapters
- Added 'append\_privs' option to the mysql\_user module
- Can now update (temporarily change) host variables using the
"add\_host" module for existing hosts.
- Fixes for IPv6 addresses in inventory text files
- name of executable can be passed to pip/gem etc, for installing under
*different* interpreters
- copy of ./hacking/env-setup added for fish users,
./hacking/env-setup.fish
- file module more tolerant of non-absolute paths in softlinks.
- miscellaneous fixes/upgrades to async polling logic.
- conditions on roles now pass to dependent roles
- ansible\_sudo\_pass can be set in a host variable if desired
- misc fixes for the pip an easy\_install modules
- support for running handlers that have parameterized names based on
role parameters
- added support for compressing MySQL dumps and extracting during
import
- Boto version compatibility fixes for the EC2 inventory script
- in the EC2 inventory script, a group 'EC2' and 'RDS' contains EC2 and
RDS hosts.
- umask is enforced by the cron module
- apt packages that are not-removed and not-upgraded do not count as
changes
- the assemble module can now use src files from the local server and
copy them over dynamically
- authorization code has been standardized between Amazon cloud modules
- the wait\_for module can now also wait for files to exist or a regex
string to exist in a file
- leading ranges are now allowed in ranged hostname patterns, ex:
[000-250].example.com
- pager support added to ansible-doc (so it will auto-invoke less, etc)
- misc fixes to the cron module
- get\_url module now understands content-disposition headers for
deciding filenames
- it is possible to have subdirectories in between group\_vars/ and
host\_vars/ and the final filename, like host\_vars/rack42/asdf for
the variables for host 'asdf'. The intermediate directories are
ignored, and do not put a file in there twice.
1.3.4 "Top of the World" (reprise) - October 29, 2013
-----------------------------------------------------
- Fixed a bug in the copy module, where a filename containing the
string "raw" was handled incorrectly
- Fixed a bug in accelerate mode, where copying a zero-length file out
would fail
1.3.3 "Top of the World" (reprise) - October 9, 2013
----------------------------------------------------
Additional fixes for accelerate mode.
1.3.2 "Top of the World" (reprise) - September 19th, 2013
---------------------------------------------------------
Multiple accelerate mode fixes:
- Make packet reception less greedy, so multiple frames of data are not
consumed by one call.
- Adding two timeout values (one for connection and one for data
reception timeout).
- Added keepalive packets, so async mode is no longer required for
long-running tasks.
- Modified accelerate daemon to use the verbose logging level of the
ansible command that started it.
- Fixed bug where accelerate would not work in check-mode.
- Added a -vvvv level, which will show SSH client debugging information
in the event of a failure.
- Fixed bug in apt\_repository module where the repository cache was
not being updated.
- Fixed bug where "too many open files" errors would be encountered due
to pseudo TTY's not being closed properly.
1.3.1 "Top of the World" (reprise) - September 16th, 2013
---------------------------------------------------------
Fixing a bug in accelerate mode whereby the gather\_facts step would
always be run via sudo regardless of the play settings.
1.3 "Top of the World" - September 13th, 2013
---------------------------------------------
Highlighted new features:
- accelerated mode: An enhanced fireball mode that requires zero
bootstrapping and fewer requirements plus adds capabilities like sudo
commands.
- role defaults: Allows roles to define a set of variables at the
lowest priority. These variables can be overridden by any other
variable.
- new /etc/ansible/facts.d allows JSON or INI-style facts to be
provided from the remote node, and supports executable fact programs
in this dir. Files must end in \*.fact.
- added the ability to make undefined template variables raise errors
(see ansible.cfg)
- (DOCS PENDING) sudo: True/False and sudo\_user: True/False can be set
at include and role level
- added changed\_when: (expression) which allows overriding whether a
result is changed or not and can work with registered expressions
- --extra-vars can now take a file as input, e.g., "-e @filename" and
can also be formatted as YAML
- external inventory scripts may now return host variables in one pass,
which allows them to be much more efficient for large numbers of
hosts
- if --forks exceeds the numbers of hosts, it will be automatically
reduced. Set forks to 0 and you get "as many forks as I have hosts"
out of the box.
- enabled error\_on\_undefined\_vars by default, which will make errors
in playbooks more obvious
- role dependencies -- one role can now pull in another, with
parameters of its own.
- added the ability to have tasks execute even during a check run
(always\_run).
- added the ability to set the maximum failure percentage for a group
of hosts.
New modules:
- notifications
- datadog\_event *-- send data to datadog*
- cloud
- digital\_ocean *-- module for DigitalOcean provisioning that also
includes inventory support*
- rds *-- Amazon Relational Database Service*
- linode *-- modules for Linode provisioning that also includes
inventory support*
- route53 *-- manage Amazon DNS entries*
- ec2\_ami *-- manages (and creates!) ec2 AMIs*
- database
- mysql\_replication *-- manages mysql replication settings for
masters/slaves*
- mysql\_variables *-- manages mysql runtime variables*
- redis *-- manages redis databases (slave mode and flushing data)*
- net\_infrastructure
- arista\_interface
- arista\_l2interface
- arista\_lag
- arista\_vlan
- dnsmadeeasy *-- manipulate DNS Made Easy records*
- system
- stat *-- reports on stat(istics) of remote files, for use with
'register'*
- web\_infrastructure
- htpasswd *-- manipulate htpasswd files*
- packaging
- apt\_repository *-- rewritten to remove dependencies*
- rpm\_key *-- adds or removes RPM signing keys*
- monitoring
- boundary\_meter *-- adds or removes boundary.com meters*
- files
- xattr *-- manages extended attributes on files*
Misc changes:
- return 3 when there are hosts that were unreachable during a run
- the yum module now supports wildcard values for the enablerepo
argument
- added an inventory script to pull host information from Zabbix
- async mode no longer allows with\_\* lookup plugins due to
incompatibilities
- Added OpenRC support (Gentoo) to the service module
- ansible\_ssh\_user value is available to templates
- added placement\_group parameter to ec2 module
- new sha256sum parameter added to get\_url module for checksum
validation
- search for mount binaries in system path and sbin vs assuming path
- allowed inventory file to be read from a pipe
- added Solaris distribution facts
- fixed bug along error path in quantum\_network module
- user password update mode is controllable in user module now (at
creation vs. every time)
- added check mode support to the OpenBSD package module
- Fix for MySQL 5.6 compatibility
- HP UX virtualization facts
- fixed some executable bits in git
- made rhn\_register module compatible with EL5
- fix for setup module epoch time on Solaris
- sudo\_user is now expanded later, allowing it to be set at inventory
scope
- mongodb\_user module changed to also support MongoDB 2.2
- new state=hard option added to the file module for hardlinks vs
softlinks
- fixes to apt module purging option behavior
- fixes for device facts with multiple PCI domains
- added "with\_inventory\_hostnames" lookup plugin, which can take a
pattern and loop over hostnames matching the pattern and is great for
use with delegate\_to and so on
- ec2 module supports adding to multiple security groups
- cloudformation module includes fixes for the error path, and the
'wait\_for' parameter was removed
- added --only-if-changed to ansible-pull, which runs only if the repo
has changes (not default)
- added 'mandatory', a Jinja2 filter that checks if a variable is
defined: {{ foo\|mandatory }}
- added support for multiple size formats to the lvol module
- timing reporting on wait\_for module now includes the delay time
- IRC module can now send a server password
- "~" now expanded on each component of configured plugin paths
- fix for easy\_install module when dealing with virtualenv
- rackspace module now explicitly indicates rackspace vs vanilla
openstack
- add\_host module does not report changed=True any longer
- explanatory error message when using fireball with sudo has been
improved
- git module now automatically pulls down git submodules
- negated patterns do not require "all:!foo", you can just say "!foo"
now to select all not foos
- fix for Debian services always reporting changed when toggling
enablement bit
- roles files now tolerate files named 'main.yaml' and 'main' in
addition to main.yml
- some help cleanup to command line flags on scripts
- force option reinstated for file module so it can create symlinks to
non-existent files, etc.
