@@ -208,7 +211,7 @@ Parameters
state
- -
+ string
@@ -259,7 +262,7 @@ Notes
Examples
--------
-.. code-block:: yaml+jinja
+.. code-block:: yaml
- name: Grant user Joe read access to a file
ansible.posix.acl:
diff --git a/docs/ansible.posix.at_module.rst b/docs/ansible.posix.at_module.rst
index 3d2b41f..d9f3cc8 100644
--- a/docs/ansible.posix.at_module.rst
+++ b/docs/ansible.posix.at_module.rst
@@ -62,7 +62,6 @@ Parameters
integer
- / required
|
@@ -131,7 +130,6 @@ Parameters
string
- / required
|
@@ -155,7 +153,7 @@ Parameters
Examples
--------
-.. code-block:: yaml+jinja
+.. code-block:: yaml
- name: Schedule a command to execute in 20 minutes as root
ansible.posix.at:
diff --git a/docs/ansible.posix.authorized_key_module.rst b/docs/ansible.posix.authorized_key_module.rst
index ceef3ef..69e80e3 100644
--- a/docs/ansible.posix.authorized_key_module.rst
+++ b/docs/ansible.posix.authorized_key_module.rst
@@ -113,7 +113,7 @@ Parameters
key_options
- -
+ string
|
@@ -226,7 +226,7 @@ Parameters
Examples
--------
-.. code-block:: yaml+jinja
+.. code-block:: yaml
- name: Set authorized key taken from file
ansible.posix.authorized_key:
diff --git a/docs/ansible.posix.firewalld_info_module.rst b/docs/ansible.posix.firewalld_info_module.rst
new file mode 100644
index 0000000..8bb6508
--- /dev/null
+++ b/docs/ansible.posix.firewalld_info_module.rst
@@ -0,0 +1,520 @@
+.. _ansible.posix.firewalld_info_module:
+
+
+****************************
+ansible.posix.firewalld_info
+****************************
+
+**Gather information about firewalld**
+
+
+
+.. contents::
+ :local:
+ :depth: 1
+
+
+Synopsis
+--------
+- This module gathers information about firewalld rules.
+
+
+
+Requirements
+------------
+The below requirements are needed on the host that executes this module.
+
+- firewalld >= 0.2.11
+- python-firewall
+- python-dbus
+
+
+Parameters
+----------
+
+.. raw:: html
+
+
+
+ | Parameter |
+ Choices/Defaults |
+ Comments |
+
+
+ |
+
+ active_zones
+
+
+ boolean
+
+ |
+
+
+ |
+
+ Gather information about active zones.
+ |
+
+
+ |
+
+ zones
+
+
+ list
+ / elements=string
+
+ |
+
+ |
+
+ Gather information about specific zones.
+ If only works if active_zones is set to false.
+ |
+
+
+
+
+
+
+
+Examples
+--------
+
+.. code-block:: yaml
+
+ - name: Gather information about active zones
+ ansible.posix.firewalld_info:
+ active_zones: yes
+
+ - name: Gather information about specific zones
+ ansible.posix.firewalld_info:
+ zones:
+ - public
+ - external
+ - internal
+
+
+
+Return Values
+-------------
+Common return values are documented `here `_, the following are the fields unique to this module:
+
+.. raw:: html
+
+
+
+ | Key |
+ Returned |
+ Description |
+
+
+ |
+
+ active_zones
+
+
+ boolean
+
+ |
+ success |
+
+ Gather active zones only if turn it true.
+
+ |
+
+
+ |
+
+ collected_zones
+
+
+ list
+
+ |
+ success |
+
+ A list of collected zones.
+
+ Sample:
+ ['external', 'internal']
+ |
+
+
+ |
+
+ firewalld_info
+
+
+ complex
+
+ |
+ success |
+
+ Returns various information about firewalld configuration.
+
+ |
+
+
+ | |
+
+
+ default_zones
+
+
+ string
+
+ |
+ success |
+
+ The zone name of default zone.
+
+ Sample:
+ public
+ |
+
+
+ | |
+
+
+ version
+
+
+ string
+
+ |
+ success |
+
+ The version information of firewalld.
+
+ Sample:
+ 0.8.2
+ |
+
+
+ | |
+
+
+ zones
+
+
+ complex
+
+ |
+ success |
+
+ A dict of zones to gather information.
+
+ |
+
+
+ | |
+ |
+
+
+ zone
+
+
+ complex
+
+ |
+ success |
+
+ The zone name registered in firewalld.
+
+ Sample:
+ external
+ |
+
+
+ | |
+ |
+ |
+
+
+ forward
+
+
+ boolean
+
+ |
+ success |
+
+ The network interface forwarding.
+ This parameter supports on python-firewall 0.9.0(or later) and is not collected in earlier versions.
+
+ |
+
+
+ | |
+ |
+ |
+
+
+ forward_ports
+
+
+ list
+
+ |
+ success |
+
+ A list of forwarding port pair with protocol.
+
+ Sample:
+ ['icmp', 'ipv6-icmp']
+ |
+
+
+ | |
+ |
+ |
+
+
+ icmp_block_inversion
+
+
+ boolean
+
+ |
+ success |
+
+ The ICMP block inversion to block all ICMP requests.
+
+ |
+
+
+ | |
+ |
+ |
+
+
+ icmp_blocks
+
+
+ list
+
+ |
+ success |
+
+ A list of blocking icmp protocol.
+
+ Sample:
+ ['echo-request']
+ |
+
+
+ | |
+ |
+ |
+
+
+ interfaces
+
+
+ list
+
+ |
+ success |
+
+ A list of network interfaces.
+
+ Sample:
+ ['eth0', 'eth1']
+ |
+
+
+ | |
+ |
+ |
+
+
+ masquerade
+
+
+ boolean
+
+ |
+ success |
+
+ The network interface masquerading.
+
+ |
+
+
+ | |
+ |
+ |
+
+
+ ports
+
+
+ list
+
+ |
+ success |
+
+ A list of network port with protocol.
+
+ Sample:
+ [['22', 'tcp'], ['80', 'tcp']]
+ |
+
+
+ | |
+ |
+ |
+
+
+ protocols
+
+
+ list
+
+ |
+ success |
+
+ A list of network protocol.
+
+ Sample:
+ ['icmp', 'ipv6-icmp']
+ |
+
+
+ | |
+ |
+ |
+
+
+ rich_rules
+
+
+ list
+
+ |
+ success |
+
+ A list of rich language rule.
+
+ Sample:
+ ['rule protocol value="icmp" reject', 'rule priority="32767" reject']
+ |
+
+
+ | |
+ |
+ |
+
+
+ services
+
+
+ list
+
+ |
+ success |
+
+ A list of network services.
+
+ Sample:
+ ['dhcp', 'dns', 'ssh']
+ |
+
+
+ | |
+ |
+ |
+
+
+ source_ports
+
+
+ list
+
+ |
+ success |
+
+ A list of network source port with protocol.
+
+ Sample:
+ [['30000', 'tcp'], ['30001', 'tcp']]
+ |
+
+
+ | |
+ |
+ |
+
+
+ sources
+
+
+ list
+
+ |
+ success |
+
+ A list of source network address.
+
+ Sample:
+ ['172.16.30.0/24', '172.16.31.0/24']
+ |
+
+
+ | |
+ |
+ |
+
+
+ target
+
+
+ string
+
+ |
+ success |
+
+ A list of services in the zone.
+
+ Sample:
+ ACCEPT
+ |
+
+
+
+
+
+ |
+
+ undefined_zones
+
+
+ list
+
+ |
+ success |
+
+ A list of undefined zones in zones option.
+ undefined_zones will be ignored for gathering process.
+
+ Sample:
+ ['foo', 'bar']
+ |
+
+
+
+
+
+Status
+------
+
+
+Authors
+~~~~~~~
+
+- Hideki Saito (@saito-hideki)
diff --git a/docs/ansible.posix.firewalld_module.rst b/docs/ansible.posix.firewalld_module.rst
index 4a750ad..a041534 100644
--- a/docs/ansible.posix.firewalld_module.rst
+++ b/docs/ansible.posix.firewalld_module.rst
@@ -34,12 +34,12 @@ Parameters
- | Parameter |
+ Parameter |
Choices/Defaults |
Comments |
- |
+ |
icmp_block
@@ -54,7 +54,7 @@ Parameters
|
- |
+ |
icmp_block_inversion
@@ -69,7 +69,7 @@ Parameters
|
- |
+ |
immediate
@@ -88,7 +88,7 @@ Parameters
|
- |
+ |
interface
@@ -103,7 +103,7 @@ Parameters
|
- |
+ |
masquerade
@@ -118,7 +118,7 @@ Parameters
|
- |
+ |
offline
@@ -137,7 +137,7 @@ Parameters
|
- |
+ |
permanent
@@ -153,12 +153,12 @@ Parameters
|
Should this configuration be in the running firewalld configuration or persist across reboots.
