ansible-core 2.15 "Ten Years Gone" Release Notes

Topics

v2.15.11

Release Summary

Release Date: 2024-04-22
Porting Guide

Bugfixes

Fixes permission for cache json file from 600 to 644 (#82683).
allow_duplicates - fix evaluating if the current role allows duplicates instead of using the initial value from the duplicate's cached role.
ansible-test ansible-doc sanity test - do not remove underscores from plugin names in collections before calling ansible-doc (#82574).
dnf5 - replace removed API calls
unarchive modules now uses zipinfo options without relying on implementation defaults, making it more compatible with all OS/distributions.
winrm - Do not raise another exception during cleanup when a task is timed out - #81095

v2.15.10

Release Summary

Release Date: 2024-03-25
Porting Guide

Minor Changes

ansible-test - Add a work-around for permission denied errors when using pytest >= 8 on multi-user systems with an installed version of ansible-test.

Bugfixes

Fix an issue when setting a plugin name from an unsafe source resulted in ValueError: unmarshallable object (#82708)
ansible-test - The libexpat package is automatically upgraded during remote bootstrapping to maintain compatibility with newer Python packages.
winrm - does not hang when attempting to get process output when stdin write failed

v2.15.9

Release Summary

Release Date: 2024-01-29
Porting Guide

Minor Changes

ansible-test - Removed freebsd/12.4 remote.

Security Fixes

ANSIBLE_NO_LOG - Address issue where ANSIBLE_NO_LOG was ignored (CVE-2024-0690)

Bugfixes

ansible-galaxy role import - fix using the role_name in a standalone role's galaxy_info metadata by disabling automatic removal of the ansible-role- prefix. This matches the behavior of the Galaxy UI which also no longer implicitly removes the ansible-role- prefix. Use the --role-name option or add a role_name to the galaxy_info dictionary in the role's meta/main.yml to use an alternate role name.
ansible-test sanity --test runtime-metadata - add action_plugin as a valid field for modules in the schema (#82562).
ansible-config init will now dedupe ini entries from plugins.
ansible-galaxy role install - normalize tarfile paths and symlinks using ansible.utils.path.unfrackpath and consider them valid as long as the realpath is in the tarfile's role directory (#81965).
delegate_to when set to an empty or undefined variable will now give a proper error.
unsafe data - Enable directly using AnsibleUnsafeText with Python pathlib (#82414)

v2.15.8

Release Summary

Release Date: 2023-12-11
Porting Guide

Minor Changes

ansible-test - Add FreeBSD 13.2 remote.
ansible-test - Removed freebsd/13.1 remote.

Bugfixes

unsafe data - Address an incompatibility when iterating or getting a single index from AnsibleUnsafeBytes
unsafe data - Address an incompatibility with AnsibleUnsafeText and AnsibleUnsafeBytes when pickling with protocol=0

v2.15.7

Release Summary

Release Date: 2023-12-04
Porting Guide

Breaking Changes / Porting Guide

assert - Nested templating may result in an inability for the conditional to be evaluated. See the porting guide for more information.

Security Fixes

templating - Address issues where internal templating can cause unsafe variables to lose their unsafe designation (CVE-2023-5764)

Bugfixes

ansible-pull now will expand relative paths for the -d|--directory option is now expanded before use.
flush_handlers - properly handle a handler failure in a nested block when force_handlers is set (http://github.com/ansible/ansible/issues/81532)
module no_log will no longer affect top level booleans, for example no_log_module_parameter='a' will no longer hide changed=False as a 'no log value' (matches 'a').
modules/user.py - Add check for valid directory when creating new user homedir (allows /dev/null as skeleton) (#75063)
role params now have higher precedence than host facts again, matching documentation, this had unintentionally changed in 2.15.
wait_for should not handle 'non mmapable files' again.

v2.15.6

Release Summary

Release Date: 2023-11-06
Porting Guide

Minor Changes

ansible-test - Windows 2012 and 2012-R2 instances are now requested from Azure instead of AWS.

Bugfixes

Fix run_once being incorrectly interpreted on handlers (#81666)
Plugin loader does not dedupe nor cache filter/test plugins by file basename, but full path name.
Properly template tags in parent blocks (#81053)
Restoring the ability of filters/tests can have same file base name but different tests/filters defined inside.
import_role reverts to previous behavior of exporting vars at compile time.
ansible-galaxy - Provide a better error message when using a requirements file with an invalid format - #81901
ansible-inventory - index available_hosts for major performance boost when dumping large inventories
ansible-test - Fix parsing of cgroup entries which contain a : in the path (#81977).

v2.15.5

Release Summary

Release Date: 2023-10-09
Porting Guide

Minor Changes

ansible-galaxy dependency resolution messages have changed the unexplained 'virtual' collection for the specific type ('scm', 'dir', etc) that is more user friendly

Security Fixes

ansible-galaxy - Prevent roles from using symlinks to overwrite files outside of the installation directory (CVE-2023-5115)