- added termination support to ec2 module
- --ask-sudo-pass or --sudo-user does not enable all options to use
sudo in ansible-playbook
- include/role conditionals are added ahead of task conditionals so
they can short circuit properly
- added pipes.quote in various places so paths with spaces are better
tolerated
- error handling while executing Jinja2 filters has been improved
- upgrades to atomic replacement logic when copying files across
partitions/etc
- mysql user module can try to login before requiring explicit password
- various additional options added to supervisorctl module
- only add non unique parameter on group creation when required
- allow rabbitmq\_plugin to specify a non-standard RabbitMQ path
- authentication fixes to keystone\_user module
- added IAM role support to EC2 module
- fixes for OpenBSD package module to avoid shell expansion
- git module upgrades to allow --depth and --version to be used
together
- new lookup plugin, "with\_flattened"
- extra vars (-e) variables can be used in playbook include paths
- improved reporting for invalid sudo passwords
- improved reporting for inability to find a suitable tmp location
- require libselinux-python to perform file operations if SELinux is
operational
- ZFS module fixes for byte display constants and handling paths with
spaces
- setup module more tolerant of gathering facts against things it does
not have permission to read
- can specify name=\* state=latest to update all yum modules
- major speedups to the yum module for default cases
- ec2\_facts module will now run in check mode
- sleep option on service module for sleeping between stop/restart
- fix for IPv6 facts on BSD
- added Jinja2 filters: skipped, whether a result was skipped
- added Jinja2 filters: quote, quotes a string if it needs to be quoted
- allow force=yes to affect apt upgrades
- fix for saving conditionals in variable names
- support for multiple host ranges in INI inventory, e.g.,
db[01:10:3]node-[01:10]
- fixes/improvements to cron module
- add user\_install=no option to gem module to install gems system wide
- added raw=yes to allow copying without python on remote machines
- added with\_indexed\_items lookup plugin
- Linode inventory plugin now significantly faster
- added recurse=yes parameter to pacman module for package removal
- apt\_key module can now target specific keyrings (keyring=filename)
- ec2 module change reporting improved
- hg module now expands user paths (~)
- SSH connection type known host checking now can process hashed
known\_host files
- lvg module now checks for executables in more correct locations
- copy module now works correctly with sudo\_user
- region parameter added to ec2\_elb module
- better default XMPP module message types
- fixed conditional tests against raw booleans
- mysql module grant removal is now smarter
- apt-remove is now forced to be non-interactive
- support ; comments in INI file module
- fixes to callbacks WRT async output (fire and forget tasks now
trigger callbacks!)
- folder support for s3 module
- added new example inventory plugin for Red Hat OpenShift
- and other misc. bugfixes
1.2.3 "Hear About It Later" (reprise) -- Aug 21, 2013
-----------------------------------------------------
- Local security fixes for predictable file locations for
ControlPersist and retry file paths on shared machines on operating
systems without kernel symlink/hardlink protections.
1.2.2 "Hear About It Later" (reprise) -- July 4, 2013
-----------------------------------------------------
- Added a configuration file option [paramiko\_connection]
record\_host\_keys which allows the code that paramiko uses to update
known\_hosts to be disabled. This is done because paramiko can be
very slow at doing this if you have a large number of hosts and some
folks may not want this behavior. This can be toggled independently
of host key checking and does not affect the ssh transport plugin.
Use of the ssh transport plugin is preferred if you have
ControlPersist capability, and Ansible by default in 1.2.1 and later
will autodetect.
1.2.1 "Hear About It Later" -- July 4, 2013
-------------------------------------------
- Connection default is now "smart", which discovers if the system
openssh can support ControlPersist, and uses it if so, if not falls
back to paramiko.
- Host key checking is on by default. Disable it if you like by adding
host\_key\_checking=False in the [default] section of
/etc/ansible/ansible.cfg or ~/ansible.cfg or by exporting
ANSIBLE\_HOST\_KEY\_CHECKING=False
- Paramiko now records host keys it was in contact with host key
checking is on. It is somewhat sluggish when doing this, so switch to
the 'ssh' transport if this concerns you.
1.2 "Right Now" -- June 10, 2013
--------------------------------
Core Features:
- capability to set 'all\_errors\_fatal: True' in a playbook to force
any error to stop execution versus a whole group or serial block
needing to fail usable, without breaking the ability to override in
ansible
- ability to use variables from {{ }} syntax in mainline playbooks, new
'when' conditional, as detailed in documentation. Can disable old
style replacements in ansible.cfg if so desired, but are still active
by default.
