Fix CI: Remove FreeBSD 12.2 targets
SUMMARY
Removes CI tests for FreeBSD 12.2 that are failing when trying to bootstrap http://pkg.freebsd.org/FreeBSD:12:amd64/release_2
Example PR affected #466
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
.azure-pipelines/azure-pipelines.yml
ADDITIONAL INFORMATION
N/A
Reviewed-by: Hideki Saito <saito@fgrep.org>
Fix CI: replace `include:` with `include_tasks:`
SUMMARY
include: is removed for ansible-core 2.16 and no longer works with current devel.
ISSUE TYPE
Test Pull Request
COMPONENT NAME
integration tests
Reviewed-by: Hideki Saito <saito@fgrep.org>
fix sysctl integration test failing on newer versions of core
Previously NoneType was allowable, now it fails to convert to a str type.
SUMMARY
fix sysctl integration test failing on newer versions of core
Previously NoneType was allowable, now it fails to convert to a str
type.
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
sysctl
fix firewalld protocol
SUMMARY
This PR resolves an issue where opening a port (e.g. 25/tcp) resulted in opening all ports for the specified protocol (e.g. tcp)
Fixes#451
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
ansible.posix.firewalld
ADDITIONAL INFORMATION
Many thanks to @nerrehmit and every one else who helped troubleshooting this!
json[l] callback: add parameter to set JSON prettyprint indent level
SUMMARY
Add ANSIBLE_JSON_INDENT parameter to both the json and jsonl callback plugins. The default values are different between the two modules to maintain their existing behavior:
json: indent==4, causing a prettyprint output
jsonl: indent==0, causing a 1-line output
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
ansible.posix.json
ansible.posix.jsonl
ADDITIONAL INFORMATION
One specific use-case that is enabled by this feature: if a user chooses to use the jsonl plugin so that they still get output at the end of each task (vs. only at the end of the play), they may also want human-readable output so that they can monitor the status of their play. For example, setting the jsonl indent level to 4 gives a) output at the end of each task, and b) making that output be both machine readable and human readable.
Using this trivial playbook shows the change:
- hosts: localhost
gather_facts: false
tasks:
- name: hello, world
debug:
msg: hello, world
When using the jsonl callback, here's what one JSON emit looks like before the change:
{"_event":"v2_playbook_on_play_start","_timestamp":"2023-04-08T12:11:48.001806Z","play":{"duration":{"start":"2023-04-08T12:11:48.001383Z"},"id":"acde4800-1122-f32c-94c3-000000000001","name":"localhost"},"tasks":[]}
After the change, setting ANSIBLE_JSON_INDENT to 4, the same output looks like this:
{
"_event":"v2_playbook_on_play_start",
"_timestamp":"2023-04-08T12:12:47.787516Z",
"play":{
"duration":{
"start":"2023-04-08T12:12:47.787164Z"
},
"id":"acde4800-1122-2946-e3e4-000000000001",
"name":"localhost"
},
"tasks":[]
}
Both outputs are suitable for automated processes to parse the machine readable output. The second output has the benefit of being human readable.
Reviewed-by: Adam Miller <admiller@redhat.com>
Reviewed-by: Jeff Squyres
Add ANSIBLE_JSON_INDENT parameter to both the json and jsonl callback
plugins. The default values are different between the two modules to
maintain their existing behavior:
* json: indent==4, causing a prettyprint output
* jsonl: indent==0, causing a 1-line output
One specific use-case that is enabled by this feature: if a user
chooses to use the jsonl plugin so that they still get output at the
end of each task (vs. only at the end of the play), they may also want
human-readable output so that they can monitor the status of their
play. For example, setting the jsonl indent level to 4 gives a)
output at the end of each task, and b) making that output be both
machine readable and human readable.
Signed-off-by: Jeff Squyres <jsquyres@cisco.com>
json[l] callback: add play/task path info
Add the play and task path info (i.e., filename and line number) to the JSON that is emitted from the json and jsonl callback plugins, allowing more accurate post-mortem analysis.
SUMMARY
Add the play and task path info (i.e., filename and line number) to the JSON that is emitted from the json and jsonl callback plugins, allowing more accurate post-mortem analysis.
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
ansible.posix.json
ansible.posix.jsonl
ADDITIONAL INFORMATION
By also including the file/line number in the JSON data emitted, post-mortem analysis can unambiguously tie play/task log data to the specific play / task that generated it. Without this information, it could be difficult for automated processes to precisely map log output back to the task that generated it (especially with playbooks that either do not name tasks, or do not name tasks uniquely).