Bugfixes

Allow for searching handler subdir for included task via include_role (#81722)
PluginLoader - fix Jinja plugin performance issues (#79652)
ansible.module_utils.service - ensure binary data transmission in daemonize()
ansible.module_utils.service - fix inter-process communication in daemonize()
ansible-galaxy - started allowing the use of pre-releases for collections that do not have any stable versions published. (#81606)
ansible-galaxy - started allowing the use of pre-releases for dependencies on any level of the dependency tree that specifically demand exact pre-release versions of collections and not version ranges. (#81606)
ansible-galaxy error on dependency resolution will not error itself due to 'virtual' collections not having a name/namespace.
ansible-galaxy info - fix reporting no role found when lookup_role_by_name returns None.
role deduplication - don't deduplicate before a role has had a task run for that particular host (#81486).
uri/urls - Add compat function to handle the ability to parse the filename from a Content-Disposition header (#81806)
winrm - Better handle send input failures when communicating with hosts under load

v2.15.4

Release Summary

Release Date: 2023-09-11
Porting Guide

Deprecated Features

vault and unfault filters - the undocumented vaultid parameter is deprecated and will be removed in ansible-core 2.20. Use vault_id instead.

Bugfixes

PowerShell - Remove some code which is no longer valid for dotnet 5+
Prompting - add a short sleep between polling for user input to reduce CPU consumption (#81516).
ansible-galaxy - Enabled the data tarfile filter during role installation for Python versions that support it. A probing mechanism is used to avoid Python versions with a broken implementation.
ansible-test - Always use ansible-test managed entry points for ansible-core CLI tools when not running from source. This fixes issues where CLI entry points created during install are not compatible with ansible-test.
first found lookup has been updated to use the normalized argument parsing (pythonic) matching the documented examples.
handlers - the listen keyword can affect only one handler with the same name, the last one defined as it is a case with the notify keyword (#81013)
include_role - expose variables from parent roles to role's handlers (#80459)
tarfile - handle data filter deprecation warning message for extract and extractall (#80832).
vault and unvault filters now properly take vault_id parameter.

v2.15.3

Release Summary

Release Date: 2023-08-14
Porting Guide

Minor Changes

Removed exclude and recursive-exclude commands for generated files from the MANIFEST.in file. These excludes were unnecessary since releases are expected to be built with a clean worktree.
Removed exclude commands for sanity test files from the MANIFEST.in file. These tests were previously excluded because they did not pass when run from an sdist. However, sanity tests are not expected to pass from an sdist, so excluding some (but not all) of the failing tests makes little sense.
Removed redundant include commands from the MANIFEST.in file. These includes either duplicated default behavior or another command.
The ansible-core sdist no longer contains pre-generated man pages. Instead, a packaging/cli-doc/build.py script is included in the sdist. This script can generate man pages and standalone RST documentation for ansible-core CLI programs.
The docs and examples directories are no longer included in the ansible-core sdist. These directories have been moved to the https://github.com/ansible/ansible-documentation repository.
Use include where recursive-include is unnecessary in the MANIFEST.in file.
ansible-test - Update the logic used to detect when ansible-test is running from source.
ansible-test - Updated the CloudStack test container to version 1.6.1.

Bugfixes

Exclude internal options from man pages and docs.
Fix ansible-config init man page option indentation.
The ansible-config init command now has a documentation description.
The ansible-galaxy collection download command now has a documentation description.
The ansible-galaxy collection install command documentation is now visible (previously hidden by a decorator).
The ansible-galaxy collection verify command now has a documentation description.
The ansible-galaxy role install command documentation is now visible (previously hidden by a decorator).
The ansible-inventory command command now has a documentation description (previously used as the epilog).
Update module_utils.urls unit test to work with cryptography >= 41.0.0.
When generating man pages, use func to find the command function instead of looking it up by the command name.
ansible-galaxy now considers all collection paths when identifying which collection requirements are already installed. Use the COLLECTIONS_PATHS and COLLECTIONS_SCAN_SYS_PATHS config options to modify these. Previously only the install path was considered when resolving the candidates. The install path will remain the only one potentially modified. (#79767, #81163)
ansible-test - Fix several possible tracebacks when using the -e option with sanity tests.
ansible-test - Pre-build a PyYAML wheel before installing requirements to avoid a potential Cython build failure.
ansible-test - Remove redundant warning about missing programs before attempting to execute them.
core will now also look at the connection plugin to force 'local' interpreter for networking path compatibility as just ansible_network_os could be misleading.
man page build - Sub commands of ansible-galaxy role and ansible-galaxy collection are now documented.
password_hash - fix salt format for crypt (only used if passlib is not installed) for the bcrypt algorithm.
urls.py - fixed cert_file and key_file parameters when running on Python 3.12 - #80490

v2.15.2

Release Summary

Release Date: 2023-07-18
Porting Guide

Minor Changes

Utilize gpg check provided internally by the transaction.run method as oppose to calling it manually.
ansible-test - Add Fedora 38 remote.
ansible-test - Use a context manager to perform cleanup at exit instead of using the built-in atexit module.
dnf5 - enable environment groups installation testing in CI as its support was added.
dnf5 - enable now implemented cacheonly functionality

Bugfixes

From issue #80880, when notifying a handler from another handler, handler notifications must be registered immediately as the flush_handler call is not recursive.
ansible-galaxy - Fix issue installing collections containing directories with more than 100 characters on python versions before 3.10.6
paramiko_ssh, psrp, and ssh connection plugins - ensure that all values for options that should be strings are actually converted to strings (#81029).
templating - In the template action and lookup, use local jinja2 environment overlay overrides instead of mutating the templars environment

Known Issues

ansible-test - The Fedora 37 remote is known to occasionally hang during boot. It is no longer routinely tested as a result. If possible, use the Fedora 38 remote instead.

v2.15.1

Release Summary

Release Date: 2023-06-20
Porting Guide

Minor Changes

ansible-test - Allow float values for the --timeout option to the env command. This simplifies testing.
ansible-test - Refactored env command logic and timeout handling.
ansible-test - Use datetime.datetime.now with tz specified instead of datetime.datetime.utcnow.

