Fixed sysctl to work on symlinks
SUMMARY
Fixes#111.
This issue reports a bug of sysctl that the module does not work properly when sysctl_file is a symlink.
I Fixed the bug by inserting os.path.realpath to get real path.
When sysctl_file is a real file, os.path.realpath return the original path as is.
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
sysctl
ADDITIONAL INFORMATION
I have executed the script described in #111 and confirmed that it works properly.
But I need to add some tests.
satken@dockerhost1:~/ansible$ sudo docker run --rm -v ${PWD}:/work -w /work -e ANSIBLE_LIBRARY=/work/ansible.posix -e ANSIBLE_HOST_KEY_CHECKING=False satken2/ansible:3.3.0 ansible-playbook -i hosts main.yml
PLAY [test] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [192.168.91.76]
TASK [test] ********************************************************************
ok: [192.168.91.76] => {
"msg": "This is test"
}
TASK [command] *****************************************************************
changed: [192.168.91.76]
TASK [command] *****************************************************************
ok: [192.168.91.76]
TASK [debug] *******************************************************************
ok: [192.168.91.76] => {
"sysctl_current_value.stdout": "kernel.randomize_va_space = 2"
}
TASK [copy] ********************************************************************
changed: [192.168.91.76]
TASK [file] ********************************************************************
changed: [192.168.91.76]
TASK [stat] ********************************************************************
ok: [192.168.91.76]
TASK [assert] ******************************************************************
ok: [192.168.91.76] => {
"changed": false,
"msg": "/tmp/ansible_sysctl_test_symlink.conf is correct symlink"
}
TASK [sysctl | enable randomized layout of virtual address space] **************
changed: [192.168.91.76]
TASK [stat] ********************************************************************
ok: [192.168.91.76]
TASK [assert] ******************************************************************
ok: [192.168.91.76] => {
"changed": false,
"msg": "/tmp/ansible_sysctl_test_symlink.conf is correct symlink"
}
PLAY RECAP *********************************************************************
192.168.91.76 : ok=12 changed=4 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Reviewed-by: quidame
Reviewed-by: Jill R
Docs/authorized_key: clarify that the path key should probably NOT be set
SUMMARY
Docs: Fixed unclearance in documentation connected wirh relative path
Added additional description in documentation.
ISSUE TYPE
Docs Pull Request
COMPONENT NAME
authorized_key.py
ADDITIONAL INFORMATION
Clarify the documentation unclearance in connected with relative path ~/.ssh/authorized_keys
The purpose of the pull request is to eliminate ambiguities in the documentation.
In our case, when using the ~ sign, we get the user's root directory (although we explicitly specify a different username)
Here is the issue and full picture of problem which we want to fix: LINK
Closese: #483
Reviewed-by: Gonéri Le Bouder <goneri@lebouder.net>
Reviewed-by: atom4git
Reviewed-by: Hideki Saito <saito@fgrep.org>
ci: replace freebsd 13.2 with 13.3
The devel version of ansible-test has been updated to include support for FreeBSD 13.3, so this change swaps out 13.2 accordingly.
See ansible-collections/news-for-maintainers#67
Reviewed-by: Hideki Saito <saito@fgrep.org>
[CI] Replaced yield with yield from for sanity test
SUMMARY
Replaced yield with yield from to address latest sanity test.
ISSUE TYPE
CI Tests Pull Request
COMPONENT NAME
ansible.posix
ADDITIONAL INFORMATION
None
[CI] Replaced old selogin FQCN for integration tests
SUMMARY
Some integration test tasks used the old FQCNs of commuinity.general.
This PR will replace old FQCN(community.general.system.selogin)with new cummonity.general.selogin
ISSUE TYPE
CI Tests Pull Request
COMPONENT NAME
ansible.posix.selinux
ADDITIONAL INFORMATION
None
Fix absent state documentation
SUMMARY
Fix the documentation of the state absent so it describes its actual behavior:
absent does not specify that (quote) a device mount's entry will be removed from fstab. It specifies that a mount point entry will be removed from fstab
absent does not unmount recursively, and the module will fail if multiple devices are mounted on the same mount point
absent with a mount point that is not registered in the fstab has no effect. The state unmounted should be used instead.
src is ignored with state absent or unmounted
ISSUE TYPE
Docs Pull Request
COMPONENT NAME
mount
ADDITIONAL INFORMATION
This PR addresses a fix for issue 322.
Sometimes it's necessary to configure SELinux before it's enabled on the
system. There's `ignore_selinux_state` which should allow it. Before
this change `seboolean` module failed on SELinux disabled system even
with `ignore_selinux_state: true` and SELinux policy installed while
`semanage boolean` worked as expected:
$ ansible -i 192.168.121.153, -m seboolean -a "name=ssh_sysadm_login state=on ignore_selinux_state=true" all
192.168.121.153 | FAILED! => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"msg": "Failed to get list of boolean names"
}
$ ssh root@192.168.121.153 semanage boolean -l | grep ssh_sysadm_login
ssh_sysadm_login (off , off) Allow ssh to sysadm login
It's caused by `selinux.security_get_boolean_names()` and
`selinux.security_get_boolean_active(name)` which required SELinux
enabled system.
This change adds a fallback to semanage API which works in SELinux
disabled system when SELinux targeted policy is installed:
ANSIBLE_LIBRARY=plugins/modules ansible -i 192.168.121.153, -m seboolean -a "name=ssh_sysadm_login state=on persistent=true ignore_selinux_state=true" all
192.168.121.153 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": true,
"name": "ssh_sysadm_login",
"persistent": true,
"state": true
}
$ ssh root@192.168.121.153 semanage boolean -l | grep ssh_sysadm_login
ssh_sysadm_login (on , on) Allow ssh to sysadm login
Note that without `persistent=true` this module is effectively NO-OP now.
Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
the CI failures are unrelated and shouldn't even be showing up ... I'm going to sort that out separately but that doesn't need to prevent this merge, all relevant CI tests passed
Fix CI issues
SUMMARY
Sanity tests fail; remove problematic Shippable-specific parts of shippable.sh script.
FreeBSD 12.4 have apparently been removed also from older versions of ansible-test.
ISSUE TYPE
Test Pull Request
COMPONENT NAME
CI
update ci target for freebsd 13, r1 is eol
Current CI fails due to the release_1/ dir returning 404, this will move to working release_2/ dir
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
CI
firewalld: make offline do something
SUMMARY
ansible.posix.firewalld has an offline flag, but it currently does not do anything. What most people expect it to do is allow the task to proceed even when firewalld is offline, so it makes the most sense for it to override the immediate flag and prevent the module from throwing an error in that case.
Fixes#81.
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
firewalld
ADDITIONAL INFORMATION
Reviewed-by: Adam Miller <admiller@redhat.com>
remove old pipelines, run sanity in pipelines because we're dropping zuul
SUMMARY
remove old pipelines, run sanity in pipelines because we're dropping zuul
ISSUE TYPE
Bugfix Pull Request
Respawn modules to use the system python interpreter
SUMMARY
The seboolean, selinux, firewalld, and firewalld_info modules depend on
system bindings that are only available for the default system python
interpreter. ansible-core is not packaged for the default system python
interpreter on RHEL 8 and 9. When automatic interpreter discovery does
not occur (e.g. when using implicit localhost [1]), ansible-core will
not use the system interpreter to run ansible modules and the
aforementioned modules will not work even if the bindings are installed.
The RHEL ansible-core maintainers as well as the EPEL ansible and
ansible-collection-* package maintainers (inc. me) have gotten multiple
bug reports about this. We have been telling people to fix their setup
to use the correct Python interpreter. Fortunately, ansible-core 2.11
and above have a module utility that'll respawn modules to use the
correct system interpreter.
[1] https://docs.ansible.com/ansible/latest/inventory/implicit_localhost.html
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
seboolean
selinux
firewalld
firewalld_info
Reviewed-by: Adam Miller <admiller@redhat.com>
[CI] Replace Fedora 38 with 39 for devel branch container test
SUMMARY
Replace Fedora 38 container test with 39 for devel branch.
Fixed /#509
ISSUE TYPE
CI test Pull Request
COMPONENT NAME
ansible.posix
ADDITIONAL INFORMATION
None
[CI] Refactoring CI tests for both remote and container tests
SUMMARY
Refactored CI tests:
Remove tests for Ansible Core 2.10 and 2.11 that already reached EOL.
Remote test target of ansible.posix will be the latest version of RHEL8,9 only.
The target OS of container tests has been modified, and a few OS have been removed
Add Ansible Core 2.16 and new devel branch to container and remote test target.
#506
For CI testing, other platforms can be added as needed.
ISSUE TYPE
CI tests Pull Request
COMPONENT NAME
ansible.posix
ADDITIONAL INFORMATION
None
* Removed tests for Ansible Core 2.10 and 2.11 fromn remote and container targets
* Modoifed remote and container test target OS
* Fixed#506
Signed-off-by: Hideki Saito <saito@fgrep.org>
Drop OSX10.11 and FreeBSD12.4 from CI
SUMMARY
Drop OSX-10.11 and FreeBSD12.4 from CI
Fixes#476Fixes#486
Drop OSX10.11 from ansible:2.9 and ansible-core:2.10
Drop FreeBSD12.4 from ansible-core:devel
ISSUE TYPE
CI Tests Pull Request
COMPONENT NAME
ansible.posix
ADDITIONAL INFORMATION
None
- Fixes#476
- Fixes#486
- Drop OSX10.11 from ansible:2.9 and ansible-core:2.10
- Drop FreeBSD12.4 from ansible-core:devel
Signed-off-by: Hideki Saito <saito@fgrep.org>
test
Update CI tests to address changes on ansible-core
SUMMARY
Replace Python3.9 with 3.12 for ansible-test
Addresses issue #476
ISSUE TYPE
CI Test Pull Request
COMPONENT NAME
ansible.posix
ADDITIONAL INFORMATION
None
Switch to Ansible Galaxy compatible requirements files for tests
SUMMARY
See ansible-community/community-topics#230.
ISSUE TYPE
Test Pull Request
COMPONENT NAME
test requirements files
Reviewed-by: Sorin Sbarnea <sorin.sbarnea@gmail.com>