- As of Ansible 2.3, permanent operations can operate on firewalld configs when it is not running (requires firewalld >= 3.0.9).
+ As of Ansible 2.3, permanent operations can operate on firewalld configs when it is not running (requires firewalld >= 0.3.9).
Note that if this is no, immediate is assumed yes.
|
- |
+ |
port
@@ -174,12 +174,13 @@ Parameters
|
- |
+ |
port_forward
- string
+ list
+ / elements=dictionary
|
@@ -188,8 +189,80 @@ Parameters
Port and protocol to forward using firewalld.
|
-
+
+ |
+
+ port
+
+
+ string
+ / required
+
+ |
+
+ |
+
+ Source port to forward from
+ |
+
+
+ |
+
+
+ proto
+
+
+ string
+ / required
+
+ |
+
+
+ |
+
+ protocol to forward
+ |
+
+
+ |
+
+
+ toaddr
+
+
+ string
+
+ |
+
+ |
+
+ Optional address to forward to
+ |
+
+
+ |
+
+
+ toport
+
+
+ string
+ / required
+
+ |
+
+ |
+
+ destination port
+ |
+
+
+
+ |
rich_rule
@@ -205,7 +278,7 @@ Parameters
|
- |
+ |
service
@@ -221,7 +294,7 @@ Parameters
|
- |
+ |
source
@@ -236,7 +309,7 @@ Parameters
|
- |
+ |
state
@@ -260,7 +333,30 @@ Parameters
|
- |
+ |
+
+ target
+
+
+ string
+
+ added in 1.2.0
+ |
+
+ Choices:
+ - default
+ - ACCEPT
+ - DROP
+ - %%REJECT%%
+
+ |
+
+ firewalld Zone target
+ If state is set to absent, this will reset the target to default
+ |
+
+
+
timeout
@@ -272,11 +368,11 @@ Parameters
Default:
0
|
- The amount of time the rule should be in effect for when non-permanent.
+ The amount of time in seconds the rule should be in effect for when non-permanent.
|
- |
+ |
zone
@@ -311,7 +407,7 @@ Notes
Examples
--------
-.. code-block:: yaml+jinja
+.. code-block:: yaml
- name: permit traffic in default zone for https service
ansible.posix.firewalld:
@@ -375,13 +471,15 @@ Examples
permanent: yes
icmp_block: echo-request
- - name: Redirect port 443 to 8443
- become: yes
+ - ansible.posix.firewalld:
+ zone: internal
+ state: present
+ permanent: yes
+ target: ACCEPT
+
+ - name: Redirect port 443 to 8443 with Rich Rule
ansible.posix.firewalld:
- port_forward:
- - port: 443
- proto: tcp
- toport: 8443
+ rich_rule: rule family=ipv4 forward-port port=443 protocol=tcp to-port=8443
zone: public
permanent: yes
immediate: yes
@@ -389,6 +487,7 @@ Examples
+
Status
------
diff --git a/docs/ansible.posix.mount_module.rst b/docs/ansible.posix.mount_module.rst
index d7b7535..d955f7b 100644
--- a/docs/ansible.posix.mount_module.rst
+++ b/docs/ansible.posix.mount_module.rst
@@ -69,7 +69,10 @@ Parameters
|
Determines if the filesystem should be mounted on boot.
- Only applies to Solaris systems.
+ Only applies to Solaris and Linux systems.
+ For Solaris systems, true will set yes as the value of mount at boot in /etc/vfstab.
+ For Linux, FreeBSD, NetBSD and OpenBSD systems, false will add noauto to mount options in /etc/fstab.
+ To avoid mount option conflicts, if noauto specified in opts, mount module will ignore boot.
|
@@ -235,7 +238,7 @@ Notes
Examples
--------
-.. code-block:: yaml+jinja
+.. code-block:: yaml
# Before 2.3, option 'name' was used instead of 'path'
- name: Mount DVD read-only
@@ -296,6 +299,15 @@ Examples
state: mounted
fstype: nfs
+ - name: Mount NFS volumes with noauto according to boot option
+ ansible.posix.mount:
+ src: 192.168.1.100:/nfs/ssd/shared_data
+ path: /mnt/shared_data
+ opts: rw,sync,hard,intr
+ boot: no
+ state: mounted
+ fstype: nfs
+
diff --git a/docs/ansible.posix.patch_module.rst b/docs/ansible.posix.patch_module.rst
index 95d8e2e..60c30cf 100644
--- a/docs/ansible.posix.patch_module.rst
+++ b/docs/ansible.posix.patch_module.rst
@@ -212,7 +212,7 @@ Notes
Examples
--------
-.. code-block:: yaml+jinja
+.. code-block:: yaml
- name: Apply patch to one file
ansible.posix.patch:
diff --git a/docs/ansible.posix.seboolean_module.rst b/docs/ansible.posix.seboolean_module.rst
index 31ab10e..b089b14 100644
--- a/docs/ansible.posix.seboolean_module.rst
+++ b/docs/ansible.posix.seboolean_module.rst
@@ -65,7 +65,7 @@ Parameters
name
- -
+ string
/ required
@@ -129,7 +129,7 @@ Notes
Examples
--------
-.. code-block:: yaml+jinja
+.. code-block:: yaml
- name: Set httpd_can_network_connect flag on and keep it persistent across reboots
ansible.posix.seboolean:
diff --git a/docs/ansible.posix.selinux_module.rst b/docs/ansible.posix.selinux_module.rst
index aec26e9..b7f7976 100644
--- a/docs/ansible.posix.selinux_module.rst
+++ b/docs/ansible.posix.selinux_module.rst
@@ -47,7 +47,7 @@ Parameters
configfile
- -
+ string
@@ -64,13 +64,13 @@ Parameters
policy
- -
+ string
|
|
- The name of the SELinux policy to use (e.g. targeted) will be required if state is not disabled.
+ The name of the SELinux policy to use (e.g. targeted) will be required if state is not disabled.
|
@@ -79,7 +79,7 @@ Parameters
state
- -
+ string
/ required
@@ -103,7 +103,7 @@ Parameters
Examples
--------
-.. code-block:: yaml+jinja
+.. code-block:: yaml
- name: Enable SELinux
ansible.posix.selinux:
diff --git a/docs/ansible.posix.synchronize_module.rst b/docs/ansible.posix.synchronize_module.rst
index efd892b..82458df 100644
--- a/docs/ansible.posix.synchronize_module.rst
+++ b/docs/ansible.posix.synchronize_module.rst
@@ -113,6 +113,26 @@ Parameters
Copy symlinks as the item that they point to (the referent) is copied, rather than the symlink.
+
+ |
+
+ delay_updates
+
+
+ boolean
+
+ added in 1.3.0
+ |
+
+
+ |
+
+ This option puts the temporary file from each updated file into a holding directory until the end of the transfer, at which time all the files are renamed into place in rapid succession.
+ |
+
|
@@ -129,9 +149,9 @@ Parameters
|
- Delete files in dest that don't exist (after transfer, not before) in the src path.
- This option requires recursive=yes.
- This option ignores excluded files and behaves like the rsync opt --delete-excluded.
+ Delete files in dest that do not exist (after transfer, not before) in the src path.
+ This option requires recursive=yes.
+ This option ignores excluded files and behaves like the rsync opt --delete-after.
|
@@ -165,7 +185,7 @@ Parameters
|
Port number for ssh on the destination host.
Prior to Ansible 2.0, the ansible_ssh_port inventory var took precedence over this value.
- This parameter defaults to the value of ansible_ssh_port or ansible_port, the remote_port config setting or the value from ssh client configuration if none of the former have been set.