Bugfixes

Properly disable jinja2_native in the template module when jinja2 override is used in the template (#80605)
ansible-galaxy - Fix variable type error when installing subdir collections (#80943)
ansible-test - Fix a traceback that occurs when attempting to test Ansible source using a different ansible-test. A clear error message is now given when this scenario occurs.
ansible-test - Fix handling of timeouts exceeding one day.
ansible-test - Fix various cases where the test timeout could expire without terminating the tests.
ansible-test local change detection - use git merge-base <branch> HEAD instead of git merge-base --fork-point <branch> (#79734).
deb822_repository - use http-agent for receiving content (#80809).
dnf5 - Update dnf5 module to handle API change for setting the download directory (#80887)
man page build - Remove the dependency on the docs directory for building man pages.
pep517 build backend - Copy symlinks when copying the source tree. This avoids tracebacks in various scenarios, such as when a venv is present in the source tree.
uri - fix search for JSON type to include complex strings containing '+'

v2.15.0

Release Summary

Release Date: 2023-05-15
Porting Guide

Major Changes

ansible-test - Docker Desktop on WSL2 is now supported (additional configuration required).
ansible-test - Docker and Podman are now supported on hosts with cgroup v2 unified. Previously only cgroup v1 and cgroup v2 hybrid were supported.
ansible-test - Podman now works on container hosts without systemd. Previously only some containers worked, while others required rootfull or rootless Podman, but would not work with both. Some containers did not work at all.
ansible-test - Podman on WSL2 is now supported.
ansible-test - When additional cgroup setup is required on the container host, this will be automatically detected. Instructions on how to configure the host will be provided in the error message shown.

