carroarmato0/ansible.posix
1
0
Fork 0
mirror of https://github.com/ansible-collections/ansible.posix.git synced 2026-01-11 23:25:28 +01:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'main' into icmp_masquerade_fix

Browse source
This commit is contained in:
Hideki Saito 2021-12-01 13:34:26 +09:00 committed by GitHub
commit ecdf93f123
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
113 changed files with 1398 additions and 349 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

54
.azure-pipelines/azure-pipelines.yml
View file

@ -50,6 +50,26 @@ stages:
- template: templates/matrix.yml
parameters:
testFormat: devel/linux/{0}/1
targets:
- name: CentOS 7
test: centos7
- name: Fedora 34
test: fedora34
- name: Fedora 35
test: fedora35
- name: openSUSE 15 py3
test: opensuse15
- name: Ubuntu 18.04
test: ubuntu1804
- name: Ubuntu 20.04
test: ubuntu2004
- stage: Docker_2_12
displayName: Docker 2.12
dependsOn: []
jobs:
- template: templates/matrix.yml
parameters:
testFormat: 2.12/linux/{0}/1
targets:
- name: CentOS 6
test: centos6
@ -57,10 +77,10 @@ stages:
test: centos7
- name: CentOS 8
test: centos8
- name: Fedora 32
test: fedora32
- name: Fedora 33
test: fedora33
- name: Fedora 34
test: fedora34
- name: openSUSE 15 py2
test: opensuse15py2
- name: openSUSE 15 py3
@ -161,12 +181,30 @@ stages:
test: macos/11.1
- name: RHEL 7.9
test: rhel/7.9
- name: RHEL 8.3
test: rhel/8.3
- name: FreeBSD 11.4
test: freebsd/11.4
- name: RHEL 8.5
test: rhel/8.5
- name: FreeBSD 12.2
test: freebsd/12.2
- name: FreeBSD 13.0
test: freebsd/13.0
- stage: Remote_2_12
displayName: Remote 2.12
dependsOn: []
jobs:
- template: templates/matrix.yml
parameters:
testFormat: 2.12/{0}/1
targets:
- name: MacOS 11.1
test: macos/11.1
- name: RHEL 7.9
test: rhel/7.9
- name: RHEL 8.4
test: rhel/8.4
- name: FreeBSD 12.2
test: freebsd/12.2
- name: FreeBSD 13.0
test: freebsd/13.0
- stage: Remote_2_11
displayName: Remote 2.11
dependsOn: []
@ -230,9 +268,11 @@ stages:
- Remote_2_9
- Docker_2_9
- Remote_2_10
- Remote_2_11
- Docker_2_10
- Remote_2_11
- Docker_2_11
- Remote_2_12
- Docker_2_12
- Remote_devel
- Docker_devel
jobs:

45
CHANGELOG.rst
View file

@ -5,6 +5,49 @@ ansible.posix Release Notes
.. contents:: Topics
v1.3.0
======
Release Summary
---------------
This is the minor release of the ``ansible.posix`` collection.
This changelog contains all changes to the modules in this collection that
have been added after the release of ``ansible.posix`` 1.2.0.
Minor Changes
-------------
- acl - add new alias ``recurse`` for ``recursive`` parameter (https://github.com/ansible-collections/ansible.posix/issues/124).
- added 2.11 branch to test matrix, added ignore-2.12.txt.
- authorized_key - add ``no_log=False`` in ``argument_spec`` to clear false-positives of ``no-log-needed`` (https://github.com/ansible-collections/ansible.posix/pull/156).
- authorized_key - add a list of valid key types (https://github.com/ansible-collections/ansible.posix/issues/134).
- mount - Change behavior of ``boot`` option to set ``noauto`` on BSD nodes (https://github.com/ansible-collections/ansible.posix/issues/28).
- mount - Change behavior of ``boot`` option to set ``noauto`` on Linux nodes (https://github.com/ansible-collections/ansible.posix/issues/28).
- mount - add ``no_log=False`` in ``argument_spec`` to clear false-positives of ``no-log-needed`` (https://github.com/ansible-collections/ansible.posix/pull/156).
- mount - returns ``backup_file`` value when a backup fstab is created.
- synchronize - add ``delay_updates`` option (https://github.com/ansible-collections/ansible.posix/issues/157).
- synchronize - fix typo (https://github.com/ansible-collections/ansible.posix/pull/198).
Bugfixes
--------
- Synchronize module not recognizing remote ssh key (https://github.com/ansible-collections/ansible.posix/issues/24).
- Synchronize not using quotes around arguments like --out-format (https://github.com/ansible-collections/ansible.posix/issues/190).
- at - append line-separator to the end of the ``command`` (https://github.com/ansible-collections/ansible.posix/issues/169).
- csh - define ``ECHO`` and ``COMMAND_SEP`` (https://github.com/ansible-collections/ansible.posix/issues/204).
- firewalld - enable integration after migration (https://github.com/ansible-collections/ansible.posix/pull/239).
- firewalld - ensure idempotency with firewalld 0.9.3 (https://github.com/ansible-collections/ansible.posix/issues/179).
- firewalld - fix setting zone target to ``%%REJECT%%`` (https://github.com/ansible-collections/ansible.posix/pull/215).
- mount - Handle ``boot`` option on Solaris correctly (https://github.com/ansible-collections/ansible.posix/issues/184).
- synchronize - add ``community.podman.podman`` to the list of supported connection plugins (https://github.com/ansible-community/molecule-podman/issues/45).
- synchronize - complete podman support for synchronize module.
- synchronize - properly quote rsync CLI parameters (https://github.com/ansible-collections/ansible.posix/pull/241).
- synchronize - replace removed ``ansible_ssh_user`` by ``ansible_user`` everywhere; do the same for ``ansible_ssh_port`` and ``ansible_ssh_host`` (https://github.com/ansible-collections/ansible.posix/issues/60).
- synchronize - use SSH args from SSH connection plugin (https://github.com/ansible-collections/ansible.posix/issues/222).
- synchronize - use become_user when invoking rsync on remote with sudo (https://github.com/ansible-collections/ansible.posix/issues/186).
- sysctl - modifying conditional check for docker to fix tests being skipped (https://github.com/ansible-collections/ansible.posix/pull/226).
v1.2.0
======
@ -26,9 +69,9 @@ Bugfixes
--------
- at - add AIX support (https://github.com/ansible-collections/ansible.posix/pull/99).
- synchronize - fix for private_key overriding in synchronize module.
- synchronize - add ``community.docker.docker`` to the list of supported transports (https://github.com/ansible-collections/ansible.posix/issues/132).
- synchronize - do not prepend PWD when path is in form user@server:path or server:path (https://github.com/ansible-collections/ansible.posix/pull/118).
- synchronize - fix for private_key overriding in synchronize module.
- sysctl - do not persist sysctl when value is invalid (https://github.com/ansible-collections/ansible.posix/pull/101).
v1.1.1

15
README.md
View file

@ -6,7 +6,7 @@ https://dev.azure.com/ansible/ansible.posix/_apis/build/status/CI?branchName=mai
<!-- Describe the collection and why a user would want to use it. What does the collection do? -->
An Ansible Collection of modules and plugins that target POSIX UNIX/Linux and derivative Operating Systems.
## Supported Versions of Ansible
<!--start requires_ansible-->
## Ansible version compatibility
@ -28,6 +28,7 @@ Name | Description
[ansible.posix.at](https://github.com/ansible-collections/ansible.posix/blob/main/docs/ansible.posix.at_module.rst)|Schedule the execution of a command or script file via the at command
[ansible.posix.authorized_key](https://github.com/ansible-collections/ansible.posix/blob/main/docs/ansible.posix.authorized_key_module.rst)|Adds or removes an SSH authorized key
[ansible.posix.firewalld](https://github.com/ansible-collections/ansible.posix/blob/main/docs/ansible.posix.firewalld_module.rst)|Manage arbitrary ports/services with firewalld
[ansible.posix.firewalld_info](https://github.com/ansible-collections/ansible.posix/blob/main/docs/ansible.posix.firewalld_info_module.rst)|Gather information about firewalld
[ansible.posix.mount](https://github.com/ansible-collections/ansible.posix/blob/main/docs/ansible.posix.mount_module.rst)|Control active and configured mount points
[ansible.posix.patch](https://github.com/ansible-collections/ansible.posix/blob/main/docs/ansible.posix.patch_module.rst)|Apply patch files using the GNU patch tool
[ansible.posix.seboolean](https://github.com/ansible-collections/ansible.posix/blob/main/docs/ansible.posix.seboolean_module.rst)|Toggles SELinux booleans
@ -75,9 +76,7 @@ This collection follows the Ansible project's
Please read and familiarize yourself with this document.
## Release notes
* 0.1.1 Initial stable build
* 0.1.0 Internal only build
See [changelog](https://github.com/ansible-collections/ansible.posix/blob/main/CHANGELOG.rst) for more details.
## External requirements
@ -87,9 +86,11 @@ None
<!-- List the versions of Ansible the collection has been tested with. Must match what is in galaxy.yml. -->
* ansible-base 2.11 (devel)
* ansible-base 2.10 (Beta)
* ansible-base 2.9 (stable)
* ansible-core 2.13 (devel)
* ansible-core 2.12 (stable)
* ansible-core 2.11 (stable)
* ansible-base 2.10 (stable)
* ansible 2.9 (stable)
## Roadmap

4
bindep.txt Normal file
View file

@ -0,0 +1,4 @@
# This is a cross-platform list tracking distribution packages needed by tests;
# see https://docs.openstack.org/infra/bindep/ for additional information.
rsync [platform:centos-8 platform:rhel-8]