+ This parameter defaults to the value of ansible_port, the remote_port config setting or the value from ssh client configuration if none of the former have been set.
|
@@ -233,6 +253,7 @@ Parameters
list
+ / elements=string
@@ -384,6 +405,7 @@ Parameters
list
+ / elements=string
|
@@ -463,6 +485,27 @@ Parameters
The path can be absolute or relative.
|
+
+ |
+
+ ssh_connection_multiplexing
+
+
+ boolean
+
+ |
+
+
+ |
+
+ SSH connection multiplexing for rsync is disabled by default to prevent misconfigured ControlSockets from resulting in failed SSH connections. This is accomplished by setting the SSH ControlSocket to none.
+ Set this option to yes to allow multiplexing and reduce SSH connection overhead.
+ Note that simply setting this option to yes is not enough; You must also configure SSH connection multiplexing in your SSH client config by setting values for ControlMaster, ControlPersist and ControlPath.
+ |
+
|
@@ -499,7 +542,8 @@ Parameters
|
- Use the ssh_args specified in ansible.cfg.
+ In Ansible 2.10 and lower, it uses the ssh_args specified in ansible.cfg.
+ In Ansible 2.11 and onwards, when set to true, it uses all SSH connection configurations like ansible_ssh_args, ansible_ssh_common_args, and ansible_ssh_extra_args.
|
@@ -542,7 +586,7 @@ Notes
- Inspect the verbose output to validate the destination user/host/path are what was expected.
- To exclude files and directories from being synchronized, you may add ``.rsync-filter`` files to the source directory.
- rsync daemon must be up and running with correct permission when using rsync protocol in source or destination path.
- - The ``synchronize`` module forces `--delay-updates` to avoid leaving a destination in a broken in-between state if the underlying rsync process encounters an error. Those synchronizing large numbers of files that are willing to trade safety for performance should call rsync directly.
+ - The ``synchronize`` module enables `--delay-updates` by default to avoid leaving a destination in a broken in-between state if the underlying rsync process encounters an error. Those synchronizing large numbers of files that are willing to trade safety for performance should disable this option.
- link_destination is subject to the same limitations as the underlying rsync daemon. Hard links are only preserved if the relative subtrees of the source and destination are the same. Attempts to hardlink into a directory that is a subdirectory of the source will be prevented.
@@ -560,7 +604,7 @@ See Also
Examples
--------
-.. code-block:: yaml+jinja
+.. code-block:: yaml
- name: Synchronization of src on the control machine to dest on the remote hosts
ansible.posix.synchronize:
@@ -678,7 +722,7 @@ Examples
# Specify the rsync binary to use on remote host and on local host
- hosts: groupofhosts
vars:
- ansible_rsync_path: /usr/gnu/bin/rsync
+ ansible_rsync_path: /usr/gnu/bin/rsync
tasks:
- name: copy /tmp/localpath/ to remote location /tmp/remotepath
diff --git a/docs/ansible.posix.sysctl_module.rst b/docs/ansible.posix.sysctl_module.rst
index 1d7b34b..1f49cf6 100644
--- a/docs/ansible.posix.sysctl_module.rst
+++ b/docs/ansible.posix.sysctl_module.rst
@@ -58,14 +58,14 @@ Parameters
name
- -
+ string
/ required
|
- The dot-separated path (aka key) specifying the sysctl variable.
+ The dot-separated path (also known as key) specifying the sysctl variable.
aliases: key
|
@@ -94,7 +94,7 @@ Parameters
state
- -
+ string
@@ -113,7 +113,7 @@ Parameters
sysctl_file
- -
+ path
|
@@ -148,7 +148,7 @@ Parameters
value
- -
+ string
|
@@ -167,7 +167,7 @@ Parameters
Examples
--------
-.. code-block:: yaml+jinja
+.. code-block:: yaml
# Set vm.swappiness to 5 in /etc/sysctl.conf
- ansible.posix.sysctl:
@@ -212,4 +212,4 @@ Status
Authors
~~~~~~~
-- David CHANIAL (@davixx)
+- David CHANIAL (@davixx)
diff --git a/galaxy.yml b/galaxy.yml
index da182e8..a3b9509 100644
--- a/galaxy.yml
+++ b/galaxy.yml
@@ -1,6 +1,6 @@
namespace: ansible
name: posix
-version: 1.2.0
+version: 1.4.0
readme: README.md
authors:
- Ansible (github.com/ansible)
diff --git a/plugins/action/synchronize.py b/plugins/action/synchronize.py
index df3dab0..a5752b9 100644
--- a/plugins/action/synchronize.py
+++ b/plugins/action/synchronize.py
@@ -21,6 +21,7 @@ import os.path
from ansible import constants as C
from ansible.module_utils.six import string_types
+from ansible.module_utils.six.moves import shlex_quote
from ansible.module_utils._text import to_text
from ansible.module_utils.common._collections_compat import MutableSequence
from ansible.module_utils.parsing.convert_bool import boolean
@@ -28,6 +29,11 @@ from ansible.plugins.action import ActionBase
from ansible.plugins.loader import connection_loader
+DOCKER = ['docker', 'community.general.docker', 'community.docker.docker']
+PODMAN = ['podman', 'ansible.builtin.podman', 'containers.podman.podman']
+BUILDAH = ['buildah', 'containers.podman.buildah']
+
+
class ActionModule(ActionBase):
def _get_absolute_path(self, path):
@@ -66,21 +72,12 @@ class ActionModule(ActionBase):
return path
# If using docker or buildah, do not add user information
- if self._remote_transport not in [
- 'docker',
- 'community.general.docker',
- 'community.docker.docker',
- 'buildah',
- 'containers.podman.buildah',
- 'podman',
- 'containers.podman.podman'
- ] and user:
+ if self._remote_transport not in DOCKER + PODMAN + BUILDAH and user:
user_prefix = '%s@' % (user, )
if self._host_is_ipv6_address(host):
return '[%s%s]:%s' % (user_prefix, host, path)
- else:
- return '%s%s:%s' % (user_prefix, host, path)
+ return '%s%s:%s' % (user_prefix, host, path)
def _process_origin(self, host, path, user):
@@ -180,12 +177,25 @@ class ActionModule(ActionBase):
# Store remote connection type
self._remote_transport = self._connection.transport
+ use_ssh_args = _tmp_args.pop('use_ssh_args', None)
+
+ if use_ssh_args and self._connection.transport == 'ssh':
+ ssh_args = [
+ self._connection.get_option('ssh_args'),
+ self._connection.get_option('ssh_common_args'),
+ self._connection.get_option('ssh_extra_args'),
+ ]
+ _tmp_args['ssh_args'] = ' '.join([a for a in ssh_args if a])
# Handle docker connection options
- if self._remote_transport in ['docker', 'community.general.docker', 'community.docker.docker']:
+ if self._remote_transport in DOCKER:
self._docker_cmd = self._connection.docker_cmd
if self._play_context.docker_extra_args:
self._docker_cmd = "%s %s" % (self._docker_cmd, self._play_context.docker_extra_args)
+ elif self._remote_transport in PODMAN:
+ self._docker_cmd = self._connection._options['podman_executable']
+ if self._connection._options.get('podman_extra_args'):
+ self._docker_cmd = "%s %s" % (self._docker_cmd, self._connection._options['podman_extra_args'])
# self._connection accounts for delegate_to so
# remote_transport is the transport ansible thought it would need
@@ -203,8 +213,8 @@ class ActionModule(ActionBase):
# ssh paramiko docker buildah and local are fully supported transports. Anything
# else only works with delegate_to
- if delegate_to is None and self._connection.transport not in \
- ('ssh', 'paramiko', 'local', 'docker', 'community.general.docker', 'community.docker.docker', 'buildah', 'containers.podman.buildah'):
+ if delegate_to is None and self._connection.transport not in [
+ 'ssh', 'paramiko', 'local'] + DOCKER + PODMAN + BUILDAH:
result['failed'] = True
result['msg'] = (
"synchronize uses rsync to function. rsync needs to connect to the remote "
@@ -213,8 +223,6 @@ class ActionModule(ActionBase):
"so it cannot work." % self._connection.transport)
return result
- use_ssh_args = _tmp_args.pop('use_ssh_args', None)
-
# Parameter name needed by the ansible module
_tmp_args['_local_rsync_path'] = task_vars.get('ansible_rsync_path') or 'rsync'
_tmp_args['_local_rsync_password'] = task_vars.get('ansible_ssh_pass') or task_vars.get('ansible_password')
@@ -371,7 +379,7 @@ class ActionModule(ActionBase):
if not dest_is_local:
# don't escalate for docker. doing --rsync-path with docker exec fails
# and we can switch directly to the user via docker arguments
- if self._play_context.become and not rsync_path and self._remote_transport not in ['docker', 'community.general.docker', 'community.docker.docker']:
+ if self._play_context.become and not rsync_path and self._remote_transport not in DOCKER + PODMAN:
# If no rsync_path is set, become was originally set, and dest is
# remote then add privilege escalation here.
if self._play_context.become_method == 'sudo':
@@ -388,19 +396,9 @@ class ActionModule(ActionBase):
_tmp_args['rsync_path'] = rsync_path
- if use_ssh_args:
- ssh_args = [
- getattr(self._play_context, 'ssh_args', ''),
- getattr(self._play_context, 'ssh_common_args', ''),
- getattr(self._play_context, 'ssh_extra_args', ''),
- ]
- _tmp_args['ssh_args'] = ' '.join([a for a in ssh_args if a])
-
# If launching synchronize against docker container
# use rsync_opts to support container to override rsh options
- if self._remote_transport in [
- 'docker', 'community.general.docker', 'community.docker.docker', 'buildah', 'containers.podman.buildah'
- ] and not use_delegate:
+ if self._remote_transport in DOCKER + BUILDAH + PODMAN and not use_delegate:
# Replicate what we do in the module argumentspec handling for lists
if not isinstance(_tmp_args.get('rsync_opts'), MutableSequence):
tmp_rsync_opts = _tmp_args.get('rsync_opts', [])
@@ -413,15 +411,15 @@ class ActionModule(ActionBase):
if '--blocking-io' not in _tmp_args['rsync_opts']:
_tmp_args['rsync_opts'].append('--blocking-io')
- if self._remote_transport in ['docker', 'community.general.docker', 'community.docker.docker']:
+ if self._remote_transport in DOCKER + PODMAN:
if become and self._play_context.become_user:
- _tmp_args['rsync_opts'].append("--rsh=%s exec -u %s -i" % (self._docker_cmd, self._play_context.become_user))
+ _tmp_args['rsync_opts'].append('--rsh=' + shlex_quote('%s exec -u %s -i' % (self._docker_cmd, self._play_context.become_user)))
elif user is not None:
- _tmp_args['rsync_opts'].append("--rsh=%s exec -u %s -i" % (self._docker_cmd, user))
+ _tmp_args['rsync_opts'].append('--rsh=' + shlex_quote('%s exec -u %s -i' % (self._docker_cmd, user)))
else:
- _tmp_args['rsync_opts'].append("--rsh=%s exec -i" % self._docker_cmd)
- elif self._remote_transport in ['buildah', 'containers.podman.buildah']:
- _tmp_args['rsync_opts'].append("--rsh=buildah run --")
+ _tmp_args['rsync_opts'].append('--rsh=' + shlex_quote('%s exec -i' % self._docker_cmd))
+ elif self._remote_transport in BUILDAH:
+ _tmp_args['rsync_opts'].append('--rsh=' + shlex_quote('buildah run --'))
# run the module and store the result
result.update(self._execute_module('ansible.posix.synchronize', module_args=_tmp_args, task_vars=task_vars))
diff --git a/plugins/callback/profile_tasks.py b/plugins/callback/profile_tasks.py
index 6edb325..e4b5e91 100644
--- a/plugins/callback/profile_tasks.py
+++ b/plugins/callback/profile_tasks.py
@@ -92,7 +92,8 @@ def filled(msg, fchar="*"):
def timestamp(self):
if self.current is not None:
- self.stats[self.current]['time'] = time.time() - self.stats[self.current]['time']
+ elapsed = time.time() - self.stats[self.current]['started']
+ self.stats[self.current]['elapsed'] += elapsed
def tasktime():
@@ -151,8 +152,15 @@ class CallbackModule(CallbackBase):
timestamp(self)
# Record the start time of the current task
+ # stats[TASK_UUID]:
+ # started: Current task start time. This value will be updated each time a task
+ # with the same UUID is executed when `serial` is specified in a playbook.
+ # elapsed: Elapsed time since the first serialized task was started
self.current = task._uuid
- self.stats[self.current] = {'time': time.time(), 'name': task.get_name()}
+ if self.current not in self.stats:
+ self.stats[self.current] = {'started': time.time(), 'elapsed': 0.0, 'name': task.get_name()}
+ else:
+ self.stats[self.current]['started'] = time.time()
if self._display.verbosity >= 2:
self.stats[self.current]['path'] = task.get_path()
@@ -178,7 +186,7 @@ class CallbackModule(CallbackBase):
if self.sort_order is not None:
results = sorted(
self.stats.items(),
- key=lambda x: x[1]['time'],
+ key=lambda x: x[1]['elapsed'],
reverse=self.sort_order,
)
@@ -187,7 +195,7 @@ class CallbackModule(CallbackBase):
# Print the timings
for uuid, result in results:
- msg = u"{0:-<{2}}{1:->9}".format(result['name'] + u' ', u' {0:.02f}s'.format(result['time']), self._display.columns - 9)
+ msg = u"{0:-<{2}}{1:->9}".format(result['name'] + u' ', u' {0:.02f}s'.format(result['elapsed']), self._display.columns - 9)
if 'path' in result:
msg += u"\n{0:-<{1}}".format(result['path'] + u' ', self._display.columns)
self._display.display(msg)
diff --git a/plugins/modules/authorized_key.py b/plugins/modules/authorized_key.py
index 7f203e3..e11b416 100644
--- a/plugins/modules/authorized_key.py
+++ b/plugins/modules/authorized_key.py
@@ -94,6 +94,12 @@ EXAMPLES = r'''
state: present
key: https://github.com/charlie.keys
+- name: Set authorized keys taken from url using lookup
+ ansible.posix.authorized_key:
+ user: charlie
+ state: present
+ key: "{{ lookup('url', 'https://github.com/charlie.keys', split_lines=False) }}"
+
- name: Set authorized key in alternate location
ansible.posix.authorized_key:
user: charlie
diff --git a/plugins/modules/firewalld.py b/plugins/modules/firewalld.py
index 62d0b86..8ce9c21 100644
--- a/plugins/modules/firewalld.py
+++ b/plugins/modules/firewalld.py
@@ -81,7 +81,7 @@ options:
permanent:
description:
- Should this configuration be in the running firewalld configuration or persist across reboots.
- - As of Ansible 2.3, permanent operations can operate on firewalld configs when it is not running (requires firewalld >= 3.0.9).
+ - As of Ansible 2.3, permanent operations can operate on firewalld configs when it is not running (requires firewalld >= 0.3.9).
- Note that if this is C(no), immediate is assumed C(yes).
type: bool
immediate:
@@ -128,8 +128,11 @@ notes:
The module will not take care of this for you implicitly because that would undo any previously performed immediate actions which were not
permanent. Therefore, if you require immediate access to a newly created zone it is recommended you reload firewalld immediately after the zone
creation returns with a changed state and before you perform any other immediate, non-permanent actions on that zone.
+ - This module needs C(python-firewall) or C(python3-firewall) on managed nodes.
+ It is usually provided as a subset with C(firewalld) from the OS distributor for the OS default Python interpreter.
