Release Date: 2023-11-27
- assert - Nested templating may result in an inability for the conditional to be evaluated. See the porting guide for more information.
- templating - Address issues where internal templating can cause unsafe variables to lose their unsafe designation (CVE-2023-5764)
- ansible-pull now will expand relative paths for the
-d|--directory
option is now expanded before use. - flush_handlers - properly handle a handler failure in a nested block when
force_handlers
is set (http://github.com/ansible/ansible/issues/81532) - module no_log will no longer affect top level booleans, for example
no_log_module_parameter='a'
will no longer hidechanged=False
as a 'no log value' (matches 'a'). - modules/user.py - Add check for valid directory when creating new user homedir (allows /dev/null as skeleton) (#75063)
- role params now have higher precedence than host facts again, matching documentation, this had unintentionally changed in 2.15.
- wait_for should not handle 'non mmapable files' again.
Release Date: 2023-11-06
- ansible-test - Windows 2012 and 2012-R2 instances are now requested from Azure instead of AWS.
- Fix
run_once
being incorrectly interpreted on handlers (#81666) - Plugin loader does not dedupe nor cache filter/test plugins by file basename, but full path name.
- Properly template tags in parent blocks (#81053)
- Restoring the ability of filters/tests can have same file base name but different tests/filters defined inside.
import_role
reverts to previous behavior of exporting vars at compile time.- ansible-galaxy - Provide a better error message when using a requirements file with an invalid format - #81901
- ansible-inventory - index available_hosts for major performance boost when dumping large inventories
- ansible-test - Fix parsing of cgroup entries which contain a
:
in the path (#81977).
Release Date: 2023-10-09
- ansible-galaxy dependency resolution messages have changed the unexplained 'virtual' collection for the specific type ('scm', 'dir', etc) that is more user friendly
- ansible-galaxy - Prevent roles from using symlinks to overwrite files outside of the installation directory (CVE-2023-5115)
- Allow for searching handler subdir for included task via include_role (#81722)
- PluginLoader - fix Jinja plugin performance issues (#79652)
ansible.module_utils.service
- ensure binary data transmission indaemonize()
ansible.module_utils.service
- fix inter-process communication indaemonize()
- ansible-galaxy - started allowing the use of pre-releases for collections that do not have any stable versions published. (#81606)
- ansible-galaxy - started allowing the use of pre-releases for dependencies on any level of the dependency tree that specifically demand exact pre-release versions of collections and not version ranges. (#81606)
- ansible-galaxy error on dependency resolution will not error itself due to 'virtual' collections not having a name/namespace.
- ansible-galaxy info - fix reporting no role found when lookup_role_by_name returns None.
- role deduplication - don't deduplicate before a role has had a task run for that particular host (#81486).
- uri/urls - Add compat function to handle the ability to parse the filename from a Content-Disposition header (#81806)
- winrm - Better handle send input failures when communicating with hosts under load
Release Date: 2023-09-11
- vault and unfault filters - the undocumented
vaultid
parameter is deprecated and will be removed in ansible-core 2.20. Usevault_id
instead.
- PowerShell - Remove some code which is no longer valid for dotnet 5+
- Prompting - add a short sleep between polling for user input to reduce CPU consumption (#81516).
- ansible-galaxy - Enabled the
data
tarfile filter during role installation for Python versions that support it. A probing mechanism is used to avoid Python versions with a broken implementation. - ansible-test - Always use ansible-test managed entry points for ansible-core CLI tools when not running from source. This fixes issues where CLI entry points created during install are not compatible with ansible-test.
- first found lookup has been updated to use the normalized argument parsing (pythonic) matching the documented examples.
- handlers - the
listen
keyword can affect only one handler with the same name, the last one defined as it is a case with thenotify
keyword (#81013) - include_role - expose variables from parent roles to role's handlers (#80459)
- tarfile - handle data filter deprecation warning message for extract and extractall (#80832).
- vault and unvault filters now properly take
vault_id
parameter.
Release Date: 2023-08-14
- Removed
exclude
andrecursive-exclude
commands for generated files from theMANIFEST.in
file. These excludes were unnecessary since releases are expected to be built with a clean worktree. - Removed
exclude
commands for sanity test files from theMANIFEST.in
file. These tests were previously excluded because they did not pass when run from an sdist. However, sanity tests are not expected to pass from an sdist, so excluding some (but not all) of the failing tests makes little sense. - Removed redundant
include
commands from theMANIFEST.in
file. These includes either duplicated default behavior or another command. - The
ansible-core
sdist no longer contains pre-generated man pages. Instead, apackaging/cli-doc/build.py
script is included in the sdist. This script can generate man pages and standalone RST documentation foransible-core
CLI programs. - The
docs
andexamples
directories are no longer included in theansible-core
sdist. These directories have been moved to the https://github.com/ansible/ansible-documentation repository. - Use
include
whererecursive-include
is unnecessary in theMANIFEST.in
file. - ansible-test - Update the logic used to detect when
ansible-test
is running from source. - ansible-test - Updated the CloudStack test container to version 1.6.1.
