Merge d05a5c70b5 into 4c6898ee6e

Release 2.0.0 commit

SUMMARY
Release 2.0.0 commit

Release Plan #149

ISSUE TYPE
Feature Pull Request
COMPONENT NAME
ansible.posix
ADDITIONAL INFORMATION
This will be merged on 5 December if there are no problems

Reviewed-by: Adam Miller <admiller@redhat.com>
Reviewed-by: Andrew Klychkov <aklychko@redhat.com>

CHANGELOG.rst

@@ -4,6 +4,74 @@ ansible.posix Release Notes
 
 .. contents:: Topics
 
+v2.0.0
+======
+
+Release Summary
+---------------
+
+This is the major release of the ``ansible.posix`` collection.
+This changelog contains all changes to the modules and plugins
+in this collection that have been added after the release of
+``ansible.posix`` 1.6.2
+
+Minor Changes
+-------------
+
+- authorized_keys - allow using absolute path to a file as a SSH key(s) source (https://github.com/ansible-collections/ansible.posix/pull/568)
+- callback plugins - Add recap information to timer, profile_roles and profile_tasks callback outputs (https://github.com/ansible-collections/ansible.posix/pull/387).
+
+Breaking Changes / Porting Guide
+--------------------------------
+
+- firewalld - Changed the type of forward and masquerade options from str to bool (https://github.com/ansible-collections/ansible.posix/issues/582).
+- firewalld - Changed the type of icmp_block_inversion option from str to bool (https://github.com/ansible-collections/ansible.posix/issues/586).
+
+Removed Features (previously deprecated)
+----------------------------------------
+
+- skippy - Remove skippy pluglin as it is no longer supported(https://github.com/ansible-collections/ansible.posix/issues/350).
+
+Bugfixes
+--------
+
+- acl - Fixed to set ACLs on paths mounted with NFS version 4 correctly (https://github.com/ansible-collections/ansible.posix/issues/240).
+- mount - Handle ``boot`` option on Linux, NetBSD and OpenBSD correctly (https://github.com/ansible-collections/ansible.posix/issues/364).
+- mount - If a comment is appended to a fstab entry, state present creates a double-entry (https://github.com/ansible-collections/ansible.posix/issues/595).
+
+v1.6.2
+======
+
+Release Summary
+---------------
+
+This is the bugfix release of the stable version ``ansible.posix`` collection.
+This changelog contains all changes to the modules and plugins
+in this collection that have been added after the release of
+``ansible.posix`` 1.6.1.
+
+Bugfixes
+--------
+
+- backport - Drop ansible-core 2.14 and set 2.15 minimum version (https://github.com/ansible-collections/ansible.posix/issues/578).
+
+v1.6.1
+======
+
+Release Summary
+---------------
+
+This is the bugfix release of the stable version ``ansible.posix`` collection.
+This changelog contains all changes to the modules and plugins
+in this collection that have been added after the release of
+``ansible.posix`` 1.6.1.
+
+Bugfixes
+--------
+
+- acl - Fixed to set ACLs on paths mounted with NFS version 4 correctly (https://github.com/ansible-collections/ansible.posix/issues/240).
+- mount - Handle ``boot`` option on Linux, NetBSD and OpenBSD correctly (https://github.com/ansible-collections/ansible.posix/issues/364).
+- skippy - Revert removal of skippy plugin. It will be removed in version 2.0.0 (https://github.com/ansible-collections/ansible.posix/issues/573).
 
 v1.6.0
 ======

changelogs/changelog.yaml

@@ -405,3 +405,88 @@ releases:
     - dropping-ansible29.yml
     - test-reqs.yml
     release_date: '2024-09-11'
+  1.6.1:
+    changes:
+      bugfixes:
+      - acl - Fixed to set ACLs on paths mounted with NFS version 4 correctly (https://github.com/ansible-collections/ansible.posix/issues/240).
+      - mount - Handle ``boot`` option on Linux, NetBSD and OpenBSD correctly (https://github.com/ansible-collections/ansible.posix/issues/364).
+      - skippy - Revert removal of skippy plugin. It will be removed in version 2.0.0
+        (https://github.com/ansible-collections/ansible.posix/issues/573).
+      release_summary: 'This is the bugfix release of the stable version ``ansible.posix``
+        collection.
+
+        This changelog contains all changes to the modules and plugins
+
+        in this collection that have been added after the release of
+
+        ``ansible.posix`` 1.6.1.'
+    fragments:
+    - 1.6.1.yml
+    - 365-boot-linux.yml
+    - 566_bump_version_161.yml
+    - 567_remove_version_added.yml
+    - 570_nfs4_acl.yml
+    - 571_ci_bump_core_version.yml
+    - 572_revert_removal_of_skippy.yml
+    release_date: '2024-10-11'
+  1.6.2:
+    changes:
+      bugfixes:
+      - backport - Drop ansible-core 2.14 and set 2.15 minimum version (https://github.com/ansible-collections/ansible.posix/issues/578).
+      release_summary: 'This is the bugfix release of the stable version ``ansible.posix``
+        collection.
+
+        This changelog contains all changes to the modules and plugins
+
+        in this collection that have been added after the release of
+
+        ``ansible.posix`` 1.6.1.'
+    fragments:
+    - 1.6.2.yml
+    - 580_drop_ansible214.yml
+    release_date: '2024-10-22'
+  2.0.0:
+    changes:
+      breaking_changes:
+      - firewalld - Changed the type of forward and masquerade options from str to
+        bool (https://github.com/ansible-collections/ansible.posix/issues/582).
+      - firewalld - Changed the type of icmp_block_inversion option from str to bool
+        (https://github.com/ansible-collections/ansible.posix/issues/586).
+      bugfixes:
+      - acl - Fixed to set ACLs on paths mounted with NFS version 4 correctly (https://github.com/ansible-collections/ansible.posix/issues/240).
+      - mount - Handle ``boot`` option on Linux, NetBSD and OpenBSD correctly (https://github.com/ansible-collections/ansible.posix/issues/364).
+      - mount - If a comment is appended to a fstab entry, state present creates a
+        double-entry (https://github.com/ansible-collections/ansible.posix/issues/595).
+      minor_changes:
+      - authorized_keys - allow using absolute path to a file as a SSH key(s) source
+        (https://github.com/ansible-collections/ansible.posix/pull/568)
+      - callback plugins - Add recap information to timer, profile_roles and profile_tasks
+        callback outputs (https://github.com/ansible-collections/ansible.posix/pull/387).
+      release_summary: 'This is the major release of the ``ansible.posix`` collection.
+
+        This changelog contains all changes to the modules and plugins
+
+        in this collection that have been added after the release of
+
+        ``ansible.posix`` 1.6.2'
+      removed_features:
+      - skippy - Remove skippy pluglin as it is no longer supported(https://github.com/ansible-collections/ansible.posix/issues/350).
+    fragments:
+    - 2.0.0.yml
+    - 365-boot-linux.yml
+    - 387_callback_output_header.yml
+    - 556_remove_skippy_callback.yml
+    - 566_bump_version_161.yml
+    - 567_remove_version_added.yml
+    - 568_update_authorized_key.yml
+    - 570_nfs4_acl.yml
+    - 571_ci_bump_core_version.yml
+    - 576_bump_version_2.yml
+    - 581_ci_selinux.yml
+    - 584_firewalld_opt_type.yml
+    - 587_update_README.yml
+    - 588_ci_enable_devel.yml
+    - 593_replace_freebsd_version.yml
+    - 597_remove_fstab_comment_on_updating.yml
+    - 598_icmp_block_inversion.yml
+    release_date: '2024-12-04'

changelogs/fragments/365-boot-linux.yml

@@ -1,3 +0,0 @@
----
-bugfixes:
-  - mount - Handle ``boot`` option on Linux, NetBSD and OpenBSD correctly (https://github.com/ansible-collections/ansible.posix/issues/364).

changelogs/fragments/387_callback_output_header.yml

@@ -1,3 +0,0 @@
----
-minor_changes:
-  - callback plugins - Add recap information to timer, profile_roles and profile_tasks callback outputs (https://github.com/ansible-collections/ansible.posix/pull/387).

changelogs/fragments/566_bump_version_161.yml

@@ -1,3 +0,0 @@
----
-trivial:
-  - Bump version to 1.6.1 for next release.

changelogs/fragments/567_remove_version_added.yml

@@ -1,3 +0,0 @@
----
-trivial:
-  - mount - remove wrong version_added section from ``opts_no_log``.

changelogs/fragments/568_update_authorized_key.yml

@@ -1,3 +0,0 @@
----
-minor_changes:
-  - authorized_keys - allow using absolute path to a file as a SSH key(s) source (https://github.com/ansible-collections/ansible.posix/pull/568)

changelogs/fragments/569_keep_mountpoint.yml

@@ -0,0 +1,3 @@
+---
+minor_changes:
+- keep_mountpoint - added keep_mountpoint option with default value false. If set to true keep_mountpoint changes the behaviour of state\: absent by keeping the mountpoint.

changelogs/fragments/570_nfs4_acl.yml

@@ -1,3 +0,0 @@
----
-bugfixes:
-  - acl - Fixed to set ACLs on paths mounted with NFS version 4 correctly (https://github.com/ansible-collections/ansible.posix/issues/240).

changelogs/fragments/571_ci_bump_core_version.yml

@@ -1,3 +0,0 @@
----
-trivial:
-  - Bump ansible-core version to 2.19 of devel branch and add 2.18 to CI.

changelogs/fragments/576_bump_version_2.yml

@@ -1,3 +0,0 @@
----
-trivial:
-  - Bump ansible.posix version to 2.0.0.

changelogs/fragments/581_ci_selinux.yml

@@ -1,3 +0,0 @@
----
-trivial:
-  - selinux - conditions for selinux integration tests have been modified to be more accurate.

changelogs/fragments/584_firewalld_opt_type.yml

@@ -1,3 +0,0 @@
----
-breaking_changes:
-  - firewalld - Changed the type of forward and masquerade options from str to bool (https://github.com/ansible-collections/ansible.posix/issues/582).

changelogs/fragments/587_update_README.yml

@@ -1,3 +0,0 @@
----
-trivial:
-  - README.md - update README to cover RH guidelines (https://github.com/ansible-collections/ansible.posix/issues/585).

changelogs/fragments/588_ci_enable_devel.yml

@@ -1,3 +0,0 @@
----
-trivial:
-  - Enabled remote and docker integration tests for devel branch.

changelogs/fragments/593_replace_freebsd_version.yml

@@ -1,3 +0,0 @@
----
-trivial:
-  - Replaced FreeBSD version 13.3 with 13.4 and 14.1 in CI for devel branch.

plugins/modules/firewalld.py

@@ -74,7 +74,8 @@ options:
   icmp_block_inversion:
     description:
       - Enable/Disable inversion of ICMP blocks for a zone in firewalld.
-    type: str
+      - Note that the option type is changed to bool in ansible.posix version 2.0.0 and later.
+    type: bool
   zone:
     description:
       - The firewalld zone to add/remove to/from.
@@ -152,7 +153,7 @@ author:
 '''
 
 EXAMPLES = r'''
-- name: permanently enable https service, also enable it immediately if possible
+- name: Permanently enable https service, also enable it immediately if possible
   ansible.posix.firewalld:
     service: https
     state: enabled
@@ -160,81 +161,92 @@ EXAMPLES = r'''
     immediate: true
     offline: true
 
-- name: permit traffic in default zone for https service
+- name: Permit traffic in default zone for https service
   ansible.posix.firewalld:
     service: https
     permanent: true
     state: enabled
 
-- name: permit ospf traffic
+- name: Permit ospf traffic
   ansible.posix.firewalld:
     protocol: ospf
     permanent: true
     state: enabled
 
-- name: do not permit traffic in default zone on port 8081/tcp
+- name: Do not permit traffic in default zone on port 8081/tcp
   ansible.posix.firewalld:
     port: 8081/tcp
     permanent: true
     state: disabled
 
-- ansible.posix.firewalld:
+- name: Permit traffic in default zone on port 161-162/ucp
+  ansible.posix.firewalld:
     port: 161-162/udp
     permanent: true
     state: enabled
 
-- ansible.posix.firewalld:
+- name: Permit traffic in dmz zone on http service
+  ansible.posix.firewalld:
     zone: dmz
     service: http
     permanent: true
     state: enabled
 
-- ansible.posix.firewalld:
+- name: Enable FTP service with rate limiting using firewalld rich rule
+  ansible.posix.firewalld:
     rich_rule: rule service name="ftp" audit limit value="1/m" accept
     permanent: true
     state: enabled
 
-- ansible.posix.firewalld:
+- name: Allow traffic from 192.0.2.0/24 in internal zone
+  ansible.posix.firewalld:
     source: 192.0.2.0/24
     zone: internal
     state: enabled
 
-- ansible.posix.firewalld:
+- name: Assign eth2 interface to trusted zone
+  ansible.posix.firewalld:
     zone: trusted
     interface: eth2
     permanent: true
     state: enabled
 
-- ansible.posix.firewalld:
+- name: Enable forwarding in internal zone
+  ansible.posix.firewalld:
     forward: true
     state: enabled
     permanent: true
     zone: internal
 
-- ansible.posix.firewalld:
+- name: Enable masquerade in dmz zone
+  ansible.posix.firewalld:
     masquerade: true
     state: enabled
     permanent: true
     zone: dmz
 
-- ansible.posix.firewalld:
+- name: Create custom zone if not already present
+  ansible.posix.firewalld:
     zone: custom
     state: present
     permanent: true
 
-- ansible.posix.firewalld:
+- name: Enable ICMP block inversion in drop zone
+  ansible.posix.firewalld:
     zone: drop
     state: enabled
     permanent: true
     icmp_block_inversion: true
 
-- ansible.posix.firewalld:
+- name: Block ICMP echo requests in drop zone
+  ansible.posix.firewalld:
     zone: drop
     state: enabled
     permanent: true
     icmp_block: echo-request
 
-- ansible.posix.firewalld:
+- name: Set internal zone target to ACCEPT
+  ansible.posix.firewalld:
     zone: internal
     state: present
     permanent: true
@@ -250,7 +262,6 @@ EXAMPLES = r'''
 '''
 
 from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.parsing.convert_bool import boolean
 from ansible_collections.ansible.posix.plugins.module_utils.firewalld import FirewallTransaction, fw_offline
 
 try:
@@ -864,7 +875,7 @@ def main():
     module = AnsibleModule(
         argument_spec=dict(
             icmp_block=dict(type='str'),
-            icmp_block_inversion=dict(type='str'),
+            icmp_block_inversion=dict(type='bool'),
             service=dict(type='str'),
             protocol=dict(type='str'),
             port=dict(type='str'),
@@ -987,16 +998,7 @@ def main():
             msgs.append("Changed icmp-block %s to %s" % (icmp_block, desired_state))
 
     if icmp_block_inversion is not None:
-        # Type of icmp_block_inversion will be changed to boolean in a future release.
+        expected_state = 'enabled' if (desired_state == 'enabled') == icmp_block_inversion else 'disabled'
-        icmp_block_inversion_status = True
-        try:
-            icmp_block_inversion_status = boolean(icmp_block_inversion, True)
-        except TypeError:
-            module.warn('The value of the icmp_block_inversion option is "%s". '
-                        'The type of the option will be changed from string to boolean in a future release. '
-                        'To avoid unexpected behavior, please change the value to boolean.' % icmp_block_inversion)
-        expected_state = 'enabled' if (desired_state == 'enabled') == icmp_block_inversion_status else 'disabled'
-
         transaction = IcmpBlockInversionTransaction(
             module,
             action_args=(),

plugins/modules/mount.py

@@ -87,7 +87,8 @@ options:
         real source. V(absent) does not unmount recursively, and the module will
         fail if multiple devices are mounted on the same mount point. Using
         V(absent) with a mount point that is not registered in the I(fstab) has
-        no effect, use V(unmounted) instead.
+        no effect, use V(unmounted) instead. You can set O(keep_mountpoint) to
+        True to keep the mountpoint.
       - V(remounted) specifies that the device will be remounted for when you
         want to force a refresh on the mount itself (added in 2.9). This will
         always return RV(ignore:changed=true). If O(opts) is set, the options will be
@@ -132,6 +133,16 @@ options:
         the original file back if you somehow clobbered it incorrectly.
     type: bool
     default: false
+  keep_mountpoint:
+    description:
+    - Change the default behaviour of state=absent by keeping the mountpoint
+    - With keep_mountpoint=true, state=absent is like unmounted plus the
+      fstab update.
+    - Use it if you care about finding original mountpoint content without failing
+      and want to remove the entry in fstab. If you have no entry to clean in
+      fstab you can use state=unmounted
+    type: bool
+    default: false
 notes:
   - As of Ansible 2.3, the O(name) option has been changed to O(path) as
     default, but O(name) still works as well.
@@ -175,6 +186,23 @@ EXAMPLES = r'''
     path: /tmp/mnt-pnt
     state: remounted
 
+# The following will fail on first run
+# if /home/mydir is not empty after unmounting,
+# though unmount and remove from fstab are successfull.
+# It will be successfull on subsequent runs (already unmounted).
+- name: Unmount and remove from fstab, then if unmount was necessary try to remove mountpoint /home/mydir
+  ansible.posix.mount:
+    path: /home/mydir
+    state: absent
+# The following will not fail on first run
+# if /home/mydir is not empty after unmounting.
+# It will leave /home/mydir and its content (if any) after unmounting.
+- name: Unmount and remove from fstab, but keep /home/mydir
+  ansible.posix.mount:
+    path: /home/mydir
+    state: absent
+    keep_mountpoint: true
+
 # The following will not save changes to fstab, and only be temporary until
 # a reboot, or until calling "state: unmounted" followed by "state: mounted"
 # on the same "path"
@@ -303,7 +331,7 @@ def _set_mount_save_old(module, args):
 
             continue
 
-        fields = line.split()
+        fields = line.split('#')[0].split()
 
         # Check if we got a valid line for splitting
         # (on Linux the 5th and the 6th field is optional)
@@ -779,6 +807,7 @@ def main():
             src=dict(type='path'),
             backup=dict(type='bool', default=False),
             state=dict(type='str', required=True, choices=['absent', 'absent_from_fstab', 'mounted', 'present', 'unmounted', 'remounted', 'ephemeral']),
+            keep_mountpoint=dict(type='bool', default=False),
         ),
         supports_check_mode=True,
         required_if=(
@@ -896,7 +925,7 @@ def main():
                     module.fail_json(
                         msg="Error unmounting %s: %s" % (name, msg))
 
-            if os.path.exists(name):
+            if os.path.exists(name) and module.params['keep_mountpoint'] is False:
                 try:
                     os.rmdir(name)
                 except (OSError, IOError) as e:

tests/integration/targets/firewalld/tasks/icmp_block_inversion_test_cases.yml

@@ -114,60 +114,3 @@
       ansible.builtin.assert:
         that:
           - result is not changed
-
-# Validate backwards compatible behavior until icmp block inversion is switched from string to boolean type
-- name: Icmp block inversion enabled when icmp block inversion is non-boolean string and state is enabled
-  block:
-    - name: Testing enable icmp block inversion
-      ansible.posix.firewalld:
-        zone: trusted
-        icmp_block_inversion: some string
-        permanent: true
-        state: enabled
-      register: result
-
-    - name: Assert icmp block inversion is enabled
-      ansible.builtin.assert:
-        that:
-          - result is changed
-
-    - name: Testing enable icmp block inversion (verify not changed)
-      ansible.posix.firewalld:
-        zone: trusted
-        icmp_block_inversion: some string
-        permanent: true
-        state: enabled
-      register: result
-
-    - name: Assert icmp block inversion is enabled (verify not changed)
-      ansible.builtin.assert:
-        that:
-          - result is not changed
-
-- name: Icmp block inversion disabled when icmp block inversion is non-boolean string and state is disabled
-  block:
-    - name: Testing disable icmp block inversion
-      ansible.posix.firewalld:
-        zone: trusted
-        icmp_block_inversion: some string
-        permanent: true
-        state: disabled
-      register: result
-
-    - name: Assert icmp block inversion is disabled
-      ansible.builtin.assert:
-        that:
-          - result is changed
-
-    - name: Testing disable icmp block inversion (verify not changed)
-      ansible.posix.firewalld:
-        zone: trusted
-        icmp_block_inversion: some string
-        permanent: true
-        state: disabled
-      register: result
-
-    - name: Assert icmp block inversion is disabled (verify not changed)
-      ansible.builtin.assert:
-        that:
-          - result is not changed

tests/integration/targets/mount/tasks/main.yml

@@ -808,3 +808,85 @@
       loop:
         - /tmp/myfs.img
         - /tmp/myfs
+
+- name: Block to test keep_mountpoint option
+  block:
+  - name: Create the mount point
+    ansible.builtin.file:
+      state: directory
+      path: '/tmp/myfs'
+      mode: '0755'
+
+  - name: Create empty file for FS aaa
+    community.general.filesize:
+      path: /tmp/myfs.img
+      size: 20M
+
+  - name: Format FS bbb
+    community.general.filesystem:
+      fstype: xfs
+      dev: /tmp/myfs.img
+
+  - name: Put data in the mount point before mounting
+    ansible.builtin.copy:
+      content: 'Testing
+        This is the data before mounting
+        '
+      dest: '/tmp/myfs/test_file'
+      mode: '0644'
+    register: file_before_info
+
+  - name: Mount with fstab
+    ansible.posix.mount:
+      path: '/tmp/myfs'
+      fstype: xfs
+      state: mounted
+      src: '/tmp/myfs.img'
+
+  - name: Check data disappears - stat data
+    ansible.builtin.stat:
+      path: '/tmp/myfs/test_file'
+    register: file_stat_after_mount
+  - name: Check data disappears - file does not exist
+    ansible.builtin.assert:
+      that:
+      - file_stat_after_mount['stat']['exists'] == false
+  - name: Put data in the mount point after mounting
+    ansible.builtin.copy:
+      content: 'Testing
+        This is the data updated after mounting
+        '
+      dest: '/tmp/myfs/test_file'
+      mode: '0644'
+    register: file_after_info
+  - name: Umount with keep_mountpoint
+    ansible.posix.mount:
+      path: '/tmp/myfs'
+      fstype: xfs
+      state: absent
+      keep_mountpoint: true
+  - name: Check original data reappears - stat data
+    ansible.builtin.stat:
+      path: '/tmp/myfs/test_file'
+    register: file_stat_after_umount
+  - name: Check original data reappears - compare checksums
+    ansible.builtin.assert:
+      that:
+      - file_stat_after_umount['stat']['checksum'] == file_before_info['checksum']
+  always:
+    - name: Remove the first test file
+      ansible.builtin.file:
+        path: /tmp/myfs/test_file
+        state: absent
+    - name: Unmount FS
+      ansible.posix.mount:
+        path: /tmp/myfs
+        state: absent
+    - name: Remove the test FS and the second test file
+      ansible.builtin.file:
+        path: '{{ item }}'
+        state: absent
+      loop:
+        - /tmp/myfs/test_file
+        - /tmp/myfs.img
+        - /tmp/myfs