868 lines
42 KiB
Plaintext
868 lines
42 KiB
Plaintext
-------------------------------------------------------------------
|
|
Mon Jan 16 18:11:04 UTC 2017 - michael@stroeder.com
|
|
|
|
- update to 2.2.1.0 (final)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 11 22:46:47 UTC 2017 - boris@steki.net
|
|
|
|
- security update to rc4 of 2.2.1.0 version
|
|
CVE-2016-9587, CVE-2016-8628 and CVE-2016-8614
|
|
for full list of changes see
|
|
/usr/share/doc/packages/ansible/CHANGELOG.md
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Oct 17 18:11:08 UTC 2016 - michael@stroeder.com
|
|
|
|
- update to 2.2.0.0
|
|
(see /usr/share/doc/packages/ansible/CHANGELOG.md for details)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 15 16:20:44 UTC 2016 - michael@stroeder.com
|
|
|
|
- update to 2.1.2.0
|
|
(see /usr/share/doc/packages/ansible/CHANGELOG.md for details)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 28 06:25:44 UTC 2016 - michael@stroeder.com
|
|
|
|
- update to 2.1.1.0
|
|
(see /usr/share/doc/packages/ansible/CHANGELOG.md for details)
|
|
- changed download link to https://releases.ansible.com
|
|
|
|
-------------------------------------------------------------------
|
|
Sun May 29 18:51:07 UTC 2016 - michael@stroeder.com
|
|
|
|
- update to 2.1.0.0
|
|
(see /usr/share/doc/packages/ansible/CHANGELOG.md for details)
|
|
- on SuSE platforms recommend package python-dnspython for
|
|
DNS lookups in playbooks
|
|
|
|
-------------------------------------------------------------------
|
|
Sat May 7 18:12:52 UTC 2016 - michael@stroeder.com
|
|
|
|
- update to 2.0.2.0:
|
|
* Backport of the 2.1 feature to ensure per-item callbacks are sent as they occur,
|
|
rather than all at once at the end of the task.
|
|
* Fixed bugs related to the iteration of tasks when certain combinations of roles,
|
|
blocks, and includes were used, especially when handling errors in rescue/always
|
|
portions of blocks.
|
|
* Fixed handling of redirects in our helper code, and ported the uri module to use
|
|
this helper code. This removes the httplib dependency for this module while fixing
|
|
some bugs related to redirects and SSL certs.
|
|
* Fixed some bugs related to the incorrect creation of extra temp directories for
|
|
uploading files, which were not cleaned up properly.
|
|
* Improved error reporting in certain situations, to provide more information such as
|
|
the playbook file/line.
|
|
* Fixed a bug related to the variable precedence of role parameters, especially when
|
|
a role may be used both as a dependency of a role and directly by itself within the
|
|
same play.
|
|
* Fixed some bugs in the 2.0 implementation of do/until.
|
|
* Fixed some bugs related to run_once:
|
|
- Ensure that all hosts are marked as failed if a task marked as run_once fails.
|
|
- Show a warning when using the free strategy when a run_once task is encountered, as
|
|
there is no way for the free strategy to guarantee the task is not run more than once.
|
|
* Fixed a bug where the assemble module was not honoring check mode in some situations.
|
|
* Fixed a bug related to delegate_to, where we were incorrectly using variables from
|
|
the inventory host rather than the delegated-to host.
|
|
* The 'package' meta-module now properly squashes items down to a single execution (as the
|
|
apt/yum/other package modules do).
|
|
* Fixed a bug related to the ansible-galaxy CLI command dealing with paged results from
|
|
the Galaxy server.
|
|
* Pipelining support is now available for the local and jail connection plugins, which is
|
|
useful for users who do not wish to have temp files/directories created when running
|
|
tasks with these connection types.
|
|
* Improvements in support for additional shell types.
|
|
* Improvements in the code which is used to calculate checksums for remote files.
|
|
* Some speed ups and bug fixes related to the variable merging code.
|
|
* Workaround bug in python subprocess on El Capitan that was making vault fail
|
|
when attempting to encrypt a file
|
|
* Fix lxc_container module having predictable temp file names and setting file
|
|
permissions on the temporary file too leniently on a temporary file that was
|
|
executed as a script. Addresses CVE-2016-3096
|
|
* Fix a bug in the uri module where setting headers via module params that
|
|
start with HEADER_ were causing a traceback.
|
|
* Fix bug in the free strategy that was causing it to synchronize its workers
|
|
after every task (making it a lot more like linear than it should have been).
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Mar 9 14:37:43 UTC 2016 - lars@linux-schulserver.de
|
|
|
|
- update to 2.0.1.0:
|
|
* Fixes a major compatibility break in the synchronize module shipped
|
|
with 2.0.0.x. That version of synchronize ran sudo on the controller
|
|
prior to running rsync. In 1.9.x and previous, sudo was run on the
|
|
host that rsync connected to. 2.0.1 restores the 1.9.x behaviour.
|
|
* Additionally, several other problems with where synchronize chose
|
|
to run when combined with delegate_to were fixed. In particular, if
|
|
a playbook targetted localhost and then delegated_to a remote host
|
|
the prior behavior (in 1.9.x and 2.0.0.x) was to copy files between
|
|
the src and destination directories on the delegated host. This has
|
|
now been fixed to copy between localhost and the delegated host.
|
|
* Fix a regression where synchronize was unable to deal with unicode paths.