- Exclude internal options from man pages and docs.
- Fix
ansible-config init
man page option indentation. - The
ansible-config init
command now has a documentation description. - The
ansible-galaxy collection download
command now has a documentation description. - The
ansible-galaxy collection install
command documentation is now visible (previously hidden by a decorator). - The
ansible-galaxy collection verify
command now has a documentation description. - The
ansible-galaxy role install
command documentation is now visible (previously hidden by a decorator). - The
ansible-inventory
command command now has a documentation description (previously used as the epilog). - Update module_utils.urls unit test to work with cryptography >= 41.0.0.
- When generating man pages, use
func
to find the command function instead of looking it up by the command name. ansible-galaxy
now considers all collection paths when identifying which collection requirements are already installed. Use theCOLLECTIONS_PATHS
andCOLLECTIONS_SCAN_SYS_PATHS
config options to modify these. Previously only the install path was considered when resolving the candidates. The install path will remain the only one potentially modified. (#79767, #81163)- ansible-test - Fix several possible tracebacks when using the
-e
option with sanity tests. - ansible-test - Pre-build a PyYAML wheel before installing requirements to avoid a potential Cython build failure.
- ansible-test - Remove redundant warning about missing programs before attempting to execute them.
- core will now also look at the connection plugin to force 'local' interpreter for networking path compatibility as just ansible_network_os could be misleading.
- man page build - Sub commands of
ansible-galaxy role
andansible-galaxy collection
are now documented. - password_hash - fix salt format for
crypt
(only used ifpasslib
is not installed) for thebcrypt
algorithm. - urls.py - fixed cert_file and key_file parameters when running on Python 3.12 - #80490
Release Date: 2023-07-18
- Utilize gpg check provided internally by the
transaction.run
method as oppose to calling it manually. - ansible-test - Add Fedora 38 remote.
- ansible-test - Use a context manager to perform cleanup at exit instead of using the built-in
atexit
module. - dnf5 - enable environment groups installation testing in CI as its support was added.
- dnf5 - enable now implemented
cacheonly
functionality
- From issue #80880, when notifying a handler from another handler, handler notifications must be registered immediately as the flush_handler call is not recursive.
- ansible-galaxy - Fix issue installing collections containing directories with more than 100 characters on python versions before 3.10.6
- paramiko_ssh, psrp, and ssh connection plugins - ensure that all values for options that should be strings are actually converted to strings (#81029).
- templating - In the template action and lookup, use local jinja2 environment overlay overrides instead of mutating the templars environment
- ansible-test - The Fedora 37 remote is known to occasionally hang during boot. It is no longer routinely tested as a result. If possible, use the Fedora 38 remote instead.
Release Date: 2023-06-20
- ansible-test - Allow float values for the
--timeout
option to theenv
command. This simplifies testing. - ansible-test - Refactored
env
command logic and timeout handling. - ansible-test - Use
datetime.datetime.now
withtz
specified instead ofdatetime.datetime.utcnow
.
- Properly disable
jinja2_native
in the template module when jinja2 override is used in the template (#80605) - ansible-galaxy - Fix variable type error when installing subdir collections (#80943)
- ansible-test - Fix a traceback that occurs when attempting to test Ansible source using a different ansible-test. A clear error message is now given when this scenario occurs.
- ansible-test - Fix handling of timeouts exceeding one day.
- ansible-test - Fix various cases where the test timeout could expire without terminating the tests.
- ansible-test local change detection - use
git merge-base <branch> HEAD
instead ofgit merge-base --fork-point <branch>
(#79734). - deb822_repository - use http-agent for receiving content (#80809).
- dnf5 - Update dnf5 module to handle API change for setting the download directory (#80887)
- man page build - Remove the dependency on the
docs
directory for building man pages. - pep517 build backend - Copy symlinks when copying the source tree. This avoids tracebacks in various scenarios, such as when a venv is present in the source tree.
- uri - fix search for JSON type to include complex strings containing '+'
Release Date: 2023-05-15
- ansible-test - Docker Desktop on WSL2 is now supported (additional configuration required).
- ansible-test - Docker and Podman are now supported on hosts with cgroup v2 unified. Previously only cgroup v1 and cgroup v2 hybrid were supported.
- ansible-test - Podman now works on container hosts without systemd. Previously only some containers worked, while others required rootfull or rootless Podman, but would not work with both. Some containers did not work at all.
- ansible-test - Podman on WSL2 is now supported.
- ansible-test - When additional cgroup setup is required on the container host, this will be automatically detected. Instructions on how to configure the host will be provided in the error message shown.
