Merge pull request #693 from saito-hideki/pr/ci_2025120500

[CI] Update AZP CI matrix and sanity tests

SUMMARY

Update AZP CI matrix. Bump the remote target version for 2.16 and 2.17
Add ignore file for Ansible Core 2.21 for the current devel version sanity test

ISSUE TYPE

CI tests Pull Request

COMPONENT NAME

ansible.posix

ADDITIONAL INFORMATION
None

.ansible-lint

@@ -4,7 +4,8 @@
 # SPDX-FileCopyrightText: 2024, Ansible Project
 
 skip_list:
-  - meta-runtime[unsupported-version]  # Tis rule doesn't make any sense
+  - meta-runtime[unsupported-version]  # This rule doesn't make any sense
   - fqcn[deep]  # This rule produces false positives for files in tests/unit/plugins/action/fixtures/
+  - sanity[cannot-ignore]  # This rule is skipped to keep backward compatibility with Python 2
 exclude_paths:
   - changelogs/

.azure-pipelines/azure-pipelines.yml

@@ -37,13 +37,13 @@ variables:
 resources:
   containers:
     - container: default
-      image: quay.io/ansible/azure-pipelines-test-container:6.0.0
+      image: quay.io/ansible/azure-pipelines-test-container:7.0.0
 
 pool: Standard
 
 stages:
   - stage: Sanity_devel
-    displayName: Ansible devel sanity
+    displayName: Ansible devel Sanity & Units & Lint
     dependsOn: []
     jobs:
       - template: templates/matrix.yml
@@ -57,8 +57,38 @@ stages:
               test: units
             - name: Lint
               test: lint
+  - stage: Sanity_2_20
+    displayName: Ansible 2.20 Sanity & Units & Lint
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: "{0}"
+          testFormat: 2.20/{0}
+          targets:
+            - name: Sanity
+              test: sanity
+            - name: Units
+              test: units
+            - name: Lint
+              test: lint
+  - stage: Sanity_2_19
+    displayName: Ansible 2.19 Sanity & Units & Lint
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: "{0}"
+          testFormat: 2.19/{0}
+          targets:
+            - name: Sanity
+              test: sanity
+            - name: Units
+              test: units
+            - name: Lint
+              test: lint
   - stage: Sanity_2_18
-    displayName: Ansible 2.18 sanity
+    displayName: Ansible 2.18 Sanity & Units & Lint
     dependsOn: []
     jobs:
       - template: templates/matrix.yml
@@ -73,7 +103,7 @@ stages:
             - name: Lint
               test: lint
   - stage: Sanity_2_17
-    displayName: Ansible 2.17 sanity
+    displayName: Ansible 2.17 Sanity & Units & Lint
     dependsOn: []
     jobs:
       - template: templates/matrix.yml
@@ -88,7 +118,7 @@ stages:
             - name: Lint
               test: lint
   - stage: Sanity_2_16
-    displayName: Ansible 2.16 sanity
+    displayName: Ansible 2.16 Sanity & Units & Lint
     dependsOn: []
     jobs:
       - template: templates/matrix.yml
@@ -100,19 +130,8 @@ stages:
               test: sanity
             - name: Units
               test: units
-  - stage: Sanity_2_15
+            - name: Lint
-    displayName: Ansible 2.15 sanity
+              test: lint
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          nameFormat: "{0}"
-          testFormat: 2.15/{0}
-          targets:
-            - name: Sanity
-              test: sanity
-            - name: Units
-              test: units
   ## Docker
   - stage: Docker_devel
     displayName: Docker devel
@@ -122,14 +141,42 @@ stages:
         parameters:
           testFormat: devel/linux/{0}/1
           targets:
-            - name: Fedora 40
+            - name: Fedora 42
-              test: fedora40
+              test: fedora42
+            - name: Ubuntu 22.04
+              test: ubuntu2204
+            - name: Ubuntu 24.04
+              test: ubuntu2404
+  - stage: Docker_2_20
+    displayName: Docker 2.20
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.20/linux/{0}/1
+          targets:
+            - name: Fedora 42
+              test: fedora42
+            - name: Ubuntu 22.04
+              test: ubuntu2204
+            - name: Ubuntu 24.04
+              test: ubuntu2404
+  - stage: Docker_2_19
+    displayName: Docker 2.19
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.19/linux/{0}/1
+          targets:
+            - name: Fedora 41
+              test: fedora41
             - name: Ubuntu 22.04
               test: ubuntu2204
             - name: Ubuntu 24.04
               test: ubuntu2404
   - stage: Docker_2_18
-    displayName: Docker devel
+    displayName: Docker 2.18
     dependsOn: []
     jobs:
       - template: templates/matrix.yml
@@ -152,8 +199,6 @@ stages:
           targets:
             - name: Fedora 39
               test: fedora39
-            - name: Ubuntu 20.04
-              test: ubuntu2004
             - name: Ubuntu 22.04
               test: ubuntu2204
   - stage: Docker_2_16
@@ -168,27 +213,6 @@ stages:
               test: centos7
             - name: Fedora 38
               test: fedora38
-            - name: Ubuntu 20.04
-              test: ubuntu2004
-            - name: Ubuntu 22.04
-              test: ubuntu2204
-
-  - stage: Docker_2_15
-    displayName: Docker 2.15
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          testFormat: 2.15/linux/{0}/1
-          targets:
-            - name: CentOS 7
-              test: centos7
-            - name: Fedora 37
-              test: fedora37
-            - name: openSUSE 15 py3
-              test: opensuse15
-            - name: Ubuntu 20.04
-              test: ubuntu2004
             - name: Ubuntu 22.04
               test: ubuntu2204
 