Minor Changes

Add support for custom salt for vault encoding to make it deterministic (#35480).
Added the conditional that was False if when caused a task to skip under false_condition.
Allow force deletion of a group even when it is the primary group of a user. (#77849)
Ansible.ModuleUtils.AddType - Add support for compiling unsafe code with the //AllowUnsafe directive
Cache field attributes list on the playbook classes
Cleaned up unused imports in core.
Get user input for pause and paramiko_ssh from the strategy rather than access sys.stdin in the WorkerProcess.
Introduce Delegatable and Notifiable mixin classes for playbook objects
Make using blocks as handlers a parser error (#79968)
Playbook objects - Replace deprecated stacked @classmethod and @property
Raise an error when an incorrect isa type is passed to FieldAttribute.
Remove fallback code for when defined/undefined tests were used on objects containing nested undefined variables; due to changes in lazy evalution of Jinja2 expressions it is no longer needed.
Remove unused Python stdlib imports from module_utils which were not present for backwards compatibility in: common.file, compat.selectors, facts.network.iscsi, facts.network.nvme, yumdnf
Remove unused internal imports from module_utils which were not present for backwards compatibility in: common.file, common.parameters, facts.system.caps, yumdnf
Removed straight.plugin from the build and packaging requirements.
Removed unused imports from the following action plugins: async_status, command, pause, set_stats, uri, validate_argument_spec
Removed unused imports from the following lookup plugins: fileglob, template
Removed unused imports from the following modules: apt, dnf, expect, pip, slurp, user, yum
Removed unused imports from the following set of test plugins: files
Removed unused imports from the following strategy plugins: debug
Removed unused imports from the following vars plugins: host_group_vars
The minimum required setuptools version is now 45.2.0, as it is the oldest version to support Python 3.10.
Use ansible.module_utils.six.moves.collections_abc instead of ansible.module_utils.common._collections_compat in modules and module_utils.
Use collections.abc instead of ansible.module_utils.common._collections_compat in controller code.
Use package_data instead of include_package_data for setup.cfg to avoid setuptools warnings.
AnsibleJ2Vars class that acts as a storage for all variables for templating purposes now uses collections.ChainMap internally.
add parameter numeric to the iptables module to disable dns lookups when running list -action internally (#78793).
allow user to set ansible specific env vars for selecting pager and editor, but still fall back to commonly used defaults.
ansible-doc - support role extension for semantic markup spec so that O() and RV() referring to role entrypoints are rendered more readable (#80305).
ansible-doc - support semantic markup in text output (#80242).
ansible-doc text output - support seealso plugin record that was added for filter and test plugin documentation (#80212).
ansible-galaxy - Add ability to specify collection versions on the CLI without the need for a colon. Such as namespace.name==1.2.3 vs namespace.name:1.2.3.
ansible-galaxy - Use Python's native raise ... from instead of six.raise_from.
ansible-galaxy - support resolvelib >= 0.5.3, < 0.10.0.
ansible-galaxy - support resolvelib >= 0.5.3, < 1.1.0.
ansible-inventory now supports the limit command line options.
ansible-test - A new audit option is available when running custom containers. This option can be used to indicate whether a container requires the AUDIT_WRITE capability. The default is required, which most containers will need when using Podman. If necessary, the none option can be used to opt-out of the capability. This has no effect on Docker, which always provides the capability.
ansible-test - A new cgroup option is available when running custom containers. This option can be used to indicate a container requires cgroup v1 or that it does not use cgroup. The default behavior assumes the container works with cgroup v2 (as well as v1).
ansible-test - Add Alpine 3.17 remote.
ansible-test - Add Fedora 37 container.
ansible-test - Add Fedora 37 remote.
ansible-test - Add FreeBSD 12.4 remote.
ansible-test - Add RHEL 8.7 remote.
ansible-test - Add RHEL 9.1 remote.
ansible-test - Add macOS 13.2 remote.
ansible-test - Additional log details are shown when containers fail to start or SSH connections to containers fail.
ansible-test - Connection failures to remote provisioned hosts now show failure details as a warning.
ansible-test - Containers included with ansible-test no longer disable seccomp by default.
ansible-test - Disabled the ansible-format-automatic-specification rule from the pylint sanity test, now that Python 2.6 is no longer supported.
ansible-test - Enable the trailing-comma-tuple rule in the pylint sanity test.
ansible-test - Enable the unused-import rule for the pylint sanity test for collections.
ansible-test - Failure to connect to a container over SSH now results in a clear error. Previously tests would be attempted even after initial connection attempts failed.
ansible-test - Improve consistency of executed pylint commands by making the plugins ordered.
ansible-test - Improve consistency of version specific documentation links.
ansible-test - Integration tests can be excluded from retries triggered by the --retry-on-error option by adding the retry/never alias. This is useful for tests that cannot pass on a retry or are too slow to make retries useful.
ansible-test - Minor cleanup and package updates in distro containers.
ansible-test - More details are provided about an instance when provisioning fails.
ansible-test - Moved git handling out of the validate-modules sanity test and into ansible-test.
ansible-test - Reduce the polling limit for SSHD startup in containers from 60 retries to 10. The one second delay between retries remains in place.
ansible-test - Removed test containers: fedora36
ansible-test - Removed test remotes: alpine/3.16, fedora/36, freebsd/12.3, rhel/8.6, rhel/9.0, macos/12.0
ansible-test - Removed the --keep-git sanity test option, which was limited to testing ansible-core itself.
ansible-test - SSH connections from OpenSSH 8.8+ to CentOS 6 containers now work without additional configuration. However, clients older than OpenSSH 7.0 can no longer connect to CentOS 6 containers as a result. The container must have centos6 in the image name for this work-around to be applied.
ansible-test - SSH shell connections from OpenSSH 8.8+ to ansible-test provisioned network instances now work without additional configuration. However, clients older than OpenSSH 7.0 can no longer open shell sessions for ansible-test provisioned network instances as a result.
ansible-test - Specify the configuration file location required by test plugins when the config file is not found. This resolves issue: #79411
ansible-test - The ansible-test env command now detects and reports the container ID if running in a container.
ansible-test - The pep8 sanity test rule E203 is now disabled since it is not PEP 8 compliant. This provides compatibility with output generated by the black code formatter.
ansible-test - The validate-modules sanity test no longer limits the __future__ imports that can be used. Other sanity tests that check __future__ imports remain unchanged. As a result, the error code illegal-future-imports is no longer used.
ansible-test - Unit tests now support network disconnect by default when running under Podman. Previously this feature only worked by default under Docker.
ansible-test - Update Alpine 3 container to 3.17.
ansible-test - Update Python requirements used for sanity tests.
ansible-test - Update base and default containers to include Python 3.11.0.
ansible-test - Update default containers to include new docs-build sanity test requirements.
ansible-test - Update error handling code to use Python 3.x constructs, avoiding direct use of errno.
ansible-test - Update test container to 7.4.0 which includes the new PSScriptAnalyzer versions
ansible-test - Update the CloudStack test plugin to use a newer test container with CloudStack 4.18.0.
ansible-test - Update the NIOS test plugin to use a newer multi-arch test container.
ansible-test - Update the ansible-bad-import-from rule in the pylint sanity test to recommend ansible.module_utils.six.moves.collections_abc instead of ansible.module_utils.common._collections_compat.
ansible-test - Update the base and default test containers with the latest requirements.
ansible-test - Update the default containers to include the package-data requirements update.
ansible-test - Update the default containers to include the pylint requirements update.
ansible-test - Updated the Azure Pipelines CI plugin to work with newer versions of git.
ansible-test - Use stop --time 0 followed by rm to remove ephemeral containers instead of rm -f. This speeds up teardown of ephemeral containers.
ansible-test - Warnings are now shown when using containers that were built with VOLUME instructions.
ansible-test - When setting the max open files for containers, the container host's limit will be checked. If the host limit is lower than the preferred value, it will be used and a warning will be shown.
ansible-test - When using Podman, ansible-test will detect if the loginuid used in containers is incorrect. When this occurs a warning is displayed and the container is run with the AUDIT_CONTROL capability. Previously containers would fail under this situation, with no useful warnings or errors given.
ansible-test acme test container - update version to update used Pebble version, underlying Python and Go base containers, and Python requirements (#79783).
ansible-test pslint - Upgrade PSScriptAnalyzer to 1.21.0 which enables the AvoidMultipleTypeAttributes, AvoidSemicolonsAsLineTerminators, and AvoidUsingBrokenHashAlgorithms rules
ansible-test runtime-metadata sanity test - ensure that redirect entries in meta/runtime.yml contain collection names, except for module_utils plugin redirects and import_redirect redirects (#78802).
ansible-test sanity --test ansible-doc - now also lists documentation for test and filter plugins that are documented (#77737).
ansible-test validate-modules - Added support for validating module documentation stored in a sidecar file alongside the module ({module}.yml or {module}.yaml). Previously these files were ignored and documentation had to be placed in {module}.py.
ansible-test validate-modules - no longer treat falsy non-False values for defaults as None (#79267).
apt - add allow-change-held-packages option to apt remove (#78131)
apt_repository - adds sources_added and sources_removed to the return of the module (#79306).
apt_repository will use the trust repo directories in order of preference (more appropriate to less) as they exist on the target.
collections - Add additional ignores for commonly rejected file extensions
collections - Add additional includes for REUSE license files (#79368)
deb822_repository - Add new module for managing DEB822 formatted apt repositories
debug - Perform argspec valdiation in debug action plugin (#79862)
dnf5 - Add new module for managing packages and other artifacts via the next version of DNF (#78898)
galaxy - include license_file in the default manifest directives (https://github.com/ansible/ansible/pull-request/79420)
optimized var loading by caching results as there is no variance in input during run.
pycompat24 module_utils - Remove support for Python 2.5 and earlier.
sanity tests - updates the collection-deprecated-version tests to ignore the prerelease component of the collection version ().
strftime filter, additional docs and links to source of truth.
updated the vendored distro library to upstream version (#79227)
validate-modules sanity test - add support for semantic markup (#80243).
validate-modules sanity test - if the check_mode attribute is present, check that it coincides with the support_check_mode parameter of AnsibleModule (#80090).
validate-modules sanity test - remove support for the never implemented forced_action_plugin attribute (#79317).
validate-modules sanity test - support the plugin see-also part of the semantic markup specification (#80244).