- Add support for custom salt for vault encoding to make it deterministic (#35480).
- Added the conditional that was False if
when
caused a task to skip underfalse_condition
. - Allow force deletion of a group even when it is the primary group of a user. (#77849)
- Ansible.ModuleUtils.AddType - Add support for compiling
unsafe
code with the//AllowUnsafe
directive - Cache field attributes list on the playbook classes
- Cleaned up unused imports in core.
- Get user input for
pause
andparamiko_ssh
from the strategy rather than accesssys.stdin
in the WorkerProcess. - Introduce
Delegatable
andNotifiable
mixin classes for playbook objects - Make using blocks as handlers a parser error (#79968)
- Playbook objects - Replace deprecated stacked
@classmethod
and@property
- Raise an error when an incorrect
isa
type is passed toFieldAttribute
. - Remove fallback code for when
defined
/undefined
tests were used on objects containing nested undefined variables; due to changes in lazy evalution of Jinja2 expressions it is no longer needed. - Remove unused Python stdlib imports from module_utils which were not present for backwards compatibility in: common.file, compat.selectors, facts.network.iscsi, facts.network.nvme, yumdnf
- Remove unused internal imports from module_utils which were not present for backwards compatibility in: common.file, common.parameters, facts.system.caps, yumdnf
- Removed
straight.plugin
from the build and packaging requirements. - Removed unused imports from the following action plugins: async_status, command, pause, set_stats, uri, validate_argument_spec
- Removed unused imports from the following lookup plugins: fileglob, template
- Removed unused imports from the following modules: apt, dnf, expect, pip, slurp, user, yum
- Removed unused imports from the following set of test plugins: files
- Removed unused imports from the following strategy plugins: debug
- Removed unused imports from the following vars plugins: host_group_vars
- The minimum required
setuptools
version is now 45.2.0, as it is the oldest version to support Python 3.10. - Use
ansible.module_utils.six.moves.collections_abc
instead ofansible.module_utils.common._collections_compat
in modules and module_utils. - Use
collections.abc
instead ofansible.module_utils.common._collections_compat
in controller code. - Use
package_data
instead ofinclude_package_data
forsetup.cfg
to avoidsetuptools
warnings. AnsibleJ2Vars
class that acts as a storage for all variables for templating purposes now usescollections.ChainMap
internally.- add parameter
numeric
to the iptables module to disable dns lookups when running list -action internally (#78793). - allow user to set ansible specific env vars for selecting pager and editor, but still fall back to commonly used defaults.
- ansible-doc - support role extension for semantic markup spec so that
O()
andRV()
referring to role entrypoints are rendered more readable (#80305). - ansible-doc - support semantic markup in text output (#80242).
- ansible-doc text output - support
seealso
plugin record that was added for filter and test plugin documentation (#80212). - ansible-galaxy - Add ability to specify collection versions on the CLI without the need for a colon. Such as
namespace.name==1.2.3
vsnamespace.name:1.2.3
. - ansible-galaxy - Use Python's native
raise ... from
instead ofsix.raise_from
. - ansible-galaxy - support
resolvelib >= 0.5.3, < 0.10.0
. - ansible-galaxy - support
resolvelib >= 0.5.3, < 1.1.0
. - ansible-inventory now supports the limit command line options.
- ansible-test - A new
audit
option is available when running custom containers. This option can be used to indicate whether a container requires the AUDIT_WRITE capability. The default isrequired
, which most containers will need when using Podman. If necessary, thenone
option can be used to opt-out of the capability. This has no effect on Docker, which always provides the capability. - ansible-test - A new
cgroup
option is available when running custom containers. This option can be used to indicate a container requires cgroup v1 or that it does not use cgroup. The default behavior assumes the container works with cgroup v2 (as well as v1). - ansible-test - Add Alpine 3.17 remote.
- ansible-test - Add Fedora 37 container.
- ansible-test - Add Fedora 37 remote.
- ansible-test - Add FreeBSD 12.4 remote.
- ansible-test - Add RHEL 8.7 remote.
- ansible-test - Add RHEL 9.1 remote.
- ansible-test - Add macOS 13.2 remote.
- ansible-test - Additional log details are shown when containers fail to start or SSH connections to containers fail.
- ansible-test - Connection failures to remote provisioned hosts now show failure details as a warning.
- ansible-test - Containers included with ansible-test no longer disable seccomp by default.
- ansible-test - Disabled the
ansible-format-automatic-specification
rule from thepylint
sanity test, now that Python 2.6 is no longer supported. - ansible-test - Enable the
trailing-comma-tuple
rule in thepylint
sanity test. - ansible-test - Enable the
unused-import
rule for thepylint
sanity test for collections. - ansible-test - Failure to connect to a container over SSH now results in a clear error. Previously tests would be attempted even after initial connection attempts failed.
