Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

mqtt: make tls_version configurable #22034

Closed
lemoer opened this issue Feb 28, 2017 · 3 comments

Comments

Projects
None yet
5 participants
@lemoer
Copy link

commented Feb 28, 2017

ISSUE TYPE
  • Bug Report
  • Feature Idea
COMPONENT NAME

mqtt

ANSIBLE VERSION
2.3.0
CONFIGURATION
OS / ENVIRONMENT

ArchLinux

SUMMARY

I think this is both: a feature request and a bug report. I suggest the following:

--- mqtt.py	2017-02-28 03:44:10.781759356 +0100
+++ modules/notification/mqtt.py	2017-02-28 04:02:55.077279631 +0100
@@ -192,21 +192,16 @@
     tls=None
     if ca_certs is not None:
         tls = {'ca_certs': ca_certs, 'certfile': certfile,
-               'keyfile': keyfile}
+               'keyfile': keyfile, "tls_version": tls_version}

with tls_version as configurable option from inside the role.

STEPS TO REPRODUCE

Here seems nothing really special. Nearly the suggested config in ansible-doc:

- hosts: foo03
  tasks:
  - name: foobar
    mqtt:
      topic: '/node/s/bar/blub'
      payload: '{{ ansible_fqdn }}'
      qos: 1
      client_id: me001
      ca_certs: ssl/ca.crt
      certfile: ssl/client.crt
      keyfile: ssl/client.key
      server: server
      port: "1883"
    delegate_to: localhost

paho.mqtt.__version__ = 1.2

EXPECTED RESULTS

A running playbook

ACTUAL RESULTS

Without setting a tls_version I get this exception:

The full traceback is:
Traceback (most recent call last):
  File "/tmp/ansible_8ufk80/ansible_module_mqtt.py", line 218, in <module>
    main()
  File "/tmp/ansible_8ufk80/ansible_module_mqtt.py", line 208, in main
    raise e
TypeError: an integer is required

fatal: [sn03 -> localhost]: FAILED! => {
    "changed": false, 
    "failed": true, 
    "module_stderr": "Traceback (most recent call last):\n  File \"/tmp/ansible_8ufk80/ansible_module_mqtt.py\", line 218, in <module>\n    main()\n  File \"/tmp/ansible_8ufk80/ansible_module_mqtt.py\", line 208, in main\n    raise e\nTypeError: an integer is required\n", 
    "module_stdout": "", 
    "msg": "MODULE FAILURE", 
    "rc": 0
}

After removing the catch-all statement, I get the following stacktrace:

The full traceback is:
Traceback (most recent call last):
  File "/tmp/ansible_Nn0dqs/ansible_module_mqtt.py", line 213, in <module>
    main()
  File "/tmp/ansible_Nn0dqs/ansible_module_mqtt.py", line 204, in main
    tls=tls)
  File "/usr/lib/python2.7/site-packages/paho/mqtt/publish.py", line 223, in single
    multiple([msg], hostname, port, client_id, keepalive, will, auth, tls, protocol, transport)
  File "/usr/lib/python2.7/site-packages/paho/mqtt/publish.py", line 174, in multiple
    client.connect(hostname, port, keepalive)
  File "/usr/lib/python2.7/site-packages/paho/mqtt/client.py", line 686, in connect
    return self.reconnect()
  File "/usr/lib/python2.7/site-packages/paho/mqtt/client.py", line 821, in reconnect
    ciphers=self._tls_ciphers)
  File "/usr/lib/python2.7/ssl.py", line 943, in wrap_socket
    ciphers=ciphers)
  File "/usr/lib/python2.7/ssl.py", line 549, in __init__
    self._context = SSLContext(ssl_version)
  File "/usr/lib/python2.7/ssl.py", line 347, in __new__
    self = _SSLContext.__new__(cls, protocol)
TypeError: an integer is required

fatal: [sn03 -> localhost]: FAILED! => {
    "changed": false, 
    "failed": true, 
    "module_stderr": "Traceback (most recent call last):\n  File \"/tmp/ansible_Nn0dqs/ansible_module_mqtt.py\", line 213, in <module>\n    main()\n  File \"/tmp/ansible_Nn0dqs/ansible_module_mqtt.py\", line 204, in main\n    tls=tls)\n  File \"/usr/lib/python2.7/site-packages/paho/mqtt/publish.py\", line 223, in single\n    multiple([msg], hostname, port, client_id, keepalive, will, auth, tls, protocol, transport)\n  File \"/usr/lib/python2.7/site-packages/paho/mqtt/publish.py\", line 174, in multiple\n    client.connect(hostname, port, keepalive)\n  File \"/usr/lib/python2.7/site-packages/paho/mqtt/client.py\", line 686, in connect\n    return self.reconnect()\n  File \"/usr/lib/python2.7/site-packages/paho/mqtt/client.py\", line 821, in reconnect\n    ciphers=self._tls_ciphers)\n  File \"/usr/lib/python2.7/ssl.py\", line 943, in wrap_socket\n    ciphers=ciphers)\n  File \"/usr/lib/python2.7/ssl.py\", line 549, in __init__\n    self._context = SSLContext(ssl_version)\n  File \"/usr/lib/python2.7/ssl.py\", line 347, in __new__\n    self = _SSLContext.__new__(cls, protocol)\nTypeError: an integer is required\n", 
    "module_stdout": "", 
    "msg": "MODULE FAILURE", 
    "rc": 0
}
@ansibot

This comment has been minimized.

Copy link
Contributor

commented Feb 28, 2017

@caphrim007

This comment has been minimized.

Copy link
Contributor

commented Jun 22, 2019

I've only been able to reproduce this error if I write a separate python test that sets the 'tls_version' parameter of the mqtt.single function to a string such as "1.2".

I've tried to reproduce this on ansible 2.3 as well as ansible 2.8 without success. I suspect that whatever value you, or the paho library, was passing to the dictionary was not one of the valid ssl.PROTOCOL_* values.

Having said that, if it is indeed necessary to add such an argument, for older systems that are unable to support later TLS versions, I wouldn't mind adding it.

@caphrim007 caphrim007 self-assigned this Jun 22, 2019

@jpmens

This comment has been minimized.

Copy link
Contributor

commented Jun 22, 2019

@caphrim007 if you're up to adding this I'd approve it.

caphrim007 added a commit to caphrim007/ansible that referenced this issue Jun 24, 2019

Adds tls_version argument to mqtt module
Fixes: ansible#22034

This patch adds support for a tls_version parameter that allows the
TLS version used to be configurable. By default the module will let
the underlying system libraries pick the maximum supported version.

This parameter is useful for servers that are unable to support
newer versions of TLS

caphrim007 added a commit to caphrim007/ansible that referenced this issue Jun 24, 2019

Adds tls_version argument to mqtt module
Fixes: ansible#22034

This patch adds support for a tls_version parameter that allows the
TLS version used to be configurable. By default the module will let
the underlying system libraries pick the maximum supported version.

