- Remove centos6 platforms for integration tests on
the ansible devel branch from the azure-pipelines.
- Add delegate_to to each task of integration test for
synchronized module on devel branch
- Modify invalid parameter test to use key instead of name
for sysctl module
- Replace lookup plugin to slurp module in integration tests
for selinux module
- Add creating working directory task in integration tests
for acl module
Signed-off-by: Hideki Saito <saito@fgrep.org>
The ability to disable SELinux from userspace based on the configuration
file is being deprecated in favor of the selinux=0 kernel boot
parameter. (Note that this affects only the "full" disable; switching
to/from permissive mode will work the same as before.)
Therefore, add an 'update_kernel_param' module parameter that will cause
it to set/unset the kernel command-line parameter using grubby when
enabling/disabling SELinux. (An explicit parameter was chosen for
backwards compatibility.)
More information:
https://lore.kernel.org/selinux/157836784986.560897.13893922675143903084.stgit@chester/https://fedoraproject.org/wiki/Changes/Remove_Support_For_SELinux_Runtime_Disable
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Add new firewalld_info module to ansible.posix collection
SUMMARY
Add new firewalld_info module to ansible.posix collection.
Gathering information about firewalld zone settings
fixes#98
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
ansible.posix.firewalld_info
ADDITIONAL INFORMATION
None
Reviewed-by: Abhijeet Kasurde <None>
Reviewed-by: Hideki Saito <saito@fgrep.org>
synchronize: fix to honor become_user when become_method sudo
SUMMARY
When become_method is sudo, the synchronize module ignores become_user, always running as root. This means one cannot create files as a target user, when they need to get in via a third user and can only sudo via that one. In my case, I'm connecting via a special provisioning user that has sudo privs, but I need to create the files as the become_user. I'm using it to deposit skeleton files, and there should be no reason to run another task with chown; after all, the documentation already describes the desired behavior:
The user and permissions for the synchronize dest are those of the remote_user on the destination host or the become_user if become=yes is active.
This patch takes the running become_user (if it's not None) and adds it to the sudo command with the -u command line option, so the file gets created correctly. I have tested this and it works.
Other become_methods are ignored, but they already were anyways (the code already has a TODO to add other methods, which we don't attempt in this patch)
Fixes#186
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
synchronize
ADDITIONAL INFORMATION
See reproduction in #186.
This appears to have been in place since ansible/ansible@811a906
Reviewed-by: Amin Vakil <info@aminvakil.com>
Reviewed-by: Sumit Jaiswal <sjaiswal@redhat.com>
Restructure integration tests for authorized_key module
SUMMARY
Split the large tasks/main.yml in integration tests to each function block and use import_tasks to import for them.
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
tests/integration/targets/authorized_key/
ADDITIONAL INFORMATION
None
* Address the issue #28
* Modified behavior to set noauto option if boot is 'no' on Linux system
* Modified integration test to use filesize module instead of dd
Signed-off-by: Hideki Saito <saito@fgrep.org>
* firewalld: add zone target set
Fixes https://github.com/ansible/ansible/issues/49232
Signed-off-by: Adam Miller <admiller@redhat.com>
* fix sanity tests, add example of zone target setting
Signed-off-by: Adam Miller <admiller@redhat.com>
* test different zone/target combination as we're not hitting default settings
Signed-off-by: Adam Miller <admiller@redhat.com>
* fix enabled values for zone operations
Signed-off-by: Adam Miller <admiller@redhat.com>
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