Using this trivial playbook shows the change:
- hosts: localhost
gather_facts: false
tasks:
- name: hello, world
debug:
msg: hello, world
When using the json callback, here's what it looks like before the change (for brevity, just the plays section of the output):
{
"play": {
"duration": {
"end": "2023-04-08T11:35:39.694000Z",
"start": "2023-04-08T11:35:39.657056Z"
},
"id": "acde4800-1122-6387-7abd-000000000001",
"name": "localhost",
},
"tasks": [
{
"hosts": {
"localhost": {
"_ansible_no_log": null,
"_ansible_verbose_always": true,
"action": "debug",
"changed": false,
"msg": "hello, world"
}
},
"task": {
"duration": {
"end": "2023-04-08T11:35:39.694000Z",
"start": "2023-04-08T11:35:39.672132Z"
},
"id": "acde4800-1122-6387-7abd-000000000003",
"name": "hello, world",
}
}
]
}
After the change, there is a new path key/value in both the play and the task:
{
"play": {
"duration": {
"end": "2023-04-08T11:35:39.694000Z",
"start": "2023-04-08T11:35:39.657056Z"
},
"id": "acde4800-1122-6387-7abd-000000000001",
"name": "localhost",
"path": "/tmp/plays/hello.yaml:1"
},
"tasks": [
{
"hosts": {
"localhost": {
"_ansible_no_log": null,
"_ansible_verbose_always": true,
"action": "debug",
"changed": false,
"msg": "hello, world"
}
},
"task": {
"duration": {
"end": "2023-04-08T11:35:39.694000Z",
"start": "2023-04-08T11:35:39.672132Z"
},
"id": "acde4800-1122-6387-7abd-000000000003",
"name": "hello, world",
"path": "/tmp/plays/hello.yaml:4"
}
}
]
}
The effect is the same in the jsonl plugin, but the output is squashed into a single line.
Reviewed-by: Adam Miller <admiller@redhat.com>
docs: fix profile_tasks callback documentation
SUMMARY
This fixes the markup.
Fixes: #412
ISSUE TYPE
Docs Pull Request
COMPONENT NAME
profile_tasks
ADDITIONAL INFORMATION
None.
Reviewed-by: Hideki Saito <saito@fgrep.org>
Reviewed-by: Adam Miller <admiller@redhat.com>
[CI] Support sanity docker test on devel(2.16.0.dev0) branch
SUMMARY
Support sanity docker test on devel(2.16.0.dev0) branch:
Fixes#446
ISSUE TYPE
CI tests Pull Request
COMPONENT NAME
ansible.posix
ADDITIONAL INFORMATION
None
Update AZP to support stable-2.15 branch
SUMMARY
Update AZP to support stable-2.15 branch.
Fixes#444
ISSUE TYPE
CI tests Pull Request
COMPONENT NAME
ansible.posix
ADDITIONAL INFORMATION
None
Bugfix masquerade icmp block inversion
SUMMARY
Fixes#235Fixes#116
The masquerade and icmp_block_inversion parameters are currently strings and the values are completely ignored by the module. A warning was previously added that these values will be converted to a boolean in the future.
This PR updates the behavior so that when a boolean like value is provided, the value is correctly considered. If a boolean like string is NOT provided, the current behavior is retained and the value is treated as true. Additionally, comprehensive tests are added for every combination of the parameters state (enabled/disabled) and icmp_block_inversion / masquerade (True/False/non-boolean string).
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
ansible.posix.firewalld
ADDITIONAL INFORMATION
Given icmp block inversion is currently enabled
- name: Testing disable icmp block inversion
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: no
permanent: yes
state: enabled
Before
TASK [firewalld : Testing disable icmp block inversion] ************************
task path: /root/ansible_collections/ansible/posix/tests/output/.tmp/integration/firewalld-96jns0q4-ÅÑŚÌβŁÈ/tests/integration/targets/firewalld/tasks/icmp_block_inversion_test_cases.yml:35
Using module file /root/ansible_collections/ansible/posix/plugins/modules/firewalld.py
Pipelining is enabled.
<testhost> ESTABLISH LOCAL CONNECTION FOR USER: root
<testhost> EXEC /bin/sh -c '/usr/bin/python3.10 && sleep 0'
ok: [testhost] => {
"changed": false,
"invocation": {
"module_args": {
"icmp_block": null,
"icmp_block_inversion": "False",
"immediate": false,
"interface": null,
"masquerade": null,
"offline": null,
"permanent": true,
"port": null,
"port_forward": null,
"rich_rule": null,
"service": null,
"source": null,
"state": "enabled",
"target": null,
"timeout": 0,
"zone": "trusted"
}
},
"msg": "Permanent operation"
}
After
TASK [firewalld : Testing disable icmp block inversion] ************************
task path: /root/ansible_collections/ansible/posix/tests/output/.tmp/integration/firewalld-nxphh1pk-ÅÑŚÌβŁÈ/tests/integration/targets/firewalld/tasks/icmp_block_inversion_test_cases.yml:35
Using module file /root/ansible_collections/ansible/posix/plugins/modules/firewalld.py
Pipelining is enabled.
<testhost> ESTABLISH LOCAL CONNECTION FOR USER: root
<testhost> EXEC /bin/sh -c '/usr/bin/python3.10 && sleep 0'
changed: [testhost] => {
"changed": true,
"invocation": {
"module_args": {
"icmp_block": null,
"icmp_block_inversion": "False",
"immediate": false,
"interface": null,
"masquerade": null,
"offline": null,
"permanent": true,
"port": null,
"port_forward": null,
"rich_rule": null,
"service": null,
"source": null,
"state": "enabled",
"target": null,
"timeout": 0,
"zone": "trusted"
}
},
"msg": "Permanent operation, Changed icmp-block-inversion False to enabled"
}
Reviewed-by: Adam Miller <admiller@redhat.com>
Fix adding interface to zone when firewalld is offline
SUMMARY
Fixes issue #357
The existing implementation had several issues which have been resolved by this PR:
incorrectly assumed some zone always exists that contains the interface
incorrectly included the logic to add the interface to the target zone inside of the condition checking if the interface is already assigned to a different zone (and needs to be removed)
passed an invalid argument to the constructor for FirewallClientZoneSettings
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
ansible.posix.firewalld
ADDITIONAL INFORMATION
- name: Add lo interface to trusted zone
ansible.posix.firewalld:
interface: lo
zone: trusted
permanent: Yes
state: enabled
Before
TASK [firewalld : Add lo interface to trusted zone] ****************************
task path: /root/ansible_collections/ansible/posix/tests/output/.tmp/integration/firewalld-gpgqwc7n-ÅÑŚÌβŁÈ/tests/integration/targets/firewalld/tasks/interface_test_cases.yml:7
Using module file /root/ansible_collections/ansible/posix/plugins/modules/firewalld.py
Pipelining is enabled.
<testhost> ESTABLISH LOCAL CONNECTION FOR USER: root
<testhost> EXEC /bin/sh -c '/usr/bin/python3.10 && sleep 0'
The full traceback is:
File "/tmp/ansible_ansible.posix.firewalld_payload_2vetziz9/ansible_ansible.posix.firewalld_payload.zip/ansible_collections/ansible/posix/plugins/module_utils/firewalld.py", line 112, in action_handler
return action_func(*action_func_args)
File "/tmp/ansible_ansible.posix.firewalld_payload_2vetziz9/ansible_ansible.posix.firewalld_payload.zip/ansible_collections/ansible/posix/plugins/modules/firewalld.py", line 481, in set_enabled_permanent
fatal: [testhost]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"icmp_block": null,
"icmp_block_inversion": null,
"immediate": false,
"interface": "lo",
"masquerade": null,
"offline": null,
"permanent": true,
"port": null,
"port_forward": null,
"rich_rule": null,
"service": null,
"source": null,
"state": "enabled",
"target": null,
"timeout": 0,
"zone": "trusted"
}
},
"msg": "ERROR: Exception caught: list index out of range Permanent operation"
}
After
TASK [firewalld : Add lo interface to trusted zone] ****************************
task path: /root/ansible_collections/ansible/posix/tests/output/.tmp/integration/firewalld-tr92i6e1-ÅÑŚÌβŁÈ/tests/integration/targets/firewalld/tasks/interface_test_cases.yml:7
Using module file /root/ansible_collections/ansible/posix/plugins/modules/firewalld.py
Pipelining is enabled.
<testhost> ESTABLISH LOCAL CONNECTION FOR USER: root
<testhost> EXEC /bin/sh -c '/usr/bin/python3.10 && sleep 0'
changed: [testhost] => {
"changed": true,
"invocation": {
"module_args": {
"icmp_block": null,
"icmp_block_inversion": null,
"immediate": false,
"interface": "lo",
"masquerade": null,
"offline": null,
"permanent": true,
"port": null,
"port_forward": null,
"rich_rule": null,
"service": null,
"source": null,
"state": "enabled",
"target": null,
"timeout": 0,
"zone": "trusted"
}
},
"msg": "Permanent operation, Changed lo to zone trusted, (offline operation: only on-disk configs were altered)"
}
Reviewed-by: Adam Miller <admiller@redhat.com>
Add the play and task path info (i.e., filename and line number) to
the JSON that is emitted from the json and jsonl callback plugins,
allowing more accurate post-mortem analysis.
Signed-off-by: Jeff Squyres <jsquyres@cisco.com>
Bump release version in galaxy.yml for the next release
SUMMARY
Bump release version in galaxy.yml for the next release
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
ansible.posix
ADDITIONAL INFORMATION
None
Add jsonl callback plugin to ansible.posix collection
SUMMARY
New jsonl callback plugin writes log in JSONL format - one JSON line for each event (callback function call).
Fixes#436
ISSUE TYPE
New Module Pull Request
COMPONENT NAME
ansible.posix.jsonl
Reviewed-by: Hideki Saito <saito@fgrep.org>
bindep - install rsync on all EL variants
Adds support for installing rsync for centos and related EL variants (AlmaLinux, Rocky, Oracle, etc)
rsync is an extremely common package, available in the base repos of all EL distros.
This is necessary to properly support AWX-EE and other community-built EL Execution Environments.
See: ansible/awx-ee#167
Reviewed-by: Austin Lane <austinwlane@gmail.com>
Reviewed-by: Hideki Saito <saito@fgrep.org>
firewalld_info: fixed typo in default_zone and improved examples
SUMMARY
There was a typo in the docs of firewalld_info. Furthermore I slightly improved the examples by showcasing how to use the data gathered by this module.
ISSUE TYPE
Docs Pull Request
COMPONENT NAME
firewalld_info
ADDITIONAL INFORMATION
I'm not sure whether I should also update the file docs/ansible.posix.firewalld_info_module.rst but I suspect it will be generated automatically?
Reviewed-by: Hideki Saito <saito@fgrep.org>
rhel_facts module must use keyword arguments
SUMMARY
The rhel_facts module must use keyword arguments. The current
code gives this error:
Traceback (most recent call last):
...
File "/tmp/ansible_ansible.posix.rhel_facts_payload_y10oy_4m/.../rhel_facts.py", line 72, in main
TypeError: exit_json() takes 1 positional argument but 2 were given
The fix is to use all keyword arguments like other facts plugins.
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
ansible.posix.rhel_facts
ADDITIONAL INFORMATION
@maxamillion fyi
Reviewed-by: Hideki Saito <saito@fgrep.org>
The rhel_facts module must use keyword arguments. The current
code gives this error:
```
Traceback (most recent call last):
...
File "/tmp/ansible_ansible.posix.rhel_facts_payload_y10oy_4m/.../rhel_facts.py", line 72, in main
TypeError: exit_json() takes 1 positional argument but 2 were given
```
The fix is to use all keyword arguments like other facts plugins.
[CI] Update AZP matrix to add macOS 13.2 and remove macOS 12.0
SUMMARY
This PR fixes issue #431
ISSUE TYPE
CI tests Pull Request
COMPONENT NAME
ansible.posix
ADDITIONAL INFORMATION
None
Support new test-sanity-docker-devel test
SUMMARY
Support new test-sanity-docker-devel test.
ISSUE TYPE
CI test Pull Request
COMPONENT NAME
ansible.posix
ADDITIONAL INFORMATION
New test-sanity-docker-devel test is currently non-voting state.
firewalld: Add support for protocol parameter
SUMMARY
Fixes#416 - This PR implements the --add-protocol/--remove-protocol parameters for firewalld.
I have just copied and rewritten the code from service parameter. Please look carefully :)
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
firewalld
ADDITIONAL INFORMATION
- name: Allow OSPF traffic
ansible.posix.firewalld:
protocol: ospf
zone: work
state: enabled
permanent: true
Reviewed-by: Hideki Saito <saito@fgrep.org>
patch: fix documentation syntax
SUMMARY
Fixed lacking of C() for description of src option. And fixed by collection_prep.
Based on this and this discussion.
ISSUE TYPE
Docs Pull Request
COMPONENT NAME
ansible.posix.patch module
ADDITIONAL INFORMATION
N/A
Reviewed-by: Hideki Saito <saito@fgrep.org>
Adds support for installing rsync for centos and related EL variants (AlmaLinux, Rocky, Oracle, etc)
rsync is an extremely common package, available in the base repos of all EL distros
This is necessary to properly support AWX-EE and other community-built EL Execution Environments.