requirements:
- firewalld >= 0.2.11
+- python-firewall >= 0.2.11
author:
- Adam Miller (@maxamillion)
'''
@@ -213,6 +216,7 @@ EXAMPLES = r'''
'''
from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.parsing.convert_bool import boolean
from ansible_collections.ansible.posix.plugins.module_utils.firewalld import FirewallTransaction, fw_offline
try:
@@ -708,7 +712,7 @@ class ForwardPortTransaction(FirewallTransaction):
if self.fw_offline:
dummy, fw_settings = self.get_fw_zone_settings()
return fw_settings.queryForwardPort(port=port, protocol=proto, to_port=toport, to_addr=toaddr)
- return self.fw.queryForwardPort(port=port, protocol=proto, to_port=toport, to_addr=toaddr)
+ return self.fw.queryForwardPort(zone=self.zone, port=port, protocol=proto, toport=toport, toaddr=toaddr)
def get_enabled_permanent(self, port, proto, toport, toaddr, timeout):
dummy, fw_settings = self.get_fw_zone_settings()
@@ -758,6 +762,10 @@ def main():
target=('zone',),
source=('permanent',),
),
+ mutually_exclusive=[
+ ['icmp_block', 'icmp_block_inversion', 'service', 'port', 'port_forward', 'rich_rule',
+ 'interface', 'masquerade', 'source', 'target']
+ ],
)
permanent = module.params['permanent']
@@ -814,33 +822,11 @@ def main():
if 'toaddr' in port_forward:
port_forward_toaddr = port_forward['toaddr']
- modification_count = 0
- if icmp_block is not None:
- modification_count += 1
- if icmp_block_inversion is not None:
- modification_count += 1
- if service is not None:
- modification_count += 1
- if port is not None:
- modification_count += 1
- if port_forward is not None:
- modification_count += 1
- if rich_rule is not None:
- modification_count += 1
- if interface is not None:
- modification_count += 1
- if masquerade is not None:
- modification_count += 1
- if source is not None:
- modification_count += 1
- if target is not None:
- modification_count += 1
-
- if modification_count > 1:
- module.fail_json(
- msg='can only operate on port, service, rich_rule, masquerade, icmp_block, icmp_block_inversion, interface or source at once'
- )
- elif (modification_count > 0) and (desired_state in ['absent', 'present']) and (target is None):
+ modification = False
+ if any([icmp_block, icmp_block_inversion, service, port, port_forward, rich_rule,
+ interface, masquerade, source, target]):
+ modification = True
+ if modification and desired_state in ['absent', 'present'] and target is None:
module.fail_json(
msg='absent and present state can only be used in zone level operations'
)
@@ -877,6 +863,14 @@ def main():
if changed is True:
msgs.append("Changed icmp-block-inversion %s to %s" % (icmp_block_inversion, desired_state))
+ # Type of icmp_block_inversion will be changed to boolean in a future release.
+ try:
+ boolean(icmp_block_inversion, True)
+ except TypeError:
+ module.warn('The value of the icmp_block_inversion option is "%s". '
+ 'The type of the option will be changed from string to boolean in a future release. '
+ 'To avoid unexpected behavior, please change the value to boolean.' % icmp_block_inversion)
+
if service is not None:
transaction = ServiceTransaction(
@@ -994,6 +988,14 @@ def main():
changed, transaction_msgs = transaction.run()
msgs = msgs + transaction_msgs
+ # Type of masquerade will be changed to boolean in a future release.
+ try:
+ boolean(masquerade, True)
+ except TypeError:
+ module.warn('The value of the masquerade option is "%s". '
+ 'The type of the option will be changed from string to boolean in a future release. '
+ 'To avoid unexpected behavior, please change the value to boolean.' % masquerade)
+
if target is not None:
transaction = ZoneTargetTransaction(
@@ -1009,7 +1011,7 @@ def main():
msgs = msgs + transaction_msgs
''' If there are no changes within the zone we are operating on the zone itself '''
- if modification_count == 0 and desired_state in ['absent', 'present']:
+ if not modification and desired_state in ['absent', 'present']:
transaction = ZoneTransaction(
module,
diff --git a/plugins/modules/mount.py b/plugins/modules/mount.py
index ae2ac27..8b28f12 100644
--- a/plugins/modules/mount.py
+++ b/plugins/modules/mount.py
@@ -172,7 +172,7 @@ EXAMPLES = r'''
ansible.posix.mount:
src: 192.168.1.100:/nfs/ssd/shared_data
path: /mnt/shared_data
- opts: rw,sync,hard,intr
+ opts: rw,sync,hard
state: mounted
fstype: nfs
@@ -180,7 +180,7 @@ EXAMPLES = r'''
ansible.posix.mount:
src: 192.168.1.100:/nfs/ssd/shared_data
path: /mnt/shared_data
- opts: rw,sync,hard,intr
+ opts: rw,sync,hard
boot: no
state: mounted
fstype: nfs
@@ -254,6 +254,10 @@ def _set_mount_save_old(module, args):
'%(src)s - %(name)s %(fstype)s %(passno)s %(boot)s %(opts)s\n')
for line in open(args['fstab'], 'r').readlines():
+ # Append newline if the line in fstab does not finished with newline.
+ if not line.endswith('\n'):
+ line += '\n'
+
old_lines.append(line)
if not line.strip():
diff --git a/plugins/modules/selinux.py b/plugins/modules/selinux.py
index a22c282..89e6b63 100644
--- a/plugins/modules/selinux.py
+++ b/plugins/modules/selinux.py
@@ -28,6 +28,13 @@ options:
required: true
choices: [ disabled, enforcing, permissive ]
type: str
+ update_kernel_param:
+ description:
+ - If set to I(true), will update also the kernel boot parameters when disabling/enabling SELinux.
+ - The C(grubby) tool must be present on the target system for this to work.
+ default: no
+ type: bool
+ version_added: '1.4.0'
configfile:
description:
- The path to the SELinux configuration file, if non-standard.
@@ -97,6 +104,7 @@ except ImportError:
HAS_SELINUX = False
from ansible.module_utils.basic import AnsibleModule, missing_required_lib
+from ansible.module_utils.common.process import get_bin_path
from ansible.module_utils.facts.utils import get_file_lines
@@ -119,6 +127,34 @@ def get_config_policy(configfile):
return line.split('=')[1].strip()
+def get_kernel_enabled(module, grubby_bin):
+ if grubby_bin is None:
+ module.fail_json(msg="'grubby' command not found on host",
+ details="In order to update the kernel command line"
+ "enabled/disabled setting, the grubby package"
+ "needs to be present on the system.")
+
+ rc, stdout, stderr = module.run_command([grubby_bin, '--info=ALL'])
+ if rc != 0:
+ module.fail_json(msg="unable to run grubby")
+
+ all_enabled = True
+ all_disabled = True
+ for line in stdout.split('\n'):
+ match = re.match('^args="(.*)"$', line)
+ if match is None:
+ continue
+ args = match.group(1).split(' ')
+ if 'selinux=0' in args:
+ all_enabled = False
+ else:
+ all_disabled = False
+ if all_disabled == all_enabled:
+ # inconsistent config - return None to force update
+ return None
+ return all_enabled
+
+
# setter subroutines
def set_config_state(module, state, configfile):
# SELINUX=permissive
@@ -153,6 +189,17 @@ def set_state(module, state):
module.fail_json(msg=msg)
+def set_kernel_enabled(module, grubby_bin, value):
+ rc, stdout, stderr = module.run_command([grubby_bin, '--update-kernel=ALL',
+ '--remove-args' if value else '--args',
+ 'selinux=0'])
+ if rc != 0:
+ if value:
+ module.fail_json(msg='unable to remove selinux=0 from kernel config')
+ else:
+ module.fail_json(msg='unable to add selinux=0 to kernel config')
+
+
def set_config_policy(module, policy, configfile):
if not os.path.exists('/etc/selinux/%s/policy' % policy):
module.fail_json(msg='Policy %s does not exist in /etc/selinux/' % policy)
@@ -183,6 +230,7 @@ def main():
policy=dict(type='str'),
state=dict(type='str', required=True, choices=['enforcing', 'permissive', 'disabled']),
configfile=dict(type='str', default='/etc/selinux/config', aliases=['conf', 'file']),
+ update_kernel_param=dict(type='bool', default=False),
),
supports_check_mode=True,
)
@@ -196,9 +244,11 @@ def main():
configfile = module.params['configfile']
policy = module.params['policy']
state = module.params['state']
+ update_kernel_param = module.params['update_kernel_param']
runtime_enabled = selinux.is_selinux_enabled()
runtime_policy = selinux.selinux_getpolicytype()[1]
runtime_state = 'disabled'
+ kernel_enabled = None
reboot_required = False
if runtime_enabled:
@@ -215,6 +265,12 @@ def main():
config_policy = get_config_policy(configfile)
config_state = get_config_state(configfile)
+ if update_kernel_param:
+ try:
+ grubby_bin = get_bin_path('grubby')
+ except ValueError:
+ grubby_bin = None
+ kernel_enabled = get_kernel_enabled(module, grubby_bin)
# check to see if policy is set if state is not 'disabled'
if state != 'disabled':
@@ -269,6 +325,21 @@ def main():
msgs.append("Config SELinux state changed from '%s' to '%s'" % (config_state, state))
changed = True
+ requested_kernel_enabled = state in ('enforcing', 'permissive')
+ # Update kernel enabled/disabled config only when setting is consistent
+ # across all kernels AND the requested state differs from the current state
+ if update_kernel_param and kernel_enabled != requested_kernel_enabled:
+ if not module.check_mode:
+ set_kernel_enabled(module, grubby_bin, requested_kernel_enabled)
+ if requested_kernel_enabled:
+ states = ('disabled', 'enabled')
+ else:
+ states = ('enabled', 'disabled')
+ if kernel_enabled is None:
+ states = ('', states[1])
+ msgs.append("Kernel SELinux state changed from '%s' to '%s'" % states)
+ changed = True
+
module.exit_json(changed=changed, msg=', '.join(msgs), configfile=configfile, policy=policy, state=state, reboot_required=reboot_required)
diff --git a/plugins/modules/synchronize.py b/plugins/modules/synchronize.py
index 743deec..86cf360 100644
--- a/plugins/modules/synchronize.py
+++ b/plugins/modules/synchronize.py
@@ -137,7 +137,9 @@ options:
default: yes
use_ssh_args:
description:
- - Use the ssh_args specified in ansible.cfg. Setting this to `yes` will also make `synchronize` use `ansible_ssh_common_args`.
+ - In Ansible 2.10 and lower, it uses the ssh_args specified in C(ansible.cfg).
+ - In Ansible 2.11 and onwards, when set to C(true), it uses all SSH connection configurations like
+ C(ansible_ssh_args), C(ansible_ssh_common_args), and C(ansible_ssh_extra_args).
type: bool
default: no
ssh_connection_multiplexing:
@@ -548,10 +550,10 @@ def main():
ssh_cmd_str = ' '.join(shlex_quote(arg) for arg in ssh_cmd)
if ssh_args:
ssh_cmd_str += ' %s' % ssh_args
- cmd.append(shlex_quote('--rsh=%s' % ssh_cmd_str))
+ cmd.append('--rsh=%s' % shlex_quote(ssh_cmd_str))
if rsync_path:
- cmd.append(shlex_quote('--rsync-path=%s' % rsync_path))
+ cmd.append('--rsync-path=%s' % shlex_quote(rsync_path))
if rsync_opts:
if '' in rsync_opts:
@@ -577,7 +579,7 @@ def main():
cmd.append('--link-dest=%s' % link_path)
changed_marker = '<>'
- cmd.append(shlex_quote('--out-format=' + changed_marker + '%i %n%L'))
+ cmd.append('--out-format=%s' % shlex_quote(changed_marker + '%i %n%L'))
# expand the paths
if '@' not in source:
@@ -585,8 +587,8 @@ def main():
if '@' not in dest:
dest = os.path.expanduser(dest)
- cmd.append(source)
- cmd.append(dest)
+ cmd.append(shlex_quote(source))
+ cmd.append(shlex_quote(dest))
cmdstr = ' '.join(cmd)
# If we are using password authentication, write the password into the pipe
diff --git a/tests/integration/targets/acl/tasks/acl.yml b/tests/integration/targets/acl/tasks/acl.yml
index 7770ed4..30cfebb 100644
--- a/tests/integration/targets/acl/tasks/acl.yml
+++ b/tests/integration/targets/acl/tasks/acl.yml
@@ -23,6 +23,16 @@
group:
name: "{{ test_group }}"
+- name: Clean up working directory and files
+ file:
+ path: "{{ output_dir }}"
+ state: absent
+
+- name: Create working directory
+ file:
+ path: "{{ output_dir }}"
+ state: directory
+
- name: Create ansible file
file:
path: "{{ test_file }}"
diff --git a/tests/integration/targets/firewalld/aliases b/tests/integration/targets/firewalld/aliases
index 96ae90e..95259df 100644
--- a/tests/integration/targets/firewalld/aliases
+++ b/tests/integration/targets/firewalld/aliases
@@ -1,6 +1,5 @@
destructive
-shippable/posix/group3
+shippable/posix/group1
skip/aix
skip/freebsd
skip/osx
-disabled # fixme
diff --git a/tests/integration/targets/firewalld/tasks/main.yml b/tests/integration/targets/firewalld/tasks/main.yml
index 4e83ee8..17f14c2 100644
--- a/tests/integration/targets/firewalld/tasks/main.yml
+++ b/tests/integration/targets/firewalld/tasks/main.yml
@@ -15,6 +15,13 @@
register: check_output
ignore_errors: true
+ - name: Enable dbus-broker daemon
+ service:
+ name: dbus-broker
+ enabled: true
+ state: started
+ when: (ansible_distribution == 'Fedora' and ansible_distribution_major_version is version('34', '=='))
+
- name: Test Online Operations
block:
- name: start firewalld
@@ -40,3 +47,4 @@
- not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('14.04', '=='))
# Firewalld package on OpenSUSE (15+) require Python 3, so we skip on OpenSUSE running py2 on these newer distros
- not (ansible_os_family == "Suse" and ansible_distribution_major_version|int != 42 and ansible_python.version.major != 3)
+ - not (ansible_facts.distribution == "CentOS" and ansible_distribution_major_version is version('7', '==')) # FIXME
diff --git a/tests/integration/targets/firewalld/tasks/run_all_tests.yml b/tests/integration/targets/firewalld/tasks/run_all_tests.yml
index 01421df..c2d1ee6 100644
--- a/tests/integration/targets/firewalld/tasks/run_all_tests.yml
+++ b/tests/integration/targets/firewalld/tasks/run_all_tests.yml
@@ -9,17 +9,18 @@
# firewalld service operation test cases
- include_tasks: service_test_cases.yml
- # Skipping on CentOS 8 due to https://github.com/ansible/ansible/issues/64750
- when: not (ansible_facts.distribution == "CentOS" and ansible_distribution_major_version is version('8', '=='))
# firewalld port operation test cases
- include_tasks: port_test_cases.yml
# firewalld source operation test cases
-- import_tasks: source_test_cases.yml
+- include_tasks: source_test_cases.yml
# firewalld zone target operation test cases
- import_tasks: zone_target_test_cases.yml
# firewalld icmp block inversion operation test cases
- import_tasks: icmp_block_inversion_test.yml
+
+# firewalld port forwarding operation test cases
+- include_tasks: port_forward_test_cases.yml
diff --git a/tests/integration/targets/firewalld/tasks/source_test_cases.yml b/tests/integration/targets/firewalld/tasks/source_test_cases.yml
index f7c4f00..172a47e 100644
--- a/tests/integration/targets/firewalld/tasks/source_test_cases.yml
+++ b/tests/integration/targets/firewalld/tasks/source_test_cases.yml
@@ -82,4 +82,4 @@
assert:
that:
- result is not changed
- - "result.msg == 'can only operate on port, service, rich_rule, masquerade, icmp_block, icmp_block_inversion, interface or source at once'"
+ - "result.msg == 'parameters are mutually exclusive: icmp_block|icmp_block_inversion|service|port|port_forward|rich_rule|interface|masquerade|source|target'"
diff --git a/tests/integration/targets/mount/tasks/main.yml b/tests/integration/targets/mount/tasks/main.yml
index 64d40e5..be1850f 100644
--- a/tests/integration/targets/mount/tasks/main.yml
+++ b/tests/integration/targets/mount/tasks/main.yml
@@ -280,7 +280,7 @@
- name: Fail if they are the same
fail:
msg: Filesytem was not remounted, testing of the module failed!
- when: last_write is defined and last_write_time2 is defined and last_write_time.stdout == last_write_time2.stdout
+ when: last_write is defined and last_write_time2 is defined and last_write_time.stdout == last_write_time2.stdout
- name: Remount filesystem with different opts using remounted option (Linux only)
mount:
@@ -311,7 +311,7 @@
assert:
that:
- "'backup_file' in mount_backup_out"
-
+
always:
- name: Umount the test FS
mount:
@@ -368,4 +368,41 @@
loop:
- /tmp/myfs.img
- /tmp/myfs
- when: ansible_system in ('Linux')
\ No newline at end of file
+ when: ansible_system in ('Linux')
+
+- name: Block to test missing newline at the EOF of fstab
+ block:
+ - name: Create empty file
+ community.general.filesize:
+ path: /tmp/myfs1.img
+ size: 20M
+ - name: Format FS
+ community.general.filesystem:
+ fstype: ext3
+ dev: /tmp/myfs1.img
+ - name: Create custom fstab file without newline
+ copy:
+ content: '#TEST COMMENT WITHOUT NEWLINE'
+ dest: /tmp/test_fstab
+ - name: Mount the FS using the custom fstab
+ mount:
+ path: /tmp/myfs1
+ src: /tmp/myfs1.img
+ fstype: ext3
+ state: mounted
+ opts: defaults
+ fstab: /tmp/test_fstab
+ - name: Unmount the mount point in the custom fstab
+ mount:
+ path: /tmp/myfs1
+ state: absent
+ fstab: /tmp/test_fstab
+ - name: Remove the test FS and the custom fstab
+ file:
+ path: '{{ item }}'
+ state: absent
+ loop:
+ - /tmp/myfs1.img
+ - /tmp/myfs1
+ - /tmp/test_fstab
+ when: ansible_system in ('Linux')
diff --git a/tests/integration/targets/selinux/tasks/selinux.yml b/tests/integration/targets/selinux/tasks/selinux.yml
index a262f8b..d936ec6 100644
--- a/tests/integration/targets/selinux/tasks/selinux.yml
+++ b/tests/integration/targets/selinux/tasks/selinux.yml
@@ -20,11 +20,25 @@
# ##############################################################################
# Test changing the state, which requires a reboot
+- name: TEST 1 | Make sure grubby is present
+ package:
+ name: grubby
+ state: present
+
- name: TEST 1 | Get current SELinux config file contents
+ slurp:
+ src: /etc/sysconfig/selinux
+ register: selinux_config_original_base64
+
+- name: TEST 1 | Register SELinux config and SELinux status
set_fact:
- selinux_config_original: "{{ lookup('file', '/etc/sysconfig/selinux').split('\n') }}"
+ selinux_config_original_raw: "{{ selinux_config_original_base64.content | b64decode }}"
before_test_sestatus: "{{ ansible_selinux }}"
+- name: TEST 1 | Split by line and register original config
+ set_fact:
+ selinux_config_original: "{{ selinux_config_original_raw.split('\n') }}"
+
- debug:
var: "{{ item }}"
verbosity: 1
@@ -90,8 +104,17 @@
- _disable_test2.reboot_required
- name: TEST 1 | Get modified config file
+ slurp:
+ src: /etc/sysconfig/selinux
+ register: selinux_config_after_base64
+
+- name: TEST 1 | Register modified config
set_fact:
- selinux_config_after: "{{ lookup('file', '/etc/sysconfig/selinux').split('\n') }}"
+ selinux_config_after_raw: "{{ selinux_config_after_base64.content | b64decode }}"
+
+- name: TEST 1 | Split by line and register modified config
+ set_fact:
+ selinux_config_after: "{{ selinux_config_after_raw.split('\n') }}"
- debug:
var: selinux_config_after
@@ -104,11 +127,52 @@
- selinux_config_after[selinux_config_after.index('SELINUX=disabled')] is search("^SELINUX=\w+$")
- selinux_config_after[selinux_config_after.index('SELINUXTYPE=targeted')] is search("^SELINUXTYPE=\w+$")
-- name: TEST 1 | Reset SELinux configuration for next test
+- name: TEST 1 | Disable SELinux again, with kernel arguments update
+ selinux:
+ state: disabled
+ policy: targeted
+ update_kernel_param: true
+ register: _disable_test2
+
+- name: Check kernel command-line arguments
+ ansible.builtin.command: grubby --info=DEFAULT
+ register: _grubby_test1
+
+- name: TEST 1 | Assert that kernel cmdline contains selinux=0
+ assert:
+ that:
+ - "' selinux=0' in _grubby_test1.stdout"
+
+- name: TEST 1 | Enable SELinux, without kernel arguments update
+ selinux:
+ state: disabled
+ policy: targeted
+ register: _disable_test2
+
+- name: Check kernel command-line arguments
+ ansible.builtin.command: grubby --info=DEFAULT
+ register: _grubby_test1
+
+- name: TEST 1 | Assert that kernel cmdline still contains selinux=0
+ assert:
+ that:
+ - "' selinux=0' in _grubby_test1.stdout"
+
+- name: TEST 1 | Reset SELinux configuration for next test (also kernel args)
selinux:
state: enforcing
+ update_kernel_param: true
policy: targeted
+- name: Check kernel command-line arguments
+ ansible.builtin.command: grubby --info=DEFAULT
+ register: _grubby_test2
+
+- name: TEST 1 | Assert that kernel cmdline doesn't contain selinux=0
+ assert:
+ that:
+ - "' selinux=0' not in _grubby_test2.stdout"
+
# Second Test
# ##############################################################################
@@ -163,8 +227,17 @@
- not _state_test2.reboot_required
- name: TEST 2 | Get modified config file
+ slurp:
+ src: /etc/sysconfig/selinux
+ register: selinux_config_after_base64
+
+- name: TEST 2 | Register modified config
set_fact:
- selinux_config_after: "{{ lookup('file', '/etc/sysconfig/selinux').split('\n') }}"
+ selinux_config_after_raw: "{{ selinux_config_after_base64.content | b64decode }}"
+
+- name: TEST 2 | Split by line and register modified config
+ set_fact:
+ selinux_config_after: "{{ selinux_config_after_raw.split('\n') }}"
- debug:
var: selinux_config_after
diff --git a/tests/integration/targets/setup_pkg_mgr/tasks/main.yml b/tests/integration/targets/setup_pkg_mgr/tasks/main.yml
new file mode 100644
index 0000000..24d0222
--- /dev/null
+++ b/tests/integration/targets/setup_pkg_mgr/tasks/main.yml
@@ -0,0 +1,17 @@
+---
+####################################################################
+# WARNING: These are designed specifically for Ansible tests #
+# and should not be used as examples of how to write Ansible roles #
+####################################################################
+
+- set_fact:
+ pkg_mgr: community.general.pkgng
+ ansible_pkg_mgr: community.general.pkgng
+ cacheable: yes
+ when: ansible_os_family == "FreeBSD"
+
+- set_fact:
+ pkg_mgr: community.general.zypper
+ ansible_pkg_mgr: community.general.zypper
+ cacheable: yes
+ when: ansible_os_family == "Suse"
diff --git a/tests/integration/targets/synchronize/tasks/main.yml b/tests/integration/targets/synchronize/tasks/main.yml
index ac1aa03..125a406 100644
--- a/tests/integration/targets/synchronize/tasks/main.yml
+++ b/tests/integration/targets/synchronize/tasks/main.yml
@@ -2,16 +2,29 @@
package:
name: rsync
when: ansible_distribution != "MacOSX"
-- name: cleanup old files
- shell: rm -rf {{output_dir}}/*
+- name: Clean up the working directory and files
+ file:
+ path: '{{ output_dir }}'
+ state: absent
+- name: Create the working directory
+ file:
+ path: '{{ output_dir }}'
+ state: directory
- name: create test new files
- copy: dest={{output_dir}}/{{item}} mode=0644 content="hello world"
+ copy:
+ dest: '{{output_dir}}/{{item}}'
+ mode: '0644'
+ content: 'hello world'
with_items:
- foo.txt
- bar.txt
+
- name: synchronize file to new filename
- synchronize: src={{output_dir}}/foo.txt dest={{output_dir}}/foo.result
+ synchronize:
+ src: '{{output_dir}}/foo.txt'
+ dest: '{{output_dir}}/foo.result'
register: sync_result
+ delegate_to: '{{ inventory_hostname }}'
- assert:
that:
- '''changed'' in sync_result'
@@ -31,9 +44,13 @@
that:
- stat_result.stat.exists == True
- stat_result.stat.checksum == '2aae6c35c94fcfb415dbe95f408b9ce91ee846ed'
+
- name: test that the file is not copied a second time
- synchronize: src={{output_dir}}/foo.txt dest={{output_dir}}/foo.result
+ synchronize:
+ src='{{output_dir}}/foo.txt'