|
|
* Fix a regression where synchronize deals with inventory hosts that
|
|
use localhost but with an alternate port.
|
|
* Fixes a regression where the retry files feature was not implemented.
|
|
* Fixes a regression where the any_errors_fatal option was implemented
|
|
in 2.0 incorrectly, and also adds a feature where any_errors_fatal
|
|
can be set at the block level.
|
|
* Fix tracebacks when playbooks or ansible itself were located in
|
|
directories with unicode characters.
|
|
* Fix bug when sending unicode characters to an external pager
|
|
for display.
|
|
* Fix a bug with squashing loops for special modules (mostly package
|
|
managers). The optimization was squashing when the loop did not
|
|
apply to the selection of packages. This has now been fixed.
|
|
* Temp files created when using vault are now "shredded" using the
|
|
unix shred program which overwrites the file with random data.
|
|
* Some fixes to cloudstack modules for case sensitivity
|
|
* Fix non-newstyle modules (non-python modules and old-style modules)
|
|
to disabled pipelining.
|
|
* Fix fetch module failing even if fail_on_missing is set to False
|
|
* Fix for cornercase when local connections, sudo, and raw were
|
|
used together.
|
|
* Fix dnf module to remove dependent packages when state=absent is
|
|
specified. This was a feature of the 1.9.x version that was left
|
|
out by mistake when the module was rewritten for 2.0.
|
|
* Fix bugs with non-english locales in yum, git, and apt modules
|
|
* Fix a bug with the dnf module where state=latest could only
|
|
upgrade, not install.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Feb 15 13:23:26 UTC 2016 - eshmarnev@suse.com
|
|
|
|
- fix_zypper_errorhandling.patch is being deleted
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 11 10:44:40 UTC 2016 - erwin.vandevelde@gmail.com
|
|
|
|
- update to 2.0.0.2
|
|
Version 2.0 is a new major version with a lot of changes, among which:
|
|
+ New modules for cloud-based services and many more
|
|
+ The new block/rescue/always directives allow for making task blocks and exception-like semantics
|
|
+ Many API changes
|
|
- more info at:
|
|
https://github.com/ansible/ansible/blob/devel/CHANGELOG.md#20-over-the-hills-and-far-away
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Oct 11 16:11:02 UTC 2015 - lars@linux-schulserver.de
|
|
|
|
- build again on SLE-11-SP4 by ignoring some dependencies that are
|
|
not available in the official OBS repository: python-paramiko,
|
|
python-Jinja2, python-PyYAML, python-pycrypto
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Oct 10 12:10:59 UTC 2015 - lars@linux-schulserver.de
|
|
|
|
- update to 1.9.4
|
|
This release addresses several bugs, most notably those related to
|
|
the yum module (introduced in 1.9.3):
|
|
+ Fixes a bug where yum state=latest would error if there were no
|
|
updates to install.
|
|
+ Fixes a bug where yum state=latest did not work with wildcard
|
|
package names.
|
|
+ Fixes a bug in lineinfile relating to escape sequences.
|
|
+ Fixes a bug where vars_prompt was not keeping passwords private
|
|
by default.
|
|
+ Fix ansible-galaxy and the hipchat callback plugin to check that
|
|
the host it is contacting matches its TLS Certificate.
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Sep 26 14:01:30 UTC 2015 - m0ses@samaxi.de
|
|
|
|
- Added fix_zypper_errorhandling.patch as it`s have not been accepted
|
|
upstream, in lack of an reviewer. See patch for more comments
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Sep 11 16:10:12 UTC 2015 - robin.roth@kit.edu
|
|
|
|
- update to 1.9.3:
|
|
- Fixes a bug related to keyczar messing up encodings internally, resulting in decrypted
|
|
messages coming out as empty strings.
|
|
- AES Keys generated for use in accelerated mode are now 256-bit by default instead of 128.
|
|
- Fix url fetching for SNI with python-2.7.9 or greater. SNI does not work
|
|
with python < 2.7.9. The best workaround is probably to use the command
|
|
module with curl or wget.
|
|
- Fix url fetching to allow tls-1.1 and tls-1.2 if the system's openssl library
|
|
supports those protocols
|
|
- Fix ec2_ami_search module to check TLS Certificates
|
|
- Fix the following extras modules to check TLS Certificates:
|
|
- campfire
|
|
- layman
|
|
- librarto_annotate
|
|
- twilio
|
|
- typetalk
|
|
- Fix docker module's parsing of docker-py version for dev checkouts
|
|
- Fix docker module to work with docker server api 1.19
|
|
- Change yum module's state=latest feature to update all packages specified in
|
|
a single transaction. This is the same type of fix as was made for yum's
|
|
state=installed in 1.9.2 and both solves the same problems and with the same caveats.
|
|
- Fixed a bug where stdout from a module might be blank when there were were non-printable
|
|
ASCII characters contained within it
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jul 15 09:17:54 UTC 2015 - lars@linux-schulserver.de
|
|
|
|
- update to 1.9.2:
|
|
- Security fixes to check that hostnames match certificates with
|
|
https urls (CVE-2015-3908; bnc #938161):
|
|
+ get_url and uri modules
|
|
+ url and etcd lookup plugins
|
|
- Security fixes to the zone (Solaris containers), jail (bsd
|
|
containers), and chroot connection plugins. These plugins can be
|
|
used to connect to their respective container types in leiu of the
|
|
standard ssh connection. Prior to this fix being applied these
|
|
connection plugins didn't properly handle symlinks within the containers
|
|
which could lead to files intended to be written to or read from the
|
|
container being written to or read from the host system instead. (CVE
|
|
pending)
|
|
- Fixed a bug in the service module where init scripts were being
|
|
incorrectly used instead of upstart/systemd.
