carroarmato0/ansible.posix
1
0
Fork 0
mirror of https://github.com/ansible-collections/ansible.posix.git synced 2026-01-11 23:25:28 +01:00
Code Issues Projects Releases Packages Wiki Activity

Compare commits

base: carroarmato0:e31700d993552a1364db31142226afd58c4d5849
Branches Tags
carroarmato0:main
carroarmato0:stable-2
carroarmato0:stable-1
carroarmato0:2.1.0
carroarmato0:2.0.0
carroarmato0:1.6.2
carroarmato0:1.6.1
carroarmato0:1.6.0
carroarmato0:1.5.4
carroarmato0:1.5.2
carroarmato0:1.5.1
carroarmato0:1.5.0
carroarmato0:1.4.0
carroarmato0:1.3.0
carroarmato0:1.2.0
carroarmato0:1.1.1
carroarmato0:1.1.0
carroarmato0:1.0.0
carroarmato0:0.1.3
carroarmato0:0.1.2
carroarmato0:0.1.1
..
compare: carroarmato0:b12095af90d18de1bccfcfc7552bad845718843a
Branches Tags
carroarmato0:stable-2
carroarmato0:main
carroarmato0:stable-1
carroarmato0:2.1.0
carroarmato0:2.0.0
carroarmato0:1.6.2
carroarmato0:1.6.1
carroarmato0:1.6.0
carroarmato0:1.5.4
carroarmato0:1.5.2
carroarmato0:1.5.1
carroarmato0:1.5.0
carroarmato0:1.4.0
carroarmato0:1.3.0
carroarmato0:1.2.0
carroarmato0:1.1.1
carroarmato0:1.1.0
carroarmato0:1.0.0
carroarmato0:0.1.3
carroarmato0:0.1.2
carroarmato0:0.1.1

2 commits
e31700d993 ... b12095af90

Author SHA1 Message Date
Abhijeet Kasurde
b12095af90 Add changelog fragment 
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
 2024-07-17 15:58:15 -07:00
Mohammed Naser
baea26a137 synchronize: use _find_needle instead 2024-07-17 15:57:04 -07:00
51 changed files with 379 additions and 1136 deletions
Show stats Expand all files Collapse all files

52
.azure-pipelines/azure-pipelines.yml
View file

@ -57,21 +57,6 @@ stages:
test: units
- name: Lint
test: lint
- stage: Sanity_2_18
displayName: Ansible 2.18 sanity
dependsOn: []
jobs:
- template: templates/matrix.yml
parameters:
nameFormat: "{0}"
testFormat: 2.18/{0}
targets:
- name: Sanity
test: sanity
- name: Units
test: units
- name: Lint
test: lint
- stage: Sanity_2_17
displayName: Ansible 2.17 sanity
dependsOn: []
@ -121,20 +106,6 @@ stages:
- template: templates/matrix.yml
parameters:
testFormat: devel/linux/{0}/1
targets:
- name: Fedora 41
test: fedora41
- name: Ubuntu 22.04
test: ubuntu2204
- name: Ubuntu 24.04
test: ubuntu2404
- stage: Docker_2_18
displayName: Docker 2.18
dependsOn: []
jobs:
- template: templates/matrix.yml
parameters:
testFormat: 2.18/linux/{0}/1
targets:
- name: Fedora 40
test: fedora40
@ -152,6 +123,8 @@ stages:
targets:
- name: Fedora 39
test: fedora39
- name: Ubuntu 20.04
test: ubuntu2004
- name: Ubuntu 22.04
test: ubuntu2204
- stage: Docker_2_16
@ -166,6 +139,8 @@ stages:
test: centos7
- name: Fedora 38
test: fedora38
- name: Ubuntu 20.04
test: ubuntu2004
- name: Ubuntu 22.04
test: ubuntu2204
@ -183,6 +158,8 @@ stages:
test: fedora37
- name: openSUSE 15 py3
test: opensuse15
- name: Ubuntu 20.04
test: ubuntu2004
- name: Ubuntu 22.04
test: ubuntu2204
@ -194,20 +171,6 @@ stages:
- template: templates/matrix.yml
parameters:
testFormat: devel/{0}/1
targets:
- name: RHEL 9.5
test: rhel/9.5
- name: FreeBSD 14.2
test: freebsd/14.2
- name: FreeBSD 13.5
test: freebsd/13.5
- stage: Remote_2_18
displayName: Remote 2.18
dependsOn: []
jobs:
- template: templates/matrix.yml
parameters:
testFormat: 2.18/{0}/1
targets:
- name: RHEL 9.4
test: rhel/9.4
@ -271,9 +234,6 @@ stages:
- Sanity_2_17
- Remote_2_17
- Docker_2_17
- Sanity_2_18
- Remote_2_18
- Docker_2_18
- Sanity_devel
- Remote_devel
- Docker_devel

1
.github/BOTMETA.yml vendored
View file

@ -40,6 +40,7 @@ files:
labels: debug
$plugins/patch.py:
labels: patch
$plugins/skippy.py:
$plugins/synchronize.py:
labels: synchronize
$plugins/timer.py:

110
CHANGELOG.rst
View file

@ -4,116 +4,6 @@ ansible.posix Release Notes
.. contents:: Topics
v2.0.0
======
Release Summary
---------------
This is the major release of the ``ansible.posix`` collection.
This changelog contains all changes to the modules and plugins
in this collection that have been added after the release of
``ansible.posix`` 1.6.2
Minor Changes
-------------
- authorized_keys - allow using absolute path to a file as a SSH key(s) source (https://github.com/ansible-collections/ansible.posix/pull/568)
- callback plugins - Add recap information to timer, profile_roles and profile_tasks callback outputs (https://github.com/ansible-collections/ansible.posix/pull/387).
Breaking Changes / Porting Guide
--------------------------------
- firewalld - Changed the type of forward and masquerade options from str to bool (https://github.com/ansible-collections/ansible.posix/issues/582).
- firewalld - Changed the type of icmp_block_inversion option from str to bool (https://github.com/ansible-collections/ansible.posix/issues/586).
Removed Features (previously deprecated)
----------------------------------------
- skippy - Remove skippy pluglin as it is no longer supported(https://github.com/ansible-collections/ansible.posix/issues/350).
Bugfixes
--------
- acl - Fixed to set ACLs on paths mounted with NFS version 4 correctly (https://github.com/ansible-collections/ansible.posix/issues/240).
- mount - Handle ``boot`` option on Linux, NetBSD and OpenBSD correctly (https://github.com/ansible-collections/ansible.posix/issues/364).
- mount - If a comment is appended to a fstab entry, state present creates a double-entry (https://github.com/ansible-collections/ansible.posix/issues/595).
v1.6.2
======
Release Summary
---------------
This is the bugfix release of the stable version ``ansible.posix`` collection.
This changelog contains all changes to the modules and plugins
in this collection that have been added after the release of
``ansible.posix`` 1.6.1.
Bugfixes
--------
- backport - Drop ansible-core 2.14 and set 2.15 minimum version (https://github.com/ansible-collections/ansible.posix/issues/578).
v1.6.1
======
Release Summary
---------------
This is the bugfix release of the stable version ``ansible.posix`` collection.
This changelog contains all changes to the modules and plugins
in this collection that have been added after the release of
``ansible.posix`` 1.6.1.
Bugfixes
--------
- acl - Fixed to set ACLs on paths mounted with NFS version 4 correctly (https://github.com/ansible-collections/ansible.posix/issues/240).
- mount - Handle ``boot`` option on Linux, NetBSD and OpenBSD correctly (https://github.com/ansible-collections/ansible.posix/issues/364).
- skippy - Revert removal of skippy plugin. It will be removed in version 2.0.0 (https://github.com/ansible-collections/ansible.posix/issues/573).
v1.6.0
======
Release Summary
---------------
This is the minor release of the ``ansible.posix`` collection.
This changelog contains all changes to the modules and plugins
in this collection that have been added after the release of
``ansible.posix`` 1.5.4.
Major Changes
-------------
- Dropping support for Ansible 2.9, ansible-core 2.15 will be minimum required version for this release
Minor Changes
-------------
- Add summary_only parameter to profile_roles and profile_tasks callbacks.
- firewalld - add functionality to set forwarding (https://github.com/ansible-collections/ansible.posix/pull/548).
- firewalld - added offline flag implementation (https://github.com/ansible-collections/ansible.posix/pull/484)
- firewalld - respawn module to use the system python interpreter when the ``firewall`` python module is not available for ``ansible_python_interpreter`` (https://github.com/ansible-collections/ansible.posix/pull/460).
- firewalld_info - Only warn about ignored zones, when there are zones ignored.
- firewalld_info - respawn module to use the system python interpreter when the ``firewall`` python module is not available for ``ansible_python_interpreter`` (https://github.com/ansible-collections/ansible.posix/pull/460).
- mount - add no_log option for opts parameter (https://github.com/ansible-collections/ansible.posix/pull/563).
- seboolean - respawn module to use the system python interpreter when the ``selinux`` python module is not available for ``ansible_python_interpreter`` (https://github.com/ansible-collections/ansible.posix/pull/460).
- selinux - respawn module to use the system python interpreter when the ``selinux`` python module is not available for ``ansible_python_interpreter`` (https://github.com/ansible-collections/ansible.posix/pull/460).
Removed Features (previously deprecated)
----------------------------------------
- skippy - Remove skippy pluglin as it is no longer supported(https://github.com/ansible-collections/ansible.posix/issues/350).
Bugfixes
--------
- Bugfix in the documentation regarding the path option for authorised_key(https://github.com/ansible-collections/ansible.posix/issues/483).
- seboolean - make it work with disabled SELinux
- synchronize - maintain proper formatting of the remote paths (https://github.com/ansible-collections/ansible.posix/pull/361).
- sysctl - fix sysctl to work properly on symlinks (https://github.com/ansible-collections/ansible.posix/issues/111).
v1.5.4
======

120
README.md
View file

@ -4,110 +4,84 @@
https://dev.azure.com/ansible/ansible.posix/_apis/build/status/CI?branchName=main)](https://dev.azure.com/ansible/ansible.posix/_build?definitionId=26)
[![Run Status](https://api.shippable.com/projects/5e669aaf8b17a60007e4d18d/badge?branch=main)]() <!--[![Codecov](https://img.shields.io/codecov/c/github/ansible-collections/ansible.posix)](https://codecov.io/gh/ansible-collections/ansible.posix)-->
## Communication
* Join the Ansible forum:
* [Get Help](https://forum.ansible.com/c/help/6): get help or help others.
* [Social Spaces](https://forum.ansible.com/c/chat/4): gather and interact with fellow enthusiasts.
* [News & Announcements](https://forum.ansible.com/c/news/5): track project-wide announcements including social events.
## Description
<!-- Describe the collection and why a user would want to use it. What does the collection do? -->
An Ansible Collection of modules and plugins that target POSIX UNIX/Linux and derivative Operating Systems.
## Requirements
## Supported Versions of Ansible
<!--start requires_ansible-->
## Ansible version compatibility
* Python:
* The Python interpreter version must meet Ansible Core's requirements.
* Ansible Core:
- ansible-core 2.15 or later
This collection has been tested against following Ansible versions: **>=2.14**.
<!--end requires_ansible-->
## Installation
## Included content
Check out [Ansible Galaxy](https://galaxy.ansible.com/ui/repo/published/ansible/posix/content/) or [the Ansible documentation](https://docs.ansible.com/ansible/devel/collections/ansible/posix/) for all modules and plugins included in this collection.
Before using this collection, you need to install it with the Ansible Galaxy command-line tool:
## Installing this collection
```shell
ansible-galaxy collection install ansible.posix
```
You can install the ``ansible.posix`` collection with the Ansible Galaxy CLI:
You can also include it in a requirements.yml file and install it with ansible-galaxy collection install -r requirements.yml, using the format:
ansible-galaxy collection install ansible.posix
You can also include it in a `requirements.yml` file and install it with `ansible-galaxy collection install -r requirements.yml`, using the format:
```yaml
---
collections:
- name: ansible.posix
```
Note that if you install any collections from Ansible Galaxy, they will not be upgraded automatically when you upgrade the Ansible package.
To upgrade the collection to the latest available version, run the following command:
## Using this collection
```shell
ansible-galaxy collection install ansible.posix --upgrade
```
<!--Include some quick examples that cover the most common use cases for your collection content. -->
You can also install a specific version of the collection, for example, if you need to downgrade when something is broken in the latest version (please report an issue in this repository). Use the following syntax to install version 1.0.0:
See [Ansible Using collections](https://docs.ansible.com/ansible/latest/user_guide/collections_using.html) for more details.
```shell
ansible-galaxy collection install ansible.posix:==1.0.0
```
## Contributing to this collection
See [using Ansible collections](https://docs.ansible.com/ansible/devel/user_guide/collections_using.html) for more details.
<!--Describe how the community can contribute to your collection. At a minimum, include how and where users can create issues to report problems or request features for this collection. List contribution requirements, including preferred workflows and necessary testing, so you can benefit from community PRs. If you are following general Ansible contributor guidelines, you can link to - [Ansible Community Guide](https://docs.ansible.com/ansible/latest/community/index.html). -->
* The Ansible [Bullhorn newsletter](https://docs.ansible.com/ansible/devel/community/communication.html#the-bullhorn): used to announce releases and important changes.
For more information about communication, see the [Ansible communication guide](https://docs.ansible.com/ansible/devel/community/communication.html).
## Use Cases
You can see the general use-cases as an example by `ansible-doc` command like below.
For example, ansible.posix.firewalld module:
```shell
ansible-doc ansible.posix.firewalld
```
Also, if you want to confirm the plugins descriptions, you can follow the following option with `ansible-doc` command:
For example, ansible.posix.profile_tasks callback plugin:
```shell
ansible-doc -t callback ansible.posix.profile_tasks
```
## Testing
The following ansible-core versions have been tested with this collection:
- ansible-core 2.19 (devel)
- ansible-core 2.18 (stable) *
- ansible-core 2.17 (stable)
- ansible-core 2.16 (stable)
- ansible-core 2.15 (stable)
## Contributing
We welcome community contributions to this collection. For more details, see [Contributing to Ansible-maintained collections](https://docs.ansible.com/ansible/devel/community/contributing_maintained_collections.html#contributing-maintained-collections) for complete details.
We welcome community contributions to this collection. See [Contributing to Ansible-maintained collections](https://docs.ansible.com/ansible/devel/community/contributing_maintained_collections.html#contributing-maintained-collections) for complete details.
* [Issues](https://github.com/ansible-collections/ansible.posix/issues)
* [Pull Requests](https://github.com/ansible-collections/ansible.posix/pulls)
* [Ansible Community Guide](https://docs.ansible.com/ansible/latest/community/index.html)
### Code of Conduct
This collection follows the Ansible project's
[Code of Conduct](https://docs.ansible.com/ansible/devel/community/code_of_conduct.html).
Please read and familiarize yourself with this document.
## Support
See [Communication](#Communication) section.
## Release Notes and Roadmap
## Release notes
See [changelog](https://github.com/ansible-collections/ansible.posix/blob/main/CHANGELOG.rst) for more details.
## Related Information
## External requirements
This document was written using the following [template](https://access.redhat.com/articles/7068606).
None
The README has been carefully prepared to cover the [community template](https://github.com/ansible-collections/collection_template/blob/main/README.md), but if you find any problems, please file a [documentation issue](https://github.com/ansible-collections/ansible.posix/issues/new?assignees=&labels=&projects=&template=documentation_report.md).
## Tested with Ansible
## License Information
<!-- List the versions of Ansible the collection has been tested with. Must match what is in galaxy.yml. -->
- ansible-core 2.17 (devel)
- ansible-core 2.16 (stable)
- ansible-core 2.15 (stable)
- ansible-core 2.14 (stable)
## Roadmap
<!-- Optional. Include the roadmap for this collection, and the proposed release/versioning strategy so users can anticipate the upgrade/update cycle. -->
## More information
<!-- List out where the user can find additional information, such as working group meeting times, slack/IRC channels, or documentation for the product this collection automates. At a minimum, link to: -->
- [Ansible Collection overview](https://github.com/ansible-collections/overview)
- [Ansible User guide](https://docs.ansible.com/ansible/latest/user_guide/index.html)
- [Ansible Developer guide](https://docs.ansible.com/ansible/latest/dev_guide/index.html)
- [Ansible Community code of conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html)
## Licensing
GNU General Public License v3.0 or later.

143
changelogs/changelog.yaml
View file

@ -347,146 +347,3 @@ releases:
- 451_firewall_fix_protocol_parameter.yml
- 456_sysctl_fix_nonetype.yml
release_date: '2023-05-10'
1.6.0:
changes:
bugfixes:
- Bugfix in the documentation regarding the path option for authorised_key(https://github.com/ansible-collections/ansible.posix/issues/483).
- seboolean - make it work with disabled SELinux
- synchronize - maintain proper formatting of the remote paths (https://github.com/ansible-collections/ansible.posix/pull/361).
- sysctl - fix sysctl to work properly on symlinks (https://github.com/ansible-collections/ansible.posix/issues/111).
major_changes:
- Dropping support for Ansible 2.9, ansible-core 2.15 will be minimum required
version for this release
minor_changes:
- Add summary_only parameter to profile_roles and profile_tasks callbacks.
- firewalld - add functionality to set forwarding (https://github.com/ansible-collections/ansible.posix/pull/548).
- firewalld - added offline flag implementation (https://github.com/ansible-collections/ansible.posix/pull/484)
- firewalld - respawn module to use the system python interpreter when the ``firewall``
python module is not available for ``ansible_python_interpreter`` (https://github.com/ansible-collections/ansible.posix/pull/460).
- firewalld_info - Only warn about ignored zones, when there are zones ignored.
- firewalld_info - respawn module to use the system python interpreter when
the ``firewall`` python module is not available for ``ansible_python_interpreter``
(https://github.com/ansible-collections/ansible.posix/pull/460).
- mount - add no_log option for opts parameter (https://github.com/ansible-collections/ansible.posix/pull/563).
- seboolean - respawn module to use the system python interpreter when the ``selinux``
python module is not available for ``ansible_python_interpreter`` (https://github.com/ansible-collections/ansible.posix/pull/460).
- selinux - respawn module to use the system python interpreter when the ``selinux``
python module is not available for ``ansible_python_interpreter`` (https://github.com/ansible-collections/ansible.posix/pull/460).
release_summary: 'This is the minor release of the ``ansible.posix`` collection.
This changelog contains all changes to the modules and plugins
in this collection that have been added after the release of
``ansible.posix`` 1.5.4.'
removed_features:
- skippy - Remove skippy pluglin as it is no longer supported(https://github.com/ansible-collections/ansible.posix/issues/350).
fragments:
- 1.6.0.yml
- 206_fix_sysctl_to_work_on_symlinks.yml
- 333_doc_absent_precision.yml
- 361_maintain_proper_formating_remote_paths.yml
- 421-remove-deprecation-warning.yml
- 460-respawn.yaml
- 466-tests.yml
- 477_ci_update.yml
- 484-firewalld-offline.yml
- 487_ci_update.yml
- 490_doc_authorized_key_path.yml
- 496_seboolean-make-it-wrk-with-SELinux-disabled.yaml
- 504-firewalld_info-warning.yaml
- 508_ci_update.yml
- 510_ci_update.yml
- 511_profile-callbacks-add-summary-only-parameter.yml
- 548_add_foward.yml
- 556_remove_skippy_callback.yml
- 562_update_core_version.yml
- 563_add_no_log_option.yml
- dropping-ansible29.yml
- test-reqs.yml
release_date: '2024-09-11'
1.6.1:
changes:
bugfixes:
- acl - Fixed to set ACLs on paths mounted with NFS version 4 correctly (https://github.com/ansible-collections/ansible.posix/issues/240).
- mount - Handle ``boot`` option on Linux, NetBSD and OpenBSD correctly (https://github.com/ansible-collections/ansible.posix/issues/364).
- skippy - Revert removal of skippy plugin. It will be removed in version 2.0.0
(https://github.com/ansible-collections/ansible.posix/issues/573).
release_summary: 'This is the bugfix release of the stable version ``ansible.posix``
collection.
This changelog contains all changes to the modules and plugins
in this collection that have been added after the release of
``ansible.posix`` 1.6.1.'
fragments:
- 1.6.1.yml
- 365-boot-linux.yml
- 566_bump_version_161.yml
- 567_remove_version_added.yml
- 570_nfs4_acl.yml
- 571_ci_bump_core_version.yml
- 572_revert_removal_of_skippy.yml
release_date: '2024-10-11'
1.6.2:
changes:
bugfixes:
- backport - Drop ansible-core 2.14 and set 2.15 minimum version (https://github.com/ansible-collections/ansible.posix/issues/578).
release_summary: 'This is the bugfix release of the stable version ``ansible.posix``
collection.
This changelog contains all changes to the modules and plugins
in this collection that have been added after the release of
``ansible.posix`` 1.6.1.'
fragments:
- 1.6.2.yml
- 580_drop_ansible214.yml
release_date: '2024-10-22'
2.0.0:
changes:
breaking_changes:
- firewalld - Changed the type of forward and masquerade options from str to
bool (https://github.com/ansible-collections/ansible.posix/issues/582).
- firewalld - Changed the type of icmp_block_inversion option from str to bool
(https://github.com/ansible-collections/ansible.posix/issues/586).
bugfixes:
- acl - Fixed to set ACLs on paths mounted with NFS version 4 correctly (https://github.com/ansible-collections/ansible.posix/issues/240).
- mount - Handle ``boot`` option on Linux, NetBSD and OpenBSD correctly (https://github.com/ansible-collections/ansible.posix/issues/364).
- mount - If a comment is appended to a fstab entry, state present creates a
double-entry (https://github.com/ansible-collections/ansible.posix/issues/595).
minor_changes:
- authorized_keys - allow using absolute path to a file as a SSH key(s) source
(https://github.com/ansible-collections/ansible.posix/pull/568)
- callback plugins - Add recap information to timer, profile_roles and profile_tasks
callback outputs (https://github.com/ansible-collections/ansible.posix/pull/387).
release_summary: 'This is the major release of the ``ansible.posix`` collection.
This changelog contains all changes to the modules and plugins
in this collection that have been added after the release of
``ansible.posix`` 1.6.2'
removed_features:
- skippy - Remove skippy pluglin as it is no longer supported(https://github.com/ansible-collections/ansible.posix/issues/350).
fragments:
- 2.0.0.yml
- 365-boot-linux.yml
- 387_callback_output_header.yml
- 556_remove_skippy_callback.yml
- 566_bump_version_161.yml
- 567_remove_version_added.yml
- 568_update_authorized_key.yml
- 570_nfs4_acl.yml
- 571_ci_bump_core_version.yml
- 576_bump_version_2.yml
- 581_ci_selinux.yml
- 584_firewalld_opt_type.yml
- 587_update_README.yml
- 588_ci_enable_devel.yml
- 593_replace_freebsd_version.yml
- 597_remove_fstab_comment_on_updating.yml
- 598_icmp_block_inversion.yml
release_date: '2024-12-04'

3
changelogs/fragments/206_fix_sysctl_to_work_on_symlinks.yml Normal file
View file

@ -0,0 +1,3 @@
---
bugfixes:
- sysctl - fix sysctl to work properly on symlinks (https://github.com/ansible-collections/ansible.posix/issues/111).

4
changelogs/fragments/333_doc_absent_precision.yml Normal file
View file

@ -0,0 +1,4 @@
---
trivial:
- mount - fix description in the documentation of the state ``absent`` to match its actual behavior
and point out that ``src`` is ignored with state ``absent`` and ``unmounted`` (https://github.com/ansible-collections/ansible.posix/issues/322)

2
changelogs/fragments/421-remove-deprecation-warning.yml Normal file
View file

@ -0,0 +1,2 @@
trivial:
- synchronize - instantiate the connection plugin without the ``new_stdin`` argument, which is deprecated in ansible-core 2.15 (https://github.com/ansible-collections/ansible.posix/pull/421).

10
changelogs/fragments/460-respawn.yaml Normal file
View file

@ -0,0 +1,10 @@
---
minor_changes:
- "seboolean - respawn module to use the system python interpreter when the ``selinux`` python module is not available for ``ansible_python_interpreter``
(https://github.com/ansible-collections/ansible.posix/pull/460)."
- "selinux - respawn module to use the system python interpreter when the ``selinux`` python module is not available for ``ansible_python_interpreter``
(https://github.com/ansible-collections/ansible.posix/pull/460)."
- "firewalld - respawn module to use the system python interpreter when the ``firewall`` python module is not available for ``ansible_python_interpreter``
(https://github.com/ansible-collections/ansible.posix/pull/460)."
- "firewalld_info - respawn module to use the system python interpreter when the ``firewall`` python module is not available for ``ansible_python_interpreter``
(https://github.com/ansible-collections/ansible.posix/pull/460)."

2
changelogs/fragments/466-tests.yml Normal file
View file

@ -0,0 +1,2 @@
trivial:
- "Fix integration tests so they work with ansible-core devel / 2.16 (https://github.com/ansible-collections/ansible.posix/pull/466)."

3
changelogs/fragments/477_ci_update.yml Normal file
View file

@ -0,0 +1,3 @@
---
trivial:
- "Drop Python3.9 and update versions of RHEL,Fedora and FreeBSD for ansible-core:devel test(https://github.com/ansible-collections/ansible.posix/issues/476)."

2
changelogs/fragments/484-firewalld-offline.yml Normal file
View file

@ -0,0 +1,2 @@
minor_changes:
- firewalld - added offline flag implementation (https://github.com/ansible-collections/ansible.posix/pull/484)

3
changelogs/fragments/487_ci_update.yml Normal file
View file

@ -0,0 +1,3 @@
---
trivial:
- "Drop FreeBSD12.4 from CI for ansible-core:devel(https://github.com/ansible-collections/ansible.posix/issues/486)."

3
changelogs/fragments/490_doc_authorized_key_path.yml Normal file
View file

@ -0,0 +1,3 @@
---
bugfixes:
- "Bugfix in the documentation regarding the path option for authorised_key(https://github.com/ansible-collections/ansible.posix/issues/483)."

3
changelogs/fragments/496_seboolean-make-it-wrk-with-SELinux-disabled.yaml Normal file
View file

@ -0,0 +1,3 @@
---
bugfixes:
- seboolean - make it work with disabled SELinux

2
changelogs/fragments/504-firewalld_info-warning.yaml Normal file
View file

@ -0,0 +1,2 @@
minor_changes:
- firewalld_info - Only warn about ignored zones, when there are zones ignored.

3
changelogs/fragments/508_ci_update.yml Normal file
View file

@ -0,0 +1,3 @@
---
trivial:
- "Refactoring remote CI targets."

3
changelogs/fragments/510_ci_update.yml Normal file
View file

@ -0,0 +1,3 @@
---
trivial:
- "Replace Fedora 38 with 39 for container test(https://github.com/ansible-collections/ansible.posix/issues/509)."

3
changelogs/fragments/511_profile-callbacks-add-summary-only-parameter.yml Normal file
View file

@ -0,0 +1,3 @@
---
minor_changes:
- "Add summary_only parameter to profile_roles and profile_tasks callbacks."

2
changelogs/fragments/603_bump_version_3.yml
View file

@ -1,2 +0,0 @@
trivial:
- Bump version to 3.0.0 for the next release (https://github.com/ansible-collections/ansible.posix/issues/603).

2
changelogs/fragments/618_ci_remove_ubuntu2004.yml
View file

@ -1,2 +0,0 @@
trivial:
- Remove ubuntu20.04 from CI tests (https://github.com/ansible-collections/ansible.posix/issues/612).

3
changelogs/fragments/626_profile_tasks_datetime_format.yml
View file

@ -1,3 +0,0 @@
---
minor_changes:
- profile_tasks - Add option to provide a different date/time format (https://github.com/ansible-collections/ansible.posix/issues/279).

6
changelogs/fragments/631_fixes_module_path.yml
View file

@ -1,6 +0,0 @@
---
bugfixes:
- ansible.posix.cgroup_perf_recap - fixes json module load path (https://github.com/ansible-collections/ansible.posix/issues/630).
trivial:
- ansible.posix.seboolean - remove unnecessary condition from seboolean integration tests (https://github.com/ansible-collections/ansible.posix/issues/630).
- ansible.posix.selinux - optimize conditions for selinux integration tests (https://github.com/ansible-collections/ansible.posix/issues/630).

2
changelogs/fragments/dropping-ansible29.yml Normal file
View file

@ -0,0 +1,2 @@
major_changes:
- "Dropping support for Ansible 2.9, ansible-core 2.14 will be minimum required version for this release"

2
changelogs/fragments/test-reqs.yml Normal file
View file

@ -0,0 +1,2 @@
trivial:
- "Move Galaxy test requirements from old transitional format in tests/requirements.yml to standard Ansible Galaxy requirements files in tests/integration/requirements.yml and tests/unit/requirements.yml."

4
galaxy.yml
View file

@ -1,7 +1,7 @@
---
namespace: ansible
name: posix
version: 3.0.0
version: 1.5.4
readme: README.md
authors:
- Ansible (github.com/ansible)
@ -10,6 +10,6 @@ license_file: COPYING
tags: [posix, networking, shell, unix]
dependencies: {}
repository: https://github.com/ansible-collections/ansible.posix
documentation: https://docs.ansible.com/ansible/latest/collections/ansible/posix/
documentation: https://github.com/ansible-collections/ansible.posix/tree/main/docs
homepage: https://github.com/ansible-collections/ansible.posix
issues: https://github.com/ansible-collections/ansible.posix

8
meta/runtime.yml
View file

@ -1,2 +1,8 @@
---
requires_ansible: ">=2.15.0"
requires_ansible: ">=2.14.0"
plugin_routing:
callback:
skippy:
deprecation:
removal_date: "2022-06-01"
warning_text: See the plugin documentation for more details

9
plugins/action/synchronize.py
View file

@ -74,14 +74,7 @@ class ActionModule(ActionBase):
if self._host_is_ipv6_address(host):
return '[%s%s]:%s' % (user_prefix, host, path)
# preserve formatting of remote paths if host or user@host is explicitly defined in the path
if ':' not in path:
return '%s%s:%s' % (user_prefix, host, path)
elif '@' not in path:
return '%s%s' % (user_prefix, path)
else:
return path
return '%s%s:%s' % (user_prefix, host, path)
def _process_origin(self, host, path, user):

3
plugins/callback/cgroup_perf_recap.py
View file

@ -132,7 +132,6 @@ DOCUMENTATION = '''
import csv
import datetime
import json
import os
import time
import threading
@ -143,7 +142,7 @@ from functools import partial
from ansible.module_utils._text import to_bytes, to_text
from ansible.module_utils.six import with_metaclass
from ansible.parsing.ajson import AnsibleJSONEncoder
from ansible.parsing.ajson import AnsibleJSONEncoder, json
from ansible.plugins.callback import CallbackBase

5
plugins/callback/profile_roles.py
View file

@ -128,10 +128,7 @@ class CallbackModule(CallbackBase):
self._display_tasktime()
def playbook_on_stats(self, stats):
# Align summary report header with other callback plugin summary
self._display.banner("ROLES RECAP")
self._display.display(tasktime())
self._display_tasktime()
self._display.display(filled("", fchar="="))
timestamp(self)

51
plugins/callback/profile_tasks.py
View file

@ -52,17 +52,6 @@ DOCUMENTATION = '''
- section: callback_profile_tasks
key: summary_only
version_added: 1.5.0
datetime_format:
description:
- Datetime format, as expected by the C(strftime) and C(strptime) methods.
An C(iso8601) alias will be translated to C('%Y-%m-%dT%H:%M:%S.%f') if that datetime standard wants to be used.
default: '%A %d %B %Y %H:%M:%S %z'
env:
- name: PROFILE_TASKS_DATETIME_FORMAT
ini:
- section: callback_profile_tasks
key: datetime_format
version_added: 3.0.0
'''
EXAMPLES = '''
@ -83,15 +72,14 @@ sample output: >
'''
import collections
from datetime import datetime
import time
from ansible.module_utils.six.moves import reduce
from ansible.plugins.callback import CallbackBase
# define start time
dt0 = dtn = datetime.now().astimezone()
t0 = tn = time.time()
def secondsToStr(t):
@ -116,18 +104,17 @@ def filled(msg, fchar="*"):
def timestamp(self):
if self.current is not None:
elapsed = (datetime.now().astimezone() - self.stats[self.current]['started']).total_seconds()
elapsed = time.time() - self.stats[self.current]['started']
self.stats[self.current]['elapsed'] += elapsed
def tasktime(self):
global dtn
cdtn = datetime.now().astimezone()
datetime_current = cdtn.strftime(self.datetime_format)
time_elapsed = secondsToStr((cdtn - dtn).total_seconds())
time_total_elapsed = secondsToStr((cdtn - dt0).total_seconds())
dtn = cdtn
return filled('%s (%s)%s%s' % (datetime_current, time_elapsed, ' ' * 7, time_total_elapsed))
def tasktime():
global tn
time_current = time.strftime('%A %d %B %Y %H:%M:%S %z')
time_elapsed = secondsToStr(time.time() - tn)
time_total_elapsed = secondsToStr(time.time() - t0)
tn = time.time()
return filled('%s (%s)%s%s' % (time_current, time_elapsed, ' ' * 7, time_total_elapsed))
class CallbackModule(CallbackBase):
@ -147,7 +134,6 @@ class CallbackModule(CallbackBase):
self.sort_order = None
self.summary_only = None
self.task_output_limit = None
self.datetime_format = None
super(CallbackModule, self).__init__()
@ -173,14 +159,9 @@ class CallbackModule(CallbackBase):
else:
self.task_output_limit = int(self.task_output_limit)
self.datetime_format = self.get_option('datetime_format')
if self.datetime_format is not None:
if self.datetime_format == 'iso8601':
self.datetime_format = '%Y-%m-%dT%H:%M:%S.%f'
def _display_tasktime(self):
if not self.summary_only:
self._display.display(tasktime(self))
self._display.display(tasktime())
def _record_task(self, task):
"""
@ -195,11 +176,10 @@ class CallbackModule(CallbackBase):
# with the same UUID is executed when `serial` is specified in a playbook.
# elapsed: Elapsed time since the first serialized task was started
self.current = task._uuid
dtn = datetime.now().astimezone()
if self.current not in self.stats:
self.stats[self.current] = {'started': dtn, 'elapsed': 0.0, 'name': task.get_name()}
self.stats[self.current] = {'started': time.time(), 'elapsed': 0.0, 'name': task.get_name()}
else:
self.stats[self.current]['started'] = dtn
self.stats[self.current]['started'] = time.time()
if self._display.verbosity >= 2:
self.stats[self.current]['path'] = task.get_path()
@ -213,10 +193,7 @@ class CallbackModule(CallbackBase):
self._display_tasktime()
def playbook_on_stats(self, stats):
# Align summary report header with other callback plugin summary
self._display.banner("TASKS RECAP")
self._display.display(tasktime(self))
self._display_tasktime()
self._display.display(filled("", fchar="="))
timestamp(self)

43
plugins/callback/skippy.py Normal file
View file

@ -0,0 +1,43 @@
# (c) 2012-2014, Michael DeHaan <michael.dehaan@gmail.com>
# (c) 2017 Ansible Project
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
# Make coding more python3-ish
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
DOCUMENTATION = '''
name: skippy
type: stdout
requirements:
- set as main display callback
short_description: Ansible screen output that ignores skipped status
deprecated:
why: The 'default' callback plugin now supports this functionality
removed_at_date: '2022-06-01'
alternative: "'default' callback plugin with 'display_skipped_hosts = no' option"
extends_documentation_fragment:
- default_callback
description:
- This callback does the same as the default except it does not output skipped host/task/item status
'''
from ansible.plugins.callback.default import CallbackModule as CallbackModule_default
class CallbackModule(CallbackModule_default):
'''
This is the default callback interface, which simply prints messages
to stdout when new callback events are received.
'''
CALLBACK_VERSION = 2.0
CALLBACK_TYPE = 'stdout'
CALLBACK_NAME = 'ansible.posix.skippy'
def v2_runner_on_skipped(self, result):
pass
def v2_runner_item_on_skipped(self, result):
pass

4
plugins/callback/timer.py
View file

@ -46,6 +46,4 @@ class CallbackModule(CallbackBase):
def v2_playbook_on_stats(self, stats):
end_time = datetime.utcnow()
runtime = end_time - self.start_time
# Align summary report header with other callback plugin summary
self._display.banner("PLAYBOOK RECAP")
self._display.display("Playbook run took %s days, %s hours, %s minutes, %s seconds\n\r" % (self.days_hours_minutes_seconds(runtime)))
self._display.display("Playbook run took %s days, %s hours, %s minutes, %s seconds" % (self.days_hours_minutes_seconds(runtime)))

69
plugins/modules/acl.py
View file

@ -75,10 +75,6 @@ options:
use_nfsv4_acls:
description:
- Use NFSv4 ACLs instead of POSIX ACLs.
- This feature uses C(nfs4_setfacl) and C(nfs4_getfacl). The behavior depends on those implementation.
And currently it only supports C(A) in ACE, so C(D) must be replaced with the appropriate C(A).
- Permission is set as optimised ACLs by the system. You can check the actual ACLs that has been set using the return value.
- More info C(man nfs4_setfacl)
type: bool
default: false
recalculate_mask:
@ -183,7 +179,7 @@ def split_entry(entry):
def build_entry(etype, entity, permissions=None, use_nfsv4_acls=False):
'''Builds and returns an entry string. Does not include the permissions bit if they are not provided.'''
if use_nfsv4_acls:
return ':'.join(['A', 'g' if etype == 'group' else '', entity, permissions + 'tcy'])
return ':'.join([etype, entity, permissions, 'allow'])
if permissions:
return etype + ':' + entity + ':' + permissions
@ -191,27 +187,22 @@ def build_entry(etype, entity, permissions=None, use_nfsv4_acls=False):
return etype + ':' + entity
def build_command(module, mode, path, follow, default, recursive, recalculate_mask, use_nfsv4_acls, entry=''):
def build_command(module, mode, path, follow, default, recursive, recalculate_mask, entry=''):
'''Builds and returns a getfacl/setfacl command.'''
if mode == 'set':
cmd = [module.get_bin_path('nfs4_setfacl' if use_nfsv4_acls else 'setfacl', True)]
cmd.extend(['-a' if use_nfsv4_acls else '-m', entry])
cmd = [module.get_bin_path('setfacl', True)]
cmd.extend(['-m', entry])
elif mode == 'rm':
cmd = [module.get_bin_path('nfs4_setfacl' if use_nfsv4_acls else 'setfacl', True)]
cmd = [module.get_bin_path('setfacl', True)]
cmd.extend(['-x', entry])
else: # mode == 'get'
cmd = [module.get_bin_path('getfacl', True)]
# prevents absolute path warnings and removes headers
if platform.system().lower() == 'linux':
if use_nfsv4_acls:
# use nfs4_getfacl instead of getfacl if use_nfsv4_acls is True
cmd = [module.get_bin_path('nfs4_getfacl', True)]
else:
cmd = [module.get_bin_path('getfacl', True)]
cmd.append('--absolute-names')
cmd.append('--omit-header')
cmd.append('--absolute-names')
if recursive and not use_nfsv4_acls:
if recursive:
cmd.append('--recursive')
if recalculate_mask == 'mask' and mode in ['set', 'rm']:
@ -219,7 +210,7 @@ def build_command(module, mode, path, follow, default, recursive, recalculate_ma
elif recalculate_mask == 'no_mask' and mode in ['set', 'rm']:
cmd.append('--no-mask')
if not follow and not use_nfsv4_acls:
if not follow:
if platform.system().lower() == 'linux':
cmd.append('--physical')
elif platform.system().lower() == 'freebsd':
@ -232,34 +223,24 @@ def build_command(module, mode, path, follow, default, recursive, recalculate_ma
return cmd
def acl_changed(module, cmd, entry, use_nfsv4_acls=False):
def acl_changed(module, cmd):
'''Returns true if the provided command affects the existing ACLs, false otherwise.'''
# To check the ACL changes, use the output of setfacl or nfs4_setfacl with '--test'.
# FreeBSD do not have a --test flag, so by default, it is safer to always say "true".
# FreeBSD do not have a --test flag, so by default, it is safer to always say "true"
if platform.system().lower() == 'freebsd':
return True
cmd = cmd[:] # lists are mutables so cmd would be overwritten without this
cmd.insert(1, '--test')
lines = run_acl(module, cmd)
counter = 0
for line in lines:
if line.endswith('*,*') and not use_nfsv4_acls:
return False
# if use_nfsv4_acls and entry is listed
if use_nfsv4_acls and entry == line:
counter += 1
# The current 'nfs4_setfacl --test' lists a new entry,
# which will be added at the top of list, followed by the existing entries.
# So if the entry has already been registered, the entry should be find twice.
if counter == 2:
return False
return True
for line in lines:
if not line.endswith('*,*'):
return True
return False
def run_acl(module, cmd, check_rc=True):
'''Runs the provided command and returns the output as a list of lines.'''
try:
(rc, out, err) = module.run_command(cmd, check_rc=check_rc)
except Exception as e:
@ -332,7 +313,7 @@ def main():
module.fail_json(msg="'recalculate_mask' MUST NOT be set to 'mask' or 'no_mask' when 'state=query'.")
if not entry:
if state == 'absent' and permissions and not use_nfsv4_acls:
if state == 'absent' and permissions:
module.fail_json(msg="'permissions' MUST NOT be set when 'state=absent'.")
if state == 'absent' and not entity:
@ -369,24 +350,21 @@ def main():
entry = build_entry(etype, entity, permissions, use_nfsv4_acls)
command = build_command(
module, 'set', path, follow,
default, recursive, recalculate_mask, use_nfsv4_acls, entry
default, recursive, recalculate_mask, entry
)
changed = acl_changed(module, command, entry, use_nfsv4_acls)
changed = acl_changed(module, command)
if changed and not module.check_mode:
run_acl(module, command)
msg = "%s is present" % entry
elif state == 'absent':
if use_nfsv4_acls:
entry = build_entry(etype, entity, permissions, use_nfsv4_acls)
else:
entry = build_entry(etype, entity, use_nfsv4_acls)
entry = build_entry(etype, entity, use_nfsv4_acls)
command = build_command(
module, 'rm', path, follow,
default, recursive, recalculate_mask, use_nfsv4_acls, entry
default, recursive, recalculate_mask, entry
)
changed = acl_changed(module, command, entry, use_nfsv4_acls)
changed = acl_changed(module, command)
if changed and not module.check_mode:
run_acl(module, command, False)
@ -397,10 +375,7 @@ def main():
acl = run_acl(
module,
build_command(
module, 'get', path, follow, default, recursive,
recalculate_mask, use_nfsv4_acls
)
build_command(module, 'get', path, follow, default, recursive, recalculate_mask)
)
module.exit_json(changed=changed, msg=msg, acl=acl)

23
plugins/modules/authorized_key.py
View file

@ -24,7 +24,6 @@ options:
key:
description:
- The SSH public key(s), as a string or (since Ansible 1.9) url (https://github.com/username.keys).
- You can also use V(file://) prefix to search remote for a file with SSH key(s).
type: str
required: true
path:
@ -97,12 +96,6 @@ EXAMPLES = r'''
state: present
key: https://github.com/charlie.keys
- name: Set authorized keys taken from path on controller node
ansible.posix.authorized_key:
user: charlie
state: present
key: file:///home/charlie/.ssh/id_rsa.pub
- name: Set authorized keys taken from url using lookup
ansible.posix.authorized_key:
user: charlie
@ -230,7 +223,6 @@ from operator import itemgetter
from ansible.module_utils._text import to_native
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.urls import fetch_url
from ansible.module_utils.six.moves.urllib.parse import urlparse
class keydict(dict):
@ -564,7 +556,7 @@ def enforce_state(module, params):
follow = params.get('follow', False)
error_msg = "Error getting key from: %s"
# if the key is a url or file, request it and use it as key source
# if the key is a url, request it and use it as key source
if key.startswith("http"):
try:
resp, info = fetch_url(module, key)
@ -578,19 +570,6 @@ def enforce_state(module, params):
# resp.read gives bytes on python3, convert to native string type
key = to_native(key, errors='surrogate_or_strict')
if key.startswith("file"):
# if the key is an absolute path, check for existense and use it as a key source
key_path = urlparse(key).path
if not os.path.exists(key_path):
module.fail_json(msg="Path to a key file not found: %s" % key_path)
if not os.path.isfile(key_path):
module.fail_json(msg="Path to a key is a directory and must be a file: %s" % key_path)
try:
with open(key_path, 'r') as source_fh:
key = source_fh.read()
except OSError as e:
module.fail_json(msg="Failed to read key file %s : %s" % (key_path, to_native(e)))
# extract individual keys into an array, skipping blank lines and comments
new_keys = [s for s in key.splitlines() if s and not s.startswith('#')]

151
plugins/modules/firewalld.py
View file

@ -74,8 +74,7 @@ options:
icmp_block_inversion:
description:
- Enable/Disable inversion of ICMP blocks for a zone in firewalld.
- Note that the option type is changed to bool in ansible.posix version 2.0.0 and later.
type: bool
type: str
zone:
description:
- The firewalld zone to add/remove to/from.
@ -109,17 +108,10 @@ options:
- The amount of time in seconds the rule should be in effect for when non-permanent.
type: int
default: 0
forward:
description:
- The forward setting you would like to enable/disable to/from zones within firewalld.
- This option only is supported by firewalld v0.9.0 or later.
- Note that the option type is changed to bool in ansible.posix version 2.0.0 and later.
type: bool
masquerade:
description:
- The masquerade setting you would like to enable/disable to/from zones within firewalld.
- Note that the option type is changed to bool in ansible.posix version 2.0.0 and later.
type: bool
type: str
offline:
description:
- Ignores O(immediate) if O(permanent=true) and firewalld is not running.
@ -146,14 +138,14 @@ notes:
- This module needs C(python-firewall) or C(python3-firewall) on managed nodes.
It is usually provided as a subset with C(firewalld) from the OS distributor for the OS default Python interpreter.
requirements:
- firewalld >= 0.9.0
- python-firewall >= 0.9.0
- firewalld >= 0.2.11
- python-firewall >= 0.2.11
author:
- Adam Miller (@maxamillion)
'''
EXAMPLES = r'''
- name: Permanently enable https service, also enable it immediately if possible
- name: permanently enable https service, also enable it immediately if possible
ansible.posix.firewalld:
service: https
state: enabled
@ -161,92 +153,75 @@ EXAMPLES = r'''
immediate: true
offline: true
- name: Permit traffic in default zone for https service
- name: permit traffic in default zone for https service
ansible.posix.firewalld:
service: https
permanent: true
state: enabled
- name: Permit ospf traffic
- name: permit ospf traffic
ansible.posix.firewalld:
protocol: ospf
permanent: true
state: enabled
- name: Do not permit traffic in default zone on port 8081/tcp
- name: do not permit traffic in default zone on port 8081/tcp
ansible.posix.firewalld:
port: 8081/tcp
permanent: true
state: disabled
- name: Permit traffic in default zone on port 161-162/ucp
ansible.posix.firewalld:
- ansible.posix.firewalld:
port: 161-162/udp
permanent: true
state: enabled
- name: Permit traffic in dmz zone on http service
ansible.posix.firewalld:
- ansible.posix.firewalld:
zone: dmz
service: http
permanent: true
state: enabled
- name: Enable FTP service with rate limiting using firewalld rich rule
ansible.posix.firewalld:
- ansible.posix.firewalld:
rich_rule: rule service name="ftp" audit limit value="1/m" accept
permanent: true
state: enabled
- name: Allow traffic from 192.0.2.0/24 in internal zone
ansible.posix.firewalld:
- ansible.posix.firewalld:
source: 192.0.2.0/24
zone: internal
state: enabled
- name: Assign eth2 interface to trusted zone
ansible.posix.firewalld:
- ansible.posix.firewalld:
zone: trusted
interface: eth2
permanent: true
state: enabled
- name: Enable forwarding in internal zone
ansible.posix.firewalld:
forward: true
state: enabled
permanent: true
zone: internal
- name: Enable masquerade in dmz zone
ansible.posix.firewalld:
- ansible.posix.firewalld:
masquerade: true
state: enabled
permanent: true
zone: dmz
- name: Create custom zone if not already present
ansible.posix.firewalld:
- ansible.posix.firewalld:
zone: custom
state: present
permanent: true
- name: Enable ICMP block inversion in drop zone
ansible.posix.firewalld:
- ansible.posix.firewalld:
zone: drop
state: enabled
permanent: true
icmp_block_inversion: true
- name: Block ICMP echo requests in drop zone
ansible.posix.firewalld:
- ansible.posix.firewalld:
zone: drop
state: enabled
permanent: true
icmp_block: echo-request
- name: Set internal zone target to ACCEPT
ansible.posix.firewalld:
- ansible.posix.firewalld:
zone: internal
state: present
permanent: true
@ -262,6 +237,7 @@ EXAMPLES = r'''
'''
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.parsing.convert_bool import boolean
from ansible_collections.ansible.posix.plugins.module_utils.firewalld import FirewallTransaction, fw_offline
try:
@ -429,49 +405,6 @@ class ProtocolTransaction(FirewallTransaction):
self.update_fw_settings(fw_zone, fw_settings)
class ForwardTransaction(FirewallTransaction):
"""
ForwardTransaction
"""
def __init__(self, module, action_args=None, zone=None, desired_state=None, permanent=False, immediate=False):
super(ForwardTransaction, self).__init__(
module, action_args=action_args, desired_state=desired_state, zone=zone, permanent=permanent, immediate=immediate
)
self.enabled_msg = "Added forward to zone %s" % self.zone
self.disabled_msg = "Removed forward from zone %s" % self.zone
def get_enabled_immediate(self):
if self.fw.queryForward(self.zone) is True:
return True
else:
return False
def get_enabled_permanent(self):
fw_zone, fw_settings = self.get_fw_zone_settings()
if fw_settings.queryForward() is True:
return True
else:
return False
def set_enabled_immediate(self):
self.fw.addForward(self.zone)
def set_enabled_permanent(self):
fw_zone, fw_settings = self.get_fw_zone_settings()
fw_settings.setForward(True)
self.update_fw_settings(fw_zone, fw_settings)
def set_disabled_immediate(self):
self.fw.removeForward(self.zone)
def set_disabled_permanent(self):
fw_zone, fw_settings = self.get_fw_zone_settings()
fw_settings.setForward(False)
self.update_fw_settings(fw_zone, fw_settings)
class MasqueradeTransaction(FirewallTransaction):
"""
MasqueradeTransaction
@ -875,7 +808,7 @@ def main():
module = AnsibleModule(
argument_spec=dict(
icmp_block=dict(type='str'),
icmp_block_inversion=dict(type='bool'),
icmp_block_inversion=dict(type='str'),
service=dict(type='str'),
protocol=dict(type='str'),
port=dict(type='str'),
@ -888,8 +821,7 @@ def main():
state=dict(type='str', required=True, choices=['absent', 'disabled', 'enabled', 'present']),
timeout=dict(type='int', default=0),
interface=dict(type='str'),
forward=dict(type='bool'),
masquerade=dict(type='bool'),
masquerade=dict(type='str'),
offline=dict(type='bool', default=False),
target=dict(type='str', choices=['default', 'ACCEPT', 'DROP', '%%REJECT%%']),
),
@ -901,7 +833,7 @@ def main():
),
mutually_exclusive=[
['icmp_block', 'icmp_block_inversion', 'service', 'protocol', 'port', 'port_forward', 'rich_rule',
'interface', 'forward', 'masquerade', 'source', 'target']
'interface', 'masquerade', 'source', 'target']
],
)
@ -910,7 +842,6 @@ def main():
immediate = module.params['immediate']
timeout = module.params['timeout']
interface = module.params['interface']
forward = module.params['forward']
masquerade = module.params['masquerade']
offline = module.params['offline']
@ -974,7 +905,7 @@ def main():
modification = False
if any([icmp_block, icmp_block_inversion, service, protocol, port, port_forward, rich_rule,
interface, forward, masquerade, source, target]):
interface, masquerade, source, target]):
modification = True
if modification and desired_state in ['absent', 'present'] and target is None:
module.fail_json(
@ -998,7 +929,16 @@ def main():
msgs.append("Changed icmp-block %s to %s" % (icmp_block, desired_state))
if icmp_block_inversion is not None:
expected_state = 'enabled' if (desired_state == 'enabled') == icmp_block_inversion else 'disabled'
# Type of icmp_block_inversion will be changed to boolean in a future release.
icmp_block_inversion_status = True
try:
icmp_block_inversion_status = boolean(icmp_block_inversion, True)
except TypeError:
module.warn('The value of the icmp_block_inversion option is "%s". '
'The type of the option will be changed from string to boolean in a future release. '
'To avoid unexpected behavior, please change the value to boolean.' % icmp_block_inversion)
expected_state = 'enabled' if (desired_state == 'enabled') == icmp_block_inversion_status else 'disabled'
transaction = IcmpBlockInversionTransaction(
module,
action_args=(),
@ -1132,22 +1072,17 @@ def main():
changed, transaction_msgs = transaction.run()
msgs = msgs + transaction_msgs
if forward is not None:
expected_state = 'enabled' if (desired_state == 'enabled') == forward else 'disabled'
transaction = ForwardTransaction(
module,
action_args=(),
zone=zone,
desired_state=expected_state,
permanent=permanent,
immediate=immediate,
)
changed, transaction_msgs = transaction.run()
msgs = msgs + transaction_msgs
if masquerade is not None:
expected_state = 'enabled' if (desired_state == 'enabled') == masquerade else 'disabled'
# Type of masquerade will be changed to boolean in a future release.
masquerade_status = True
try:
masquerade_status = boolean(masquerade, True)
except TypeError:
module.warn('The value of the masquerade option is "%s". '
'The type of the option will be changed from string to boolean in a future release. '
'To avoid unexpected behavior, please change the value to boolean.' % masquerade)
expected_state = 'enabled' if (desired_state == 'enabled') == masquerade_status else 'disabled'
transaction = MasqueradeTransaction(
module,
action_args=(),

19
plugins/modules/mount.py
View file

@ -43,11 +43,6 @@ options:
description:
- Mount options (see fstab(5), or vfstab(4) on Solaris).
type: str
opts_no_log:
description:
- Do not log opts.
type: bool
default: false
dump:
description:
- Dump (see fstab(5)).
@ -214,7 +209,6 @@ EXAMPLES = r'''
src: //192.168.1.200/share
path: /mnt/smb_share
opts: "rw,vers=3,file_mode=0600,dir_mode=0700,dom={{ ad_domain }},username={{ ad_username }},password={{ ad_password }}"
opts_no_log: true
fstype: cifs
state: ephemeral
'''
@ -303,7 +297,7 @@ def _set_mount_save_old(module, args):
continue
fields = line.split('#')[0].split()
fields = line.split()
# Check if we got a valid line for splitting
# (on Linux the 5th and the 6th field is optional)
@ -774,7 +768,6 @@ def main():
fstype=dict(type='str'),
path=dict(type='path', required=True, aliases=['name']),
opts=dict(type='str'),
opts_no_log=dict(type='bool', default=False),
passno=dict(type='str', no_log=False, default='0'),
src=dict(type='path'),
backup=dict(type='bool', default=False),
@ -788,9 +781,6 @@ def main():
),
)
if module.params['opts_no_log']:
module.no_log_values.add(module.params['opts'])
# solaris args:
# name, src, fstype, opts, boot, passno, state, fstab=/etc/vfstab
# linux args:
@ -850,8 +840,11 @@ def main():
args['warnings'].append("Ignore the 'boot' due to 'opts' contains 'noauto'.")
elif not module.params['boot']:
args['boot'] = 'no'
opts.append('noauto')
args['opts'] = ','.join(opts)
if 'defaults' in opts:
args['warnings'].append("Ignore the 'boot' due to 'opts' contains 'defaults'.")
else:
opts.append('noauto')
args['opts'] = ','.join(opts)
# If fstab file does not exist, we first need to create it. This mainly
# happens when fstab option is passed to the module.

7
plugins/modules/sysctl.py
View file

@ -80,13 +80,6 @@ EXAMPLES = r'''
sysctl_file: /tmp/test_sysctl.conf
reload: false
# Enable resource limits management in FreeBSD
- ansible.posix.sysctl:
name: kern.racct.enable
value: '1'
sysctl_file: /boot/loader.conf
reload: false
# Set ip forwarding on in /proc and verify token value with the sysctl command
- ansible.posix.sysctl:
name: net.ipv4.ip_forward

2
tests/integration/targets/authorized_key/defaults/main.yml
View file

@ -35,5 +35,3 @@ multiple_keys_comments: |
ssh-rsa DATA_BASIC 1@testing
# I like adding comments yo-dude-this-is-not-a-key INVALID_DATA 2@testing
ecdsa-sha2-nistp521 ECDSA_DATA 4@testing
key_path: /tmp/id_rsa.pub

32
tests/integration/targets/authorized_key/tasks/check_path.yml
View file

@ -1,32 +0,0 @@
---
- name: Create key file for test
ansible.builtin.copy:
dest: "{{ key_path }}"
content: "{{ rsa_key_basic }}"
mode: "0600"
- name: Add key using path
ansible.posix.authorized_key:
user: root
key: file://{{ key_path }}
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: Assert that the key was added
ansible.builtin.assert:
that:
- result.changed == true
- name: Add key using path again
ansible.posix.authorized_key:
user: root
key: file://{{ key_path }}
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: Assert that no changes were applied
ansible.builtin.assert:
that:
- result.changed == false

3
tests/integration/targets/authorized_key/tasks/main.yml
View file

@ -31,6 +31,3 @@
- name: Test for the management of comments with key
ansible.builtin.import_tasks: comments.yml
- name: Test for specifying key as a path
ansible.builtin.import_tasks: check_path.yml

57
tests/integration/targets/firewalld/tasks/icmp_block_inversion_test_cases.yml
View file

@ -114,3 +114,60 @@
ansible.builtin.assert:
that:
- result is not changed
# Validate backwards compatible behavior until icmp block inversion is switched from string to boolean type
- name: Icmp block inversion enabled when icmp block inversion is non-boolean string and state is enabled
block:
- name: Testing enable icmp block inversion
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: some string
permanent: true
state: enabled
register: result
- name: Assert icmp block inversion is enabled
ansible.builtin.assert:
that:
- result is changed
- name: Testing enable icmp block inversion (verify not changed)
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: some string
permanent: true
state: enabled
register: result
- name: Assert icmp block inversion is enabled (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- name: Icmp block inversion disabled when icmp block inversion is non-boolean string and state is disabled
block:
- name: Testing disable icmp block inversion
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: some string
permanent: true
state: disabled
register: result
- name: Assert icmp block inversion is disabled
ansible.builtin.assert:
that:
- result is changed
- name: Testing disable icmp block inversion (verify not changed)
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: some string
permanent: true
state: disabled
register: result
- name: Assert icmp block inversion is disabled (verify not changed)
ansible.builtin.assert:
that:
- result is not changed

57
tests/integration/targets/firewalld/tasks/masquerade_test_cases.yml
View file

@ -114,3 +114,60 @@
ansible.builtin.assert:
that:
- result is not changed
# Validate backwards compatible behavior until masquerade is switched from string to boolean type
- name: Masquerade enabled when masquerade is non-boolean string and state is enabled
block:
- name: Testing enable masquerade
ansible.posix.firewalld:
zone: trusted
masquerade: some string
permanent: true
state: enabled
register: result
- name: Assert masquerade is enabled
ansible.builtin.assert:
that:
- result is changed
- name: Testing enable masquerade (verify not changed)
ansible.posix.firewalld:
zone: trusted
masquerade: some string
permanent: true
state: enabled
register: result
- name: Assert masquerade is enabled (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- name: Masquerade disabled when masquerade is non-boolean string and state is disabled
block:
- name: Testing disable masquerade
ansible.posix.firewalld:
zone: trusted
masquerade: some string
permanent: true
state: disabled
register: result
- name: Assert masquerade is disabled
ansible.builtin.assert:
that:
- result is changed
- name: Testing disable masquerade (verify not changed)
ansible.posix.firewalld:
zone: trusted
masquerade: some string
permanent: true
state: disabled
register: result
- name: Assert masquerade is disabled (verify not changed)
ansible.builtin.assert:
that:
- result is not changed

5
tests/integration/targets/firewalld/tasks/source_test_cases.yml
View file

@ -83,6 +83,5 @@
ansible.builtin.assert:
that:
- result is not changed
- >
result.msg == 'parameters are mutually exclusive:
icmp_block|icmp_block_inversion|service|protocol|port|port_forward|rich_rule|interface|forward|masquerade|source|target'
- "result.msg ==
'parameters are mutually exclusive: icmp_block|icmp_block_inversion|service|protocol|port|port_forward|rich_rule|interface|masquerade|source|target'"

49
tests/integration/targets/firewalld/tasks/zone_test_cases.yml
View file

@ -23,55 +23,6 @@
that:
- result is not changed
- name: Zone forwarding test
when: (ansible_distribution == 'RedHat' and ansible_distribution_major_version is version('8', '>='))
block:
- name: Enable zone forwarding
ansible.posix.firewalld:
zone: custom
forward: true
permanent: true
state: enabled
register: result
- name: Assert zone forwarding is enabled
ansible.builtin.debug:
var: result is changed
- name: Enable zone forwarding (verify not changed)
ansible.posix.firewalld:
zone: custom
forward: true
permanent: true
state: enabled
register: result
- name: Assert zone forwarding is enabled (verify not changed)
ansible.builtin.debug:
var: result is not changed
- name: Disable zone forwarding
ansible.posix.firewalld:
zone: custom
forward: false
permanent: true
state: enabled
- name: Assert zone forwarding is disabled
ansible.builtin.debug:
var: result is changed
- name: Disable zone forwarding (verify not changed)
ansible.posix.firewalld:
zone: custom
forward: false
permanent: true
state: enabled
- name: Assert zone forwarding is disabled (verify not changed)
ansible.builtin.debug:
var: result is not changed
- name: Firewalld remove zone custom
ansible.posix.firewalld:
zone: custom

407
tests/integration/targets/mount/tasks/main.yml
View file

@ -1,4 +1,3 @@
# SETUP ################################################################################
- name: Install dependencies (Linux)
ansible.builtin.package:
name: e2fsprogs
@ -111,42 +110,6 @@
mode: '0644'
register: orig_info
# BIND MOUNT ################################################################################
# bind mount check mode
- name: Bind mount a filesystem (Linux) (check mode)
ansible.posix.mount:
src: '{{ output_dir }}/mount_source'
name: '{{ output_dir }}/mount_dest'
state: mounted
fstype: None
opts: bind
when: ansible_system == 'Linux'
register: bind_result_linux_dry_run
check_mode: true
- name: Bind mount a filesystem (FreeBSD) (check mode)
ansible.posix.mount:
src: '{{ output_dir }}/mount_source'
name: '{{ output_dir }}/mount_dest'
state: mounted
fstype: nullfs
when: ansible_system == 'FreeBSD'
register: bind_result_freebsd_dry_run
check_mode: true
- name: Attempt to stat bind mounted file
ansible.builtin.stat:
path: '{{ output_dir }}/mount_dest/test_file'
when: ansible_system in ('FreeBSD', 'Linux')
register: dest_stat
- name: Assert the bind mount did not take place
ansible.builtin.assert:
that:
- not dest_stat['stat']['exists']
when: ansible_system in ('FreeBSD', 'Linux')
# bind mount
- name: Bind mount a filesystem (Linux)
ansible.posix.mount:
src: '{{ output_dir }}/mount_source'
@ -205,48 +168,6 @@
- (ansible_system == 'Linux' and not bind_result_linux['changed']) or (ansible_system == 'FreeBSD' and not bind_result_freebsd['changed'])
when: ansible_system in ('FreeBSD', 'Linux')
# remount check mode
- name: Remount filesystem with different opts (Linux) (check mode)
ansible.posix.mount:
src: '{{ output_dir }}/mount_source'
name: '{{ output_dir }}/mount_dest'
state: mounted
fstype: None
opts: bind,ro
when: ansible_system == 'Linux'
register: bind_result_linux
check_mode: true
- name: Remount filesystem with different opts (FreeBSD) (check mode)
ansible.posix.mount:
src: '{{ output_dir }}/mount_source'
name: '{{ output_dir }}/mount_dest'
state: mounted
fstype: nullfs
opts: ro
when: ansible_system == 'FreeBSD'
register: bind_result_freebsd
check_mode: true
- name: Get mount options
ansible.builtin.shell:
cmd: set -o pipefail && mount | grep mount_dest | grep -c -E -w '(ro|read-only)'
executable: "{{ shell_executable }}"
changed_when: false
failed_when: false
register: new_options_count
- name: Make sure the filesystem does not have the new opts
ansible.builtin.assert:
that:
- linux_and_changed or freebsd_and_changed
- new_options_count.stdout | int == 0
vars:
linux_and_changed: "{{ ansible_system == 'Linux' and bind_result_linux_dry_run['changed'] }}"
freebsd_and_changed: "{{ ansible_system == 'FreeBSD' and bind_result_freebsd['changed'] }}"
when: ansible_system in ('FreeBSD', 'Linux')
# remount
- name: Remount filesystem with different opts (Linux)
ansible.posix.mount:
src: '{{ output_dir }}/mount_source'
@ -282,29 +203,6 @@
- 1 == remount_options.stdout_lines | length
when: ansible_system in ('FreeBSD', 'Linux')
# unmount check mode
- name: Unmount the bind mount (check mode)
ansible.posix.mount:
name: '{{ output_dir }}/mount_dest'
state: absent
when: ansible_system in ('Linux', 'FreeBSD')
register: unmount_result
check_mode: true
- name: Make sure the file still exists in dest
ansible.builtin.stat:
path: '{{ output_dir }}/mount_dest/test_file'
when: ansible_system in ('FreeBSD', 'Linux')
register: dest_stat
- name: Check that we did not unmount
ansible.builtin.assert:
that:
- unmount_result['changed']
- dest_stat['stat']['exists']
when: ansible_system in ('FreeBSD', 'Linux')
# unmount
- name: Unmount the bind mount
ansible.posix.mount:
name: '{{ output_dir }}/mount_dest'
@ -325,36 +223,9 @@
- not dest_stat['stat']['exists']
when: ansible_system in ('FreeBSD', 'Linux')
# SWAP #############################################################
- name: Swap
- name: Block to test remounted option
when: ansible_system in ('Linux')
block:
# mount swap check mode
- name: Stat /etc/fstab
ansible.builtin.stat:
path: /etc/fstab
register: stat_fstab_before
- name: Create fstab record for the first swap file (check mode)
ansible.posix.mount:
name: none
src: /tmp/swap1
opts: sw
fstype: swap
state: present
check_mode: true
- name: Stat /etc/fstab
ansible.builtin.stat:
path: /etc/fstab
register: stat_fstab_after
- name: Assert that fstab checksum did not change
ansible.builtin.assert:
that:
- stat_fstab_before.stat.checksum == stat_fstab_after.stat.checksum
# mount swap1
- name: Create fstab record for the first swap file
ansible.posix.mount:
name: none
@ -379,7 +250,6 @@
- swap1_created['changed']
- not swap1_created_again['changed']
# mount swap2
- name: Create fstab record for the second swap file
ansible.posix.mount:
name: none
@ -404,30 +274,6 @@
- swap2_created['changed']
- not swap2_created_again['changed']
# remove swap check mode
- name: Stat /etc/fstab
ansible.builtin.stat:
path: /etc/fstab
register: stat_fstab_before
- name: Remove the fstab record for the first swap file (check mode)
ansible.posix.mount:
name: none
src: /tmp/swap1
state: absent
check_mode: true
- name: Stat /etc/fstab
ansible.builtin.stat:
path: /etc/fstab
register: stat_fstab_after
- name: Assert that fstab checksum did not change
ansible.builtin.assert:
that:
- stat_fstab_before.stat.checksum == stat_fstab_after.stat.checksum
# remove swap1
- name: Remove the fstab record for the first swap file
ansible.posix.mount:
name: none
@ -448,7 +294,6 @@
- swap1_removed['changed']
- not swap1_removed_again['changed']
# remove swap2
- name: Remove the fstab record for the second swap file
ansible.posix.mount:
name: none
@ -469,10 +314,6 @@
- swap2_removed['changed']
- not swap2_removed_again['changed']
# FIXUP #############################################################
- name: Fix incomplete entry already present in fstab
when: ansible_system == 'Linux'
block:
- name: Create fstab record with missing last two fields
ansible.builtin.copy:
dest: /etc/fstab
@ -502,11 +343,6 @@
- ''' 0 0'' in optional_fields_content.stdout'
- 1 == optional_fields_content.stdout_lines | length
# REMOUNTED #############################################################
- name: Block to test remounted option
when: ansible_system in ('Linux')
block:
# setup
- name: Create empty file
community.general.filesize:
path: /tmp/myfs.img
@ -536,26 +372,6 @@
ansible.builtin.pause:
seconds: 2
# remount check mode
- name: Remount (check mode)
ansible.posix.mount:
path: /tmp/myfs
state: remounted
- name: Get again the last write time
ansible.builtin.shell:
cmd: >-
set -o pipefail && dumpe2fs /tmp/myfs.img 2>/dev/null | grep -i "last write time:" |cut -d: -f2-
executable: "{{ shell_executable }}"
changed_when: false
register: last_write_time_check
- name: Fail if they are different
ansible.builtin.fail:
msg: Filesytem was remounted, testing of the module failed!
when: last_write_time.stdout != last_write_time_check.stdout
# remount
- name: Test if the FS is remounted
ansible.posix.mount:
path: /tmp/myfs
@ -574,29 +390,6 @@
msg: Filesytem was not remounted, testing of the module failed!
when: last_write is defined and last_write_time2 is defined and last_write_time.stdout == last_write_time2.stdout
# remount different options check mode
- name: Remount filesystem with different opts using remounted option (Linux only)
ansible.posix.mount:
path: /tmp/myfs
state: remounted
opts: rw,noexec
check_mode: true
- name: Get remounted options (Linux only)
ansible.builtin.shell:
cmd: set -o pipefail && mount | grep myfs | grep -E -w 'noexec' | wc -l
executable: "{{ shell_executable }}"
failed_when: false
changed_when: false
register: remounted_options
- name: Make sure the filesystem now has the new opts after using remounted (Linux only)
ansible.builtin.assert:
that:
- "'0' in remounted_options.stdout"
- "1 == remounted_options.stdout_lines | length"
# remount different options
- name: Remount filesystem with different opts using remounted option (Linux only)
ansible.posix.mount:
path: /tmp/myfs
@ -616,7 +409,6 @@
- "'1' in remounted_options.stdout"
- "1 == remounted_options.stdout_lines | length"
# backup
- name: Mount the FS again to test backup
ansible.posix.mount:
path: /tmp/myfs
@ -647,11 +439,9 @@
- /tmp/myfs.img
- /tmp/myfs
# BOOT #############################################################
- name: Block to test boot option for Linux
when: ansible_system in ('Linux')
block:
# setup
- name: Create empty file
community.general.filesize:
path: /tmp/myfs.img
@ -662,7 +452,6 @@
fstype: ext3
dev: /tmp/myfs.img
# noauto
- name: Mount the FS with noauto option
ansible.posix.mount:
path: /tmp/myfs
@ -683,26 +472,6 @@
path: /tmp/myfs
state: absent
# noauto + defaults
- name: Mount the FS with noauto option and defaults
ansible.posix.mount:
path: /tmp/myfs
src: /tmp/myfs.img
fstype: ext3
state: mounted
boot: false
register: mount_info
- name: Assert the mount without noauto was successful
ansible.builtin.assert:
that:
- "'noauto' in mount_info['opts'].split(',')"
- name: Unmount FS
ansible.posix.mount:
path: /tmp/myfs
state: absent
- name: Remove the test FS
ansible.builtin.file:
path: '{{ item }}'
@ -711,7 +480,6 @@
- /tmp/myfs.img
- /tmp/myfs
# NEWLINE END OF FILE ############################################
- name: Block to test missing newline at the EOF of fstab
when: ansible_system in ('Linux')
block:
@ -750,7 +518,6 @@
- /tmp/myfs1
- /tmp/test_fstab
# EPHEMERAL ################################################
- name: Block to test ephemeral option
environment:
PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
@ -766,7 +533,8 @@
path: /tmp/myfs_B.img
size: 20M
##### FORMAT FS ON LINUX
##### FORMAT FS ON LINUX
- name: Block to format FS on Linux
when: ansible_system == 'Linux'
block:
@ -780,7 +548,8 @@
fstype: ext3
dev: /tmp/myfs_B.img
##### FORMAT FS ON SOLARIS AND BSD
##### FORMAT FS ON SOLARIS AND BSD
- name: Create loop devices on Solaris and BSD
ansible.builtin.shell:
cmd: "set -o pipefail && {{ ephemeral_create_loop_dev_cmd }}"
@ -795,49 +564,14 @@
changed_when: true
when: ephemeral_format_fs_cmd is defined
##### TESTS
- name: Create fstab if it does not exist
ansible.builtin.file:
path: "{{ ephemeral_fstab }}"
state: touch
mode: '0644'
# normal ephemeral mount check mode
- name: Get checksum of /etc/fstab before mounting anything
ansible.builtin.stat:
path: '{{ ephemeral_fstab }}'
register: fstab_stat_before_mount
- name: Mount the FS A with ephemeral state (check mode)
ansible.posix.mount:
path: /tmp/myfs
src: '{{ ephemeral_device_a }}'
fstype: '{{ ephemeral_fstype }}'
opts: rw
state: ephemeral
register: ephemeral_mount_info
check_mode: true
- name: Get checksum of /etc/fstab after an ephemeral mount
ansible.builtin.stat:
path: '{{ ephemeral_fstab }}'
register: fstab_stat_after_mount
- name: Get mountinfo
ansible.builtin.shell:
cmd: grep -c '/tmp/myfs' <(mount -v)
executable: "{{ shell_executable }}"
register: check_mountinfo
failed_when: false
changed_when: false
- name: Assert the mount occurred and the fstab is unchanged
ansible.builtin.assert:
that:
- check_mountinfo.stdout|int == 0
- ephemeral_mount_info['changed']
- fstab_stat_before_mount['stat']['checksum'] == fstab_stat_after_mount['stat']['checksum']
# normal ephemeral mount
- name: Get checksum of /etc/fstab before mounting anything
ansible.builtin.stat:
path: '{{ ephemeral_fstab }}'
@ -878,48 +612,6 @@
- ephemeral_mount_info['changed']
- fstab_stat_before_mount['stat']['checksum'] == fstab_stat_after_mount['stat']['checksum']
# remount different options check mode
- name: Get first mount record
ansible.builtin.shell:
cmd: grep '/tmp/myfs' <(mount -v)
executable: "{{ shell_executable }}"
register: ephemeral_mount_record_1
changed_when: false
- name: Try to mount FS A where FS A is already mounted (should trigger remount and changed)
ansible.posix.mount:
path: /tmp/myfs
src: '{{ ephemeral_device_a }}'
fstype: '{{ ephemeral_fstype }}'
opts: ro
state: ephemeral
register: ephemeral_mount_info
check_mode: true
- name: Get second mount record (should be different than the first)
ansible.builtin.shell:
cmd: grep '/tmp/myfs' <(mount -v)
executable: "{{ shell_executable }}"
register: ephemeral_mount_record_2
changed_when: false
- name: Get mountinfo
ansible.builtin.shell:
cmd: grep -c '/tmp/myfs' <(mount -v)
executable: "{{ shell_executable }}"
failed_when: false
register: check_mountinfo
changed_when: false
- name: Assert the FS A is still mounted, the options unchanged and the fstab unchanged
ansible.builtin.assert:
that:
- check_mountinfo.stdout|int == 1
- ephemeral_mount_record_1.stdout == ephemeral_mount_record_2.stdout
- ephemeral_mount_info['changed']
- fstab_stat_before_mount['stat']['checksum'] == fstab_stat_after_mount['stat']['checksum']
# remount different options
- name: Get first mount record
ansible.builtin.shell:
cmd: grep '/tmp/myfs' <(mount -v)
@ -959,7 +651,6 @@
- ephemeral_mount_info['changed']
- fstab_stat_before_mount['stat']['checksum'] == fstab_stat_after_mount['stat']['checksum']
# conflicting mount
- name: Try to mount file B on file A mountpoint (should fail)
ansible.posix.mount:
path: /tmp/myfs
@ -997,39 +688,6 @@
- test_file_stat['stat']['exists']
- ephemeral_mount_b_info is failed
# unmount check mode
- name: Unmount FS with state = unmounted
ansible.posix.mount:
path: /tmp/myfs
state: unmounted
check_mode: true
- name: Get fstab checksum after unmounting an ephemeral mount with state = unmounted
ansible.builtin.stat:
path: '{{ ephemeral_fstab }}'
register: fstab_stat_after_unmount
- name: Get mountinfo
ansible.builtin.shell:
cmd: grep -c '/tmp/myfs' <(mount -v)
executable: "{{ shell_executable }}"
register: check_mountinfo
failed_when: false
changed_when: false
- name: Try to stat our test file
ansible.builtin.stat:
path: /tmp/myfs/test_file
register: test_file_stat
- name: Assert that unmount did not take place and fstab unchanged
ansible.builtin.assert:
that:
- check_mountinfo.stdout|int == 1
- test_file_stat['stat']['exists']
- fstab_stat_before_mount['stat']['checksum'] == fstab_stat_after_unmount['stat']['checksum']
# unmount
- name: Unmount FS with state = unmounted
ansible.posix.mount:
path: /tmp/myfs
@ -1081,54 +739,3 @@
- /tmp/myfs_A.img
- /tmp/myfs_B.img
- /tmp/myfs
# OPTS_NO_LOG ######################################
- name: Block to test opts_no_log option
when: ansible_system == 'Linux'
block:
- name: Create an empty file
community.general.filesize:
path: /tmp/myfs.img
size: 1M
- name: Format FS
community.general.filesystem:
fstype: ext4
dev: /tmp/myfs.img
- name: Mount the FS with opts_no_log option true
ansible.posix.mount:
path: /tmp/myfs
src: /tmp/myfs.img
fstype: ext4
state: mounted
opts: rw
opts_no_log: true
register: mount_info
- name: Assert opts_no_log option true
ansible.builtin.assert:
that:
- mount_info.opts == 'VALUE_SPECIFIED_IN_NO_LOG_PARAMETER'
- name: Remount the FS with opts_no_log option false
ansible.posix.mount:
path: /tmp/myfs
src: /tmp/myfs.img
fstype: ext4
state: remounted
opts: rw,user
opts_no_log: false
register: mount_info
- name: Assert opts_no_log option false
ansible.builtin.assert:
that:
- mount_info.opts == 'rw,user'
always:
- name: Unmount FS
ansible.posix.mount:
path: /tmp/myfs
state: absent
- name: Remove the test FS
ansible.builtin.file:
path: '{{ item }}'
state: absent
loop:
- /tmp/myfs.img
- /tmp/myfs

1
tests/integration/targets/seboolean/tasks/main.yml
View file

@ -20,4 +20,5 @@
ansible.builtin.include_tasks: seboolean.yml
when:
- ansible_selinux is defined
- ansible_selinux
- ansible_selinux.status == 'enabled'

6
tests/integration/targets/selinux/tasks/main.yml
View file

@ -19,21 +19,23 @@
- name: Debug message for when SELinux is disabled
ansible.builtin.debug:
msg: SELinux is disabled
when: ansible_selinux is defined and ansible_selinux.status == 'disabled'
when: ansible_selinux is defined and not ansible_selinux
- name: Debug message for when SELinux is enabled and not disabled
ansible.builtin.debug:
msg: SELinux is {{ ansible_selinux.status }}
when: ansible_selinux is defined
when: ansible_selinux is defined and ansible_selinux
- name: Include_tasks for when SELinux is enabled
ansible.builtin.include_tasks: selinux.yml
when:
- ansible_selinux is defined
- ansible_selinux
- ansible_selinux.status == 'enabled'
- name: Include tasks for selogin when SELinux is enabled
ansible.builtin.include_tasks: selogin.yml
when:
- ansible_selinux is defined
- ansible_selinux
- ansible_selinux.status == 'enabled'

4
tests/integration/targets/selinux/tasks/selinux.yml
View file

@ -128,8 +128,8 @@
ansible.builtin.assert:
that:
- selinux_config_original | length == selinux_config_after | length
- (selinux_config_after | select("search", "^SELINUX=disabled\s*$") | list | length) > 0
- (selinux_config_after | select("search", "^SELINUXTYPE=targeted\s*$") | list | length) > 0
- selinux_config_after[selinux_config_after.index('SELINUX=disabled')] is search("^SELINUX=\w+$")
- selinux_config_after[selinux_config_after.index('SELINUXTYPE=targeted')] is search("^SELINUXTYPE=\w+$")
- name: TEST 1 | Disable SELinux again, with kernel arguments update
ansible.posix.selinux:

1
tests/sanity/ignore-2.19.txt
View file

@ -1 +0,0 @@
tests/utils/shippable/timing.py shebang

6
tests/utils/shippable/shippable.sh
View file

@ -62,15 +62,15 @@ else
retry pip install "https://github.com/ansible/ansible/archive/stable-${ansible_version}.tar.gz" --disable-pip-version-check
fi
export ANSIBLE_COLLECTIONS_PATH="${PWD}/../../../"
export ANSIBLE_COLLECTIONS_PATHS="${PWD}/../../../"
# START: HACK install dependencies
if [ "${ansible_version}" == "2.9" ] || [ "${ansible_version}" == "2.10" ]; then
# Note: Since community.general 5.x, Ansible Core versions prior to 2.11 are not supported.
# So we need to use 4.8.1 for Ansible 2.9 and Ansible Engine 2.10.
retry git clone --depth=1 --single-branch -b 4.8.1 https://github.com/ansible-collections/community.general.git "${ANSIBLE_COLLECTIONS_PATH}/ansible_collections/community/general"
retry git clone --depth=1 --single-branch -b 4.8.1 https://github.com/ansible-collections/community.general.git "${ANSIBLE_COLLECTIONS_PATHS}/ansible_collections/community/general"
else
retry git clone --depth=1 --single-branch https://github.com/ansible-collections/community.general.git "${ANSIBLE_COLLECTIONS_PATH}/ansible_collections/community/general"
retry git clone --depth=1 --single-branch https://github.com/ansible-collections/community.general.git "${ANSIBLE_COLLECTIONS_PATHS}/ansible_collections/community/general"
fi
# Note: we're installing with git to work around Galaxy being a huge PITA (https://github.com/ansible/galaxy/issues/2429)
# END: HACK