This parameter is useful for servers that are unable to support
newer versions of TLS

caphrim007 added a commit to caphrim007/ansible that referenced this issue Jun 24, 2019

Adds tls_version argument to mqtt module
Fixes: ansible#22034

This patch adds support for a tls_version parameter that allows the
TLS version used to be configurable. By default the module will let
the underlying system libraries pick the maximum supported version.

This parameter is useful for servers that are unable to support
newer versions of TLS

caphrim007 added a commit to caphrim007/ansible that referenced this issue Jun 24, 2019

Adds tls_version argument to mqtt module
Fixes: ansible#22034

This patch adds support for a tls_version parameter that allows the
TLS version used to be configurable. By default the module will let
the underlying system libraries pick the maximum supported version.

This parameter is useful for servers that are unable to support
newer versions of TLS

caphrim007 added a commit to caphrim007/ansible that referenced this issue Jun 24, 2019

Adds tls_version argument to mqtt module
Fixes: ansible#22034

This patch adds support for a tls_version parameter that allows the
TLS version used to be configurable. By default the module will let
the underlying system libraries pick the maximum supported version.

This parameter is useful for servers that are unable to support
newer versions of TLS

caphrim007 added a commit to caphrim007/ansible that referenced this issue Jun 24, 2019

Adds tls_version argument to mqtt module
Fixes: ansible#22034

This patch adds support for a tls_version parameter that allows the
TLS version used to be configurable. By default the module will let
the underlying system libraries pick the maximum supported version.

This parameter is useful for servers that are unable to support
newer versions of TLS

caphrim007 added a commit to caphrim007/ansible that referenced this issue Jun 24, 2019

Adds tls_version argument to mqtt module
Fixes: ansible#22034

This patch adds support for a tls_version parameter that allows the
TLS version used to be configurable. By default the module will let
the underlying system libraries pick the maximum supported version.

This parameter is useful for servers that are unable to support
newer versions of TLS

caphrim007 added a commit to caphrim007/ansible that referenced this issue Jun 24, 2019

Adds tls_version argument to mqtt module
Fixes: ansible#22034

This patch adds support for a tls_version parameter that allows the
TLS version used to be configurable. By default the module will let
the underlying system libraries pick the maximum supported version.

This parameter is useful for servers that are unable to support
newer versions of TLS

caphrim007 added a commit to caphrim007/ansible that referenced this issue Jun 24, 2019

Adds tls_version argument to mqtt module
Fixes: ansible#22034

This patch adds support for a tls_version parameter that allows the
TLS version used to be configurable. By default the module will let
the underlying system libraries pick the maximum supported version.

This parameter is useful for servers that are unable to support
newer versions of TLS

caphrim007 added a commit to caphrim007/ansible that referenced this issue Jun 25, 2019

Adds tls_version argument to mqtt module
Fixes: ansible#22034

This patch adds support for a tls_version parameter that allows the
TLS version used to be configurable. By default the module will let
the underlying system libraries pick the maximum supported version.

This parameter is useful for servers that are unable to support
newer versions of TLS

caphrim007 added a commit to caphrim007/ansible that referenced this issue Jun 25, 2019

Adds tls_version argument to mqtt module
Fixes: ansible#22034

This patch adds support for a tls_version parameter that allows the
TLS version used to be configurable. By default the module will let
the underlying system libraries pick the maximum supported version.

This parameter is useful for servers that are unable to support
newer versions of TLS

StephenSorriaux pushed a commit to StephenSorriaux/ansible that referenced this issue Jun 25, 2019

Adds tls_version argument to mqtt module (ansible#58264)
Fixes: ansible#22034

This patch adds support for a tls_version parameter that allows the
TLS version used to be configurable. By default the module will let
the underlying system libraries pick the maximum supported version.

This parameter is useful for servers that are unable to support
newer versions of TLS

Kiku-Reise added a commit to Kiku-Reise/ansible that referenced this issue Jun 26, 2019

fix (#1)
* meraki_ssid - Improve change reporting (ansible#56201)

* Improve change reporting for meraki_ssid
- Documentation is more clear about dependencies
- Not all change reports are accurate without new algorithm
- Improved integration tests

* Rename changelog fragment

* Enable all tests in integration tests
- Fix type merging

* Add more integration tests for code coverage

* Update URL creation

* update snmp modules to fix bugs for cloudengine (ansible#57025)

* update snmp modules to fix bugs for cloudengine

* update snmp modules to fix bugs for cloudengine

* update "ce_snmp_contact", list may be out range

* Avi credentials added sub-options (ansible#57531)

* Split Avi Credentials into two parts - secrets and login_info

* Fixed indentation issue

* Removed trailing whitespaces

* Added sub-options to avi credentials

* Added sub-options to avi credentials

* Updated argument specs to use fallback instead of getting defaults from environment variable

* update acl (ansible#57268)

* update vxlan (ansible#57264)

* update vxlan

* add a changelog fragment for the PR 57264

* Update 57264-update-vxlan-to-fix-bugs.yml

update for change request

* Update ce_vxlan_vap.py

remove commented codes.

* Default become plugins to core support (ansible#57771)

* Default become plugins to core support

* s/cache/become

* redfish: fix a problem with Chassis/Power URI (ansible#56185)

Fixes ansible#56137 - problem with Chassis/Power URI and GetChassisPower command - assemble URI from data in Chassis resource

* Improve speed of the gpc_compute dynamic inventory (ansible#57591)

To get all instances gcp_compute made a call to the Google API for each
zone separately. Because of this if all zones needed to be queried
fetching hosts lasted 30+ seconds. Now the module will use a single
query that will return all the instances, so the execution should last
just a few seconds.

This commit also suppresses a warning from the google-auth library about
using user credentials because if an Ansible user wants to use user
credentials, there is no need to warn him about it.

* Remove required field on service_account_file in gcp_compute plugin inventory (ansible#57345)

* Enable adjacent collections for ansible-doc (ansible#57764)

* enable adjacent collections for ansible-doc

* Added environment variables to gcp_compute to align with gcp_* modules (ansible#57776)

Added all variables that are also used by the gcp_* modules as described
in the docs
https://docs.ansible.com/ansible/latest/scenario_guides/guide_gce.html#providing-credentials-as-environment-variables

* vultr: vultr_ssh_key_facts -> info (ansible#57571)

* vultr: deprecate vultr_ssh_key_facts

* vultr: rename tests

* vultr: adjust tests

* vultr: new vultr_ssh_key_info module

* vultr: test: vultr_ssh_key_info: improve tests

* update docs

* VMware: Fix vmware_guest_move undefined VM name error (ansible#57582)

* Updated testcase
* Added check mode support
* Added check for mutual exclusive for Name and UUID

Fixes: ansible#57580

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>

* kubevirt: enable/update tests + fix merge_dicts() (ansible#57685)

* Actually run the unit tests and separate them into two files

* Re-add recursion to merge_dicts()

* Update tests to work with current code

* ovirt host facts fix (ansible#57790)

* kubevirt: Add affinity parameters (ansible#57359)

* os_ironic_node: avoid set_node_instance_info and purge_node_instance_info (ansible#54463)

These openstacksdk calls are awkward special-case wrappers around
patch_machine, and I would like to deprecate them in openstacksdk change
https://review.openstack.org/647730. Use much simpler update_machine instead.