|
|
- Fixed a bug where sudo/su settings were not inherited from
|
|
ansible.cfg correctly.
|
|
- Fixed a bug in the rds module where a traceback may occur due to an
|
|
unbound variable.
|
|
- Fixed a bug where certain remote file systems where the SELinux
|
|
context was not being properly set.
|
|
- Re-enabled several windows modules which had been partially merged
|
|
(via action plugins):
|
|
+ win_copy.ps1
|
|
+ win_copy.py
|
|
+ win_file.ps1
|
|
+ win_file.py
|
|
+ win_template.py
|
|
- Fix bug using with_sequence and a count that is zero. Also allows
|
|
counting backwards isntead of forwards
|
|
- Fix get_url module bug preventing use of custom ports with https
|
|
urls
|
|
- Fix bug disabling repositories in the yum module.
|
|
- Fix giving yum module a url to install a package from on
|
|
RHEL/CENTOS5
|
|
- Fix bug in dnf module preventing it from working when yum-utils was
|
|
not already installed
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Apr 28 19:03:01 UTC 2015 - boris@steki.net
|
|
|
|
- updated to version 1.9.1
|
|
* Fixed a bug related to Kerberos auth when using winrm with a domain account.
|
|
* Fixing several bugs in the s3 module.
|
|
* Fixed a bug with upstart service detection in the service module.
|
|
* Fixed several bugs with the user module when used on OSX.
|
|
* Fixed unicode handling in some module situations (assert and shell/command execution).
|
|
* Fixed a bug in redhat_subscription when using the activationkey parameter.
|
|
* Fixed a traceback in the gce module on EL6 distros when multiple pycrypto installations are available.
|
|
* Added support for PostgreSQL 9.4 in rds_param_group
|
|
* Several other minor fixes.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 30 22:45:57 UTC 2015 - boris@steki.net
|
|
|
|
- updated to version 1.9.0.1
|
|
* Added kerberos support to winrm connection plugin.
|
|
* Tags rehaul: added 'all', 'always', 'untagged' and 'tagged' special
|
|
tags and normalized tag resolution. Added tag information to
|
|
--list-tasks and new --list-tags option.
|
|
* Privilege Escalation generalization, new 'Become' system and variables
|
|
now will handle existing and new methods. Sudo and su have been kept
|
|
for backwards compatibility. New methods pbrun and pfexec in 'alpha'
|
|
state, planned adding 'runas' for winrm connection plugin.
|
|
* Improved ssh connection error reporting, now you get back the specific
|
|
message from ssh.
|
|
* Added facility to document task module return values for registered
|
|
vars, both for ansible-doc and the docsite. Documented copy, stats and
|
|
acl modules, the rest must be updated individually (we will start doing
|
|
so incrementally).
|
|
* Optimize the plugin loader to cache available plugins much more
|
|
efficiently. For some use cases this can lead to dramatic improvements
|
|
in startup time.
|
|
* Overhaul of the checksum system, now supports more systems and more
|
|
cases more reliably and uniformly.
|
|
* Fix skipped tasks to not display their parameters if no_log is specified.
|
|
* Many fixes to unicode support, standarized functions to make it easier
|
|
to add to input/output boundries.
|
|
* Added travis integration to github for basic tests, this should speed
|
|
up ticket triage and merging.
|
|
* environment: directive now can also be applied to play and is
|
|
inhertited by tasks, which can still override it.
|
|
* expanded facts and OS/distribution support for existing facts and
|
|
improved performance with pypy.
|
|
* new 'wantlist' option to lookups allows for selecting a list typed
|
|
variable vs a command delimited string as the return.
|
|
* the shared module code for file backups now uses a timestamp resolution
|
|
of seconds (previouslly minutes).
|
|
* allow for empty inventories, this is now a warning and not an error
|
|
(for those using localhost and cloud modules).
|
|
* sped up YAML parsing in ansible by up to 25% by switching to CParser loader.
|
|
- more info at:
|
|
https://github.com/ansible/ansible/blob/devel/CHANGELOG.md#19-dancing-in-the-street---mar-25-2015
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Feb 23 11:46:55 UTC 2015 - boris@steki.net
|
|
|
|
- updated to version 1.8.4 from 1.8.2
|
|
* Fixed regressions in ec2 and mount modules, introduced in 1.8.3
|
|
* Fixing a security bug related to the default permissions set on a
|
|
tempoary file created when using "ansible-vault view ".
|
|
* Many bug fixes, for both core code and core modules.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Dec 5 15:11:43 UTC 2014 - boris@steki.net
|
|
|
|
- updated to version 1.8.2 from 1.8.1
|
|
* Windows modules should now be packaged correctly.
|
|
* A bug regarding wildcard grant strings in the mysql_user module has been fixed.
|
|
* Several other bugs regarding the postgresql modules have also been fixed.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Dec 1 18:28:18 UTC 2014 - boris@steki.net
|
|
|
|
- enable build for older RHEL and SLE distributions
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 27 11:17:53 UTC 2014 - boris@steki.net
|
|
|
|
- updated package to latest release ## 1.8.1 "You Really Got Me"
|
|
* Various bug fixes in postgresql and mysql modules.