78
changelogs/changelog.yaml
View file

@ -107,11 +107,11 @@ releases:
changes:
bugfixes:
- at - add AIX support (https://github.com/ansible-collections/ansible.posix/pull/99).
- synchronize - fix for private_key overriding in synchronize module.
- synchronize - add ``community.docker.docker`` to the list of supported transports
(https://github.com/ansible-collections/ansible.posix/issues/132).
- synchronize - do not prepend PWD when path is in form user@server:path or
server:path (https://github.com/ansible-collections/ansible.posix/pull/118).
- synchronize - fix for private_key overriding in synchronize module.
- sysctl - do not persist sysctl when value is invalid (https://github.com/ansible-collections/ansible.posix/pull/101).
minor_changes:
- firewalld - bring the ``target`` feature back (https://github.com/ansible-collections/ansible.posix/issues/112).
@ -134,3 +134,79 @@ releases:
- firewalld_zone_target.yml
- misc_fix.yml
release_date: '2021-03-08'
1.3.0:
changes:
bugfixes:
- Synchronize module not recognizing remote ssh key (https://github.com/ansible-collections/ansible.posix/issues/24).
- Synchronize not using quotes around arguments like --out-format (https://github.com/ansible-collections/ansible.posix/issues/190).
- at - append line-separator to the end of the ``command`` (https://github.com/ansible-collections/ansible.posix/issues/169).
- csh - define ``ECHO`` and ``COMMAND_SEP`` (https://github.com/ansible-collections/ansible.posix/issues/204).
- firewalld - enable integration after migration (https://github.com/ansible-collections/ansible.posix/pull/239).
- firewalld - ensure idempotency with firewalld 0.9.3 (https://github.com/ansible-collections/ansible.posix/issues/179).
- firewalld - fix setting zone target to ``%%REJECT%%`` (https://github.com/ansible-collections/ansible.posix/pull/215).
- mount - Handle ``boot`` option on Solaris correctly (https://github.com/ansible-collections/ansible.posix/issues/184).
- synchronize - add ``community.podman.podman`` to the list of supported connection
plugins (https://github.com/ansible-community/molecule-podman/issues/45).
- synchronize - complete podman support for synchronize module.
- synchronize - properly quote rsync CLI parameters (https://github.com/ansible-collections/ansible.posix/pull/241).
- synchronize - replace removed ``ansible_ssh_user`` by ``ansible_user`` everywhere;
do the same for ``ansible_ssh_port`` and ``ansible_ssh_host`` (https://github.com/ansible-collections/ansible.posix/issues/60).
- synchronize - use SSH args from SSH connection plugin (https://github.com/ansible-collections/ansible.posix/issues/222).
- synchronize - use become_user when invoking rsync on remote with sudo (https://github.com/ansible-collections/ansible.posix/issues/186).
- sysctl - modifying conditional check for docker to fix tests being skipped
(https://github.com/ansible-collections/ansible.posix/pull/226).
minor_changes:
- acl - add new alias ``recurse`` for ``recursive`` parameter (https://github.com/ansible-collections/ansible.posix/issues/124).
- added 2.11 branch to test matrix, added ignore-2.12.txt.
- authorized_key - add ``no_log=False`` in ``argument_spec`` to clear false-positives
of ``no-log-needed`` (https://github.com/ansible-collections/ansible.posix/pull/156).
- authorized_key - add a list of valid key types (https://github.com/ansible-collections/ansible.posix/issues/134).
- mount - Change behavior of ``boot`` option to set ``noauto`` on BSD nodes
(https://github.com/ansible-collections/ansible.posix/issues/28).
- mount - Change behavior of ``boot`` option to set ``noauto`` on Linux nodes
(https://github.com/ansible-collections/ansible.posix/issues/28).
- mount - add ``no_log=False`` in ``argument_spec`` to clear false-positives
of ``no-log-needed`` (https://github.com/ansible-collections/ansible.posix/pull/156).
- mount - returns ``backup_file`` value when a backup fstab is created.
- synchronize - add ``delay_updates`` option (https://github.com/ansible-collections/ansible.posix/issues/157).
- synchronize - fix typo (https://github.com/ansible-collections/ansible.posix/pull/198).
release_summary: 'This is the minor release of the ``ansible.posix`` collection.
This changelog contains all changes to the modules in this collection that
have been added after the release of ``ansible.posix`` 1.2.0.'
fragments:
- 1.3.0.yml
- 124_acl.yml
- 126_mount_not_returning_backup_file.yml
- 134_authorized_key.yml
- 156-fix_no-log-needed_false_positives.yml
- 159-fix-60-deprecated-ansible_ssh_user.yml
- 167-synchronize-add_delay_option.yml
- 169_add_lineseparator_to_command.yml
- 175_synchronize.yml
- 179_firewalld.yml
- 181-update_codecov_sh_url.yml
- 185_mount_at_boot.yml
- 187-fix-synchronize-become-user.yml
- 193_firewalld.yml
- 196_boot_opt_for_linux.yml
- 203_boot_opt_for_bsd.yml
- 204_csh_shell.yml
- 207-mount_tests.yml
- 213_quote_cmd_args.yml
- 214-add_firewalld_info_module.yml
- 215_fix_REJECT_target_name.yml
- 217-restructure_authrized_key_test.yml
- 222_synchronize.yml
- 226_sysctl_fix_integration_test.yml
- 229_add_podman_connection_plugin_to_synchronize.yml
- 230_complete_podman_support_for_synchronize.yml
- 233-fix-wrong-firewalld-version-info.yml
- 241-synchronize-shell-quoting.yml
- firewalld_integ_test.yml
- firewalld_test.yml
- sanity_test_ignore_file.yml
- synchronize.yml
- test_matrix.yml
release_date: '2021-08-11'

2
changelogs/config.yaml
View file

@ -2,7 +2,7 @@ changelog_filename_template: ../CHANGELOG.rst
changelog_filename_version_depth: 0
changes_file: changelog.yaml
changes_format: combined
keep_fragments: true
keep_fragments: false
mention_ancestor: true
new_plugins_after_name: removed_features
notesdir: fragments

4
changelogs/fragments/1.2.0.yml
View file

@ -1,4 +0,0 @@
release_summary: |-
This is the minor release of the ``ansible.posix`` collection.
This changelog contains all changes to the modules in this collection that
have been added after the release of ``ansible.posix`` 1.1.0.

3
changelogs/fragments/101-sysctl-dont-persist-when-invalid.yml
View file

@ -1,3 +0,0 @@
---
bugfixes:
- sysctl - do not persist sysctl when value is invalid (https://github.com/ansible-collections/ansible.posix/pull/101).

4
changelogs/fragments/11-action-plugins-use-fqcn.yml
View file

@ -1,4 +0,0 @@
---
bugfixes:
- patch - fix FQCN usage for action plugin (https://github.com/ansible-collections/ansible.posix/issues/11)
- synchronize - fix FQCN usage for action plugin (https://github.com/ansible-collections/ansible.posix/issues/11)

2
changelogs/fragments/118-synchronize_bugfix.yml
View file

@ -1,2 +0,0 @@
bugfixes:
- "synchronize - do not prepend PWD when path is in form user@server:path or server:path (https://github.com/ansible-collections/ansible.posix/pull/118)."

2
changelogs/fragments/120-synchronize_add_option.yml
View file

@ -1,2 +0,0 @@
minor_changes:
- synchronize - add the ``ssh_connection_multiplexing`` option to allow SSH connection multiplexing (https://github.com/ansible/ansible/issues/24365).

3
changelogs/fragments/124_acl.yml
View file

@ -1,3 +0,0 @@
---
minor_changes:
- acl - add new alias ``recurse`` for ``recursive`` parameter (https://github.com/ansible-collections/ansible.posix/issues/124).

2
changelogs/fragments/126_mount_not_returning_backup_file.yml
View file

@ -1,2 +0,0 @@
minor_changes:
- mount - returns ``backup_file`` value when a backup fstab is created.

2
changelogs/fragments/12_migrate_cgroup_perf_recap_graph.yml
View file

@ -1,2 +0,0 @@
minor_changes:
- Migrate hacking/cgroup_perf_recap_graph.py to this collection, since the cgroup_perf_recap callback lives here.

2
changelogs/fragments/134_authorized_key.yml
View file

@ -1,2 +0,0 @@
minor_changes:
- authorized_key - add a list of valid key types (https://github.com/ansible-collections/ansible.posix/issues/134).

4
changelogs/fragments/144_add_community_docker_connection_plugin_alias.yml
View file

@ -1,4 +0,0 @@
---
bugfixes:
- synchronize - add ``community.docker.docker`` to the list of supported
transports (https://github.com/ansible-collections/ansible.posix/issues/132).

2
changelogs/fragments/14_mount_option.yml
View file

@ -1,2 +0,0 @@
bugfixes:
- Mount - Handle remount with new options (https://github.com/ansible/ansible/issues/59460).

4
changelogs/fragments/156-fix_no-log-needed_false_positives.yml
View file

@ -1,4 +0,0 @@
---
minor_changes:
- authorized_key - add ``no_log=False`` in ``argument_spec`` to clear false-positives of ``no-log-needed`` (https://github.com/ansible-collections/ansible.posix/pull/156).
- mount - add ``no_log=False`` in ``argument_spec`` to clear false-positives of ``no-log-needed`` (https://github.com/ansible-collections/ansible.posix/pull/156).

4
changelogs/fragments/159-fix-60-deprecated-ansible_ssh_user.yml
View file

@ -1,4 +0,0 @@
---
bugfixes:
- synchronize - replace removed ``ansible_ssh_user`` by ``ansible_user`` everywhere; do the same for
``ansible_ssh_port`` and ``ansible_ssh_host`` (https://github.com/ansible-collections/ansible.posix/issues/60).

2
changelogs/fragments/15_profile_tasks.yml
View file

@ -1,2 +0,0 @@
bugfixes:
- Profile_tasks - result was a odict_items which is not subscriptable, so the slicing was failing (https://github.com/ansible/ansible/issues/59059).

3
changelogs/fragments/167-synchronize-add_delay_option.yml
View file

@ -1,3 +0,0 @@
---
minor_changes:
- synchronize - add ``delay_updates`` option (https://github.com/ansible-collections/ansible.posix/issues/157).

3
changelogs/fragments/169_add_lineseparator_to_command.yml
View file

@ -1,3 +0,0 @@
---
bugfixes:
- at - append line-separator to the end of the ``command`` (https://github.com/ansible-collections/ansible.posix/issues/169).

3
changelogs/fragments/175_synchronize.yml
View file

@ -1,3 +0,0 @@
---
trivial:
- synchronize - fix typo in ``delete`` parameter (https://github.com/ansible-collections/ansible.posix/issues/175).

3
changelogs/fragments/179_firewalld.yml
View file

@ -1,3 +0,0 @@
---
bugfixes:
- firewalld - ensure idempotency with firewalld 0.9.3 (https://github.com/ansible-collections/ansible.posix/issues/179).

3
changelogs/fragments/17_authorized_keys.yml
View file

@ -1,3 +0,0 @@
---
bugfixes:
- authorized_keys - Added FIDO2 security keys (https://github.com/ansible-collections/ansible.posix/issues/17).

3
changelogs/fragments/181-update_codecov_sh_url.yml
View file

@ -1,3 +0,0 @@
---
trivial:
- testing - update codecov.sh URL (https://github.com/ansible-collections/ansible.posix/pull/181).

3
changelogs/fragments/185_mount_at_boot.yml
View file

@ -1,3 +0,0 @@
---
bugfixes:
- "mount - Handle ``boot`` option on Solaris correctly (https://github.com/ansible-collections/ansible.posix/issues/184)."

4
changelogs/fragments/187-fix-synchronize-become-user.yml
View file

@ -1,4 +0,0 @@
---
bugfixes:
- synchronize - use become_user when invoking rsync on remote with sudo
(https://github.com/ansible-collections/ansible.posix/issues/186).

3
changelogs/fragments/193_firewalld.yml
View file

@ -1,3 +0,0 @@
---
trivial:
- firewalld - specify unit for ``timeout`` parameter in docs (https://github.com/ansible-collections/ansible.posix/issues/193).

4
changelogs/fragments/196_boot_opt_for_linux.yml
View file

@ -1,4 +0,0 @@
---
minor_changes:
- mount - Change behavior of ``boot`` option to set ``noauto`` on Linux nodes
(https://github.com/ansible-collections/ansible.posix/issues/28).

2
changelogs/fragments/19_enable_tags.yml
View file

@ -1,2 +0,0 @@
minor_changes:
- Enabled tags in galaxy.yml (https://github.com/ansible-collections/ansible.posix/issues/18).

