./sysutils/ansible, SSH-based configuration management, deployment, and task execution

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 2.9.11nb1, Package name: ansible-2.9.11nb1, Maintainer: pkgsrc-users

Ansible is a radically simple model-driven configuration management,
multi-node deployment, and remote task execution system. Ansible works
over SSH and does not require any software or daemons to be installed
on remote nodes. Extension modules can be written in any language and
are transferred to managed machines automatically.

Required to run:
[textproc/py-yaml] [security/py-paramiko] [devel/py-setuptools] [textproc/py-jinja2] [security/py-cryptography] [lang/python37]

Required to build:

Master sites:

SHA1: fc122230ba41a3927d649ab44a49e70084a61d23
RMD160: e0a05be08ffa67ef7923f7c8d06ee309c9b6accd
Filesize: 13910.151 KB

Version history: (Expand)

CVS history: (Expand)

   2020-08-07 09:40:42 by Maya Rashish | Files touched by this commit (3) | Package updated
Log message:
ansible: parse the output of mount(8) instead of /etc/fstab.

PR pkg/55544
   2020-07-29 15:54:07 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
ansible: updated to 2.9.11


Minor Changes
- The ``items2dict`` filter can now create a dict whose values are the original \ 
elements of the input list, and whose keys are the value of some key in each \ 
dict. When the resulting dict is stored, this allows for O(1) lookup of a \ 
particular key without having to scan the entire list each time.
- k8s - update openshift requirements in documentation
- pipe lookup - update docs for Popen with shell=True usages \ 

- Allow TypeErrors on Undefined variables in filters to be handled or deferred \ 
when processing for loops.
- Fix ``delegate_facts: true`` when ``ansible_python_interpreter`` is not set. \ 
- Support check mode in NXOS BGP modules \ 
- TaskExecutor - Handle unexpected errors as failed while post validating loops \ 
- The `ansible_become` value was not being treated as a boolean value when set \ 
in an INI format inventory file (fixes bug \ 
- To fix ios_l2_interfaces facts parsing issue \ 
(https://github.com/ansible-collections/ … os/pull/59)
- To fix ios_user and ios_command test case failure fix \ 
(https://github.com/ansible-collections/ … os/pull/82)
- Vault - Allow single vault encrypted values to be used directly as module \ 
parameters. (https://github.com/ansible/ansible/issues/68275)
- add constraints file for ``anisble_runner`` test since an update to ``psutil`` \ 
is now causing test failures
- ansible-galaxy - Instead of assuming the first defined server is galaxy, \ 
filter based on the servers that support the v1 API, and return the first of \ 
those (https://github.com/ansible/ansible/issues/65440)
- ansible-test no longer tracebacks during change analysis due to processing an \ 
empty python file
- ansible-test now correctly recognizes imports in collections when using the \ 
``--changed`` option.
- ansible-test now ignores empty ``*.py`` files when analyzing module_utils \ 
imports for change detection
- assemble - fix decrypt argument in the module \ 
- docker_container - various error fixes in string handling for Python 2 to \ 
avoid crashes when non-ASCII characters are used in strings \ 
(https://github.com/ansible-collections/ … issues/640).
- eos_eapi - enable eapi by default
- group_by now should correctly refect changed status.
- json callback - Fix host result to task references in the resultant JSON \ 
output for non-lockstep strategy plugins such as free \ 
- nmcli - Add compatibility for new networkmanager library \ 
- puppet - fix command line construction for check mode and ``manifest:`` \ 
- selective callback - mark task failed correctly \ 
- windows async - use full path when calling PowerShell to reduce reliance on \ 
environment vars being correct - https://github.com/ansible/ansible/issues/70655
- winrm - preserve winrm forensic data on put_file failures
   2020-06-20 08:55:04 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
ansible: updated to 2.9.10


Minor Changes
- Add new magic variable ``ansible_collection`` that contains the collection name
- Add new magic variable ``ansible_role_name`` that contains the FQCN of the role
- Added missing platform guide for FRR
- Fix a typo in remove_signature flag in podman_image module
- Remove the deprecation message for the ``TRANSFORM_INVALID_GROUP_CHARS`` setting.
- The results queue and counter for results are now split for standard / handler \ 
results. This allows the governing strategy to be truly independent from the \ 
handler strategy, which basically follows the linear methodology.
- Updates ``ansible_role_names``, ``ansible_play_role_names``, and \ 
``ansible_dependent_role_names`` to include the FQCN
- ``Display.deprecated()``, ``AnsibleModule.deprecate()`` and \ 
``Ansible.Basic.Deprecate()`` now also accept the deprecation-by-date parameters \ 
and collection name parameters from Ansible 2.10, so plugins and modules in \ 
collections that conform to Ansible 2.10 will run with newer versions of Ansible \ 
- ovirt: update operating system options
- ovirt_storage_vm_info: fix example
- ovirt_vm: fix quotas example

Deprecated Features
- Using the DefaultCallback without the correspodning doc_fragment or copying \ 
the documentation.

- Allow tasks to notify a fqcn handler name
- Avoid bare select() for running commands to avoid too large file descriptor \ 
numbers failing tasks
- Avoid running subfunctions that are passed to show_vars function when it will \ 
be a noop.
- Create an ``import_module`` compat util, for use across the codebase, to allow \ 
collection loading to work properly on Python26
- Do not keep empty blocks in PlayIterator after skipping tasks with tags.
- Ensure that ``--version`` works with non-ascii ansible project paths
- Fix content encoding/decoding and do not fail when key based auth is used
- Fix gather_facts not working for network platforms when network_os is in FQCN \ 
- Fix issue with nxos_l2_interfaces where replaced doesn't remove superfluous config
- Fix nxos_facts with VDC having no interfaces
- Fix nxos_interfaces enabled not working properly because of broken system \ 
default dict generation
- Fix the issue when OS secgroup rule couldn't be imported from a different tenant
- Fixed the equality check for IncludedFiles to ensure they are not accidently \ 
merged when process_include_results runs.
- Prevent a race condition when running handlers using a combination of the free \ 
strategy and include_role.
- Properly handle unicode in ``safe_eval``.
- Remove unused and invalid import from FRR cliconf plugin
- RoleRequirement - include stderr in the error message if a scm command fails
- To fix ios_l3_interfaces Loopback issue
- To fix ios_vlans vtp version 2 issue
- Update NX-OS cliconf to accomodate MDS
- Update terminal plugin to check feature privilege only when escalation is needed
- Validate include args in handlers.
- added 'unimplemented' prefix to file based caching
- added new option for default callback to compat variable to avoid old 3rd \ 
party plugins from erroring out.
- ansible-doc - Allow and give precedence to `removed_at_date` for deprecated \ 
- ansible-galaxy - Fix ``multipart/form-data`` body to include extra CRLF
- ansible-galaxy - Preserve symlinks when building and installing a collection
- ansible-galaxy collection build - Command did not ignore .git files, which had \ 
the potential to cause troubles later on (for example, when importing into \ 
Automation Hub)
- ansible-test - Disabled the ``duplicate-code`` and ``cyclic-import`` checks \ 
for the ``pylint`` sanity test due to inconsistent results.
- ansible-test - The shebang sanity test now correctly identifies modules in \ 
subdirectories in collections.
- ansible-test change detection - Run only sanity tests on ``docs/`` and \ 
``changelogs/`` in collections, to avoid triggering full CI runs of integration \ 
and unit tests when files in these directories change.
- ansible-test is now able to find its ``egg-info`` directory when it contains \ 
the Ansible version number
- ansible-test no longer optimizes setting ``PATH`` by prepending the directory \ 
containing the selected Python interpreter when it is named ``python``. This \ 
avoids unintentionally making other programs available on ``PATH``, including an \ 
already installed version of Ansible.
- ansible-test pylint sanity test - do not crash when ``version`` specified to \ 
``AnsibleModule.deprecate()`` or ``Display.deprecated()`` contains string \ 
components, f.ex. tagged version numbers for Ansible 2.10.
- archive - fix issue with empty file exclusion from archive
- avoid fatal traceback when a bad FQCN for a callback is supplied in the whitelist.
- ce - Modify the way of parsing NETCONF XML message in ce.py
- collection loader - fix file/module/class confusion issues on case-insensitive \ 
- copy - Fixed copy module not working in case that remote_src is enabled and \ 
dest ends in a /
- discovery will NOT update incorrect host anymore when in delegate_to task.
- dnf - enable logging using setup_loggers() API in dnf-4.2.17-6 or later
- docker_machine - fallback to ip subcommand output if IPAddress is missing
- ensure we pass on interpreter discovery values to delegated host.
- file - return ``'state': 'absent'`` when a file does not exist
- fixed issues when using net_get & net_put before the persistent connection \ 
has been started
- interpreter discovery will now use correct vars (from delegated host) when in \ 
delegate_to task.
- k8s - Handle set object retrieved from lookup plugin.
- lineinfile - use ``module.tmpdir`` to allow configuration of the remote temp \ 
- lxd_container - enables to set keys not present in existing config
- ovirt_disk fix activate
- ovirt_disk: fix upload/download of images for ovirt 4.4
- ovirt_disk: force wait when uploading disk
- ovirt_vm: fix cd_iso search by name
- profile_tasks - typecast results before using it
- sesu - make use of the prompt specified in the code
- syslog_json callback - fix plugin exception when running
- yum/dnf - check type of elements in a name
- zfs_delegate_admin - add missing choices diff/hold/release to the permissions \ 
   2020-05-19 14:58:46 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
ansible: updated to 2.9.9