Breaking Changes / Porting Guide

ansible-doc - no longer treat plugins in collections whose name starts with _ as deprecated (#79362).
ansible-test - Integration tests which depend on specific file permissions when running in an ansible-test managed host environment may require changes. Tests that require permissions other than 755 or 644 may need to be updated to set the necessary permissions as part of the test run.
ansible-test - The vcenter test plugin now defaults to using a user-provided static configuration instead of the govcsim simulator for collections. Set the ANSIBLE_VCSIM_CONTAINER environment variable to govcsim to use the simulator. Keep in mind that the simulator is deprecated and will be removed in a future release.
ansible-test sanity - previously plugins and modules in collections whose name started with _ were treated as deprecated, even when they were not marked as deprecated in meta/runtime.yml. This is no longer the case (#79362).
ansible-test validate-modules - Removed the missing-python-doc error code in validate modules, missing-documentation is used instead for missing PowerShell module documentation.

Deprecated Features

The ConnectionBase()._new_stdin attribute is deprecated, use display.prompt_until(msg) instead.
ansible-test - The foreman test plugin is now deprecated. It will be removed in a future release.
ansible-test - The govcsim simulator in the vcenter test plugin is now deprecated. It will be removed in a future release. Users should switch to providing their own test environment through a static configuration file.
password_hash - deprecate using passlib.hash.hashtype if hashtype isn't in the list of documented choices.
vars - Specifying a list of dictionaries for vars: is deprecated in favor of specifying a dictionary.

Removed Features (previously deprecated)

Remove deprecated ANSIBLE_CALLBACK_WHITELIST configuration environment variable, use ANSIBLE_CALLBACKS_ENABLED instead. (#78821)
Remove deprecated ANSIBLE_COW_WHITELIST configuration environment variable, use ANSIBLE_COW_ACCEPTLIST instead. (#78819)
Remove deprecated callback_whitelist configuration option, use callbacks_enabled instead. (#78822)
Remove deprecated cow_whitelist configuration option, use cowsay_enabled_stencils instead. (#78820)