4
changelogs/fragments/203_boot_opt_for_bsd.yml
View file

@ -1,4 +0,0 @@
---
minor_changes:
- mount - Change behavior of ``boot`` option to set ``noauto`` on BSD nodes
(https://github.com/ansible-collections/ansible.posix/issues/28).

3
changelogs/fragments/204_csh_shell.yml
View file

@ -1,3 +0,0 @@
---
bugfixes:
- csh - define ``ECHO`` and ``COMMAND_SEP`` (https://github.com/ansible-collections/ansible.posix/issues/204).

3
changelogs/fragments/207-mount_tests.yml
View file

@ -1,3 +0,0 @@
---
trivial:
- Make the mount module integration tests more human readable.

3
changelogs/fragments/21-mount-module_util-routing-issue.yml
View file

@ -1,3 +0,0 @@
---
bugfixes:
- mount - fix issues with ismount module_util pathing for Ansible 2.9 (fixes https://github.com/ansible-collections/ansible.posix/issues/21)

3
changelogs/fragments/211_fstab_append_newline.yml Normal file
View file

@ -0,0 +1,3 @@
---
bugfixes:
- mount - add a newline at the end of line in ``fstab`` (https://github.com/ansible-collections/ansible.posix/issues/210).

4
changelogs/fragments/213_quote_cmd_args.yml
View file

@ -1,4 +0,0 @@
---
bugfixes:
- Synchronize module not recognizing remote ssh key (https://github.com/ansible-collections/ansible.posix/issues/24).
- Synchronize not using quotes around arguments like --out-format (https://github.com/ansible-collections/ansible.posix/issues/190).

3
changelogs/fragments/214-add_firewalld_info_module.yml
View file

@ -1,3 +0,0 @@
---
trivial:
- firewalld_info - add ``firewalld_info`` module to ``ansible.posix`` collection (https://github.com/ansible-collections/ansible.posix/issues/98)

2
changelogs/fragments/215_fix_REJECT_target_name.yml
View file

@ -1,2 +0,0 @@
bugfixes:
- firewalld - fix setting zone target to ``%%REJECT%%`` (https://github.com/ansible-collections/ansible.posix/pull/215).

3
changelogs/fragments/217-restructure_authrized_key_test.yml
View file

@ -1,3 +0,0 @@
---
trivial:
- authorized_key - Split tasks/main.yml in integration tests to each function block.

3
changelogs/fragments/229_add_podman_connection_plugin_to_synchronize.yml
View file

@ -1,3 +0,0 @@
---
bugfixes:
- synchronize - add ``community.podman.podman`` to the list of supported connection plugins (https://github.com/ansible-community/molecule-podman/issues/45).

3
changelogs/fragments/23-selinux-doesnt-create-missing-config-keys.yml
View file

@ -1,3 +0,0 @@
---
bugfixes:
- selinux - add missing configuration keys for /etc/selinux/config (https://github.com/ansible-collections/ansible.posix/issues/23)

3
changelogs/fragments/247_firewalld.yml Normal file
View file

@ -0,0 +1,3 @@
---
bugfixes:
- firewalld - Correct usage of queryForwardPort (https://github.com/ansible-collections/ansible.posix/issues/247).

5
changelogs/fragments/254_variable_warnings.yml Normal file
View file

@ -0,0 +1,5 @@
---
minor_changes:
- firewalld - Show warning message that variable type of ``masquerade`` and
``icmp_block_inversion`` will be changed from ``str`` to ``boolean``
in the future release (https://github.com/ansible-collections/ansible.posix/pull/254).

3
changelogs/fragments/255_authorized_key_url.yml Normal file
View file

@ -0,0 +1,3 @@
---
trivial:
- authorized_keys - add an example involving ``url`` lookup plugin (https://github.com/ansible-collections/ansible.posix/pull/260).

2
changelogs/fragments/25_ansible_metadata.yml
View file

@ -1,2 +0,0 @@
minor_changes:
- Removed ANSIBLE_METADATA from all the modules.

3
changelogs/fragments/263_profile_tasks_with_serial.yml Normal file
View file

@ -0,0 +1,3 @@
---
bugfixes:
- profile_tasks - Correctly calculate task execution time with serial execution (https://github.com/ansible-collections/ansible.posix/issues/83).

2
changelogs/fragments/26_profile_tasks_doc.yml
View file

@ -1,2 +0,0 @@
bugfixes:
- Typecast results before use in profile_tasks callback (https://github.com/ansible/ansible/issues/69563).

3
changelogs/fragments/272-copy_ignore_txt.yml Normal file
View file

@ -0,0 +1,3 @@
---
trivial:
- Copy ignore-2.12.txt to ignore-2.13.txt.

3
changelogs/fragments/277_fix_integration_test_on_devel.yml Normal file
View file

@ -0,0 +1,3 @@
---
trivial:
- Fix integration tests of synchronize and sysctl to address chaging behavior on devel branch (https://github.com/ansible-collections/overview/issues/45).

2
changelogs/fragments/27_update_examples.yml
View file

@ -1,2 +0,0 @@
minor_changes:
- Update EXAMPLES section in modules to use FQCN.

3
changelogs/fragments/282_fix_unit_test_for_synchronize.yml Normal file
View file

@ -0,0 +1,3 @@
---
trivial:
- Fix unit tests of synchronize action plugin to use yaml.safe_load().

3
changelogs/fragments/287_firewalld_requirements.yml Normal file
View file

@ -0,0 +1,3 @@
---
trivial:
- firewalld - add python-firewall to requirements (https://github.com/ansible-collections/ansible.posix/issues/286).

3
changelogs/fragments/288_mounts_options.yml Normal file
View file

@ -0,0 +1,3 @@
---
trivial:
- mount - remove deprecated option from nfs example

3
changelogs/fragments/297_firewalld_exclusive_options_handling.yml Normal file
View file

@ -0,0 +1,3 @@
---
bugfixes:
- firewalld - Refine the handling of exclusive options (https://github.com/ansible-collections/ansible.posix/issues/255).

2
changelogs/fragments/33_mount.yml
View file

@ -1,2 +0,0 @@
bugfixes:
- Revert "mount - Check if src exists before mounted (ansible/ansible#61752)".

2
changelogs/fragments/35_disable_tests.yml
View file

@ -1,2 +0,0 @@
minor_changes:
- Revert "Enable at, patch and synchronize tests (https://github.com/ansible-collections/ansible.posix/pull/5)".

3
changelogs/fragments/37-authorized_keys-inconsistent-check-mode-values.yml
View file

@ -1,3 +0,0 @@
---
bugfixes:
- authorized_keys - fix inconsistent return value for check mode (https://github.com/ansible-collections/ansible.posix/issues/37)

2
changelogs/fragments/39_remove_license.yml
View file

@ -1,2 +0,0 @@
minor_changes:
- Remove license key from galaxy.yml.

2
changelogs/fragments/43_remove_shippable.yml
View file

@ -1,2 +0,0 @@
minor_changes:
- Remove sanity jobs from shippable (https://github.com/ansible-collections/ansible.posix/pull/43).

2
changelogs/fragments/4_update_readme.yml
View file

@ -1,2 +0,0 @@
minor_changes:
- Update README.md (https://github.com/ansible-collections/ansible.posix/pull/4/).

2
changelogs/fragments/5_enable_tests.yml
View file

@ -1,2 +0,0 @@
minor_changes:
- Enable tests for at, patch and synchronize modules (https://github.com/ansible-collections/ansible.posix/pull/5).

4
changelogs/fragments/65931-json-callback-non-lockstep-output.yml
View file

@ -1,4 +0,0 @@
bugfixes:
- json callback - Fix host result to task references in the resultant JSON
output for non-lockstep strategy plugins such as free
(https://github.com/ansible/ansible/issues/65931)

2
changelogs/fragments/6_test_devel.yml
View file

@ -1,2 +0,0 @@
minor_changes:
- CI should use devel (https://github.com/ansible-collections/ansible.posix/pull/6).

2
changelogs/fragments/74_synchronize_docker.yml
View file

@ -1,2 +0,0 @@
bugfixes:
- Fix synchronize to work with renamed docker and buildah connection plugins.

2
changelogs/fragments/7_env.yml
View file

@ -1,2 +0,0 @@
bugfixes:
- Allow unsetting existing environment vars via environment by specifying a null value (https://github.com/ansible/ansible/pull/68236).

3
changelogs/fragments/82-private-key-override-fix.yml
View file

@ -1,3 +0,0 @@
---
bugfixes:
- synchronize - fix for private_key overriding in synchronize module.

2
changelogs/fragments/99-at_add_aix_support.yml
View file

@ -1,2 +0,0 @@
bugfixes:
- at - add AIX support (https://github.com/ansible-collections/ansible.posix/pull/99).

2
changelogs/fragments/disable_selinux_via_kernel_cmdline.yml Normal file
View file

@ -0,0 +1,2 @@
minor_changes:
- selinux - optionally update kernel boot params when disabling/re-enabling SELinux (https://github.com/ansible-collections/ansible.posix/pull/142).

3
changelogs/fragments/firewalld_migration.yml
View file

@ -1,3 +0,0 @@
---
minor_changes:
- firewalld - add firewalld module to ansible.posix collection

2
changelogs/fragments/firewalld_zone_target.yml
View file

@ -1,2 +0,0 @@
minor_changes:
- firewalld - bring the ``target`` feature back (https://github.com/ansible-collections/ansible.posix/issues/112).

2
changelogs/fragments/initial_commit.yaml
View file

@ -1,2 +0,0 @@
major_changes:
- Bootstrap Collection (https://github.com/ansible-collections/ansible.posix/pull/1).

2
changelogs/fragments/misc_fix.yml
View file

@ -1,2 +0,0 @@
minor_changes:
- fix sanity test for various modules.

3
changelogs/fragments/sanity_fixes.yml Normal file
View file

@ -0,0 +1,3 @@
---
trivial:
- sanity fixes for pylint test.

2
changelogs/fragments/sanity_test_ignore_file.yml
View file

@ -1,2 +0,0 @@
trivial:
- Add sanity test ignore file for ansible version 2.12

3
changelogs/fragments/shell_escape_full_path_for_rsync.yml Normal file
View file

@ -0,0 +1,3 @@
---
bugfixes:
- Fix for whitespace in source full path causing error ```code 23) at main.c(1330) [sender=3.2.3]``` (https://github.com/ansible-collections/ansible.posix/pull/278)

3
changelogs/fragments/skippy_deprecation.yml
View file

@ -1,3 +0,0 @@
---
minor_changes:
- skippy - fixed the deprecation warning (by date) for skippy callback plugin

3
changelogs/fragments/synchronize.yml
View file

@ -1,3 +0,0 @@
---
minor_changes:
- synchronize - fix typo (https://github.com/ansible-collections/ansible.posix/pull/198).

2
changelogs/fragments/test_matrix.yml
View file

@ -1,2 +0,0 @@
minor_changes:
- added 2.11 branch to test matrix, added ignore-2.12.txt.