- can set ansible\_ssh\_private\_key\_file as an inventory variable
(similar to ansible\_ssh\_host, etc)
- 'when' statement can be affixed to task includes to auto-affix the
conditional to each task therein
- cosmetic: "\*\*\*\*\*" banners in ansible-playbook output are now
constant width
- --limit can now be given a filename (--limit @filename) to constrain
a run to a host list on disk
- failed playbook runs will create a retry file in /var/tmp/ansible
usable with --limit
- roles allow easy arrangement of reusable
tasks/handlers/files/templates
- pre\_tasks and post\_tasks allow for separating tasks into blocks
where handlers will fire around them automatically
- "meta: flush\_handler" task capability added for when you really need
to force handlers to run
- new --start-at-task option to ansible playbook allows starting at a
specific task name in a long playbook
- added a log file for ansible/ansible-playbook, set 'log\_path' in the
configuration file or ANSIBLE\_LOG\_PATH in environment
- debug mode always outputs debug in playbooks, without needing to
specify -v
- external inventory script added for Spacewalk / Red Hat Satellite
servers
- It is now possible to feed JSON structures to --extra-vars. Pass in a
JSON dictionary/hash to feed in complex data.
- group\_vars/ and host\_vars/ directories can now be kept alongside
the playbook as well as inventory (or both!)
- more filters: ability to say {{ foo\|success }} and {{ foo\|failed }}
and when: foo\|success and when: foo\|failed
- more filters: {{ path\|basename }} and {{ path\|dirname }}
- lookup plugins now use the basedir of the file they have included
from, avoiding needs of ../../../ in places and increasing the ease
at which things can be reorganized.
Modules added:
- cloud
- rax *-- module for creating instances in the rackspace cloud (uses
pyrax)*
- packages
- npm *-- node.js package management*
- pkgng *-- next-gen package manager for FreeBSD*
- redhat\_subscription *-- manage Red Hat subscription usage*
- rhn\_register *-- basic RHN registration*
- zypper *(SuSE)*
- database
- postgresql\_priv *-- manages postgresql privileges*
- networking
- bigip\_pool *-- load balancing with F5s*
- ec2\_elb *-- add and remove machines from ec2 elastic load balancers*
- notification
- hipchat *-- send notification events to hipchat*
- flowdock *-- send messages to flowdock during playbook runs*
- campfire *-- send messages to campfire during playbook runs*
- mqtt *-- send messages to the Mosquitto message bus*
- irc *-- send messages to IRC channels*
- filesystem *-- a wrapper around mkfs*
- jabber *-- send jabber chat messages*
- osx\_say *-- make OS X say things out loud*
- openstack
- glance\_image
- nova\_compute
- nova\_keypair
- keystone\_user
- quantum\_floating\_ip
- quantum\_floating\_ip\_associate
- quantum\_network
- quantum\_router
- quantum\_router\_gateway
- quantum\_router\_interface
- quantum\_subnet
- monitoring
- airbrake\_deployment *-- notify airbrake of new deployments*
- monit
- newrelic\_deployment *-- notifies newrelic of new deployments*
- pagerduty
- pingdom
- utility
- set\_fact *-- sets a variable, which can be the result of a template
evaluation*
Modules removed
- vagrant -- can't be compatible with both versions at once, just run
things though the vagrant provisioner in vagrant core
Bugfixes and Misc Changes:
- service module happier if only enabled=yes\|no specified and no state
- mysql\_db: use --password= instead of -p in dump/import so it doesn't
go interactive if no pass set
- when using -c ssh and the ansible user is the current user, don't
pass a -o to allow SSH config to be
- overwrite parameter added to the s3 module
- private\_ip parameter added to the ec2 module
- $FILE and $PIPE now tolerate unicode
- various plugin loading operations have been made more efficient
- hostname now uses platform.node versus socket.gethostname to be more
consistent with Unix 'hostname'
- fix for SELinux operations on Unicode path names
- inventory directory locations now ignore files with .ini extensions,
making hybrid inventory easier
- copy module in check-mode now reports back correct changed status
when used with force=no
- added avail. zone to ec2 module
- fixes to the hash variable merging logic if so enabled in the main
settings file (default is to replace, not merge hashes)
- group\_vars and host\_vars files can now end in a .yaml or .yml
extension, (previously required no extension, still favored)
- ec2vol module improvements
- if the user module is told to generate the ssh key, the key generated
is now returned in the results
- misc fixes to the Riak module
- make template module slightly more efficient
- base64encode / decode filters are now available to templates
- libvirt module can now work with multiple different libvirt
connection URIs
- fix for postgresql password escaping
- unicode fix for shlex.split in some cases
- apt module upgrade logic improved
- URI module now can follow redirects
- yum module can now install off http URLs
- sudo password now defaults to ssh password if you ask for both and
just hit enter on the second prompt
- validate feature on copy and template module, for example, running
visudo prior to copying the file over
- network facts upgraded to return advanced configs (bonding, etc)
- region support added to ec2 module
- riak module gets a wait for ring option
- improved check mode support in the file module
- exception handling added to handle scenario when attempt to log to
systemd journal fails
- fix for upstart handling when toggling the enablement and running
bits at the same time
- when registering a task with a conditional attached, and the task is
skipped by the conditional, the variable is still registered for the
host, with the attribute skipped: True.
- delegate\_to tasks can look up ansible\_ssh\_private\_key\_file
variable from inventory correctly now
- s3 module takes a 'dest' parameter to change the destination for
uploads
- apt module gets a cache\_valid\_time option to avoid redundant cache
updates
- ec2 module better understands security groups
- fix for postgresql codec usage
- setup module now tolerant of OpenVZ interfaces
- check mode reporting improved for files and directories
- doc system now reports on module requirements
- group\_by module can now also make use of globally scoped variables
- localhost and 127.0.0.1 are now fuzzy matched in inventory (are now
more or less interchangeable)
- AIX improvements/fixes for users, groups, facts
- lineinfile now does atomic file replacements
- fix to not pass PasswordAuthentication=no in the config file
unnecessarily for SSH connection type
- for authorized\_key on Debian Squeeze
- fixes for apt\_repository module reporting changed incorrectly on
certain repository types
- allow the virtualenv argument to the pip module to be a pathname
- service pattern argument now correctly read for BSD services
- fetch location can now be controlled more directly via the 'flat'
parameter.
