bindep - install rsync on all EL variants
Adds support for installing rsync for centos and related EL variants (AlmaLinux, Rocky, Oracle, etc)
rsync is an extremely common package, available in the base repos of all EL distros.
This is necessary to properly support AWX-EE and other community-built EL Execution Environments.
See: ansible/awx-ee#167
Reviewed-by: Austin Lane <austinwlane@gmail.com>
Reviewed-by: Hideki Saito <saito@fgrep.org>
firewalld_info: fixed typo in default_zone and improved examples
SUMMARY
There was a typo in the docs of firewalld_info. Furthermore I slightly improved the examples by showcasing how to use the data gathered by this module.
ISSUE TYPE
Docs Pull Request
COMPONENT NAME
firewalld_info
ADDITIONAL INFORMATION
I'm not sure whether I should also update the file docs/ansible.posix.firewalld_info_module.rst but I suspect it will be generated automatically?
Reviewed-by: Hideki Saito <saito@fgrep.org>
rhel_facts module must use keyword arguments
SUMMARY
The rhel_facts module must use keyword arguments. The current
code gives this error:
Traceback (most recent call last):
...
File "/tmp/ansible_ansible.posix.rhel_facts_payload_y10oy_4m/.../rhel_facts.py", line 72, in main
TypeError: exit_json() takes 1 positional argument but 2 were given
The fix is to use all keyword arguments like other facts plugins.
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
ansible.posix.rhel_facts
ADDITIONAL INFORMATION
@maxamillion fyi
Reviewed-by: Hideki Saito <saito@fgrep.org>
The rhel_facts module must use keyword arguments. The current
code gives this error:
```
Traceback (most recent call last):
...
File "/tmp/ansible_ansible.posix.rhel_facts_payload_y10oy_4m/.../rhel_facts.py", line 72, in main
TypeError: exit_json() takes 1 positional argument but 2 were given
```
The fix is to use all keyword arguments like other facts plugins.
[CI] Update AZP matrix to add macOS 13.2 and remove macOS 12.0
SUMMARY
This PR fixes issue #431
ISSUE TYPE
CI tests Pull Request
COMPONENT NAME
ansible.posix
ADDITIONAL INFORMATION
None
Support new test-sanity-docker-devel test
SUMMARY
Support new test-sanity-docker-devel test.
ISSUE TYPE
CI test Pull Request
COMPONENT NAME
ansible.posix
ADDITIONAL INFORMATION
New test-sanity-docker-devel test is currently non-voting state.
firewalld: Add support for protocol parameter
SUMMARY
Fixes#416 - This PR implements the --add-protocol/--remove-protocol parameters for firewalld.
I have just copied and rewritten the code from service parameter. Please look carefully :)
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
firewalld
ADDITIONAL INFORMATION
- name: Allow OSPF traffic
ansible.posix.firewalld:
protocol: ospf
zone: work
state: enabled
permanent: true
Reviewed-by: Hideki Saito <saito@fgrep.org>
patch: fix documentation syntax
SUMMARY
Fixed lacking of C() for description of src option. And fixed by collection_prep.
Based on this and this discussion.
ISSUE TYPE
Docs Pull Request
COMPONENT NAME
ansible.posix.patch module
ADDITIONAL INFORMATION
N/A
Reviewed-by: Hideki Saito <saito@fgrep.org>
Adds support for installing rsync for centos and related EL variants (AlmaLinux, Rocky, Oracle, etc)
rsync is an extremely common package, available in the base repos of all EL distros
This is necessary to properly support AWX-EE and other community-built EL Execution Environments.
Updat ZoneTransaction to support operations when firewalld is offline
SUMMARY
Fixes#398 by checking the flag self.fw_offline and calling the offline specific APIs when the flag is true.
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
ansible.posix.firewalld
ADDITIONAL INFORMATION
When attempting to add or remove zones, the ansible.posix.firewalld module would always call APIs as if it was online.
Specifically, the ZoneTransaction class assumed that self.fw was a FirewallClient, but when the daemon is offline, it is instead either a Firewall or Firewall_test based on the version of firewalld installed.
See #398 for additional background.
