Path to this page:
Subject: CVS commit: pkgsrc/sysutils/ansible
From: Havard Eidnes
Date: 2016-02-17 21:31:45
Message id: 20160217203145.DFDD5FBB7@cvs.NetBSD.org
Log Message:
Upgrade to version 1.9.4nb1, copied over from pkgsrc-wip.
Upstream changes:
Version 1.9.4, "Dancing In the Street" - Oct 9, 2015:
* Fixes a bug where yum state=latest would error if there were no
updates to install.
* Fixes a bug where yum state=latest did not work with wildcard package names.
* Fixes a bug in lineinfile relating to escape sequences.
* Fixes a bug where vars_prompt was not keeping passwords private by default.
* Fix ansible-galaxy and the hipchat callback plugin to check that
the host it is contacting matches its TLS Certificate.
Version 1.9.3, "Dancing In the Street" - Sep 3, 2015:
* Fixes a bug related to keyczar messing up encodings internally,
resulting in decrypted messages coming out as empty strings.
* AES Keys generated for use in accelerated mode are now 256-bit
by default instead of 128.
* Fix url fetching for SNI with python-2.7.9 or greater. SNI does
not work with python < 2.7.9. The best workaround is probably
to use the command module with curl or wget.
* Fix url fetching to allow tls-1.1 and tls-1.2 if the system's
openssl library supports those protocols
* Fix ec2_ami_search module to check TLS Certificates
* Fix the following extras modules to check TLS Certificates:
campfire
layman
librarto_annotate
twilio
typetalk
* Fix docker module's parsing of docker-py version for dev checkouts
* Fix docker module to work with docker server api 1.19
* Change yum module's state=latest feature to update all packages
specified in a single transaction. This is the same type of fix
as was made for yum's state=installed in 1.9.2 and both solves
the same problems and with the same caveats.
* Fixed a bug where stdout from a module might be blank when there
were were non-printable ASCII characters contained within it
Version 1.9.2, "Dancing In the Street" - Jun 26, 2015:
* Security fixes to check that hostnames match certificates with
https urls (CVE-2015-3908)
get_url and uri modules
url and etcd lookup plugins
* Security fixes to the zone (Solaris containers), jail (bsd
containers), and chroot connection plugins. These plugins can
be used to connect to their respective container types in leiu
of the standard ssh connection. Prior to this fix being applied
these connection plugins didn't properly handle symlinks within
the containers which could lead to files intended to be written
to or read from the container being written to or read from the
host system instead. (CVE pending)
* Fixed a bug in the service module where init scripts were being
incorrectly used instead of upstart/systemd.
* Fixed a bug where sudo/su settings were not inherited from
ansible.cfg correctly.
* Fixed a bug in the rds module where a traceback may occur due
to an unbound variable.
* Fixed a bug where certain remote file systems where the SELinux
context was not being properly set.
* Re-enabled several windows modules which had been partially
merged (via action plugins):
win_copy.ps1
win_copy.py
win_file.ps1
win_file.py
win_template.py
* Fix bug using with_sequence and a count that is zero. Also allows
counting backwards isntead of forwards
* Fix get_url module bug preventing use of custom ports with https urls
* Fix bug disabling repositories in the yum module.
* Fix giving yum module a url to install a package from on RHEL/CENTOS5
* Fix bug in dnf module preventing it from working when yum-utils
was not already installed
Version 1.9.1, "Dancing In the Street" - Apr 27, 2015:
* Fixed a bug related to Kerberos auth when using winrm with a domain account.
* Fixing several bugs in the s3 module.
* Fixed a bug with upstart service detection in the service module.
* Fixed several bugs with the user module when used on OSX.
* Fixed unicode handling in some module situations (assert and
shell/command execution).
* Fixed a bug in redhat_subscription when using the activationkey parameter.
* Fixed a traceback in the gce module on EL6 distros when multiple
pycrypto installations are available.
* Added support for PostgreSQL 9.4 in rds_param_group
* Several other minor fixes.
Version 1.9, "Dancing In the Street" - Mar 25, 2015:
Major changes:
* Added kerberos support to winrm connection plugin.
* Tags rehaul: added 'all', 'always', 'untagged' and 'tagged'
special tags and normalized tag resolution. Added tag information
to --list-tasks and new --list-tags option.
* Privilege Escalation generalization, new 'Become' system and
variables now will handle existing and new methods. Sudo and
su have been kept for backwards compatibility. New methods
pbrun and pfexec in 'alpha' state, planned adding 'runas' for
winrm connection plugin.
* Improved ssh connection error reporting, now you get back the
specific message from ssh.
* Added facility to document task module return values for
registered vars, both for ansible-doc and the docsite. Documented
copy, stats and acl modules, the rest must be updated individually
(we will start doing so incrementally).
* Optimize the plugin loader to cache available plugins much more
efficiently. For some use cases this can lead to dramatic
improvements in startup time.
* Overhaul of the checksum system, now supports more systems and
more cases more reliably and uniformly.
* Fix skipped tasks to not display their parameters if no_log is specified.
* Many fixes to unicode support, standarized functions to make
it easier to add to input/output boundaries.
* Added travis integration to github for basic tests, this should
speed up ticket triage and merging.
* environment: directive now can also be applied to play and is
inhertited by tasks, which can still override it.
* expanded facts and OS/distribution support for existing facts
and improved performance with pypy.
* new 'wantlist' option to lookups allows for selecting a list
typed variable vs a comma delimited string as the return.
* the shared module code for file backups now uses a timestamp
resolution of seconds (previouslly minutes).
* allow for empty inventories, this is now a warning and not an
error (for those using localhost and cloud modules).
* sped up YAML parsing in ansible by up to 25% by switching to
CParser loader.
New Modules:
* cryptab: manages linux encrypted block devices
* gce_img: for utilizing GCE image resources
* gluster_volume: manage glusterfs volumes
* haproxy: for the load balancer of same name
* known_hosts: manages the ssh known_hosts file
* lxc_container: manage lxc containers
* patch: allows for patching files on target systems
* pkg5: installing and uninstalling packages on Solaris
* pkg5_publisher: manages Solaris pkg5 repository configuration
* postgresql_ext: manage postgresql extensions
* snmp_facts: gather facts via snmp
* svc: manages daemontools based services
* uptimerobot: manage monitoring with this service
New Filters:
* ternary: allows for trueval/falseval assignment dependent on conditional
* cartesian: returns the Cartesian product of 2 lists
* to_uuid: given a string it will return an ansible domain specific UUID
* checksum: uses the ansible internal checksum to return a hash from a string
* hash: get a hash from a string (md5, sha1, etc)
* password_hash: get a hash form as string that can be used as a
password in the user module (and others)
* A whole set of ip/network manipulation filters:
ipaddr,ipwrap,ipv4,ipv6ipsubnet,nthhost,hwaddr,macaddr
Version 1.8.4, "You Really Got Me" - Feb 19, 2015:
* Fixed regressions in ec2 and mount modules, introduced in 1.8.3
Version 1.8.3, "You Really Got Me" - Feb 17, 2015:
* Fixing a security bug related to the default permissions set on
a temporary file created when using "ansible-vault view ".
* Many bug fixes, for both core code and core modules.
Version 1.8.2, "You Really Got Me" - Dec 04, 2014:
* Various bug fixes for packaging issues related to modules.
* Various bug fixes for lookup plugins.
* Various bug fixes for some modules (continued cleanup of postgresql
issues, etc.).
* Add a clone parameter to git module that allows you to get
information about a remote repo even if it doesn't exist locally.
Version 1.8.1, "You Really Got Me" - Nov 26, 2014:
* Various bug fixes in postgresql and mysql modules.
* Fixed a bug related to lookup plugins used within roles not
finding files based on the relative paths to the roles files/
directory.
* Fixed a bug related to vars specified in plays being templated
too early, resulting in incorrect variable interpolation.
* Fixed a bug related to git submodules in bare repos.
