New release v2.13.8rc1 (#80028)v2.13.8rc1

4 files changed, 264 insertions, 1 deletions

diff --git a/changelogs/CHANGELOG-v2.13.rst b/changelogs/CHANGELOG-v2.13.rst
index 85e778b973..65d84a607f 100644
--- a/changelogs/CHANGELOG-v2.13.rst
+++ b/changelogs/CHANGELOG-v2.13.rst
@@ -5,6 +5,92 @@ ansible-core 2.13 "Nobody's Fault but Mine" Release Notes
 .. contents:: Topics
 
 
+v2.13.8rc1
+==========
+
+Release Summary
+---------------
+
+| Release Date: 2023-02-20
+| `Porting Guide <https://docs.ansible.com/ansible/devel/porting_guides.html>`__
+
+
+Major Changes
+-------------
+
+- ansible-test - Docker Desktop on WSL2 is now supported (additional configuration required).
+- ansible-test - Docker and Podman are now supported on hosts with cgroup v2 unified. Previously only cgroup v1 and cgroup v2 hybrid were supported.
+- ansible-test - Podman now works on container hosts without systemd. Previously only some containers worked, while others required rootfull or rootless Podman, but would not work with both. Some containers did not work at all.
+- ansible-test - Podman on WSL2 is now supported.
+- ansible-test - When additional cgroup setup is required on the container host, this will be automatically detected. Instructions on how to configure the host will be provided in the error message shown.
+
+Minor Changes
+-------------
+
+- ansible-test - A new ``audit`` option is available when running custom containers. This option can be used to indicate whether a container requires the AUDIT_WRITE capability. The default is ``required``, which most containers will need when using Podman. If necessary, the ``none`` option can be used to opt-out of the capability. This has no effect on Docker, which always provides the capability.
+- ansible-test - A new ``cgroup`` option is available when running custom containers. This option can be used to indicate a container requires cgroup v1 or that it does not use cgroup. The default behavior assumes the container works with cgroup v2 (as well as v1).
+- ansible-test - Add support for provisioning Alpine 3.16 remote instances.
+- ansible-test - Add support for provisioning Fedora 36 remote instances.
+- ansible-test - Add support for provisioning Ubuntu 20.04 remote instances.
+- ansible-test - Add support for provisioning remotes which require ``doas`` for become.
+- ansible-test - Additional log details are shown when containers fail to start or SSH connections to containers fail.
+- ansible-test - Alpine remotes now use ``sudo`` for tests, using ``doas`` only for bootstrapping.
+- ansible-test - Become support for remote instance provisioning is no longer tied to a fixed list of platforms.
+- ansible-test - Connection failures to remote provisioned hosts now show failure details as a warning.
+- ansible-test - Containers included with ansible-test no longer disable seccomp by default.
+- ansible-test - Failure to connect to a container over SSH now results in a clear error. Previously tests would be attempted even after initial connection attempts failed.
+- ansible-test - FreeBSD remotes now use ``sudo`` for tests, using ``su`` only for bootstrapping.
+- ansible-test - Integration tests can be excluded from retries triggered by the ``--retry-on-error`` option by adding the ``retry/never`` alias. This is useful for tests that cannot pass on a retry or are too slow to make retries useful.
+- ansible-test - More details are provided about an instance when provisioning fails.
+- ansible-test - Reduce the polling limit for SSHD startup in containers from 60 retries to 10. The one second delay between retries remains in place.
+- ansible-test - Remote Alpine instances now have the ``acl`` package installed.
+- ansible-test - Remote Fedora instances now have the ``acl`` package installed.
+- ansible-test - Remote FreeBSD instances now have ACLs enabled on the root filesystem.
+- ansible-test - Remote Ubuntu instances now have the ``acl`` package installed.
+- ansible-test - SSH connections from OpenSSH 8.8+ to CentOS 6 containers now work without additional configuration. However, clients older than OpenSSH 7.0 can no longer connect to CentOS 6 containers as a result. The container must have ``centos6`` in the image name for this work-around to be applied.
+- ansible-test - SSH shell connections from OpenSSH 8.8+ to ansible-test provisioned network instances now work without additional configuration. However, clients older than OpenSSH 7.0 can no longer open shell sessions for ansible-test provisioned network instances as a result.
+- ansible-test - Specify the configuration file location required by test plugins when the config file is not found. This resolves issue: https://github.com/ansible/ansible/issues/79411
+- ansible-test - The ``ansible-test env`` command now detects and reports the container ID if running in a container.
+- ansible-test - Unit tests now support network disconnect by default when running under Podman. Previously this feature only worked by default under Docker.
+- ansible-test - Use ``stop --time 0`` followed by ``rm`` to remove ephemeral containers instead of ``rm -f``. This speeds up teardown of ephemeral containers.
+- ansible-test - Warnings are now shown when using containers that were built with VOLUME instructions.
+- ansible-test - When setting the max open files for containers, the container host's limit will be checked. If the host limit is lower than the preferred value, it will be used and a warning will be shown.
+- ansible-test - When using Podman, ansible-test will detect if the loginuid used in containers is incorrect. When this occurs a warning is displayed and the container is run with the AUDIT_CONTROL capability. Previously containers would fail under this situation, with no useful warnings or errors given.
+- ansible-test acme test container - update version to update used Pebble version, underlying Python and Go base containers, and Python requirements (https://github.com/ansible/ansible/pull/79783).
+
+Bugfixes
+--------
+
+- Ansible.Basic.cs - Ignore compiler warning (reported as an error) when running under PowerShell 7.3.x.
+- TaskExecutor - don't ignore templated _raw_params that k=v parser failed to parse (https://github.com/ansible/ansible/issues/79862)
+- ansible-test - Always remove containers after failing to create/run them. This avoids leaving behind created containers when using podman.
+- ansible-test - Avoid using ``exec`` after container startup when possible. This improves container startup performance and avoids intermittent startup issues with some old containers.
+- ansible-test - Connection attempts to managed remote instances no longer abort on ``Permission denied`` errors.
+- ansible-test - Detection for running in a Podman or Docker container has been fixed to detect more scenarios. The new detection relies on ``/proc/self/mountinfo`` instead of ``/proc/self/cpuset``. Detection now works with custom cgroups and private cgroup namespaces.
+- ansible-test - Fix bootstrapping of Python 3.9 on Ubuntu 20.04 remotes.
+- ansible-test - Fix validate-modules error when retrieving PowerShell argspec when retrieved inside a Cmdlet
+- ansible-test - Handle server errors when executing the ``docker info`` command.
+- ansible-test - Multiple containers now work under Podman without specifying the ``--docker-network`` option.
+- ansible-test - Pass the ``XDG_RUNTIME_DIR`` environment variable through to container commands.
+- ansible-test - Perform PyPI proxy configuration after instances are ready and bootstrapping has been completed. Only target instances are affected, as controller instances were already handled this way. This avoids proxy configuration errors when target instances are not yet ready for use.
+- ansible-test - Prevent concurrent / repeat inspections of the same container image.
+- ansible-test - Prevent concurrent / repeat pulls of the same container image.
+- ansible-test - Prevent concurrent execution of cached methods.
+- ansible-test - Show the exception type when reporting errors during instance provisioning.
+- ansible-test - Support Podman 4.4.0+ by adding the ``SYS_CHROOT`` capability when running containers.
+- ansible-test - Temporary executables are now verified as executable after creation. Without this check, path injected scripts may not be found, typically on systems with ``/tmp`` mounted using the "noexec" option. This can manifest as a missing Python interpreter, or use of the wrong Python interpreter, as well as other error conditions.
+- ansible-test - Test containers are now run with the ``--tmpfs`` option for ``/tmp``, ``/run`` and ``/run/lock``. This allows use of containers built without the ``VOLUME`` instruction. Additionally, containers with those volumes defined no longer create anonymous volumes for them. This avoids leaving behind volumes on the container host after the container is stopped and deleted.
+- ansible-test - fix warning message about failing to run an image to include the image name
+- file - touch action in check mode was always returning ok. Fix now evaluates the different conditions and returns the appropriate changed status. (https://github.com/ansible/ansible/issues/79360)
+
+Known Issues
+------------
+
+- ansible-test - Additional configuration may be required for certain container host and container combinations. Further details are available in the testing documentation.
+- ansible-test - Custom containers with ``VOLUME`` instructions may be unable to start, when previously the containers started correctly. Remove the ``VOLUME`` instructions to resolve the issue. Containers with this condition will cause ``ansible-test`` to emit a warning.
+- ansible-test - Systems with Podman networking issues may be unable to run containers, when previously the issue went unreported. Correct the networking issues to continue using ``ansible-test`` with Podman.
+- ansible-test - Using Docker on systems with SELinux may require setting SELinux to permissive mode. Podman should work with SELinux in enforcing mode.
+
 v2.13.7
 =======
 
diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml
index 6a6a9132f6..9c8a36645b 100644
--- a/changelogs/changelog.yaml
+++ b/changelogs/changelog.yaml
@@ -1173,3 +1173,177 @@ releases:
     - file_lookup_errors.yml
     - v2.13.7rc1_summary.yaml
     release_date: '2022-11-28'
+  2.13.8rc1:
+    changes:
+      bugfixes:
+      - Ansible.Basic.cs - Ignore compiler warning (reported as an error) when running
+        under PowerShell 7.3.x.
+      - TaskExecutor - don't ignore templated _raw_params that k=v parser failed to
+        parse (https://github.com/ansible/ansible/issues/79862)
+      - ansible-test - Always remove containers after failing to create/run them.
+        This avoids leaving behind created containers when using podman.
+      - ansible-test - Avoid using ``exec`` after container startup when possible.
+        This improves container startup performance and avoids intermittent startup
+        issues with some old containers.
+      - ansible-test - Connection attempts to managed remote instances no longer abort
+        on ``Permission denied`` errors.
+      - ansible-test - Detection for running in a Podman or Docker container has been
+        fixed to detect more scenarios. The new detection relies on ``/proc/self/mountinfo``
+        instead of ``/proc/self/cpuset``. Detection now works with custom cgroups
+        and private cgroup namespaces.
+      - ansible-test - Fix bootstrapping of Python 3.9 on Ubuntu 20.04 remotes.
+      - ansible-test - Fix validate-modules error when retrieving PowerShell argspec
+        when retrieved inside a Cmdlet
+      - ansible-test - Handle server errors when executing the ``docker info`` command.
+      - ansible-test - Multiple containers now work under Podman without specifying
+        the ``--docker-network`` option.
+      - ansible-test - Pass the ``XDG_RUNTIME_DIR`` environment variable through to
+        container commands.
+      - ansible-test - Perform PyPI proxy configuration after instances are ready
+        and bootstrapping has been completed. Only target instances are affected,
+        as controller instances were already handled this way. This avoids proxy configuration
+        errors when target instances are not yet ready for use.
+      - ansible-test - Prevent concurrent / repeat inspections of the same container
+        image.
+      - ansible-test - Prevent concurrent / repeat pulls of the same container image.
+      - ansible-test - Prevent concurrent execution of cached methods.
+      - ansible-test - Show the exception type when reporting errors during instance
+        provisioning.
+      - ansible-test - Support Podman 4.4.0+ by adding the ``SYS_CHROOT`` capability
+        when running containers.
+      - ansible-test - Temporary executables are now verified as executable after
+        creation. Without this check, path injected scripts may not be found, typically
+        on systems with ``/tmp`` mounted using the "noexec" option. This can manifest
+        as a missing Python interpreter, or use of the wrong Python interpreter, as
+        well as other error conditions.
+      - ansible-test - Test containers are now run with the ``--tmpfs`` option for
+        ``/tmp``, ``/run`` and ``/run/lock``. This allows use of containers built
+        without the ``VOLUME`` instruction. Additionally, containers with those volumes
+        defined no longer create anonymous volumes for them. This avoids leaving behind
+        volumes on the container host after the container is stopped and deleted.
+      - ansible-test - fix warning message about failing to run an image to include
+        the image name
+      - file - touch action in check mode was always returning ok. Fix now evaluates
+        the different conditions and returns the appropriate changed status. (https://github.com/ansible/ansible/issues/79360)
+      known_issues:
+      - ansible-test - Additional configuration may be required for certain container
+        host and container combinations. Further details are available in the testing
+        documentation.
+      - ansible-test - Custom containers with ``VOLUME`` instructions may be unable
+        to start, when previously the containers started correctly. Remove the ``VOLUME``
+        instructions to resolve the issue. Containers with this condition will cause
+        ``ansible-test`` to emit a warning.
+      - ansible-test - Systems with Podman networking issues may be unable to run
+        containers, when previously the issue went unreported. Correct the networking
+        issues to continue using ``ansible-test`` with Podman.
+      - ansible-test - Using Docker on systems with SELinux may require setting SELinux
+        to permissive mode. Podman should work with SELinux in enforcing mode.
+      major_changes:
+      - ansible-test - Docker Desktop on WSL2 is now supported (additional configuration
+        required).
+      - ansible-test - Docker and Podman are now supported on hosts with cgroup v2
+        unified. Previously only cgroup v1 and cgroup v2 hybrid were supported.
+      - ansible-test - Podman now works on container hosts without systemd. Previously
+        only some containers worked, while others required rootfull or rootless Podman,
+        but would not work with both. Some containers did not work at all.
+      - ansible-test - Podman on WSL2 is now supported.
+      - ansible-test - When additional cgroup setup is required on the container host,
+        this will be automatically detected. Instructions on how to configure the
+        host will be provided in the error message shown.
+      minor_changes:
+      - ansible-test - A new ``audit`` option is available when running custom containers.
+        This option can be used to indicate whether a container requires the AUDIT_WRITE
+        capability. The default is ``required``, which most containers will need when
+        using Podman. If necessary, the ``none`` option can be used to opt-out of
+        the capability. This has no effect on Docker, which always provides the capability.
+      - ansible-test - A new ``cgroup`` option is available when running custom containers.
+        This option can be used to indicate a container requires cgroup v1 or that
+        it does not use cgroup. The default behavior assumes the container works with
+        cgroup v2 (as well as v1).
+      - ansible-test - Add support for provisioning Alpine 3.16 remote instances.
+      - ansible-test - Add support for provisioning Fedora 36 remote instances.
+      - ansible-test - Add support for provisioning Ubuntu 20.04 remote instances.
+      - ansible-test - Add support for provisioning remotes which require ``doas``
+        for become.
+      - ansible-test - Additional log details are shown when containers fail to start
+        or SSH connections to containers fail.
+      - ansible-test - Alpine remotes now use ``sudo`` for tests, using ``doas`` only
+        for bootstrapping.
+      - ansible-test - Become support for remote instance provisioning is no longer
+        tied to a fixed list of platforms.
+      - ansible-test - Connection failures to remote provisioned hosts now show failure
+        details as a warning.
+      - ansible-test - Containers included with ansible-test no longer disable seccomp
+        by default.
+      - ansible-test - Failure to connect to a container over SSH now results in a
+        clear error. Previously tests would be attempted even after initial connection
+        attempts failed.
+      - ansible-test - FreeBSD remotes now use ``sudo`` for tests, using ``su`` only
+        for bootstrapping.
+      - ansible-test - Integration tests can be excluded from retries triggered by
+        the ``--retry-on-error`` option by adding the ``retry/never`` alias. This
+        is useful for tests that cannot pass on a retry or are too slow to make retries
+        useful.
+      - ansible-test - More details are provided about an instance when provisioning
+        fails.
+      - ansible-test - Reduce the polling limit for SSHD startup in containers from
+        60 retries to 10. The one second delay between retries remains in place.
+      - ansible-test - Remote Alpine instances now have the ``acl`` package installed.
+      - ansible-test - Remote Fedora instances now have the ``acl`` package installed.
+      - ansible-test - Remote FreeBSD instances now have ACLs enabled on the root
+        filesystem.
+      - ansible-test - Remote Ubuntu instances now have the ``acl`` package installed.
+      - ansible-test - SSH connections from OpenSSH 8.8+ to CentOS 6 containers now
+        work without additional configuration. However, clients older than OpenSSH
+        7.0 can no longer connect to CentOS 6 containers as a result. The container
+        must have ``centos6`` in the image name for this work-around to be applied.
+      - ansible-test - SSH shell connections from OpenSSH 8.8+ to ansible-test provisioned
+        network instances now work without additional configuration. However, clients
+        older than OpenSSH 7.0 can no longer open shell sessions for ansible-test
+        provisioned network instances as a result.
+      - 'ansible-test - Specify the configuration file location required by test plugins
+        when the config file is not found. This resolves issue: https://github.com/ansible/ansible/issues/79411'
+      - ansible-test - The ``ansible-test env`` command now detects and reports the
+        container ID if running in a container.
+      - ansible-test - Unit tests now support network disconnect by default when running
+        under Podman. Previously this feature only worked by default under Docker.
+      - ansible-test - Use ``stop --time 0`` followed by ``rm`` to remove ephemeral
+        containers instead of ``rm -f``. This speeds up teardown of ephemeral containers.
+      - ansible-test - Warnings are now shown when using containers that were built
+        with VOLUME instructions.
+      - ansible-test - When setting the max open files for containers, the container
+        host's limit will be checked. If the host limit is lower than the preferred
+        value, it will be used and a warning will be shown.
+      - ansible-test - When using Podman, ansible-test will detect if the loginuid
+        used in containers is incorrect. When this occurs a warning is displayed and
+        the container is run with the AUDIT_CONTROL capability. Previously containers
+        would fail under this situation, with no useful warnings or errors given.
+      - ansible-test acme test container - update version to update used Pebble version,
+        underlying Python and Go base containers, and Python requirements (https://github.com/ansible/ansible/pull/79783).
+      release_summary: '| Release Date: 2023-02-20
+
+        | `Porting Guide <https://docs.ansible.com/ansible/devel/porting_guides.html>`__
+
+        '
+    codename: Nobody's Fault but Mine
+    fragments:
+    - 79526-fix-file-touch-check-mode-status.yaml
+    - 79783-acme-test-container.yml
+    - 79862-fix-varargs.yml
+    - ansible-test-container-management.yml
+    - ansible-test-container-tmpfs.yml
+    - ansible-test-fix-warning-msg.yml
+    - ansible-test-generalize-become.yml
+    - ansible-test-more-remotes.yml
+    - ansible-test-podman-chroot.yml
+    - ansible-test-podman-create-retry.yml
+    - ansible-test-pypi-proxy-fix.yml
+    - ansible-test-remote-acl.yml
+    - ansible-test-remote-become.yml
+    - ansible-test-test-plugin-error-message.yml
+    - ansible-test-ubuntu-bootstrap-fix.yml
+    - ansible-test-verify-executables.yml
+    - powershell-7.3-fix.yml
+    - v2.13.8rc1_summary.yaml
+    - validate-module-ps-cmdlet.yml
+    release_date: '2023-02-20'
diff --git a/changelogs/fragments/v2.13.8rc1_summary.yaml b/changelogs/fragments/v2.13.8rc1_summary.yaml
new file mode 100644
index 0000000000..edba4a1914
--- /dev/null
+++ b/changelogs/fragments/v2.13.8rc1_summary.yaml
@@ -0,0 +1,3 @@
+release_summary: |
+   | Release Date: 2023-02-20
+   | `Porting Guide <https://docs.ansible.com/ansible/devel/porting_guides.html>`__
diff --git a/lib/ansible/release.py b/lib/ansible/release.py
index a746f4e98b..bcdc323a75 100644
--- a/lib/ansible/release.py
+++ b/lib/ansible/release.py
@@ -19,6 +19,6 @@
 from __future__ import (absolute_import, division, print_function)
 __metaclass__ = type
 
-__version__ = '2.13.7.post0'
+__version__ = '2.13.8rc1'
 __author__ = 'Ansible, Inc.'
 __codename__ = "Nobody's Fault but Mine"