- added basename and dirname as Jinja2 filters available to all
templates
- pip works better when sudoing from unprivileged users
- fix for user creation with groups specification reporting 'changed'
incorrectly in some cases
- fix for some unicode encoding errors in outputting some data in
verbose mode
- improved FreeBSD, NetBSD and Solaris facts
- debug module always outputs data without having to specify -v
- fix for sysctl module creating new keys (must specify checks=none)
- NetBSD and OpenBSD support for the user and groups modules
- Add encrypted password support to password lookup
1.1 "Mean Street" -- 4/2/2013
-----------------------------
Core Features
- added --check option for "dry run" mode
- added --diff option to show how templates or copied files change, or
might change
- --list-tasks for the playbook will list the tasks without running
them
- able to set the environment by setting "environment:" as a dictionary
on any task (go proxy support!)
- added ansible\_ssh\_user and ansible\_ssh\_pass for per-host/group
username and password
- jinja2 extensions can now be loaded from the config file
- support for complex arguments to modules (within reason)
- can specify ansible\_connection=X to define the connection type in
inventory variables
- a new chroot connection type
- module common code now has basic type checking (and casting)
capability
- module common now supports a 'no\_log' attribute to mark a field as
not to be syslogged
- inventory can now point to a directory containing multiple
scripts/hosts files, if using this, put group\_vars/host\_vars
directories inside this directory
- added configurable crypt scheme for 'vars\_prompt'
- password generating lookup plugin -- $PASSWORD(path/to/save/data/in)
- added --step option to ansible-playbook, works just like Linux
interactive startup!
Modules Added:
- bzr *(bazaar version control)*
- cloudformation
- django-manage
- gem *(ruby gems)*
- homebrew
- lvg *(logical volume groups)*
- lvol *(LVM logical volumes)*
- macports
- mongodb\_user
- netscaler
- okg
- openbsd\_pkg
- rabbit\_mq\_parameter
- rabbit\_mq\_plugin
- rabbit\_mq\_user
- rabbit\_mq\_vhost
- rhn\_channel
- s3 *-- allows putting file contents in buckets for sharing over s3*
- uri module *-- can get/put/post/etc*
- vagrant *-- launching VMs with vagrant, this is different from
existing vagrant plugin*
- zfs
Bugfixes and Misc Changes:
- stderr shown when commands fail to parse
- uses yaml.safe\_dump in filter plugins
- authentication Q&A no longer happens before --syntax-check, but after
- ability to get hostvars data for nodes not in the setup cache yet
- SSH timeout now correctly passed to native SSH connection plugin
- raise an error when multiple when\_ statements are provided
- --list-hosts applies host limit selections better
- (internals) template engine specifications to use template\_ds
everywhere
- better error message when your host file can not be found
- end of line comments now work in the inventory file
- directory destinations now work better with remote md5 code
- lookup plugin macros like $FILE and $ENV now work without returning
arrays in variable definitions/playbooks
- uses yaml.safe\_load everywhere
- able to add EXAMPLES to documentation via EXAMPLES docstring, rather
than just in main documentation YAML
- can set ANSIBLE\_COW\_SELECTION to pick other cowsay types (including
random)
- to\_nice\_yaml and to\_nice\_json available as Jinja2 filters that
indent and sort
- cowsay able to run out of macports (very important!)
- improved logging for fireball mode
- nicer error message when talking to an older system that needs a JSON
module installed
- 'magic' variable 'inventory\_dir' now gives path to inventory file
- 'magic' variable 'vars' works like 'hostvars' but gives global scope
variables, useful for debugging in templates mostly
- conditionals can be used on plugins like add\_host
- developers: all callbacks now have access to a ".runner" and
".playbook", ".play", and ".task" object (use getattr, they may not
always be set!)
Facts:
- block device facts for the setup module
- facts for AIX
- fact detection for OS type on Amazon Linux
- device fact gathering stability improvements
- ansible\_os\_family fact added
- user\_id (remote user name)
- a whole series of current time information under the 'datetime' hash
- more OS X facts
- support for detecting Alpine Linux
- added facts for OpenBSD
Module Changes/Fixes:
- ansible module common code (and ONLY that) which is mixed in with
modules, is now BSD licensed. App remains GPLv3.
- service code works better on platforms that mix upstart, systemd, and
system-v
- service enablement idempotence fixes for systemd and upstart
- service status 4 is also 'not running'
- supervisorctl restart fix
- increased error handling for ec2 module
- can recursively set permissions on directories
- ec2: change to the way AMI tags are handled
- cron module can now also manipulate cron.d files
- virtualenv module can now inherit system site packages (or not)
- lineinfile module now has an insertbefore option
- NetBSD service module support
- fixes to sysctl module where item has multiple values
- AIX support for the user and group modules
- able to specify a different hg repo to pull from than the original
set
- add\_host module can set ports and other inventory variables
- add\_host module can add modules to multiple groups (groups=a,b,c),
groups now alias for groupname
- subnet ID can be set on EC2 module
- MySQL module password handling improvements
- added new virtualenv flags to pip and easy\_install modules
- various improvements to lineinfile module, now accepts common
arguments from file
- force= now replaces thirsty where used before, thirsty remains an
alias
- setup module can take a 'filter=' parameter to just return a few
facts (not used by playbooks)
- cron module works even if no crontab is present (for cron.d)
- security group ID settable on EC2 module
- misc fixes to sysctl module
- fix to apt module so packages not in cache are still removable
- charset fix to mail module
- postresql db module now does not try to create the 'PUBLIC' user
- SVN module now works correctly with self signed certs
- apt module now has an upgrade parameter (values=yes, no, or 'dist')
- nagios module gets new silence/unsilence commands
- ability to disable proxy usage in get\_url (use\_proxy=no)
- more OS X facts
- added a 'fail\_on\_missing' (default no) option to fetch
- added timeout to the uri module (default 30 seconds, adjustable)
- ec2 now has a 'wait' parameter to wait for the instance to be active,
eliminates need for separate wait\_for call.
- allow regex backreferences in lineinfile
- id attribute on ec2 module can be used to set
idempotent-do-not-recreate launches
- icinga support for nagios module
- fix default logins when no my.conf for MySQL module
- option to create users with non-unique UIDs (user module)
- macports module can enable/disable packages
- quotes in my.cnf are stripped by the MySQL modules
- Solaris Service management added
- service module will attempt to auto-add unmanaged chkconfig services
when needed
- service module supports systemd service unit files
Plugins:
- added 'with\_random\_choice' filter plugin
- fixed ~ expansion for fileglob
- with\_nested allows for nested loops (see examples in
examples/playbooks)
1.0 "Eruption" -- Feb 1 2013
----------------------------
New modules:
- apt\_key
- ec2\_facts
- hg *(now in core)*
- pacman *(Arch linux)*
- pkgin *(Joyent SmartOS)*
- sysctl
New config settings:
- sudo\_exe parameter can be set in config to use sudo alternatives
- sudo\_flags parameter can alter the flags used with sudo
New playbook/language features:
- added when\_failed and when\_changed
- task includes can now be of infinite depth
- when\_set and when\_unset can take more than one var (when\_set: $a
and $b and $c)
- added the with\_sequence lookup plugin
- can override "connection:" on an individual task
- parameterized playbook includes can now define complex variables (not
just all on one line)
- making inventory variables available for use in vars\_files paths
- messages when skipping plays are now more clear
- --extra-vars now has maximum precedence (as intended)
Module fixes and new flags:
- ability to use raw module without python on remote system
- fix for service status checking on Ubuntu
- service module now responds to additional exit code for
SERVICE\_UNAVAILABLE
- fix for raw module with '-c local'
- various fixes to git module
- ec2 module now reports the public DNS name
- can pass executable= to the raw module to specify alternative shells
- fix for postgres module when user contains a "-"
- added additional template variables -- $template\_fullpath and
$template\_run\_date
- raise errors on invalid arguments used with a task include statement
- shell/command module takes a executable= parameter to specify a
different shell than /bin/sh
- added return code and error output to the raw module
- added support for @reboot to the cron module
- misc fixes to the pip module
- nagios module can schedule downtime for all services on the host
- various subversion module improvements
- various mail module improvements
- SELinux fix for files created by authorized\_key module
- "template override" ??
- get\_url module can now send user/password authorization
- ec2 module can now deploy multiple simultaneous instances
- fix for apt\_key modules stalling in some situations
- fix to enable Jinja2 {% include %} to work again in template
- ec2 module is now powered by Boto
- setup module can now detect if package manager is using pacman
- fix for yum module with enablerepo in use on EL 6
Core fixes and new behaviors:
- various fixes for variable resolution in playbooks
- fixes for handling of "~" in some paths
- various fixes to DWIM'ing of relative paths
- /bin/ansible now takes a --list-hosts just like ansible-playbook did
- various patterns can now take a regex vs a glob if they start with
"~" (need docs on which!) - also /usr/bin/ansible
- allow intersecting host patterns by using "&"
("webservers:!debian:&datacenter1")
- handle tilde shell character for --private-key
- hash merging policy is now selectable in the config file, can choose
to override or merge
- environment variables now available for setting all plugin paths
(ANSIBLE\_CALLBACK\_PLUGINS, etc)
- added packaging file for macports (not upstreamed yet)
- hacking/test-module script now uses /usr/bin/env properly
- fixed error formatting for certain classes of playbook syntax errors
- fix for processing returns with large volumes of output
Inventory files/scripts:
- hostname patterns in the inventory file can now use alphabetic ranges
- whitespace is now allowed around group variables in the inventory
file
- inventory scripts can now define groups of groups and group vars
(need example for docs?)
0.9 "Dreams" -- Nov 30 2012
---------------------------
Highlighted core changes:
- various performance tweaks, ansible executes dramatically less SSH
ops per unit of work
- close paramiko SFTP connections less often on copy/template
operations (speed increase)
- change the way we use multiprocessing (speed/RAM usage improvements)
- able to set default for asking password & sudo password in config
file
- ansible now installs nicely if running inside a virtualenv
- flag to allow SSH connection to move files by scp vs sftp (in config
file)
- additional RPM subpackages for easily installing fireball mode deps
(server and node)
- group\_vars/host\_vars now available to ansible, not just playbooks
- native ssh connection type (-c ssh) now supports passwords as well as
keys
- ansible-doc program to show details
Other core changes:
- fix for template calls when last character is '$'
- if ansible\_python\_interpreter is set on a delegated host, it now
works as intended
- --limit can now take "," as separator as well as ";" or ":"
- msg is now displaced with newlines when a task fails
- if any with\_ plugin has no results in a list (empty list for
with\_items, etc), the task is now skipped
- various output formatting fixes/improvements
- fix for Xen dom0/domU detection in default facts
- 'ansible\_domain' fact now available (ex value: example.com)
- configured remote temp file location is now always used even for root
- 'register'-ed variables are not recorded for skipped hosts (for
example, using only\_if/when)
- duplicate host records for the same host can no longer result when a
host is listed in multiple groups
- ansible-pull now passes --limit to prevent running on multiple hosts
when used with generic playbooks
- remote md5sum check fixes for Solaris 10
- ability to configure syslog facility used by remote module calls
- in templating, stray '$' characters are now handled more correctly
Playbook changes:
- relative paths now work for 'first\_available\_file'
- various templating engine fixes
- 'when' is an easier form of only if
- --list-hosts on the playbook command now supports multiple playbooks
on the same command line
- playbook includes can now be parameterized
Module additions:
- (addhost) new module for adding a temporary host record (used for
creating new guests)
- (group\_by) module allows partitioning hosts based on group data
- (ec2) new module for creating ec2 hosts
- (script) added 'script' module for pushing and running self-deleting
remote scripts
- (svr4pkg) solaris svr4pkg module
Module changes:
- (authorized key) module uses temp file now to prevent failure on full
disk
- (fetch) now uses the 'slurp' internal code to work as you would
expect under sudo'ed accounts
- (fetch) internal usage of md5 sums fixed for BSD
- (get\_url) thirsty is no longer required for directory destinations
- (git) various git module improvements/tweaks
- (group) now subclassed for various platforms, includes SunOS support
- (lineinfile) create= option on lineinfile can create the file when it
does not exist
- (mysql\_db) module takes new grant options
- (postgresql\_db) module now takes role\_attr\_flags
- (service) further upgrades to service module service status reporting
- (service) tweaks to get service module to play nice with BSD style
service systems (rc.conf)
- (service) possible to pass additional arguments to services
- (shell) and command module now take an 'executable=' flag for
specifying an alternate shell than /bin/sh
- (user) ability to create SSH keys for users when using user module to
create users
- (user) atomic replacement of files preserves permissions of original
file
- (user) module can create SSH keys
- (user) module now does Solaris and BSD
- (yum) module takes enablerepo= and disablerepo=
- (yum) misc yum module fixing for various corner cases
Plugin changes:
- EC2 inventory script now produces nicer failure message if AWS is
down (or similar)
- plugin loading code now more streamlined
- lookup plugins for DNS text records, environment variables, and redis
- added a template lookup plugin $TEMPLATE('filename.j2')
- various tweaks to the EC2 inventory plugin
- jinja2 filters are now pluggable so it's easy to write your own
(to\_json/etc, are now impl. as such)
0.8 "Cathedral" -- Oct 19, 2012
-------------------------------
Highlighted Core Changes:
- fireball mode -- ansible can bootstrap a ephemeral 0mq (zeromq)
daemon that runs as a given user and expires after X period of time.
