Ansible 2.7 "In the Light" Release Notes

Topics

v2.7.1
v2.7.0
- Release Summary
- Major Changes
- Minor Changes
- Deprecated Features
- Removed Features (previously deprecated)
- Bugfixes
- New Plugins
  - Callback
  - Connection
  - Inventory
  - Lookup
  - Strategy
- New Modules
  - Cloud
    - amazon
    - azure
    - cloudstack
    - docker
    - google
    - online
    - openstack
    - scaleway
    - vmware
    - vultr
  - Clustering
    - k8s
  - Crypto
    - acme
  - Identity
    - ipa
  - Monitoring
    - zabbix
  - Net Tools
    - nios
  - Network
    - aci
    - cli
    - exos
    - f5
    - fortimanager
    - ftd
    - meraki
    - nos
    - nxos
    - onyx
    - opx
    - panos
    - routeros
    - slxos
    - voss
  - Remote Management
    - cobbler
    - cpm
    - redfish
    - ucs
  - Storage
    - emc
    - ibm
    - netapp
    - purestorage
  - System
  - Web Infrastructure
    - ansible_tower
  - Windows

v2.7.1

Release Summary

Release Date: 2018-10-25

Porting Guide

Minor Changes

Fix yum module to properly check for empty conf_file value
added capability to set the scheme for the consul_kv lookup.
added optional certificate and certificate verification for consul_kv lookups
dnf - properly handle modifying the enable/disable excludes data field
dnf appropriately handles disable_excludes repoid argument
dnf properly honor disable_gpg_check for local (on local disk of remote node) package installation
fix yum module to handle list argument optional empty strings properly
netconf_config - Make default_operation optional in netconf_config module (#46333)
win_nssm - Drop support of literal YAML dictionnary for app_parameters option. Use the key=value; string form instead
yum - properly handle proxy password and username embedded in url
yum/dnf - fail when space separated string of names (#47109)