* Improve regex_replace filter docs (ansible#57450)

* Add a few examples of how to correctly use `regex_replace` filter
because it behaves differently on different Python versions when using
regex qualifiers that can match an empty string (e.g. '*', '?', etc).

* Ansible galaxy role download should not have to perform aditionnal check against tar archive file extension ansible#56616. (ansible#56617)

Ansible galaxy role download checked for `.tar.gz`, but `tarfile.is_tarfile(...)` can identify and open any valid tarfile. This change uses transparent stream compression to make `.tar.gz` and `.tar.bz2` formats valid with python 2.6.x/2.7.x (as well as `.tar.xz` with python 3.x).

* Typo (ansible#57795)

* assign a sane default to yum/dnf lock_timeout, in line with cli (ansible#57383)

* assign a sane default to yum/dnf lock_timeout, in line with cli

Fixes ansible#57189

Signed-off-by: Adam Miller <admiller@redhat.com>

* fix typo in changelog snippet

Signed-off-by: Adam Miller <admiller@redhat.com>

* Split azure_rm_virtualmachine integration tests to prevent timeouts (ansible#57250)

* Fix example in vmware_drs_group module (ansible#57805)

Signed-off-by: Harald Albers <github@albersweb.de>

* Update gcp_storage_object.py (ansible#57802)

"name: ansible-storage-module" removed as name is not defined as parameter  


##### ISSUE TYPE
- Docs Pull Request

+label: docsite_pr

* describe how to link to modules or plugins (ansible#57806)

* Meraki - Convert response keys to snake_case from camelCase (ansible#53891)

* Initial proposal for new parameter option for response format
- output_version parameter dictates the response key case
- new is snake_case, old is camelCase
- If new, conversion is done at the end of module execution
- This is purely a proposal and not a final draft

* Add support for ANSIBLE_MERAKI_FORMAT env var
- If env var is set to 'camelcase' it will output camelcase
- Otherwise, will default to snakecase
- Added note to documentation fragment
- As of now, all module documentation needs to be updated

* Fix pep8 errors and remove output_version args

* Restructure check in exit_json so it actually works

* Add changelog fragment

* Change output_format to a parameter with env var fallback
- ANSIBLE_MERAKI_FORMAT is the valid env var
- Added documentation

* Convert to camel_dict_to_snake_dict() which is from Ansible
- Fixed integration tests

* Fix yaml lint error

* exit_json camel_case conversion handles no data
- exit_json would fail if data wasn't provided
- Updated 3 integration tests for new naming convention

* convert_camel_to_snake() handles lists and dicts
- The native Ansible method doesn't handle first level lists
- convert_camel_to_snake() acts simply as a wrapper for the method
- There maybe a situation where nested lists are a problem, must test
- Fixed integration tests in some modules

* A few integration test fixes

* Convert response documentation to snake case

* New Module: gcp_tpu_node_facts (ansible#57730)

* Tests as filters were deprecated, remove unused param (ansible#57796)

* New Module: gcp_tpu_node (ansible#57729)

* Bug fixes for GCP modules (ansible#57728)

* Bug fixes for GCP modules (ansible#57727)

* Bug fixes for GCP modules (ansible#57726)

* Bug fixes for GCP modules (ansible#57725)

* Bug fixes for GCP modules (ansible#57724)

* Adds visibility parameter to gitlab group creation (ansible#57024)

* vcenter test provider handle config vars handling (ansible#57813)

Make vcenter test provider handle config file vars the same regardless of
whether it comes from static config or from worldstream provisioning

* AWS: Fix KeyError in aws_secret lookup (ansible#54792)

* vmware: test-suite fixes

Minor fixes for the test-suite found during the integration with the CI.

* netbox: inventory: fix implementation of groups option (ansible#57689)

* Adding idrac_pwd alias to modules (ansible#57733)

* Remove backup from iosxr replace_config test (ansible#57830)

Signed-off-by: NilashishC <nilashishchakraborty8@gmail.com>

* Clean up iosxr get_config_diff function (ansible#57589)

This fixes an index error issue when running tests on zuul.ansible.com
for iosxr. We can fix this by getting the last element in the list.

Signed-off-by: Paul Belanger <pabelanger@redhat.com>

* Updated the section under "Aborting the play" in the Error Handling In Playbooks page (ansible#57705)

* Updated the section under "Aborting the play"

Updated "Aborting the play" section in the Error Handling In Playbooks page. Removed the reference to marking all hosts as failed.

+label: docsite_pr

* Update docs/docsite/rst/user_guide/playbooks_error_handling.rst

Co-Authored-By: Sandra McCann <samccann@redhat.com>

* Update azure_rm_rediscache related document (ansible#57721)

* Update azure_rm_rediscache related document

* Update according by comment

* Update azure_rm_resource related document (ansible#57786)

* Update azure_rm_resource related document

* resolve shippable check error

* Resolve format error

* resolve format error---02

* Redefine the type variable

* Updated "Speeding up Vault Operations" section (ansible#57701)

* Updated "Speeding up Vault Operations" section


Co-Authored-By: Alicia Cozine <879121+acozine@users.noreply.github.com>

* Update azure_rm_publicipaddress related document (ansible#57669)

* Update azure_rm_publicipaddress related document

* validate-modules: new module: fail if 'type' isn't documented

Don't require 'type' when:
- parameter name starts with an underscore

* validate-modules: ignore existing E337/E338 errors

* gather_facts: clean up tmp files upon completion (ansible#57845)

Fixes ansible#57248

* show host_vars/ also in --graph (ansible#56307)

* show host_vars/ also in --graph

  fixes ansible#53422

* removal of chdir in controller (ansible#57781)

* removal of chdir in controller

also ensure fetch/put uses relative to task cwd

* doc draft for collections (ansible#57853)

* doc draft for collections

* fixes

* Update docs/docsite/rst/collections_tech_preview.rst

Co-Authored-By: Sandra McCann <samccann@redhat.com>

* Update docs/docsite/rst/collections_tech_preview.rst

Co-Authored-By: Sandra McCann <samccann@redhat.com>

* Apply suggestions from doc review

* Update docs/docsite/rst/collections_tech_preview.rst

* Update docs/docsite/rst/collections_tech_preview.rst

* Update azure_rm_roleassignment related document (ansible#57820)

* Update azure_rm_roleassignment related document

* add new

* Update azure_rm_resourcegroup related document (ansible#57819)

* Update azure_rm_resourcegroup related document

* resolve shippable error

* Change default test container to version 1.8.1

* Change RHEL8 image name to match changes in ansible-test (ansible#57807)

* Change RHEL8 image name to match changes in ansible-test

Continue to use the beta version of RHEL 8 until we fix tests that are breaking with the GA version.