Sample task
- name: 'Zone example - Create new zone'
ansible.posix.firewalld:
zone: "example"
state: "present"
permanent: Yes
Before
The full traceback is:
File "/tmp/ansible_ansible.posix.firewalld_payload_04lptorx/ansible_ansible.posix.firewalld_payload.zip/ansible_collections/ansible/posix/plugins/module_utils/firewalld.py", line 111, in action_handler
return action_func(*action_func_args)
File "/tmp/ansible_ansible.posix.firewalld_payload_04lptorx/ansible_ansible.posix.firewalld_payload.zip/ansible_collections/ansible/posix/plugins/modules/firewalld.py", line 678, in get_enabled_permanent
fatal: [boot]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"icmp_block": null,
"icmp_block_inversion": null,
"immediate": false,
"interface": null,
"masquerade": null,
"offline": null,
"permanent": true,
"port": null,
"port_forward": null,
"rich_rule": null,
"service": null,
"source": null,
"state": "present",
"target": null,
"timeout": 0,
"zone": "example"
}
},
"msg": "ERROR: Exception caught: 'FirewallConfig' object is not callable"
}
After
changed: [boot] => {
"changed": true,
"invocation": {
"module_args": {
"icmp_block": null,
"icmp_block_inversion": null,
"immediate": false,
"interface": null,
"masquerade": null,
"offline": null,
"permanent": true,
"port": null,
"port_forward": null,
"rich_rule": null,
"service": null,
"source": null,
"state": "present",
"target": null,
"timeout": 0,
"zone": "example"
}
},
"msg": "Permanent operation, Added zone example, Changed zone example to present, (offline operation: only on-disk configs were altered)"
Reviewed-by: Gonéri Le Bouder <goneri@lebouder.net>
Fix broken seealso in synchronize module
SUMMARY
Module references must always have FQCN.
ISSUE TYPE
Docs Pull Request
COMPONENT NAME
synchronize
Reviewed-by: Hideki Saito <saito@fgrep.org>
[CI] Update AZP CI matrix
SUMMARY
To update AZP CI matrix for ansible-core devel branch to address the following issue:
Fixes#408
Update Fedora36 with 37
Update RHEL8.6 with 8.7
Update RHEL9.0 with 9.1
Update FreeBSD 12.3 with 12.4
ISSUE TYPE
CI Tests Pull Request
COMPONENT NAME
ansible.posix
ADDITIONAL INFORMATION
Reference: ansible-test - new and deprecated platforms for testing #31
Fix boolean values in docs
SUMMARY
Fixes#397
ISSUE TYPE
Docs Pull Request
COMPONENT NAME
Docs of several modules
ADDITIONAL INFORMATION
Notes about testing. I'm not sure how to test collections properly. I have ran ansible-test sanity --python 3.10 and ansible-test units --python 3.10 in venv with ansible-core 2.14 (with 0 return code in both cases). To run units test successfully I had to install pytest-forked pip package in addition to this one pytest-xdist from test-requirements.txt.
Note about issue #397. I haven't changed yes here because in this case it is value from /etc/vfstab. Also I've changed yes for parameters masquerade and icmp_block_inversion because they both are converted to bool by boolean function and will be changed to boolean in a future release (1, 2), for required too.
Reviewed-by: Felix Fontein <felix@fontein.de>
Reviewed-by: Hideki Saito <saito@fgrep.org>
Modify firewalld port test cases to avoid port duplication on RHEL9.x
SUMMARY
Modify firewalld port test cases to avoid port duplication behavior on RHEL9.x
ISSUE TYPE
CI Tests Pull Request
COMPONENT NAME
ansible.posix.firewalld
ADDITIONAL INFORMATION
None
Add ephemeral state to mount fs without altering fstab
SUMMARY
Add ephemeral possible value for state parameter.
The ephemeral state allows end-users to mount a volume on a given path, without altering an fstab file or creating a dummy one.
There have been debates about splitting this module into an fstab module and a mount module, but nothing has been done in 5 years. This is why I'd like to propose this feature.
Downside: the way the posix.mount module handles mount options prevents it to be able to check exactly if the given opts perfectly match the mount options of an already mounted volume. To achieve this, the module would have to be aware of every mount default options, for all platforms. This is why state=ephemeral always return changed=yes.
In other terms, a remount will always be triggered if the volume is already mounted, even if the options look to be the same. Using state=unmounted on a volume previously mounted with ephemeral behaves correctly.
ISSUE TYPE
Feature Pull Request
Related issues:
ansible/ansible#48134
#84
COMPONENT NAME
mount
ADDITIONAL INFORMATION
Example use case
Sometimes it is handy to be able to temporarily mount a volume. I've seen this in couple companies where Ansible is used to generate reports and put it on network shares. However, some admins don't look into mount options such as krb5 and multiuser for SMB shares. Being forced to use fstab-based mounts leads to clear text passwords being stored more or less temporarily on the host filesystem, requiring "manual" deletion (with the hassle of using blocks, rescues, always, etc.). This feature respond to this use case by providing a way to mount a volume without having to alter an fstab file.