@@ -201,24 +225,60 @@ stages:
         parameters:
           testFormat: devel/{0}/1
           targets:
-            - name: RHEL 9.4
+            - name: RHEL 10.0
-              test: rhel/9.4
+              test: rhel/10.0
-            - name: FreeBSD 14.1
+            - name: RHEL 9.6
-              test: freebsd/14.1
+              test: rhel/9.6
-            - name: FreeBSD 13.4
+            - name: FreeBSD 14.3
-              test: freebsd/13.4
+              test: freebsd/14.3
+            - name: FreeBSD 13.5
+              test: freebsd/13.5
+  - stage: Remote_2_20
+    displayName: Remote 2.20
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.20/{0}/1
+          targets:
+            - name: RHEL 10.0
+              test: rhel/10.0
+            - name: RHEL 9.6
+              test: rhel/9.6
+            - name: FreeBSD 14.3
+              test: freebsd/14.3
+            - name: FreeBSD 13.5
+              test: freebsd/13.5
+  - stage: Remote_2_19
+    displayName: Remote 2.19
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.19/{0}/1
+          targets:
+            - name: RHEL 10.0
+              test: rhel/10.0
+            - name: RHEL 9.5
+              test: rhel/9.5
+            - name: FreeBSD 14.2
+              test: freebsd/14.2
+            - name: FreeBSD 13.5
+              test: freebsd/13.5
   - stage: Remote_2_18
-    displayName: Remote devel
+    displayName: Remote 2.18
     dependsOn: []
     jobs:
       - template: templates/matrix.yml
         parameters:
           testFormat: 2.18/{0}/1
           targets:
+            - name: RHEL 10.0
+              test: rhel/10.0
             - name: RHEL 9.4
               test: rhel/9.4
-            - name: FreeBSD 13.3
+            - name: FreeBSD 13.5
-              test: freebsd/13.3
+              test: freebsd/13.5
   - stage: Remote_2_17
     displayName: Remote 2.17
     dependsOn: []
@@ -227,10 +287,11 @@ stages:
         parameters:
           testFormat: 2.17/{0}/1
           targets:
-            - name: RHEL 9.3
+            # 2.17 remote target doesn't have RHEL 9 image
-              test: rhel/9.3
+            - name: RHEL 10.0
-            - name: FreeBSD 13.3
+              test: rhel/10.0
-              test: freebsd/13.3
+            - name: FreeBSD 13.5
+              test: freebsd/13.5
   - stage: Remote_2_16
     displayName: Remote 2.16
     dependsOn: []
@@ -239,38 +300,15 @@ stages:
         parameters:
           testFormat: 2.16/{0}/1
           targets:
-            - name: RHEL 8.8
+            # 2.16 remote target only has RHEL 9.6 image
-              test: rhel/8.8
+            - name: RHEL 9.6
-            - name: RHEL 9.2
+              test: rhel/9.6
-              test: rhel/9.2
-            - name: FreeBSD 13.2
-              test: freebsd/13.2
-
-  - stage: Remote_2_15
-    displayName: Remote 2.15
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          testFormat: 2.15/{0}/1
-          targets:
-            - name: RHEL 7.9
-              test: rhel/7.9
-            - name: RHEL 8.7
-              test: rhel/8.7
-            - name: RHEL 9.1
-              test: rhel/9.1
-            - name: FreeBSD 13.2
-              test: freebsd/13.2
 
   ## Finally
 
   - stage: Summary
     condition: succeededOrFailed()
     dependsOn:
-      - Sanity_2_15
-      - Remote_2_15
-      - Docker_2_15
       - Sanity_2_16
       - Remote_2_16
       - Docker_2_16
@@ -280,6 +318,12 @@ stages:
       - Sanity_2_18
       - Remote_2_18
       - Docker_2_18
+      - Sanity_2_19
+      - Remote_2_19
+      - Docker_2_19
+      - Sanity_2_20
+      - Remote_2_20
+      - Docker_2_20
       - Sanity_devel
       - Remote_devel
       - Docker_devel

README.md

@@ -2,7 +2,7 @@
 <!-- Add CI and code coverage badges here. Samples included below. -->
 [![Build Status](
 https://dev.azure.com/ansible/ansible.posix/_apis/build/status/CI?branchName=main)](https://dev.azure.com/ansible/ansible.posix/_build?definitionId=26)
-[![Run Status](https://api.shippable.com/projects/5e669aaf8b17a60007e4d18d/badge?branch=main)]() <!--[![Codecov](https://img.shields.io/codecov/c/github/ansible-collections/ansible.posix)](https://codecov.io/gh/ansible-collections/ansible.posix)-->
+[![Codecov](https://img.shields.io/codecov/c/github/ansible-collections/ansible.posix)](https://codecov.io/gh/ansible-collections/ansible.posix)
 
 ## Communication
 
@@ -21,7 +21,7 @@ An Ansible Collection of modules and plugins that target POSIX UNIX/Linux and de
 * Python:
   * The Python interpreter version must meet Ansible Core's requirements.
 * Ansible Core:
-  - ansible-core 2.15 or later
+  - ansible-core 2.16 or later
 
 ## Installation
 
@@ -46,10 +46,10 @@ To upgrade the collection to the latest available version, run the following com
 ansible-galaxy collection install ansible.posix --upgrade
 ```
 
-You can also install a specific version of the collection, for example, if you need to downgrade when something is broken in the latest version (please report an issue in this repository). Use the following syntax to install version 1.0.0:
+You can also install a specific version of the collection, for example, if you need to downgrade when something is broken in the latest version (please report an issue in this repository). Use the following syntax to install version 2.0.0:
 