Bugfixes

Ansible JSON Decoder - Switch from decode to object_hook to support nested use of __ansible_vault and __ansible_unsafe (#45514)
Don't parse parameters and options when state is absent (#45700).
FieldAttribute - Do not use mutable defaults, instead allow supplying a callable for defaults of mutable types (#46824)
Fix an issue with the default telnet prompt handling. The value needs to be escaped otherwise it does not work when converted to bytes.
Fix calling deprecate with correct arguments (#46062).
Fix iterator to list conversion in ldap_entry module.
Fix nxos_ospf_vrf module auto-cost idempotency and module check mode (#47190).
Fix pip module so that it can recognize multiple extras
Fix prompt mismatch issue for ios (#47004)
Fix the issue with refreshing the token by storing Authorization header inside HttpApi connection plugin.
Fix the quoting of vhost and other names in rabbitmq_binding
Fix the win_reboot plugin so that the post_reboot_delay parameter is honored
Fixed an issue with ansible-doc -l failing when parsing some plugin documentation.
Fixed: Appropriate code to expand value was missing so assigning SSL certificate is not working as described in the documentation. #45830
Fixes an error that occurs when attempting to see if the netns already exists on the remote device. This change will now execute ip netns list and check if the desired namespace is in the output.
Give user better error messages and more information on verbose about inventory plugin behaviour
Hardware fact gathering now completes on Solaris 8. Previously, it aborted with error Argument 'args' to run_command must be list or string.
Ignore empty result of rabbitmqctl list_user_permissions.
In systemd module, allow scope to default to 'system'
In systemd module, fix check if a systemd+initd service is enabled - disabled in systemd means disabled
Only access EC2 volume tags when set
Only delete host key from redis in-memory cache if present.
PLUGIN_FILTERS_CFG - Ensure that the value is treated as type=path, and that we use the standard section of defaults instead of default (#45994)
Refactor virtual machine disk logic.
Restore SIGPIPE to SIG_DFL when creating subprocesses to avoid it being ignored under Python 2.
Rewrite get_resource_pool method for correct resource_pool selection.
The docker_* modules more uniformly check versions of docker-py/docker and (if necessary) the docker API.
Update callbacks to use Ansible's JSON encoder to avoid known serialization issues
Update the signatures of many cliconf plugins' get() methods to support the check_all paramter. Specifically, aireos, aruba, asa, ce, cnos, dellos6, dellos9, dellos10, edgeos, enos, exos, ironware, nos, onyx, routeros, slxos, and voss were updated. This fixes the cli_command module for these platforms
Vultr - fix for unreliable API behaviors resulting in timeouts (#45712).
ansible-connection - Clean up socket files if playbook aborted before connection is started.
ansible-doc, removed local hardcoded listing, now uses the 'central' list from constants and other minor issues
aws_ec2 - fixed issue where cache did not contain the computed groups
aws_ssm_parameter_store - AWS Systems Manager Parameter Store may reach an internal limit before finding the expected parameter, causing misleading results. This is resolved by paginating the describe_parameters call.
azure_rm_deployment - fixed regression that prevents resource group from being created (#45941)
blockinfile - use bytes rather than a native string to prevent a stacktrace in Python 3 when writing to the file (#46237)
chroot connection - Support empty files with copying to target (#36725)
cs_instance - Fix docs and typo in examples (#46035).
cs_instance - Fix host migration without volume (#46115).
delegate_to - When templating delegate_to in a loop, don't use the task for a cache, return a special cache through get_vars allowing looping over a hostvar (#47207)
docker connection - Support empty files with copying to target (#36725)
docker_container - Fix idempotency problems with cap_drop and groups (when numeric group IDs were used).
docker_container - Fix type conversion errors for log_options.
docker_container - Fixing various comparison/idempotency problems related to wrong comparisons. In particular, comparisons for command and entrypoint (both lists) no longer ignore missing elements during idempotency checks.
docker_container - Makes blkio_weight, cpuset_mems, dns_opts and uts options actually work.
docker_container - publish_ports: all was not used correctly when checking idempotency.
docker_container - fail if ipv4_address or ipv6_address is used with a too old docker-py version.
docker_container - fix memory_swappiness documentation.
docker_container - fix behavior of detach: yes if auto_remove: yes is specified.
docker_container - fix idempotency check for published_ports in some special cases.
docker_container - the behavior is improved in case image is not specified, but needed for (re-)creating the container.
docker_network - fixes idempotency issues (#33045) and name substring issue (#32926).
docker_service - correctly parse string values for the scale parameter #45508
docker_volume - fix force and change detection logic. If not both evaluated to True, the volume was not recreated.
dynamic includes - Use the copied and merged task for calculating task vars in the free strategy (#47024)
ec2_group - There can be multiple security groups with the same name in different VPCs. Prior to 2.6 if a target group name was provided, the group matching the name and VPC had highest precedence. Restore this behavior by updated the dictionary with the groups matching the VPC last.
ec2_group - support EC2-Classic by not assuming security groups have VPCs.
ec2_metadata_facts - Parse IAM role name from metadata ARN instead of security credential field.
fetch_url did not always return lower-case header names in case of HTTP errors (#45628).
fix azure_rm_autoscale module can create a schedule with fixed start/end date (#47186)
fix flatten to properly handle multiple lists in lists #46343
get_url - improve code that parses checksums from a file so it is not fragile and reports a helpful error when no matching checksum is found
handlers - fix crash when handler task include tasks
jail connection - Support empty files with copying to target (#36725)
junos - fix terminal prompt regex (#47096)
k8s - allow kubeconfig or context to be set without the other
k8s_facts now returns a resources key in all situations
kubectl connection - Support empty files with copying to target (#36725)
libvirt_lxc connection - Support empty files with copying to target (#36725)
lineinfile - fix index out of range error when using insertbefore on a file with only one line (#46043)
mail - Fix regression when sending mail without TLS/SSL
mysql_*, proxysql_* - PyMySQL (a pure-Python MySQL driver) is now a preferred dependency also supporting Python 3.X.
netconf_config - Fix in confirmed_commit capability in netconf_config modules (#46778)
netconf_config - Fix netconf module_utils dict changed size issue (#46778)
nmcli - fix syntax of vlan modification command (#42322)
nxos_file_copy fix for binary files (#46822).
openssl_csr - fix byte encoding issue on Python 3
openssl_pkcs12 - fix byte encoding issue on Python 3
os_router - enable_snat: no was ignored.
ovirt_host_network - check for empty user_opts (#47283).
ovirt_vm - Check next_run configuration update if exist (#47282).
ovirt_vm - Fix initialization of cloud init (#47354).
ovirt_vm - Fix issue in SSO option (#47312).
ovirt_vm - Fix issue in setting the custom_compatibility_version to NULL (#47388).
pamd: add delete=False to NamedTemporaryFile() fixes OSError on module completion, and removes print statement from module code. (see #47281 and #47080)
pamd: use module.tmpdir for NamedTemporaryFile() (see #47133 and #36954)
postgresql_user - create pretty error message when creating a user without an encrypted password on newer PostgreSQL versions
psexec - Handle socket.error exceptions properly
psexec - give proper error message when the psexec requirements are not installed
psrp - Fix UTF-8 output - #46998
psrp - Fix issue when dealing with unicode values in the output for Python 2
reboot - add reboot_timeout parameter to the list of parameters so it can be used.
reboot - add support for OpenBSD
reboot - use correct syntax for fetching a value from a dict and account for bare Linux systems (#45607 (comment))
reboot - use unicode instead of bytes for stdout and stderr to match the type returned from low_level_execute()
roles - Ensure that we don't overwrite roles that have been registered (from imports) while parsing roles under the roles header (#47454)
route53 - fix CAA record ordering for idempotency.
ssh connection - Support empty files with piped transfer_method (#45426)
templar - Do not strip new lines in native jinja - #46743
unsafe - Add special casing to sets, to support wrapping elements of sets correctly in Python 3 (#47372)
use proper module_util to get Ansible version for Azure requests
user - add documentation on what underlying tools are used on each platform (#44266)
user module - do not pass ssh_key_passphrase on cmdline (CVE-2018-16837)
vmware - honor "wait_for_ip_address" when powering on a VM
vultr_server - fix diff for user data (#45753).
vyos_facts - fix vyos_facts not returning version number issue (#39115)
win_copy - Fix issue where the dest return value would be enclosed in single quote when dest is a folder - #45281
win_nssm - Add missing space between parameters with app_parameters
win_nssm - Correctly escape argument line when a parameter contains spaces, quotes or backslashes
win_nssm - Fix error when several services were given to the dependencies option
win_nssm - Fix extra space added in argument line with app_parameters or app_parameters_free_form when a parameter start by a dash and is followed by a period (#44079)
win_nssm - Fix service not started when state=started (#35442)
win_nssm - Fix several issues and idempotency problems (#44755)
winrm - Only use pexpect for auto kerb auth if it is installed and contains the required kwargs - #43462
zabbix_host - module was failing when zabbix host was updated with new interface and template depending on that interface at the same time
zone connection - Support empty files with copying to target (#36725)

v2.7.0

Release Summary

Release Date: 2018-10-04

Porting Guide

Major Changes

Allow config to enable native jinja types (#32738)
Extends module_defaults by adding a prefix to defaults group/ which denotes a builtin or user-specified list of modules, such as group/aws or group/gcp
New keyword ignore_unreachable for plays and blocks. Allows ignoring tasks that fail due to unreachable hosts, and check results with is unreachable test.
New yumdnf module defines the shared argument specification for both yum and dnf modules and provides an entry point to share code when applicable
Remove support for simplejson (#42761)
Support for running an Ansible controller with Python-2.6 has been dropped. You can still manage machines which use Python-2.6 but you will have to manage them from a machine which has Python-2.7 or Python-3.5 or greater installed. See the porting guide if you need more information.
new yum action plugin enables the yum module to work with both yum3 and dnf-based yum4 by detecting the backend package manager and routing commands through the correct Ansible module for that python API
yum and dnf modules now at feature parity