- Fix an issue with the ``fileglob`` plugin where passing a subdirectory of \ 
non-existent directory would cause it to fail - \ 


Minor Changes
- Add test for reboot & wait_for_connection on EOS & IOS \ 
- Fixed 'intersect' filter spelling in constructed inventory plugin example.
- Move cli prompt check logic from action to cliconf plugin \ 
- Point inventory script location to their respective version rather than devel \ 
version in documentation.
- ansible-test - Now includes testing support for RHEL 8.2
- ansible-test - Remove obsolete support for provisioning remote vCenter \ 
instances. The supporting services are no longer available.

- Collections - Allow a collection role to call a stand alone role, without \ 
needing to explicitly add ``ansible.legacy`` to the collection search order \ 
within the collection role. (https://github.com/ansible/ansible/issues/69101)
- Fix cli context check for network_cli connection \ 
- Revert 5f6427b1fc7449a5c42212013d3f628665701c3d as it breaks netconf connection
- Role Installation - Ensure that a role containing files with non-ascii \ 
characters can be installed (https://github.com/ansible/ansible/issues/69133)
- Update ActionBase._low_level_execute_command to honor executable \ 
- collections - Handle errors better for filters and tests in collections, where \ 
a non-existent collection is specified, or importing the plugin results in an \ 
exception (https://github.com/ansible/ansible/issues/66721)
- deal with cases in which just a file is pased and not a path with directories, \ 
now fileglob correctly searches in 'files/' subdirs.
- dnf - Unified error messages when trying to install a nonexistent package with \ 
newer dnf (4.2.18) vs older dnf (4.2.9)
- dnf - Unified error messages when trying to remove a wildcard name that is not \ 
currently installed, with newer dnf (4.2.18) vs older dnf (4.2.9)
- hostname - make module work on Manjaro Linux \ 
- mysql_user - fix the error No database selected \ 
- ovirt_disk: add warning when uploading wrong format
- ovirt_disk: upload image auto detect size
- ovirt_network: allow to remove vlan_tag
- pip - The virtualenv_command option can now include arguments without \ 
requiring the full path to the binary. \ 
- pip - check_mode with ``state: present`` now returns the correct state for \ 
pre-release versioned packages
- postgresql_set - fix converting value to uppercase \ 
- redfish_config - fix support for boolean bios attrs \ 
- service_facts - Now correctly parses systemd list-unit-files for systemd >=245
- sysvinit - Add missing parameter ``module`` in call to ``daemonize()``.
- the default parsing will now show existing JSON errors and not just YAML (last \ 
attempted), also we avoid YAML parsing when we know we only want JSON issue
- win_psmodule - Fix TLS 1.2 compatibility with PSGallery.
- win_psrepository - Fix TLS 1.2 compatibility with PSGallery.
- win_psrepository - Fix ``Ignore`` error when trying to retrieve the list of \ 
registered repositories
- zabbix_template - no longer fails with KeyError when there are no macros \ 
present in existing template (see \ 
https://github.com/ansible-collections/ … /issues/19)
   2020-04-29 12:36:26 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
ansible: updated to 2.9.7


Minor Changes

- 'Edit on GitHub' link for plugin, cli documentation fixed to navigate to \ 
correct plugin, cli source.
- Handle get_tags_for_object API correctly in vmware_rest_client.
- Remove redundant encoding in json.load call in ipa module_utils \ 
- ansible-test - Upgrade OpenSUSE containers to use Leap 15.1.
- ansible-test now supports testing against RHEL 7.8 when using the ``--remote`` \ 
- vmware_cluster - Document alternatives for deprecated parameters

Removed Features (previously deprecated)

- ldap_attr, ldap_entry - The ``params`` option has been removed in Ansible-2.10 \ 
as it circumvents Ansible's option handling.  Setting ``bind_pw`` with the \ 
``params`` option was disallowed in Ansible-2.7, 2.8, and 2.9 as it was \ 
insecure.  For information about this policy, see the discussion at: \ 
https://meetbot.fedoraproject.org/ansib … 0.log.html \ 
This fixes CVE-2020-1746


- **security issue** - The ``subversion`` module provided the password via the \ 
svn command line option ``--password`` and can be retrieved from the host's \ 
/proc/<pid>/cmdline file. Update the module to use the secure \ 
``--password-from-stdin`` option instead, and add a warning in the module and in \ 
the documentation if svn version is too old to support it. (CVE-2020-1739)

- **security issue** win_unzip - normalize paths in archive to ensure extracted \ 
files do not escape from the target directory (CVE-2020-1737)

- **security_issue** - create temporary vault file with strict permissions when \ 
editing and prevent race condition (CVE-2020-1740)
- Alter task_executor's start_connection to support newer modules from \ 
collections which expect to send task UUID.
- Ansible.ModuleUtils.WebRequest - actually set no proxy when ``use_proxy: no`` \ 
is set on a Windows module - https://github.com/ansible/ansible/issues/68528
- Ensure DataLoader temp files are removed at appropriate times and that we \ 
observe the LOCAL_TMP setting.
- Ensure we don't allow ansible_facts subkey of ansible_facts to override top \ 
level, also fix 'deprefixing' to prevent key transforms.
- Ensure we get an error when creating a remote tmp if it already exists. \ 
- Fact Delegation - Add ability to indicate which facts must always be \ 
delegated. Primarily for ``discovered_interpreter_python`` right now, but \ 
extensible later. (https://github.com/ansible/ansible/issues/61002)
- Fix nxos_lacp replace operation (https://github.com/ansible/ansible/pull/64074).
- Handle equal sign in password while using passwordstore lookup plugin.
- In fetch action, avoid using slurp return to set up dest, also ensure no dir \ 
traversal CVE-2019-3828.
- In vmware_guest_network module use appropriate network while creating or \ 
reconfiguring (https://github.com/ansible/ansible/issues/65968).
- Log additional messages from persistent connection modules that may be missed \ 
if the module fails or returns early.
- `vmware_content_deploy_template`'s `cluster` argument no longer fails with an \ 
error message about resource pools.
- ansible command now correctly sends v2_playbook_on_start to callbacks
- ansible-galaxy - Error when install finds a tar with a file that will be \ 
extracted outside the collection install directory - CVE-2020-10691
- ansible-galaxy collection - Preserve executable bit on build and preserve mode \ 
on install from what tar member is set to - \ 
- dense callback - fix plugin access to its configuration variables and remove a \ 
warning message (https://github.com/ansible/ansible/issues/64628).
- display - Improve method of removing extra new line after warnings so it does \ 
not break Tower/Runner (https://github.com/ansible/ansible/pull/68517)
- docker connection plugin - do not prefix remote path if running on Windows \ 
- for those running uids for invalid users (containers), fallback to \ 
uid=<uid> when logging fixes
- get_url pass incorrect If-Modified-Since header \ 
- mysql_user - Fix idempotence when long grant lists are used \ 
- os_user_role - Fix os_user_role issue to grant a role in a domain.
- ovirt_storage_domain: fix update_check for warning_low_space
- purefa_snmp - Fix error when deleting a manager and when creating a v2c \ 
manager (https://github.com/ansible/ansible/pull/68180)
- rabbitmq_policy - Fix version parsing for RabbitMQ 3.8.
- routeros_facts - Prevent crash of module when ``ipv6`` package is not installed
- setup.ps1 - Fix ``ansible_fqdn`` using the wrong values to build the actual \ 
   2020-03-05 11:18:59 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
ansible: updated to 2.9.6


Minor Changes
- Fix URL in postgresql_table documentation.
- Refator net_base action plugin to support collection with network platform \ 
agnostic modules.
- docker connection plugin - run Powershell modules on Windows containers.
- ovirt_disk: correct description of storage_domain, there is no default value \ 
of the attribute
- ovirt_vm: remove deprecated warning of Linux boot parameters

- Bump the minimum openstacksdk version to 0.18.0 when os_network uses the \ 
port_security_enabled or mtu arguments.
- Fix Python3 compatibility for vmware_export_ovf module.
- Fix a bug when a host was not removed from a play after ``meta: end_host`` and \ 
as a result the host was still present in ``ansible_play_hosts`` and \ 
``ansible_play_batch`` variables.
- Fix collection install error that happened if a dependency specified \ 
dependencies to be null
- Fix examples in eos_vlans
- Templating - Ansible was caching results of Jinja2 expressions in some cases \ 
where these expressions could have dynamic results, like password generation
- Update the warning message for ``CONDITIONAL_BARE_VARS`` to list the original \ 
conditional not the value of the original conditional
- Use hostnamectl command to get current hostname for host while using systemd \ 
- also strip spaces around config values in pathlist as we do in list types
- ansible-galaxy - Display proper error when invalid token is used for Galaxy servers
- ansible-galaxy - Fix issue when compared installed dependencies with a \ 
collection having no ``MANIFEST.json`` or an empty version string in the json
- ansible-galaxy - Fix up pagination searcher for collection versions on \ 
Automation Hub
- ansible-galaxy - Remove uneeded verbose messages when accessing local token file
- ansible-galaxy - Send SHA256 hashes when publishing a collection
- ansible-galaxy - properly list roles when the role name also happens to be in \ 
the role path
- ansible-test validate-modules - Fix arg spec collector for PowerShell to find \ 
utils in both a collection and base.
- azure_rm_resourcegroup_facts - adds the ansible_facts as a sub map to fix the \ 
- docker_login - make sure that ``~/.docker/config.json`` is created with \ 
permissions ``0600``.
- ec2_asg - regression bug, when an existing autoscaling group was updated and \ 
but the launch config of existing instances was deleted.
- fix the bug where IOS vlans module throws traceback.
- fixes the eos_vlans repalced state behavior to configure the 'name' parameter
- get_certificate - Fix cryptography backend when pyopenssl is unavailable
- make ``no_log=False`` on a module option silence the ``no_log`` warning
- mysql_db - fix bug in the ``db_import`` function introduced by \ 
- nxos_vlans -  Allow nxos_l2_interfaces to append the allowed vlans list
- openssl_* modules - prevent crash on fingerprint determination in FIPS mode
- ovirt_vm: correct keyError for iSCSI parameters
- ovirt_vm: correct numa nodes and update documentation
- plugins - Allow ensure_type to decrypt the value for string types (and \ 
implicit string types) when value is an inline vault.
- proxysql - fixed mysql dictcursor
- route53 - improve handling of octal encoded characters
- synchronize - allow data to be passed between two managed nodes when using the \ 
docker connection plugin
- unixy - fixed duplicate log entries on loops
- vmware_host_firewall_manager - Fixed creating IP specific firewall rules with \ 
Python 2
- vultr - Fixed the issue retry max delay param was ignored.
- win_credential - Fix issue that errors when trying to add a ``name`` with \ 
- win_unzip - Fix support for paths with square brackets not being detected properly
   2020-02-24 20:36:49 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
ansible: updated to 2.9.5


Minor Changes
- add one note to help ansible user to understand the requirements to
- ovirt_disk: remove default value because the parameter is required when disk \ 
is attached to vm
- ovirt_vm add comunentaion about how to import ova
- powershell (shell plugin) - Fix `join_path` to support UNC paths

Deprecated Features
- aws_az_info (aws_az_facts) - Fixed deprecation warning so that it triggers \ 
when run as aws_az_facts.  Bumped removal version to 2.14

- AnsibleModule.run_command() - set ``close_fds`` to ``False`` on Python 2 if \ 
``pass_fds`` are passed to ``run_command()``. Since ``subprocess.Popen()`` on \ 
Python 2 does not have the ``pass_fds`` option, there is no way to exclude a \ 
specific list of file descriptors from being closed.

- Fix multiple issues with nxos_interfaces states
- Module arguments in suboptions which were marked as deprecated with \ 
``removed_in_version`` did not result in a warning.
- Redact GitLab Project variables which might include sensetive information such \ 
as password, api_keys and other project related details.
- Working implementation for editing Cisco IOS \ 
- ansible-test - Use ``virtualenv`` versions before 20 on provisioned macOS \ 
instances to remain compatible with an older pip install.
- ansible-test now limits Jinja2 installs to version 2.10 and earlier on Python 2.6
- ansible-test windows coverage - Ensure coverage reports are UTF-8 encoded \ 
without a BOM
- bump the minimum openstacksdk version when os_network uses the dns_domain argument
- display - remove extra new line after warnings
- dnf - Fix idempotence of `state: installed`
- docker_container - passing ``test: [NONE]`` now actually disables the image's \ 
healthcheck, as documented.
- docker_swarm_service - passing ``test: [NONE]`` now actually disables the \ 
image's healthcheck, as documented.
- file - change ``_diff_peek`` in argument spec to be the correct type, which is \ 
- galaxy - Fix an AttributeError on ansible-galaxy install with an empty \ 
- group - The group module was not correctly detecting whether a local group is \ 
existing or not with local set to yes if the same group exists in a non local \ 
group repository e.g. LDAP.

- include_vars - fix stack trace when passing ``dirs`` in an ad-hoc command
- ios_* - Fix bug where IPV6 was duplicated for replace state
- ios_banner - Modified the regular expression check to be non greedy when \ 
multiple banners are present.
- jenkins_job module: xml config encoding bugfix on python3
- mysql_user - fix support privileges with underscore
- mysql_variable - fix the module doesn't support variables name with dot
- nxos_facts: Don't throw an error if faninfo is not reported.
- nxos_telemetry - Fix fact gathering for sensor-groups
- openssl_publickey - fix a module crash caused when pyOpenSSL is not installed
- ovirt - add suport for search with space
- ovirt_job: add job when job is already existing and is in state finished
- ovirt_network: add check to control when creating network
- pacman - fix module crash with ``IndexError: list index out of range``
- pamd - Bugfix for attribute error when removing the first or last line
- pmrun plugin - The success command string was no longer quoted. This caused \ 
unusual use-cases like ``become_flags=su - root -c`` to fail.
- podman connection plugin - fix to handle the new default copy pause rootless \ 
containers from upstream
- pure - fix incorrect user_string setting in module_utils file
- redhat_subscription - do not set the default quantity to ``1`` when no \ 
quantity is provided
- synchronize - fix password authentication on Python 2
- systemd - don't require systemd to be running to enable/disable or mask/unmask \ 
- throttle: the linear strategy didn't always stuck with the throttle limit
- user - update module to support silencing ``no_log`` warnings in the future
- wait_for_connection - with pipelining enabled, interpreter discovery would \ 
fail if the first connection attempt was not successful


- yum - fix bug that caused ``enablerepo`` to not be honored when used with \ 
disablerepo all wildcard/glob


Minor Changes
- Fixed typos in various modules regarding argument_spec data types.
- dnf - Properly handle module AppStreams that don't define stream
- docker_container.py - update a containers restart_policy without restarting \ 
the container
- docker_stack - Added ``stdout``, ``stderr``, and ``rc`` to return values.
- zabbix_* - underlying python module now required in version zabbix-api==0.5.4

- **SECURITY** - CVE-2019-14904 - solaris_zone module accepts zone name and \ 
performs actions related to that. However, there is no user input validation \ 
done while performing actions. A malicious user could provide a crafted zone \ 
name which allows executing commands into the server manipulating the module \ 
behaviour. Adding user input validation as per Solaris Zone documentation fixes \ 
this issue.
- ActionBase - Add new ``cleanup`` method that is explicitly run by the \ 
``TaskExecutor`` to ensure that the shell plugins ``tmpdir`` is always removed. \ 
This change means that individual action plugins need not be responsible for \ 
removing the temporary directory, which ensures that we don't have code paths \ 
that accidentally leave behind the temporary directory.
- CVE-2019-14905 - nxos_file_copy module accepts remote_file parameter which is \ 
used for destination name and performs actions related to that on the device \ 
using the value of remote_file which is of string type However, there is no user \ 
input validation done while performing actions. A malicious code could crafts \ 
the filename parameter to take advantage by performing an OS command injection. \ 
This fix validates the option value if it is legitimate file path or not.
- Fix bandwidth calculation in nxos_ospf_vrf for Python 3
- Fix for network_cli become method to be compatible with collections
- Fix how the neighbour password was being defaulted
- Fix idempotence issue in nxos_lag_interfaces with Python 3
- Fix issue where nxos_l3_interfaces was not rendering 'dhcp' in facts
- Fix issue where nxos_user unintentionally creates user with two different roles
- Fix issue where purge breaks with empty aggregate
- Fix issue with callbacks ``set_options`` method that was not called with \ 
- Fix multiple issues with how nxos_vlans Resource Module behaves
- Fix nxos_hsrp throwing a KeyError for `auth_enc`
- Fix nxos_vxlan_vtep_vni rendering duplicate peer-ip commands
- Fix ordering of the commands sent in nxos_snmp_community
- Fix regular expression to allow dots in username
- Fixes in network action plugins load from collections using module prefix
- Fixes in network action plugins to work in network connection plugin and \ 
modules in collection
- Make netconf plugin configurable to set ncclient device handler name in \ 
netconf plugin
- Netconf modules are sending a bad rpc call for IOS-XR
- Use correct datastore in multi-datacenter environment while using vmware_deploy_ovf
- When cloning vm from the template it assigned Blank template to it and when \ 
rerun playbook it failed.
- ansible-galaxy - Expand the ``User-Agent`` to include more information and add \ 
it to more calls to Galaxy endpoints.
- ansible-galaxy - Treat the ``GALAXY_SERVER_LIST`` config entry that is defined \ 
but with no values as an empty list
- ansible-test no longer tries to install ``coverage`` 5.0+ since those versions \ 
are unsupported
- ansible-test no longer tries to install ``setuptools`` 45+ on Python 2.x since \ 
those versions are unsupported
- ansible-test now ignores warnings when comparing pip versions before and after \ 
integration tests run
- ansible-test now properly recognizes modules and module_utils in collections \ 
when using the ``blacklist`` plugin for the ``pylint`` sanity test
- collection_loader - sort Windows modules below other plugin types so the \ 
correct builtin plugin inside a role is selected
- cyberarkpassword - fix invalid attribute access
- display logging - Fix issue where 3rd party modules will print tracebacks when \ 
attempting to log information when ``ANSIBLE_LOG_PATH`` is set - \ 
- display logging - Fixed up the logging formatter to use the proper prefixes \ 
for ``u=user`` and ``p=process``
- display logging - Re-added the ``name`` attribute to the log formatter so that \ 
the source of the log can be seen
- dnf module - Ensure the modules exit_json['msg'] response is always string, \ 
not sometimes a tuple.
- docker_container - wait for removal of container if docker API returns early
- docker_image - fix validation of build options.
- docker_image - improve file handling when loading images from disk.
- docker_login - fix error handling when ``username`` or ``password`` is not \ 
specified when ``state`` is ``present``.
- docker_network - fix idempotency for multiple IPAM configs of the same IP version
- docker_network - validate IPAM config subnet CIDR notation on module setup and \ 
not during idempotence checking.
- docker_swarm_service - fix task always reporting as changed when using \ 
- ec2_group - Fix regression with revoking security groups in EC2 Classic Load \ 
- ec2_group_info, ec2_vol_info, ec2_vol_info - Fixed RuntimeErrors on Python3.8 \ 
when iterating filter dictionaries.
- elb_application_lb, elb_network_lb - fixed errors during listener rule \ 
comparison which caused broken JSON, and which caused some values not being \ 
compared correctly.
- elb_application_lb, elb_network_lb - idempotence check for rules now compares \ 
all values order-independently, instead of just comparing the first value if \ 
multiple are specified.
- fact gathering - Display warnings and deprecation messages that are created \ 
during the fact gathering phase
- gitlab_runner - fix idempotency for shared runner
- mysql - dont mask ``mysql_connect`` function errors from modules
- openssl_certificate - ``provider`` option was documented as required, but it \ 
was not checked whether it was provided. It is now only required when ``state`` \ 
is ``present``.
- ovirt_network: correct external_provider logic - first try to import when not \ 
found try to create it
- pacman - Fix pacman output parsing on localized environment.
- paramiko - catch and handle exception to prevent stack trace when running in \ 
FIPS mode
- postgresql_privs - fix sorting lists with None elements for python3
- postgresql_schema - use query parameters with cursor object
- postgresql_sequence - use query parameters with cursor object
- postgresql_set - use query parameters with cursor object
- postgresql_slot - use query parameters with cursor object
- roles - Ensure that ``allow_duplicates: true`` enables to run single role \ 
multiple times
- terraform - adding support for absolute paths additionally to the relative \ 
path within project_path
- terraform module - fixes usage for providers not supporting workspaces
- user - fix comparison on macOS so module does not improperly report a change
- user - on systems using busybox, honor the ``on_changed`` parameter to prevent \ 
unnecessary password changing
- win_uri win_get_url - Fix the behaviour of ``follow_redirects: safe`` to \ 
actual redirect on ``GET`` and ``HEAD`` requests - \ 
- yum - performance bugfix, the YumBase object was being  instantiated multiple \ 
times unnecessarily, which lead to considerable overhead when operating against \ 
large sets of packages.

New Plugins

- ce - Use ce netconf plugin to run netconf commands on Huawei Cloudengine platform
- default - Use default netconf plugin to run standard netconf commands as per RFC
- iosxr - Use iosxr netconf plugin to run netconf commands on Cisco IOSXR platform
- junos - Use junos netconf plugin to run netconf commands on Juniper JUNOS platform
- sros - Use Nokia SROS netconf plugin to run netconf commands on Nokia SROS platform
   2019-12-10 23:26:34 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
ansible: updated to 2.9.2


Minor Changes
- Provides additional information about collection namespace name restrictions
- docker_swarm_service - Sort lists when checking for changes.

- Check NoneType for raw_params before proceeding in include_vars
- Fix nxos_facts rendering of keys
- Fix regression when ``ansible_failed_task`` and ``ansible_failed_result`` are \ 
not defined in the rescue block
- Fix string parsing of inline vault strings for plugin config variable sources
- Fixed typo in vmware_guest_powerstate module
- Revert customization of guest custom value behavior
- ``AnsibleUnsafe``/``AnsibleContext``/``Templar`` - Do not treat \ 
``AnsibleUndefined`` as being "unsafe"
- acme_certificate - fix misbehavior when ACME v1 is used with \ 
``modify_account`` set to ``false``.
- ansible-galaxy - Fix ``collection install`` when installing from a URL or a \ 
file - https://github.com/ansible/ansible/issues/65109
- ansible-galaxy - Return the HTTP code reason if no error msg was returned by \ 
the server - https://github.com/ansible/ansible/issues/64850
- ansible-galaxy - Set ``User-Agent`` to Ansible version when interacting with \ 
Galaxy or Automation Hub
- ansible-test now properly handles enumeration of git submodules. Enumeration \ 
is now done with ``git submodule status --recursive`` without specifying ``.`` \ 
for the path, since that could cause the command to fail. Instead, relative \ 
paths outside the current directory are filtered out of the results. Errors from \ 
``git`` commands will now once again be reported as errors instead of warnings.
- ansible-test windows coverage - Output temp files as UTF-8 with BOM to \ 
standardise against non coverage runs
- become - Fix various plugins that still used play_context to get the become \ 
password instead of through the plugin - \ 
- ce modules - Update(add) docs notes to tell user modules work connection.
- ce modules - Update(add) docs notes to tell user modules work connection.
- ce modules - Update(add) docs notes to tell user modules work connection.
- ce modules - Update(add) docs notes to tell user modules work connection.
- ce modules - Update(add) docs notes to tell user modules work connection.
- ce modules - Update(add) docs notes to tell user modules work connection.
- decouple k8s_scale from the k8s module utils so that it doesn't complain about \ 
missing arguments
- docker_container - fix network idempotence comparison error.
- docker_network - fix idempotence comparison error.
- fix all checkpoint modules to be able to get parameter with value false
- fortios httpapi plugin - fix the issue that fortios httpapi plugin does not \ 
support python2
- netconf_rpc module does not work with nxos
- netscaler_service - fixed issue preventing use of graceful attribute
- openssh_keypair - fixes idempotence issue with public key
- openssl_csr - the module will now enforce that ``privatekey_path`` is \ 
specified when ``state=present``.
- plugins-netconf-ce - Fix failed to get version information.
- postgres.py - add a new keyword argument ``query_params``
- postgresql_db - Removed exception for 'LibraryError'
- postgresql_idx.py - use the ``query_params`` arg of exec_sql function
- postgresql_lang - use query params with cursor.execute
- postgresql_owner - use query_params with cursor object
- postgresql_privs - sort results before comparing so that the values are \ 
compared and not the result of ``.sort()``
- postgresql_privs.py - fix reports as changed behavior of module when using \ 
- postgresql_user - fix the module doesn't correctly commit changes if groups is set
- proxmox - fix version detection of proxmox 6 and up (Fixes \ 
- pulp_repo - the ``client_cert`` and ``client_key`` options were used for both \ 
requests to the Pulp instance and for the repo to sync with, resulting in errors \ 
when they were used. Use the new options ``feed_client_cert`` and \ 
``feed_client_key`` for client certificates that should only be used for repo \ 
synchronisation, and not for communication with the Pulp instance.
- runas - Fix the ``runas`` ``become_pass`` variable fallback from \ 
``ansible_runas_runas`` to ``ansible_runas_pass``
- win_chocolatey - Improve error checking when finding the path of a newly \ 
installed Chocolatey app
- win_domain_computer - Fix idempotence checks when ``sAMAccountName`` is \ 
different from ``name``
- win_iis_webapppool - Do not try and set attributes in check mode when the pool \ 
did not exist
- yarn - handle no version when installing module by name
- zabbix_action - arguments ``event_source`` and ``esc_period`` no longer \ 
required when ``state=absent``