 ```shell
-ansible-galaxy collection install ansible.posix:==1.0.0
+ansible-galaxy collection install ansible.posix:==2.0.0
 ```
 
 See [using Ansible collections](https://docs.ansible.com/ansible/devel/user_guide/collections_using.html) for more details.
@@ -78,11 +78,10 @@ ansible-doc -t callback ansible.posix.profile_tasks
 
 The following ansible-core versions have been tested with this collection:
 
-- ansible-core 2.19 (devel)
+- ansible-core 2.20 (devel)
-- ansible-core 2.18 (stable) *
+- ansible-core 2.19 (stable) *
+- ansible-core 2.18 (stable)
 - ansible-core 2.17 (stable)
-- ansible-core 2.16 (stable)
-- ansible-core 2.15 (stable)
 
 ## Contributing
 

changelogs/fragments/603_bump_version_3.yml

@@ -0,0 +1,2 @@
+trivial:
+  - Bump version to 3.0.0 for the next release (https://github.com/ansible-collections/ansible.posix/issues/603).

changelogs/fragments/618_ci_remove_ubuntu2004.yml

@@ -0,0 +1,2 @@
+trivial:
+  - Remove ubuntu20.04 from CI tests (https://github.com/ansible-collections/ansible.posix/issues/612).

changelogs/fragments/626_profile_tasks_datetime_format.yml

@@ -0,0 +1,3 @@
+---
+minor_changes:
+  - profile_tasks - Add option to provide a different date/time format (https://github.com/ansible-collections/ansible.posix/issues/279).

changelogs/fragments/631_fixes_module_path.yml

@@ -0,0 +1,6 @@
+---
+bugfixes:
+  - ansible.posix.cgroup_perf_recap - fixes json module load path (https://github.com/ansible-collections/ansible.posix/issues/630).
+trivial:
+  - ansible.posix.seboolean - remove unnecessary condition from seboolean integration tests (https://github.com/ansible-collections/ansible.posix/issues/630).
+  - ansible.posix.selinux - optimize conditions for selinux integration tests (https://github.com/ansible-collections/ansible.posix/issues/630).

changelogs/fragments/639_fix_authorized_key.yml

@@ -0,0 +1,3 @@
+---
+bugfixes:
+  - ansible.posix.authorized_key - fixes error on permission denied in authorized_key module (https://github.com/ansible-collections/ansible.posix/issues/462).

changelogs/fragments/642_ci_add_rhel10.yml

@@ -0,0 +1,2 @@
+trivial:
+  - Add Red Hat Enterprise Linux 10.0 to the CI matrix (https://github.com/ansible-collections/ansible.posix/issues/642).

changelogs/fragments/650-profile_tasks_roles.yml

@@ -0,0 +1,2 @@
+minor_changes:
+  - "profile_tasks and profile_roles callback plugins - avoid deleted/deprecated callback functions, instead use modern interface that was introduced a longer time ago (https://github.com/ansible-collections/ansible.posix/issues/650)."

changelogs/fragments/654_ci_bump_core_version.yml

@@ -0,0 +1,3 @@
+---
+trivial:
+  - Bump ansible-core version to 2.20 of devel branch and add 2.19 to CI

changelogs/fragments/660_ci_azp_syntax.yml

@@ -0,0 +1,2 @@
+trivial:
+  - AZP - fixed syntax error in CI test.

changelogs/fragments/665_update_readme_20250728.yml

@@ -0,0 +1,3 @@
+---
+trivial:
+  - README - Update README to reflect Ansible Core 2.19 release.

changelogs/fragments/666_azp_update_20250728.yml

@@ -0,0 +1,3 @@
+---
+trivial:
+  - AZP - Update AZP matrix to follow ansible-test changes.

changelogs/fragments/670-deprecations.yml

@@ -0,0 +1,3 @@
+bugfixes:
+  - "firewalld_info - stop returning warnings as return values; this has been deprecated by ansible-core (https://github.com/ansible-collections/ansible.posix/pull/670)."
+  - "mount - stop returning warnings as return values; this has been deprecated by ansible-core (https://github.com/ansible-collections/ansible.posix/pull/670)."

changelogs/fragments/673_update_ci_20250805.yml

@@ -0,0 +1,2 @@
+trivial:
+  - Update AZP CI matrix (https://github.com/ansible-collections/ansible.posix/issues/673).

changelogs/fragments/682_update_ci_20250929.yml

@@ -0,0 +1,4 @@
+trivial:
+  - Updatng AZP CI matrix to ignore ansible-bad-import-from on six(https://github.com/ansible-collections/ansible.posix/pull/682).
+  - Skipped sanity[cannot-ignore] to keep backward compatibility with Python2.
+  - Consolidate all ansible-lint option locations into .ansible-lint file.

changelogs/fragments/693_azp_update_20251205.yml

@@ -0,0 +1,5 @@
+---
+trivial:
+  - AZP - Update AZP matrix to follow ansible-test changes.
+  - Add ignore file for Ansible Core 2.21.
+  - Remove ignore lines for ansible-bad-import-from in 2.20 sanity tests.

galaxy.yml

@@ -1,7 +1,7 @@
 ---
 namespace: ansible
 name: posix
-version: 2.0.0
+version: 3.0.0
 readme: README.md
 authors:
   - Ansible (github.com/ansible)

meta/runtime.yml

@@ -1,2 +1,2 @@
 ---
-requires_ansible: ">=2.15.0"
+requires_ansible: ">=2.16.0"

plugins/callback/cgroup_perf_recap.py

@@ -132,6 +132,7 @@ DOCUMENTATION = '''
 
 import csv
 import datetime
+import json
 import os
 import time
 import threading
@@ -142,7 +143,7 @@ from functools import partial
 
 from ansible.module_utils._text import to_bytes, to_text
 from ansible.module_utils.six import with_metaclass
-from ansible.parsing.ajson import AnsibleJSONEncoder, json
+from ansible.parsing.ajson import AnsibleJSONEncoder
 from ansible.plugins.callback import CallbackBase
 
 

plugins/callback/profile_roles.py

@@ -124,10 +124,7 @@ class CallbackModule(CallbackBase):
     def v2_playbook_on_handler_task_start(self, task):
         self._record_task(task)
 
-    def playbook_on_setup(self):
+    def v2_playbook_on_stats(self, stats):
-        self._display_tasktime()
-
-    def playbook_on_stats(self, stats):
         # Align summary report header with other callback plugin summary
         self._display.banner("ROLES RECAP")
 

plugins/callback/profile_tasks.py

@@ -52,6 +52,17 @@ DOCUMENTATION = '''
           - section: callback_profile_tasks
             key: summary_only
         version_added: 1.5.0
+      datetime_format:
+        description:
+          - Datetime format, as expected by the C(strftime) and C(strptime) methods.
+            An C(iso8601) alias will be translated to C('%Y-%m-%dT%H:%M:%S.%f') if that datetime standard wants to be used.
+        default: '%A %d %B %Y  %H:%M:%S %z'
+        env:
+          - name: PROFILE_TASKS_DATETIME_FORMAT
+        ini:
+          - section: callback_profile_tasks
+            key: datetime_format
+        version_added: 3.0.0
 '''
 
 EXAMPLES = '''
@@ -72,14 +83,15 @@ sample output: >
 '''
 
 import collections
-import time
+
+from datetime import datetime
 
 from ansible.module_utils.six.moves import reduce
 from ansible.plugins.callback import CallbackBase
 
 
 # define start time
-t0 = tn = time.time()
+dt0 = dtn = datetime.now().astimezone()
 
 
 def secondsToStr(t):
@@ -104,17 +116,18 @@ def filled(msg, fchar="*"):
 
 def timestamp(self):
     if self.current is not None:
-        elapsed = time.time() - self.stats[self.current]['started']
+        elapsed = (datetime.now().astimezone() - self.stats[self.current]['started']).total_seconds()
         self.stats[self.current]['elapsed'] += elapsed
 
 
-def tasktime():
+def tasktime(self):
-    global tn
+    global dtn
-    time_current = time.strftime('%A %d %B %Y  %H:%M:%S %z')
+    cdtn = datetime.now().astimezone()
-    time_elapsed = secondsToStr(time.time() - tn)
+    datetime_current = cdtn.strftime(self.datetime_format)
-    time_total_elapsed = secondsToStr(time.time() - t0)
+    time_elapsed = secondsToStr((cdtn - dtn).total_seconds())
-    tn = time.time()
+    time_total_elapsed = secondsToStr((cdtn - dt0).total_seconds())
-    return filled('%s (%s)%s%s' % (time_current, time_elapsed, ' ' * 7, time_total_elapsed))
+    dtn = cdtn
+    return filled('%s (%s)%s%s' % (datetime_current, time_elapsed, ' ' * 7, time_total_elapsed))
 
 
 class CallbackModule(CallbackBase):
@@ -134,6 +147,7 @@ class CallbackModule(CallbackBase):
         self.sort_order = None
         self.summary_only = None
         self.task_output_limit = None
+        self.datetime_format = None
 
         super(CallbackModule, self).__init__()
 
@@ -159,9 +173,14 @@ class CallbackModule(CallbackBase):
             else:
                 self.task_output_limit = int(self.task_output_limit)
 
+        self.datetime_format = self.get_option('datetime_format')
+        if self.datetime_format is not None:
+            if self.datetime_format == 'iso8601':
+                self.datetime_format = '%Y-%m-%dT%H:%M:%S.%f'
+
     def _display_tasktime(self):
         if not self.summary_only:
-            self._display.display(tasktime())
+            self._display.display(tasktime(self))
 
     def _record_task(self, task):
         """
@@ -176,10 +195,11 @@ class CallbackModule(CallbackBase):
         #            with the same UUID is executed when `serial` is specified in a playbook.
         #   elapsed: Elapsed time since the first serialized task was started
         self.current = task._uuid
+        dtn = datetime.now().astimezone()
         if self.current not in self.stats:
-            self.stats[self.current] = {'started': time.time(), 'elapsed': 0.0, 'name': task.get_name()}
+            self.stats[self.current] = {'started': dtn, 'elapsed': 0.0, 'name': task.get_name()}
         else:
-            self.stats[self.current]['started'] = time.time()
+            self.stats[self.current]['started'] = dtn
         if self._display.verbosity >= 2:
             self.stats[self.current]['path'] = task.get_path()
 
@@ -189,14 +209,11 @@ class CallbackModule(CallbackBase):
     def v2_playbook_on_handler_task_start(self, task):
         self._record_task(task)
 
-    def playbook_on_setup(self):
+    def v2_playbook_on_stats(self, stats):
-        self._display_tasktime()
-
-    def playbook_on_stats(self, stats):
         # Align summary report header with other callback plugin summary
         self._display.banner("TASKS RECAP")
 
-        self._display.display(tasktime())
+        self._display.display(tasktime(self))
         self._display.display(filled("", fchar="="))
 
         timestamp(self)

plugins/modules/authorized_key.py

@@ -225,6 +225,8 @@ import os.path
 import tempfile
 import re
 import shlex
+import errno
+import traceback
 from operator import itemgetter
 
 from ansible.module_utils._text import to_native
@@ -475,16 +477,18 @@ def parsekey(module, raw_key, rank=None):
     return (key, key_type, options, comment, rank)
 
 
-def readfile(filename):
+def readfile(module, filename):
-
-    if not os.path.isfile(filename):
-        return ''
-
-    f = open(filename)
     try:
+        with open(filename, 'r') as f:
             return f.read()
-    finally:
+    except IOError as e:
-        f.close()
+        if e.errno == errno.EACCES:
+            module.fail_json(msg="Permission denied on file or path for authorized keys file: %s" % filename,
+                             exception=traceback.format_exc())
+        elif e.errno == errno.ENOENT:
+            return ''
+        else:
+            raise
 
 
 def parsekeys(module, lines):
@@ -597,7 +601,7 @@ def enforce_state(module, params):
     # check current state -- just get the filename, don't create file
     do_write = False
     params["keyfile"] = keyfile(module, user, do_write, path, manage_dir)
-    existing_content = readfile(params["keyfile"])
+    existing_content = readfile(module, params["keyfile"])
     existing_keys = parsekeys(module, existing_content)
 
     # Add a place holder for keys that should exist in the state=present and

plugins/modules/firewalld_info.py

@@ -319,7 +319,6 @@ def main():
         active_zones=module.params['active_zones'],
         collected_zones=list(),
         undefined_zones=list(),
-        warnings=list(),
     )
 
     # Exit with failure message if requirements modules are not installed.

plugins/modules/mount.py

@@ -279,7 +279,7 @@ def _set_mount_save_old(module, args):
     old_lines = []
     exists = False
     changed = False
-    escaped_args = dict([(k, _escape_fstab(v)) for k, v in iteritems(args) if k != 'warnings'])
+    escaped_args = dict([(k, _escape_fstab(v)) for k, v in iteritems(args)])
     new_line = '%(src)s %(name)s %(fstype)s %(opts)s %(dump)s %(passno)s\n'
 
     if platform.system() == 'SunOS':
@@ -804,7 +804,6 @@ def main():