- ansible-test - Improve consistency of executed
pylint
commands by making the plugins ordered. - ansible-test - Improve consistency of version specific documentation links.
- ansible-test - Integration tests can be excluded from retries triggered by the
--retry-on-error
option by adding theretry/never
alias. This is useful for tests that cannot pass on a retry or are too slow to make retries useful. - ansible-test - Minor cleanup and package updates in distro containers.
- ansible-test - More details are provided about an instance when provisioning fails.
- ansible-test - Moved git handling out of the validate-modules sanity test and into ansible-test.
- ansible-test - Reduce the polling limit for SSHD startup in containers from 60 retries to 10. The one second delay between retries remains in place.
- ansible-test - Removed test containers: fedora36
- ansible-test - Removed test remotes: alpine/3.16, fedora/36, freebsd/12.3, rhel/8.6, rhel/9.0, macos/12.0
- ansible-test - Removed the
--keep-git
sanity test option, which was limited to testing ansible-core itself. - ansible-test - SSH connections from OpenSSH 8.8+ to CentOS 6 containers now work without additional configuration. However, clients older than OpenSSH 7.0 can no longer connect to CentOS 6 containers as a result. The container must have
centos6
in the image name for this work-around to be applied. - ansible-test - SSH shell connections from OpenSSH 8.8+ to ansible-test provisioned network instances now work without additional configuration. However, clients older than OpenSSH 7.0 can no longer open shell sessions for ansible-test provisioned network instances as a result.
- ansible-test - Specify the configuration file location required by test plugins when the config file is not found. This resolves issue: #79411
- ansible-test - The
ansible-test env
command now detects and reports the container ID if running in a container. - ansible-test - The
pep8
sanity test ruleE203
is now disabled since it is not PEP 8 compliant. This provides compatibility with output generated by theblack
code formatter. - ansible-test - The
validate-modules
sanity test no longer limits the__future__
imports that can be used. Other sanity tests that check__future__
imports remain unchanged. As a result, the error codeillegal-future-imports
is no longer used. - ansible-test - Unit tests now support network disconnect by default when running under Podman. Previously this feature only worked by default under Docker.
- ansible-test - Update Alpine 3 container to 3.17.
- ansible-test - Update Python requirements used for sanity tests.
- ansible-test - Update
base
anddefault
containers to include Python 3.11.0. - ansible-test - Update
default
containers to include newdocs-build
sanity test requirements. - ansible-test - Update error handling code to use Python 3.x constructs, avoiding direct use of
errno
. - ansible-test - Update test container to
7.4.0
which includes the new PSScriptAnalyzer versions - ansible-test - Update the CloudStack test plugin to use a newer test container with CloudStack 4.18.0.
- ansible-test - Update the NIOS test plugin to use a newer multi-arch test container.
- ansible-test - Update the
ansible-bad-import-from
rule in thepylint
sanity test to recommendansible.module_utils.six.moves.collections_abc
instead ofansible.module_utils.common._collections_compat
. - ansible-test - Update the
base
anddefault
test containers with the latest requirements. - ansible-test - Update the
default
containers to include thepackage-data
requirements update. - ansible-test - Update the
default
containers to include thepylint
requirements update. - ansible-test - Updated the Azure Pipelines CI plugin to work with newer versions of git.
- ansible-test - Use
stop --time 0
followed byrm
to remove ephemeral containers instead ofrm -f
. This speeds up teardown of ephemeral containers. - ansible-test - Warnings are now shown when using containers that were built with VOLUME instructions.
- ansible-test - When setting the max open files for containers, the container host's limit will be checked. If the host limit is lower than the preferred value, it will be used and a warning will be shown.
- ansible-test - When using Podman, ansible-test will detect if the loginuid used in containers is incorrect. When this occurs a warning is displayed and the container is run with the AUDIT_CONTROL capability. Previously containers would fail under this situation, with no useful warnings or errors given.
- ansible-test acme test container - update version to update used Pebble version, underlying Python and Go base containers, and Python requirements (#79783).
- ansible-test pslint - Upgrade PSScriptAnalyzer to
1.21.0
which enables theAvoidMultipleTypeAttributes
,AvoidSemicolonsAsLineTerminators
, andAvoidUsingBrokenHashAlgorithms
rules - ansible-test runtime-metadata sanity test - ensure that
redirect
entries inmeta/runtime.yml
contain collection names, except formodule_utils
plugin redirects andimport_redirect
redirects (#78802). - ansible-test sanity --test ansible-doc - now also lists documentation for test and filter plugins that are documented (#77737).