It is very fast.
- playbooks with errors now return 2 on failure. 1 indicates a more
fatal syntax error. Similar for /usr/bin/ansible
- server side action code (template, etc) are now fully pluggable
- ability to write lookup plugins, like the code powering
"with\_fileglob" (see below)
Other Core Changes:
- ansible config file can also go in 'ansible.cfg' in cwd in addition
to ~/.ansible.cfg and /etc/ansible/ansible.cfg
- fix for inventory hosts at API level when hosts spec is a list and
not a colon delimited string
- ansible-pull example now sets up logrotate for the ansible-pull cron
job log
- negative host matching (!hosts) fixed for external inventory script
usage
- internals: os.executable check replaced with utils function so it
plays nice on AIX
- Debian packaging now includes ansible-pull manpage
- magic variable 'ansible\_ssh\_host' can override the hostname (great
for usage with tunnels)
- date command usage in build scripts fixed for OS X
- don't use SSH agent with paramiko if a password is specified
- make output be cleaner on multi-line command/shell errors
- /usr/bin/ansible now prints things when tasks are skipped, like when
creates= is used with -m command and /usr/bin/ansible
- when trying to async a module that is not a 'normal' asyncable
module, ansible will now let you know
- ability to access inventory variables via 'hostvars' for hosts not
yet included in any play, using on demand lookups
- merged ansible-plugins, ansible-resources, and ansible-docs into the
main project
- you can set ANSIBLE\_NOCOWS=1 if you want to disable cowsay if it is
installed. Though no one should ever want to do this! Cows are great!
- you can set ANSIBLE\_FORCE\_COLOR=1 to force color mode even when
running without a TTY
- fatal errors are now properly colored red.
- skipped messages are now cyan, to differentiate them from unchanged
messages.
- extensive documentation upgrades
- delegate\_action to localhost (aka local\_action) will always use the
local connection type
Highlighted playbook changes:
- is\_set is available for use inside of an only\_if expression:
is\_set('ansible\_eth0'). We intend to further upgrade this with a
'when' keyword providing better options to 'only\_if' in the next
release. Also is\_unset('ansible\_eth0')
- playbooks can import playbooks in other directories and then be able
to import tasks relative to them
- FILE($path) now allows access of contents of file in a path, very
good for use with SSH keys
- similarly PIPE($command) will run a local command and return the
results of executing this command
- if all hosts in a play fail, stop the playbook, rather than letting
the console log spool on by
- only\_if using register variables that are booleans now works in a
boolean way like you'd expect
- task includes now work with with\_items (such as: include:
path/to/wordpress.yml user=$item)
- when using a $list variable with $var or ${var} syntax it will
automatically join with commas
- setup is not run more than once when we know it is has already been
run in a play that included another play, etc
- can set/override sudo and sudo\_user on individual tasks in a play,
defaults to what is set in the play if not present
- ability to use with\_fileglob to iterate over local file patterns
- templates now use Jinja2's 'trim\_blocks=True' to avoid stray
newlines, small changes to templates may be required in rare cases.
Other playbook changes:
- to\_yaml and from\_yaml are available as Jinja2 filters
- $group and $group\_names are now accessible in with\_items
- where 'stdout' is provided a new 'stdout\_lines' variable (type ==
list) is now generated and usable with with\_items
- when local\_action is used the transport is automatically overridden
to the local type
- output on failed playbook commands is now nicely split for
stderr/stdout and syntax errors
- if local\_action is not used and delegate\_to was 127.0.0.1 or
localhost, use local connection regardless
- when running a playbook, and the statement has changed, prints
'changed:' now versus 'ok:' so it is obvious without colored mode
- variables now usable within vars\_prompt (just not host/group vars)
- setup facts are now retained across plays (dictionary just gets
updated as needed)
- --sudo-user now works with --extra-vars
- fix for multi\_line strings with only\_if
New Modules:
- ini\_file module for manipulating INI files
- new LSB facts (release, distro, etc)
- pause module -- (pause seconds=10) (pause minutes=1) (pause
prompt=foo) -- it's an action plugin
- a module for adding entries to the main crontab (though you may still
wish to just drop template files into cron.d)
- debug module can be used for outputting messages without using 'shell
echo'
- a fail module is now available for causing errors, you might want to
use it with only\_if to fail in certain conditions
Other module Changes, Upgrades, and Fixes:
- removes= exists on command just like creates=
- postgresql modules now take an optional port= parameter
- /proc/cmdline info is now available in Linux facts
- public host key detection for OS X
- lineinfile module now uses 'search' not exact 'match' in regexes,
making it much more intuitive and not needing regex syntax most of
the time
- added force=yes\|no (default no) option for file module, which allows
transition between files to directories and so on
- additional facts for SunOS virtualization
- copy module is now atomic when used across volumes
- url\_get module now returns 'dest' with the location of the file
saved
- fix for yum module when using local RPMs vs downloading
- cleaner error messages with copy if destination directory does not
exist
- setup module now still works if PATH is not set
- service module status now correct for services with 'subsys locked'
status
- misc fixes/upgrades to the wait\_for module
- git module now expands any "~" in provided destination paths
- ignore stop error code failure for service module with
state=restarted, always try to start
- inline documentation for modules allows documentation source to built
without pull requests to the ansible-docs project, among other things
- variable '$ansible\_managed' is now great to include at the top of
your templates and includes useful information and a warning that it
will be replaced
- "~" now expanded in command module when using creates/removes
- mysql module can do dumps and imports
- selinux policy is only required if setting to not disabled
- various fixes for yum module when working with packages not in any
present repo
0.7 "Panama" -- Sept 6 2012
---------------------------
Module changes:
- login\_unix\_socket option for mysql user and database modules (see