             passno='-',
             fstab=module.params['fstab'],
             boot='yes' if module.params['boot'] else 'no',
-            warnings=[]
         )
         if args['fstab'] is None:
             args['fstab'] = '/etc/vfstab'
@@ -816,7 +815,6 @@ def main():
             passno='0',
             fstab=module.params['fstab'],
             boot='yes',
-            warnings=[]
         )
         if args['fstab'] is None:
             args['fstab'] = '/etc/fstab'
@@ -834,8 +832,7 @@ def main():
         linux_mounts = get_linux_mounts(module)
 
         if linux_mounts is None:
-            args['warnings'].append('Cannot open file /proc/self/mountinfo.'
+            module.warn('Cannot open file /proc/self/mountinfo. Bind mounts might be misinterpreted.')
-                                    ' Bind mounts might be misinterpreted.')
 
     # Override defaults with user specified params
     for key in ('src', 'fstype', 'passno', 'opts', 'dump', 'fstab'):
@@ -847,7 +844,7 @@ def main():
         # specified in 'opts',  mount module will ignore 'boot'.
         opts = args['opts'].split(',')
         if module.params['boot'] and 'noauto' in opts:
-            args['warnings'].append("Ignore the 'boot' due to 'opts' contains 'noauto'.")
+            module.warn("Ignore the 'boot' due to 'opts' contains 'noauto'.")
         elif not module.params['boot']:
             args['boot'] = 'no'
             opts.append('noauto')

plugins/modules/sysctl.py

@@ -80,6 +80,13 @@ EXAMPLES = r'''
     sysctl_file: /tmp/test_sysctl.conf
     reload: false
 
+# Enable resource limits management in FreeBSD
+- ansible.posix.sysctl:
+    name: kern.racct.enable
+    value: '1'
+    sysctl_file: /boot/loader.conf
+    reload: false
+
 # Set ip forwarding on in /proc and verify token value with the sysctl command
 - ansible.posix.sysctl:
     name: net.ipv4.ip_forward

tests/integration/targets/acl/tasks/acl.yml

@@ -46,6 +46,12 @@
     path: "{{ test_dir }}"
     state: directory
     mode: "0755"
+
+- name: Install acl package
+  ansible.builtin.package:
+    name: acl
+    state: present
+
 ##############################################################################
 - name: Grant ansible user read access to a file
   ansible.posix.acl:

tests/integration/targets/authorized_key/tasks/check_permissions.yml

@@ -0,0 +1,41 @@
+---
+# -------------------------------------------------------------
+# check permissions
+
+- name: Create a file that is not accessible
+  ansible.builtin.file:
+    state: touch
+    path: "{{ output_dir | expanduser }}/file_permissions"
+    owner: root
+    mode: '0000'
+
+- name: Create unprivileged user
+  ansible.builtin.user:
+    name: nopriv
+    create_home: true
+
+- name: Try to delete a key from an unreadable file
+  become: true
+  become_user: nopriv
+  ansible.posix.authorized_key:
+    user: root
+    key: "{{ dss_key_basic }}"
+    state: absent
+    path: "{{ output_dir | expanduser }}/file_permissions"
+  register: result
+  ignore_errors: true
+
+- name: Assert that the key deletion has failed
+  ansible.builtin.assert:
+    that:
+      - result is failed
+
+- name: Remove the file
+  ansible.builtin.file:
+    state: absent
+    path: "{{ output_dir | expanduser }}/file_permissions"
+
+- name: Remove the user
+  ansible.builtin.user:
+    name: nopriv
+    state: absent

tests/integration/targets/authorized_key/tasks/main.yml

@@ -34,3 +34,6 @@
 
 - name: Test for specifying key as a path
   ansible.builtin.import_tasks: check_path.yml
+
+- name: Test for permission denied files
+  ansible.builtin.import_tasks: check_permissions.yml

tests/integration/targets/firewalld/aliases

@@ -1,3 +1,5 @@
+needs/privileged
+needs/root
 destructive
 shippable/posix/group1
 skip/aix

tests/integration/targets/mount/tasks/main.yml

@@ -1,3 +1,4 @@
+# SETUP ################################################################################
 - name: Install dependencies (Linux)
   ansible.builtin.package:
     name: e2fsprogs
@@ -110,6 +111,42 @@
     mode: '0644'
   register: orig_info
 
+# BIND MOUNT ################################################################################
+# bind mount check mode
+- name: Bind mount a filesystem (Linux) (check mode)
+  ansible.posix.mount:
+    src: '{{ output_dir }}/mount_source'
+    name: '{{ output_dir }}/mount_dest'
+    state: mounted
+    fstype: None
+    opts: bind
+  when: ansible_system == 'Linux'
+  register: bind_result_linux_dry_run
+  check_mode: true
+
+- name: Bind mount a filesystem (FreeBSD) (check mode)
+  ansible.posix.mount:
+    src: '{{ output_dir }}/mount_source'
+    name: '{{ output_dir }}/mount_dest'
+    state: mounted
+    fstype: nullfs
+  when: ansible_system == 'FreeBSD'
+  register: bind_result_freebsd_dry_run
+  check_mode: true
+
+- name: Attempt to stat bind mounted file
+  ansible.builtin.stat:
+    path: '{{ output_dir }}/mount_dest/test_file'
+  when: ansible_system in ('FreeBSD', 'Linux')
+  register: dest_stat
+
+- name: Assert the bind mount did not take place
+  ansible.builtin.assert:
+    that:
+      - not dest_stat['stat']['exists']
+  when: ansible_system in ('FreeBSD', 'Linux')
+
+# bind mount
 - name: Bind mount a filesystem (Linux)
   ansible.posix.mount:
     src: '{{ output_dir }}/mount_source'
@@ -168,6 +205,48 @@
       - (ansible_system == 'Linux' and not bind_result_linux['changed']) or (ansible_system == 'FreeBSD' and not bind_result_freebsd['changed'])
   when: ansible_system in ('FreeBSD', 'Linux')
 
+# remount check mode
+- name: Remount filesystem with different opts (Linux) (check mode)
+  ansible.posix.mount:
+    src: '{{ output_dir }}/mount_source'
+    name: '{{ output_dir }}/mount_dest'
+    state: mounted
+    fstype: None
+    opts: bind,ro
+  when: ansible_system == 'Linux'
+  register: bind_result_linux
+  check_mode: true
+
+- name: Remount filesystem with different opts (FreeBSD) (check mode)
+  ansible.posix.mount:
+    src: '{{ output_dir }}/mount_source'
+    name: '{{ output_dir }}/mount_dest'
+    state: mounted