|
|
* Fixed a bug related to lookup plugins used within roles not
|
|
finding files based on the relative paths to the roles files/ directory.
|
|
* Fixed a bug related to vars specified in plays being templated too early,
|
|
resulting in incorrect variable interpolation.
|
|
* Fixed a bug related to git submodules in bare repos.
|
|
* fact caching support, pluggable, initially supports Redis (DOCS pending)
|
|
* 'serial' size in a rolling update can be specified as a percentage
|
|
* added new Jinja2 filters, 'min' and 'max' that take lists
|
|
* new 'ansible_version' variable available contains a dictionary of version info
|
|
* For ec2 dynamic inventory, ec2.ini can has various new configuration options
|
|
* 'ansible vault view filename.yml' opens filename.yml decrypted in a pager.
|
|
* no_log parameter now surpressess data from callbacks/output as well as syslog
|
|
* ansible-galaxy install -f requirements.yml allows advanced options and installs
|
|
from non-galaxy SCM sources and tarballs.
|
|
* command_warnings feature will warn about when usage of the shell/command module
|
|
can be simplified to use core modules - this can be enabled in ansible.cfg
|
|
* new omit value can be used to leave off a parameter when not set, like so
|
|
module_name: a=1 b={{ c | default(omit) }}, would not pass value for b (not even
|
|
an empty value) if c was not set.
|
|
* developers: 'baby JSON' in module responses, originally intended for writing modules
|
|
in bash, is removed as a feature to simplify logic, script module remains available
|
|
for running bash scripts.
|
|
* async jobs started in "fire & forget" mode can now be checked on at a later time.
|
|
* added ability to subcategorize modules for docs.ansible.com
|
|
* added ability for shipped modules to have aliases with symlinks
|
|
* added ability to deprecate older modules by starting with "_" and
|
|
including "deprecated: message why" in module docs
|
|
|
|
+ New Modules:
|
|
* cloud: rax_cdb - manages Rackspace Cloud Database instances
|
|
* cloud: rax_cdb_database - manages Rackspace Cloud Databases
|
|
* cloud: rax_cdb_user - manages Rackspace Cloud Database users
|
|
* monitoring: zabbix_maintaince - handles outage windows with Zabbix
|
|
* monitoring: bigpanda - support for bigpanda
|
|
* net_infrastructure: a10_server - manages server objects on A10 devices
|
|
* net_infrastructure: a10_service_group - manages service group objects on A10 devices
|
|
* net_infrastructure: a10_virtual_server - manages virtual server objects on A10 devices
|
|
* system: getent - read getent databases
|
|
|
|
+ Some other notable changes:
|
|
* added the ability to set "instance filters" in the ec2.ini to limit results
|
|
from the inventory plugin.
|
|
* upgrades for various variable precedence items and parsing related items
|
|
* added a new "follow" parameter to the file and copy modules, which allows
|
|
actions to be taken on the target of a symlink rather than the symlink itself.
|
|
* if a module should ever traceback, it will return a standard error, catchable
|
|
by ignore_errors, versus an 'unreachable'
|
|
* ec2_lc: added support for multiple new parameters like kernel_id, ramdisk_id and ebs_optimized.
|
|
* ec2_elb_lb: added support for the connection_draining_timeout and cross_az_load_balancing options.
|
|
* support for symbolic representations (ie. u+rw) for file permission modes (file/copy/template modules etc.).
|
|
* docker: Added support for specifying the net type of the container.
|
|
* docker: support for specifying read-only volumes.
|
|
* docker: support for specifying the API version to use for the remote connection.
|
|
* openstack modules: various improvements
|
|
* irc: ssl support for the notification module
|
|
* npm: fix flags passed to package installation
|
|
* windows: improved error handling
|
|
* setup: additional facts on System Z
|
|
* apt_repository: certificate validation can be disabled if requested
|
|
* pagerduty module: misc improvements
|
|
* ec2_lc: public_ip boolean configurable in launch configurations
|
|
* ec2_asg: fixes related to proper termination of an autoscaling group
|
|
* win_setup: total memory fact correction
|
|
* ec2_vol: ability to list existing volumes
|
|
* ec2: can set optimized flag
|
|
* various parser improvements
|
|
* produce a friendly error message if the SSH key is too permissive
|
|
* ec2_ami_search: support for SSD and IOPS provisioned EBS images
|
|
* can set ansible_sudo_exe as an inventory variable which allows specifying
|
|
a different sudo (or equivalent) command
|
|
* git module: Submodule handling has changed. Previously if you used the
|
|
"recursive" parameter to handle submodules, ansible would track the
|
|
submodule upstream's head revision. This has been changed to checkout the
|
|
version of the submodule specified in the superproject's git repository.
|
|
This is inline with what git submodule update does. If you want the old
|
|
behaviour use the new module parameter track_submodules=yes
|
|
* Checksumming of transferred files has been made more portable and now uses
|
|
the sha1 algorithm instead of md5 to be compatible with FIPS-140.
|
|
+ As a small side effect, the fetch module no longer returns a useful value
|
|
in remote_md5. If you need a replacement, switch to using remote_checksum
|
|
which returns the sha1sum of the remote file.