- ansible-test validate-modules - Added support for validating module documentation stored in a sidecar file alongside the module (
{module}.yml
or{module}.yaml
). Previously these files were ignored and documentation had to be placed in{module}.py
. - ansible-test validate-modules - no longer treat falsy non-
False
values for defaults asNone
(#79267). - apt - add allow-change-held-packages option to apt remove (#78131)
- apt_repository - adds
sources_added
andsources_removed
to the return of the module (#79306). - apt_repository will use the trust repo directories in order of preference (more appropriate to less) as they exist on the target.
- collections - Add additional ignores for commonly rejected file extensions
- collections - Add additional includes for REUSE license files (#79368)
- deb822_repository - Add new module for managing DEB822 formatted apt repositories
- debug - Perform argspec valdiation in debug action plugin (#79862)
- dnf5 - Add new module for managing packages and other artifacts via the next version of DNF (#78898)
- galaxy - include
license_file
in the default manifest directives (https://github.com/ansible/ansible/pull-request/79420) - optimized var loading by caching results as there is no variance in input during run.
- pycompat24 module_utils - Remove support for Python 2.5 and earlier.
- sanity tests - updates the collection-deprecated-version tests to ignore the
prerelease
component of the collection version (). - strftime filter, additional docs and links to source of truth.
- updated the vendored distro library to upstream version (#79227)
- validate-modules sanity test - add support for semantic markup (#80243).
- validate-modules sanity test - if the
check_mode
attribute is present, check that it coincides with thesupport_check_mode
parameter ofAnsibleModule
(#80090). - validate-modules sanity test - remove support for the never implemented
forced_action_plugin
attribute (#79317). - validate-modules sanity test - support the
plugin
see-also part of the semantic markup specification (#80244).
- ansible-doc - no longer treat plugins in collections whose name starts with
_
as deprecated (#79362). - ansible-test - Integration tests which depend on specific file permissions when running in an ansible-test managed host environment may require changes. Tests that require permissions other than
755
or644
may need to be updated to set the necessary permissions as part of the test run. - ansible-test - The
vcenter
test plugin now defaults to using a user-provided static configuration instead of thegovcsim
simulator for collections. Set theANSIBLE_VCSIM_CONTAINER
environment variable togovcsim
to use the simulator. Keep in mind that the simulator is deprecated and will be removed in a future release. - ansible-test sanity - previously plugins and modules in collections whose name started with
_
were treated as deprecated, even when they were not marked as deprecated inmeta/runtime.yml
. This is no longer the case (#79362). - ansible-test validate-modules - Removed the
missing-python-doc
error code in validate modules,missing-documentation
is used instead for missing PowerShell module documentation.
- The
ConnectionBase()._new_stdin
attribute is deprecated, usedisplay.prompt_until(msg)
instead. - ansible-test - The
foreman
test plugin is now deprecated. It will be removed in a future release. - ansible-test - The
govcsim
simulator in thevcenter
test plugin is now deprecated. It will be removed in a future release. Users should switch to providing their own test environment through a static configuration file. - password_hash - deprecate using passlib.hash.hashtype if hashtype isn't in the list of documented choices.
- vars - Specifying a list of dictionaries for
vars:
is deprecated in favor of specifying a dictionary.
- Remove deprecated
ANSIBLE_CALLBACK_WHITELIST
configuration environment variable, useANSIBLE_CALLBACKS_ENABLED
instead. (#78821) - Remove deprecated
ANSIBLE_COW_WHITELIST
configuration environment variable, useANSIBLE_COW_ACCEPTLIST
instead. (#78819) - Remove deprecated
callback_whitelist
configuration option, usecallbacks_enabled
instead. (#78822) - Remove deprecated
cow_whitelist
configuration option, usecowsay_enabled_stencils
instead. (#78820)
- Ansible.Basic.cs - Ignore compiler warning (reported as an error) when running under PowerShell 7.3.x.
- AnsibleModule.run_command - Only use selectors when needed, and rely on Python stdlib subprocess for the simple task of collecting stdout/stderr when prompt matching is not required.
- BSD network facts - Do not assume column indexes, look for
netmask
andbroadcast
for determining the correct columns when parsinginet
line (#79117) - Correctly count rescued tasks in play recap (#79711)
- Display - Defensively configure writing to stdout and stderr with a custom encoding error handler that will replace invalid characters while providing a deprecation warning that non-utf8 text will result in an error in a future version.
- Do not crash when templating an expression with a test or filter that is not a valid Ansible filter name (#78912, #78913).
- Fix
MANIFEST.in
to exclude unwanted files in thepackaging/
directory. - Fix
MANIFEST.in
to include*.md
files in thetest/support/
directory. - Fix a traceback occuring when a task is named
meta
(#79459) - Fix an issue where the value of
become
was ignored when used on a role used as a dependency inmain/meta.yml
(#79777) - Fix bug in vars applied to roles, they were being incorrectly exported among others while only vars/main.yml was meant to be. Also adjusted the precedence to act the same as inline params.