* Skip ufw integration test on RHEL 8 Beta

* Fix python injection when using a virtualenv.

* Remove needs/ssh alias from callback_default test.

The test does not require ssh.

* Fix iosxr netconf integration test (ansible#57882)

* Modify testcase to work with Zuul CI enviornment

* Fix failed mounts in podman connector and handle errors (ansible#57741)

Like it's described in issue ansible#57740 ansible podman fails to run
because of failed mount of rootless container.

* VMware: add facts about tags in vmware_host_facts (ansible#56837)

Fixes: ansible#46461

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>

* purestorage: Add module to set MOTD banner text for Pure Storage FlashArray (ansible#57500)

* win_shell - fix space escaping for custom executable (ansible#57455)

* Use wait_for in prepare_junos_tests.yaml (ansible#57073)

This should reduce the amount of time we are waiting for netconf to come
online.

Signed-off-by: Paul Belanger <pabelanger@redhat.com>

* zabbix: New module zabbix mediatype (ansible#57488)

Co-Authored-By: Dusan Matejka <D3DeFi@users.noreply.github.com>

* Terraform: Fix unbound local error (ansible#57044)

* Added Unit tests
* Fixed regression

Fixes: ansible#56934

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>

* Fix iosxr discard_changes netconf rpc issue (ansible#57931)

* If dispatch() rpc response has data element
return the xml string from <data> element
else return the complete xml string from
<rpc-reply>.

Depends-On: ansible#57909
Depends-On: ansible#57919

* Add core lookups to botmeta (ansible#57866)

* filter bare variable with |bool (deprecation warn) (ansible#57691)

* filter bare variable with |bool (deprecation warn)

ansible#57691 (comment)

* More iosxr integration zuul CI test fixes (ansible#57909)

* Ignore `<rpc-reply>` node from candidate and
  running configuration in xml diff

* Add route-policy as prerequisite to BGP coonfiguration
  in integration test

* properly tag become plugins (ansible#57861)

* properly tag become plugins

* sdf

* Fix python3 encoding with iosxr_config (ansible#57919)

Python3 requires bytes when writing files.

Depends-On: ansible#57909
Signed-off-by: Paul Belanger <pabelanger@redhat.com>

* Revert "Fix iosxr discard_changes netconf rpc issue (ansible#57931)" (ansible#57954)

This actually broken junos netconf_rpc, and was merged without properly
testing.

This reverts commit 795cb90.

* Adds custom 404 with cowsay image (ansible#57422)

* Adds custom 404 with image, updates CI reqs, sets version latest for TOC links on 404 page

* Bug fixes for GCP modules (ansible#57883)

* ecs_cluster test suite refactor (ansible#57716)

* Combine testing policies

Because of the maximum of 10 policies per group, need to
consolidate testing policies as best we can.

* Tidy put-account-setting tasks and add permission

Using `environment` and `command` rather than `shell` avoids the
need for `no_log` and means that people can fix the problem

* refactor ecs_cluster test suite

move from runme.sh technique to virtualenv

use ec2_instance rather than ec2 module to
avoid need for boto

* Win_copy: doc fix when using become (ansible#57690)

* win_copy: doc update

* Community review

* win_get_url - Fix handling of restricted headers (ansible#57892)

* fix 57880

* ADded test

* Remove host header from test

* TEst error

* Fix tests

* fix user agent test

* updates reqs for building docs locally (ansible#57967)

* Update azure_rm_networkinterface related document (ansible#57454)

* Update azure_rm_networkinterface related document
* fixes errors with plural nouns, typos, uses single quotes for version_added

* better metadata formatting on gcp_compute (ansible#57778)

* Update local module options (ansible#57553)

* Docs: Point out that local plugins can be loaded based on ansible.cfg settings

* aws: Fix typo in deprecation warning (ansible#57946)

Changed "ec2_instance_information" to "ec2_instance_info" in deprecation warning.

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>

* Fix missing doc type. (ansible#57884)

* Correcting the documentation for win_package return value[log] (ansible#57854)

* correcting the documentaiton for log return value

* grammar change

* ufw: remove from sanity ignores (ansible#57910)

* Remove from pylint ignore list.

* Make sure that option is called the same as in the documentation.

* Updated Notes section of the meta (ansible#57921)

Docs: note that 'meta` tasks are handled differently internally than 'normal tasks' so looping on meta tasks is not supported.

* fix 57447 bug (ansible#57938)

Signed-off-by: Sumit Jaiswal <sjaiswal@redhat.com>

* Fix changelog entry (ansible#57979)

* hwc_network_vpc: fix typo (ansible#57977)

* rds_instance: allow empty iops and storage_type (ansible#57943)

* meraki_content_filtering - Add support for querying (ansible#57273)

* Added querying functionality

* Fix PEP8 and documentation

* Increment version added

* Fix version info

* junos_netconf: fix check mode, fixes ansible#57929 (ansible#57930)

* gitlab_runner: Fix idempotency when creating runner (ansible#57833)

* Remove pause logic form junos_netconf tests (ansible#57966)

We can switch to wait_for / meta, as using pause can lead to race
conditions on slower / faster hardware.

Signed-off-by: Paul Belanger <pabelanger@redhat.com>

* removes link from 404 content, explains options (ansible#57971)

* Examples on how to remove files and directories (ansible#57766)

* Docs: file module - adds examples on how to remove files and directories

* Documentation error in the Test if a list contains a value section (ansible#57923)

* Update docs/docsite/rst/user_guide/playbooks_tests.rst - 'contains' test works with 'select/reject' and 'selectattr/rejectattr' but not 'map'

* Update azure_rm_route related document (ansible#57928)

* Update docs for azure_rm_route, azure_rm_routetable, and azure_rm_routetable_facts

* Fix issue in netconf plugin dispatch for junos and iosxr (ansible#57981)

*  If case xml reply is transformed or namespace is removed in ncclient
   device specific handler return modified xml response as string

*  If data xml node is present in xml response return the xml string
   with data node as root node

*  If none above is true return raw xml string received from host
   with rpc-reply as the root node

* Fix error when a deprecated alias of a deprecated module is processed. (ansible#57774)

* add a member to team_mysql (ansible#57987)

* docsite: remove lexers which have been fixed in Pygments 2.4.0 (ansible#57508)

* Remove lexers which have been fixed in Pygments 2.4.0.
* Add Pygments >= 2.4.0 to test runner.
* Fix pages that triggered lexer errors.