Minor Changes

ActionBase - removed deprecated _fixup_perms method (#44320)
Add is_boto3_error_code function to module_utils/aws/core.py to make it easier for modules to handle special AWS error codes.
Add use_backend to yum module/action plugin
Added PrivilegeUtil PowerShell module util to easily control Windows Privileges in a process
Added capability to skip ssl verification on zabbix host with dynamic inventory
Added inventory.any_unparsed_is_failed configuration setting. In an inventory with a static hosts file and (say) ec2.py, enabling this setting will cause a failure instead of a warning if ec2.py fails.
Added new filter to generate random MAC addresses from a given string acting as a prefix. Refer to the appropriate entry which has been added to user_guide playbook_filters.rst document.
Added the from_yaml_all filter to parse multi-document yaml strings. Refer to the appropriate entry which as been added to user_guide playbooks_filters.rst document.
Ansible-2.7 changes the Ansiballz strategy for running modules remotely so that invoking a module only needs to invoke python once per module on the remote machine instead of twice.
Better error handling for depsolve and transaction errors in DNF
Changed the prefix of all Vultr modules from vr to vultr (#42942).
Enable installroot tests for yum4(dnf) integration testing, dnf backend now supports that
Explicit encoding for the output of the template module, to be able to generate non-utf8 files from a utf-8 template. (ansible/proposals#121)
File locking feature added, making it possible to gain exclusive access to given file through module_utils.common.file.FileLock (#29962)
Fix dnf handling of autoremove to be compatible with yum
Fix timer in exponential backoff algorithm in vmware.py.
Fixed group action idempotent transactions in dnf backend
Fixed group actions in check mode to report correct changed state
GCP Modules will do home path expansion on service account file paths
In Ansible-2.4 and above, Ansible passes the temporary directory a module should use to the module. This is done via a module parameter (_ansible_tmpdir). An earlier version of this which was also prototyped in Ansible-2.4 development used an environment variable, ANSIBLE_REMOTE_TMP to pass this information to the module instead. When we switched to using a module parameter, the environment variable was left in by mistake. Ansible-2.7 removes that variable. Any third party modules which relied on it should use the module parameter instead.
New config options display_ok_hosts and display_failed_stderr (along with the existing display_skipped_hosts option) allow more fine-grained control over the way that ansible displays output from a playbook (#41058)
Removed an unnecessary import from the AnsiballZ wrapper
Restore module_utils.basic.BOOLEANS variable for backwards compatibility with the module API in older ansible releases.
Setting file attributes (via the file module amongst others) now accepts + and - modifiers to add or remove individual attributes. (#33838)
Switch from zip to bc for certain package install/remove test cases in yum integration tests. The dnf depsolver downgrades python when you uninstall zip which alters the test environment and we have no control over that.
The acme_account and acme_certificate modules now support two backends: the Python cryptograpy module or the OpenSSL binary. By default, the modules detect if a new enough cryptography module is available and use it, with the OpenSSL binary being a fallback. If the detection fails for some reason, the OpenSSL binary backend can be explicitly selected by setting select_crypto_backend to openssl.
The apt, ec2_elb_lb, elb_classic_lb, and unarchive modules have been ported away from using __file__. This is futureproofing as__file__ won't work if we switch to using python -m to invoke modules in the future or if we figure out a way to make a module never touch disk for pipelining purposes.
The password_hash filter supports all parameters of passlib. This allows users to provide a rounds parameter. (#15326)
action plugins strictly accept valid parameters and report invalid parameters
allow user to customize default ansible-console prompt/msg default color
aws_caller_facts - The module now outputs the "account_alias" as well
aws_rds - Add new inventory plugin for RDS instances and clusters to match behavior in the ec2 inventory script.
command module - Add support for check mode when passing creates or removes arguments. (#40428)
dnf - group removal does not work if group was installed with Ansible because of dnf upstream bug https://bugzilla.redhat.com/show_bug.cgi?id=1620324
ec2_group - Add diff mode support with and without check mode. This feature is preview and may change when a common framework is adopted for AWS modules.
elasticsearch_plugin - Add the possibility to use the elasticsearch_plugin installation batch mode to install plugins with advanced privileges without user interaction.
gather_subset - removed deprecated functionality for using comma separated list with gather_subset (#44320)
get_url - implement [expend checksum format to <algorithm>:(<checksum>|<url>)] (#27617)
import_tasks - Do not allow import_tasks to transition to dynamic if the file is missing (#44822)
lineinfile - add warning when using an empty regexp (#29443)
onepassword/onepassword_raw - accept subdomain and vault_password to allow Ansible to unlock 1Password vaults
password_hash is not restricted to the subset provided by crypt.crypt (#17266)
passwordstore - Add backup option when overwriting password (off by default)
puppet - Add support for --debug, --verbose, --summarize #37986
puppet - Add support for setting logdest to both stdout and syslog via 'all'
replace copy.deepcopy in high workload areas with a custom function to improve performance (#44337)
roles - removed deprecated functionality for non YAML role specs (#44320)
roles - removed deprecated special casing functionality of connection, port, and remote_user for role params (#44320)
service - removed deprecated state=running (#44320)
shell module - Add support for check mode when passing creates or removes arguments. (#40428)
sns_topic - Port sns_topic module to boto3 and add an integration test suite.
ssh - reset connection will show a warning instead of failing for older OpenSSH versions
to_nice_json - specify separators to json.dumps to normalize the output between python2 and python3 (#42633)
user - backup shadow file on platforms where the module modifies it directly (#40696)
user module - add a sanity check for the user's password and a more helpful warning message (#43615)
vars_prompt - removed deprecated functionality supporting 'short form' for vars_prompt (#44320)
vault - removed deprecated functionality for insecure VaultAES class (#44320)
win_chocolatey - Add support for installing Chocolatey itself from a source feed
win_chocolatey - Add support for username and password on source feeds
win_chocolatey - Added ability to specify multiple packages as a list in 1 module invocation
win_chocolatey - Removed the need to manually escape double quotes in the proxy username and password
win_chocolatey - Will no longer upgrade Chocolatey in check mode
win_chocolatey - set the rc return value to always be returned, default to 0 #41758
win_disk_image - return a list of mount paths with the return value mount_paths, this will always be a list and contain all mount points in an image
win_psexec - Added the session option to specify a session to start the process in
winrm - change the _reset() method to use reset() that is part of ConnectionBase