Description of changes
Edit DOCUMENTATION section to add ephemeral state
Edit EXAMPLES section to add ephemeral state example
Add new function _set_ephemeral_args to use instead of _set_fstab_args when using ephemeral state
Add new function _is_same_mount_src to determine if the mounted volume on the destination path has the same source than the one supplied to the module
Add new function _get_mount_info to avoid redundant code between functions get_linux_mounts and _is_same_mount_src
Modify get_linux_mount to use the new function _get_mount_info. Original behavior is preserved.
Integrate ephemeral parameter treatment into mounted treatment, and add if statements to avoid IO from/to fstab
Add ephemeral as a possible value for the state parameter in main()
Add required_if dependencies for ephemeral state
Reviewed-by: None <None>
Reviewed-by: Hideki Saito <saito@fgrep.org>
Reviewed-by: Abhijeet Kasurde <None>
ansible.posix.mount: add absent_from_fstab option
SUMMARY
Add absent_from_fstab option to remove the entry from fstab, but not unmount or delete the folder. Ideally this would have been the behavior of absent (as to mirror the behavior of present), but for backward compatibility I added a new verbose state
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
mount
ADDITIONAL INFORMATION
Sometimes you may not want to delete the mountpoint (e.g. if it is not currently mounted and data is in the directory, the current behavior will simply error).
Reviewed-by: Amin Vakil <None>
Reviewed-by: None <None>
Fixes#390. Hosts involved must have same password
SUMMARY
Fixes#390
The change takes the password from destination hostvars ansible_ssh_pass or ansible_password when dest is remote.
In other case, previous behavior is maintained and password is taken form task vars ansible_ssh_pass or ansible_password.
Also, both user and password are templated to allow jinja expressions in them.
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
ansible.posix.synchronize
ADDITIONAL INFORMATION
n/a
Reviewed-by: Adam Miller <admiller@redhat.com>
Update documented default parameters to match implementation
SUMMARY
Updates documented default value for the acl module's entity parameter to an empty string and rhel_rpm_ostree's name parameter to an empty array correctly matching the actual implementation in both cases. This should fix currently failing test cases in the devel and milestone branches of CI/CD.
ISSUE TYPE
Docs Pull Request
COMPONENT NAME
ansible.posix.acl
ansible.posix.rhel_rpm_ostree
ADDITIONAL INFORMATION
Display the current documentation for the acl module using ansible-doc ansible.posix.acl or rhel_rpm_ostree module using ansible-doc ansible.posix.rhel_rpm_ostree
Alternatively using ansible-test on devel/milestone branches of ansible, execute:
ansible-test sanity --test validate-modules plugins/modules/
Running sanity test "validate-modules"
ERROR: Found 2 validate-modules issue(s) which need to be resolved:
ERROR: plugins/modules/acl.py:0:0: doc-default-does-not-match-spec: Argument 'entity' in argument_spec defines default as ('') but documentation defines default as (None)
ERROR: plugins/modules/rhel_rpm_ostree.py:0:0: doc-default-does-not-match-spec: Argument 'name' in argument_spec defines default as ([]) but documentation defines default as (None)
Before (ansible.posix.acl)
- entity
The actual user or group that the ACL applies to when matching
entity types user or group are selected.
[Default: (null)]
type: str
After (ansible.posix.acl)
- entity
The actual user or group that the ACL applies to when matching
entity types user or group are selected.
[Default: ]
type: str
Before (ansible.posix.rhel_rpm_ostree)
- name
A package name or package specifier with version, like
`name-1.0'.
Comparison operators for package version are valid here `>',
`<', `>=', `<='. Example - `name>=1.0'
If a previous version is specified, the task also needs to
turn `allow_downgrade' on. See the `allow_downgrade'
documentation for caveats with downgrading packages.
When using state=latest, this can be `'*'' which means run
`yum -y update'.
You can also pass a url or a local path to a rpm file (using
state=present). To operate on several packages this can accept
a comma separated string of packages or (as of 2.0) a list of
packages.
aliases: [pkg]
default: null
elements: str
type: list
After (ansible.posix.rhel_rpm_ostree)
- name
A package name or package specifier with version, like
`name-1.0'.
Comparison operators for package version are valid here `>',
`<', `>=', `<='. Example - `name>=1.0'
If a previous version is specified, the task also needs to
turn `allow_downgrade' on. See the `allow_downgrade'
documentation for caveats with downgrading packages.
When using state=latest, this can be `'*'' which means run
`yum -y update'.
You can also pass a url or a local path to a rpm file (using
state=present). To operate on several packages this can accept
a comma separated string of packages or (as of 2.0) a list of
packages.
aliases: [pkg]
default: []
elements: str
type: list
Reviewed-by: Felix Fontein <felix@fontein.de>
Reviewed-by: Adam Miller <admiller@redhat.com>