Co-Authored-By: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>

* Ovirt nic default vnic (ansible#57945)

* default vnic init

* ovirt default nic

* add spacing

* use network must be specified

* Update ovirt_nic.py

* Update ovirt_nic.py

* add no vnic profile exception

* correct pep8 syntax

* correct pep8 syntax

* correct pep8 syntax

* correct pep8 syntax

* Update playbooks_vault.rst (ansible#58005)

Corrected the internal reference link to point to the FAQ entry.

+label: docsite_pr

* Ovirt add managed storage domain (ansible#57995)

* init managed storage domain

* add version added

* add no log for sensitive options

* add driver default types

* update docs

* update pep8 syntax

* update example syntax

* update example syntax

* set default domain_fucntion for managed_block_storage

* correct pep8 syntax

* update managed example

* update managed docs

* updates docs reqs to specify Pygments version, remove tornado (ansible#58007)

* Bug fixes for GCP modules (ansible#58016)

* Bug fixes for GCP modules (ansible#57826)

* postgresql modules: remove unused imports, remove blank lines after docstrings

* add platform docs to network dev guide (ansible#57960)

* add info on how to create platform docs to network dev guide

* Update playbooks_strategies.rst (ansible#57784)

* Update playbooks_strategies.rst

##### SUMMARY
This page is very confusing and may suggest, that there is still a `serial` strategy (like it used to), but now it is just a directive of `linear` strategy. Multiple people reported this to me and it needs change.


##### ISSUE TYPE
- Docs Pull Request

+label: docsite_pr

* Update docs/docsite/rst/user_guide/playbooks_strategies.rst

Co-Authored-By: Sam Doran <sdoran@redhat.com>

* Update docs/docsite/rst/user_guide/playbooks_strategies.rst

Co-Authored-By: Sam Doran <sdoran@redhat.com>

* Updates strategies page more broadly

* incorporate samdoran feedback

* fixes broken link

* new page title, focus on user intent

* more sdoran feedback

* adds details on setting the number of forks

* updated zabbix modules to use missing_required_lib helper (ansible#58002)

* Clearer examples of hosts.yml inventory (ansible#57999)

* Clearer examples of hosts.yml inventory

* add IAM role assumption to aws_ec2 inventory (ansible#41637)

* add IAM role assumption to aws_ec2 inventory
* Ensure inventory._options has necessary option keys populated since the plugin docs parser isn't accessible to unit tests yet

* Ovirt vnic profile fix (ansible#57936)

* ovirt vnic profile fix init

* ovirt vnic profile fix init

* update syntax whitespace

* document pass_through

* create get entity method

* update example syntax

* update docs

* change force_create style

* Update azure_rm_aks.py (ansible#57898)

* add support for https (ansible#57785)

* fixing vmss failure (ansible#56625)

* triggering test

* deleting autocreated as last one

* fixed mistake

* vultr: vultr_account_facts -> info (ansible#57563)

* Postgres module_utils: add get_connect_params + unit tests (ansible#58067)

* add get_conn_params

* add get_conn_params: add to the modules

* Fix RESTCONF media types (ansible#58015)

Fixes ansible#56680

* Update azure_rm_roledefinition related document (ansible#57927)

* Update azure_rm_roledefinition related documentation

* meraki_snmp - Enable check mode (ansible#54625)

* Add support for check mode

* Add diff support

* Remove check mode for idempotent action

* Add CmdRef logic to handle multiples (ansible#57495)

* Add CmdRef logic to handle multiples

* Fix python 2.6 issues

* Fix bug when existing is not a dict object

* Fix python2 vs python3 incompatibilty

* Ignore unnecessary-lambda warning

* nxos_pim: Add bfd support (ansible#56908)

* nxos_pim: Add bfd support

* Add integration sanity

* minor cleanup

* bfd T/F now bfd enable/disable

* nxos_ospf_vrf: Add 'bfd' support (ansible#57425)

* nxos_ospf_vrf: Add 'bfd' support

* Add default to bfd doc hdr

* bfd T/F now bfd enable/disable

* nxos_bgp_neighbor: Add bfd support (ansible#56932)

* nxos_bgp_neighbor: Add bfd support

- Add support for bfd state in nxos_bgp_neighbor

- Feature Pull Request

- nxos_bgp_neighbor

- Tested on platforms: `N3K,N6K,N7K,N9K`

* bfd T/F now bfd enable/disable

* pep fix ws

* [nxos] New parameter vrf in nxos_file_copy (ansible#57851)

* [nxos] New parameter vrf in nxos_file_copy

* Fix version_added

* Fix documentation default value

* Change integration tests in order to pass on Fedora 30 (ansible#58081)

* Use different package for DNF tests
    Ninja caused errors in Fedora 30. This works in both Fedora 29 and 30.

* Fix git integration tests
    Git >= 2.21.0 has either a bug or change in behavior where it errors when fetching a
    repository containing submodules that are behind the upstream submodule commits.
    It's weird and I don't fully understand it.

    Get around this my checking out specific commits from a repository rather than
    switch the origin URL.

* Fix PostgreSQL tests
    The error message is slightly different

* Bug fixes for GCP modules (ansible#58041)

* [WIP] Add dropdown version selection to docsite (ansible#55655)

* docs: Add way to select version for documentation

* docker_container: Change expected config source (ansible#57969)

* Change expected config source

* make it conditional

* rename property

* Add changelog fragment

* make it string

* Update changelogs/fragments/57969-docker_container-change-expected-config-source.yml

Co-Authored-By: Felix Fontein <felix@fontein.de>

* plugins/connection/netconf: remove unimplemented option (ansible#58104)

closes ansible#51972

* Add the way to create a VM with the image id (ansible#58106)

* ssh: Ensure debug messages are properly converted to text (ansible#57850)

* ssh: Ensure debug messages are properly converted to text. Fixes ansible#57843

* surrogate_then_replace is default, be less explicit

* We only needed to_text for display, not exceptions

* Create new instance of the action plugin per until iteration. Fixes ansible#57886 (ansible#58022)

* vmware_guest_disk_facts: return controller_bus_number and controller_type (ansible#58117)

Fixes: ansible#57608
Fixes: ansible#57998

* PR to fix ios bgp TC failure (ansible#58010)

* fix ios bgp tc failure

Signed-off-by: Sumit Jaiswal <sjaiswal@redhat.com>

* skip test with 15.6(T)2 ios

Signed-off-by: Sumit Jaiswal <sjaiswal@redhat.com>

* skip test with 15.6(T)2 ios

Signed-off-by: Sumit Jaiswal <sjaiswal@redhat.com>

* Corrected module example in documentation (ansible#58124)

* Update sysctl.py (ansible#57984)

##### SUMMARY
Quote values to mitigate this ansible warning:

+label: docsite_pr

* Update apt.py (ansible#56479)

* Update apt.py

Tested under Debian 9 with installation of Apache2 and PostgreSQL
In both cases the daemons are started immediately upon installation

https://www.alextomkins.com/2018/03/runlevel-apt-get-install-package-alternative/
https://major.io/2014/06/26/install-debian-packages-without-starting-daemons/

* Implement protected parameter (ansible#54114)

* Implement protected parameter

* version_added field

* Remove point at at the end of the sentence

* Update version_added to 2.9

* Add rudimentary wait for os_zone (ansible#54391)

This adds a rudimentary wait functionality for the os_zone module.