- Fix conditionally notifying
include_tasks` handlers when ``force_handlers
is used (#79776) - Fix post-validating looped task fields so the strategy uses the correct values after task execution.
- Fix reusing a connection in a task loop that uses a redirected or aliased name - #78425
- Fix setting become activation in a task loop - #78425
- Fix traceback when using the
template
module and running withANSIBLE_DEBUG=1
(#79763) - Fix using
GALAXY_IGNORE_CERTS
in conjunction with collections in requirements files which specify a specificsource
that isn't in the configured servers. - Fix using
GALAXY_IGNORE_CERTS
when downloading tarballs from Galaxy servers (#79557). - Fixes leftover _valid_attrs usage.
- Fixes the password lookup to not rewrite files if they are not changed when using the "encrypt" parameter (#79430).
- Module and role argument validation - include the valid suboption choices in the error when an invalid suboption is provided.
- Perform type check on data passed to Display.display to enforce the requirement of being given a python3 unicode string
- Prevent running same handler multiple times when included via
include_role
(#73643) - TaskExecutor - don't ignore templated _raw_params that k=v parser failed to parse (#79862)
- Windows - Display a warning if the module failed to cleanup any temporary files rather than failing the task. The warning contains a brief description of what failed to be deleted.
- Windows - Ensure the module temp directory contains more unique values to avoid conflicts with concurrent runs - #80294
- Windows - Improve temporary file cleanup used by modules. Will use a more reliable delete operation on Windows Server 2016 and newer to delete files that might still be open by other software like Anti Virus scanners. There are still scenarios where a file or directory cannot be deleted but the new method should work in more scenarios.
ansible-galaxy search rolename
- give a warning instead of non-zero return code when search results are empty. This is similar to the behavior when listing roles, which gives a warning if a role cannot be found and exits with a return code of0
.ansible_eval_concat
- avoid redundant unsafe wrapping of templated strings converted to Python typespkg_mgr
- fix the default dnf version detection- ansible-config limit shorthand format to assigned values
- ansible-doc - stop generating wrong module URLs for module see-alsos. The URLs for modules in ansible.builtin do now work, and URLs for modules outside ansible.builtin are no longer added (#80280).
- ansible-doc now will correctly display short descriptions on listing filters/tests no matter the directory sorting.
- ansible-galaxy - Improve retries for collection installs, to properly retry, and extend retry logic to common URL related connection errors (#80170 #80174)
- ansible-galaxy - fix installing collections from directories that have a trailing path separator (#77803).
- ansible-galaxy - fix installing collections in git repositories/directories which contain a MANIFEST.json file (#79796).
- ansible-galaxy - fix installing signed collections (#80648).
- ansible-galaxy - make initial call to Galaxy server on-demand only when installing, getting info about, and listing roles.
- ansible-galaxy - reduce API calls to servers by fetching signatures only for final candidates.
- ansible-galaxy collection install - respect symlinks when installing from source or local repository (#78442)
- ansible-galaxy collection verify - fix verifying signed collections when the keyring is not configured.
- ansible-galaxy collection/role init - preserve symlinks (#39334).
- ansible-galaxy role info - fix unhandled AttributeError by catching the correct exception.
- ansible-inventory will no longer duplicate host entries if they were part of a group's childrens tree.
- ansible-inventory will not explicitly sort groups/hosts anymore, giving a chance (depending on output format) to match the order in the input sources.
- ansible-playbook -K breaks when passwords have quotes (#79836).
- ansible-test - Add
wheel < 0.38.0
constraint for Python 3.6 and earlier. - ansible-test - Add support for
argcomplete
version 3. - ansible-test - Add support for
pytest
assertion rewriting when running unit tests on Python 3.5 and later. Resolves issue #68032 - ansible-test - Added a work-around for a traceback under Python 3.11 when completing certain command line options.
- ansible-test - Allow disabled, unsupported, unstable and destructive integration test targets to be selected using their respective prefixes.
- ansible-test - Allow unstable tests to run when targeted changes are made and the
--allow-unstable-changed
option is specified (resolves #74213). - ansible-test - Always indicate the Python version being used before installing requirements. Resolves issue #72855
- ansible-test - Avoid using
exec
after container startup when possible. This improves container startup performance and avoids intermittent startup issues with some old containers. - ansible-test - Connection attempts to managed remote instances no longer abort on
Permission denied
errors. - ansible-test - Detection for running in a Podman or Docker container has been fixed to detect more scenarios. The new detection relies on
/proc/self/mountinfo
instead of/proc/self/cpuset
. Detection now works with custom cgroups and private cgroup namespaces. - ansible-test - Exclude ansible-core vendored Python packages from ansible-test payloads.
