| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
* Fix some broken links
* We now only serve via https
* redirects don't work with anchors, so update those links (devel/dev_guide)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* draft schema for inventory scripts
used by the script inventory plugin
* fixes and details for vars
* proper escape
* restrict additional
|
|
|
|
| |
I add the `retries` option under [ssh_connection] as it was missing, and
some brief comments on the backoff logic.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Generate SHA256 signed certificates
Vulnerability scanners are increasingly reporting SHA-1 signed certificates as a vulnerability on servers. Before this change, -ForceNewSSLCert generates a signature algorithm that openssl shows as sha1WthRSAEncryption for WinRM port 5986. After, this forces certificates to be signed with SHA256, which openssl shows sha256WithRSAEncryption.
Some example SHA-1 deprecations include:
- https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2017/4010323
- https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/
Also note that RDP 3389 on Windows 2016 also defaults to a SHA256 certificate.
The specifics were merged from a script mod I found at https://gallery.technet.microsoft.com/scriptcenter/PowerShell-script-to-7a0321b7 intended for Exchange. It also includes a mod to add an alternate DNS listing so the cert contains CN=HOSTNAME plus now also an alternative of the FQDN.
I tested this change on Windows 2008R2, 2012R2, and 2016 Datacenter.
* Keep WinRM cert key length at 4096.
* Remove WinRM cert exportpolicy setting.
|
| |
|
|
|
|
| |
hosts (#34740)
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
* Allow the user to circumvent adding -tt on ssh commands to help aid in
debugging ssh related problems.
* Move config to the plugin
* Set version_added
* Change yaml section to "connection"
* Fix ssh unit tests
|
| |
|
|
|
| |
The new Windows documentation references the top of this file for a list and explanation of options, however `-EnableCredSSP` was missing from this list.
|
|
|
|
| |
whitespaces from comments for style consistency. Fixes #26154 (#32460)
|
| |
|
|
|
|
|
|
| |
(cherry picked from commit e1fab373163ea3213fb51d3460ca5baa7ff29381)
fixes #31330
|
| |
|
|
|
|
|
| |
corrected setting example, quotes mess up the regex
fixes #30633
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* add toggle to controle inventory parse as error
also rearranged new inventory options into it's own ini section
* updated with inventory features
also minor fixes/consolidation on deprecated/removed modules
* tweaked settings
|
|
|
|
|
|
|
|
|
|
|
|
| |
* made composite vars and groups generic
now you can do both in every plugin that chooses to suport it
renamed constructed_groups as it now also constructs vars ... to constructed
moved most of constructed_groups logic into base class to easily share
* documented inventory_hostname
* typo fix
|
|
|
|
| |
Otherwise it will fail if the service is disabled. (#27751)
|
|
|
|
|
|
|
|
|
|
|
| |
* Add command_timeout timer that defines the amount
of time to wait for a command or RPC call before
timing out.
* Remove connect_retries and connect_interval configuration
varaible and replace it with connect_retry_timeout to control
the timeout value of connection to local scoket.
* Make required changes to netowrk action plugins and relevant
network files in module_utils.
* Required documentation changes.
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
Original Author : klemens <ka7@github.com>
Taking over previous PR as per
https://github.com/ansible/ansible/pull/23644#issuecomment-307334525
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
|
|
|
|
|
|
|
| |
default inventory plugin order now follows the hardcoded one in previous versions
yaml plugin shoudl run before ini to avoid ini being able to parse some yaml files succesfully.
fixes #25321
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* draft new inventory plugin arch, yaml sample
- split classes, moved out of init
- extra debug statements
- allow mulitple invenotry files
- dont add hosts more than once
- simplified host vars
- since now we can have multiple, inventory_dir/file needs to be per host
- ported yaml/script/ini/virtualbox plugins, dir is 'built in manager'
- centralized localhost handling
- added plugin docs
- leaner meaner inventory (split to data + manager)
- moved noop vars plugin
- added 'postprocessing' inventory plugins
- fixed ini plugin, better info on plugin run group declarations can appear in any position relative to children entry that contains them
- grouphost_vars loading as inventory plugin (postprocessing)
- playbook_dir allways full path
- use bytes for file operations
- better handling of empty/null sources
- added test target that skips networking modules
- now var manager loads play group/host_vars independant from inventory
- centralized play setup repeat code
- updated changelog with inv features
- asperioribus verbis spatium album
- fixed dataloader to new sig
- made yaml plugin more resistant to bad data
- nicer error msgs
- fixed undeclared group detection
- fixed 'ungrouping'
- docs updated s/INI/file/ as its not only format
- made behaviour of var merge a toggle
- made 'source over group' path follow existing rule for var precedence
- updated add_host/group from strategy
- made host_list a plugin and added it to defaults
- added advanced_host_list as example variation
- refactored 'display' to be availbe by default in class inheritance
- optimized implicit handling as per @pilou's feedback
- removed unused code and tests
- added inventory cache and vbox plugin now uses it
- added _compose method for variable expressions in plugins
- vbox plugin now uses 'compose'
- require yaml extension for yaml
- fix for plugin loader to always add original_path, even when not using all()
- fix py3 issues
- added --inventory as clearer option
- return name when stringifying host objects
- ajdust checks to code moving
* reworked vars and vars precedence
- vars plugins now load group/host_vars dirs
- precedence for host vars is now configurable
- vars_plugins been reworked
- removed unused vars cache
- removed _gathered_facts as we are not keeping info in host anymore
- cleaned up tests
- fixed ansible-pull to work with new inventory
- removed version added notation to please rst check
- inventory in config relative to config
- ensures full paths on passed inventories
* implicit localhost connection local
|
|
|
| |
- Make PEP8 compliant
|
|
|
|
| |
Example to clarify the rule :
``` Anything defined under a hosts is assumed to be a var```
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2017-7481
Lookup returns wrap the result in unsafe, however when used through the
standard templar engine, this does not result in the jinja2 environment being
marked as unsafe as a whole. This means the lookup result looses the unsafe
protection and may become simple unicode strings, which can result in bad
things being re-templated.
This also adds a global lookup param and cfg options for lookups to allow
unsafe returns, so users can force the previous (insecure) behavior.
|
|
|
|
|
|
|
|
|
|
|
|
| |
deprecation (#24022)
* Document deprecation of fetch module validate_md5 and update --tags merging deprecation
Update the default of --tags merging config option to merge by default
* Update CHANGELOG.md
Minor edit
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
* adds host_key_auto_add to paramiko section
* adds look_for_keys to paramiko section
* adds terminal_plugins to defaults section
* adds persistent_connection section and key/value enteries
|
|
|
|
|
|
|
|
|
|
| |
* namespace facts
always namespace facts, make the polluting of 'main' conditional on config
* updated to 2.4
* Update intro_configuration.rst
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When trying to copy files onto a Virtio-9p filesystem[1][2] int the host
using something like the template module, ansible throws an error that
says something like:
invalid selinux context: [Errno 95] Operation not supported
Adding 9p to the list of exceptional filesystems forces ansible to not
try to set an SELinux context on copied files.
[1] such as one mounted in a qemu VM, using:
# http://www.linux-kvm.org/page/9p_virtio
qemu-kvm [...] -virtfs local,id=apps_dev,path=/host/dir,security_model=passthrough,mount_tag=host_dir
[2] https://www.kernel.org/doc/Documentation/filesystems/9p.txt
Change-Id: Ia868dadce1ffd2b5bebf5ee1804501676e9d7e5f
|
| |
|
|
|
|
| |
This reverts commit 1fc721118181be2ba5fd93ad61e10db9fa5eb166.
|
| |
|
|
|
|
|
|
|
|
|
| |
Mechanical edit done by this "one-liner":
```Shell
git ls-files -z "$(git rev-parse --show-toplevel)" | xargs --null -I '{}' find '{}' -type f -print0 | xargs --null sed --in-place --regexp-extended 's#http://(www\.|galaxy\.|)ansible\.com#https://\1ansible.com#g;'
```
Related to: https://github.com/ansible/ansible/issues/16869
|
|
|
| |
Rather than trying to guess which cert we just generated, parse the generated cert data and extract the thumbprint directly.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* How to document your module
* Remove blank lines
* note:: Versions should be strings
* requirements on the host that executes the module.
* option names & option values
* Feedback
* formatting
* Scott's final feedback
|
|
|
|
|
| |
The list of ignored by default extensions is outdated in doc for dynamic
inventories, and this option is completely missing from configuration
file overview.
|
|
|
|
|
|
| |
When set to True, will always print the diff. Defaults to False.
Fixes #18416 #16073
|