Merge 6782f88e39 into 9bfed58f7f

Fix absent state documentation

SUMMARY
Fix the documentation of the state absent so it describes its actual behavior:

absent does not specify that (quote) a device mount's entry will be removed from fstab. It specifies that a mount point entry will be removed from fstab
absent does not unmount recursively, and the module will fail if multiple devices are mounted on the same mount point
absent with a mount point that is not registered in the fstab has no effect. The state unmounted should be used instead.
src is ignored with state absent or unmounted

ISSUE TYPE

Docs Pull Request

COMPONENT NAME
mount
ADDITIONAL INFORMATION
This PR addresses a fix for issue 322.

changelogs/fragments/197-acl-fix-performance.yml

@@ -0,0 +1,2 @@
+bugfixes:
+  - acl - Fix module performance (https://github.com/ansible-collections/ansible.posix/pull/197).

changelogs/fragments/333_doc_absent_precision.yml

@@ -0,0 +1,4 @@
+---
+trivial:
+- mount - fix description in the documentation of the state ``absent`` to match its actual behavior
+  and point out that ``src`` is ignored with state ``absent`` and ``unmounted`` (https://github.com/ansible-collections/ansible.posix/issues/322)

changelogs/fragments/496_seboolean-make-it-wrk-with-SELinux-disabled.yaml

@@ -0,0 +1,3 @@
+---
+bugfixes:
+  - seboolean - make it work with disabled SELinux

changelogs/fragments/511_profile-callbacks-add-summary-only-parameter.yml

@@ -0,0 +1,3 @@
+---
+minor_changes:
+  - "Add summary_only parameter to profile_roles and profile_tasks callbacks."

plugins/callback/profile_roles.py

@@ -14,6 +14,19 @@ DOCUMENTATION = '''
         - This callback module provides profiling for ansible roles.
     requirements:
       - whitelisting in configuration
+    options:
+      summary_only:
+        description:
+          - Only show summary, not individual task profiles.
+            Especially usefull in combination with C(DISPLAY_SKIPPED_HOSTS=false) and/or C(ANSIBLE_DISPLAY_OK_HOSTS=false).
+        type: bool
+        default: False
+        env:
+          - name: PROFILE_ROLES_SUMMARY_ONLY
+        ini:
+          - section: callback_profile_roles
+            key: summary_only
+        version_added: 1.5.0
 '''
 
 import collections
@@ -76,13 +89,26 @@ class CallbackModule(CallbackBase):
         self.stats = collections.Counter()
         self.totals = collections.Counter()
         self.current = None
+
+        self.summary_only = None
+
         super(CallbackModule, self).__init__()
 
+    def set_options(self, task_keys=None, var_options=None, direct=None):
+
+        super(CallbackModule, self).set_options(task_keys=task_keys, var_options=var_options, direct=direct)
+
+        self.summary_only = self.get_option('summary_only')
+
+    def _display_tasktime(self):
+        if not self.summary_only:
+            self._display.display(tasktime())
+
     def _record_task(self, task):
         """
         Logs the start of each task
         """
-        self._display.display(tasktime())
+        self._display_tasktime()
         timestamp(self)
 
         if task._role:
@@ -99,10 +125,10 @@ class CallbackModule(CallbackBase):
         self._record_task(task)
 
     def playbook_on_setup(self):
-        self._display.display(tasktime())
+        self._display_tasktime()
 
     def playbook_on_stats(self, stats):
-        self._display.display(tasktime())
+        self._display_tasktime()
         self._display.display(filled("", fchar="="))
 
         timestamp(self)

plugins/callback/profile_tasks.py

@@ -40,6 +40,18 @@ DOCUMENTATION = '''
         ini:
           - section: callback_profile_tasks
             key: sort_order
+      summary_only:
+        description:
+          - Only show summary, not individual task profiles.
+            Especially usefull in combination with C(DISPLAY_SKIPPED_HOSTS=false) and/or C(ANSIBLE_DISPLAY_OK_HOSTS=false).
+        type: bool
+        default: False
+        env:
+          - name: PROFILE_TASKS_SUMMARY_ONLY
+        ini:
+          - section: callback_profile_tasks
+            key: summary_only
+        version_added: 1.5.0
 '''
 
 EXAMPLES = '''
@@ -120,6 +132,7 @@ class CallbackModule(CallbackBase):
         self.current = None
 
         self.sort_order = None
+        self.summary_only = None
         self.task_output_limit = None
 
         super(CallbackModule, self).__init__()
@@ -137,6 +150,8 @@ class CallbackModule(CallbackBase):
             elif self.sort_order == 'none':
                 self.sort_order = None
 
+        self.summary_only = self.get_option('summary_only')
+
         self.task_output_limit = self.get_option('output_limit')
         if self.task_output_limit is not None:
             if self.task_output_limit == 'all':
@@ -144,11 +159,15 @@ class CallbackModule(CallbackBase):
             else:
                 self.task_output_limit = int(self.task_output_limit)
 
+    def _display_tasktime(self):
+        if not self.summary_only:
+            self._display.display(tasktime())
+
     def _record_task(self, task):
         """
         Logs the start of each task
         """
-        self._display.display(tasktime())
+        self._display_tasktime()
         timestamp(self)
 
         # Record the start time of the current task
@@ -171,10 +190,10 @@ class CallbackModule(CallbackBase):
         self._record_task(task)
 
     def playbook_on_setup(self):
-        self._display.display(tasktime())
+        self._display_tasktime()
 
     def playbook_on_stats(self, stats):
-        self._display.display(tasktime())
+        self._display_tasktime()
         self._display.display(filled("", fchar="="))
 
         timestamp(self)

plugins/modules/acl.py

@@ -141,9 +141,13 @@ acl:
 
 import os
 import platform
+import fcntl
 
 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils._text import to_native
+from ansible.module_utils.compat import selectors
+from ansible.module_utils.common.text.converters import to_native, to_text, to_bytes
+from ansible.module_utils.six import b
 
 
 def split_entry(entry):
@@ -223,7 +227,7 @@ def build_command(module, mode, path, follow, default, recursive, recalculate_ma
     return cmd
 
 
-def acl_changed(module, cmd):
+def acl_changed(module, cmd, check_rc=True):
     '''Returns true if the provided command affects the existing ACLs, false otherwise.'''
     # FreeBSD do not have a --test flag, so by default, it is safer to always say "true"
     if platform.system().lower() == 'freebsd':
@@ -231,11 +235,63 @@ def acl_changed(module, cmd):
 
     cmd = cmd[:]  # lists are mutables so cmd would be overwritten without this
     cmd.insert(1, '--test')
-    lines = run_acl(module, cmd)
+    module._acl_changed = False
 
-    for line in lines:
-        if not line.endswith('*,*'):
-            return True
+    def _process_stdout_from_pipe(proc, _acl_module=module):
+        stdout = b''
+        try:
+            selector = selectors.DefaultSelector()
+        except (IOError, OSError):
+            # Failed to detect default selector for the given platform
+            # Select PollSelector which is supported by major platforms
+            selector = selectors.PollSelector()
+
+        selector.register(proc.stdout, selectors.EVENT_READ)
+        if os.name == 'posix':
+            fcntl.fcntl(proc.stdout.fileno(), fcntl.F_SETFL, fcntl.fcntl(proc.stdout.fileno(), fcntl.F_GETFL) | os.O_NONBLOCK)
+
+        while True:
+            events = selector.select(1)
+            for key, event in events:
+                b_chunk = key.fileobj.read()
+                if b_chunk == b(''):
+                    selector.unregister(key.fileobj)
+                if key.fileobj == proc.stdout:
+                    stdout = b_chunk
+                if _acl_module._acl_changed:
+                    continue
+            lines = []
+            for l in stdout.splitlines():
+                lines.append(l.strip())
+            for line in lines:
+                if not line.endswith(b'*,*'):
+                    proc.terminate()
+                    _acl_module._acl_changed = True
+                    proc.returncode = 0
+
+            # only break out if no pipes are left to read or
+            # the pipes are completely read and
+            # the process is terminated
+            if (not events or not selector.get_map()) and proc.poll() is not None:
+                break
+            # No pipes are left to read but process is not yet terminated
+            # Only then it is safe to wait for the process to be finished
+            # NOTE: Actually proc.poll() is always None here if no selectors are left
+            elif not selector.get_map() and proc.poll() is None:
+                proc.wait()
+                # The process is terminated. Since no pipes to read from are
+                # left, there is no need to call select() again.
+                break
+
+    try:
+        (rc, out, err) = module.run_command(
+            cmd, check_rc=check_rc,
+            before_communicate_callback=_process_stdout_from_pipe)
+    except Exception as e:
+        module.fail_json(msg=to_native(e))
+
+    if module._acl_changed:
+        return True
     return False
 
 
@@ -356,7 +412,10 @@ def main():
 
         if changed and not module.check_mode:
             run_acl(module, command)
-        msg = "%s is present" % entry
+        if recursive:
+            msg = "%s is present recursively" % entry
+        else:
+            msg = "%s is present" % entry
 
     elif state == 'absent':
         entry = build_entry(etype, entity, use_nfsv4_acls)
@@ -368,15 +427,23 @@ def main():
 
         if changed and not module.check_mode:
             run_acl(module, command, False)
-        msg = "%s is absent" % entry
+        if recursive:
+            msg = "%s is absent recursively" % entry
+        else:
+            msg = "%s is absent" % entry
 
     elif state == 'query':
         msg = "current acl"
 
-    acl = run_acl(
-        module,
-        build_command(module, 'get', path, follow, default, recursive, recalculate_mask)
-    )
+    if recursive:
+        acl = []
+        warn = "Not showing resulting acls in the recursive mode"
+        module.exit_json(changed=changed, msg=msg, acl=acl, warnings=warn)
+    else:
+        acl = run_acl(
+            module,
+            build_command(module, 'get', path, follow, default, recursive, recalculate_mask)
+        )
 
     module.exit_json(changed=changed, msg=msg, acl=acl)
 

plugins/modules/mount.py

@@ -32,6 +32,7 @@ options:
     description:
       - Device (or NFS volume, or something else) to be mounted on I(path).
       - Required when I(state) set to C(present), C(mounted) or C(ephemeral).
+      - Ignored when I(state) set to C(absent) or C(unmounted).
     type: path
   fstype:
     description:
@@ -75,9 +76,13 @@ options:
         the module will fail to avoid unexpected unmount or mount point override.
         If the mount point is not present, the mount point will be created.
         The I(fstab) is completely ignored. This option is added in version 1.5.0.
-      - C(absent) specifies that the device mount's entry will be removed from
-        I(fstab) and will also unmount the device and remove the mount
-        point.
+      - C(absent) specifies that the mount point entry I(path) will be removed
+        from I(fstab) and will also unmount the mounted device and remove the
+        mount point. A mounted device will be unmounted regardless of I(src) or its
+        real source. C(absent) does not unmount recursively, and the module will
+        fail if multiple devices are mounted on the same mount point. Using
+        C(absent) with a mount point that is not registered in the I(fstab) has
+        no effect. Use C(unmounted) instead..
       - C(remounted) specifies that the device will be remounted for when you
         want to force a refresh on the mount itself (added in 2.9). This will
         always return changed=true. If I(opts) is set, the options will be

plugins/modules/seboolean.py

@@ -73,8 +73,7 @@ except ImportError:
     HAVE_SEMANAGE = False
 
 from ansible.module_utils.basic import AnsibleModule, missing_required_lib
-from ansible.module_utils.six import binary_type
-from ansible.module_utils._text import to_bytes, to_text
+from ansible.module_utils._text import to_text
 from ansible_collections.ansible.posix.plugins.module_utils._respawn import respawn_module, HAS_RESPAWN_UTIL
 
 
@@ -82,23 +81,6 @@ def get_runtime_status(ignore_selinux_state=False):
     return True if ignore_selinux_state is True else selinux.is_selinux_enabled()
 
 
-def has_boolean_value(module, name):
-    bools = []
-    try:
-        rc, bools = selinux.security_get_boolean_names()
-    except OSError:
-        module.fail_json(msg="Failed to get list of boolean names")
-    # work around for selinux who changed its API, see
-    # https://github.com/ansible/ansible/issues/25651
-    if len(bools) > 0:
-        if isinstance(bools[0], binary_type):
-            name = to_bytes(name)
-    if name in bools:
-        return True
-    else:
-        return False
-
-
 def get_boolean_value(module, name):
     state = 0
     try:
@@ -174,7 +156,10 @@ def semanage_set_boolean_value(module, handle, name, value):
         semanage.semanage_handle_destroy(handle)
         module.fail_json(msg="Failed to modify boolean key with semanage")
 
-    if semanage.semanage_bool_set_active(handle, boolkey, sebool) < 0:
+    if (
+            selinux.is_selinux_enabled()
+            and semanage.semanage_bool_set_active(handle, boolkey, sebool) < 0
+    ):
         semanage.semanage_handle_destroy(handle)
         module.fail_json(msg="Failed to set boolean key active with semanage")
 
@@ -315,12 +300,9 @@ def main():
         # Feature only available in selinux library since 2012.
         name = selinux.selinux_boolean_sub(name)
 
-    if not has_boolean_value(module, name):
-        module.fail_json(msg="SELinux boolean %s does not exist." % name)
-
     if persistent:
         changed = semanage_boolean_value(module, name, state)
-    else:
+    elif selinux.is_selinux_enabled():
         cur_value = get_boolean_value(module, name)
         if cur_value != state:
             changed = True