PR #781 for doc notes)
- new modules -- pip, easy\_install, apt\_repository, supervisorctl
- error handling for setup module when SELinux is in a weird state
- misc yum module fixes
- better changed=True/False detection in user module on older Linux
distros
- nicer errors from modules when arguments are not key=value
- backup option on copy (backup=yes), as well as template, assemble,
and lineinfile
- file module will not recurse on directory properties
- yum module now workable without having repoquery installed, but
doesn't support comparisons or list= if so
- setup module now detects interfaces with aliases
- better handling of VM guest type detection in setup module
- new module boilerplate code to check for mutually required arguments,
arguments required together, exclusive args
- add pattern= as a parameter to the service module (for init scripts
that don't do status, or do poor status)
- various fixes to mysql & postresql modules
- added a thirsty= option (boolean, default no) to the get\_url module
to decide to download the file every time or not
- added a wait\_for module to poll for ports being open
- added a nagios module for controlling outage windows and alert
statuses
- added a seboolean module for getsebool/setsebool type operations
- added a selinux module for controlling overall SELinux policy
- added a subversion module
- added lineinfile for adding and removing lines from basic files
- added facts for ARM-based CPUs
- support for systemd in the service module
- git moduleforce reset behavior is now controllable
- file module can now operate on special files (block devices, etc)
Core changes:
- ansible --version will now give branch/SHA information if running
from git
- better sudo permissions when encountering different umasks
- when using paramiko and SFTP is not accessible, do not traceback, but
return a nice human readable msg
- use -vvv for extreme debug levels. -v gives more playbook output as
before
- -vv shows module arguments to all module calls (and maybe some other
things later)
- don not pass "--" to sudo to work on older EL5
- make remote\_md5 internal function work with non-bash shells
- allow user to be passed in via --extra-vars (regression)
- add --limit option, which can be used to further confine the pattern
given in ansible-playbooks
- adds ranged patterns like dbservers[0-49] for usage with patterns or
--limit
- -u and user: defaults to current user, rather than root, override as
before
- /etc/ansible/ansible.cfg and ~/ansible.cfg now available to set
default values and other things
- (developers) ANSIBLE\_KEEP\_REMOTE\_FILES=1 can be used in debugging
(envrionment variable)
- (developers) connection types are now plugins
- (developers) callbacks can now be extended via plugins
- added FreeBSD ports packaging scripts
- check for terminal properties prior to engaging color modes
- explicitly disable password auth with -c ssh, as it is not used
anyway
Playbooks:
- YAML syntax errors detected and show where the problem is
- if you ctrl+c a playbook it will not traceback (usually)
- vars\_prompt now has encryption options (see
examples/playbooks/prompts.yml)
- allow variables in parameterized task include parameters (regression)
- add ability to store the result of any command in a register (see
examples/playbooks/register\_logic.yml)
- --list-hosts to show what hosts are included in each play of a
playbook
- fix a variable ordering issue that could affect vars\_files with
selective file source lists
- adds 'delegate\_to' for a task, which can be used to signal outage
windows and load balancers on behalf of hosts
- adds 'serial' to playbook, allowing you to specify how many hosts can
be processing a playbook at one time (default 0=all)
- adds 'local\_action: ' as an alias to 'delegate\_to: 127.0.0.1'
0.6 "Cabo" -- August 6, 2012
----------------------------
playbooks:
- support to tag tasks and includes and use --tags in playbook CLI
- playbooks can now include other playbooks
(example/playbooks/nested\_playbooks.yml)
- vars\_files now usable with with\_items, provided file paths don't
contain host specific facts
- error reporting if with\_items value is unbound
- with\_items no longer creates lots of tasks, creates one task that
makes multiple calls
- can use host\_specific facts inside with\_items (see above)
- at the top level of a playbook, set 'gather\_facts: no' to skip fact
gathering
- first\_available\_file and with\_items used together will now raise
an error
- to catch typos, like 'var' for 'vars', playbooks and tasks now yell
on invalid parameters
- automatically load
(directory\_of\_inventory\_file)/group\_vars/groupname and
/host\_vars/hostname in vars\_files
- playbook is now colorized, set ANSIBLE\_NOCOLOR=1 if you do not like
this, does not colorize if not a TTY
- hostvars now preserved between plays (regression in 0.5 from 0.4),
useful for sharing vars in multinode configs
- ignore\_errors: yes on a task can be used to allow a task to fail and
not stop the play
- with\_items with the apt/yum module will install/remove/update
everything in a single command
inventory:
- groups variable available as a hash to return the hosts in each group
name
- in YAML inventory, hosts can list their groups in inverted order now
also (see tests/yaml\_hosts)
- YAML inventory is deprecated and will be removed in 0.7
- ec2 inventory script
- support ranges of hosts in the host file, like
www[001-100].example.com (supports leading zeros and also not)
modules:
- fetch module now does not fail a system when requesting file paths
(ex: logs) that don't exist
- apt module now takes an optional install-recommends=yes\|no (default
yes)
- fixes to the return codes of the copy module
- copy module takes a remote md5sum to avoid large file transfer
- various user and group module fixes (error handling, etc)
- apt module now takes an optional force parameter
- slightly better psychic service status handling for the service
module
- fetch module fixes for SSH connection type
- modules now consistently all take yes/no for boolean parameters (and
DWIM on true/false/1/0/y/n/etc)
- setup module no longer saves to disk, template module now only used
in playbooks
- setup module no longer needs to run twice per playbook
- apt module now passes DEBIAN\_FRONTEND=noninteractive
- mount module (manages active mounts + fstab)
- setup module fixes if no ipv6 support
- internals: template in common module boilerplate, also causes less
SSH operations when used
- git module fixes
- setup module overhaul, more modular
- minor caching logic added to inventory to reduce hammering of
inventory scripts.