1
codecov.yml Normal file
View file

@ -0,0 +1 @@
comment: false

19
docs/ansible.posix.acl_module.rst
View file

@ -59,7 +59,7 @@ Parameters
<b>entity</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">-</span>
<span style="color: purple">string</span>
</div>
</td>
<td>
@ -74,7 +74,7 @@ Parameters
<b>entry</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">-</span>
<span style="color: purple">string</span>
</div>
</td>
<td>
@ -94,7 +94,7 @@ Parameters
<b>etype</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">-</span>
<span style="color: purple">string</span>
</div>
</td>
<td>
@ -151,13 +151,14 @@ Parameters
<b>permissions</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">-</span>
<span style="color: purple">string</span>
</div>
</td>
<td>
</td>
<td>
<div>The permissions to apply/remove can be any combination of <code>r</code>, <code>w</code>, <code>x</code> (read, write and execute respectively), and <code>X</code> (execute permission if the file is a directory or already has execute permission for some user)</div>
<div>The permissions to apply/remove can be any combination of <code>r</code>, <code>w</code>, <code>x</code></div>
<div>(read, write and execute respectively), and <code>X</code> (execute permission if the file is a directory or already has execute permission for some user)</div>
</td>
</tr>
<tr>
@ -166,7 +167,7 @@ Parameters
<b>recalculate_mask</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">-</span>
<span style="color: purple">string</span>
</div>
</td>
<td>
@ -200,6 +201,8 @@ Parameters
<td>
<div>Recursively sets the specified ACL.</div>
<div>Incompatible with <code>state=query</code>.</div>
<div>Alias <code>recurse</code> added in version 1.3.0.</div>
<div style="font-size: small; color: darkgreen"><br/>aliases: recurse</div>
</td>
</tr>
<tr>
@ -208,7 +211,7 @@ Parameters
<b>state</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">-</span>
<span style="color: purple">string</span>
</div>
</td>
<td>
@ -259,7 +262,7 @@ Notes
Examples
--------
.. code-block:: yaml+jinja
.. code-block:: yaml
- name: Grant user Joe read access to a file
ansible.posix.acl:

4
docs/ansible.posix.at_module.rst
View file

@ -62,7 +62,6 @@ Parameters
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">integer</span>
/ <span style="color: red">required</span>
</div>
</td>
<td>
@ -131,7 +130,6 @@ Parameters
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">string</span>
/ <span style="color: red">required</span>
</div>
</td>
<td>
@ -155,7 +153,7 @@ Parameters
Examples
--------
.. code-block:: yaml+jinja
.. code-block:: yaml
- name: Schedule a command to execute in 20 minutes as root
ansible.posix.at:

4
docs/ansible.posix.authorized_key_module.rst
View file

@ -113,7 +113,7 @@ Parameters
<b>key_options</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">-</span>
<span style="color: purple">string</span>
</div>
</td>
<td>
@ -226,7 +226,7 @@ Parameters
Examples
--------
.. code-block:: yaml+jinja
.. code-block:: yaml
- name: Set authorized key taken from file
ansible.posix.authorized_key:

520
docs/ansible.posix.firewalld_info_module.rst Normal file
View file

@ -0,0 +1,520 @@
.. _ansible.posix.firewalld_info_module:
****************************
ansible.posix.firewalld_info
****************************
**Gather information about firewalld**
.. contents::
:local:
:depth: 1
Synopsis
--------
- This module gathers information about firewalld rules.
Requirements
------------
The below requirements are needed on the host that executes this module.
- firewalld >= 0.2.11
- python-firewall
- python-dbus
Parameters
----------
.. raw:: html
<table border=0 cellpadding=0 class="documentation-table">
<tr>
<th colspan="1">Parameter</th>
<th>Choices/<font color="blue">Defaults</font></th>
<th width="100%">Comments</th>
</tr>
<tr>
<td colspan="1">
<div class="ansibleOptionAnchor" id="parameter-"></div>
<b>active_zones</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">boolean</span>
</div>
</td>
<td>
<ul style="margin: 0; padding: 0"><b>Choices:</b>
<li><div style="color: blue"><b>no</b>&nbsp;&larr;</div></li>
<li>yes</li>
</ul>
</td>
<td>
<div>Gather information about active zones.</div>
</td>
</tr>
<tr>
<td colspan="1">
<div class="ansibleOptionAnchor" id="parameter-"></div>
<b>zones</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">list</span>
/ <span style="color: purple">elements=string</span>
</div>
</td>
<td>
</td>
<td>
<div>Gather information about specific zones.</div>
<div>If only works if <code>active_zones</code> is set to <code>false</code>.</div>
</td>
</tr>
</table>
<br/>
Examples
--------
.. code-block:: yaml
- name: Gather information about active zones
ansible.posix.firewalld_info:
active_zones: yes
- name: Gather information about specific zones
ansible.posix.firewalld_info:
zones:
- public
- external
- internal
Return Values
-------------
Common return values are documented `here <https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values>`_, the following are the fields unique to this module:
.. raw:: html
<table border=0 cellpadding=0 class="documentation-table">
<tr>
<th colspan="4">Key</th>
<th>Returned</th>
<th width="100%">Description</th>
</tr>
<tr>
<td colspan="4">
<div class="ansibleOptionAnchor" id="return-"></div>
<b>active_zones</b>
<a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
<div style="font-size: small">
<span style="color: purple">boolean</span>
</div>
</td>
<td>success</td>
<td>
<div>Gather active zones only if turn it <code>true</code>.</div>
<br/>
</td>
</tr>
<tr>
<td colspan="4">
<div class="ansibleOptionAnchor" id="return-"></div>
<b>collected_zones</b>
<a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
<div style="font-size: small">
<span style="color: purple">list</span>
</div>
</td>
<td>success</td>
<td>
<div>A list of collected zones.</div>
<br/>
<div style="font-size: smaller"><b>Sample:</b></div>
<div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">[&#x27;external&#x27;, &#x27;internal&#x27;]</div>
</td>
</tr>
<tr>
<td colspan="4">
<div class="ansibleOptionAnchor" id="return-"></div>
<b>firewalld_info</b>
<a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
<div style="font-size: small">
<span style="color: purple">complex</span>
</div>
</td>
<td>success</td>
<td>
<div>Returns various information about firewalld configuration.</div>
<br/>
</td>
</tr>
<tr>
<td class="elbow-placeholder">&nbsp;</td>
<td colspan="3">
<div class="ansibleOptionAnchor" id="return-"></div>
<b>default_zones</b>
<a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
<div style="font-size: small">
<span style="color: purple">string</span>
</div>
</td>
<td>success</td>
<td>
<div>The zone name of default zone.</div>
<br/>
<div style="font-size: smaller"><b>Sample:</b></div>
<div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">public</div>
</td>
</tr>
<tr>
<td class="elbow-placeholder">&nbsp;</td>
<td colspan="3">
<div class="ansibleOptionAnchor" id="return-"></div>
<b>version</b>
<a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
<div style="font-size: small">
<span style="color: purple">string</span>
</div>
</td>
<td>success</td>
<td>
<div>The version information of firewalld.</div>
<br/>
<div style="font-size: smaller"><b>Sample:</b></div>
<div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">0.8.2</div>
</td>
</tr>
<tr>
<td class="elbow-placeholder">&nbsp;</td>
<td colspan="3">
<div class="ansibleOptionAnchor" id="return-"></div>
<b>zones</b>
<a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
<div style="font-size: small">
<span style="color: purple">complex</span>
</div>
</td>
<td>success</td>
<td>
<div>A dict of zones to gather information.</div>
<br/>
</td>
</tr>
<tr>
<td class="elbow-placeholder">&nbsp;</td>
<td class="elbow-placeholder">&nbsp;</td>
<td colspan="2">
<div class="ansibleOptionAnchor" id="return-"></div>
<b>zone</b>
<a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
<div style="font-size: small">
<span style="color: purple">complex</span>
</div>
</td>
<td>success</td>
<td>
<div>The zone name registered in firewalld.</div>
<br/>
<div style="font-size: smaller"><b>Sample:</b></div>
<div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">external</div>
</td>
</tr>
<tr>
<td class="elbow-placeholder">&nbsp;</td>
<td class="elbow-placeholder">&nbsp;</td>
<td class="elbow-placeholder">&nbsp;</td>
<td colspan="1">
<div class="ansibleOptionAnchor" id="return-"></div>
<b>forward</b>
<a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
<div style="font-size: small">
<span style="color: purple">boolean</span>
</div>
</td>
<td>success</td>
<td>
<div>The network interface forwarding.</div>
<div>This parameter supports on python-firewall 0.9.0(or later) and is not collected in earlier versions.</div>
<br/>
</td>
</tr>
<tr>
<td class="elbow-placeholder">&nbsp;</td>
<td class="elbow-placeholder">&nbsp;</td>
<td class="elbow-placeholder">&nbsp;</td>
<td colspan="1">
<div class="ansibleOptionAnchor" id="return-"></div>
<b>forward_ports</b>
<a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
<div style="font-size: small">
<span style="color: purple">list</span>
</div>
</td>
<td>success</td>
<td>
<div>A list of forwarding port pair with protocol.</div>
<br/>
<div style="font-size: smaller"><b>Sample:</b></div>
<div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">[&#x27;icmp&#x27;, &#x27;ipv6-icmp&#x27;]</div>
</td>
</tr>
<tr>
<td class="elbow-placeholder">&nbsp;</td>
<td class="elbow-placeholder">&nbsp;</td>
<td class="elbow-placeholder">&nbsp;</td>
<td colspan="1">
<div class="ansibleOptionAnchor" id="return-"></div>
<b>icmp_block_inversion</b>
<a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
<div style="font-size: small">
<span style="color: purple">boolean</span>
</div>
</td>
<td>success</td>
<td>
<div>The ICMP block inversion to block all ICMP requests.</div>
<br/>
</td>
</tr>
<tr>
<td class="elbow-placeholder">&nbsp;</td>
<td class="elbow-placeholder">&nbsp;</td>
<td class="elbow-placeholder">&nbsp;</td>
<td colspan="1">
<div class="ansibleOptionAnchor" id="return-"></div>
<b>icmp_blocks</b>
<a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
<div style="font-size: small">
<span style="color: purple">list</span>
</div>
</td>
<td>success</td>
<td>
<div>A list of blocking icmp protocol.</div>
<br/>
<div style="font-size: smaller"><b>Sample:</b></div>
<div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">[&#x27;echo-request&#x27;]</div>
</td>
</tr>
<tr>
<td class="elbow-placeholder">&nbsp;</td>
<td class="elbow-placeholder">&nbsp;</td>
<td class="elbow-placeholder">&nbsp;</td>
<td colspan="1">
<div class="ansibleOptionAnchor" id="return-"></div>
<b>interfaces</b>
<a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
<div style="font-size: small">
<span style="color: purple">list</span>
</div>
</td>
<td>success</td>
<td>
<div>A list of network interfaces.</div>
<br/>
<div style="font-size: smaller"><b>Sample:</b></div>
<div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">[&#x27;eth0&#x27;, &#x27;eth1&#x27;]</div>
</td>
</tr>
<tr>
<td class="elbow-placeholder">&nbsp;</td>
<td class="elbow-placeholder">&nbsp;</td>
<td class="elbow-placeholder">&nbsp;</td>
<td colspan="1">
<div class="ansibleOptionAnchor" id="return-"></div>
<b>masquerade</b>
<a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
<div style="font-size: small">
<span style="color: purple">boolean</span>
</div>
</td>
<td>success</td>
<td>
<div>The network interface masquerading.</div>
<br/>
</td>
</tr>
<tr>
<td class="elbow-placeholder">&nbsp;</td>
<td class="elbow-placeholder">&nbsp;</td>
<td class="elbow-placeholder">&nbsp;</td>
<td colspan="1">
<div class="ansibleOptionAnchor" id="return-"></div>
<b>ports</b>
<a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
<div style="font-size: small">
<span style="color: purple">list</span>
</div>
</td>
<td>success</td>
<td>
<div>A list of network port with protocol.</div>
<br/>
<div style="font-size: smaller"><b>Sample:</b></div>
<div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">[[&#x27;22&#x27;, &#x27;tcp&#x27;], [&#x27;80&#x27;, &#x27;tcp&#x27;]]</div>
</td>
</tr>
<tr>
<td class="elbow-placeholder">&nbsp;</td>
<td class="elbow-placeholder">&nbsp;</td>
<td class="elbow-placeholder">&nbsp;</td>
<td colspan="1">
<div class="ansibleOptionAnchor" id="return-"></div>
<b>protocols</b>
<a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
<div style="font-size: small">
<span style="color: purple">list</span>
</div>
</td>
<td>success</td>
<td>
<div>A list of network protocol.</div>
<br/>
<div style="font-size: smaller"><b>Sample:</b></div>
<div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">[&#x27;icmp&#x27;, &#x27;ipv6-icmp&#x27;]</div>
</td>
</tr>
<tr>
<td class="elbow-placeholder">&nbsp;</td>
<td class="elbow-placeholder">&nbsp;</td>
<td class="elbow-placeholder">&nbsp;</td>
<td colspan="1">
<div class="ansibleOptionAnchor" id="return-"></div>
<b>rich_rules</b>
<a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
<div style="font-size: small">
<span style="color: purple">list</span>
</div>
</td>
<td>success</td>
<td>
<div>A list of rich language rule.</div>
<br/>
<div style="font-size: smaller"><b>Sample:</b></div>
<div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">[&#x27;rule protocol value=&quot;icmp&quot; reject&#x27;, &#x27;rule priority=&quot;32767&quot; reject&#x27;]</div>
</td>
</tr>
<tr>
<td class="elbow-placeholder">&nbsp;</td>
<td class="elbow-placeholder">&nbsp;</td>
<td class="elbow-placeholder">&nbsp;</td>
<td colspan="1">
<div class="ansibleOptionAnchor" id="return-"></div>
<b>services</b>
<a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
<div style="font-size: small">
<span style="color: purple">list</span>
</div>
</td>
<td>success</td>
<td>
<div>A list of network services.</div>
<br/>
<div style="font-size: smaller"><b>Sample:</b></div>
<div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">[&#x27;dhcp&#x27;, &#x27;dns&#x27;, &#x27;ssh&#x27;]</div>
</td>
</tr>
<tr>
<td class="elbow-placeholder">&nbsp;</td>
<td class="elbow-placeholder">&nbsp;</td>
<td class="elbow-placeholder">&nbsp;</td>
<td colspan="1">
<div class="ansibleOptionAnchor" id="return-"></div>
<b>source_ports</b>
<a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
<div style="font-size: small">
<span style="color: purple">list</span>
</div>
</td>
<td>success</td>
<td>
<div>A list of network source port with protocol.</div>
<br/>
<div style="font-size: smaller"><b>Sample:</b></div>
<div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">[[&#x27;30000&#x27;, &#x27;tcp&#x27;], [&#x27;30001&#x27;, &#x27;tcp&#x27;]]</div>
</td>
</tr>
<tr>
<td class="elbow-placeholder">&nbsp;</td>
<td class="elbow-placeholder">&nbsp;</td>
<td class="elbow-placeholder">&nbsp;</td>
<td colspan="1">
<div class="ansibleOptionAnchor" id="return-"></div>
<b>sources</b>
<a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
<div style="font-size: small">
<span style="color: purple">list</span>
</div>
</td>
<td>success</td>
<td>
<div>A list of source network address.</div>
<br/>
<div style="font-size: smaller"><b>Sample:</b></div>
<div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">[&#x27;172.16.30.0/24&#x27;, &#x27;172.16.31.0/24&#x27;]</div>
</td>
</tr>
<tr>
<td class="elbow-placeholder">&nbsp;</td>
<td class="elbow-placeholder">&nbsp;</td>
<td class="elbow-placeholder">&nbsp;</td>
<td colspan="1">
<div class="ansibleOptionAnchor" id="return-"></div>
<b>target</b>
<a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
<div style="font-size: small">
<span style="color: purple">string</span>
</div>
</td>
<td>success</td>
<td>
<div>A list of services in the zone.</div>
<br/>
<div style="font-size: smaller"><b>Sample:</b></div>
<div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">ACCEPT</div>
</td>
</tr>
<tr>
<td colspan="4">
<div class="ansibleOptionAnchor" id="return-"></div>
<b>undefined_zones</b>
<a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
<div style="font-size: small">
<span style="color: purple">list</span>
</div>
</td>
<td>success</td>
<td>
<div>A list of undefined zones in <code>zones</code> option.</div>
<div><code>undefined_zones</code> will be ignored for gathering process.</div>
<br/>
<div style="font-size: smaller"><b>Sample:</b></div>
<div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">[&#x27;foo&#x27;, &#x27;bar&#x27;]</div>
</td>
</tr>
</table>
<br/><br/>
Status
------
Authors
~~~~~~~
- Hideki Saito (@saito-hideki)

151
docs/ansible.posix.firewalld_module.rst
View file

@ -34,12 +34,12 @@ Parameters
<table border=0 cellpadding=0 class="documentation-table">
<tr>
<th colspan="1">Parameter</th>
<th colspan="2">Parameter</th>
<th>Choices/<font color="blue">Defaults</font></th>
<th width="100%">Comments</th>
</tr>
<tr>
<td colspan="1">
<td colspan="2">
<div class="ansibleOptionAnchor" id="parameter-"></div>
<b>icmp_block</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
@ -54,7 +54,7 @@ Parameters
</td>
</tr>
<tr>
<td colspan="1">
<td colspan="2">
<div class="ansibleOptionAnchor" id="parameter-"></div>
<b>icmp_block_inversion</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
@ -69,7 +69,7 @@ Parameters
</td>
</tr>
<tr>
<td colspan="1">
<td colspan="2">
<div class="ansibleOptionAnchor" id="parameter-"></div>
<b>immediate</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
@ -88,7 +88,7 @@ Parameters
</td>
</tr>
<tr>
<td colspan="1">
<td colspan="2">
<div class="ansibleOptionAnchor" id="parameter-"></div>
<b>interface</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
@ -103,7 +103,7 @@ Parameters
</td>
</tr>
<tr>
<td colspan="1">
<td colspan="2">
<div class="ansibleOptionAnchor" id="parameter-"></div>
<b>masquerade</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
@ -118,7 +118,7 @@ Parameters
</td>
</tr>
<tr>
<td colspan="1">
<td colspan="2">
<div class="ansibleOptionAnchor" id="parameter-"></div>
<b>offline</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
@ -137,7 +137,7 @@ Parameters
</td>
</tr>
<tr>
<td colspan="1">
<td colspan="2">