Bugfixes

Ansible.Basic.cs - Ignore compiler warning (reported as an error) when running under PowerShell 7.3.x.
AnsibleModule.run_command - Only use selectors when needed, and rely on Python stdlib subprocess for the simple task of collecting stdout/stderr when prompt matching is not required.
BSD network facts - Do not assume column indexes, look for netmask and broadcast for determining the correct columns when parsing inet line (#79117)
Correctly count rescued tasks in play recap (#79711)
Display - Defensively configure writing to stdout and stderr with a custom encoding error handler that will replace invalid characters while providing a deprecation warning that non-utf8 text will result in an error in a future version.
Do not crash when templating an expression with a test or filter that is not a valid Ansible filter name (#78912, #78913).
Fix MANIFEST.in to exclude unwanted files in the packaging/ directory.
Fix MANIFEST.in to include *.md files in the test/support/ directory.
Fix a traceback occuring when a task is named meta (#79459)
Fix an issue where the value of become was ignored when used on a role used as a dependency in main/meta.yml (#79777)
Fix bug in vars applied to roles, they were being incorrectly exported among others while only vars/main.yml was meant to be. Also adjusted the precedence to act the same as inline params.
Fix conditionally notifying include_tasks` handlers whenforce_handlers`` is used (#79776)
Fix post-validating looped task fields so the strategy uses the correct values after task execution.
Fix reusing a connection in a task loop that uses a redirected or aliased name - #78425
Fix setting become activation in a task loop - #78425
Fix traceback when using the template module and running with ANSIBLE_DEBUG=1 (#79763)
Fix using GALAXY_IGNORE_CERTS in conjunction with collections in requirements files which specify a specific source that isn't in the configured servers.
Fix using GALAXY_IGNORE_CERTS when downloading tarballs from Galaxy servers (#79557).
Fixes leftover _valid_attrs usage.
Fixes the password lookup to not rewrite files if they are not changed when using the "encrypt" parameter (#79430).
Module and role argument validation - include the valid suboption choices in the error when an invalid suboption is provided.
Perform type check on data passed to Display.display to enforce the requirement of being given a python3 unicode string
Prevent running same handler multiple times when included via include_role (#73643)
TaskExecutor - don't ignore templated _raw_params that k=v parser failed to parse (#79862)
Windows - Display a warning if the module failed to cleanup any temporary files rather than failing the task. The warning contains a brief description of what failed to be deleted.
Windows - Ensure the module temp directory contains more unique values to avoid conflicts with concurrent runs - #80294
Windows - Improve temporary file cleanup used by modules. Will use a more reliable delete operation on Windows Server 2016 and newer to delete files that might still be open by other software like Anti Virus scanners. There are still scenarios where a file or directory cannot be deleted but the new method should work in more scenarios.
ansible-galaxy search rolename - give a warning instead of non-zero return code when search results are empty. This is similar to the behavior when listing roles, which gives a warning if a role cannot be found and exits with a return code of 0.
ansible_eval_concat - avoid redundant unsafe wrapping of templated strings converted to Python types
pkg_mgr - fix the default dnf version detection
ansible-config limit shorthand format to assigned values
ansible-doc - stop generating wrong module URLs for module see-alsos. The URLs for modules in ansible.builtin do now work, and URLs for modules outside ansible.builtin are no longer added (#80280).
ansible-doc now will correctly display short descriptions on listing filters/tests no matter the directory sorting.
ansible-galaxy - Improve retries for collection installs, to properly retry, and extend retry logic to common URL related connection errors (#80170 #80174)
ansible-galaxy - fix installing collections from directories that have a trailing path separator (#77803).
ansible-galaxy - fix installing collections in git repositories/directories which contain a MANIFEST.json file (#79796).
ansible-galaxy - fix installing signed collections (#80648).
ansible-galaxy - make initial call to Galaxy server on-demand only when installing, getting info about, and listing roles.
ansible-galaxy - reduce API calls to servers by fetching signatures only for final candidates.
ansible-galaxy collection install - respect symlinks when installing from source or local repository (#78442)
ansible-galaxy collection verify - fix verifying signed collections when the keyring is not configured.
ansible-galaxy collection/role init - preserve symlinks (#39334).
ansible-galaxy role info - fix unhandled AttributeError by catching the correct exception.
ansible-inventory will no longer duplicate host entries if they were part of a group's childrens tree.
ansible-inventory will not explicitly sort groups/hosts anymore, giving a chance (depending on output format) to match the order in the input sources.
ansible-playbook -K breaks when passwords have quotes (#79836).
ansible-test - Add wheel < 0.38.0 constraint for Python 3.6 and earlier.
ansible-test - Add support for argcomplete version 3.
ansible-test - Add support for pytest assertion rewriting when running unit tests on Python 3.5 and later. Resolves issue #68032
ansible-test - Added a work-around for a traceback under Python 3.11 when completing certain command line options.
ansible-test - Allow disabled, unsupported, unstable and destructive integration test targets to be selected using their respective prefixes.
ansible-test - Allow unstable tests to run when targeted changes are made and the --allow-unstable-changed option is specified (resolves #74213).
ansible-test - Always indicate the Python version being used before installing requirements. Resolves issue #72855
ansible-test - Avoid using exec after container startup when possible. This improves container startup performance and avoids intermittent startup issues with some old containers.
ansible-test - Connection attempts to managed remote instances no longer abort on Permission denied errors.
ansible-test - Detection for running in a Podman or Docker container has been fixed to detect more scenarios. The new detection relies on /proc/self/mountinfo instead of /proc/self/cpuset. Detection now works with custom cgroups and private cgroup namespaces.
ansible-test - Exclude ansible-core vendored Python packages from ansible-test payloads.
ansible-test - Fix broken documentation link for aws test plugin error messages.
ansible-test - Fix validate-modules error when retrieving PowerShell argspec when retrieved inside a Cmdlet
ansible-test - Handle server errors when executing the docker info command.
ansible-test - Integration test target prefixes defined in a tests/integration/target-prefixes.{group} file can now contain an underscore (_) character. Resolves issue #79225
ansible-test - Multiple containers now work under Podman without specifying the --docker-network option.
ansible-test - Pass the XDG_RUNTIME_DIR environment variable through to container commands.
ansible-test - Perform PyPI proxy configuration after instances are ready and bootstrapping has been completed. Only target instances are affected, as controller instances were already handled this way. This avoids proxy configuration errors when target instances are not yet ready for use.
ansible-test - Prevent concurrent / repeat inspections of the same container image.
ansible-test - Prevent concurrent / repeat pulls of the same container image.
ansible-test - Prevent concurrent execution of cached methods.
ansible-test - Removed pointless comparison in diff evaluation logic.
ansible-test - Set PYLINTHOME for the pylint sanity test to prevent failures due to pylint checking for the existence of an obsolete home directory.
ansible-test - Show the exception type when reporting errors during instance provisioning.