- MySQL and PostgreSQL modules for user and db management
- vars\_prompt now supports private password entry (see
examples/playbooks/prompts.yml)
- yum module modified to be more tolerant of plugins spewing random
console messages (ex: RHN)
internals:
- when sudoing to root, still use /etc/ansible/setup as the metadata
path, as if root
- paramiko is now only imported if needed when running from source
checkout
- cowsay support on Ubuntu
- various ssh connection fixes for old Ubuntu clients
- ./hacking/test-module now supports options like ansible takes and has
a debugger mode
- sudoing to a user other than root now works more seamlessly (uses
/tmp, avoids umask issues)
0.5 "Amsterdam" ------- July 04, 2012
-------------------------------------
- Service module gets more accurate service states when running with
upstart
- Jinja2 usage in playbooks (not templates), reinstated, supports
%include directive
- support for --connection ssh (supports Kerberos, bastion hosts, etc),
requires ControlMaster
- misc tracebacks replaced with error messages
- various API/internals refactoring
- vars can be built from other variables
- support for exclusion of hosts/groups with "!groupname"
- various changes to support md5 tool differences for FreeBSD nodes &
OS X clients
- "unparseable" command output shows in command output for easier
debugging
- mktemp is no longer required on remotes (not available on BSD)
- support for older versions of python-apt in the apt module
- a new "assemble" module, for constructing files from pieces of files
(inspired by Puppet "fragments" idiom)
- ability to override most default values with ANSIBLE\_FOO environment
variables
- --module-path parameter can support multiple directories separated
with the OS path separator
- with\_items can take a variable of type list
- ansible\_python\_interpreter variable available for systems with more
than one Python
- BIOS and VMware "fact" upgrades
- cowsay is used by ansible-playbook if installed to improve output
legibility (try installing it)
- authorized\_key module
- SELinux facts now sourced from the python selinux library
- removed module debug option -D
- added --verbose, which shows output from successful playbook
operations
- print the output of the raw command inside /usr/bin/ansible as with
command/shell
- basic setup module support for Solaris
- ./library relative to the playbook is always in path so modules can
be included in tarballs with playbooks
0.4 "Unchained" ------- May 23, 2012
------------------------------------
Internals/Core \* internal inventory API now more object oriented,
parsers decoupled \* async handling improvements \* misc fixes for
running ansible on OS X (overlord only) \* sudo improvements, now works
much more smoothly \* sudo to a particular user with -U/--sudo-user, or
using 'sudo\_user: foo' in a playbook \* --private-key CLI option to
work with pem files
Inventory \* can use -i host1,host2,host3:port to specify hosts not in
inventory (replaces --override-hosts) \* ansible INI style format can do
groups of groups [groupname:children] and group vars [groupname:vars] \*
groups and users module takes an optional system=yes\|no on creation
(default no) \* list of hosts in playbooks can be expressed as a YAML
list in addition to ; delimited
Playbooks \* variables can be replaced like
${foo.nested\_hash\_key.nested\_subkey[array\_index]} \* unicode now ok
in templates (assumes utf8) \* able to pass host specifier or group name
in to "hosts:" with --extra-vars \* ansible-pull script and example
playbook (extreme scaling, remediation) \* inventory\_hostname variable
available that contains the value of the host as ansible knows it \*
variables in the 'all' section can be used to define other variables
based on those values \* 'group\_names' is now a variable made available
to templates \* first\_available\_file feature, see
selective\_file\_sources.yml in examples/playbooks for info \*
--extra-vars="a=2 b=3" etc, now available to inject parameters into
playbooks from CLI
Incompatible Changes \* jinja2 is only usable in templates, not
playbooks, use $foo instead \* --override-hosts removed, can use -i with
comma notation (-i "ahost,bhost") \* modules can no longer include
stderr output (paramiko limitation from sudo)
Module Changes \* tweaks to SELinux implementation for file module \*
fixes for yum module corner cases on EL5 \* file module now correctly
returns the mode in octal \* fix for symlink handling in the file module
\* service takes an enable=yes\|no which works with chkconfig or
updates-rc.d as appropriate \* service module works better on Ubuntu \*
git module now does resets and such to work more smoothly on updates \*
modules all now log to syslog \* enabled=yes\|no on a service can be
used to toggle chkconfig & updates-rc.d states \* git module supports
branch= \* service fixes to better detect status using return codes of
the service script \* custom facts provided by the setup module mean no
dependency on Ruby, facter, or ohai \* service now has a state=reloaded
\* raw module for bootstrapping and talking to routers w/o Python, etc
Misc Bugfixes \* fixes for variable parsing in only\_if lines \* misc
fixes to key=value parsing \* variables with mixed case now legal \* fix
to internals of hacking/test-module development script
0.3 "Baluchitherium" -- April 23, 2012
--------------------------------------
- Packaging for Debian, Gentoo, and Arch
- Improvements to the apt and yum modules
- A virt module
- SELinux support for the file module
- Ability to use facts from other systems in templates (aka exported
resources like support)
- Built in Ansible facts so you don't need ohai, facter, or Ruby
- tempdir selections that work with noexec mounted /tmp
- templates happen locally, not remotely, so no dependency on
python-jinja2 for remote computers
- advanced inventory format in YAML allows more control over variables
per host and per group
- variables in playbooks can be structured/nested versus just a flat
namespace
- manpage upgrades (docs)
- various bugfixes
- can specify a default --user for playbooks rather than specifying it
in the playbook file
- able to specify ansible port in ansible host file (see docs)
- refactored Inventory API to make it easier to write scripts using
Ansible
- looping capability for playbooks (with\_items)
- support for using sudo with a password
- module arguments can be unicode
- A local connection type, --connection=local, for use with cron or in
kickstarts
- better module debugging with -D
- fetch module for pulling in files from remote hosts
- command task supports creates=foo for idempotent semantics, won't run
if file foo already exists
0.0.2 and 0.0.1
---------------
- Initial stages of project