Deprecated Features

Modules will no longer be able to rely on the __file__ attribute pointing to a real file. If your third party module is using __file__ for something it should be changed before 2.8. See the 2.7 porting guide for more information.
The skippy, full_skip, actionable, and stderr callback plugins have been deprecated in favor of config options that influence the behavior of the default callback plugin (#41058)
win_disk_image - the return value mount_path is deprecated and will be removed in 2.11, this can be accessed through mount_paths[0] instead.

Removed Features (previously deprecated)

The configuration toggle, merge_multiple_cli_tags, has been removed. This setting controlled whether specifying --tags or --skip-tags multiple times on the commandline would merge the specified tags or use the old behaviour of overwriting the previous entry. The overwriting behaviour was deprecated in 2.3 and the default value of the config option became merge in 2.4.
ec2_facts - deprecated module removed (#44536)
s3 - deprecated module removed (#44537)

Bugfixes

Security Fix - Some connection exceptions would cause no_log specified on a task to be ignored. If this happened, the task information, including any private information could have been displayed to stdout and (if enabled, not the default) logged to a log file specified in ansible.cfg's log_path. Additionally, sites which redirected stdout from ansible runs to a log file may have stored that private information onto disk that way as well. (#41414)
Security Fix - avoid loading host/group vars from cwd when not specifying a playbook or playbook base dir
Security Fix - avoid using ansible.cfg in a world writable dir.
Add ambiguous command check as the error message is not persistent on nexus devices (#45337).
Add argspec to aws_application_scaling_policy module to handle metric specifications, scaling cooldowns, and target values. #45235
Additional checks ensure that there is always a result of hashing passwords in the password_hash filter and vars_prompt, otherwise an error is returned. Some modules (like user module) interprets None as no password at all, which can be dangerous if the password given above is passed directly into those modules.
Allow arbitrary log_driver for docker_container (#33579).
Avoids deprecated functionality of passlib with newer library versions.
Changed the admin_users config option to not include "admin" by default as admin is frequently used for a non-privileged account (#41164)
Fix alt linux detection/matching
Fix an atomic_move error that is 'true', but misleading. Now we show all 3 files involved and clarify what happened.
Fix ec2_group support for multi-account and peered VPC security groups. Reported in https://github.com/ansible/ansible/issue/44788 and fixed in #45296
Fix ecs_taskdefinition handling of changed role_arn. If the task role in a ECS task definition changes ansible should create a new revsion of the task definition. #45317
Fix glob path of rc.d Some distribtuions like SUSE has the rc%.d directories under /etc/init.d
Fix health check parameter handling in elb_target_group per #43244 about health_check_port. Fixed in #45314
Fix lambda_policy updates when principal is an account number. Backport of #44871
Fix lxd module to be idempotent when the given configuration for the lxd container has not changed (#38166)
Fix python2.6 nothing to repeat nxos terminal plugin bug (#45271).
Fix s3_lifecycle module backwards compatibility without providing prefix. Blank prefixes regression was introduced in boto3 rewrite. #45318
Fix terminal plugin regex nxos, iosxr (#45135).
Fix the mount module's handling of swap entries in fstab (#42837)
Fixed an issue where ansible_facts.pkg_mgr would incorrectly set to zypper on Debian/Ubuntu systems that happened to have the command installed.
Fixed runtime module to be able to handle syslog_facility properly when python systemd module installed in a target system. (#41078)
Grafana dashboard module compatible with grafana 5 (#41249)
On Python2, loading config values from environment variables could lead to a traceback if there were nonascii characters present. Converted them to text strings so that no traceback will occur (#43468)
Remove spurious changed=True returns when ec2_group module is used with numeric ports. #45240
Support key names that contain spaces in ec2_metadata_facts module. #45313
The docker_* modules respect the DOCKER_* environment variables again (#42641).
The fix for CVE-2018-10875 prints out a warning message about skipping a config file from a world writable current working directory. However, if the user explicitly specifies that the config file should be used via the ANSIBLE_CONFIG environment variable then Ansible would honor that but still print out the warning message. This has been fixed so that Ansible honors the user's explicit wishes and does not print a warning message in that circumstance.
The fix for CVE-2018-10875 prints out a warning message about skipping a config file from a world writable current working directory. However, if the user is in a world writable current working directory which does not contain a config file, it should not print a warning message. This release fixes that extaneous warning.
The ssh connection plugin was categorizing all 255 exit statuses as an ssh error but modules can return exit code 255 as well. The connection plugin has now been changed to know that certain instances of exit code 255 are not ssh-related. (#41716)
allow custom endpoints to be used in the aws_s3 module (#36832)
allow gathering env exception to work even when injection is off
always correctly template no log for tasks #43294
ansible-galaxy - properly list all roles in roles_path (#43010)
authorized_key now have an option for following symlinks, default behaviour (False) can be changed by setting follow True/False
basic.py - catch ValueError in case a FIPS enabled platform raises this exception - #44447
become runas - changed runas process so it does not create a temporary file on the disk during execution
cloudfront_distribution - replace call to nonexistent method 'validate_distribution_id_from_caller_reference' with 'validate_distribution_from_caller_reference' and set the distribution_id variable to the distribution's 'Id' key.
corrected and clarified 'user' option deprecation in systemd module in favor of 'scope' option.
delegate_to - ensure if we get a non-Task object in _get_delegated_vars, we return early (#44934)
docker_container: fixing working_dir idempotency problem (#42857)
docker_container: makes unit parsing for memory sizes more consistent, and fixes idempotency problem when kernel_memory is set (see #16748 and #42692)