ansible-test - Support Podman 4.4.0+ by adding the SYS_CHROOT capability when running containers.
ansible-test - Support loading of vendored Python packages from ansible-core.
ansible-test - The validate-modules sanity test now properly enforces documentation before imports for plugins. Previously this was only enforced for modules due to a coding error.
ansible-test - Update pylint to 2.17.2 to resolve several possible false positives.
ansible-test - Update pylint to 2.17.3 to resolve several possible false positives.
ansible-test - Update the pylint sanity test requirements to resolve crashes on Python 3.11. (#78882)
ansible-test - Update the pylint sanity test to use version 2.15.4.
ansible-test - Update the pylint sanity test to use version 2.15.5.
ansible-test - Use consistent file permissions when delegating tests to a container or remote host. Files with any execute bit set will use permissions 755. All other files will use permissions 644. (Resolves issue #75079)
ansible-test - When bootstrapping remote FreeBSD instances, use the OS packaged setuptools instead of installing the latest version from PyPI.
ansible-test - fix warning message about failing to run an image to include the image name
ansible-test runtime-metadata sanity test - do not crash on YAML parsing errors without a context mark (#78802).
ansible-test sanity - correctly report invalid YAML in validate-modules (#75837).
ansible-vault encrypt_string - started appending a line feed at the end of the encrypted string output. Missing newline character caused problems identifying where the string ends in some shells (like bash) or accidentally copying an extra trailing terminator symbol (e.g., zsh prints out a % sign to signal where the original output stops) (#78932).
ansible_facts.hardware - Define all processor facts on s390x (#19755)
apt - set locale to fix updating the cache (#79523).
apt module should not traceback on invalid type given as package. issue 78663.
apt_repository will no longer fail to detect key when unrelated errors/warnings are issued by apt-key.
argument spec validation - again report deprecated parameters for Python-based modules. This was accidentally removed in ansible-core 2.11 when argument spec validation was refactored (#79680, #79681).
argument spec validation - ensure that deprecated aliases in suboptions are also reported (#79740).
argument spec validation - fix warning message when two aliases of the same option are used for suboptions to also mention the option's name they are in (#79740).
basic.py module_utils - Perform Python version check much earlier to ensure it runs before other errors occur.
connection local now avoids traceback on invalid user being used to execuet ansible (valid in host, but not in container).
copy - fix creating the dest directory in check mode with remote_src=True (#78611).
copy - fix reporting changes to file attributes in check mode with remote_src=True (#77957).
copy module will no longer move 'non files' set as src when remote_src=true.
copy remote_src=true - fix copying subdirs recursively when the dest exists and the src and dest have multiple common subdirectories in a common directory (#74536).
copy remote_src=true - fix reporting changed for copying empty directories.
display - reduce risk of post-fork output deadlocks (#79522)
dnf5 - Use transaction.check_gpg_signatures API call to check package signatures AND possibly to recover from when keys are missing.
dnf5 - fix module and package names in the message following failed module respawn attempt
dnf5 - use the logs API to determine transaction problems
file - touch action in check mode was always returning ok. Fix now evaluates the different conditions and returns the appropriate changed status. (#79360)
file lookup now handles missing files more gracefully.
file lookup now plays nice with generic lookup errors option.
get_url - Ensure we are passing ciphers to all url_get calls (#79717)
get_url module - Added a documentation reference to hashlib regarding algorithms, as well as a note about md5 support on systems running in FIPS compliant mode.
get_url module - Removed out-of-date documentation stating that hashlib is a third-party library.
handlers - fix v2_playbook_on_notify callback not being called when notifying handlers
handlers - fix an issue where the flush_handlers meta task could not be used with FQCN: ansible.builtin.meta (#79023)
include_role - Inherit from role parents beyond a depth of 3 (#47023).
jinja2_native - fix intermittent 'could not find job' failures when a value of ansible_job_id from a result of an async task was inadvertently changed during execution; to prevent this a format of ansible_job_id was changed.
jinja2_native: preserve quotes in strings (#79083)
keyword inheritance - Ensure that we do not squash keywords in validate (#79021)
known_hosts - do not return changed status when a non-existing key is removed (#78598)
list-tags now shows the 'never' tag, which was being excluded by default. To list all tasks you still need to add --list-tasks --tags never,all.
loops/delegate_to - Do not double calculate the values of loops and delegate_to (#80038)
module responses - Ensure that module responses are utf-8 adhereing to JSON RFC and expectations of the core code.
module/role argument spec - validate the type for options that are None when the option is required or has a non-None default (#79656).
module_utils/basic.py - Fix detection of available hashing algorithms on Python 3.x. All supported algorithms are now available instead of being limited to a hard-coded list. This affects modules such as get_url which accept an arbitrary checksum algorithm.
normal action plugin - remove obsolete if (#79690).
omit on keywords was resetting to default value, ignoring inheritance.
paramiko - Add a new option to allow paramiko >= 2.9 to easily work with all devices now that rsa-sha2 support was added to paramiko, which prevented communication with numerous platforms. (#76737)
paramiko - Add back support for ssh_args, ssh_common_args, and ssh_extra_args for parsing the ProxyCommand (#78750)
paramiko connection was still using outdated playcontext, this should bring it up to date to use the 'correct' data for each task/loop.
password lookup now correctly reads stored ident fields.
password_hash - handle errors using unknown passlib hashtypes more gracefully (#45392).
pep517 build backend - Use the documented import_module import from importlib.
plugin loader, fix detection for existing configuration before initializing for a plugin
role deduplication - Always create new role object, regardless of deduplication. Deduplication will only affect whether a duplicate call to a role will execute, as opposed to re-using the same object. (#78661)
roles - Fix templating public, allow_duplicates and rolespec_validate (#80304).
service_facts - Use python re to parse service output instead of grep (#78541)
strategy plugins now correctly identify bad registered variables, even on skip.
strategy plugins: get the correctly templated and validated run_once value on strategy linear (#78492)
syntax check - Limit --syntax-check to ansible-playbook only, as that is the only CLI affected by this argument (#80506)
systemd - daemon-reload and daemon-reexec ignore errors when running in a chroot (#79643)
templates - Fixed TypeError when a lookup plugin has an option called name.
unarchive - allow relative path for dest (#64612)
unarchive - log errors from commands to assist in debugging (#64612)
updated error messages to include 'acl' and not just mode changes when failing to set required permissions on remote.
uri - improve JSON content type detection
user - fix comparing group IDs to existing group names so groups are not always updated (#79956).
user module - Removed password_expire_max from the return docs, as it is not returned.
user module - Removed password_expire_min from the return docs, as it is not returned.
validate-modules sanity test - replace semantic markup parsing and validating code with the code from antsibull-docs-parser 0.2.0 (#80406).
vault - show filename additionally if missing secrets prevents decryption (#79723)
winrm - Increase the read timeout to 10 seconds later than the operation timeout reducing the chances of a false read timeout