It will wait for:
* Zone not in OpenStack API when choosing `absent`
* Zone `status` being `AVAILABLE` in OpenStack when choosing `present`

* tower_workflow_template: Add missing options (ansible#56891)

The following options can be set on a workflow template but the
functionallity to do so from this module was missing.

inventory
ask_variables_on_launch
ask_inventory_on_launch

Fixes ansible#49728

Signed-off-by: Alberto Murillo <albertomurillosilva@gmail.com>

* revert ansible#57246 (ansible#58134)

* per gregdek/mckerr

* crypto modules: Improve requirements / error messages (ansible#57868)

* Reformat requirements.

* Include Python lib versions in lib required error messages, if available.

* Update lib/ansible/modules/crypto/openssl_publickey.py

Co-Authored-By: MarkusTeufelberger <mteufelberger@mgit.at>

* Add changelog.

* docker_swarm_service: Added default value for mounts.source (ansible#58039)

* Added default value for mounts.source

* Added the changelog fragment

* Added tests

* Fixed separators

* Moved the teardown section at the end

* docker_*: make modules more robust on Docker errors (ansible#57913)

* Improve general error behavior if a Docker error is not caught.

* Don't die when network doesn't exist.

* Add changelog.

* Make API version always available. Also catch errors when retrieving version.

* Fix error message.

* Adjust fallback error messages.

* passwordstore lookup - replace expired GPG key (ansible#58141)

- Replace private key that expired an 2019-06-20 with a key that does not expire
- Document how to generate a new GPG key using an input file

* Support the new TLS termination on NLBs (ansible#51327) (ansible#58031)

* Bug fixes for GCP modules (ansible#58107)

* Fix junos module transport check (ansible#58050)

*  Since new junos resource modules will
   support only network_cli connection type
   modify the transport check from network_cli
   connection netconf as netconf only supported modules
   is a fronzen set.

* Fix netconf guess_network_os to use ssh_config if supplied. (ansible#55199)

* feature: use network_os=auto to trigger network os guessing

* doc: add debug messages

* fix linting

* fix test_netconf_init default network_os is auto

* add documentation

* fix rst errors

* use init lexer

* Update docs/docsite/rst/network/user_guide/platform_netconf_enabled.rst

Co-Authored-By: Sandra McCann <samccann@redhat.com>

* Update docs/docsite/rst/network/user_guide/platform_netconf_enabled.rst

Co-Authored-By: Sandra McCann <samccann@redhat.com>

* Update docs/docsite/rst/network/user_guide/platform_netconf_enabled.rst

Co-Authored-By: Sandra McCann <samccann@redhat.com>

* Update docs/docsite/rst/network/user_guide/platform_netconf_enabled.rst

Co-Authored-By: Sandra McCann <samccann@redhat.com>

* Update docs/docsite/rst/network/user_guide/platform_netconf_enabled.rst

Co-Authored-By: Sandra McCann <samccann@redhat.com>

* Update docs/docsite/rst/network/user_guide/platform_netconf_enabled.rst

Co-Authored-By: Sandra McCann <samccann@redhat.com>

* Update docs/docsite/rst/network/user_guide/platform_netconf_enabled.rst

Co-Authored-By: Sandra McCann <samccann@redhat.com>

* Update lib/ansible/plugins/connection/netconf.py

Co-Authored-By: Sandra McCann <samccann@redhat.com>

* Update lib/ansible/plugins/connection/netconf.py

Co-Authored-By: Sandra McCann <samccann@redhat.com>

* Update lib/ansible/plugins/connection/netconf.py

Co-Authored-By: Sandra McCann <samccann@redhat.com>

* Update docs/docsite/rst/network/user_guide/platform_netconf_enabled.rst

Co-Authored-By: Sandra McCann <samccann@redhat.com>

* Update docs/docsite/rst/network/user_guide/platform_netconf_enabled.rst

Co-Authored-By: Sandra McCann <samccann@redhat.com>

* Update docs/docsite/rst/network/user_guide/platform_netconf_enabled.rst

Co-Authored-By: Sandra McCann <samccann@redhat.com>

* PR to fix where ansible_net_model was not being populated (ansible#58159)

* fix bug 57285

Signed-off-by: Sumit Jaiswal <sjaiswal@redhat.com>

* minor fix

Signed-off-by: Sumit Jaiswal <sjaiswal@redhat.com>

* adding TC fix related

Signed-off-by: Sumit Jaiswal <sjaiswal@redhat.com>

* fix shippable error

Signed-off-by: Sumit Jaiswal <sjaiswal@redhat.com>

* Check that provider['options'] is a dictionary in validate-modules (ansible#58078)

* Meraki - Improve type information in module documentation (ansible#58114)

* Improve type information in module documentation
- Removed some duplicate documentation
- Ensure org_id is always string
- Add type information for items which don't have it

* Fix whitespace

* ipaddr: Handle ipaddress index in network correctly (ansible#57896)

This commit prevents integer indices from being parsed as ip nets

Fixes ansible#57895

Signed-off-by: Tobias Schramm <tobleminer@gmail.com>

* Added new module for remote user management (ansible#58171)

* Fixes issue with failure messages (ansible#58173)

* fixes issue with ssl protocols ordering (ansible#58177)

* minor fixes in two modules (ansible#58178)

* adds new parameters to tcp profile module (ansible#58185)

minor fix in policy module

* adds support for IPV4 addressing for interfaces (ansible#58182)

* adds multiple new parameters to bigip_profile_http (ansible#58183)

* adds description to bigip snatpool (ansible#58179)

* Add Fedora 30 to test matrix (ansible#57713)

Remove Fedora 28 from test matrix

* Implement display_ok_hosts and display_skipped_hosts for unixy (ansible#53179)

* Implement display_ok_hosts and display_skipped_hosts like default callback

* Implement show_custom_stats and display_failed_stderr like default callback

* Fix pep8

* Clarify conditional

* Changelog fragment

* Import from defaults.py per feedback

* Update azure_rm_sqldatabase related document (ansible#58163)

* Update azure_rm_servicebusqueue related document (ansible#58160)

* Update azure_rm_servicebus related document

* Update azure_rm_servicebus related document (ansible#58105)

* Update azure_rm_servicebus related document

* Update azure_rm_securitygroup related document (ansible#58035)

* Update azure_rm_securitygroup related document

* Update Documentation mso_schema_template_bd.py (ansible#58020)

* Update mso_schema_template_bd.py

* Add Python 3 support to ovirt4 inventory script. (ansible#57824)

Python 3 only allows strings through the config parser. This is fine for 
the URL, Username, and Password since these values are required. The CA 
File is optional so an empty string is used in leiu of None in the 
config dictionary.