ec2_group - Sanitize the ingress and egress rules before operating on them by flattening any lists within lists describing the target CIDR(s) into a list of strings. Prior to Ansible 2.6 the ec2_group module accepted a list of strings, a list of lists, or a combination of strings and lists within a list. #45594
ec2_vpc_route_table - check the origin before replacing routes. Routes with the origin 'EnableVgwRoutePropagation' may not be replaced.
elasticsearch_plugin - Improve error messages and show stderr of elasticsearch commands
elb_application_lb - Fix a dangerous behavior of deleting an ELB if state was omitted from the task. Now state defaults to 'present', which is typical throughout AWS modules.
elb_target_group - cast target ports to integers before making API calls after the key 'Targets' is in params.
file module - The touch subcommand had its diff output broken during the 2.6.x development cycle. The patch to fix that broke check mode. This is now fixed (#42111)
file module - The touch subcommand had its diff output broken during the 2.6.x development cycle. This is now fixed (#41755)
fix async for the aws_s3 module by adding async support to the action plugin (#40826)
fix azure storage blob cannot create blob container in non-public azure cloud environment. (#35223)
fix azure_rm_autoscale module can use dict to identify target (#45477)
fix decrypting vault files for the aws_s3 module (#39634)
fix default SSL version for docker modules #42897
fix for the bundled selectors module (used in the ssh and local connection plugins) when a syscall is restarted after being interrupted by a signal (#41630)
fix mail module for python 3.7.0 (#44552)
fix nxos_facts indefinite hang for text based output (#45845).
fix the enable_snat parameter that is only supposed to be used by an user with the right policies. #44418
fix the remote tmp folder permissions issue when becoming a non admin user - #41340, #42117
fixed typo in config that prevented keys matching
fixes docker_container check and debug mode (#42380)
flatten filter - use better method of type checking allowing flattening of mutable and non-mutable sequences (#44331)
gce_net - Fix sorting of allowed ports (#41567)
get_url - Don't re-download files unnecessarily when force=no (#45491)
get_url - fix the bug that get_url does not change mode when checksum matches (#29614)
get_url - support remote checksum files with paths specified with leading dots (./path/to/file)
get_url / uri - Use custom rfc2822 date format function instead of locale specific strftime (#44857)
improved block docs
improves docker_container idempotency (#44808)
include - Change order of where the new block is inserted with apply so that apply args are not applied to the include also (#44912)
includes - ensure we do not double register handlers from includes to prevent exception (#44848)
inventory - When using an inventory directory, ensure extension comparison uses text types (#42475)
loop - Ensure that a loop with a when condition that evaluates to false and delegate_to, will short circuit if the loop references an undefined variable. This matches the behavior in the same scenario without delegate_to (#45189)
loop - Ensure we only cache the loop when the task had a loop and delegate_to was templated (#44874)
made irc module python3 compatible #42256
nclu - no longer runs net on empty lines in templates (#43024)
nicer message when we are missing interpreter
password_hash does not hard-code the salt-length, which fixes bcrypt in connection with passlib as bcrypt requires a salt with length 22.
pause - do not set stdout to raw mode when redirecting to a file (#41717)
pause - nest try except when importing curses to gracefully fail if curses is not present (#42004)
plugins/inventory/openstack.py - Do not create group with empty name if region is not set
preseve delegation info on nolog #42344
remove ambiguity when it comes to 'the source'
script inventory plugin - Don't pass file_name to DataLoader.load, which will prevent misleading error messages (#34164)
urls - Only assume GET method if data is empty, otherwise POST
user - Strip trailing comments in /etc/default/passwd (#43931)
user - fix bug that resulted in module always reporting a change when specifiying the home directory on FreeBSD (#42484)
user - use correct attribute name in FreeBSD for creat_home (#42711)
vars_prompt - properly template play level variables in vars_prompt (#37984)
vars_prompt with encrypt does not require passlib for the algorithms supported by crypt.
vault - fix error message encoding, and ensure we present a friendlier error when the EDITOR is missing (#44423)
win_chocolatey - enable TLSv1.2 support when downloading the Chocolatey installer #41906
win_chocolatey - fix issue where state=downgrade would upgrade a package if no version was set
win_domain - ensure the Netlogon service is up and running after promoting host to controller - #39235
win_domain - fixes typo in one of the AD cmdlets #41536
win_domain_computer - fixed deletion of computer active directory object that have dependent objects (#44500)
win_domain_controller - ensure the Netlogon service is up and running after promoting host to controller - #39235
win_group_membership - fix intermittent issue where it failed to convert the ADSI object to the .NET object after using it once
win_iis_webapppool - redirect some module output to null so Ansible can read the output JSON #40874
win_lineinfile - changed -Path to -LiteralPath so that square brackes in the path are interpreted literally - #44508
win_psexec - changed code to not escape the command option when building the args - #43839
win_reboot - fix for handling an already scheduled reboot and other minor log formatting issues
win_reboot - fix issue when overridding connection timeout hung the post reboot uptime check - #42185 #42294
win_reboot - handle post reboots when running test_command - #41713
win_say - fix syntax error in module and get tests working
win_security_policy - allows an empty string to reset a policy value #40869
win_updates - Fixed issue where running win_updates on async fails without any error
win_updates - fixed module return value is lost in error in some cases (#42647)
win_uri: Fix support for JSON output when charset is set
win_user - Use LogonUser to validate the password as it does not rely on SMB/RPC to be available #24884
win_wait_for - fix issue where timeout doesn't wait unless state=drained - #43446
winrm - ensure pexpect is set to not echo the input on a failure and have a manual sanity check afterwards #41865
winrm - running async with become on a Server 2008 or 2008 R2 host will now work

New Plugins

Callback

counter_enabled - adds counters to the output items (tasks and hosts/task)
logdna - Sends playbook logs to LogDNA
splunk - Sends task result events to Splunk HTTP Event Collector

Connection

psrp - Run tasks over Microsoft PowerShell Remoting Protocol

Inventory

tower - Ansible dynamic inventory plugin for Ansible Tower.