|
|
* ansible-doc CLI tool contains various improvements for working with different terminals
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Oct 27 09:16:52 UTC 2014 - kgronlund@suse.com
|
|
- update to 1.7.2:
|
|
- Fixes a bug in accelerate mode which caused a traceback when trying to use that connection method.
|
|
- Fixes a bug in vault where the password file option was not being used correctly internally.
|
|
- Improved multi-line parsing when using YAML literal blocks (using > or |).
|
|
- Fixed a bug with the file module and the creation of relative symlinks.
|
|
- Fixed a bug where checkmode was not being honored during the templating of files.
|
|
- Other various bug fixes.
|
|
- Switch to xz for source package
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Sep 10 12:55:35 UTC 2014 - boris@steki.net
|
|
|
|
- add python-pywinrm to requirements to enable windows hosts automation
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Aug 17 15:21:38 UTC 2014 - lars@linux-schulserver.de
|
|
|
|
- update to 1.7.1:
|
|
Major new features:
|
|
+ Windows support (alpha) using native PowerShell remoting
|
|
+ Tasks can now specify run_once: true, meaning they will be executed
|
|
exactly once. This can be combined with delegate_to to trigger actions
|
|
you want done just the one time versus for every host in inventory.
|
|
|
|
New Modules:
|
|
+ cloud: azure
|
|
+ cloud: rax_meta
|
|
+ cloud: rax_scaling_group
|
|
+ cloud: rax_scaling_policy
|
|
+ windows: version of setup module
|
|
+ windows: version of slurp module
|
|
+ windows: win_feature
|
|
+ windows: win_get_url
|
|
+ windows: win_msi
|
|
+ windows: win_ping
|
|
+ windows: win_user
|
|
+ windows: win_service
|
|
+ windows: win_group
|
|
|
|
New inventory scripts:
|
|
+ SoftLayer
|
|
+ Windows Azure
|
|
|
|
Docker module bug fixes:
|
|
+ Fixed support for specifying rw/ro bind modes for volumes
|
|
+ Fixed support for allowing the tag in the image parameter
|
|
|
|
Other notable changes:
|
|
+ Performance enhancements related to previous security fixes, which
|
|
could cause slowness when modules returned very large JSON results.
|
|
This specifically impacted the unarchive module frequently, which
|
|
returns the details of all unarchived files in the result.
|
|
+ Inventory speed improvements for very large inventories.
|
|
+ Vault password files can now be executable, to support scripts
|
|
that fetch the vault password.
|
|
+ Fixes an issue with the copy module when copying a directory that
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 15 15:25:04 UTC 2014 - boris@steki.net
|
|
|
|
- updated to upstream version 1.7.1
|
|
* Security fix to disallow specifying 'args:' as a string,
|
|
which could allow the insertion of extra module parameters through variables.
|
|
* Performance enhancements related to previous security fixes,
|
|
which could cause slowness when modules returned very large JSON results.
|
|
This specifically impacted the unarchive module frequently, which returns
|
|
the details of all unarchived files in the result.
|
|
* Docker module bug fixes:
|
|
+ Fixed support for specifying rw/ro bind modes for volumes
|
|
+ Fixed support for allowing the tag in the image parameter
|
|
* Major new features:
|
|
+ Windows support (alpha) using native PowerShell remoting
|
|
+ Tasks can now specify `run_once: true`, meaning they will
|
|
be executed exactly once. This can be combined with delegate_to
|
|
to trigger actions you want done just the one time versus for
|
|
every host in inventory.
|
|
* Inventory speed improvements for very large inventories.
|
|
* Vault password files can now be executable, to support
|
|
scripts that fetch the vault password.
|
|
|
|
* Fixes an issue with the copy module when copying a directory that
|
|
fails when changing file attributes and the target file already exists
|
|
+ Improved unicode handling when splitting args
|
|
|
|
+ Further improvements to module parameter parsing to address
|
|
additional regressions caused by security fixes
|
|
+ Corrects a regression in the way shell and command parameters
|
|
were being parsed
|
|
+ Various other bug fixes
|
|
|
|
Security fixes:
|
|
+ Security fix to disallow specifying 'args:' as a string, which could
|
|
allow the insertion of extra module parameters through variables.
|
|
+ Strip lookup calls out of inventory variables and clean unsafe
|
|
data returned from lookup plugins (CVE-2014-4966)
|
|
+ Make sure vars don't insert extra parameters into module args and
|
|
prevent duplicate params from superseding previous params (CVE-2014-4967)
|
|
- adapt specfile requirements for RedHat and Fedora
|
|
|
|
- fixed zypper and zypper_repository modules to support SLE 10
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jul 10 12:53:16 UTC 2014 - lars@linux-schulserver.de
|
|
|
|
- update to 1.6.6:
|
|
* Security updates to further protect against the incorrect
|
|
execution of untrusted data
|
|
* Additional tweaks to prevent the incorrect execution of
|
|
untrusted data
|
|
* Security update to prevent local operations from executing as
|
|
the result of specifically crafted untrusted data
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jun 19 07:28:24 UTC 2014 - lars@linux-schulserver.de
|
|
|
|
- update to 1.6.3:
|
|
* The deprecated legacy variable templating system has been
|
|
finally removed. Use {{ foo }} always not $foo or ${foo}.
|
|
* Any data file can also be JSON. Use sparingly -- with great power
|
|
comes great responsibility. Starting file with "{" or "[" denotes JSON.
|
|
* Added 'gathering' param for ansible.cfg to change the default
|
|
gather_facts policy.