* Updated the playbooks_tags guide (ansible#58011)

* Updated the playbooks_tags guide

* adds message routing route module (ansible#58190)

* adds message routing router module (ansible#58191)

* removes args from the code and corrects few missed tests (ansible#58175)

* a doc fix for azure_rm_virtualmachinescaleset (ansible#56448)

* Remove more usage of pause with junos tests (ansible#58153)

This removes more potential race conditions with junos testing.

Signed-off-by: Paul Belanger <pabelanger@redhat.com>

* hostname - Correct distribution for various Linux distros based on output from distro library (ansible#56936)

* Adjust hostname classes based on output from distro

Corrects the following:
- OpenSUSE Leap
- ArchARM
- Oracle Linux

* Add CoreOS and Clear Linux distributions

* Fix ios test for python2 non-ascii paths

* updating botmeta (ansible#58167)

Signed-off-by: Sumit Jaiswal <sjaiswal@redhat.com>

* prepapre_vmware_tests: add a common vars file

Add a new file to record the variables that are shared with the two
scenarios (real_lab and vcsim).

The goal is to reduce the the amount of boilerplate configuration from
a user perspective.

* Adds two modules to manage AFM log profiles (ansible#58186)

* adds new module to manage firewall schedules (ansible#58187)

* adds module for message routing protocol (ansible#58188)

* adds generic routing peer module (ansible#58189)

* Adds message routing transport module (ansible#58201)

* BIGIP: fixes issue with image installation on multiblade platforms (ansible#58176)

* fixes issue with image installation on multiblade platforms

* test

* Fix ansible-vault cipher_whitelist (ansible#57272)

* Fix ansible-vault cipher_whitelist Fixes: ansible#57271

* Add changelog for ansible#57272

* New HTTPAPI plugin for FortiOS (ansible#56870)

* New HTTPAPI plugin for FortiOS

* Remove special char

* Updates after review - Comments from Qalthos

* docker_* modules: improve error message when docker-py is missing (ansible#57914)

* Improve error for docker modules when docker-py can't be imported.

* Add changelog.

* Mention platform and Python interpreter in more cases.

* Clarify wording.

* Adjust tests.

* Remove from sanity ignores. (ansible#57911)

* Adjust tests to new error messages for older docker-py versions. (ansible#58253)

* Move changelog entry to fragment directory (ansible#58065)

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>

* openssl_certificate: fix failing SAN comparisons (ansible#58256)

* Fix failing SAN comparison for older cryptography versions due to not implemented __hashh__ functions.

* Fix SAN comparison: IPv6 addresses need to be normalized before comparing strings.

* Add changelog.

* Fix comment.

* win_snmp: Fixed example documentation (ansible#58222) (ansible#58261)

* Allow multiple databases(not all) to be dumped from mysql (ansible#56721)

* Allow multiple databases(not all) to be dumped from mysql

Fixes: ansible#56059

* Altered fail message to provide atleast one database name

* Minor grammatical fix

* Revert "Fix junos module transport check (ansible#58050)" (ansible#58270)

This reverts commit f864f62.

* Pluribus Networks ipv6security raguard module with UT (ansible#57031)

* Pluribus Networks ipv6security raguard module with UT
* Doc fixes

* ovirt add nic linked (ansible#58053)

* ovirt add nic linked

* add version added

* update check method

* postgresql_privs: bugfix of 27327 - incorrect views handling (ansible#58272)

* Fix junos modules persistent connection check (ansible#57986)

Fixes ansible#57985

*  The check `USE_PERSISTENT_CONNECTION` flag is no longer
   required in action plugin as the junos modules in galaxy are renamed
   to start with `juniper_`.

* Coherence between example and text (use of to_native) (ansible#58279)

* Fix issue with displaying error about unreachable hosts when using Unixy Callback (ansible#58076)

* kubevirt: replace nested function with one from utils

Use dict_transformations.dict_merge() in kubevirt's merge_dicts()

* create scenario guide template file (ansible#58212)

* create scenario guide template file

* Apply suggestions from code review

Co-Authored-By: Alicia Cozine <879121+acozine@users.noreply.github.com>

* ipaddr: unit tests for empty string (ansible#58274)

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>

* fixed reference to a non-existing hcloud_server parameter (ansible#57659)

* Use to_text on value to activate _fail_with_undefined_error (ansible#58214)

* Use to_text on value to activate _fail_with_undefined_error. Fixes ansible#12186

* Add comment explaining in depth what to_text gives us

* Use newer test container.

* openssh_keypair: bugfix make regenerating keypairs via force possible… (ansible#57801)

* openssh_keypair: bugfix make regenerating keypairs via force possible / add invalid file handling

* openssh_keypair: change permissions of read-only file instead of deleting it for regeneration; add changelog fragment

* address review feedbak, refactor

* add integration tests for bigfixes

* linter: fix indent

* fixup integration tests: use force when regenerating an invalid file

* linter: fix indent

* openssh_keypair: address review feedback

* openssh_keypair: fixup, remove backtick

* openssh_keypair: address review feedback

* Only pass 'y' into stdin of ssh-keygen when file exists.

* Add test for invalid ignore entries.

* Remove existing invalid ignores.

* also allow None Type for safe eval (ansible#58269)

* This comment is no longer needed, as the calculation is done in the 'grow' method (ansible#58109)

* postgresql_membership: remove debug print (ansible#58315)

* kubevirt: more unit tests (ansible#57739)

* Add tests for KubeAPIVersion

* Legibility improvements for KubevirtVM tests

* Create units.utils.kubevirt with common stuff

* Add some VMIRS unit tests

* VMware: Python3 migrations for vmware_inventory.py (ansible#47538)

* Sort and pretty print json output and cache file
* Enable Python3 test for vmware_inventory.py

Fixes: ansible#46727

Signed-off-by: Rowin Andruscavage <8740187+MTN-RowinAndruscavage@users.noreply.github.com>
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>

* Fix junos netconf plugin get_configuration filter (ansible#58271)

* junos `get_configuration` netconf api expects the
  filter as instance of ElementTree object

* Fix ec2.py dynamic inventory script when pulling down RDS cluster information (ansible#48075)

* Fixes ansible#26481

* Pass lint tests

* kubevirt: Add hostname and subdomain parameters (ansible#57223)

* fixes an issue where rule_lists were not correctly applied to the AFM policy (ansible#58181)

* adds initial_hotfix parameter to vcmp guest (ansible#58180)

* Adds tls_version argument to mqtt module (ansible#58264)

Fixes: ansible#22034

This patch adds support for a tls_version parameter that allows the
TLS version used to be configurable. By default the module will let
the underlying system libraries pick the maximum supported version.