Lookup

cpm_metering - Get Power and Current data from WTI OOB/Combo and PDU devices
cpm_status - Get status and parameters from WTI OOB and PDU devices.
grafana_dashboard - list or search grafana dashboards
nios_next_network - Return the next available network range for a network-container

Strategy

host_pinned - Executes tasks on each host without interruption

New Modules

Cloud

amazon

aws_eks_cluster - Manage Elastic Kubernetes Service Clusters
cloudformation_stack_set - Manage groups of CloudFormation stacks
elb_target_facts - Gathers which target groups a target is associated with.
rds_instance - Manage RDS instances

azure

azure_rm_appgateway - Manage Application Gateway instance.
azure_rm_appserviceplan - Manage App Service Plan
azure_rm_appserviceplan_facts - Get azure app service plan facts.
azure_rm_autoscale - Manage Azure autoscale setting.
azure_rm_autoscale_facts - Get Azure Auto Scale Setting facts.
azure_rm_containerregistry_facts - Get Azure Container Registry facts.
azure_rm_mysqldatabase_facts - Get Azure MySQL Database facts.
azure_rm_mysqlserver_facts - Get Azure MySQL Server facts.
azure_rm_postgresqldatabase_facts - Get Azure PostgreSQL Database facts.
azure_rm_postgresqlserver_facts - Get Azure PostgreSQL Server facts.
azure_rm_route - Manage Azure route resource.
azure_rm_routetable - Manage Azure route table resource.
azure_rm_routetable_facts - Get route table facts.
azure_rm_sqlfirewallrule - Manage Firewall Rule instance.
azure_rm_trafficmanagerendpoint - Manage Azure Traffic Manager endpoint.
azure_rm_trafficmanagerendpoint_facts - Get Azure Traffic Manager endpoint facts
azure_rm_trafficmanagerprofile - Manage Azure Traffic Manager profile.
azure_rm_trafficmanagerprofile_facts - Get Azure Traffic Manager profile facts
azure_rm_virtualmachine_facts - Get virtual machine facts.
azure_rm_webapp - Manage Web App instance.
azure_rm_webapp_facts - Get azure web app facts.

cloudstack

cs_disk_offering - Manages disk offerings on Apache CloudStack based clouds.

docker

docker_swarm - Manage Swarm cluster
docker_swarm_service - docker swarm service

google

gcp_compute_address_facts - Gather facts for GCP Address
gcp_compute_backend_bucket_facts - Gather facts for GCP BackendBucket
gcp_compute_backend_service_facts - Gather facts for GCP BackendService
gcp_compute_disk_facts - Gather facts for GCP Disk
gcp_compute_firewall_facts - Gather facts for GCP Firewall
gcp_compute_forwarding_rule_facts - Gather facts for GCP ForwardingRule
gcp_compute_global_address_facts - Gather facts for GCP GlobalAddress
gcp_compute_global_forwarding_rule_facts - Gather facts for GCP GlobalForwardingRule
gcp_compute_health_check_facts - Gather facts for GCP HealthCheck
gcp_compute_http_health_check_facts - Gather facts for GCP HttpHealthCheck
gcp_compute_https_health_check_facts - Gather facts for GCP HttpsHealthCheck
gcp_compute_image_facts - Gather facts for GCP Image
gcp_compute_instance_facts - Gather facts for GCP Instance
gcp_compute_instance_group_facts - Gather facts for GCP InstanceGroup
gcp_compute_instance_group_manager_facts - Gather facts for GCP InstanceGroupManager
gcp_compute_instance_template_facts - Gather facts for GCP InstanceTemplate
gcp_compute_network_facts - Gather facts for GCP Network
gcp_compute_route_facts - Gather facts for GCP Route
gcp_compute_router - Creates a GCP Router
gcp_compute_router_facts - Gather facts for GCP Router
gcp_compute_ssl_certificate_facts - Gather facts for GCP SslCertificate
gcp_compute_ssl_policy - Creates a GCP SslPolicy
gcp_compute_ssl_policy_facts - Gather facts for GCP SslPolicy
gcp_compute_subnetwork_facts - Gather facts for GCP Subnetwork
gcp_compute_target_http_proxy_facts - Gather facts for GCP TargetHttpProxy
gcp_compute_target_https_proxy_facts - Gather facts for GCP TargetHttpsProxy
gcp_compute_target_pool_facts - Gather facts for GCP TargetPool
gcp_compute_target_ssl_proxy_facts - Gather facts for GCP TargetSslProxy
gcp_compute_target_tcp_proxy_facts - Gather facts for GCP TargetTcpProxy
gcp_compute_target_vpn_gateway - Creates a GCP TargetVpnGateway
gcp_compute_target_vpn_gateway_facts - Gather facts for GCP TargetVpnGateway
gcp_compute_url_map_facts - Gather facts for GCP UrlMap
gcp_compute_vpn_tunnel - Creates a GCP VpnTunnel
gcp_compute_vpn_tunnel_facts - Gather facts for GCP VpnTunnel
gcp_spanner_database - Creates a GCP Database
gcp_spanner_instance - Creates a GCP Instance
gcp_sql_database - Creates a GCP Database
gcp_sql_instance - Creates a GCP Instance
gcp_sql_user - Creates a GCP User

online

online_user_facts - Gather facts about Online user.

openstack

os_coe_cluster_template - Add/Remove COE cluster template from OpenStack Cloud
os_listener - Add/Delete a listener for a load balancer from OpenStack Cloud
os_loadbalancer - Add/Delete load balancer from OpenStack Cloud
os_member - Add/Delete a member for a pool in load balancer from OpenStack Cloud
os_pool - Add/Delete a pool in the load balancing service from OpenStack Cloud

scaleway

scaleway_image_facts - Gather facts about the Scaleway images available.
scaleway_ip_facts - Gather facts about the Scaleway ips available.
scaleway_organization_facts - Gather facts about the Scaleway organizations available.
scaleway_security_group_facts - Gather facts about the Scaleway security groups available.
scaleway_server_facts - Gather facts about the Scaleway servers available.
scaleway_snapshot_facts - Gather facts about the Scaleway snapshots available.
scaleway_volume - Scaleway volumes management module
scaleway_volume_facts - Gather facts about the Scaleway volumes available.