|
|
* Accelerate improvements:
|
|
+ multiple users can connect with different keys, when
|
|
accelerate_multi_key = yes is specified in the ansible.cfg.
|
|
+ daemon lifetime is now based on the time from the last activity,
|
|
not the time from the daemon's launch.
|
|
* ansible-playbook now accepts --force-handlers to run handlers
|
|
even if tasks result in failures.
|
|
* Added VMWare support with the vsphere_guest module.
|
|
* many new modules and ther notable changes, please read
|
|
/usr/share/doc/packages/ansible/CHANGELOG.md for details
|
|
- use new upstream URL(s)
|
|
- require python-httplib2 and python-setuptools
|
|
- ignore "wrong" permissions of synchronize.py
|
|
- ignore rpmlint warning about requiring python-httplib2 explicitely
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 20 23:24:56 UTC 2014 - lars@linux-schulserver.de
|
|
|
|
- update to 1.5.3:
|
|
* Fixes to the git module related to host key checking
|
|
* Force command action to not be executed by the shell unless
|
|
specifically enabled.
|
|
* Validate SSL certs accessed through urllib*.
|
|
* Implement new default cipher class AES256 in ansible-vault.
|
|
* Misc bug fixes.
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Mar 8 11:08:25 UTC 2014 - lars@linux-schulserver.de
|
|
|
|
- update to 1.5:
|
|
Major features/changes:
|
|
* when_foo which was previously deprecated is now removed, use
|
|
"when:" instead. Code generates appropriate error suggestion.
|
|
* include + with_items which was previously deprecated is now
|
|
removed, ditto. Use with_nested / with_together, etc.
|
|
* only_if, which is much older than when_foo and was deprecated,
|
|
is similarly removed.
|
|
* ssh connection plugin is now more efficient if you add
|
|
'pipelining=True' in ansible.cfg under [ssh_connection],
|
|
see example.cfg
|
|
* localhost/127.0.0.1 is not required to be in inventory if
|
|
referenced, if not in inventory, it does not implicitly appear
|
|
in the 'all' group.
|
|
* git module has new parameters (accept_hostkey, key_file, ssh_opts)
|
|
to ease the usage of git and ssh protocols.
|
|
* when using accelerate mode, the daemon will now be restarted
|
|
when specifying a different remote_user between plays.
|
|
* added no_log: option for tasks. When used, no logging information
|
|
will be sent to syslog during the module execution.
|
|
* acl module now handles 'default' and allows for either shorthand
|
|
entry or specific fields per entry section
|
|
* play_hosts is a new magic variable to provide a list of hosts
|
|
in scope for the current play.
|
|
* ec2 module now accepts 'exact_count' and 'count_tag' as a way to
|
|
enforce a running number of nodes by tags.
|
|
* all ec2 modules that work with Eucalyptus also now support a
|
|
'validate_certs' option, which can be set to 'off' for installations
|
|
using self-signed certs.
|
|
* Start of new integration test infrastructure (WIP)
|
|
* if repoquery is unavailble, the yum module will automatically
|
|
attempt to install yum-utils
|
|
* ansible-vault: a framework for encrypting your playbooks
|
|
and variable files
|
|
|
|
Other notable changes (many new module params & bugfixes may not not listed):
|
|
* no_reboot is now defaulted to "no" in the ec2_ami module to ensure
|
|
filesystem consistency in the resulting AMI.
|
|
* sysctl module overhauled
|
|
* authorized_key module overhauled
|
|
* synchronized module now handles local transport better
|
|
* apt_key module now ignores case on keys
|
|
* zypper_repository now skips on check mode
|
|
* file module now responds to force behavior when dealing with hardlinks
|
|
* new lookup plugin 'csvfile'
|
|
* fixes to allow hash_merge behavior to work with dynamic inventory
|
|
* mysql module will use port argument on dump/import
|
|
* subversion module now ignores locale to better intercept status messages
|
|
* rax api_key argument is no longer logged
|
|
* backwards/forwards compatibility for OpenStack modules, 'quantum'
|
|
modules grok neutron renaming
|
|
* hosts properly uniqueified if appearing in redundant groups
|
|
* hostname module support added for ScientificLinux
|
|
* ansible-pull can now show live stdout and pass verbosity levels
|
|
to ansible-playbook
|
|
* ec2 instances can now be stopped or started
|
|
* additional volumes can be created when creating new ec2 instances
|
|
* user module can move a home directory
|
|
* significant enhancement and cleanup of rackspace modules
|
|
* ansible_ssh_private_key_file can be templated
|
|
* docker module updated to support docker-py 0.3.0
|
|
* various other bug fixes
|
|
* md5 logic improved during sudo operation
|
|
* support for ed25519 keys in authorized_key module
|
|
* ability to set directory permissions during a recursive copy
|
|
(directory_mode parameter)
|
|
* update docker module, support for using docker python
|
|
library 0.3.0
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 27 17:39:07 UTC 2014 - lars@linux-schulserver.de
|
|
|
|
- update to 1.4.5:
|
|
+ fixed issue with permissions being incorrect on
|
|
fireball/accelerate keys when the umask setting was too loose.