+    fstype: nullfs
+    opts: ro
+  when: ansible_system == 'FreeBSD'
+  register: bind_result_freebsd
+  check_mode: true
+
+- name: Get mount options
+  ansible.builtin.shell:
+    cmd: set -o pipefail && mount | grep mount_dest | grep -c -E -w '(ro|read-only)'
+    executable: "{{ shell_executable }}"
+  changed_when: false
+  failed_when: false
+  register: new_options_count
+
+- name: Make sure the filesystem does not have the new opts
+  ansible.builtin.assert:
+    that:
+      - linux_and_changed or freebsd_and_changed
+      - new_options_count.stdout | int == 0
+  vars:
+    linux_and_changed: "{{ ansible_system == 'Linux' and bind_result_linux_dry_run['changed'] }}"
+    freebsd_and_changed: "{{ ansible_system == 'FreeBSD' and bind_result_freebsd['changed'] }}"
+  when: ansible_system in ('FreeBSD', 'Linux')
+
+# remount
 - name: Remount filesystem with different opts (Linux)
   ansible.posix.mount:
     src: '{{ output_dir }}/mount_source'
@@ -203,6 +282,29 @@
       - 1 == remount_options.stdout_lines | length
   when: ansible_system in ('FreeBSD', 'Linux')
 
+# unmount check mode
+- name: Unmount the bind mount (check mode)
+  ansible.posix.mount:
+    name: '{{ output_dir }}/mount_dest'
+    state: absent
+  when: ansible_system in ('Linux', 'FreeBSD')
+  register: unmount_result
+  check_mode: true
+
+- name: Make sure the file still exists in dest
+  ansible.builtin.stat:
+    path: '{{ output_dir }}/mount_dest/test_file'
+  when: ansible_system in ('FreeBSD', 'Linux')
+  register: dest_stat
+
+- name: Check that we did not unmount
+  ansible.builtin.assert:
+    that:
+      - unmount_result['changed']
+      - dest_stat['stat']['exists']
+  when: ansible_system in ('FreeBSD', 'Linux')
+
+# unmount
 - name: Unmount the bind mount
   ansible.posix.mount:
     name: '{{ output_dir }}/mount_dest'
@@ -223,9 +325,36 @@
       - not dest_stat['stat']['exists']
   when: ansible_system in ('FreeBSD', 'Linux')
 
-- name: Block to test remounted option
+# SWAP #############################################################
+- name: Swap
   when: ansible_system in ('Linux')
   block:
+    # mount swap check mode
+    - name: Stat /etc/fstab
+      ansible.builtin.stat:
+        path: /etc/fstab
+      register: stat_fstab_before
+
+    - name: Create fstab record for the first swap file (check mode)
+      ansible.posix.mount:
+        name: none
+        src: /tmp/swap1
+        opts: sw
+        fstype: swap
+        state: present
+      check_mode: true
+
+    - name: Stat /etc/fstab
+      ansible.builtin.stat:
+        path: /etc/fstab
+      register: stat_fstab_after
+
+    - name: Assert that fstab checksum did not change
+      ansible.builtin.assert:
+        that:
+          - stat_fstab_before.stat.checksum == stat_fstab_after.stat.checksum
+
+    # mount swap1
     - name: Create fstab record for the first swap file
       ansible.posix.mount:
         name: none
@@ -250,6 +379,7 @@
           - swap1_created['changed']
           - not swap1_created_again['changed']
 
+    # mount swap2
     - name: Create fstab record for the second swap file
       ansible.posix.mount:
         name: none
@@ -274,6 +404,30 @@
           - swap2_created['changed']
           - not swap2_created_again['changed']
 
+    # remove swap check mode
+    - name: Stat /etc/fstab
+      ansible.builtin.stat:
+        path: /etc/fstab
+      register: stat_fstab_before
+
+    - name: Remove the fstab record for the first swap file (check mode)
+      ansible.posix.mount:
+        name: none
+        src: /tmp/swap1
+        state: absent
+      check_mode: true
+
+    - name: Stat /etc/fstab
+      ansible.builtin.stat:
+        path: /etc/fstab
+      register: stat_fstab_after
+
+    - name: Assert that fstab checksum did not change
+      ansible.builtin.assert:
+        that:
+          - stat_fstab_before.stat.checksum == stat_fstab_after.stat.checksum
+
+    # remove swap1
     - name: Remove the fstab record for the first swap file
       ansible.posix.mount:
         name: none
@@ -294,6 +448,7 @@
           - swap1_removed['changed']
           - not swap1_removed_again['changed']
 
+    # remove swap2
     - name: Remove the fstab record for the second swap file
       ansible.posix.mount:
         name: none
@@ -314,6 +469,10 @@
           - swap2_removed['changed']
           - not swap2_removed_again['changed']
 
+# FIXUP #############################################################
+- name: Fix incomplete entry already present in fstab
+  when: ansible_system == 'Linux'
+  block:
     - name: Create fstab record with missing last two fields
       ansible.builtin.copy:
         dest: /etc/fstab
@@ -343,6 +502,11 @@
           - ''' 0 0'' in optional_fields_content.stdout'
           - 1 == optional_fields_content.stdout_lines | length
 
+# REMOUNTED #############################################################
+- name: Block to test remounted option
+  when: ansible_system in ('Linux')
+  block:
+    # setup
     - name: Create empty file
       community.general.filesize:
         path: /tmp/myfs.img
@@ -372,6 +536,26 @@
       ansible.builtin.pause:
         seconds: 2
 
+    # remount check mode
+    - name: Remount (check mode)
+      ansible.posix.mount:
+        path: /tmp/myfs
+        state: remounted
+
+    - name: Get again the last write time
+      ansible.builtin.shell:
+        cmd: >-
+          set -o pipefail && dumpe2fs /tmp/myfs.img 2>/dev/null | grep -i "last write time:" |cut -d: -f2-
+        executable: "{{ shell_executable }}"
+      changed_when: false
+      register: last_write_time_check
+
+    - name: Fail if they are different
+      ansible.builtin.fail:
+        msg: Filesytem was remounted, testing of the module failed!
+      when: last_write_time.stdout != last_write_time_check.stdout
+
+    # remount
     - name: Test if the FS is remounted
       ansible.posix.mount:
         path: /tmp/myfs
@@ -390,6 +574,29 @@
         msg: Filesytem was not remounted, testing of the module failed!