- ansible-test - Fix broken documentation link for
aws
test plugin error messages. - ansible-test - Fix validate-modules error when retrieving PowerShell argspec when retrieved inside a Cmdlet
- ansible-test - Handle server errors when executing the
docker info
command. - ansible-test - Integration test target prefixes defined in a
tests/integration/target-prefixes.{group}
file can now contain an underscore (_
) character. Resolves issue #79225 - ansible-test - Multiple containers now work under Podman without specifying the
--docker-network
option. - ansible-test - Pass the
XDG_RUNTIME_DIR
environment variable through to container commands. - ansible-test - Perform PyPI proxy configuration after instances are ready and bootstrapping has been completed. Only target instances are affected, as controller instances were already handled this way. This avoids proxy configuration errors when target instances are not yet ready for use.
- ansible-test - Prevent concurrent / repeat inspections of the same container image.
- ansible-test - Prevent concurrent / repeat pulls of the same container image.
- ansible-test - Prevent concurrent execution of cached methods.
- ansible-test - Removed pointless comparison in diff evaluation logic.
- ansible-test - Set
PYLINTHOME
for thepylint
sanity test to prevent failures due topylint
checking for the existence of an obsolete home directory. - ansible-test - Show the exception type when reporting errors during instance provisioning.
- ansible-test - Support Podman 4.4.0+ by adding the
SYS_CHROOT
capability when running containers. - ansible-test - Support loading of vendored Python packages from ansible-core.
- ansible-test - The
validate-modules
sanity test now properly enforces documentation before imports for plugins. Previously this was only enforced for modules due to a coding error. - ansible-test - Update
pylint
to 2.17.2 to resolve several possible false positives. - ansible-test - Update
pylint
to 2.17.3 to resolve several possible false positives. - ansible-test - Update the
pylint
sanity test requirements to resolve crashes on Python 3.11. (#78882) - ansible-test - Update the
pylint
sanity test to use version 2.15.4. - ansible-test - Update the
pylint
sanity test to use version 2.15.5. - ansible-test - Use consistent file permissions when delegating tests to a container or remote host. Files with any execute bit set will use permissions
755
. All other files will use permissions644
. (Resolves issue #75079) - ansible-test - When bootstrapping remote FreeBSD instances, use the OS packaged
setuptools
instead of installing the latest version from PyPI. - ansible-test - fix warning message about failing to run an image to include the image name
- ansible-test runtime-metadata sanity test - do not crash on YAML parsing errors without a context mark (#78802).
- ansible-test sanity - correctly report invalid YAML in validate-modules (#75837).
- ansible-vault encrypt_string - started appending a line feed at the end of the encrypted string output. Missing newline character caused problems identifying where the string ends in some shells (like bash) or accidentally copying an extra trailing terminator symbol (e.g., zsh prints out a
%
sign to signal where the original output stops) (#78932). - ansible_facts.hardware - Define all processor facts on s390x (#19755)
- apt - set locale to fix updating the cache (#79523).
- apt module should not traceback on invalid type given as package. issue 78663.
- apt_repository will no longer fail to detect key when unrelated errors/warnings are issued by apt-key.
- argument spec validation - again report deprecated parameters for Python-based modules. This was accidentally removed in ansible-core 2.11 when argument spec validation was refactored (#79680, #79681).
- argument spec validation - ensure that deprecated aliases in suboptions are also reported (#79740).
- argument spec validation - fix warning message when two aliases of the same option are used for suboptions to also mention the option's name they are in (#79740).
- basic.py module_utils - Perform Python version check much earlier to ensure it runs before other errors occur.
- connection local now avoids traceback on invalid user being used to execuet ansible (valid in host, but not in container).
- copy - fix creating the dest directory in check mode with remote_src=True (#78611).
- copy - fix reporting changes to file attributes in check mode with remote_src=True (#77957).
- copy module will no longer move 'non files' set as src when remote_src=true.
- copy remote_src=true - fix copying subdirs recursively when the dest exists and the src and dest have multiple common subdirectories in a common directory (#74536).
- copy remote_src=true - fix reporting changed for copying empty directories.
- display - reduce risk of post-fork output deadlocks (#79522)
- dnf5 - Use
transaction.check_gpg_signatures
API call to check package signatures AND possibly to recover from when keys are missing. - dnf5 - fix module and package names in the message following failed module respawn attempt
- dnf5 - use the logs API to determine transaction problems
- file - touch action in check mode was always returning ok. Fix now evaluates the different conditions and returns the appropriate changed status. (#79360)
- file lookup now handles missing files more gracefully.
- file lookup now plays nice with generic lookup
errors
option. - get_url - Ensure we are passing ciphers to all url_get calls (#79717)
- get_url module - Added a documentation reference to
hashlib
regarding algorithms, as well as a note aboutmd5
support on systems running in FIPS compliant mode. - get_url module - Removed out-of-date documentation stating that
hashlib
is a third-party library. - handlers - fix
v2_playbook_on_notify
callback not being called when notifying handlers - handlers - fix an issue where the
flush_handlers
meta task could not be used with FQCN:ansible.builtin.meta
(#79023) - include_role - Inherit from role parents beyond a depth of 3 (#47023).