Version 1.8, "You Really Got Me" - Nov 25, 2014:
Major changes:
* fact caching support, pluggable, initially supports Redis (DOCS pending)
* 'serial' size in a rolling update can be specified as a percentage
* added new Jinja2 filters, 'min' and 'max' that take lists
* new 'ansible_version' variable available contains a dictionary
of version info
* For ec2 dynamic inventory, ec2.ini can has various new configuration options
'ansible vault view filename.yml' opens filename.yml decrypted in a pager.
no_log parameter now surpressess data from callbacks/output as
well as syslog
* ansible-galaxy install -f requirements.yml allows advanced
options and installs from non-galaxy SCM sources and tarballs.
* command_warnings feature will warn about when usage of the
shell/command module can be simplified to use core modules -
this can be enabled in ansible.cfg
* new omit value can be used to leave off a parameter when not
set, like so module_name: a=1 b={{ c | default(omit) }}, would
not pass value for b (not even an empty value) if c was not set.
* developers: 'baby JSON' in module responses, originally intended
for writing modules in bash, is removed as a feature to simplify
logic, script module remains available for running bash scripts.
* async jobs started in "fire & forget" mode can now be checked
on at a later time.
* added ability to subcategorize modules for docs.ansible.com
* added ability for shipped modules to have aliases with symlinks
* added ability to deprecate older modules by starting with "_"
and including "deprecated: message why" in module docs
New Modules:
* cloud: rax_cdb - manages Rackspace Cloud Database instances
* cloud: rax_cdb_database - manages Rackspace Cloud Databases
* cloud: rax_cdb_user - manages Rackspace Cloud Database users
* monitoring: zabbix_maintaince - handles outage windows with Zabbix
* monitoring: bigpanda - support for bigpanda
* net_infrastructure: a10_server - manages server objects on A10 devices
* net_infrastructure: a10_service_group - manages service group
objects on A10 devices
* net_infrastructure: a10_virtual_server - manages virtual server
objects on A10 devices
* system: getent - read getent databases
Version 1.7.2, "Summer Nights" - Sep 24, 2014:
* Fixes a bug in accelerate mode which caused a traceback when
trying to use that connection method.
* Fixes a bug in vault where the password file option was not
being used correctly internally.
* Improved multi-line parsing when using YAML literal blocks (using > or |).
* Fixed a bug with the file module and the creation of relative symlinks.
* Fixed a bug where checkmode was not being honoured during the
templating of files.
* Other various bug fixes.
Version 1.7.1, "Summer Nights" - Aug 14, 2014:
* Security fix to disallow specifying 'args:' as a string, which
could allow the insertion of extra module parameters through
variables.
* Performance enhancements related to previous security fixes,
which could cause slowness when modules returned very large
JSON results. This specifically impacted the unarchive module
frequently, which returns the details of all unarchived files
in the result.
* Docker module bug fixes:
Fixed support for specifying rw/ro bind modes for volumes
Fixed support for allowing the tag in the image parameter
* Various other bug fixes
Version 1.7, "Summer Nights" - Aug 06, 2014:
Major new features:
* Windows support (alpha) using native PowerShell remoting
* Tasks can now specify run_once: true, meaning they will be
executed exactly once. This can be combined with delegate_to
to trigger actions you want done just the one time versus for
every host in inventory.
New inventory scripts:
* SoftLayer
* Windows Azure
New Modules:
* cloud: azure
* cloud: rax_meta
* cloud: rax_scaling_group
* cloud: rax_scaling_policy
* windows: version of setup module
* windows: version of slurp module
* windows: win_feature
* windows: win_get_url
* windows: win_msi
* windows: win_ping
* windows: win_user
* windows: win_service
* windows: win_group
Other notable changes:
* Security fixes
* Prevent the use of lookups when using legacy "{{ }}" syntax
round variables and with_* loops.
* Remove relative paths in TAR-archived file names used by ansible-galaxy.
* Inventory speed improvements for very large inventories.
* Vault password files can now be executable, to support scripts
that fetch the vault password.
Files: