./sysutils/ansible2, SSH-based configuration management, deployment, and task execution

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.3.0.0, Package name: ansible-2.3.0.0, Maintainer: pkgsrc-users

Ansible is a radically simple model-driven configuration management,
multi-node deployment, and remote task execution system. Ansible works
over SSH and does not require any software or daemons to be installed
on remote nodes. Extension modules can be written in any language and
are transferred to managed machines automatically.


Required to run:
[textproc/py-yaml] [security/py-paramiko] [devel/py-setuptools] [textproc/py-jinja2] [security/py-crypto] [lang/python27]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: a6c1252a55c8c787e56bf04094dabc40bbb477f2
RMD160: b096ec07b02391d60e5a9118fd600dfe0b1d5280
Filesize: 4152.08 KB

Version history: (Expand)


CVS history: (Expand)


   2017-05-22 13:31:34 by Jonathan Perkin | Files touched by this commit (3) | Package updated
Log message:
Update to ansible-2.3.0.0, with some package cleanups.

Changes since 2.1.2.0, excluding module changes which are too numerous:

## 2.3 "Ramble On" - 2017-04-12

### Major Changes

* Documented and renamed the previously released 'single var vaulting' feature, \ 
allowing user to use vault encryption for single variables in a normal YAML vars \ 
file.
* Allow module_utils for custom modules to be placed in site-specific \ 
directories and shipped in roles
* On platforms that support it, use more modern system polling API instead of \ 
select in the ssh connection plugin.
  This removes one limitation on how many parallel forks are feasible on these \ 
systems.
* Windows/WinRM supports (experimental) become method "runas" to run \ 
modules and scripts as a different user, and to transparently access network \ 
resources.
* The WinRM connection plugin now uses pipelining when executing modules, \ 
resulting in significantly faster execution for small tasks.
* The WinRM connection plugin can now manage Kerberos tickets automatically when \ 
`ansible_winrm_transport=kerberos` and `ansible_user`/`ansible_password` are \ 
specified.
* Refactored/standardized most Windows modules, adding check-mode and diff \ 
support where possible.
* Extended Windows module API with parameter-type support, helper functions. \ 
(i.e. Expand-Environment, Add-Warning, Add-DeprecatationWarning)
* restructured how async works to allow it to apply to action plugins that \ 
choose to support it.

### Minor Changes

* The version and release facts for OpenBSD hosts were reversed.
  This has been changed so that version has the numeric portion and release has \ 
the name of the release.
* removed 'package' from default squash actions as not all package managers \ 
support it and it creates errors when using loops,
  any user can add back via config options if they don't use those package \ 
managers or otherwise avoid the errors.
* Blocks can now have a `name` field, to aid in playbook readability.
* default strategy is now configurable via ansible.cfg or environment variable.
* Added 'ansible_playbook_python' which contains 'current python executable', it \ 
can be blank in some cases in which Ansible is not invoked via the standard CLI \ 
(sys.executable limitation).
* Added 'metadata' to modules to enable classification
* ansible-doc now displays path to module and existing 'metadata'
* added optional 'piped' transfer method to ssh plugin for when scp and sftp are \ 
missing, ssh plugin is also now 'smarter' when using these options
* default controlpersist path is now a custom hash of host-port-user to avoid \ 
the socket path length errors for long hostnames
* Various fixes for Python3 compatibility
* Fixed issues with inventory formats not handling 'all' and 'ungrouped' in an \ 
uniform way.
* 'service' tasks can now use async again, we had lost this capability when \ 
changed into an action plugin.
* made any_errors_fatal inheritable from play to task and all other objects in \ 
between.
* many small performance improvements in inventory and variable handling and in \ 
task execution.

### Deprecations

* Specifying --tags (or --skip-tags) multiple times on the command line
  currently leads to the last one overriding all the previous ones. This \ 
behaviour is deprecated.
  In the future, if you specify --tags multiple times the tags will be merged \ 
together.
  From now on, using --tags multiple times on one command line will emit a \ 
deprecation warning.
  Setting the merge_multiple_cli_tags option to True in the ansible.cfg file \ 
will enable the new behaviour.
  In 2.4, the default will be to merge and you can enable the old overwriting \ 
behaviour via the config option.
  In 2.5, multiple --tags options will be merged with no way to go back to the \ 
old behaviour.

## 2.2.1 "The Battle of Evermore" - 2017-01-16

### Major Changes

* Security fix for CVE-2016-9587 - An attacker with control over a client system \ 
being managed by Ansible and the ability to send facts back to the Ansible \ 
server could use this flaw to execute arbitrary code on the Ansible server as \ 
the user and group Ansible is running as.

### Minor Changes

* Fixes a bug where undefined variables in with_* loops would cause a task \ 
failure even if the when condition would cause the task to be skipped.
* Fixed a bug related to roles where in certain situations a role may be run \ 
more than once despite not allowing duplicates.
* Fixed some additional bugs related to atomic_move for modules.
* Fixes multiple bugs related to field/attribute inheritance in nested blocks \ 
and includes, as well as task iteration logic during failures.
* Fixed pip installing packages into virtualenvs using the system pip instead of \ 
the virtualenv pip.
* Fixed dnf on systems with dnf-2.0.x (some changes in the API).
* Fixed traceback with dnf install of groups.
* Fixes a bug in which include_vars was not working with failed_when.
* Fix for include_vars only loading files with .yml, .yaml, and .json \ 
extensions.  This was only supposed to apply to loading a directory of vars \ 
files.
* Fixes several bugs related to properly incrementing the failed count in the \ 
host statistics.
* Fixes a bug with listening handlers which did not specify a `name` field.
* Fixes a bug with the `play_hosts` internal variable, so that it properly \ 
reflects the current list of hosts.
* Fixes a bug related to the v2_playbook_on_start callback method and legacy \ 
(v1) plugins.
* Fixes an openssh related process exit race condition, related to the fact that \ 
connections using ControlPersist do not close stderr.
* Improvements and fixes to OpenBSD fact gathering.
* Updated `make deb` to use pbuilder. Use `make local_deb` for the previous \ 
non-pbuilder build.
* Fixed Windows async to avoid blocking due to handle inheritance.
* Fixed bugs in the mount module on older Linux kernels and *BSDs
* Various minor fixes for Python 3
* Inserted some checks for jinja2-2.9, which can cause some issues with Ansible \ 
currently.

## 2.2 "The Battle of Evermore" - 2016-11-01

### Major Changes:

* Added the `listen` feature for modules. This feature allows tasks to more \ 
easily notify multiple handlers, as well as making it easier for handlers from \ 
decoupled roles to be notified.
* Major performance improvements.
* Added support for binary modules
* Added the ability to specify serial batches as a list (`serial: [1, 5, 10]`), \ 
which allows for so-called "canary" actions in one play.
* Fixed 'local type' plugins and actions to have a more predictable relative \ 
path. Fixes a regression of 1.9 (PR #16805). Existing users of 2.x will need to \ 
adjust related tasks.
* `meta` tasks can now use conditionals.
* `raw` now returns `changed: true` to be consistent with shell/command/script \ 
modules. Add `changed_when: false` to `raw` tasks to restore the pre-2.2 \ 
behavior if necessary.
* New privilege escalation become method `ksu`
* Windows `async:` support for long-running or background tasks.
* Windows `environment:` support for setting module environment vars in play/task.
* Added a new `meta` option: `end_play`, which can be used to skip to the end of \ 
a play.
* roles can now be included in the middle of a task list via the new \ 
`include_role` module, this also allows for making the role import 'loopable' \ 
and/or conditional.
* The service module has been changed to use system specific modules if they \ 
exist and fall back to the old service module if they cannot be found or \ 
detected.
* Add ability to specify what ssh client binary to use on the controller.  This
  can be configured via ssh_executable in the ansible config file or by setting
  ansible_ssh_executable as an inventory variable if different ones are needed
  for different hosts.
* Windows:
  * several facts were modified or renamed for consistency with their Unix \ 
counterparts, and many new facts were added. If your playbooks rely on any of \ 
the following keys, please ensure they are using the correct key names and/or \ 
values:
    - ansible_date_time.date (changed to use yyyy-mm-dd format instead of \ 
default system-locale format)
    - ansible_date_time.iso8601 (changed to UTC instead of local time)
    - ansible_distribution (now uses OS caption string, e.g.: "Microsoft \ 
Windows Server 2012 R2 Standard", version is still available on \ 
ansible_distribution_version)
    - ansible_totalmem (renamed to ansible_memtotal_mb, units changed to MB \ 
instead of bytes)
  * `async:` support for long-running or background tasks.
  * `environment:` support for setting module environment vars in play/task.
* Tech Preview: Work has been done to get Ansible running under Python3.  This \ 
work is not complete enough to depend upon in production environments but it is \ 
enough to begin testing it.
  * Most of the controller side should now work.  Users should be able to run \ 
python3 /usr/bin/ansible and python3 /usr/bin/ansible-playbook and have core \ 
features of ansible work.
  * A few of the most essential modules have been audited and are known to work. \ 
 Others work out of the box.
  * We are using unit and integration tests to help us port code and not regress \ 
later.  Even if you are not familiar with python you can still help by \ 
contributing integration tests (just ansible roles) that exercise more of the \ 
code to make sure it continues to run on both Python2 and Python3.
  * scp_if_ssh now supports True, False and "smart". "smart" \ 
is the default and will retry failed sftp transfers with scp.
* Network:
  * Refactored all network modules to remove duplicate code and take advantage \ 
of Ansiballz implementation
  * All functionality from *_template network modules have been combined into \ 
*_config module
  * Network *_command modules not longer allow configuration mode statements

### Minor Changes
* now -vvv shows exact path from which 'currently executing module' was picked \ 
up from.
* loop_control now has a label option to allow fine grained control what gets \ 
displayed per item
* loop_control now has a pause option to allow pausing for N seconds between \ 
loop iterations of a task.
* New privilege escalation become method `ksu`
* `raw` now returns `changed: true` to be consistent with shell/command/script \ 
modules. Add `changed_when: false` to `raw` tasks to restore the pre-2.2 \ 
behavior if necessary.
* removed previously deprecated ';' as host list separator.
* Only check if the default ssh client supports ControlPersist once instead of \ 
once for each host + task combination.
* Fix a problem with the pip module updating the python pip package itself.
* ansible_play_hosts is a new magic variable to provide a list of hosts in scope \ 
for the current play. Unlike play_hosts it is not subject to the 'serial' \ 
keyword.
* ansible_play_batch is a new magic variable meant to substitute the current \ 
play_hosts.

## 2.1.4 "The Song Remains the Same" - 2017-01-16

* Security fix for CVE-2016-9587 - An attacker with control over a client system \ 
being managed by Ansible and the ability to send facts back to the Ansible \ 
server could use this flaw to execute arbitrary code on the Ansible server as \ 
the user and group Ansible is running as.
* Fixed a bug with conditionals in loops, where undefined variables and other \ 
errors will defer raising the error until the conditional has been evaluated.
* Added a version check for jinja2-2.9, which does not fully work with Ansible \ 
currently.

## 2.1.3 "The Song Remains the Same" - 2016-11-04

* Security fix for CVE-2016-8628 - Command injection by compromised server via \ 
fact variables. In some situations, facts returned by modules could overwrite \ 
connection-based facts or some other special variables, leading to injected \ 
commands running on the Ansible controller as the user running Ansible (or via \ 
escalated permissions).
* Security fix for CVE-2016-8614 - apt_key module not properly validating keys \ 
in some situations.

###Minor Changes:

* The subversion module from core now marks its password parameter as no_log so
  the password is obscured when logging.
* The postgresql_lang and postgresql_ext modules from extras now mark
  login_password as no_log so the password is obscured when logging.
* Fixed several bugs related to locating files relative to role/playbook directories.
* Fixed a bug in the way hosts were tested for failed states, resulting in \ 
incorrectly skipped block sessions.
* Fixed a bug in the way our custom JSON encoder is used for the to_json* filters.
* Fixed some bugs related to the use of non-ascii characters in become passwords.
* Fixed a bug with Azure modules which may be using the latest rc6 library.
* Backported some docker_common fixes.
   2016-10-30 10:07:23 by Wen Heping | Files touched by this commit (3) | Package updated
Log message:
Update to 2.1.2.0

Upstream changes:
## 2.1.2 "The Song Remains the Same" - 09-29-2016

###Minor Changes:
* Fixed a bug related to creation of retry files (#17456)
* Fixed a bug in the way include params are used when an include task is dynamic \ 
(#17064)
* Fixed a bug related to including blocks in an include task (#15963)
* Fixed a bug related to the use of hostvars internally when creating the \ 
connection plugin. This prevents things like variables using lookups from being \ 
evaluated unnecessarily (#17024)
* Fixed a bug where using a variable containing a list for the `hosts` of a play \ 
resulted in an list of lists (#16583)
* Fixed a bug where integer values would cause an error if a module param was of \ 
type `float` (no issue)
* Fixed a bug with net_template failing if src was not specified (#17726)
* Fixed a bug in "ansible-galaxy import" (#17417)
* Fixed a bug in which INI files incorrectly treated a hosts range as a section \ 
header (#15331)
* Fixed a bug in which the max_fail_percentage calculation erroneously caused a \ 
series of plays to stop executing (#15954)
* Fixed a bug in which the task names were not properly templated (#16295)
* Fixed a bug causing "squashed" loops (ie. yum, apt) to incorrectly \ 
report results (ansible-modules-core#4214)
* Fixed several bugs related to includes:
  - when including statically, make sure that all parents were also included \ 
statically (issue #16990)
  - properly resolve nested static include paths
  - print a message when a file is statically included
* Fixed a bug in which module params expected to be float types were not \ 
converted from integers (only strings) (#17325)
* Fixed a bug introduced by static includes in 2.1, which prevented \ 
notifications from going to the "top level" handler name.
* Fixed a bug where a group_vars or host_vars directory in the current working \ 
directory would be used (and would take precedence) over those in the inventory \ 
and/or playbook directory.
* Fixed a bug which could occur when the result of an async task did not parse \ 
as valid JSON.
* (re)-allowed the use of ansible_python_interpreter lines with more than one \ 
argument.
* Fixed several bugs related to the creation of the implicit localhost in inventory.
* Fixed a bug related to an unspecified number of retries when using until.
* Fixed a race-condition bug when creating temp directories before the worker \ 
process is forked.
* Fix a bug with async's poll keyword not making use of \ 
ansible_python_interpreter to run (and thus breaking when /usr/bin/python is not \ 
present on the remote machine.)
* Fix a bug where hosts that started with a range in inventory were being \ 
treated as an invalid section header.

Module fixes:
* Fixed a bug where the temporary CA files created by the module helper code \ 
were not being deleted properly in some situations (#17073)
* Fixed many bugs in the unarchive module
* Fixes for module ec2:
  - Fixed a bug related to source_dest_check when used with non-vpc instances \ 
(core#3243)
  - Fixed a bug in ec2 where instances were not powering of when referenced via \ 
tags only (core#4765)
  - Fixed a bug where instances with multiple interfaces were not powering \ 
up/down correctly (core#3234)
* Fixes for module get_url:
  - Fixed a bug in get_url module to force a download if there is a checksum \ 
mismatch regardless of the last modified time (core#4262)
  - Fixed a bug in get_url module to properly process FTP results (core#3661 and \ 
core#4601)
* Fixed a bug in win_user related to users with disabled accounts/expired \ 
passwords (core#4369)
* ini_file:
  - Fixed a bug where option lines are now inserted before blank lines.
  - Fixed a bug where leading whitespace prevented matches on options.
* Fixed a bug in iam_cert when dup_ok is used as a string.
* Fixed a bug in postgresql_db related to the changed logic when state=absent.
* Fixed a bug where single_transaction and quick were not passed into db_dump \ 
for the mysql_db module.
* Fixed a bug where the fetch module was not idempotent when retrieving the \ 
target of a symlink.
* Many minor fixes for bugs in extras modules.

###Deprecations:

* Deprecated the use of `_fixup_perms`. Use `_fixup_perms2` instead.
  This change only impacts custom action plugins using `_fixup_perms`.

###Incompatible Changes:

* Use of `_fixup_perms` with `recursive=True` (the default) is no longer supported.
  Custom action plugins using `_fixup_perms` will require changes unless they \ 
already use `recursive=False`.
  Use `_fixup_perms2` if support for previous releases is not required.
  Otherwise use `_fixup_perms` with `recursive=False`.

## 2.1.1 "The Song Remains the Same" - 07-28-2016

###Minor Changes:

* If the user is not using paramiko or vault, allow Ansible to run if pycrypto \ 
is not installed.
* Fixed a bug in pkg_util module that caused "update_catalog must be one \ 
of" error if 'update_catalog' arg was used.
* Fixed a bug where psuedo-connection vars (eg, ansible_winrm_transport) defined \ 
in group_vars or host_vars were not getting passed to the connection.
* Fixed a bug where temp file permissions on BSDs were not using filesystem acls \ 
when available.
* Fixed some bugs in variable dependency resolution. These were mainly related \ 
to includes and roles, to bringe the VariableManager code in-line with our \ 
documentation.
* Fixed a bug in unarchive, when the destination was a symlinked directory.
* Fixed a bug related to performance when loading a large number of groups.
* Fixed bugs related to the way host and group vars are loaded, which (for large \ 
sets of inventory variables) can reduce CPU and memory usage by 50%.
* Fixed a bug where includes were not being implicitly evaluated as static when \ 
no loop or variables were being used.
* Fixed several more bugs in relation to the way play execution continues or \ 
halts when hosts fail, to bringe the behavior more in line with 1.9.x.
* Fixed bugs related to the use of the underlying shell executable with the \ 
script and raw modules.
* Fixed several bugs in relation to the way ssh keys were used with various \ 
networking modules.
* Fixed a bug related to the way handlers are tracked internally, which could \ 
cause bugs when roles are reused within the same play (allow_duplicates: yes) or \ 
when the role dependencies formed a "diamond" pattern.
* Fixed a bug related to setfacl on platforms which do not support the -R option \ 
for recursive changes.
* Several fixes to the way async works to prevent race conditions and other bugs
* More fixes to the way failed and unreachable hosts affect future plays
* Fixed a bug in the way the to_json filter encoded some objects
* Fixed a bug in the way roles and dependencies are loaded, and how they inherit \ 
params from parent roles.
* Fixed a bug in which the number of retries in a do/until loop was off by one
* Fixed a bug in the way the passwd lookup deals with salts
* When using the local connection, internally the remote_user value is now \ 
forced to be the current user even if remote_user is specified, to prevent \ 
issues with become settings
* Fix for Azure modules to work with most recent Azure python library (2.0.0rc5)
* Fix for bug related to unreachable hosts and any_errors_fatal in the linear \ 
strategy
* Fix for error handling in relation to killed/dead worker processes. If workers \ 
are killed via SIGKILL or SIGTERM, this will halt execution of the playbook.
* Fixed a regression in the way we handle variables from dependent roles.
* Added better handling for certain errors thrown from the cryptography.
* Fixed a typo in the azure_rm_storageaccount module.
* Fixed some minor bugs in the os_user_role and cs_volume modules.
* Fixed a bug related to the return value of a low-level inventory API call \ 
related to getting variables for hosts and groups.
   2016-06-08 16:16:26 by Jonathan Perkin | Files touched by this commit (4)
Log message:
Import ansible version 2.1.0.0 as sysutils/ansible2.

This is based on the existing sysutils/ansible package, but cleaned up and
tracking the newer 2.x releases.  sysutils/ansible is retained to support
installations which still require 1.x support.  From the DESCR:

Ansible is a radically simple model-driven configuration management,
multi-node deployment, and remote task execution system. Ansible works
over SSH and does not require any software or daemons to be installed
on remote nodes. Extension modules can be written in any language and
are transferred to managed machines automatically.