* This is a temporary measure until we stop covering Python2
* Skipped sanity[cannot-ignore] to keep backward compatibility with Python2
* Consolidate all ansible-lint option locations into .ansible-lint
* Fixed some typos
Signed-off-by: saito-hideki <saito@fgrep.org>
(cherry picked from commit 9dc73a686a)
[AZP] Update CI matrix
SUMMARY
Update AZP CI matrix:
Addresses #672
Bump test container version 7.0.0
Removes Ansible Core 2.15 tests. Python 3.11 is no longer supported in Container 7.0.0.
ISSUE TYPE
CI Pull Request
COMPONENT NAME
ansible.posix
ADDITIONAL INFORMATION
None
Update README for release of Ansible Core 2.19
SUMMARY
README updated with the release of Ansible Core 2.19
https://docs.ansible.com/ansible/devel/roadmap/ROADMAP_2_19.html
ISSUE TYPE
Docs Pull Request
COMPONENT NAME
ansible.posix
ADDITIONAL INFORMATION
N/A
[AZP][CI] Update AZP matrix to follow ansible-test changes
SUMMARY
Update AZP matrix to follow ansible-test changes
ansible/ansible/pull/85558
ansible/ansible/pull/85561
ansible/ansible/pull/85562
ISSUE TYPE
CI Pull Request
COMPONENT NAME
ansible.posix
ADDITIONAL INFORMATION
None
[AZP] Fixed syntax error in AZP settings
SUMMARY
Fixed syntax error in AZP settings
ISSUE TYPE
CI Pull Request
COMPONENT NAME
ansible.posix
ADDITIONAL INFORMATION
None
[CI] bump ansible-core version to 2.20 for devel branch
SUMMARY
Bump ansible-core version to 2.20 for devel branch.
Bump devel test to ansible-core 2.19
Add ansible-core 2.18 to the stable list
ISSUE TYPE
CI Pull Request
COMPONENT NAME
ansible.posix
ADDITIONAL INFORMATION
None
profile_* callbacks: avoid deprecated/deleted functions
SUMMARY
The profile_roles and profile_tasks callbacks define methods playbook_on_setup and playbook_on_stats which have been deleted/deprecated:
playbook_on_stats has been deprecated, v2_playbook_on_stats should be used instead (that one has already been there for many years: ansible/ansible@ba0e532 was added in 2015).
playbook_on_setup has been deleted (ansible/ansible@eec57ec), and its v2 variant was already deleted in 2017: ansible/ansible@59d5481
Ref: #635
ISSUE TYPE
Bugfix Pull Request
Feature Pull Request
COMPONENT NAME
profile_roles
profile_tasks
Reviewed-by: Abhijeet Kasurde
Reviewed-by: Hideki Saito <saito@fgrep.org>
[AZP] Add RHEL10 environment to CI matrix
SUMMARY
Add RHEL10 environment to CI matrix
Fixes#642
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
ansible.posix
ADDITIONAL INFORMATION
N/A
Fixes issue related to latest ansible-core devel branch
SUMMARY
Fixes a bug related to updating the ansible-core devel branch.
Fixes incorrect load path for json module in cgroup_perf_recap
Remove unnecessary condition from seboolean integration tests
Optimize conditions for selinux integration tests
Fixes#630
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
ansible.posix.cgroup_perf_recap
ADDITIONAL INFORMATION
N/A
Release 2.0.0 commit
SUMMARY
Release 2.0.0 commit
Release Plan #149
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
ansible.posix
ADDITIONAL INFORMATION
This will be merged on 5 December if there are no problems
Reviewed-by: Adam Miller <admiller@redhat.com>
Reviewed-by: Andrew Klychkov <aklychko@redhat.com>
[Breaking Change] [firewalld] Change type of icmp_block_inversion option from str to bool
SUMMARY
Changed the type of icmp_block_inversion option from str to bool
Fixes#586
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
ansible.posix.firewalld
ADDITIONAL INFORMATION
Related #582 and #584
Reviewed-by: Adam Miller <admiller@redhat.com>
Reviewed-by: Andrew Klychkov <aklychko@redhat.com>
Remove comment from fstab entry on updating.