- jinja2_native - fix intermittent 'could not find job' failures when a value of
ansible_job_id
from a result of an async task was inadvertently changed during execution; to prevent this a format ofansible_job_id
was changed. - jinja2_native: preserve quotes in strings (#79083)
- keyword inheritance - Ensure that we do not squash keywords in validate (#79021)
- known_hosts - do not return changed status when a non-existing key is removed (#78598)
- list-tags now shows the 'never' tag, which was being excluded by default. To list all tasks you still need to add --list-tasks --tags never,all.
- loops/delegate_to - Do not double calculate the values of loops and
delegate_to
(#80038) - module responses - Ensure that module responses are utf-8 adhereing to JSON RFC and expectations of the core code.
- module/role argument spec - validate the type for options that are None when the option is required or has a non-None default (#79656).
- module_utils/basic.py - Fix detection of available hashing algorithms on Python 3.x. All supported algorithms are now available instead of being limited to a hard-coded list. This affects modules such as
get_url
which accept an arbitrary checksum algorithm. - normal action plugin - remove obsolete
if
(#79690). - omit on keywords was resetting to default value, ignoring inheritance.
- paramiko - Add a new option to allow paramiko >= 2.9 to easily work with all devices now that rsa-sha2 support was added to paramiko, which prevented communication with numerous platforms. (#76737)
- paramiko - Add back support for
ssh_args
,ssh_common_args
, andssh_extra_args
for parsing theProxyCommand
(#78750) - paramiko connection was still using outdated playcontext, this should bring it up to date to use the 'correct' data for each task/loop.
- password lookup now correctly reads stored ident fields.
- password_hash - handle errors using unknown passlib hashtypes more gracefully (#45392).
- pep517 build backend - Use the documented
import_module
import fromimportlib
. - plugin loader, fix detection for existing configuration before initializing for a plugin
- role deduplication - Always create new role object, regardless of deduplication. Deduplication will only affect whether a duplicate call to a role will execute, as opposed to re-using the same object. (#78661)
- roles - Fix templating
public
,allow_duplicates
androlespec_validate
(#80304). - service_facts - Use python re to parse service output instead of grep (#78541)
- strategy plugins now correctly identify bad registered variables, even on skip.
- strategy plugins: get the correctly templated and validated run_once value on strategy linear (#78492)
- syntax check - Limit
--syntax-check
toansible-playbook
only, as that is the only CLI affected by this argument (#80506) - systemd - daemon-reload and daemon-reexec ignore errors when running in a chroot (#79643)
- templates - Fixed
TypeError
when a lookup plugin has an option calledname
. - unarchive - allow relative path for
dest
(#64612) - unarchive - log errors from commands to assist in debugging (#64612)
- updated error messages to include 'acl' and not just mode changes when failing to set required permissions on remote.
- uri - improve JSON content type detection
- user - fix comparing group IDs to existing group names so groups are not always updated (#79956).
- user module - Removed
password_expire_max
from the return docs, as it is not returned. - user module - Removed
password_expire_min
from the return docs, as it is not returned. - validate-modules sanity test - replace semantic markup parsing and validating code with the code from antsibull-docs-parser 0.2.0 (#80406).
- vault - show filename additionally if missing secrets prevents decryption (#79723)
- winrm - Increase the read timeout to 10 seconds later than the operation timeout reducing the chances of a false read timeout
- ansible-test - Additional configuration may be required for certain container host and container combinations. Further details are available in the testing documentation.
- ansible-test - Custom containers with
VOLUME
instructions may be unable to start, when previously the containers started correctly. Remove theVOLUME
instructions to resolve the issue. Containers with this condition will causeansible-test
to emit a warning. - ansible-test - Systems with Podman networking issues may be unable to run containers, when previously the issue went unreported. Correct the networking issues to continue using
ansible-test
with Podman. - ansible-test - Unit tests for collections do not support
pytest
assertion rewriting on Python 2.7. - ansible-test - Using Docker on systems with SELinux may require setting SELinux to permissive mode. Podman should work with SELinux in enforcing mode.
- dnf5 - The DNF5 package manager currently does not provide all functionality to ensure feature parity between the existing
dnf
and the newdnf5
module. As a result the followingdnf5
options are effectively a no-op:cacheonly
,enable_plugin
,disable_plugin
andlock_timeout
.
- commonpath - gets the common path
- normpath - Normalize a pathname
- deb822_repository - Add and remove deb822 formatted repositories
- dnf5 - Manages packages with the I(dnf5) package manager