vmware

vmware_about_facts - Provides information about VMware server to which user is connecting to
vmware_category - Manage VMware categories
vmware_category_facts - Gather facts about VMware tag categories
vmware_deploy_ovf - Deploys a VMware virtual machine from an OVF or OVA file
vmware_guest_boot_facts - Gather facts about boot options for the given virtual machine
vmware_guest_boot_manager - Manage boot options for the given virtual machine
vmware_guest_custom_attribute_defs - Manage custom attributes definitions for virtual machine from VMWare
vmware_guest_custom_attributes - Manage custom attributes from VMWare for the given virtual machine
vmware_guest_move - Moves virtual machines in vCenter
vmware_host_ntp_facts - Gathers facts about NTP configuration on an ESXi host
vmware_host_ssl_facts - Gather facts of ESXi host system about SSL
vmware_local_role_facts - Gather facts about local roles on an ESXi host

vultr

vultr_block_storage - Manages block storage volumes on Vultr.
vultr_block_storage_facts - Gather facts about the Vultr block storage volumes available.
vultr_dns_domain_facts - Gather facts about the Vultr DNS domains available.
vultr_firewall_group_facts - Gather facts about the Vultr firewall groups available.
vultr_network - Manages networks on Vultr.
vultr_network_facts - Gather facts about the Vultr networks available.
vultr_os_facts - Gather facts about the Vultr OSes available.
vultr_plan_facts - Gather facts about the Vultr plans available.
vultr_region_facts - Gather facts about the Vultr regions available.
vultr_server_facts - Gather facts about the Vultr servers available.
vultr_ssh_key_facts - Gather facts about the Vultr SSH keys available.
vultr_startup_script_facts - Gather facts about the Vultr startup scripts available.
vultr_user_facts - Gather facts about the Vultr user available.

Clustering

k8s

k8s_facts - Describe Kubernetes (K8s) objects

Crypto

certificate_complete_chain - Complete certificate chain given a set of untrusted and root certificates
openssl_pkcs12 - Generate OpenSSL PKCS#12 archive.

acme

acme_account_facts - Retrieves information on ACME accounts
acme_certificate_revoke - Revoke certificates with the ACME protocol
acme_challenge_cert_helper - Prepare certificates required for ACME challenges such as C(tls-alpn-01)

Identity

onepassword_facts - Fetch facts from 1Password items

ipa

ipa_config - Manage Global FreeIPA Configuration Settings
ipa_vault - Manage FreeIPA vaults

Monitoring

zabbix

zabbix_host_facts - Gather facts about Zabbix host

Net Tools

netcup_dns - manage Netcup DNS records

nios

nios_a_record - Configure Infoblox NIOS A records
nios_cname_record - Configure Infoblox NIOS CNAME records
nios_mx_record - Configure Infoblox NIOS MX records
nios_naptr_record - Configure Infoblox NIOS NAPTR records
nios_ptr_record - Configure Infoblox NIOS PTR records
nios_srv_record - Configure Infoblox NIOS SRV records
nios_txt_record - Configure Infoblox NIOS txt records

Network

aci

aci_interface_policy_ospf - Manage OSPF interface policies (ospf:IfPol)

cli

cli_command - Run a cli command on cli-based network devices
cli_config - Push text based configuration to network devices over network_cli

exos

exos_config - Manage Extreme Networks EXOS configuration sections
exos_facts - Collect facts from devices running Extreme EXOS

f5

bigip_appsvcs_extension - Manage application service deployments
bigip_cli_alias - Manage CLI aliases on a BIG-IP
bigip_cli_script - Manage CLI scripts on a BIG-IP
bigip_device_auth - Manage system authentication on a BIG-IP
bigip_device_facts - Collect facts from F5 BIG-IP devices
bigip_firewall_dos_profile - Manage AFM DoS profiles on a BIG-IP
bigip_firewall_policy - Manage AFM security firewall policies on a BIG-IP
bigip_firewall_rule - Manage AFM Firewall rules
bigip_firewall_rule_list - Manage AFM security firewall policies on a BIG-IP
bigip_monitor_dns - Manage DNS monitors on a BIG-IP
bigip_profile_http - Manage HTTP profiles on a BIG-IP
bigip_profile_http_compression - Manage HTTP compression profiles on a BIG-IP
bigip_profile_oneconnect - Manage OneConnect profiles on a BIG-IP
bigip_profile_persistence_src_addr - Manage source address persistence profiles
bigip_remote_role - Manage remote roles on a BIG-IP
bigip_software_image - Manage software images on a BIG-IP
bigip_software_install - Install software images on a BIG-IP
bigip_tunnel - Manage tunnels on a BIG-IP
bigiq_utility_license_assignment - Manage utility license assignment on BIG-IPs from a BIG-IQ

fortimanager

fmgr_provisioning - Provision devices via FortiMananger

ftd

ftd_configuration - Manages configuration on Cisco FTD devices over REST API
ftd_file_download - Downloads files from Cisco FTD devices over HTTP(S)
ftd_file_upload - Uploads files to Cisco FTD devices over HTTP(S)

meraki

meraki_config_template - Manage configuration templates in the Meraki cloud
meraki_device - Manage devices in the Meraki cloud
meraki_mr_l3_firewall - Manage MR access point layer 3 firewalls in the Meraki cloud
meraki_mx_l3_firewall - Manage MX appliance layer 3 firewalls in the Meraki cloud
meraki_ssid - Manage wireless SSIDs in the Meraki cloud
meraki_switchport - Manage switchports on a switch in the Meraki cloud
meraki_vlan - Manage VLANs in the Meraki cloud

nos

nos_command - Run commands on remote devices running Extreme Networks NOS
nos_config - Manage Extreme Networks NOS configuration sections
nos_facts - Collect facts from devices running Extreme NOS

nxos

nxos_rpm - Install patch or feature rpms on Cisco NX-OS devices.