       when: last_write is defined and last_write_time2 is defined and last_write_time.stdout == last_write_time2.stdout
 
+    # remount different options check mode
+    - name: Remount filesystem with different opts using remounted option (Linux only)
+      ansible.posix.mount:
+        path: /tmp/myfs
+        state: remounted
+        opts: rw,noexec
+      check_mode: true
+
+    - name: Get remounted options (Linux only)
+      ansible.builtin.shell:
+        cmd: set -o pipefail && mount | grep myfs | grep -E -w 'noexec' | wc -l
+        executable: "{{ shell_executable }}"
+      failed_when: false
+      changed_when: false
+      register: remounted_options
+
+    - name: Make sure the filesystem now has the new opts after using remounted (Linux only)
+      ansible.builtin.assert:
+        that:
+          - "'0' in remounted_options.stdout"
+          - "1 == remounted_options.stdout_lines | length"
+
+    # remount different options
     - name: Remount filesystem with different opts using remounted option (Linux only)
       ansible.posix.mount:
         path: /tmp/myfs
@@ -409,6 +616,7 @@
           - "'1' in remounted_options.stdout"
           - "1 == remounted_options.stdout_lines | length"
 
+    # backup
     - name: Mount the FS again to test backup
       ansible.posix.mount:
         path: /tmp/myfs
@@ -439,9 +647,11 @@
         - /tmp/myfs.img
         - /tmp/myfs
 
+# BOOT #############################################################
 - name: Block to test boot option for Linux
   when: ansible_system in ('Linux')
   block:
+    # setup
     - name: Create empty file
       community.general.filesize:
         path: /tmp/myfs.img
@@ -452,6 +662,7 @@
         fstype: ext3
         dev: /tmp/myfs.img
 
+    # noauto
     - name: Mount the FS with noauto option
       ansible.posix.mount:
         path: /tmp/myfs
@@ -472,6 +683,7 @@
         path: /tmp/myfs
         state: absent
 
+    # noauto + defaults
     - name: Mount the FS with noauto option and defaults
       ansible.posix.mount:
         path: /tmp/myfs
@@ -499,6 +711,7 @@
         - /tmp/myfs.img
         - /tmp/myfs
 
+# NEWLINE END OF FILE ############################################
 - name: Block to test missing newline at the EOF of fstab
   when: ansible_system in ('Linux')
   block:
@@ -537,6 +750,7 @@
         - /tmp/myfs1
         - /tmp/test_fstab
 
+# EPHEMERAL ################################################
 - name: Block to test ephemeral option
   environment:
     PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
@@ -553,7 +767,6 @@
         size: 20M
 
     ##### FORMAT FS ON LINUX
-
     - name: Block to format FS on Linux
       when: ansible_system == 'Linux'
       block:
@@ -568,7 +781,6 @@
             dev: /tmp/myfs_B.img
 
     ##### FORMAT FS ON SOLARIS AND BSD
-
     - name: Create loop devices on Solaris and BSD
       ansible.builtin.shell:
         cmd: "set -o pipefail && {{ ephemeral_create_loop_dev_cmd }}"
@@ -583,14 +795,49 @@
       changed_when: true
       when: ephemeral_format_fs_cmd is defined
 
-  ##### TESTS
-
     - name: Create fstab if it does not exist
       ansible.builtin.file:
         path: "{{ ephemeral_fstab }}"
         state: touch
         mode: '0644'
 
+    # normal ephemeral mount check mode
+    - name: Get checksum of /etc/fstab before mounting anything
+      ansible.builtin.stat:
+        path: '{{ ephemeral_fstab }}'
+      register: fstab_stat_before_mount
+
+    - name: Mount the FS A with ephemeral state (check mode)
+      ansible.posix.mount:
+        path: /tmp/myfs
+        src: '{{ ephemeral_device_a }}'
+        fstype: '{{ ephemeral_fstype }}'
+        opts: rw
+        state: ephemeral
+      register: ephemeral_mount_info
+      check_mode: true
+
+    - name: Get checksum of /etc/fstab after an ephemeral mount
+      ansible.builtin.stat:
+        path: '{{ ephemeral_fstab }}'
+      register: fstab_stat_after_mount
+
+    - name: Get mountinfo
+      ansible.builtin.shell:
+        cmd: grep -c '/tmp/myfs' <(mount -v)
+        executable: "{{ shell_executable }}"
+      register: check_mountinfo
+      failed_when: false
+      changed_when: false
+
+    - name: Assert the mount occurred and the fstab is unchanged
+      ansible.builtin.assert:
+        that:
+          - check_mountinfo.stdout|int == 0
+          - ephemeral_mount_info['changed']
+          - fstab_stat_before_mount['stat']['checksum'] == fstab_stat_after_mount['stat']['checksum']
+
+    # normal ephemeral mount
     - name: Get checksum of /etc/fstab before mounting anything
       ansible.builtin.stat:
         path: '{{ ephemeral_fstab }}'
@@ -631,6 +878,48 @@
           - ephemeral_mount_info['changed']
           - fstab_stat_before_mount['stat']['checksum'] == fstab_stat_after_mount['stat']['checksum']
 
+    # remount different options check mode
+    - name: Get first mount record
+      ansible.builtin.shell:
+        cmd: grep '/tmp/myfs' <(mount -v)
+        executable: "{{ shell_executable }}"
+      register: ephemeral_mount_record_1
+      changed_when: false
+
+    - name: Try to mount FS A where FS A is already mounted (should trigger remount and changed)
+      ansible.posix.mount:
+        path: /tmp/myfs
+        src: '{{ ephemeral_device_a }}'
+        fstype: '{{ ephemeral_fstype }}'
+        opts: ro
+        state: ephemeral
+      register: ephemeral_mount_info
+      check_mode: true
+
+    - name: Get second mount record (should be different than the first)
+      ansible.builtin.shell:
+        cmd: grep '/tmp/myfs' <(mount -v)
+        executable: "{{ shell_executable }}"
+      register: ephemeral_mount_record_2
+      changed_when: false
+
+    - name: Get mountinfo
+      ansible.builtin.shell:
+        cmd: grep -c '/tmp/myfs' <(mount -v)
+        executable: "{{ shell_executable }}"
+      failed_when: false
+      register: check_mountinfo
+      changed_when: false
+
+    - name: Assert the FS A is still mounted, the options unchanged and the fstab unchanged
+      ansible.builtin.assert:
+        that:
+          - check_mountinfo.stdout|int == 1
+          - ephemeral_mount_record_1.stdout == ephemeral_mount_record_2.stdout
+          - ephemeral_mount_info['changed']
+          - fstab_stat_before_mount['stat']['checksum'] == fstab_stat_after_mount['stat']['checksum']
+
+    # remount different options
     - name: Get first mount record
       ansible.builtin.shell:
         cmd: grep '/tmp/myfs' <(mount -v)
@@ -670,6 +959,7 @@
           - ephemeral_mount_info['changed']
           - fstab_stat_before_mount['stat']['checksum'] == fstab_stat_after_mount['stat']['checksum']
 
+    # conflicting mount
     - name: Try to mount file B on file A mountpoint (should fail)
       ansible.posix.mount:
         path: /tmp/myfs
@@ -707,6 +997,39 @@
           - test_file_stat['stat']['exists']
           - ephemeral_mount_b_info is failed
 
+    # unmount check mode
+    - name: Unmount FS with state = unmounted
+      ansible.posix.mount:
+        path: /tmp/myfs
+        state: unmounted
+      check_mode: true
+
+    - name: Get fstab checksum after unmounting an ephemeral mount with state = unmounted
+      ansible.builtin.stat:
+        path: '{{ ephemeral_fstab }}'
+      register: fstab_stat_after_unmount
+
+    - name: Get mountinfo
+      ansible.builtin.shell:
+        cmd: grep -c '/tmp/myfs' <(mount -v)
+        executable: "{{ shell_executable }}"
+      register: check_mountinfo
+      failed_when: false
+      changed_when: false
+
+    - name: Try to stat our test file
+      ansible.builtin.stat:
+        path: /tmp/myfs/test_file
+      register: test_file_stat
+
+    - name: Assert that unmount did not take place and fstab unchanged
+      ansible.builtin.assert:
+        that:
+          - check_mountinfo.stdout|int == 1
+          - test_file_stat['stat']['exists']
+          - fstab_stat_before_mount['stat']['checksum'] == fstab_stat_after_unmount['stat']['checksum']
+
+    # unmount
     - name: Unmount FS with state = unmounted
       ansible.posix.mount:
         path: /tmp/myfs
@@ -759,6 +1082,7 @@
         - /tmp/myfs_B.img
         - /tmp/myfs
 
+# OPTS_NO_LOG ######################################
 - name: Block to test opts_no_log option
   when: ansible_system == 'Linux'
   block:

tests/integration/targets/seboolean/tasks/main.yml

@@ -20,5 +20,4 @@
   ansible.builtin.include_tasks: seboolean.yml
   when:
     - ansible_selinux is defined
-    - ansible_selinux
     - ansible_selinux.status == 'enabled'

tests/integration/targets/selinux/tasks/main.yml

@@ -19,23 +19,21 @@
 - name: Debug message for when SELinux is disabled
   ansible.builtin.debug:
     msg: SELinux is disabled
-  when: ansible_selinux is defined and not ansible_selinux
+  when: ansible_selinux is defined and ansible_selinux.status == 'disabled'
 
 - name: Debug message for when SELinux is enabled and not disabled
   ansible.builtin.debug:
     msg: SELinux is {{ ansible_selinux.status }}
-  when: ansible_selinux is defined and ansible_selinux
+  when: ansible_selinux is defined
 
 - name: Include_tasks for when SELinux is enabled
   ansible.builtin.include_tasks: selinux.yml
   when:
     - ansible_selinux is defined
-    - ansible_selinux
     - ansible_selinux.status == 'enabled'
 
 - name: Include tasks for selogin when SELinux is enabled
   ansible.builtin.include_tasks: selogin.yml
   when:
     - ansible_selinux is defined
-    - ansible_selinux
     - ansible_selinux.status == 'enabled'

tests/sanity/ignore-2.20.txt

@@ -0,0 +1 @@
+tests/utils/shippable/timing.py shebang

tests/sanity/ignore-2.21.txt

@@ -0,0 +1,10 @@
+tests/utils/shippable/timing.py shebang
+plugins/action/synchronize.py pylint:ansible-bad-import-from
+plugins/callback/cgroup_perf_recap.py pylint:ansible-bad-import-from
+plugins/modules/mount.py pylint:ansible-bad-import-from
+plugins/modules/sysctl.py pylint:ansible-bad-import-from
+plugins/shell/csh.py pylint:ansible-bad-import-from
+plugins/shell/fish.py pylint:ansible-bad-import-from
+tests/unit/mock/procenv.py pylint:ansible-bad-import-from
+tests/unit/mock/yaml_helper.py pylint:ansible-bad-import-from
+tests/unit/modules/conftest.py pylint:ansible-bad-import-from

tests/utils/shippable/lint.sh

@@ -9,6 +9,5 @@ command -v ansible
 pip install --upgrade --user pip
 pip install --upgrade --user ansible-lint
 
-PATH="${PATH/\~/${HOME}}" ansible-lint \
+# To specify additional options, you can specify them into .ansible-lint file.
-                                    --exclude changelogs/ \
+PATH="${PATH/\~/${HOME}}" ansible-lint
-                                    --profile=production

tests/utils/shippable/shippable.sh

@@ -62,15 +62,15 @@ else
     retry pip install "https://github.com/ansible/ansible/archive/stable-${ansible_version}.tar.gz" --disable-pip-version-check
 fi
 
-export ANSIBLE_COLLECTIONS_PATHS="${PWD}/../../../"
+export ANSIBLE_COLLECTIONS_PATH="${PWD}/../../../"
 
 # START: HACK install dependencies
 if [ "${ansible_version}" == "2.9" ] || [ "${ansible_version}" == "2.10" ]; then
     # Note: Since community.general 5.x, Ansible Core versions prior to 2.11 are not supported.
     # So we need to use 4.8.1 for Ansible 2.9 and Ansible Engine 2.10.
-    retry git clone --depth=1 --single-branch -b 4.8.1 https://github.com/ansible-collections/community.general.git "${ANSIBLE_COLLECTIONS_PATHS}/ansible_collections/community/general"
+    retry git clone --depth=1 --single-branch -b 4.8.1 https://github.com/ansible-collections/community.general.git "${ANSIBLE_COLLECTIONS_PATH}/ansible_collections/community/general"
 else
-    retry git clone --depth=1 --single-branch https://github.com/ansible-collections/community.general.git "${ANSIBLE_COLLECTIONS_PATHS}/ansible_collections/community/general"
+    retry git clone --depth=1 --single-branch https://github.com/ansible-collections/community.general.git "${ANSIBLE_COLLECTIONS_PATH}/ansible_collections/community/general"
 fi
 # Note:  we're installing with git to work around Galaxy being a huge PITA (https://github.com/ansible/galaxy/issues/2429)
 # END: HACK