SUMMARY
Fix#595.
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
ansible.posix.mount
ADDITIONAL INFORMATION
Reviewed-by: Hideki Saito <saito@fgrep.org>
Reviewed-by: Vladimir Botka <vbotka@gmail.com>
authorized_key: Allow local path to a key
SUMMARY
Add option to specify an absolute path to file with SSH key(s) for authorized_key
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
authorized_key
ADDITIONAL INFORMATION
Before this change you would need to get key using ansible.builtin.slurp or something like ansible.builtin.command: cat <file> with register
I tried to keep it as simple as possible
# Now this is possible
- name: Set authorized keys taken from path
ansible.posix.authorized_key:
user: charlie
state: present
key: /home/charlie/.ssh/id_rsa.pub
Reviewed-by: Hideki Saito <saito@fgrep.org>
Reviewed-by: alexander
* bump devel test to ansible-core 2.19
* add ansible-core 2.18 to stable list but CI only covers sanity test at the moment.
Signed-off-by: Hideki Saito <saito@fgrep.org>
(feat) add no_log option for 'opts' parameter
SUMMARY
Allows you to set no_log on just the opts parameter.
This is useful for CIFS/SMB mounts that would otherwise leak secrets.
Adds feature from issue: . #497
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
mount
Reviewed-by: Hideki Saito <saito@fgrep.org>
maintain proper formating of the remote paths when defined as user@ho…
…st:/... or host:/...
SUMMARY
update _format_rsync_rsh_target for proper handling of remote rsh/ssh paths. fixes#360
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
ansible.posix.synchronize
Reviewed-by: Adam Miller <admiller@redhat.com>
Reviewed-by: Hideki Saito <saito@fgrep.org>
Firewalld: Add functionality to set forwarding
SUMMARY
Adds firewalld functionality to do the equivalent of firewall-cmd --add-forwarding --zone={zone}.
Functionality is exactly analogous to the firewall-cmd --add-masquerade --zone={zone} already present.
Fixes#529
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
firewalld
ADDITIONAL INFORMATION
Usage:
- ansible.posix.firewalld:
forward: true
state: enabled
permanent: true
zone: internal
Reviewed-by: Abhijeet Kasurde
Reviewed-by: Hideki Saito <saito@fgrep.org>
Sometimes it's necessary to configure SELinux before it's enabled on the
system. There's `ignore_selinux_state` which should allow it. Before
this change `seboolean` module failed on SELinux disabled system even
with `ignore_selinux_state: true` and SELinux policy installed while
`semanage boolean` worked as expected:
$ ansible -i 192.168.121.153, -m seboolean -a "name=ssh_sysadm_login state=on ignore_selinux_state=true" all
192.168.121.153 | FAILED! => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"msg": "Failed to get list of boolean names"
}
$ ssh root@192.168.121.153 semanage boolean -l | grep ssh_sysadm_login
ssh_sysadm_login (off , off) Allow ssh to sysadm login
It's caused by `selinux.security_get_boolean_names()` and
`selinux.security_get_boolean_active(name)` which required SELinux
enabled system.
This change adds a fallback to semanage API which works in SELinux
disabled system when SELinux targeted policy is installed:
ANSIBLE_LIBRARY=plugins/modules ansible -i 192.168.121.153, -m seboolean -a "name=ssh_sysadm_login state=on persistent=true ignore_selinux_state=true" all
192.168.121.153 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": true,
"name": "ssh_sysadm_login",
"persistent": true,
"state": true
}
$ ssh root@192.168.121.153 semanage boolean -l | grep ssh_sysadm_login
ssh_sysadm_login (on , on) Allow ssh to sysadm login
Note that without `persistent=true` this module is effectively NO-OP now.
Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
firewalld: make offline do something
SUMMARY
ansible.posix.firewalld has an offline flag, but it currently does not do anything. What most people expect it to do is allow the task to proceed even when firewalld is offline, so it makes the most sense for it to override the immediate flag and prevent the module from throwing an error in that case.
Fixes#81.
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
firewalld
ADDITIONAL INFORMATION
Reviewed-by: Adam Miller <admiller@redhat.com>