onyx

onyx_igmp - Configures IGMP globl parameters

opx

opx_cps - CPS operations on networking device running Openswitch (OPX)

panos

panos_set - Execute arbitrary commands on a PAN-OS device using XPath and element

routeros

routeros_command - Run commands on remote devices running MikroTik RouterOS

slxos

slxos_lldp - Manage LLDP configuration on Extreme Networks SLX-OS network devices.

voss

voss_command - Run commands on remote devices running Extreme VOSS
voss_facts - Collect facts from remote devices running Extreme VOSS

Remote Management

cobbler

cobbler_sync - Sync Cobbler
cobbler_system - Manage system objects in Cobbler

cpm

cpm_user - Get various status and parameters from WTI OOB and PDU devices

redfish

redfish_command - Manages Out-Of-Band controllers using Redfish APIs
redfish_config - Manages Out-Of-Band controllers using Redfish APIs
redfish_facts - Manages Out-Of-Band controllers using Redfish APIs

ucs

ucs_ntp_server - Configures NTP server on Cisco UCS Manager
ucs_storage_profile - Configures storage profiles on Cisco UCS Manager
ucs_timezone - Configures timezone on Cisco UCS Manager
ucs_uuid_pool - Configures server UUID pools on Cisco UCS Manager

Storage

emc

emc_vnx_sg_member - Manage storage group member on EMC VNX

ibm

ibm_sa_host - Adds hosts to or removes them from IBM Spectrum Accelerate storage systems.
ibm_sa_pool - Handles pools on an IBM Spectrum Accelerate storage array.
ibm_sa_vol - Handle volumes on an IBM Spectrum Accelerate storage array

netapp

na_elementsw_access_group - NetApp Element Software Manage Access Groups
na_elementsw_account - NetApp Element Software Manage Accounts
na_elementsw_admin_users - NetApp Element Software Manage Admin Users
na_elementsw_backup - NetApp Element Software Create Backups
na_elementsw_check_connections - NetApp Element Software Check connectivity to MVIP and SVIP.
na_elementsw_cluster - NetApp Element Software Create Cluster
na_elementsw_cluster_pair - NetApp Element Software Manage Cluster Pair
na_elementsw_drive - NetApp Element Software Manage Node Drives
na_elementsw_ldap - NetApp Element Software Manage ldap admin users
na_elementsw_network_interfaces - NetApp Element Software Configure Node Network Interfaces
na_elementsw_node - NetApp Element Software Node Operation
na_elementsw_snapshot - NetApp Element Software Manage Snapshots
na_elementsw_snapshot_restore - NetApp Element Software Restore Snapshot
na_elementsw_snapshot_schedule - NetApp Element Software Snapshot Schedules
na_elementsw_vlan - NetApp Element Software Manage VLAN
na_elementsw_volume - NetApp Element Software Manage Volumes
na_elementsw_volume_clone - NetApp Element Software Create Volume Clone
na_elementsw_volume_pair - NetApp Element Software Volume Pair
na_ontap_autosupport - NetApp ONTAP manage Autosupport
na_ontap_cg_snapshot - NetApp ONTAP manage consistency group snapshot
na_ontap_cluster_peer - NetApp ONTAP Manage Cluster peering
na_ontap_command - NetApp ONTAP Run any cli command
na_ontap_disks - NetApp ONTAP Assign disks to nodes
na_ontap_dns - NetApp ONTAP Create, delete, modify DNS servers.
na_ontap_fcp - NetApp ONTAP Start, Stop and Enable FCP services.
na_ontap_firewall_policy - NetApp ONTAP Manage a firewall policy
na_ontap_gather_facts - NetApp information gatherer
na_ontap_motd - Setup motd on cDOT
na_ontap_node - NetApp ONTAP Rename a node.
na_ontap_snapmirror - NetApp ONTAP Manage SnapMirror
na_ontap_software_update - NetApp ONTAP Update Software
na_ontap_svm_options - NetApp ONTAP Modify SVM Options
na_ontap_vserver_peer - NetApp ONTAP Vserver peering
netapp_e_alerts - NetApp E-Series manage email notification settings
netapp_e_asup - NetApp E-Series manage auto-support settings
netapp_e_auditlog - NetApp E-Series manage audit-log configuration
netapp_e_global - NetApp E-Series manage global settings configuration
netapp_e_iscsi_interface - NetApp E-Series manage iSCSI interface configuration
netapp_e_iscsi_target - NetApp E-Series manage iSCSI target configuration
netapp_e_ldap - NetApp E-Series manage LDAP integration to use for authentication
netapp_e_mgmt_interface - NetApp E-Series management interface configuration
netapp_e_syslog - NetApp E-Series manage syslog settings

purestorage

purefb_facts - Collect facts from Pure Storage FlashBlade

System

java_keystore - Create or delete a Java keystore in JKS format.
python_requirements_facts - Show python path and assert dependency versions
reboot - Reboot a machine

Web Infrastructure

ansible_tower

tower_credential_type - Create, update, or destroy custom Ansible Tower credential type.
tower_inventory_source - create, update, or destroy Ansible Tower inventory source.
tower_settings - Modify Ansible Tower settings.
tower_workflow_template - create, update, or destroy Ansible Tower workflow template.

Windows

win_chocolatey_config - Manages Chocolatey config settings
win_chocolatey_feature - Manages Chocolatey features
win_chocolatey_source - Manages Chocolatey sources
win_wait_for_process - Waits for a process to exist or not exist before continuing.
win_xml - Add XML fragment to an XML parent

Files

CHANGELOG-v2.7.rst

Latest commit

History

CHANGELOG-v2.7.rst

File metadata and controls

Ansible 2.7 "In the Light" Release Notes