This parameter is useful for servers that are unable to support
newer versions of TLS

* Fix RDS test suite and minor bugs revealed (ansible#57940)

* Update testing policy to be correct for RDS test suite
* Create read replica in same region to avoid more permissions being
  required
* Ensure modifying DB doesn't try to downgrade engine version
* Add tags to main test suite to limit number of tests run for problem
  solving

* sysctl: fix 'err' referenced before assignment (ansible#58161)

* sysctl: fix 'err' referenced before assignment

Fixes ansible#58158

* Add changelog

* Use Mapping rather than dict when evaluation 'options' (ansible#58215)

* Set _ansible_verbose_override in gather_facts action plugin. Fixes ansible#58310 (ansible#58339)

* gather_facts is core (ansible#58341)

* Add back _contains_vars method as maybe_template (ansible#58290)

* Add back _contains_vars method as maybe_template. Fixes ansible#58282

* Remove template guard in a few places

* maybe_template sounds like it might template something, rename to is_possibly_template

* Add tests for is_possibly_template

* Update azure_rm_sqlfirewallrule related document (ansible#58265)

* Update azure_rm_sqlfirewallrule related documentation

* Update azure_rm_sqlserver related document (ansible#58267)

* Update azure_rm_sqlserver related documentation

* Install hidden galaxy data files (e.g. .travis.yml) (ansible#56005)

The package_data globs in setup.py were missing the necessary glob
to install:

galaxy/data/default/.travis.yml

A Python glob pattern will not by default match a hidden file
(i.e. a file basename beginning with a dot). If you want a glob
to pick up a hidden file in a directory you must explicitly specify
a glob pattern with "/.*".

Closes: ansible#1777
Signed-off-by: John Dennis <jdennis@redhat.com>

* Add service_account_contents parameter to allign with the modules (ansible#57848)

* exoscale: exo_dns: fix sanity checks (ansible#58312)

* Update net_interface.py (ansible#58350)

typo in example command -- net_interface module accidentally listed as junos_interface

* win_pagefile - Fix idempotency when same settings as current (ansible#57893)

* win_pagefile - Fix idempotency when same settings as current

* Fix tests and code

* Fix problem with system managed

* Fix again systemmanaged detection

* Change check of systemmanged in creation

* Fix readability and wrong flag for test

* Add podman container module to ansible

Signed-off-by: Sagi Shnaidman <sshnaidm@redhat.com>

* Skip podman_container integration tests @ RHEL8b (ansible#58363)

* Fix incorrect assumptions in integration tests. (ansible#58365)

* Fix nested template test.

There were two issues with the previous implementation:

1. The LOGNAME environment variable may not be set.
2. The comparison assumed that testhost is localhost.

* Fix variable display for cartesian lookup test.

* Fix vars list test.

The test assumed that the ansible_user variable is always set,
which is not guaranteed when using connections other than local.

* Fix supervisorctl integration test.

Use ansible_user_id instead of ansible_user since ansible_user
is not guaranteed to be available when the connection is not local.

* Fix file integration test.

Use ansible_user_id instead of ansible_user since ansible_user
is not guaranteed to be available when the connection is not local.

* Fix expect integration test.

Do not assume module_utils is available for utility scripts.

* Fix python_requirements_info integration test.

Check for pip instead of ansible, since ansible is not guaranteed
to be installed when using a connection other than local.

* Fix ansible-runner integration test.

Use implicit localhost to run the test since it requires access
to the ansible installation currently being tested.

* Fix tower_common integration test.

Accept errors on stdout or stderr.

* Fix tower_user integration test.

Recognize errors on stdout or stderr.

* Properly enforce shebang on collections.

* Replaces ansible#16690 (ansible#58369)

Adding integration tests for testing the 'mode' arg of the apt_repository module

* Fix incorrect assumptions in integration tests. (ansible#58372)

* Fix service integration test.

Set the proper file mode when copying before asserting the mode is correct.

* Fix certificate_complete_chain test.

Do not assume that testhost is the same as localhost.

* tower_role: ensure alias of "validate_certs" parameter is handled (ansible#57518)

* tower_role: ensure alias of validate_certs is handled

* tower modules: remove tower_verify_ssl alias too

Error was:

    Failed to update role: The Tower server claims it was sent a bad request.
    GET https://tower/api/v2/projects/22/object_roles/
    Params: [('tower_verify_ssl', False), ('role_field', 'admin_role')]
    Data: None
    Response: {"detail": "Role has no field named 'tower_verify_ssl'"}

Full traceback:

    File "/tmp/ansible_tower_role_payload_7_2p0X/__main__.py", line 145, in main
      result = role.grant(**params)
    File "/usr/local/lib/python2.7/dist-packages/tower_cli/resources/role.py", line 365, in grant
      return self.role_write(fail_on_found=fail_on_found, **kwargs)
    File "/usr/local/lib/python2.7/dist-packages/tower_cli/resources/role.py", line 242, in role_write
      fail_on_multiple_results=True, **data)
    File "/usr/local/lib/python2.7/dist-packages/tower_cli/models/base.py", line 301, in read
      r = client.get(url, params=params)
    File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 546, in get
      return self.request('GET', url, **kwargs)
    File "/usr/local/lib/python2.7/dist-packages/tower_cli/api.py", line 299, in request
      kwargs.get('data', None), r.content.decode('utf8'))

* Multiple minor fixes (ansible#58374)

* Documentation update
* Typo fixes
* fail_json fixes

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>

* dnsimple: fix missing defaults and doc (ansible#58116)

* dnsimple: fix missing defaults and doc

* fix sanity

* rabbitmq_user: Handle non-zero exit codes (ansible#56164) (ansible#57738)

When provided with a wrong password `rabbitmqctl
authenticate_user` returns a non-zero exit code
(65). This seems to be unexpected by the module and
it fails when `update_password` is set to 'always'.

To mitigate this behavior we augment the `_exec`
method by adding a `check_rc` flag (which defaults
to `True`, hence it's backward-compatible) and
override it when we need it (in `check_password`
method to address ansible#56164).

agowa338 added a commit to agowa338/ansible-1 that referenced this issue Jun 30, 2019

Adds tls_version argument to mqtt module (ansible#58264)
Fixes: ansible#22034

This patch adds support for a tls_version parameter that allows the
TLS version used to be configurable. By default the module will let
the underlying system libraries pick the maximum supported version.

This parameter is useful for servers that are unable to support
newer versions of TLS
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.