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Jan 19 03:12:17 UTC 2014 - lars@linux-schulserver.de
|
|
|
|
- update to 1.4.4:
|
|
+ Fixed issue with newer versions of pip not having --use-mirrors
|
|
+ Fixed role_path parsing from ansible.cfg
|
|
+ Fixed default role templates
|
|
+ Fixed a few bugs related to unicode
|
|
+ Fixed errors in the ssh connection method with large data returns
|
|
+ Miscellaneous fixes for a few modules
|
|
+ Add the ansible-galaxy command
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Dec 16 21:28:31 UTC 2013 - lars@linux-schulserver.de
|
|
|
|
- update to 1.4.1:
|
|
* Misc fix updates
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 28 13:54:02 UTC 2013 - kgronlund@suse.com
|
|
|
|
- Update to release 1.4
|
|
|
|
- Highlighted new features:
|
|
|
|
+ Added do-until feature, which can be used to retry a failed task a
|
|
specified number of times with a delay in-between the retries.
|
|
+ Added failed_when option for tasks, which can be used to specify
|
|
logical statements that make it easier to determine when a task has
|
|
failed, or to make it easier to ignore certain non-zero return
|
|
codes for some commands.
|
|
+ Added the "subelement" lookup plugin, which allows iteration of the
|
|
keys of a dictionary or items in a list.
|
|
+ Added the capability to use either paramiko or ssh for the inital
|
|
setup connection of an accelerated playbook.
|
|
+ Automatically provide advice on common parser errors users
|
|
encounter.
|
|
+ Deprecation warnings are now shown for legacy features:
|
|
when_integer/etc, only_if, include+with_items, etc. Can be disabled
|
|
in ansible.cfg
|
|
+ The system will now provide helpful tips around possible YAML
|
|
syntax errors increasing ease of use for new users.
|
|
+ warnings are now shown for using {{ foo }} in loops and
|
|
conditionals, and suggest leaving the variable expressions bare as
|
|
per docs.
|
|
+ The roles search path is now configurable in
|
|
ansible.cfg. 'roles_path' in the config setting.
|
|
+ Includes with parameters can now be done like roles for
|
|
consistency: - { include: song.yml, year:1984, song:'jump' }
|
|
+ The name of each role is now shown before each task if roles are
|
|
being used
|
|
+ Adds a "var=" option to the debug module for debugging variable
|
|
data. "debug: var=hostvars['hostname']" and "debug: var=foo" are
|
|
all valid syntax.
|
|
+ Variables in {{ format }} can be used as references even if they
|
|
are structured data
|
|
+ Can force binding of accelerate to ipv6 ports.
|
|
+ the apt module will auto-install python-apt if not present rather
|
|
than requiring a manual installation
|
|
+ the copy module is now recursive if the local 'src' parameter is a
|
|
directory.
|
|
+ syntax checks now scan included task and variable files as well as
|
|
main files
|
|
|
|
- New modules and plugins:
|
|
|
|
+ cloud: ec2_eip -- manage AWS elastic IPs
|
|
+ cloud: ec2_vpc -- manage ec2 virtual private clouds
|
|
+ cloud: elasticcache -- Manages clusters in Amazon Elasticache
|
|
+ cloud: rax_network -- sets up Rackspace networks
|
|
+ cloud: rax_facts: retrieve facts about a Rackspace Cloud Server
|
|
+ cloud: rax_clb_nodes -- manage Rackspace cloud load balanced nodes
|
|
+ cloud: rax_clb -- manages Rackspace cloud load balancers
|
|
+ cloud: docker - instantiates/removes/manages docker containers
|
|
+ cloud: ovirt -- VM lifecycle controls for ovirt
|
|
+ files: acl -- set or get acls on a file
|
|
+ files: unarchive: pushes and extracts tarballs
|
|
+ files: synchronize: a useful wraper around rsyncing trees of files
|
|
+ system: firewalld -- manage the firewalld configuration
|
|
+ system: modprobe -- manage kernel modules on systems that support
|
|
modprobe/rmmod
|
|
+ system: open_iscsi -- manage targets on an initiator using
|
|
open-iscsi
|
|
+ system: blacklist: add or remove modules from the kernel blacklist
|
|
+ system: hostname - sets the systems hostname
|
|
+ utilities: include_vars -- dynamically load variables based on
|
|
conditions.
|
|
+ packaging: zypper_repository - adds or removes Zypper repositories
|
|
+ packaging: urpmi - work with urpmi packages
|
|
+ packaging: swdepot - a module for working with swdepot
|
|
+ notification: grove - notifies to Grove hosted IRC channels
|
|
+ web_infrastructure: ejabberd_user: add and remove users to ejabberd
|
|
+ web_infrastructure: jboss: deploys or undeploys apps to jboss
|
|
+ source_control: github_hooks: manages GitHub service hooks
|
|
+ net_infrastructure: bigip_monitor_http: manages F5 BIG-IP LTM http
|
|
monitors
|
|
+ net_infrastructure: bigip_monitor_tcp: manages F5 BIG-IP LTM TCP
|
|
monitors
|
|
+ net_infrastructure: bigip_pool_member: manages F5 BIG-IP LTM pool
|
|
members
|
|
+ net_infrastructure: bigip_node: manages F5 BIG-IP LTM nodes
|
|
+ net_infrastructure: openvswitch_port
|
|
+ net_infrastructure: openvswitch_bridge
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Nov 1 15:09:48 UTC 2013 - kgronlund@suse.com
|
|
|
|
- Updated .spec file:
|
|
|
|
+ Remove deprecated fireball and node-fireball packages
|
|
+ Add dependency on python-keyczar
|
|
+ Add recommends for sshpass
|
|
+ Fix support for RHEL
|
|
+ Correct upstream URL
|
|
+ Use upstream release package for 1.3.4
|
|
+ Re-add CHANGELOG.md
|
|
+ Re-added man3 man pages
|
|
+ Updated short description to match upstream description
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 31 17:26:44 UTC 2013 - lars@linux-schulserver.de
|
|
|
|
- update to 1.3.4:
|
|
Highlighted new features:
|
|
+ accelerated mode: An enhanced fireball mode that requires zero
|
|
bootstrapping and fewer requirements plus adds capabilities
|
|
like sudo commands.
