Path to this page:
Subject: CVS commit: pkgsrc/sysutils/ansible-core
From: Adam Ciarcinski
Date: 2024-11-12 09:02:34
Message id: 20241112080234.AB2F1FC7D@cvs.NetBSD.org
Log Message:
ansible-core: updated to 2.18.0
v2.18.0
=======
Minor Changes
-------------
- Add ``gid_min``, ``gid_max`` to the group plugin to overwrite the defaults \
provided by the ``/etc/login.defs`` file \
(https://github.com/ansible/ansible/pull/81770).
- Add ``python3.13`` to the default ``INTERPRETER_PYTHON_FALLBACK`` list.
- Add ``uid_min``, ``uid_max`` to the user plugin to overwrite the defaults \
provided by the ``/etc/login.defs`` file \
(https://github.com/ansible/ansible/pull/81770).
- Add a new meta task ``end_role`` (https://github.com/ansible/ansible/issues/22286)
- Add a new mount_facts module to support gathering information about mounts \
that are excluded by default fact gathering.
- Introducing COLOR_INCLUDED parameter. This can set a specific color for \
"included" events.
- Removed the shell ``environment`` config entry as this is already covered by \
the play/task directives documentation and the value itself is not used in the \
shell plugins. This should remove any confusion around how people set the \
environment for a task.
- Suppress cryptography deprecation warnings for Blowfish and TripleDES when the \
``paramiko`` Python module is installed.
- The minimum supported Python version on targets is now Python 3.8.
- ``ansible-galaxy collection publish`` - add configuration options for the \
initial poll interval and the exponential when checking the import status of a \
collection, since the default is relatively slow.
- ansible-config has new 'validate' option to find mispelled/forgein \
configurations in ini file or environment variables.
- ansible-doc - show examples in role entrypoint argument specs \
(https://github.com/ansible/ansible/pull/82671).
- ansible-galaxy - Handle authentication errors and token expiration
- ansible-test - Add Ubuntu 24.04 remote.
- ansible-test - Add support for Python 3.13.
- ansible-test - An ``ansible_core.egg-info`` directory is no longer generated \
when running tests.
- ansible-test - Connection options can be set for ansible-test managed remote \
Windows instances.
- ansible-test - Default to Python 3.13 in the ``base`` and ``default`` containers.
- ansible-test - Disable the ``deprecated-`` prefixed ``pylint`` rules as their \
results vary by Python version.
- ansible-test - Improve container runtime probe error handling. When unexpected \
probe output is encountered, an error with more useful debugging information is \
provided.
- ansible-test - Improve the error message shown when an unknown ``--remote`` or \
``--docker`` option is given.
- ansible-test - Remove Python 2.7 compatibility imports.
- ansible-test - Removed the ``vyos/1.1.8`` network remote as it is no longer \
functional.
- ansible-test - Replace Alpine 3.19 container and remote with Alpine 3.20.
- ansible-test - Replace Fedora 39 container and remote with Fedora 40.
- ansible-test - Replace FreeBSD 14.0 remote with FreeBSD 14.1.
- ansible-test - Replace RHEL 9.3 remote with RHEL 9.4.
- ansible-test - Replace Ubuntu 20.04 container with Ubuntu 24.04 container.
- ansible-test - The ``empty-init`` sanity test no longer applies to \
``module_utils`` packages.
- ansible-test - Update ``ansible-test-utility-container`` to version 3.1.0.
- ansible-test - Update ``base`` and ``default`` containers to omit Python 3.7.
- ansible-test - Update ``coverage`` to version 7.6.1.
- ansible-test - Update ``http-test-container`` to version 3.0.0.
- ansible-test - Update ``nios-test-container`` to version 5.0.0.
- ansible-test - Update ``pylint`` sanity test to use version 3.3.1.
- ansible-test - Update ``pypi-test-container`` to version 3.2.0.
- ansible-test - Update the ``base`` and ``default`` containers.
- ansible-test - Updated the frozen requirements for all sanity tests.
- ansible-test - Upgrade ``pip`` used in ansible-test managed virtual \
environments from version 24.0 to 24.2.
- ansible-test - Virtual environments created by ansible-test no longer include \
the ``wheel`` or ``setuptools`` packages.
- ansible-test - update HTTP test container to 3.2.0 \
(https://github.com/ansible/ansible/pull/83469).
- ansible.log now also shows log severity field
- distribution.py - Added SL-Micro in Suse OS Family. \
(https://github.com/ansible/ansible/pull/83541)
- dnf - minor internal changes in how the errors from the dnf API are handled; \
rely solely on the exceptions rather than inspecting text embedded in them
- dnf - remove legacy code for unsupported dnf versions
- dnf5 - implement ``enable_plugin`` and ``disable_plugin`` options
- fact gathering - Gather /proc/sysinfo facts on s390 Linux on Z
- facts - add systemd version and features
- find - change the datatype of ``elements`` to ``path`` in option ``paths`` \
(https://github.com/ansible/ansible/pull/83575).
- ini lookup - add new ``interpolation`` option \
(https://github.com/ansible/ansible/issues/83755)
- isidentifier - remove unwanted Python 2 specific code.
- loop_control - add a break_when option to to break out of a task loop early \
based on Jinja2 expressions (https://github.com/ansible/ansible/issues/83442).
- package_facts module now supports using aliases for supported package \
managers, for example managers=yum or managers=dnf will resolve to using the \
underlying rpm.
- plugins, deprecations and warnings concerning configuration are now displayed \
to the user, technical issue that prevented 'de-duplication' have been resolved.
- psrp - Remove connection plugin extras vars lookup. This should have no affect \
on existing users as all options have been documented.
- remove extraneous selinux import (https://github.com/ansible/ansible/issues/83657).
- replace random with secrets library.
- rpm_key - allow validation of gpg key with a subkey fingerprint
- rpm_key - enable gpg validation that requires presence of multiple fingerprints
- service_mgr - add support for dinit service manager \
(https://github.com/ansible/ansible/pull/83489).
- task timeout now returns timedout key with frame/code that was in execution \
when the timeout is triggered.
- timedout test for checking if a task result represents a 'timed out' task.
- unarchive - Remove Python 2.7 compatibility imports.
- validate-modules sanity test - detect if names of an option (option name + \
aliases) do not match between argument spec and documentation \
(https://github.com/ansible/ansible/issues/83598, \
https://github.com/ansible/ansible/pull/83599).
- validate-modules sanity test - reject option/aliases names that are identical \
up to casing but belong to different options \
(https://github.com/ansible/ansible/pull/83530).
- vaulted_file test filter added, to test if the provided path is an 'Ansible \
vaulted' file
- yum_repository - add ``excludepkgs`` alias to the ``exclude`` option.
Breaking Changes / Porting Guide
--------------------------------
- Stopped wrapping all commands sent over SSH on a Windows target with a \
``powershell.exe`` executable. This results in one less process being started on \
each command for Windows to improve efficiency, simplify the code, and make \
``raw`` an actual raw command run with the default shell configured on the \
Windows sshd settings. This should have no affect on most tasks except for \
``raw`` which now is not guaranteed to always be running in a PowerShell shell \
and from having the console output codepage set to UTF-8. To avoid this issue \
either swap to using ``ansible.windows.win_command``, \
``ansible.windows.win_shell``, ``ansible.windows.win_powershell`` or manually \
wrap the raw command with the shell commands needed to set the output console \
encoding.
- persistent connection plugins - The ``ANSIBLE_CONNECTION_PATH`` config option \
no longer has any effect.
Deprecated Features
-------------------
- Deprecate ``ansible.module_utils.basic.AnsibleModule.safe_eval`` and \
``ansible.module_utils.common.safe_eval`` as they are no longer used.
- persistent connection plugins - The ``ANSIBLE_CONNECTION_PATH`` config option \
no longer has any effect, and will be removed in a future release.
- yum_repository - deprecate ``async`` option as it has been removed in RHEL 8 \
and will be removed in ansible-core 2.22.
- yum_repository - the following options are deprecated: \
``deltarpm_metadata_percentage``, ``gpgcakey``, ``http_caching``, ``keepalive``, \
``metadata_expire_filter``, ``mirrorlist_expire``, ``protect``, \
``ssl_check_cert_permissions``, ``ui_repoid_vars`` as they have no effect for \
dnf as an underlying package manager. The options will be removed in \
ansible-core 2.22.
Removed Features (previously deprecated)
----------------------------------------
- Play - removed deprecated ``ROLE_CACHE`` property in favor of ``role_cache``.
- Remove deprecated `VariableManager._get_delegated_vars` method \
(https://github.com/ansible/ansible/issues/82950)
- Removed Python 3.10 as a supported version on the controller. Python 3.11 or \
newer is required.
- Removed support for setting the ``vars`` keyword to lists of dictionaries. It \
is now required to be a single dictionary.
- loader - remove deprecated non-inclusive words \
(https://github.com/ansible/ansible/issues/82947).
- paramiko_ssh - removed deprecated ssh_args from the paramiko_ssh connection \
plugin (https://github.com/ansible/ansible/issues/82939).
- paramiko_ssh - removed deprecated ssh_common_args from the paramiko_ssh \
connection plugin (https://github.com/ansible/ansible/issues/82940).
- paramiko_ssh - removed deprecated ssh_extra_args from the paramiko_ssh \
connection plugin (https://github.com/ansible/ansible/issues/82941).
- play_context - remove deprecated PlayContext.verbosity property \
(https://github.com/ansible/ansible/issues/82945).
- utils/listify - remove deprecated 'loader' argument from \
listify_lookup_plugin_terms API \
(https://github.com/ansible/ansible/issues/82949).
Security Fixes
--------------
- include_vars action - Ensure that result masking is correctly requested when \
vault-encrypted files are read. (CVE-2024-8775)
- task result processing - Ensure that action-sourced result masking \
(``_ansible_no_log=True``) is preserved. (CVE-2024-8775)
- user action won't allow ssh-keygen, chown and chmod to run on existing ssh \
public key file, avoiding traversal on existing symlinks (CVE-2024-9902).
Files: