Sync ansible from factory #1
No Assignees
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: pool/ansible#1
Reference in New Issue
Block a user
Delete Branch "hsharma/ansible:factory"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
+ new feature: roles + massively improved variable support and conditionals + Pre and Post tasks provide greater controls to make rolling updates even smoother + added 32 new modules: ++ including a openSUSE package management module ++ added team chat notification modules for Flowdock, Hipchat, Campfire, IRC, and more ++ added monitoring modules to interact with New Relic, Airbrake, Pingdom, Pagerduty and Monit - added CHANGELOG.md to /usr/share/doc/packages/ansible/ to have the complete changelog at hand OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=10Highlighted new features: + accelerated mode: An enhanced fireball mode that requires zero bootstrapping and fewer requirements plus adds capabilities like sudo commands. + role defaults: Allows roles to define a set of variables at the lowest priority. These variables can be overridden by any other variable. + new /etc/ansible/facts.d allows JSON or INI-style facts to be provided from the remote node, and supports executable fact programs in this dir. Files must end in *.fact. + added the ability to make undefined template variables raise errors (see ansible.cfg) + (DOCS PENDING) sudo: True/False and sudo_user: True/False can be set at include and role level + added changed_when: (expression) which allows overriding whether a result is changed or not and can work with registered expressions + --extra-vars can now take a file as input, e.g., "-e @filename" and can also be formatted as YAML + external inventory scripts may now return host variables in one pass, which allows them to be much more efficient for large numbers of hosts + if --forks exceeds the numbers of hosts, it will be automatically reduced. Set forks to 0 and you get "as many forks as I have hosts" out of the box. + enabled error_on_undefined_vars by default, which will make errors in playbooks more obvious + role dependencies -- one role can now pull in another, with parameters of its own. + added the ability to have tasks execute even during a check OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=11+ fixed issue with permissions being incorrect on fireball/accelerate keys when the umask setting was too loose. OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=18Major features/changes: * when_foo which was previously deprecated is now removed, use "when:" instead. Code generates appropriate error suggestion. * include + with_items which was previously deprecated is now removed, ditto. Use with_nested / with_together, etc. * only_if, which is much older than when_foo and was deprecated, is similarly removed. * ssh connection plugin is now more efficient if you add 'pipelining=True' in ansible.cfg under [ssh_connection], see example.cfg * localhost/127.0.0.1 is not required to be in inventory if referenced, if not in inventory, it does not implicitly appear in the 'all' group. * git module has new parameters (accept_hostkey, key_file, ssh_opts) to ease the usage of git and ssh protocols. * when using accelerate mode, the daemon will now be restarted when specifying a different remote_user between plays. * added no_log: option for tasks. When used, no logging information will be sent to syslog during the module execution. * acl module now handles 'default' and allows for either shorthand entry or specific fields per entry section * play_hosts is a new magic variable to provide a list of hosts in scope for the current play. * ec2 module now accepts 'exact_count' and 'count_tag' as a way to enforce a running number of nodes by tags. * all ec2 modules that work with Eucalyptus also now support a 'validate_certs' option, which can be set to 'off' for installations using self-signed certs. * Start of new integration test infrastructure (WIP) OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=19* Fixes to the git module related to host key checking * Force command action to not be executed by the shell unless specifically enabled. * Validate SSL certs accessed through urllib*. * Implement new default cipher class AES256 in ansible-vault. * Misc bug fixes. OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=22- update to 1.5.3: * Fixes to the git module related to host key checking * Force command action to not be executed by the shell unless specifically enabled. * Validate SSL certs accessed through urllib*. * Implement new default cipher class AES256 in ansible-vault. * Misc bug fixes. OBS-URL: https://build.opensuse.org/request/show/226917 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ansible?expand=0&rev=2* The deprecated legacy variable templating system has been finally removed. Use {{ foo }} always not $foo or ${foo}. * Any data file can also be JSON. Use sparingly -- with great power comes great responsibility. Starting file with "{" or "[" denotes JSON. * Added 'gathering' param for ansible.cfg to change the default gather_facts policy. * Accelerate improvements: + multiple users can connect with different keys, when accelerate_multi_key = yes is specified in the ansible.cfg. + daemon lifetime is now based on the time from the last activity, not the time from the daemon's launch. * ansible-playbook now accepts --force-handlers to run handlers even if tasks result in failures. * Added VMWare support with the vsphere_guest module. * many new modules and ther notable changes, please read /usr/share/doc/packages/ansible/CHANGELOG.md for details - use new upstream URL(s) - require python-httplib2 and python-setuptools - ignore "wrong" permissions of synchronize.py - ignore rpmlint warning about requiring python-httplib2 explicitely OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=24* Security updates to further protect against the incorrect execution of untrusted data * Additional tweaks to prevent the incorrect execution of untrusted data * Security update to prevent local operations from executing as the result of specifically crafted untrusted data OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=26Major new features: + Windows support (alpha) using native PowerShell remoting + Tasks can now specify run_once: true, meaning they will be executed exactly once. This can be combined with delegate_to to trigger actions you want done just the one time versus for every host in inventory. New Modules: + cloud: azure + cloud: rax_meta + cloud: rax_scaling_group + cloud: rax_scaling_policy + windows: version of setup module + windows: version of slurp module + windows: win_feature + windows: win_get_url + windows: win_msi + windows: win_ping + windows: win_user + windows: win_service + windows: win_group New inventory scripts: + SoftLayer + Windows Azure Docker module bug fixes: + Fixed support for specifying rw/ro bind modes for volumes + Fixed support for allowing the tag in the image parameter Other notable changes: + Performance enhancements related to previous security fixes, which could cause slowness when modules returned very large JSON results. This specifically impacted the unarchive module frequently, which OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=28- updated package to latest release ## 1.8.1 "You Really Got Me" * Various bug fixes in postgresql and mysql modules. * Fixed a bug related to lookup plugins used within roles not finding files based on the relative paths to the roles files/ directory. * Fixed a bug related to vars specified in plays being templated too early, resulting in incorrect variable interpolation. * Fixed a bug related to git submodules in bare repos. * fact caching support, pluggable, initially supports Redis (DOCS pending) * 'serial' size in a rolling update can be specified as a percentage * added new Jinja2 filters, 'min' and 'max' that take lists * new 'ansible_version' variable available contains a dictionary of version info * For ec2 dynamic inventory, ec2.ini can has various new configuration options * 'ansible vault view filename.yml' opens filename.yml decrypted in a pager. * no_log parameter now surpressess data from callbacks/output as well as syslog * ansible-galaxy install -f requirements.yml allows advanced options and installs from non-galaxy SCM sources and tarballs. * command_warnings feature will warn about when usage of the shell/command module can be simplified to use core modules - this can be enabled in ansible.cfg * new omit value can be used to leave off a parameter when not set, like so module_name: a=1 b={{ c | default(omit) }}, would not pass value for b (not even an empty value) if c was not set. * developers: 'baby JSON' in module responses, originally intended for writing modules in bash, is removed as a feature to simplify logic, script module remains available for running bash scripts. * async jobs started in "fire & forget" mode can now be checked on at a later time. * added ability to subcategorize modules for docs.ansible.com * added ability for shipped modules to have aliases with symlinks * added ability to deprecate older modules by starting with "_" and including "deprecated: message why" in module docs + New Modules: OBS-URL: https://build.opensuse.org/request/show/263653 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=33- Security fixes to check that hostnames match certificates with https urls (CVE-2015-3908): + get_url and uri modules + url and etcd lookup plugins - Security fixes to the zone (Solaris containers), jail (bsd containers), and chroot connection plugins. These plugins can be used to connect to their respective container types in leiu of the standard ssh connection. Prior to this fix being applied these connection plugins didn't properly handle symlinks within the containers which could lead to files intended to be written to or read from the container being written to or read from the host system instead. (CVE pending) - Fixed a bug in the service module where init scripts were being incorrectly used instead of upstart/systemd. - Fixed a bug where sudo/su settings were not inherited from ansible.cfg correctly. - Fixed a bug in the rds module where a traceback may occur due to an unbound variable. - Fixed a bug where certain remote file systems where the SELinux context was not being properly set. - Re-enabled several windows modules which had been partially merged (via action plugins): + win_copy.ps1 + win_copy.py + win_file.ps1 + win_file.py + win_template.py - Fix bug using with_sequence and a count that is zero. Also allows counting backwards isntead of forwards OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=46- update to 1.9.2: - Security fixes to check that hostnames match certificates with https urls (CVE-2015-3908; bnc #938161): + get_url and uri modules + url and etcd lookup plugins - Security fixes to the zone (Solaris containers), jail (bsd containers), and chroot connection plugins. These plugins can be used to connect to their respective container types in leiu of the standard ssh connection. Prior to this fix being applied these connection plugins didn't properly handle symlinks within the containers which could lead to files intended to be written to or read from the container being written to or read from the host system instead. (CVE pending) - Fixed a bug in the service module where init scripts were being incorrectly used instead of upstart/systemd. - Fixed a bug where sudo/su settings were not inherited from ansible.cfg correctly. - Fixed a bug in the rds module where a traceback may occur due to an unbound variable. - Fixed a bug where certain remote file systems where the SELinux context was not being properly set. - Re-enabled several windows modules which had been partially merged (via action plugins): + win_copy.ps1 + win_copy.py + win_file.ps1 + win_file.py + win_template.py - Fix bug using with_sequence and a count that is zero. Also allows counting backwards isntead of forwards OBS-URL: https://build.opensuse.org/request/show/316930 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ansible?expand=0&rev=12This release addresses several bugs, most notably those related to the yum module (introduced in 1.9.3): + Fixes a bug where yum state=latest would error if there were no updates to install. + Fixes a bug where yum state=latest did not work with wildcard package names. + Fixes a bug in lineinfile relating to escape sequences. + Fixes a bug where vars_prompt was not keeping passwords private by default. + Fix ansible-galaxy and the hipchat callback plugin to check that the host it is contacting matches its TLS Certificate. OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=51- update to 1.9.4 This release addresses several bugs, most notably those related to the yum module (introduced in 1.9.3): + Fixes a bug where yum state=latest would error if there were no updates to install. + Fixes a bug where yum state=latest did not work with wildcard package names. + Fixes a bug in lineinfile relating to escape sequences. + Fixes a bug where vars_prompt was not keeping passwords private by default. + Fix ansible-galaxy and the hipchat callback plugin to check that the host it is contacting matches its TLS Certificate. OBS-URL: https://build.opensuse.org/request/show/337610 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ansible?expand=0&rev=14- update to 2.0.1.0: * Fixes a major compatibility break in the synchronize module shipped with 2.0.0.x. That version of synchronize ran sudo on the controller prior to running rsync. In 1.9.x and previous, sudo was run on the host that rsync connected to. 2.0.1 restores the 1.9.x behaviour. * Additionally, several other problems with where synchronize chose to run when combined with delegate_to were fixed. In particular, if a playbook targetted localhost and then delegated_to a remote host the prior behavior (in 1.9.x and 2.0.0.x) was to copy files between the src and destination directories on the delegated host. This has now been fixed to copy between localhost and the delegated host. * Fix a regression where synchronize was unable to deal with unicode paths. * Fix a regression where synchronize deals with inventory hosts that use localhost but with an alternate port. * Fixes a regression where the retry files feature was not implemented. * Fixes a regression where the any_errors_fatal option was implemented in 2.0 incorrectly, and also adds a feature where any_errors_fatal can be set at the block level. * Fix tracebacks when playbooks or ansible itself were located in directories with unicode characters. * Fix bug when sending unicode characters to an external pager for display. * Fix a bug with squashing loops for special modules (mostly package managers). The optimization was squashing when the loop did not apply to the selection of packages. This has now been fixed. * Temp files created when using vault are now "shredded" using the unix shred program which overwrites the file with random data. * Some fixes to cloudstack modules for case sensitivity * Fix non-newstyle modules (non-python modules and old-style modules) to disabled pipelining. OBS-URL: https://build.opensuse.org/request/show/369111 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=60* SECURITY (MODERATE): fix for CVE-2017-7481, in which data for lookup plugins used as variables was not being correctly marked as "unsafe". OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=84- update to 2.4.0.0 (final) Major Changes + Support for Python-2.4 and Python-2.5 on the managed system's side was dropped. If you need to manage a system that ships with Python-2.4 or Python-2.5, you'll need to install Python-2.6 or better on the managed system or run Ansible-2.3 until you can upgrade the system. + New import/include keywords to replace the old bare include directives. The use of static: {yes|no} on such includes is now deprecated. [...] + Windows become_method: runas now works across all authtypes and will auto-elevate under UAC if WinRM user has "Act as part of the operating system" privilege - please refer to /usr/share/doc/packages/ansible/CHANGELOG.md for further changes - added ansible-inventory and ansible-config binaries and manpages - package contrib and examples directories in docdir - package all *md files as documentation for now - recommend the following new packages for (open)SUSE: + python-httplib2 + python-keyczar + python-six - enable/fix build for RHEL and Fedora by redefining __python2 and adding/enhancing the needed (build)requires if needed old: systemsmanagement/ansible new: home:lrupp:branches:systemsmanagement/ansible rev None Index: ansible.changes =================================================================== --- ansible.changes (revision 89) +++ ansible.changes (revision 7) @@ -1,4 +1,74 @@ ------------------------------------------------------------------- +Sat Sep 23 09:05:01 UTC 2017 - lars@linux-schulserver.de + +- update to 2.4.0.0 (final) + Major Changes + + Support for Python-2.4 and Python-2.5 on the managed system's side + was dropped. If you need to manage a system that ships with Python-2.4 + or Python-2.5, you'll need to install Python-2.6 or better on the + managed system or run Ansible-2.3 until you can upgrade the system. + + New import/include keywords to replace the old bare include directives. + The use of static: {yes|no} on such includes is now deprecated. + ++ Using import_* (import_playbook, import_tasks, import_role) directives are static. + ++ Using include_* (include_tasks, include_role) directives are dynamic. + This is done to avoid collisions and possible security issues as + facts come from the remote targets and they might be compromised. + + New order play level keyword that allows the user to change the + order in which Ansible processes hosts when dispatching tasks. + + Users can now set group merge priority for groups of the same depth + (parent child relationship), using the new ansible_group_priority variable, + when values are the same or don't exist it will fallback to the previous + sorting by name'. + + Inventory has been revamped: + ++ Inventory classes have been split to allow for better + management and deduplication + ++ Logic that each inventory source duplicated is now common and pushed + up to reconciliation + ++ VariableManager has been updated for better interaction with inventory + ++ Updated CLI with helper method to initialize base objects for plays + ++ New inventory plugins for creating inventory + ++ Old inventory formats are still supported via plugins + ++ Inline host_list is also an inventory plugin, an example alternative + advanced_host_list is also provided (it supports ranges) + ++ New configuration option to list enabled plugins and precedence + order: whitelist_inventory in ansible.cfg + ++ vars_plugins have been reworked, they are now run from Vars manager + and API has changed (need docs) + ++ Loading group_vars/host_vars is now a vars plugin and can be overridden + ++ It is now possible to specify mulitple inventory sources in the + command line (-i /etc/hosts1 -i /opt/hosts2) + ++ Inventory plugins can use the cache plugin (i.e. virtualbox) and + is affected by meta: refresh_inventory + ++ Group variable precedence is now configurable via new 'precedence' + option in ansible.cfg (needs docs) + ++ Improved warnings and error messages across the board + + Configuration has been changed from a hardcoded listing in the + constants module to dynamically loaded from yaml definitions + ++ Also added an ansible-config CLI to allow for listing config options + and dumping current config (including origin) + ++ TODO: build upon this to add many features detailed in ansible-config + proposal https://github.com/ansible/proposals/issues/35 + + Windows modules now support the use of multiple shared module_utils + files in the form of Powershell modules (.psm1), via + #Requires -Module Ansible.ModuleUtils.Whatever.psm1 + + Python module argument_spec now supports custom validation logic + by accepting a callable as the type argument. + + Windows become_method: runas now works across all authtypes and + will auto-elevate under UAC if WinRM user has "Act as part of the + operating system" privilege + - please refer to /usr/share/doc/packages/ansible/CHANGELOG.md for + further changes +- added ansible-inventory and ansible-config binaries and manpages +- package contrib and examples directories in docdir +- package all *md files as documentation for now +- recommend the following new packages for (open)SUSE: + + python-httplib2 + + python-keyczar + + python-six +- enable/fix build for RHEL and Fedora by redefining __python2 and + adding/enhancing the needed (build)requires if needed + +------------------------------------------------------------------- Tue Aug 8 17:06:10 UTC 2017 - michael@stroeder.com - update to 2.3.2.0 (final) Index: ansible.spec =================================================================== --- ansible.spec (revision 89) +++ ansible.spec (revision 7) @@ -24,7 +24,7 @@ BuildArch: noarch %endif Name: ansible -Version: 2.3.2.0 +Version: 2.4.0.0 Release: 0 Summary: Radically simple IT automation License: GPL-3.0 @@ -33,14 +33,19 @@ Source: https://releases.ansible.com/ansible/ansible-%{version}.tar.gz Source99: ansible-rpmlintrc BuildRoot: %{_tmppath}/%{name}-%{version}-build + +# SuSE/openSuSE %if 0%{?suse_version} BuildRequires: python-devel BuildRequires: python-setuptools -Requires: python-setuptools Recommends: python-dnspython Recommends: python-dopy Recommends: python-pywinrm Recommends: sshpass +Recommends: python-httplib2 +Recommends: python-keyczar +Recommends: python-six +Requires: python-setuptools %if 0%{?suse_version} >= 01130 BuildRequires: python-Jinja2 BuildRequires: python-PyYAML @@ -52,20 +57,52 @@ Requires: python-pycrypto >= 2.6 %endif %endif -# RHEL == 6 -%if 0%{?rhel} == 6 -Requires: python-crypto2.6 + +# RHEL <=5 +%if 0%{?rhel} && 0%{?rhel} <= 5 +BuildRequires: python26-devel +BuildRequires: python26-setuptools +Requires: python26-PyYAML +Requires: python26-httplib2 +Requires: python26-jinja2 +Requires: python26-keyczar +Requires: python26-paramiko +Requires: python26-setuptools +Requires: python26-six +Requires: sshpass %endif # RHEL > 5 %if 0%{?rhel} && 0%{?rhel} >= 5 BuildRequires: python-setuptools BuildRequires: python2-devel Requires: PyYAML +Requires: python-jinja2 +Requires: python-paramiko +Requires: python-setuptools +Requires: python-six +Requires: sshpass +%endif +# RHEL == 6 +%if 0%{?rhel} == 6 +Requires: python-crypto +%endif +# RHEL >=7 +%if 0%{?rhel} >= 7 +Requires: python2-cryptography +BuildRequires: perl(Exporter) +%endif +%if 0%{?fedora} >= 18 +BuildRequires: python-devel +BuildRequires: python-setuptools +Requires: PyYAML Requires: python-httplib2 Requires: python-jinja2 Requires: python-keyczar Requires: python-paramiko Requires: python-setuptools +Requires: python-six +Requires: sshpass +%define __python %{__python2} %endif %description @@ -76,12 +113,14 @@ %prep %setup -q -n ansible-%{version} +find . -name .git_keep -delete +find contrib/ -type f -exec chmod 644 {} \; %build -python setup.py build +%{__python} setup.py build %install -python setup.py install --prefix=%{_prefix} --root=%{buildroot} +%{__python} setup.py install --prefix=%{_prefix} --root=%{buildroot} mkdir -p %{buildroot}%{_sysconfdir}/ansible/ cp examples/hosts %{buildroot}%{_sysconfdir}/ansible/ @@ -92,20 +131,24 @@ %files %defattr(-,root,root,-) -%doc COPYING README.md CHANGELOG.md +%doc COPYING *.md contrib examples %{_bindir}/ansible +%{_bindir}/ansible-config %{_bindir}/ansible-connection %{_bindir}/ansible-console -%{_bindir}/ansible-playbook -%{_bindir}/ansible-pull %{_bindir}/ansible-doc %{_bindir}/ansible-galaxy +%{_bindir}/ansible-inventory +%{_bindir}/ansible-playbook +%{_bindir}/ansible-pull %{_bindir}/ansible-vault %{python_sitelib}/* %{_mandir}/man1/ansible.1* +%{_mandir}/man1/ansible-config.1* %{_mandir}/man1/ansible-console.1* %{_mandir}/man1/ansible-doc.1* %{_mandir}/man1/ansible-galaxy.1* +%{_mandir}/man1/ansible-inventory.1* %{_mandir}/man1/ansible-playbook.1* %{_mandir}/man1/ansible-pull.1* %{_mandir}/man1/ansible-vault.1* Index: ansible-2.4.0.0.tar.gz =================================================================== Binary file ansible-2.4.0.0.tar.gz (revision 7) added Index: ansible-2.3.2.0.tar.gz =================================================================== Binary file ansible-2.3.2.0.tar.gz (revision 89) deleted OBS-URL: https://build.opensuse.org/request/show/528397 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=90- Update to version 2.4.3.0: * Fix `pamd` rule args regexp to match file paths. * Check if SELinux policy exists before setting. * Set locale to `C` in `letsencrypt` module to fix date parsing errors. * Fix include in loop when stategy=free. * Fix save parameter in asa_config. * Fix --vault-id support in ansible-pull. * In nxos_interface_ospf, fail nicely if loopback is used with passive_interface. * Fix quote filter when given an integer to quote. * nxos_vrf_interface fix when validating the interface. * Fix for win_copy when sourcing files from an SMBv1 share. * correctly report callback plugin file. * restrict revaulting to vault cli. * Fix python3 tracebacks in letsencrypt module. * Fix ansible_*_interpreter variables to be templated prior to being used. * Fix setting of environment in a task that uses a loop * Fix fetch on Windows failing to fetch files or particular block size. * preserve certain fields during no log. * fix issue with order of declaration of sections in ini inventory. * Fix win_iis_webapppool to correctly stop a apppool. * Fix CloudEngine host failed. * Fix ios_config save issue. * Handle vault filenames with nonascii chars when displaying messages. * Fix win_iis_webapppool to not return passwords. OBS-URL: https://build.opensuse.org/request/show/572424 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=98* SECURITY (MODERATE): fix for CVE-2017-7466, which finally fixes an arbitrary command execution vulnerability OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=102As mentioned in SR 580670, the license change now has a separate changelog entry. The changelog entry got extended by the correct CVE and SUSE bugzilla numbers for further reference. --- - License changed to GPL-3.0-or-later, as mentioned in the source (former license focues on GPL-3.0 only) - update to 2.3.1 RC1 (package version 2.3.0.1) (bsc#1056094): * SECURITY (MODERATE): fix for CVE-2017-7466, which finally fixes an arbitrary command execution vulnerability OBS-URL: https://build.opensuse.org/request/show/583250 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ansible?expand=0&rev=34Major Changes * Ansible Network improvements + Created new connection plugins network_cli and netconf to replace connection=local. connection=local will continue to work for a number of Ansible releases. + No more unable to open shell. A clear and descriptive message will be displayed in normal ansible-playbook output without needing to enable debug mode + Loads of documentation, see Ansible for Network Automation Documentation. + Refactor common network shared code into package under module_utils/network/ + Filters: Add a filter to convert XML response from a network device to JSON object. + Loads of bug fixes. + Plus lots more. * New simpler and more intuitive 'loop' keyword for task loops. The with_<lookup> loops will likely be deprecated in the near future and eventually removed. * Added fact namespacing; from now on facts will be available under ansible_facts namespace (for example: ansible_facts.os_distribution) without the ansible_ prefix. They will continue to be added into the main namespace directly, but now with a configuration toggle to enable this. This is currently on by default, but in the future it will default to off. * Added a configuration file that a site administrator can use to specify modules to exclude from being used. Minor Changes * please refer to the CHANGELOG-v2.5.rst document Deprecated Features * Previously deprecated 'hostfile' config settings have been 're-deprecated' because previously code did not warn about deprecated configuration settings. * Using Ansible-provided Jinja tests as filters is deprecated and will be removed in Ansible 2.9. OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=106- Update to 2.5.0: Major Changes * Ansible Network improvements + Created new connection plugins network_cli and netconf to replace connection=local. connection=local will continue to work for a number of Ansible releases. + No more unable to open shell. A clear and descriptive message will be displayed in normal ansible-playbook output without needing to enable debug mode + Loads of documentation, see Ansible for Network Automation Documentation. + Refactor common network shared code into package under module_utils/network/ + Filters: Add a filter to convert XML response from a network device to JSON object. + Loads of bug fixes. + Plus lots more. * New simpler and more intuitive 'loop' keyword for task loops. The with_<lookup> loops will likely be deprecated in the near future and eventually removed. * Added fact namespacing; from now on facts will be available under ansible_facts namespace (for example: ansible_facts.os_distribution) without the ansible_ prefix. They will continue to be added into the main namespace directly, but now with a configuration toggle to enable this. This is currently on by default, but in the future it will default to off. * Added a configuration file that a site administrator can use to specify modules to exclude from being used. Minor Changes * please refer to /share/doc/packages/ansible/changelogs/CHANGELOG-v2.5.rst Deprecated Features * Previously deprecated 'hostfile' config settings have been 're-deprecated' because previously code did not warn about deprecated configuration settings. * Using Ansible-provided Jinja tests as filters is deprecated and will be removed in Ansible 2.9. * The stat and win_stat modules have deprecated get_md5 and the md5 return values. These options will become undocumented in Ansible 2.9 and removed in a later version. * The redis_kv lookup has been deprecated in favor of new redis lookup * Passing arbitrary parameters that begin with HEADER_ to the uri module, used for passing http headers, is deprecated. Use the headers parameter with a dictionary of header names to value instead. This will be removed in Ansible 2.9 * Passing arbitrary parameters to the zfs module to set zfs properties is deprecated. Use the extra_zfs_properties parameter with a dictionary of property names to values instead. This will be removed in Ansible 2.9. * Use of the AnsibleModule parameter check\_invalid\_arguments in custom modules is deprecated. In the future, all parameters will be checked to see whether they are listed in the arg spec and an error raised if they are not listed. This behaviour is the current and future default so most custom modules can simply remove check\_invalid\_arguments if they set it to the default value of True. The check\_invalid\_arguments parameter will be removed in Ansible 2.9. * The nxos_ip_interface module is deprecated in Ansible 2.5. Use nxos_l3_interface module instead. * The nxos_portchannel module is deprecated in Ansible 2.5. Use nxos_linkagg module instead. * The nxos_switchport module is deprecated in Ansible 2.5. Use nxos_l2_interface module instead. * The ec2_ami_find has been deprecated; use ec2_ami_facts instead. * panos_security_policy: Use panos_security_rule - the old module uses deprecated API calls * vsphere_guest is deprecated in Ansible 2.5 and will be removed in Ansible-2.9. Use vmware_guest module instead. Removed Features (previously deprecated) * accelerate. * boundary_meter: There was no deprecation period for this but the hosted service it relied on has gone away so the module has been removed. #29387 * cl_ : cl_interface, cl_interface_policy, cl_bridge, cl_img_install, cl_ports, cl_license, cl_bond. Use nclu instead * docker. Use docker_container and docker_image instead. * ec2_vpc. * ec2_ami_search, use ec2_ami_facts instead. * nxos_mtu. Use nxos_system's system_mtu option instead. To specify an interface's MTU use nxos_interface. * panos_nat_policy: Use panos_nat_rule the old module uses deprecated API calls - also package the changelogs directory below /usr/share/doc/packages/ansible/ for better reference OBS-URL: https://build.opensuse.org/request/show/593337 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ansible?expand=0&rev=35Minor Changes + Updated example in vcenter_license module. + Updated virtual machine facts with instanceUUID which is unique for each VM irrespective of name and BIOS UUID. + A lot of Bugfixes, please refer to the Changelog installed in /usr/share/doc/packages/ansible/changelogs/CHANGELOG-v2.5.rst OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=109- Update to 2.5.1 Minor Changes + Updated example in vcenter_license module. + Updated virtual machine facts with instanceUUID which is unique for each VM irrespective of name and BIOS UUID. + A lot of Bugfixes, please refer to the Changelog installed in /usr/share/doc/packages/ansible/changelogs/CHANGELOG-v2.5.rst OBS-URL: https://build.opensuse.org/request/show/601506 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ansible?expand=0&rev=36- Update to 2.5.5 - Fixed the honouration of the no_log option with failed task iterations (CVE-2018-10855 boo#1097775) - Bufixes: - Changed the admin_users config option to not include "admin" by default as admin is frequently used for a non-privileged account - aws_s3 - add async support to the action plugin - aws_s3 - fix decrypting vault files - ec2_ami - cast the device_mapping volume size to an int - eos_logging - fix idempotency issues - cache plugins - A cache timeout of 0 means the cache will not expire. - ios_logging - fix idempotency issues - ios/nxos/eos_config - don't retrieve config in running_config when config is provided for diff - nxos_banner - fix multiline banner issue - nxos terminal plugin - fix output truncation - nxos_l3_interface - fix no switchport issue with loopback and svi interfaces - nxos_snapshot - fix compare_option - Applied spec-cleaner OBS-URL: https://build.opensuse.org/request/show/617102 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=111- revert some unneeded changes from spec-cleaner - updated to latest release 2.6.0 - New Plugins: + Callback: - cgroup_memory_recap - grafana_annotations - sumologic + Connection: - httpapi + Inventory: - foreman - gcp_compute - generator - nmap + Lookup: - onepassword - onepassword_raw - Modules updates too many to mention here please look at package documentation directory (/usr/share/doc/packages/.../changelogs) - bug fixes: - **Security Fix** - Some connection exceptions would cause no_log specified on a task to be ignored. If this happened, the task information, including any private information coul d have been displayed to stdout and (if enabled, not the default) logged to a log file specified in ansible.cfg's log_path. Additionally, sites which redirected stdout from ansible runs to a log file may have stored that private information onto disk that way as well. (https://github.com/ansible/ansible/pull/41414) - Changed the admin_users config option to not include "admin" by default as admin is frequently used for a non-privileged account (https://github.com/ansible/ansible/pull/41164) - Changed the output to "text" for "show vrf" command as default "json" output format with respect to "eapi" transport was failing (https://github.com/ansible/ansible/pull/41470) - Document mode=preserve for both the copy and template module - Fix added for Digital Ocean Volumes API change causing Ansible to recieve an unexpected value in the response. (https://github.com/ansible/ansible/pull/41431) - Fix an encoding issue when parsing the examples from a plugins' documentation - Fix iosxr_config module to handle route-policy, community-set, prefix-set, as-path-set and rd-set blocks. All these blocks are part of route-policy language of iosxr. - Fix mode=preserve with remote_src=True for the copy module - Implement mode=preserve for the template module - The yaml callback plugin now allows non-ascii characters to be displayed. - Various grafana_* modules - Port away from the deprecated b64encodestring function to the b64encode function instead. https://github.com/ansible/ansible/pull/38388 - added missing 'raise' to exception definition https://github.com/ansible/ansible/pull/41690 - allow custom endpoints to be used in the aws_s3 module (https://github.com/ansible/ansible/pull/36832) - allow set_options to be called multiple times https://github.com/ansible/ansible/pull/41913 - ansible-doc - fixed traceback on missing plugins (https://github.com/ansible/ansible/pull/41167) - cast the device_mapping volume size to an int in the ec2_ami module (https://github.com/ansible/ansible/pull/40938) - copy - fixed copy to only follow symlinks for files in the non-recursive case - copy module - The copy module was attempting to change the mode of files for remote_src=True even if mode was not set as a parameter. This failed on filesystems which do not have permission bits (https://github.com/ansible/ansible/pull/40099) - copy module - fixed recursive copy with relative paths (https://github.com/ansible/ansible/pull/40166) - correct debug display for all cases https://github.com/ansible/ansible/pull/41331 - correctly check hostvars for vars term https://github.com/ansible/ansible/pull/41819 - correctly handle yaml inventory files when entries are null dicts https://github.com/ansible/ansible/issues/41692 - dynamic includes - Allow inheriting attributes from static parents (https://github.com/ansible/ansible/pull/38827) - dynamic includes - Don't treat undefined vars for conditional includes as truthy (https://github.com/ansible/ansible/pull/39377) - dynamic includes - Fix IncludedFile comparison for free strategy (https://github.com/ansible/ansible/pull/37083) - dynamic includes - Improved performance by fixing re-parenting on copy (https://github.com/ansible/ansible/pull/38747) - dynamic includes - Use the copied and merged task for calculating task vars (https://github.com/ansible/ansible/pull/39762) - file - fixed the default follow behaviour of file to be true - file module - Eliminate an error if we're asked to remove a file but something removes it while we are processing the request (https://github.com/ansible/ansible/pull/39466) - file module - Fix error when recursively assigning permissions and a symlink to a nonexistent file is present in the directory tree (https://github.com/ansible/ansible/issues/39456) - file module - Fix error when running a task which assures a symlink to a nonexistent file exists for the second and subsequent times (https://github.com/ansible/ansible/issues/39558) - file module - The file module allowed the user to specify src as a parameter when state was not link or hard. This is documented as only applying to state=link or state=hard but in previous Ansible, this could have an effect in rare cornercases. For instance, "ansible -m file -a 'state=directory path=/tmp src=/var/lib'" would create /tmp/lib. This has been disabled and a warning emitted (will change to an error in Ansible-2.10). - file module - The touch subcommand had its diff output broken during the 2.6.x development cycle. This is now fixed (https://github.com/ansible/ansible/issues/41755) - fix BotoCoreError exception handling - fix apt-mark on debian6 (https://github.com/ansible/ansible/pull/41530) - fix async for the aws_s3 module by adding async support to the action plugin (https://github.com/ansible/ansible/pull/40826) - fix decrypting vault files for the aws_s3 module (https://github.com/ansible/ansible/pull/39634) - fix errors with S3-compatible APIs if they cannot use ACLs for buckets or objects - fix permission handling to try to download a file even if the user does not have permission to list all objects in the bucket - fixed config required handling, specifically for _terms in lookups https://github.com/ansible/ansible/pull/41740 - gce_net - Fix sorting of allowed ports (https://github.com/ansible/ansible/pull/41567) - group_by - support implicit localhost (https://github.com/ansible/ansible/pull/41860) - import/include - Ensure role handlers have the proper parent, allowing for correct attribute inheritance (https://github.com/ansible/ansible/pull/39426) - import_playbook - Pass vars applied to import_playbook into parsing of the playbook as they may be needed to parse the imported plays (https://github.com/ansible/ansible/pull/39521) - include_role/import_role - Don't overwrite included role handlers with play handlers on parse (https://github.com/ansible/ansible/pull/39563) - include_role/import_role - Fix parameter templating (https://github.com/ansible/ansible/pull/36372) - include_role/import_role - Use the computed role name for include_role/import_role so to diffentiate between names computed from host vars (https://github.com/ansible/ansible/pull/39516)- include_role/import_role - improved performance and recursion depth (https://github.com/ansible/ansible/pull/36470) - lineinfile - fix insertbefore when used with BOF to not insert duplicate lines (https://github.com/ansible/ansible/issues/38219) - password lookup - Do not load password lookup in network filters, allowing the password lookup to be overriden (https://github.com/ansible/ansible/pull/41907) - pause - ensure ctrl+c interrupt works in all cases (https://github.com/ansible/ansible/issues/35372) - powershell - use the tmpdir set by `remote_tmp` for become/async tasks instead of the generic $env:TEMP - https://github.com/ansible/ansible/pull/40210 - selinux - correct check mode behavior to report same changes as normal mode (https://github.com/ansible/ansible/pull/40721) - spwd - With python 3.6 spwd.getspnam returns PermissionError instead of KeyError if user does not have privileges (https://github.com/ansible/ansible/issues/39472) - synchronize - Ensure the local connection created by synchronize uses _remote_is_local=True, which causes ActionBase to build a local tmpdir (https://github.com/ansible/ansible/pull/40833) - template - Fix for encoding issues when a template path contains non-ascii characters and using the template path in ansible_managed (https://github.com/ansible/ansible/issues/27262) - template action plugin - fix the encoding of filenames to avoid tracebacks on Python2 when characters that are not present in the user's locale are present. (https://github.com/ansible/ansible/pull/39424) - user - only change the expiration time when necessary (https://github.com/ansible/ansible/issues/13235) - uses correct conn info for reset_connection https://github.com/ansible/ansible/issues/27520 - win_environment - Fix for issue where the environment value was deleted when a null value or empty string was set - https://github.com/ansible/ansible/issues/40450 - win_file - fix issue where special chars like [ and ] were not being handled correctly https://github.com/ansible/ansible/pull/37901 - win_get_url - fixed a few bugs around authentication and force no when using an FTP URL - win_iis_webapppool - redirect some module output to null so Ansible can read the output JSON https://github.com/ansible/ansible/issues/40874 - win_template - fix when specifying the dest option as a directory with and without the trailing slash https://github.com/ansible/ansible/issues/39886 - win_updates - Added the ability to run on a scheduled task for older hosts so async starts working again - https://github.com/ansible/ansible/issues/38364 - win_updates - Fix logic when using a whitelist for multiple updates - win_updates - Fix typo that hid the download error when a download failed - win_updates - Fixed issue where running win_updates on async fails without any error - windows become - Show better error messages when the become process fails - winrm - Add better error handling when the kinit process fails - winrm - allow `ansible_user` or `ansible_winrm_user` to override `ansible_ssh_user` when both are defined in an inventory - https://github.com/ansible/ansible/issues/39844 - winrm - ensure pexpect is set to not echo the input on a failure and have a manual sanity check afterwards https://github.com/ansible/ansible/issues/41865 - winrm connection plugin - Fix exception messages sometimes raising a traceback when the winrm connection plugin encounters an unrecoverable error. https://github.com/ansible/ansible/pull/39333 - xenserver_facts - ensure module works with newer versions of XenServer (https://github.com/ansible/ansible/pull/35821) - use python3 on (open)SUSE 15 or newer OBS-URL: https://build.opensuse.org/request/show/620440 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=112- update to 2.6.2 Minor Changes + Sceanrio guide for removing an existing virtual machine is added. + lineinfile - add warning when using an empty regexp + Restore module_utils.basic.BOOLEANS variable for backwards compatibility with the module API in older ansible releases. Bugfixes: + Add text output along with structured output in nxos_facts + Allow more than one page of results by using the right pagination indicator ('NextMarker' instead of 'NextToken'). + Fix an atomic_move error that is 'true', but misleading. Now we show all 3 files involved and clarify what happened. + Fix eos_l2_interface eapi. + Fix fetching old style facts in junos_facts module + Fix get_device_info nxos zero or more whitespace regex + Fix nxos CI failures + Fix nxos_nxapi default http behavior + Fix nxos_vxlan_vtep_vni + Fix regex network_os_platform nxos + Refactor nxos cliconf get_device_info for non structured output supported devices + To fix the NoneType error raised in ios_l2_interface when Access Mode VLAN is unassigned + emtpy host/group name is an error + fix default SSL version for docker modules + fix mail module when using starttls + fix nmap config example + fix ps detection of service + fix the remote tmp folder permissions issue when becoming a non admin user OBS-URL: https://build.opensuse.org/request/show/626515 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=114- update to 2.6.3 Bugfixes: * Fix lxd module to be idempotent when the given configuration for the lxd container has not changed * Fix setting value type to str to avoid conversion during template read. Fix Idempotency in case of 'no key'. * Fix the mount module's handling of swap entries in fstab * The fix for (CVE-2018-10875) prints out a warning message about skipping a config file from a world writable current working directory. However, if the user explicitly specifies that the config file should be used via the ANSIBLE_CONFIG environment variable then Ansible would honor that but still print out the warning message. This has been fixed so that Ansible honors the user's explicit wishes and does not print a warning message in that circumstance. * To fix the bug where existing host_record was deleted when existing record name is used with different IP. * VMware handle pnic in proxyswitch * fix azure security group cannot add rules when purge_rule set to false. * fix azure_rm_deployment collect tags from existing Resource Group. * fix azure_rm_loadbalancer_facts list takes at least 2 arguments. * fix for the bundled selectors module (used in the ssh and local connection plugins) when a syscall is restarted after being interrupted by a signal * get_url - fix the bug that get_url does not change mode when checksum matches * nicer error when multiprocessing breaks * openssl_certificate - Convert valid_date to bytes for conversion * openstack_inventory.py dynamic inventory file fixed the plugin to the script so that it will work with current ansible-inventory. Also redirect stdout before dumping the ouptput, because not doing so will cause JSON parse errors in some cases. * slack callback - Fix invocation by looking up data from cli.options * sysvinit module: handle values of optional parameters. Don't disable service when enabled parameter isn't set. Fix command when arguments parameter isn't set. * vars_prompt - properly template play level variables in vars_prompt * win_domain - ensure the Netlogon service is up and running after promoting host to controller * win_domain_controller - ensure the Netlogon service is up and running after promoting host to controller OBS-URL: https://build.opensuse.org/request/show/631847 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=116Minor Changes: * add azure_rm_storageaccount support to StorageV2 kind. * import_tasks - Do not allow import_tasks to transition to dynamic if the file is missing Bugfixes: * Add md5sum check in nxos_file_copy module * Allow arbitrary log_driver for docker_container * Fix Python2.6 regex bug terminal plugin nxos, iosxr * Fix check_mode in nxos_static_route module * Fix glob path of rc.d Some distribtuions like SUSE has the rc%.d directories under /etc/init.d * Fix network config diff issue for lines * Fixed an issue where ansible_facts.pkg_mgr would incorrectly set to zypper on Debian/Ubuntu systems that happened to have the command installed * The docker_* modules respect the DOCKER_* environment variables again * The fix for CVE-2018-10875 prints out a warning message about skipping a config file from a world writable current working directory. However, if the user is in a world writable current working directory which does not contain a config file, it should not print a warning message. This release fixes that extaneous warning. * To resolve nios_network issue where vendor-encapsulated-options can not have a use_option flag. * To resolve the issue of handling exception for Nios lookup gracefully. * always correctly template no log for tasks * ansible-galaxy - properly list all roles in roles_path * basic.py - catch ValueError in case a FIPS enabled platform raises this exception * docker_container: fixing working_dir idempotency problem OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=118- update to 2.6.4 Minor Changes: * add azure_rm_storageaccount support to StorageV2 kind. * import_tasks - Do not allow import_tasks to transition to dynamic if the file is missing Bugfixes: * Add md5sum check in nxos_file_copy module * Allow arbitrary log_driver for docker_container * Fix Python2.6 regex bug terminal plugin nxos, iosxr * Fix check_mode in nxos_static_route module * Fix glob path of rc.d Some distribtuions like SUSE has the rc%.d directories under /etc/init.d * Fix network config diff issue for lines * Fixed an issue where ansible_facts.pkg_mgr would incorrectly set to zypper on Debian/Ubuntu systems that happened to have the command installed * The docker_* modules respect the DOCKER_* environment variables again * The fix for CVE-2018-10875 prints out a warning message about skipping a config file from a world writable current working directory. However, if the user is in a world writable current working directory which does not contain a config file, it should not print a warning message. This release fixes that extaneous warning. * To resolve nios_network issue where vendor-encapsulated-options can not have a use_option flag. * To resolve the issue of handling exception for Nios lookup gracefully. * always correctly template no log for tasks * ansible-galaxy - properly list all roles in roles_path * basic.py - catch ValueError in case a FIPS enabled platform raises this exception * docker_container: fixing working_dir idempotency problem OBS-URL: https://build.opensuse.org/request/show/634926 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ansible?expand=0&rev=40- update to version 2.7.4 Bugfixes: * powershell - add lib/ansible/executor/powershell to the packaging data - update to version 2.7.3 Minor Changes: * Document Path and Port are mutually exclusive parameters in wait_for module * Puppet module remove --ignorecache to allow Puppet 6 support * dnf properly support modularity appstream installation via overloaded group modifier syntax * proxmox_kvm - fix exception * win_security_policy - warn users to use win_user_right instead when editing Privilege Rights Bugfixes: * Fix the issue that FTD HTTP API retries authentication-related HTTP requests * Fix the issue that module fails when the Swagger model does not have required fields * Fix the issue with comparing string-like objects * Fix using omit on play keywords * Windows - prevent sensitive content from appearing in scriptblock logging (CVE-2018-16859) * apt_key - Disable TTY requirement in GnuPG for the module to work correctly when SSH pipelining is enabled * better error message when bad type in config, deal with EVNAR= more gracefully * configuration retrieval would fail on non primed plugins * cs_template - Fixed a KeyError on state=extracted * docker_container - fix idempotency problems with docker-py caused by previous init idempotency fix * docker_container - fix interplay of docker-py version check with argument_spec validation improvements * docker_network - driver_options containing Python booleans would cause Docker to throw exceptions * ec2_group - Fix comparison of determining which rules to purge by ignoring descriptions * pip module - fix setuptools/distutils replacement * sysvinit - enabling a service should use "defaults" if no runlevels are specified - update to version 2.7.2 Minor changes: * Fix documentation for cloning template * Parsing plugin filter may raise TypeError, gracefully handle this exception and let user know about the syntax error in plugin filter file * Scenario guide for VMware HTTP API usage * Update plugin filter documentation * fix yum and dnf autoremove input sanitization to properly warn user if invalid options passed and update documentation to match * improve readability and fix privileges names on vmware scenario_clone_template * k8s - updated module documentation to mention how to avoid SSL validation errors * yum - when checking for updates, now properly include Obsoletes (both old and new) package data in the module JSON output OBS-URL: https://build.opensuse.org/request/show/653460 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=126- Update to version 2.8.1 Full changelog is at /usr/share/doc/packages/ansible/changelogs/ Bugfixes -------- - ACI - DO not encode query_string - ACI modules - Fix non-signature authentication - Add missing directory provided via ``--playbook-dir`` to adjacent collection loading - Fix "Interface not found" errors when using eos_l2_interface with nonexistant interfaces configured - Fix cannot get credential when `source_auth` set to `credential_file`. - Fix netconf_config backup string issue - Fix privilege escalation support for the docker connection plugin when credentials need to be supplied (e.g. sudo with password). - Fix vyos cli prompt inspection - Fixed loading namespaced documentation fragments from collections. - Fixing bug came up after running cnos_vrf module against coverity. - Properly handle data importer failures on PVC creation, instead of timing out. - To fix the ios static route TC failure in CI - To fix the nios member module params - To fix the nios_zone module idempotency failure - add terminal initial prompt for initial connection - allow include_role to work with ansible command - allow python_requirements_facts to report on dependencies containing dashes - asa_config fix - azure_rm_roledefinition - fix a small error in build scope. - azure_rm_virtualnetworkpeering - fix cross subscriptions virtual network peering. - cgroup_perf_recap - When not using file_per_task, make sure we don't prematurely close the perf files - display underlying error when reporting an invalid ``tasks:`` block. OBS-URL: https://build.opensuse.org/request/show/708761 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=141- ran spec-cleaner - remove old SUSE targets (SLE-11, Leap 42.3 and below) This simplifies the spec file and makes building easier - Additional required packages for building: + python-boto3 and python-botocore for Amazon EC2 + python-jmespath for json queries + python-memcached for cloud modules and local caching of JSON formatted, per host records + python-redis for cloud modules and local caching of JSON formatted, per host records + python-requests for many web-based modules (cloud, network, netapp) => as the need for those packages depends on the usage of the tool, they are just recommended on openSUSE/SUSE machines - made dependencies for gitlab, vmware and winrm modules configurable, as most of their dependencies are not (yet) available on current openSUSE/SUSE distributions - exclude /usr/bin/pwsh from the automatic dependency generation, as the Windows Power Shell is not available (yet) on openSUSE/SUSE - build additional docs and split up ansible-doc package; moving changelogs, contrib and example directories there - prepare for building HTML documentation, but disable this per default for the moment, as not all package dependencies are available in openSUSE/SUSE (yet) - package some test scripts with executable permissions OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=158- sync with upstream spec file (especially for RHEL & Fedora builds) - ran spec-cleaner - remove old SUSE targets (SLE-11, Leap 42.3 and below) This simplifies the spec file and makes building easier - Additional required packages for building: + python-boto3 and python-botocore for Amazon EC2 + python-jmespath for json queries + python-memcached for cloud modules and local caching of JSON formatted, per host records + python-redis for cloud modules and local caching of JSON formatted, per host records + python-requests for many web-based modules (cloud, network, netapp) => as the need for those packages depends on the usage of the tool, they are just recommended on openSUSE/SUSE machines - made dependencies for gitlab, vmware and winrm modules configurable, as most of their dependencies are not (yet) available on current openSUSE/SUSE distributions - exclude /usr/bin/pwsh from the automatic dependency generation, as the Windows Power Shell is not available (yet) on openSUSE/SUSE - build additional docs and split up ansible-doc package; moving changelogs, contrib and example directories there - prepare for building HTML documentation, but disable this per default for the moment, as not all package dependencies are available in openSUSE/SUSE (yet) - package some test scripts with executable permissions - update to version 2.9.2 maintenance release containing numerous bugfixes OBS-URL: https://build.opensuse.org/request/show/759909 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ansible?expand=0&rev=55- update to version 2.9.3 (maintenance release) * security fixes - CVE-2019-14904 (solaris_zone module) - CVE-2019-14905 (nxos_file_copy module), * various bugfixes OBS-URL: https://build.opensuse.org/request/show/765059 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=159- Add CVE-2020-1733_avoid_mkdir_p.patch to fix CVE-2020-1733 (bsc#1164140) - Add metadata information to this file to mark which SUSE bugzilla have been already fixed. - bsc#1164140 CVE-2020-1733 - insecure temporary directory when running become_user from become directive - bsc#1164139 CVE-2020-1734 shell enabled by default in a pipe lookup plugin subprocess - bsc#1164137 CVE-2020-1735 - path injection on dest parameter in fetch module - bsc#1164134 CVE-2020-1736 atomic_move primitive sets permissive permissions - bsc#1164138 CVE-2020-1737 - Extract-Zip function in win_unzip module does not check extracted path - bsc#1164136 CVE-2020-1738 module package can be selected by the ansible facts - bsc#1164133 CVE-2020-1739 - svn module leaks password when specified as a parameter - bsc#1164135 CVE-2020-1740 - secrets readable after ansible-vault edit - bsc#1165393 CVE-2020-1746 - information disclosure issue in ldap_attr and ldap_entry modules - bsc#1166389 CVE-2020-1753 - kubectl connection plugin leaks sensitive information - CVE-2020-10684 - code injection when using ansible_facts as a subkey - bsc#1167440 CVE-2020-10685 - modules which use files encrypted with vault are not properly cleaned up - CVE-2020-10691 - archive traversal vulnerability in ansible-galaxy collection install [2] - update to version 2.9.6 (maintenance release) including OBS-URL: https://build.opensuse.org/request/show/809080 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=183- Correct ID of CVE and rename the patch to CVE-2020-1744_avoid_mkdir_p.patch - bsc#1167532 CVE-2020-10684 - code injection when using ansible_facts as a subkey * remote home directory * Disallow use of remote home directories that include relative pathing by means of `..` (CVE-2019-3828, bsc#1126503) (https://github.com/ansible/ansible/pull/52133) + Includes fix for bsc#1099808 (CVE-2018-10875) ansible.cfg is being read from current working directory allowing possible code execution OBS-URL: https://build.opensuse.org/request/show/810010 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=184- update to version 2.9.13 with many bug fixes, most notably: * A security issue was addressed in the "dnf" module, which previously did not check GPG signatures of packages. * A bug in the "cron" module was fixed. In some cases prior to this fix, the module would inadvertently remove cron entries. - removed obsolete fix-cron-regression-71207.patch OBS-URL: https://build.opensuse.org/request/show/831014 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=197- update to version 2.9.18 * CVE-2021-20228 where default and fallback values for no_log parameters to modules were not previously masked. * CVE-2021-20178 where several parameters to the snmp_facts module were logged and displayed despite containing sensitive information. * CVE-2021-20180 where several parameters to the bitbucket_pipeline_variable were logged and displayed despite containing sensitive information. * CVE-2021-20191 which addresses a number of modules whose parameters were logged and displayed despite containing sensitive information. For the full list of affected modules, refer to the changelog linked below. OBS-URL: https://build.opensuse.org/request/show/873716 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=202- Update to 2.9.23, bug-fix release with security fix: * templating engine fix for not preserving unsafe status when trying to preserve newlines. CVE-2021-3583 OBS-URL: https://build.opensuse.org/request/show/901352 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=209- update to 2.9.27 (jsc#SLE-23631) (jsc#SLE-24133) * bsc#1187725 CVE-2021-3620 ansible-connection module discloses sensitive info in traceback error message (in 2.9.27) * bsc#1188061 CVE-2021-3583 Template Injection through yaml multi-line strings with ansible facts used in template. (in 2.9.23) * bsc#1176460 gh#ansible/ansible#72094 ansible module nmcli is broken in ansible 2.9.13 (in 2.9.15) * CVE-2021-3447 (bsc#1183684) multiple modules expose secured values OBS-URL: https://build.opensuse.org/request/show/992049 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=216Pull request closed