|
|
+ role defaults: Allows roles to define a set of variables at the
|
|
lowest priority. These variables can be overridden by any
|
|
other variable.
|
|
+ new /etc/ansible/facts.d allows JSON or INI-style facts to be
|
|
provided from the remote node, and supports executable fact
|
|
programs in this dir. Files must end in *.fact.
|
|
+ added the ability to make undefined template variables raise
|
|
errors (see ansible.cfg)
|
|
+ (DOCS PENDING) sudo: True/False and sudo_user: True/False can be
|
|
set at include and role level
|
|
+ added changed_when: (expression) which allows overriding whether
|
|
a result is changed or not and can work with registered expressions
|
|
+ --extra-vars can now take a file as input, e.g., "-e @filename"
|
|
and can also be formatted as YAML
|
|
+ external inventory scripts may now return host variables in one
|
|
pass, which allows them to be much more efficient for large
|
|
numbers of hosts
|
|
+ if --forks exceeds the numbers of hosts, it will be automatically
|
|
reduced. Set forks to 0 and you get "as many forks as I have
|
|
hosts" out of the box.
|
|
+ enabled error_on_undefined_vars by default, which will make
|
|
errors in playbooks more obvious
|
|
+ role dependencies -- one role can now pull in another, with
|
|
parameters of its own.
|
|
+ added the ability to have tasks execute even during a check
|
|
run (always_run).
|
|
+ added the ability to set the maximum failure percentage for a
|
|
group of hosts.
|
|
...and a lot more information can be found at
|
|
/usr/share/doc/packages/ansible/CHANGELOG.md
|
|
- removed man3 man pages
|
|
- removed separate CHANGELOG.md source - now in upstream tarball
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Jun 30 20:05:47 UTC 2013 - lars@linux-schulserver.de
|
|
|
|
- update to 1.2:
|
|
+ new feature: roles
|
|
+ massively improved variable support and conditionals
|
|
+ Pre and Post tasks provide greater controls to make rolling
|
|
updates even smoother
|
|
+ added 32 new modules:
|
|
++ including a openSUSE package management module
|
|
++ added team chat notification modules for Flowdock, Hipchat,
|
|
Campfire, IRC, and more
|
|
++ added monitoring modules to interact with New Relic, Airbrake,
|
|
Pingdom, Pagerduty and Monit
|
|
- added CHANGELOG.md to /usr/share/doc/packages/ansible/ to have
|
|
the complete changelog at hand
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Apr 25 08:01:24 UTC 2013 - lars@linux-schulserver.de
|
|
|
|
- require python-pyzmq on (open)SUSE
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Apr 18 07:42:43 UTC 2013 - lars@linux-schulserver.de
|
|
|
|
- fix build on other distributions than openSUSE
|
|
- License in SPDX format
|
|
- added rpmlintrc
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Apr 17 11:04:04 UTC 2013 - lars@linux-schulserver.de
|
|
|
|
- update to 1.1:
|
|
+ stderr shown when commands fail to parse
|
|
+ uses yaml.safe_dump in filter plugins
|
|
+ authentication Q&A no longer happens before --syntax-check, but after
|
|
+ ability to get hostvars data for nodes not in the setup cache yet
|
|
+ SSH timeout now correctly passed to native SSH connection plugin
|
|
+ raise an error when multiple when_ statements are provided
|
|
+ --list-hosts applies host limit selections better
|
|
+ (internals) template engine specifications to use template_ds everywhere
|
|
+ better error message when your host file can not be found
|
|
+ end of line comments now work in the inventory file
|
|
+ directory destinations now work better with remote md5 code
|
|
+ lookup plugin macros like $FILE and $ENV now work without
|
|
returning arrays in variable definitions/playbooks
|
|
+ uses yaml.safe_load everywhere
|
|
+ able to add EXAMPLES to documentation via EXAMPLES docstring,
|
|
rather than just in main documentation YAML
|
|
+ can set ANSIBLE_COW_SELECTION to pick other cowsay types (including random)
|
|
+ to_nice_yaml and to_nice_json available as Jinja2 filters that indent and sort
|
|
+ cowsay able to run out of macports (very important!)
|
|
+ improved logging for fireball mode
|
|
+ nicer error message when talking to an older system that needs a
|
|
JSON module installed
|
|
+ 'magic' variable 'inventory_basedir' now gives path to inventory file
|
|
+ 'magic' variable 'vars' works like 'hostvars' but gives global scope
|
|
variables, useful for debugging in templates mostly
|
|
+ conditionals can be used on plugins like add_host
|
|
+ ...and many more...
|
|
- specfile cleanup
|
|
- just recomend python-paramiko as the user can also use openssh
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jan 22 13:47:16 UTC 2013 - julien.tognazzi@gmail.com
|
|
|
|
- Merge changes from upstream
|
|
|