<div class="ansibleOptionAnchor" id="parameter-"></div>
<b>permanent</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
@ -153,12 +153,12 @@ Parameters
</td>
<td>
<div>Should this configuration be in the running firewalld configuration or persist across reboots.</div>
<div>As of Ansible 2.3, permanent operations can operate on firewalld configs when it is not running (requires firewalld &gt;= 3.0.9).</div>
<div>As of Ansible 2.3, permanent operations can operate on firewalld configs when it is not running (requires firewalld &gt;= 0.3.9).</div>
<div>Note that if this is <code>no</code>, immediate is assumed <code>yes</code>.</div>
</td>
</tr>
<tr>
<td colspan="1">
<td colspan="2">
<div class="ansibleOptionAnchor" id="parameter-"></div>
<b>port</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
@ -174,12 +174,13 @@ Parameters
</td>
</tr>
<tr>
<td colspan="1">
<td colspan="2">
<div class="ansibleOptionAnchor" id="parameter-"></div>
<b>port_forward</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">string</span>
<span style="color: purple">list</span>
/ <span style="color: purple">elements=dictionary</span>
</div>
</td>
<td>
@ -188,8 +189,80 @@ Parameters
<div>Port and protocol to forward using firewalld.</div>
</td>
</tr>
<tr>
<tr>
<td class="elbow-placeholder"></td>
<td colspan="1">
<div class="ansibleOptionAnchor" id="parameter-"></div>
<b>port</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">string</span>
/ <span style="color: red">required</span>
</div>
</td>
<td>
</td>
<td>
<div>Source port to forward from</div>
</td>
</tr>
<tr>
<td class="elbow-placeholder"></td>
<td colspan="1">
<div class="ansibleOptionAnchor" id="parameter-"></div>
<b>proto</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">string</span>
/ <span style="color: red">required</span>
</div>
</td>
<td>
<ul style="margin: 0; padding: 0"><b>Choices:</b>
<li>udp</li>
<li>tcp</li>
</ul>
</td>
<td>
<div>protocol to forward</div>
</td>
</tr>
<tr>
<td class="elbow-placeholder"></td>
<td colspan="1">
<div class="ansibleOptionAnchor" id="parameter-"></div>
<b>toaddr</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">string</span>
</div>
</td>
<td>
</td>
<td>
<div>Optional address to forward to</div>
</td>
</tr>
<tr>
<td class="elbow-placeholder"></td>
<td colspan="1">
<div class="ansibleOptionAnchor" id="parameter-"></div>
<b>toport</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">string</span>
/ <span style="color: red">required</span>
</div>
</td>
<td>
</td>
<td>
<div>destination port</div>
</td>
</tr>
<tr>
<td colspan="2">
<div class="ansibleOptionAnchor" id="parameter-"></div>
<b>rich_rule</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
@ -205,7 +278,7 @@ Parameters
</td>
</tr>
<tr>
<td colspan="1">
<td colspan="2">
<div class="ansibleOptionAnchor" id="parameter-"></div>
<b>service</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
@ -221,7 +294,7 @@ Parameters
</td>
</tr>
<tr>
<td colspan="1">
<td colspan="2">
<div class="ansibleOptionAnchor" id="parameter-"></div>
<b>source</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
@ -236,7 +309,7 @@ Parameters
</td>
</tr>
<tr>
<td colspan="1">
<td colspan="2">
<div class="ansibleOptionAnchor" id="parameter-"></div>
<b>state</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
@ -260,7 +333,30 @@ Parameters
</td>
</tr>
<tr>
<td colspan="1">
<td colspan="2">
<div class="ansibleOptionAnchor" id="parameter-"></div>
<b>target</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">string</span>
</div>
<div style="font-style: italic; font-size: small; color: darkgreen">added in 1.2.0</div>
</td>
<td>
<ul style="margin: 0; padding: 0"><b>Choices:</b>
<li>default</li>
<li>ACCEPT</li>
<li>DROP</li>
<li>%%REJECT%%</li>
</ul>
</td>
<td>
<div>firewalld Zone target</div>
<div>If state is set to <code>absent</code>, this will reset the target to default</div>
</td>
</tr>
<tr>
<td colspan="2">
<div class="ansibleOptionAnchor" id="parameter-"></div>
<b>timeout</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
@ -272,11 +368,11 @@ Parameters
<b>Default:</b><br/><div style="color: blue">0</div>
</td>
<td>
<div>The amount of time the rule should be in effect for when non-permanent.</div>
<div>The amount of time in seconds the rule should be in effect for when non-permanent.</div>
</td>
</tr>
<tr>
<td colspan="1">
<td colspan="2">
<div class="ansibleOptionAnchor" id="parameter-"></div>
<b>zone</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
@ -311,7 +407,7 @@ Notes
Examples
--------
.. code-block:: yaml+jinja
.. code-block:: yaml
- name: permit traffic in default zone for https service
ansible.posix.firewalld:
@ -375,13 +471,15 @@ Examples
permanent: yes
icmp_block: echo-request
- name: Redirect port 443 to 8443
become: yes
- ansible.posix.firewalld:
zone: internal
state: present
permanent: yes
target: ACCEPT
- name: Redirect port 443 to 8443 with Rich Rule
ansible.posix.firewalld:
port_forward:
- port: 443
proto: tcp
toport: 8443
rich_rule: rule family=ipv4 forward-port port=443 protocol=tcp to-port=8443
zone: public
permanent: yes
immediate: yes
@ -389,6 +487,7 @@ Examples
Status
------

16
docs/ansible.posix.mount_module.rst
View file

@ -69,7 +69,10 @@ Parameters
</td>
<td>
<div>Determines if the filesystem should be mounted on boot.</div>
<div>Only applies to Solaris systems.</div>
<div>Only applies to Solaris and Linux systems.</div>
<div>For Solaris systems, <code>true</code> will set <code>yes</code> as the value of mount at boot in <em>/etc/vfstab</em>.</div>
<div>For Linux, FreeBSD, NetBSD and OpenBSD systems, <code>false</code> will add <code>noauto</code> to mount options in <em>/etc/fstab</em>.</div>
<div>To avoid mount option conflicts, if <code>noauto</code> specified in <code>opts</code>, mount module will ignore <code>boot</code>.</div>
</td>
</tr>
<tr>
@ -235,7 +238,7 @@ Notes
Examples
--------
.. code-block:: yaml+jinja
.. code-block:: yaml
# Before 2.3, option 'name' was used instead of 'path'
- name: Mount DVD read-only
@ -296,6 +299,15 @@ Examples
state: mounted
fstype: nfs
- name: Mount NFS volumes with noauto according to boot option
ansible.posix.mount:
src: 192.168.1.100:/nfs/ssd/shared_data
path: /mnt/shared_data
opts: rw,sync,hard,intr
boot: no
state: mounted
fstype: nfs

2
docs/ansible.posix.patch_module.rst
View file

@ -212,7 +212,7 @@ Notes
Examples
--------
.. code-block:: yaml+jinja
.. code-block:: yaml
- name: Apply patch to one file
ansible.posix.patch:

4
docs/ansible.posix.seboolean_module.rst
View file

@ -65,7 +65,7 @@ Parameters
<b>name</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">-</span>
<span style="color: purple">string</span>
/ <span style="color: red">required</span>
</div>
</td>
@ -129,7 +129,7 @@ Notes
Examples
--------
.. code-block:: yaml+jinja
.. code-block:: yaml
- name: Set httpd_can_network_connect flag on and keep it persistent across reboots
ansible.posix.seboolean:

10
docs/ansible.posix.selinux_module.rst
View file

@ -47,7 +47,7 @@ Parameters
<b>configfile</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">-</span>
<span style="color: purple">string</span>
</div>
</td>
<td>
@ -64,13 +64,13 @@ Parameters
<b>policy</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">-</span>
<span style="color: purple">string</span>
</div>
</td>
<td>
</td>
<td>
<div>The name of the SELinux policy to use (e.g. <code>targeted</code>) will be required if state is not <code>disabled</code>.</div>
<div>The name of the SELinux policy to use (e.g. <code>targeted</code>) will be required if <em>state</em> is not <code>disabled</code>.</div>
</td>
</tr>
<tr>
@ -79,7 +79,7 @@ Parameters
<b>state</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">-</span>
<span style="color: purple">string</span>
/ <span style="color: red">required</span>
</div>
</td>
@ -103,7 +103,7 @@ Parameters
Examples
--------
.. code-block:: yaml+jinja
.. code-block:: yaml
- name: Enable SELinux
ansible.posix.selinux:

60
docs/ansible.posix.synchronize_module.rst
View file

@ -113,6 +113,26 @@ Parameters
<div>Copy symlinks as the item that they point to (the referent) is copied, rather than the symlink.</div>
</td>
</tr>
<tr>
<td colspan="1">
<div class="ansibleOptionAnchor" id="parameter-"></div>
<b>delay_updates</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">boolean</span>
</div>
<div style="font-style: italic; font-size: small; color: darkgreen">added in 1.3.0</div>
</td>
<td>
<ul style="margin: 0; padding: 0"><b>Choices:</b>
<li>no</li>
<li><div style="color: blue"><b>yes</b>&nbsp;&larr;</div></li>
</ul>
</td>
<td>
<div>This option puts the temporary file from each updated file into a holding directory until the end of the transfer, at which time all the files are renamed into place in rapid succession.</div>
</td>
</tr>
<tr>
<td colspan="1">
<div class="ansibleOptionAnchor" id="parameter-"></div>
@ -129,9 +149,9 @@ Parameters
</ul>
</td>
<td>
<div>Delete files in <code>dest</code> that don&#x27;t exist (after transfer, not before) in the <code>src</code> path.</div>
<div>This option requires <code>recursive=yes</code>.</div>
<div>This option ignores excluded files and behaves like the rsync opt --delete-excluded.</div>
<div>Delete files in <em>dest</em> that do not exist (after transfer, not before) in the <em>src</em> path.</div>
<div>This option requires <em>recursive=yes</em>.</div>
<div>This option ignores excluded files and behaves like the rsync opt <code>--delete-after</code>.</div>
</td>
</tr>
<tr>
@ -165,7 +185,7 @@ Parameters
<td>
<div>Port number for ssh on the destination host.</div>
<div>Prior to Ansible 2.0, the ansible_ssh_port inventory var took precedence over this value.</div>
<div>This parameter defaults to the value of <code>ansible_ssh_port</code> or <code>ansible_port</code>, the <code>remote_port</code> config setting or the value from ssh client configuration if none of the former have been set.</div>
<div>This parameter defaults to the value of <code>ansible_port</code>, the <code>remote_port</code> config setting or the value from ssh client configuration if none of the former have been set.</div>
</td>
</tr>
<tr>
@ -233,6 +253,7 @@ Parameters
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">list</span>
/ <span style="color: purple">elements=string</span>
</div>
</td>
<td>
@ -384,6 +405,7 @@ Parameters
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">list</span>
/ <span style="color: purple">elements=string</span>
</div>
</td>
<td>
@ -463,6 +485,27 @@ Parameters
<div>The path can be absolute or relative.</div>
</td>
</tr>
<tr>
<td colspan="1">
<div class="ansibleOptionAnchor" id="parameter-"></div>
<b>ssh_connection_multiplexing</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">boolean</span>
</div>
</td>
<td>
<ul style="margin: 0; padding: 0"><b>Choices:</b>
<li><div style="color: blue"><b>no</b>&nbsp;&larr;</div></li>
<li>yes</li>
</ul>
</td>
<td>
<div>SSH connection multiplexing for rsync is disabled by default to prevent misconfigured ControlSockets from resulting in failed SSH connections. This is accomplished by setting the SSH <code>ControlSocket</code> to <code>none</code>.</div>
<div>Set this option to <code>yes</code> to allow multiplexing and reduce SSH connection overhead.</div>
<div>Note that simply setting this option to <code>yes</code> is not enough; You must also configure SSH connection multiplexing in your SSH client config by setting values for <code>ControlMaster</code>, <code>ControlPersist</code> and <code>ControlPath</code>.</div>
</td>
</tr>
<tr>
<td colspan="1">
<div class="ansibleOptionAnchor" id="parameter-"></div>
@ -499,7 +542,8 @@ Parameters
</ul>
</td>
<td>
<div>Use the ssh_args specified in ansible.cfg.</div>
<div>In Ansible 2.10 and lower, it uses the ssh_args specified in <code>ansible.cfg</code>.</div>
<div>In Ansible 2.11 and onwards, when set to <code>true</code>, it uses all SSH connection configurations like <code>ansible_ssh_args</code>, <code>ansible_ssh_common_args</code>, and <code>ansible_ssh_extra_args</code>.</div>
</td>
</tr>
<tr>
@ -542,7 +586,7 @@ Notes
- Inspect the verbose output to validate the destination user/host/path are what was expected.
- To exclude files and directories from being synchronized, you may add ``.rsync-filter`` files to the source directory.
- rsync daemon must be up and running with correct permission when using rsync protocol in source or destination path.
- The ``synchronize`` module forces `--delay-updates` to avoid leaving a destination in a broken in-between state if the underlying rsync process encounters an error. Those synchronizing large numbers of files that are willing to trade safety for performance should call rsync directly.
- The ``synchronize`` module enables `--delay-updates` by default to avoid leaving a destination in a broken in-between state if the underlying rsync process encounters an error. Those synchronizing large numbers of files that are willing to trade safety for performance should disable this option.
- link_destination is subject to the same limitations as the underlying rsync daemon. Hard links are only preserved if the relative subtrees of the source and destination are the same. Attempts to hardlink into a directory that is a subdirectory of the source will be prevented.
@ -560,7 +604,7 @@ See Also
Examples
--------
.. code-block:: yaml+jinja
.. code-block:: yaml
- name: Synchronization of src on the control machine to dest on the remote hosts
ansible.posix.synchronize:
@ -678,7 +722,7 @@ Examples
# Specify the rsync binary to use on remote host and on local host
- hosts: groupofhosts
vars:
ansible_rsync_path: /usr/gnu/bin/rsync
ansible_rsync_path: /usr/gnu/bin/rsync
tasks:
- name: copy /tmp/localpath/ to remote location /tmp/remotepath

14
docs/ansible.posix.sysctl_module.rst
View file

@ -58,14 +58,14 @@ Parameters
<b>name</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">-</span>
<span style="color: purple">string</span>
/ <span style="color: red">required</span>
</div>
</td>
<td>
</td>
<td>
<div>The dot-separated path (aka <em>key</em>) specifying the sysctl variable.</div>
<div>The dot-separated path (also known as <em>key</em>) specifying the sysctl variable.</div>
<div style="font-size: small; color: darkgreen"><br/>aliases: key</div>
</td>
</tr>
@ -94,7 +94,7 @@ Parameters
<b>state</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">-</span>
<span style="color: purple">string</span>
</div>
</td>
<td>
@ -113,7 +113,7 @@ Parameters
<b>sysctl_file</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">-</span>
<span style="color: purple">path</span>
</div>
</td>
<td>
@ -148,7 +148,7 @@ Parameters
<b>value</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">-</span>
<span style="color: purple">string</span>
</div>
</td>
<td>
@ -167,7 +167,7 @@ Parameters
Examples
--------
.. code-block:: yaml+jinja
.. code-block:: yaml
# Set vm.swappiness to 5 in /etc/sysctl.conf
- ansible.posix.sysctl:
@ -212,4 +212,4 @@ Status
Authors
~~~~~~~
- David CHANIAL (@davixx) <david.chanial@gmail.com>
- David CHANIAL (@davixx)

2
galaxy.yml
View file

@ -1,6 +1,6 @@
namespace: ansible
name: posix
version: 1.2.0
version: 1.4.0
readme: README.md
authors:
- Ansible (github.com/ansible)

66
plugins/action/synchronize.py
View file

@ -21,6 +21,7 @@ import os.path
from ansible import constants as C
from ansible.module_utils.six import string_types
from ansible.module_utils.six.moves import shlex_quote
from ansible.module_utils._text import to_text
from ansible.module_utils.common._collections_compat import MutableSequence
from ansible.module_utils.parsing.convert_bool import boolean
@ -28,6 +29,11 @@ from ansible.plugins.action import ActionBase
from ansible.plugins.loader import connection_loader
DOCKER = ['docker', 'community.general.docker', 'community.docker.docker']
PODMAN = ['podman', 'ansible.builtin.podman', 'containers.podman.podman']
BUILDAH = ['buildah', 'containers.podman.buildah']
class ActionModule(ActionBase):
def _get_absolute_path(self, path):
@ -66,21 +72,12 @@ class ActionModule(ActionBase):
return path
# If using docker or buildah, do not add user information
if self._remote_transport not in [
'docker',
'community.general.docker',
'community.docker.docker',
'buildah',
'containers.podman.buildah',
'podman',
'containers.podman.podman'
] and user:
if self._remote_transport not in DOCKER + PODMAN + BUILDAH and user:
user_prefix = '%s@' % (user, )
if self._host_is_ipv6_address(host):
return '[%s%s]:%s' % (user_prefix, host, path)
else:
return '%s%s:%s' % (user_prefix, host, path)
return '%s%s:%s' % (user_prefix, host, path)
def _process_origin(self, host, path, user):
@ -180,12 +177,25 @@ class ActionModule(ActionBase):
# Store remote connection type
self._remote_transport = self._connection.transport
use_ssh_args = _tmp_args.pop('use_ssh_args', None)
if use_ssh_args and self._connection.transport == 'ssh':
ssh_args = [
self._connection.get_option('ssh_args'),
self._connection.get_option('ssh_common_args'),
self._connection.get_option('ssh_extra_args'),
]
_tmp_args['ssh_args'] = ' '.join([a for a in ssh_args if a])
# Handle docker connection options
if self._remote_transport in ['docker', 'community.general.docker', 'community.docker.docker']:
if self._remote_transport in DOCKER:
self._docker_cmd = self._connection.docker_cmd
if self._play_context.docker_extra_args:
self._docker_cmd = "%s %s" % (self._docker_cmd, self._play_context.docker_extra_args)
elif self._remote_transport in PODMAN:
self._docker_cmd = self._connection._options['podman_executable']
if self._connection._options.get('podman_extra_args'):
self._docker_cmd = "%s %s" % (self._docker_cmd, self._connection._options['podman_extra_args'])
# self._connection accounts for delegate_to so
# remote_transport is the transport ansible thought it would need
@ -203,8 +213,8 @@ class ActionModule(ActionBase):
# ssh paramiko docker buildah and local are fully supported transports. Anything
# else only works with delegate_to
if delegate_to is None and self._connection.transport not in \
('ssh', 'paramiko', 'local', 'docker', 'community.general.docker', 'community.docker.docker', 'buildah', 'containers.podman.buildah'):
if delegate_to is None and self._connection.transport not in [
'ssh', 'paramiko', 'local'] + DOCKER + PODMAN + BUILDAH:
result['failed'] = True
result['msg'] = (
"synchronize uses rsync to function. rsync needs to connect to the remote "
@ -213,8 +223,6 @@ class ActionModule(ActionBase):
"so it cannot work." % self._connection.transport)
return result
use_ssh_args = _tmp_args.pop('use_ssh_args', None)
# Parameter name needed by the ansible module
_tmp_args['_local_rsync_path'] = task_vars.get('ansible_rsync_path') or 'rsync'
_tmp_args['_local_rsync_password'] = task_vars.get('ansible_ssh_pass') or task_vars.get('ansible_password')
@ -371,7 +379,7 @@ class ActionModule(ActionBase):
if not dest_is_local:
# don't escalate for docker. doing --rsync-path with docker exec fails
# and we can switch directly to the user via docker arguments
if self._play_context.become and not rsync_path and self._remote_transport not in ['docker', 'community.general.docker', 'community.docker.docker']:
if self._play_context.become and not rsync_path and self._remote_transport not in DOCKER + PODMAN:
# If no rsync_path is set, become was originally set, and dest is
# remote then add privilege escalation here.
if self._play_context.become_method == 'sudo':
@ -388,19 +396,9 @@ class ActionModule(ActionBase):
_tmp_args['rsync_path'] = rsync_path
if use_ssh_args:
ssh_args = [
getattr(self._play_context, 'ssh_args', ''),
getattr(self._play_context, 'ssh_common_args', ''),
getattr(self._play_context, 'ssh_extra_args', ''),
]
_tmp_args['ssh_args'] = ' '.join([a for a in ssh_args if a])
# If launching synchronize against docker container
# use rsync_opts to support container to override rsh options
if self._remote_transport in [
'docker', 'community.general.docker', 'community.docker.docker', 'buildah', 'containers.podman.buildah'
] and not use_delegate:
if self._remote_transport in DOCKER + BUILDAH + PODMAN and not use_delegate:
# Replicate what we do in the module argumentspec handling for lists
if not isinstance(_tmp_args.get('rsync_opts'), MutableSequence):
tmp_rsync_opts = _tmp_args.get('rsync_opts', [])
@ -413,15 +411,15 @@ class ActionModule(ActionBase):
if '--blocking-io' not in _tmp_args['rsync_opts']:
_tmp_args['rsync_opts'].append('--blocking-io')
if self._remote_transport in ['docker', 'community.general.docker', 'community.docker.docker']:
if self._remote_transport in DOCKER + PODMAN:
if become and self._play_context.become_user:
_tmp_args['rsync_opts'].append("--rsh=%s exec -u %s -i" % (self._docker_cmd, self._play_context.become_user))
_tmp_args['rsync_opts'].append('--rsh=' + shlex_quote('%s exec -u %s -i' % (self._docker_cmd, self._play_context.become_user)))
elif user is not None:
_tmp_args['rsync_opts'].append("--rsh=%s exec -u %s -i" % (self._docker_cmd, user))
_tmp_args['rsync_opts'].append('--rsh=' + shlex_quote('%s exec -u %s -i' % (self._docker_cmd, user)))
else:
_tmp_args['rsync_opts'].append("--rsh=%s exec -i" % self._docker_cmd)
elif self._remote_transport in ['buildah', 'containers.podman.buildah']:
_tmp_args['rsync_opts'].append("--rsh=buildah run --")
_tmp_args['rsync_opts'].append('--rsh=' + shlex_quote('%s exec -i' % self._docker_cmd))
elif self._remote_transport in BUILDAH:
_tmp_args['rsync_opts'].append('--rsh=' + shlex_quote('buildah run --'))
# run the module and store the result
result.update(self._execute_module('ansible.posix.synchronize', module_args=_tmp_args, task_vars=task_vars))

16
plugins/callback/profile_tasks.py
View file

@ -92,7 +92,8 @@ def filled(msg, fchar="*"):
def timestamp(self):
if self.current is not None:
self.stats[self.current]['time'] = time.time() - self.stats[self.current]['time']
elapsed = time.time() - self.stats[self.current]['started']
self.stats[self.current]['elapsed'] += elapsed
def tasktime():
@ -151,8 +152,15 @@ class CallbackModule(CallbackBase):
timestamp(self)
# Record the start time of the current task
# stats[TASK_UUID]:
# started: Current task start time. This value will be updated each time a task
# with the same UUID is executed when `serial` is specified in a playbook.
# elapsed: Elapsed time since the first serialized task was started
self.current = task._uuid
self.stats[self.current] = {'time': time.time(), 'name': task.get_name()}
if self.current not in self.stats:
self.stats[self.current] = {'started': time.time(), 'elapsed': 0.0, 'name': task.get_name()}
else:
self.stats[self.current]['started'] = time.time()
if self._display.verbosity >= 2:
self.stats[self.current]['path'] = task.get_path()
@ -178,7 +186,7 @@ class CallbackModule(CallbackBase):
if self.sort_order is not None:
results = sorted(
self.stats.items(),
key=lambda x: x[1]['time'],
key=lambda x: x[1]['elapsed'],
reverse=self.sort_order,
)
@ -187,7 +195,7 @@ class CallbackModule(CallbackBase):
# Print the timings
for uuid, result in results:
msg = u"{0:-<{2}}{1:->9}".format(result['name'] + u' ', u' {0:.02f}s'.format(result['time']), self._display.columns - 9)
msg = u"{0:-<{2}}{1:->9}".format(result['name'] + u' ', u' {0:.02f}s'.format(result['elapsed']), self._display.columns - 9)
if 'path' in result:
msg += u"\n{0:-<{1}}".format(result['path'] + u' ', self._display.columns)
self._display.display(msg)

6
plugins/modules/authorized_key.py
View file

@ -94,6 +94,12 @@ EXAMPLES = r'''
state: present
key: https://github.com/charlie.keys
- name: Set authorized keys taken from url using lookup
ansible.posix.authorized_key:
user: charlie
state: present
key: "{{ lookup('url', 'https://github.com/charlie.keys', split_lines=False) }}"
- name: Set authorized key in alternate location
ansible.posix.authorized_key:
user: charlie

62
plugins/modules/firewalld.py
View file

@ -81,7 +81,7 @@ options:
permanent:
description:
- Should this configuration be in the running firewalld configuration or persist across reboots.
- As of Ansible 2.3, permanent operations can operate on firewalld configs when it is not running (requires firewalld >= 3.0.9).
- As of Ansible 2.3, permanent operations can operate on firewalld configs when it is not running (requires firewalld >= 0.3.9).
- Note that if this is C(no), immediate is assumed C(yes).
type: bool
immediate:
@ -128,8 +128,11 @@ notes:
The module will not take care of this for you implicitly because that would undo any previously performed immediate actions which were not
permanent. Therefore, if you require immediate access to a newly created zone it is recommended you reload firewalld immediately after the zone
creation returns with a changed state and before you perform any other immediate, non-permanent actions on that zone.
- This module needs C(python-firewall) or C(python3-firewall) on managed nodes.
It is usually provided as a subset with C(firewalld) from the OS distributor for the OS default Python interpreter.
requirements:
- firewalld >= 0.2.11
- python-firewall >= 0.2.11
author:
- Adam Miller (@maxamillion)
'''
@ -213,6 +216,7 @@ EXAMPLES = r'''
'''
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.parsing.convert_bool import boolean
from ansible_collections.ansible.posix.plugins.module_utils.firewalld import FirewallTransaction, fw_offline
try:
@ -708,7 +712,7 @@ class ForwardPortTransaction(FirewallTransaction):
if self.fw_offline:
dummy, fw_settings = self.get_fw_zone_settings()
return fw_settings.queryForwardPort(port=port, protocol=proto, to_port=toport, to_addr=toaddr)
return self.fw.queryForwardPort(port=port, protocol=proto, to_port=toport, to_addr=toaddr)
return self.fw.queryForwardPort(zone=self.zone, port=port, protocol=proto, toport=toport, toaddr=toaddr)
def get_enabled_permanent(self, port, proto, toport, toaddr, timeout):
dummy, fw_settings = self.get_fw_zone_settings()
@ -758,6 +762,10 @@ def main():
target=('zone',),
source=('permanent',),
),
mutually_exclusive=[
['icmp_block', 'icmp_block_inversion', 'service', 'port', 'port_forward', 'rich_rule',
'interface', 'masquerade', 'source', 'target']
],
)
permanent = module.params['permanent']
@ -814,33 +822,11 @@ def main():
if 'toaddr' in port_forward:
port_forward_toaddr = port_forward['toaddr']
modification_count = 0
if icmp_block is not None:
modification_count += 1
if icmp_block_inversion is not None:
modification_count += 1
if service is not None:
modification_count += 1
if port is not None:
modification_count += 1
if port_forward is not None:
modification_count += 1
if rich_rule is not None:
modification_count += 1
if interface is not None:
modification_count += 1
if masquerade is not None:
modification_count += 1
if source is not None:
modification_count += 1
if target is not None:
modification_count += 1
if modification_count > 1:
module.fail_json(
msg='can only operate on port, service, rich_rule, masquerade, icmp_block, icmp_block_inversion, interface or source at once'
)
elif (modification_count > 0) and (desired_state in ['absent', 'present']) and (target is None):
modification = False
if any([icmp_block, icmp_block_inversion, service, port, port_forward, rich_rule,
interface, masquerade, source, target]):
modification = True
if modification and desired_state in ['absent', 'present'] and target is None:
module.fail_json(
msg='absent and present state can only be used in zone level operations'
)
@ -877,6 +863,14 @@ def main():
if changed is True:
msgs.append("Changed icmp-block-inversion %s to %s" % (icmp_block_inversion, desired_state))
# Type of icmp_block_inversion will be changed to boolean in a future release.
try:
boolean(icmp_block_inversion, True)
except TypeError:
module.warn('The value of the icmp_block_inversion option is "%s". '
'The type of the option will be changed from string to boolean in a future release. '
'To avoid unexpected behavior, please change the value to boolean.' % icmp_block_inversion)
if service is not None:
transaction = ServiceTransaction(
@ -994,6 +988,14 @@ def main():
changed, transaction_msgs = transaction.run()
msgs = msgs + transaction_msgs
# Type of masquerade will be changed to boolean in a future release.
try:
boolean(masquerade, True)
except TypeError:
module.warn('The value of the masquerade option is "%s". '
'The type of the option will be changed from string to boolean in a future release. '
'To avoid unexpected behavior, please change the value to boolean.' % masquerade)
if target is not None:
transaction = ZoneTargetTransaction(
@ -1009,7 +1011,7 @@ def main():
msgs = msgs + transaction_msgs
''' If there are no changes within the zone we are operating on the zone itself '''
if modification_count == 0 and desired_state in ['absent', 'present']:
if not modification and desired_state in ['absent', 'present']:
transaction = ZoneTransaction(
module,

8
plugins/modules/mount.py
View file

@ -172,7 +172,7 @@ EXAMPLES = r'''
ansible.posix.mount:
src: 192.168.1.100:/nfs/ssd/shared_data
path: /mnt/shared_data
opts: rw,sync,hard,intr
opts: rw,sync,hard
state: mounted
fstype: nfs
@ -180,7 +180,7 @@ EXAMPLES = r'''
ansible.posix.mount:
src: 192.168.1.100:/nfs/ssd/shared_data
path: /mnt/shared_data
opts: rw,sync,hard,intr
opts: rw,sync,hard
boot: no
state: mounted
fstype: nfs
@ -254,6 +254,10 @@ def _set_mount_save_old(module, args):
'%(src)s - %(name)s %(fstype)s %(passno)s %(boot)s %(opts)s\n')
for line in open(args['fstab'], 'r').readlines():
# Append newline if the line in fstab does not finished with newline.
if not line.endswith('\n'):
line += '\n'
old_lines.append(line)
if not line.strip():

71
plugins/modules/selinux.py
View file

@ -28,6 +28,13 @@ options:
required: true
choices: [ disabled, enforcing, permissive ]
type: str
update_kernel_param:
description:
- If set to I(true), will update also the kernel boot parameters when disabling/enabling SELinux.
- The C(grubby) tool must be present on the target system for this to work.
default: no
type: bool
version_added: '1.4.0'
configfile:
description:
- The path to the SELinux configuration file, if non-standard.
@ -97,6 +104,7 @@ except ImportError:
HAS_SELINUX = False
from ansible.module_utils.basic import AnsibleModule, missing_required_lib
from ansible.module_utils.common.process import get_bin_path
from ansible.module_utils.facts.utils import get_file_lines
@ -119,6 +127,34 @@ def get_config_policy(configfile):
return line.split('=')[1].strip()
def get_kernel_enabled(module, grubby_bin):
if grubby_bin is None:
module.fail_json(msg="'grubby' command not found on host",
details="In order to update the kernel command line"
"enabled/disabled setting, the grubby package"
"needs to be present on the system.")
rc, stdout, stderr = module.run_command([grubby_bin, '--info=ALL'])
if rc != 0:
module.fail_json(msg="unable to run grubby")
all_enabled = True
all_disabled = True
for line in stdout.split('\n'):
match = re.match('^args="(.*)"$', line)
if match is None:
continue
args = match.group(1).split(' ')
if 'selinux=0' in args:
all_enabled = False
else:
all_disabled = False
if all_disabled == all_enabled:
# inconsistent config - return None to force update
return None
return all_enabled
# setter subroutines
def set_config_state(module, state, configfile):
# SELINUX=permissive
@ -153,6 +189,17 @@ def set_state(module, state):
module.fail_json(msg=msg)
def set_kernel_enabled(module, grubby_bin, value):
rc, stdout, stderr = module.run_command([grubby_bin, '--update-kernel=ALL',
'--remove-args' if value else '--args',
'selinux=0'])
if rc != 0:
if value:
module.fail_json(msg='unable to remove selinux=0 from kernel config')
else:
module.fail_json(msg='unable to add selinux=0 to kernel config')
def set_config_policy(module, policy, configfile):
if not os.path.exists('/etc/selinux/%s/policy' % policy):
module.fail_json(msg='Policy %s does not exist in /etc/selinux/' % policy)
@ -183,6 +230,7 @@ def main():
policy=dict(type='str'),
state=dict(type='str', required=True, choices=['enforcing', 'permissive', 'disabled']),
configfile=dict(type='str', default='/etc/selinux/config', aliases=['conf', 'file']),
update_kernel_param=dict(type='bool', default=False),
),
supports_check_mode=True,
)
@ -196,9 +244,11 @@ def main():
configfile = module.params['configfile']
policy = module.params['policy']
state = module.params['state']
update_kernel_param = module.params['update_kernel_param']
runtime_enabled = selinux.is_selinux_enabled()
runtime_policy = selinux.selinux_getpolicytype()[1]
runtime_state = 'disabled'
kernel_enabled = None
reboot_required = False
if runtime_enabled:
@ -215,6 +265,12 @@ def main():
config_policy = get_config_policy(configfile)
config_state = get_config_state(configfile)
if update_kernel_param:
try:
grubby_bin = get_bin_path('grubby')
except ValueError:
grubby_bin = None
kernel_enabled = get_kernel_enabled(module, grubby_bin)
# check to see if policy is set if state is not 'disabled'
if state != 'disabled':
@ -269,6 +325,21 @@ def main():
msgs.append("Config SELinux state changed from '%s' to '%s'" % (config_state, state))
changed = True
requested_kernel_enabled = state in ('enforcing', 'permissive')
# Update kernel enabled/disabled config only when setting is consistent
# across all kernels AND the requested state differs from the current state
if update_kernel_param and kernel_enabled != requested_kernel_enabled:
if not module.check_mode:
set_kernel_enabled(module, grubby_bin, requested_kernel_enabled)
if requested_kernel_enabled:
states = ('disabled', 'enabled')
else:
states = ('enabled', 'disabled')
if kernel_enabled is None:
states = ('<inconsistent>', states[1])
msgs.append("Kernel SELinux state changed from '%s' to '%s'" % states)
changed = True
module.exit_json(changed=changed, msg=', '.join(msgs), configfile=configfile, policy=policy, state=state, reboot_required=reboot_required)

14
plugins/modules/synchronize.py
View file

@ -137,7 +137,9 @@ options:
default: yes
use_ssh_args:
description:
- Use the ssh_args specified in ansible.cfg. Setting this to `yes` will also make `synchronize` use `ansible_ssh_common_args`.
- In Ansible 2.10 and lower, it uses the ssh_args specified in C(ansible.cfg).
- In Ansible 2.11 and onwards, when set to C(true), it uses all SSH connection configurations like
C(ansible_ssh_args), C(ansible_ssh_common_args), and C(ansible_ssh_extra_args).
type: bool
default: no
ssh_connection_multiplexing:
@ -548,10 +550,10 @@ def main():
ssh_cmd_str = ' '.join(shlex_quote(arg) for arg in ssh_cmd)
if ssh_args:
ssh_cmd_str += ' %s' % ssh_args
cmd.append(shlex_quote('--rsh=%s' % ssh_cmd_str))
cmd.append('--rsh=%s' % shlex_quote(ssh_cmd_str))
if rsync_path:
cmd.append(shlex_quote('--rsync-path=%s' % rsync_path))
cmd.append('--rsync-path=%s' % shlex_quote(rsync_path))
if rsync_opts:
if '' in rsync_opts:
@ -577,7 +579,7 @@ def main():
cmd.append('--link-dest=%s' % link_path)
changed_marker = '<<CHANGED>>'
cmd.append(shlex_quote('--out-format=' + changed_marker + '%i %n%L'))
cmd.append('--out-format=%s' % shlex_quote(changed_marker + '%i %n%L'))
# expand the paths
if '@' not in source:
@ -585,8 +587,8 @@ def main():
if '@' not in dest:
dest = os.path.expanduser(dest)
cmd.append(source)
cmd.append(dest)
cmd.append(shlex_quote(source))
cmd.append(shlex_quote(dest))
cmdstr = ' '.join(cmd)
# If we are using password authentication, write the password into the pipe

10
tests/integration/targets/acl/tasks/acl.yml
View file

@ -23,6 +23,16 @@
group:
name: "{{ test_group }}"
- name: Clean up working directory and files
file:
path: "{{ output_dir }}"
state: absent
- name: Create working directory
file:
path: "{{ output_dir }}"
state: directory
- name: Create ansible file
file:
path: "{{ test_file }}"

Some files were not shown because too many files have changed in this diff Show more