+ dest='{{output_dir}}/foo.result'
register: sync_result
+ delegate_to: '{{ inventory_hostname }}'
- assert:
that:
- sync_result.changed == False
@@ -44,12 +61,14 @@
with_items:
- foo.result
- bar.result
+
- name: Synchronize using the mode=push param
synchronize:
src: '{{output_dir}}/foo.txt'
dest: '{{output_dir}}/foo.result'
mode: push
register: sync_result
+ delegate_to: '{{ inventory_hostname }}'
- assert:
that:
- '''changed'' in sync_result'
@@ -69,12 +88,14 @@
that:
- stat_result.stat.exists == True
- stat_result.stat.checksum == '2aae6c35c94fcfb415dbe95f408b9ce91ee846ed'
+
- name: test that the file is not copied a second time
synchronize:
src: '{{output_dir}}/foo.txt'
dest: '{{output_dir}}/foo.result'
mode: push
register: sync_result
+ delegate_to: '{{ inventory_hostname }}'
- assert:
that:
- sync_result.changed == False
@@ -85,12 +106,14 @@
with_items:
- foo.result
- bar.result
+
- name: Synchronize using the mode=pull param
synchronize:
src: '{{output_dir}}/foo.txt'
dest: '{{output_dir}}/foo.result'
mode: pull
register: sync_result
+ delegate_to: '{{ inventory_hostname }}'
- assert:
that:
- '''changed'' in sync_result'
@@ -110,12 +133,14 @@
that:
- stat_result.stat.exists == True
- stat_result.stat.checksum == '2aae6c35c94fcfb415dbe95f408b9ce91ee846ed'
+
- name: test that the file is not copied a second time
synchronize:
src: '{{output_dir}}/foo.txt'
dest: '{{output_dir}}/foo.result'
mode: pull
register: sync_result
+ delegate_to: '{{ inventory_hostname }}'
- assert:
that:
- sync_result.changed == False
@@ -126,12 +151,16 @@
with_items:
- foo.result
- bar.result
+
- name: synchronize files using with_items (issue#5965)
- synchronize: src={{output_dir}}/{{item}} dest={{output_dir}}/{{item}}.result
+ synchronize:
+ src: '{{output_dir}}/{{item}}'
+ dest: '{{output_dir}}/{{item}}.result'
with_items:
- foo.txt
- bar.txt
register: sync_result
+ delegate_to: '{{ inventory_hostname }}'
- assert:
that:
- sync_result.changed
@@ -151,9 +180,14 @@
with_items:
- foo.txt
- bar.txt
+
- name: synchronize files using rsync_path (issue#7182)
- synchronize: src={{output_dir}}/foo.txt dest={{output_dir}}/foo.rsync_path rsync_path="sudo rsync"
+ synchronize:
+ src: '{{output_dir}}/foo.txt'
+ dest: '{{output_dir}}/foo.rsync_path'
+ rsync_path: 'sudo rsync'
register: sync_result
+ delegate_to: '{{ inventory_hostname }}'
- assert:
that:
- '''changed'' in sync_result'
@@ -186,6 +220,7 @@
dest: '{{output_dir}}/{{item}}/foo.txt'
with_items:
- directory_a
+ delegate_to: '{{ inventory_hostname }}'
- name: synchronize files using link_dest
synchronize:
src: '{{output_dir}}/directory_a/foo.txt'
@@ -193,6 +228,7 @@
link_dest:
- '{{output_dir}}/directory_a'
register: sync_result
+ delegate_to: '{{ inventory_hostname }}'
- name: get stat information for directory_a
stat:
path: '{{ output_dir }}/directory_a/foo.txt'
@@ -214,6 +250,8 @@
- '{{output_dir}}'
register: sync_result
ignore_errors: true
+ delegate_to: '{{ inventory_hostname }}'
+
- assert:
that:
- sync_result is not changed
@@ -227,3 +265,46 @@
- directory_a/foo.txt
- directory_a
- directory_b
+
+- name: setup - test for source with working dir with spaces in path
+ file:
+ state: directory
+ path: '{{output_dir}}/{{item}}'
+ delegate_to: '{{ inventory_hostname }}'
+ with_items:
+ - 'directory a'
+ - 'directory b'
+- name: setup - create test new files
+ copy:
+ dest: '{{output_dir}}/directory a/{{item}}'
+ mode: '0644'
+ content: 'hello world'
+ with_items:
+ - foo.txt
+ delegate_to: '{{ inventory_hostname }}'
+- name: copy source with spaces in dir path
+ synchronize:
+ src: '{{output_dir}}/directory a/foo.txt'
+ dest: '{{output_dir}}/directory b/'
+ delegate_to: '{{ inventory_hostname }}'
+ register: sync_result
+ ignore_errors: true
+- name: get stat information for directory_b
+ stat:
+ path: '{{ output_dir }}/directory b/foo.txt'
+ register: stat_result_b
+- assert:
+ that:
+ - '''changed'' in sync_result'
+ - sync_result.changed == true
+ - stat_result_b.stat.exists == True
+ - stat_result_b.stat.checksum == '2aae6c35c94fcfb415dbe95f408b9ce91ee846ed'
+- name: Cleanup
+ file:
+ state: absent
+ path: '{{output_dir}}/{{item}}'
+ with_items:
+ - 'directory b/foo.txt'
+ - 'directory a/foo.txt'
+ - 'directory a'
+ - 'directory b'
diff --git a/tests/integration/targets/sysctl/tasks/main.yml b/tests/integration/targets/sysctl/tasks/main.yml
index 6372128..c9a63c4 100644
--- a/tests/integration/targets/sysctl/tasks/main.yml
+++ b/tests/integration/targets/sysctl/tasks/main.yml
@@ -22,7 +22,7 @@
- name: Test inside Docker
when:
- - ansible_facts.virtualization_type == 'docker'
+ - ansible_facts.virtualization_type == 'docker' or ansible_facts.virtualization_type == 'container'
block:
- set_fact:
output_dir_test: "{{ output_dir }}/test_sysctl"
@@ -123,10 +123,10 @@
that:
- sysctl_test2_change_test is not changed
- - name: Try sysctl with an invalid value
+ - name: Try sysctl with an invalid name
sysctl:
- name: net.ipv4.ip_forward
- value: foo
+ name: test.invalid
+ value: 1
register: sysctl_test3
ignore_errors: yes
@@ -196,10 +196,10 @@
- sysctl_no_value is failed
- "sysctl_no_value.msg == 'value cannot be None'"
- - name: Try sysctl with an invalid value
+ - name: Try sysctl with an invalid name
sysctl:
- name: net.ipv4.ip_forward
- value: foo
+ name: test.invalid
+ value: 1
sysctl_set: yes
register: sysctl_test4
ignore_errors: yes
diff --git a/tests/sanity/ignore-2.12.txt b/tests/sanity/ignore-2.12.txt
index 013403f..0b6905e 100644
--- a/tests/sanity/ignore-2.12.txt
+++ b/tests/sanity/ignore-2.12.txt
@@ -1,4 +1,4 @@
-plugins/modules/synchronize.py pylint:blacklisted-name
+plugins/modules/synchronize.py pylint:disallowed-name
plugins/modules/synchronize.py use-argspec-type-path
plugins/modules/synchronize.py validate-modules:doc-default-does-not-match-spec
plugins/modules/synchronize.py validate-modules:nonexistent-parameter-documented
diff --git a/tests/sanity/ignore-2.13.txt b/tests/sanity/ignore-2.13.txt
new file mode 100644
index 0000000..0b6905e
--- /dev/null
+++ b/tests/sanity/ignore-2.13.txt
@@ -0,0 +1,8 @@
+plugins/modules/synchronize.py pylint:disallowed-name
+plugins/modules/synchronize.py use-argspec-type-path
+plugins/modules/synchronize.py validate-modules:doc-default-does-not-match-spec
+plugins/modules/synchronize.py validate-modules:nonexistent-parameter-documented
+plugins/modules/synchronize.py validate-modules:parameter-type-not-in-doc
+plugins/modules/synchronize.py validate-modules:undocumented-parameter
+tests/utils/shippable/check_matrix.py replace-urlopen
+tests/utils/shippable/timing.py shebang
diff --git a/tests/unit/mock/loader.py b/tests/unit/mock/loader.py
index 0ee47fb..e5dff78 100644
--- a/tests/unit/mock/loader.py
+++ b/tests/unit/mock/loader.py
@@ -46,8 +46,8 @@ class DictDataLoader(DataLoader):
# TODO: the real _get_file_contents returns a bytestring, so we actually convert the
# unicode/text it's created with to utf-8
- def _get_file_contents(self, path):
- path = to_text(path)
+ def _get_file_contents(self, file_name):
+ path = to_text(file_name)
if path in self._file_mapping:
return (to_bytes(self._file_mapping[path]), False)
else:
diff --git a/tests/unit/plugins/action/test_synchronize.py b/tests/unit/plugins/action/test_synchronize.py
index 39d9697..bc1efca 100644
--- a/tests/unit/plugins/action/test_synchronize.py
+++ b/tests/unit/plugins/action/test_synchronize.py
@@ -125,7 +125,7 @@ class SynchronizeTester(object):
metapath = os.path.join(fixturepath, 'meta.yaml')
with open(metapath, 'rb') as f:
fdata = f.read()
- test_meta = yaml.load(fdata)
+ test_meta = yaml.safe_load(fdata)
# load initial play context vars
if '_play_context' in test_meta:
| |