Known Issues

ansible-test - Additional configuration may be required for certain container host and container combinations. Further details are available in the testing documentation.
ansible-test - Custom containers with VOLUME instructions may be unable to start, when previously the containers started correctly. Remove the VOLUME instructions to resolve the issue. Containers with this condition will cause ansible-test to emit a warning.
ansible-test - Systems with Podman networking issues may be unable to run containers, when previously the issue went unreported. Correct the networking issues to continue using ansible-test with Podman.
ansible-test - Unit tests for collections do not support pytest assertion rewriting on Python 2.7.
ansible-test - Using Docker on systems with SELinux may require setting SELinux to permissive mode. Podman should work with SELinux in enforcing mode.
dnf5 - The DNF5 package manager currently does not provide all functionality to ensure feature parity between the existing dnf and the new dnf5 module. As a result the following dnf5 options are effectively a no-op: cacheonly, enable_plugin, disable_plugin and lock_timeout.

Files

CHANGELOG-v2.15.rst

Latest commit

History

CHANGELOG-v2.15.rst

File metadata and controls

ansible-core 2.15 "Ten Years Gone" Release Notes

v2.15.11

Release Summary

Bugfixes

v2.15.10

Release Summary

Minor Changes

Bugfixes

v2.15.9

Release Summary

Minor Changes

Security Fixes

Bugfixes

v2.15.8

Release Summary

Minor Changes

Bugfixes

v2.15.7

Release Summary

Breaking Changes / Porting Guide

Security Fixes

Bugfixes

v2.15.6

Release Summary

Minor Changes

Bugfixes

v2.15.5

Release Summary

Minor Changes

Security Fixes

Bugfixes

v2.15.4

Release Summary

Deprecated Features

Bugfixes

v2.15.3

Release Summary

Minor Changes

Bugfixes

v2.15.2

Release Summary

Minor Changes

Bugfixes

Known Issues

v2.15.1

Release Summary

Minor Changes

Bugfixes

v2.15.0

Release Summary

Major Changes

Minor Changes

Breaking Changes / Porting Guide

Deprecated Features

Removed Features (previously deprecated)

Bugfixes

Known Issues

New Plugins

Filter

New Modules

Lib

ansible.modules