gitea/ansible.posix
1
0
Fork 0
mirror of https://github.com/ansible-collections/ansible.posix.git synced 2026-05-13 13:02:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ansible-collections:main' into main

Browse Source
This commit is contained in:
mubashirusman
2024-10-15 22:26:52 +02:00
committed by GitHub
parent 7e1b76c46e daca208c0b
commit 05724a097b
72 changed files with 718 additions and 4783 deletions
Download Patch File Download Diff File Expand all files Collapse all files

87
plugins/modules/acl.py
View File

@@ -25,7 +25,7 @@ options:
state:
description:
- Define whether the ACL should be present or not.
- The C(query) state gets the current ACL without changing it, for use in C(register) operations.
- The V(query) state gets the current ACL without changing it, for use in C(register) operations.
choices: [ absent, present, query ]
default: query
type: str
@@ -36,8 +36,8 @@ options:
default: true
default:
description:
- If the target is a directory, setting this to C(true) will make it the default ACL for entities created inside the directory.
- Setting C(default) to C(true) causes an error if the path is a file.
- If O(path) is a directory, setting this to V(true) will make it the default ACL for entities created inside the directory.
- Setting O(default=true) causes an error if O(path) is a file.
type: bool
default: false
entity:
@@ -53,7 +53,7 @@ options:
permissions:
description:
- The permissions to apply/remove can be any combination of C(r), C(w), C(x)
- (read, write and execute respectively), and C(X) (execute permission if the file is a directory or already has execute permission for some user)
(read, write and execute respectively), and C(X) (execute permission if the file is a directory or already has execute permission for some user)
type: str
entry:
description:
@@ -67,21 +67,25 @@ options:
recursive:
description:
- Recursively sets the specified ACL.
- Incompatible with C(state=query).
- Alias C(recurse) added in version 1.3.0.
- Incompatible with O(state=query).
- Alias O(recurse) added in version 1.3.0.
type: bool
default: false
aliases: [ recurse ]
use_nfsv4_acls:
description:
- Use NFSv4 ACLs instead of POSIX ACLs.
- This feature uses C(nfs4_setfacl) and C(nfs4_getfacl). The behavior depends on those implementation.
And currently it only supports C(A) in ACE, so C(D) must be replaced with the appropriate C(A).
- Permission is set as optimised ACLs by the system. You can check the actual ACLs that has been set using the return value.
- More info C(man nfs4_setfacl)
type: bool
default: false
recalculate_mask:
description:
- Select if and when to recalculate the effective right masks of the files.
- See C(setfacl) documentation for more info.
- Incompatible with C(state=query).
- Incompatible with O(state=query).
choices: [ default, mask, no_mask ]
default: default
type: str
@@ -89,9 +93,9 @@ author:
- Brian Coca (@bcoca)
- Jérémie Astori (@astorije)
notes:
- The C(acl) module requires that ACLs are enabled on the target filesystem and that the C(setfacl) and C(getfacl) binaries are installed.
- The M(ansible.posix.acl) module requires that ACLs are enabled on the target filesystem and that the C(setfacl) and C(getfacl) binaries are installed.
- As of Ansible 2.0, this module only supports Linux distributions.
- As of Ansible 2.3, the I(name) option has been changed to I(path) as default, but I(name) still works as well.
- As of Ansible 2.3, the O(name) option has been changed to O(path) as default, but O(name) still works as well.
'''
EXAMPLES = r'''
@@ -179,7 +183,7 @@ def split_entry(entry):
def build_entry(etype, entity, permissions=None, use_nfsv4_acls=False):
'''Builds and returns an entry string. Does not include the permissions bit if they are not provided.'''
if use_nfsv4_acls:
return ':'.join([etype, entity, permissions, 'allow'])
return ':'.join(['A', 'g' if etype == 'group' else '', entity, permissions + 'tcy'])
if permissions:
return etype + ':' + entity + ':' + permissions
@@ -187,22 +191,27 @@ def build_entry(etype, entity, permissions=None, use_nfsv4_acls=False):
return etype + ':' + entity
def build_command(module, mode, path, follow, default, recursive, recalculate_mask, entry=''):
def build_command(module, mode, path, follow, default, recursive, recalculate_mask, use_nfsv4_acls, entry=''):
'''Builds and returns a getfacl/setfacl command.'''
if mode == 'set':
cmd = [module.get_bin_path('setfacl', True)]
cmd.extend(['-m', entry])
cmd = [module.get_bin_path('nfs4_setfacl' if use_nfsv4_acls else 'setfacl', True)]
cmd.extend(['-a' if use_nfsv4_acls else '-m', entry])
elif mode == 'rm':
cmd = [module.get_bin_path('setfacl', True)]
cmd = [module.get_bin_path('nfs4_setfacl' if use_nfsv4_acls else 'setfacl', True)]
cmd.extend(['-x', entry])
else: # mode == 'get'
cmd = [module.get_bin_path('getfacl', True)]
# prevents absolute path warnings and removes headers
if platform.system().lower() == 'linux':
if use_nfsv4_acls:
# use nfs4_getfacl instead of getfacl if use_nfsv4_acls is True
cmd = [module.get_bin_path('nfs4_getfacl', True)]
else:
cmd = [module.get_bin_path('getfacl', True)]
cmd.append('--absolute-names')
cmd.append('--omit-header')
cmd.append('--absolute-names')
if recursive:
if recursive and not use_nfsv4_acls:
cmd.append('--recursive')
if recalculate_mask == 'mask' and mode in ['set', 'rm']:
@@ -210,7 +219,7 @@ def build_command(module, mode, path, follow, default, recursive, recalculate_ma
elif recalculate_mask == 'no_mask' and mode in ['set', 'rm']:
cmd.append('--no-mask')
if not follow:
if not follow and not use_nfsv4_acls:
if platform.system().lower() == 'linux':
cmd.append('--physical')
elif platform.system().lower() == 'freebsd':
@@ -223,24 +232,34 @@ def build_command(module, mode, path, follow, default, recursive, recalculate_ma
return cmd
def acl_changed(module, cmd):
def acl_changed(module, cmd, entry, use_nfsv4_acls=False):
'''Returns true if the provided command affects the existing ACLs, false otherwise.'''
# FreeBSD do not have a --test flag, so by default, it is safer to always say "true"
# To check the ACL changes, use the output of setfacl or nfs4_setfacl with '--test'.
# FreeBSD do not have a --test flag, so by default, it is safer to always say "true".
if platform.system().lower() == 'freebsd':
return True
cmd = cmd[:] # lists are mutables so cmd would be overwritten without this
cmd.insert(1, '--test')
lines = run_acl(module, cmd)
counter = 0
for line in lines:
if not line.endswith('*,*'):
return True
return False
if line.endswith('*,*') and not use_nfsv4_acls:
return False
# if use_nfsv4_acls and entry is listed
if use_nfsv4_acls and entry == line:
counter += 1
# The current 'nfs4_setfacl --test' lists a new entry,
# which will be added at the top of list, followed by the existing entries.
# So if the entry has already been registered, the entry should be find twice.
if counter == 2:
return False
return True
def run_acl(module, cmd, check_rc=True):
'''Runs the provided command and returns the output as a list of lines.'''
try:
(rc, out, err) = module.run_command(cmd, check_rc=check_rc)
except Exception as e:
@@ -313,7 +332,7 @@ def main():
module.fail_json(msg="'recalculate_mask' MUST NOT be set to 'mask' or 'no_mask' when 'state=query'.")
if not entry:
if state == 'absent' and permissions:
if state == 'absent' and permissions and not use_nfsv4_acls:
module.fail_json(msg="'permissions' MUST NOT be set when 'state=absent'.")
if state == 'absent' and not entity:
@@ -350,21 +369,24 @@ def main():
entry = build_entry(etype, entity, permissions, use_nfsv4_acls)
command = build_command(
module, 'set', path, follow,
default, recursive, recalculate_mask, entry
default, recursive, recalculate_mask, use_nfsv4_acls, entry
)
changed = acl_changed(module, command)
changed = acl_changed(module, command, entry, use_nfsv4_acls)
if changed and not module.check_mode:
run_acl(module, command)
msg = "%s is present" % entry
elif state == 'absent':
entry = build_entry(etype, entity, use_nfsv4_acls)
if use_nfsv4_acls:
entry = build_entry(etype, entity, permissions, use_nfsv4_acls)
else:
entry = build_entry(etype, entity, use_nfsv4_acls)
command = build_command(
module, 'rm', path, follow,
default, recursive, recalculate_mask, entry
default, recursive, recalculate_mask, use_nfsv4_acls, entry
)
changed = acl_changed(module, command)
changed = acl_changed(module, command, entry, use_nfsv4_acls)
if changed and not module.check_mode:
run_acl(module, command, False)
@@ -375,7 +397,10 @@ def main():
acl = run_acl(
module,
build_command(module, 'get', path, follow, default, recursive, recalculate_mask)
build_command(
module, 'get', path, follow, default, recursive,
recalculate_mask, use_nfsv4_acls
)
)
module.exit_json(changed=changed, msg=msg, acl=acl)

2
plugins/modules/at.py
View File

@@ -36,7 +36,7 @@ options:
choices: [ minutes, hours, days, weeks ]
state:
description:
- The state dictates if the command or script file should be evaluated as present(added) or absent(deleted).
- The state dictates if the command or script file should be evaluated as V(present) (added) or V(absent) (deleted).
type: str
choices: [ absent, present ]
default: present

43
plugins/modules/authorized_key.py
View File

@@ -24,22 +24,23 @@ options:
key:
description:
- The SSH public key(s), as a string or (since Ansible 1.9) url (https://github.com/username.keys).
- You can also use V(file://) prefix to search remote for a file with SSH key(s).
type: str
required: true
path:
description:
- Alternative path to the authorized_keys file.
- The default value is the C(.ssh/authorized_keys) of the home of the user specified in the O(user) parameter.
- Most of the time, it's not necessary to set this key.
- The default value is the V(.ssh/authorized_keys) of the home of the user specified in the O(user) parameter.
- Most of the time, it is not necessary to set this key.
- Use the path to your target authorized_keys if you need to explicitly point on it.
type: path
manage_dir:
description:
- Whether this module should manage the directory of the authorized key file.
- If set to C(true), the module will create the directory, as well as set the owner and permissions
- If set to V(true), the module will create the directory, as well as set the owner and permissions
of an existing directory.
- Be sure to set C(manage_dir=false) if you are using an alternate directory for authorized_keys,
as set with C(path), since you could lock yourself out of SSH access.
- Be sure to set O(manage_dir=false) if you are using an alternate directory for authorized_keys,
as set with O(path), since you could lock yourself out of SSH access.
- See the example below.
type: bool
default: true
@@ -56,17 +57,17 @@ options:
exclusive:
description:
- Whether to remove all other non-specified keys from the authorized_keys file.
- Multiple keys can be specified in a single C(key) string value by separating them by newlines.
- Multiple keys can be specified in a single O(key) string value by separating them by newlines.
- This option is not loop aware, so if you use C(with_) , it will be exclusive per iteration of the loop.
- If you want multiple keys in the file you need to pass them all to C(key) in a single batch as mentioned above.
- If you want multiple keys in the file you need to pass them all to O(key) in a single batch as mentioned above.
type: bool
default: false
validate_certs:
description:
- This only applies if using a https url as the source of the keys.
- If set to C(false), the SSL certificates will not be validated.
- This should only set to C(false) used on personally controlled sites using self-signed certificates as it avoids verifying the source site.
- Prior to 2.1 the code worked as if this was set to C(true).
- If set to V(false), the SSL certificates will not be validated.
- This should only set to V(false) used on personally controlled sites using self-signed certificates as it avoids verifying the source site.
- Prior to 2.1 the code worked as if this was set to V(true).
type: bool
default: true
comment:
@@ -96,6 +97,12 @@ EXAMPLES = r'''
state: present
key: https://github.com/charlie.keys
- name: Set authorized keys taken from path on controller node
ansible.posix.authorized_key:
user: charlie
state: present
key: file:///home/charlie/.ssh/id_rsa.pub
- name: Set authorized keys taken from url using lookup
ansible.posix.authorized_key:
user: charlie
@@ -223,6 +230,7 @@ from operator import itemgetter
from ansible.module_utils._text import to_native
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.urls import fetch_url
from ansible.module_utils.six.moves.urllib.parse import urlparse
class keydict(dict):
@@ -556,7 +564,7 @@ def enforce_state(module, params):
follow = params.get('follow', False)
error_msg = "Error getting key from: %s"
# if the key is a url, request it and use it as key source
# if the key is a url or file, request it and use it as key source
if key.startswith("http"):
try:
resp, info = fetch_url(module, key)
@@ -570,6 +578,19 @@ def enforce_state(module, params):
# resp.read gives bytes on python3, convert to native string type
key = to_native(key, errors='surrogate_or_strict')
if key.startswith("file"):
# if the key is an absolute path, check for existense and use it as a key source
key_path = urlparse(key).path
if not os.path.exists(key_path):
module.fail_json(msg="Path to a key file not found: %s" % key_path)
if not os.path.isfile(key_path):
module.fail_json(msg="Path to a key is a directory and must be a file: %s" % key_path)
try:
with open(key_path, 'r') as source_fh:
key = source_fh.read()
except OSError as e:
module.fail_json(msg="Failed to read key file %s : %s" % (key_path, to_native(e)))
# extract individual keys into an array, skipping blank lines and comments
new_keys = [s for s in key.splitlines() if s and not s.startswith('#')]

115
plugins/modules/firewalld.py
View File

@@ -17,7 +17,7 @@ options:
service:
description:
- Name of a service to add/remove to/from firewalld.
- The service must be listed in output of firewall-cmd --get-services.
- The service must be listed in output of C(firewall-cmd --get-services).
type: str
protocol:
description:
@@ -38,22 +38,22 @@ options:
type: str
required: true
description:
- Source port to forward from
- Source port to forward from.
proto:
type: str
required: true
description:
- protocol to forward
- protocol to forward.
choices: [udp, tcp]
toport:
type: str
required: true
description:
- destination port
- destination port.
toaddr:
type: str
description:
- Optional address to forward to
- Optional address to forward to.
rich_rule:
description:
- Rich rule to add/remove to/from firewalld.
@@ -78,28 +78,28 @@ options:
zone:
description:
- The firewalld zone to add/remove to/from.
- Note that the default zone can be configured per system but C(public) is default from upstream.
- Note that the default zone can be configured per system but V(public) is default from upstream.
- Available choices can be extended based on per-system configs, listed here are "out of the box" defaults.
- Possible values include C(block), C(dmz), C(drop), C(external), C(home), C(internal), C(public), C(trusted), C(work).
- Possible values include V(block), V(dmz), V(drop), V(external), V(home), V(internal), V(public), V(trusted), V(work).
type: str
permanent:
description:
- Whether to apply this change to the permanent firewalld configuration.
- As of Ansible 2.3, permanent operations can operate on firewalld configs when it is not running (requires firewalld >= 0.3.9).
- Note that if this is C(false), I(immediate) defaults to C(true).
- Note that if this is V(false), O(immediate=true) by default.
type: bool
default: false
immediate:
description:
- Whether to apply this change to the runtime firewalld configuration.
- Defaults to C(true) if I(permanent=false).
- Defaults to V(true) if O(permanent=false).
type: bool
default: false
state:
description:
- Enable or disable a setting.
- 'For ports: Should this port accept (enabled) or reject (disabled) connections.'
- The states C(present) and C(absent) can only be used in zone level operations (i.e. when no other parameters but zone and state are set).
- 'For ports: Should this port accept (V(enabled)) or reject (V(disabled)) connections.'
- The states V(present) and V(absent) can only be used in zone level operations (i.e. when no other parameters but zone and state are set).
type: str
required: true
choices: [ absent, disabled, enabled, present ]
@@ -108,19 +108,24 @@ options:
- The amount of time in seconds the rule should be in effect for when non-permanent.
type: int
default: 0
forward:
description:
- The forward setting you would like to enable/disable to/from zones within firewalld.
- This option only is supported by firewalld v0.9.0 or later.
type: str
masquerade:
description:
- The masquerade setting you would like to enable/disable to/from zones within firewalld.
type: str
offline:
description:
- Ignores I(immediate) if I(permanent=true) and firewalld is not running.
- Ignores O(immediate) if O(permanent=true) and firewalld is not running.
type: bool
default: false
target:
description:
- firewalld Zone target
- If state is set to C(absent), this will reset the target to default
- firewalld Zone target.
- If O(state=absent), this will reset the target to default.
choices: [ default, ACCEPT, DROP, "%%REJECT%%" ]
type: str
version_added: 1.2.0
@@ -138,8 +143,8 @@ notes:
- This module needs C(python-firewall) or C(python3-firewall) on managed nodes.
It is usually provided as a subset with C(firewalld) from the OS distributor for the OS default Python interpreter.
requirements:
- firewalld >= 0.2.11
- python-firewall >= 0.2.11
- firewalld >= 0.9.0
- python-firewall >= 0.9.0
author:
- Adam Miller (@maxamillion)
'''
@@ -198,6 +203,12 @@ EXAMPLES = r'''
permanent: true
state: enabled
- ansible.posix.firewalld:
forward: true
state: enabled
permanent: true
zone: internal
- ansible.posix.firewalld:
masquerade: true
state: enabled
@@ -405,6 +416,49 @@ class ProtocolTransaction(FirewallTransaction):
self.update_fw_settings(fw_zone, fw_settings)
class ForwardTransaction(FirewallTransaction):
"""
ForwardTransaction
"""
def __init__(self, module, action_args=None, zone=None, desired_state=None, permanent=False, immediate=False):
super(ForwardTransaction, self).__init__(
module, action_args=action_args, desired_state=desired_state, zone=zone, permanent=permanent, immediate=immediate
)
self.enabled_msg = "Added forward to zone %s" % self.zone
self.disabled_msg = "Removed forward from zone %s" % self.zone
def get_enabled_immediate(self):
if self.fw.queryForward(self.zone) is True:
return True
else:
return False
def get_enabled_permanent(self):
fw_zone, fw_settings = self.get_fw_zone_settings()
if fw_settings.queryForward() is True:
return True
else:
return False
def set_enabled_immediate(self):
self.fw.addForward(self.zone)
def set_enabled_permanent(self):
fw_zone, fw_settings = self.get_fw_zone_settings()
fw_settings.setForward(True)
self.update_fw_settings(fw_zone, fw_settings)
def set_disabled_immediate(self):
self.fw.removeForward(self.zone)
def set_disabled_permanent(self):
fw_zone, fw_settings = self.get_fw_zone_settings()
fw_settings.setForward(False)
self.update_fw_settings(fw_zone, fw_settings)
class MasqueradeTransaction(FirewallTransaction):
"""
MasqueradeTransaction
@@ -821,6 +875,7 @@ def main():
state=dict(type='str', required=True, choices=['absent', 'disabled', 'enabled', 'present']),
timeout=dict(type='int', default=0),
interface=dict(type='str'),
forward=dict(type='str'),
masquerade=dict(type='str'),
offline=dict(type='bool', default=False),
target=dict(type='str', choices=['default', 'ACCEPT', 'DROP', '%%REJECT%%']),
@@ -833,7 +888,7 @@ def main():
),
mutually_exclusive=[
['icmp_block', 'icmp_block_inversion', 'service', 'protocol', 'port', 'port_forward', 'rich_rule',
'interface', 'masquerade', 'source', 'target']
'interface', 'forward', 'masquerade', 'source', 'target']
],
)
@@ -842,6 +897,7 @@ def main():
immediate = module.params['immediate']
timeout = module.params['timeout']
interface = module.params['interface']
forward = module.params['forward']
masquerade = module.params['masquerade']
offline = module.params['offline']
@@ -905,7 +961,7 @@ def main():
modification = False
if any([icmp_block, icmp_block_inversion, service, protocol, port, port_forward, rich_rule,
interface, masquerade, source, target]):
interface, forward, masquerade, source, target]):
modification = True
if modification and desired_state in ['absent', 'present'] and target is None:
module.fail_json(
@@ -1072,6 +1128,29 @@ def main():
changed, transaction_msgs = transaction.run()
msgs = msgs + transaction_msgs
if forward is not None:
# Type of forward will be changed to boolean in a future release.
forward_status = False
try:
forward_status = boolean(forward, False)
except TypeError:
module.warn('The value of the forward option is "%s". '
'The type of the option will be changed from string to boolean in a future release. '
'To avoid unexpected behavior, please change the value to boolean.' % forward)
expected_state = 'enabled' if (desired_state == 'enabled') == forward_status else 'disabled'
transaction = ForwardTransaction(
module,
action_args=(),
zone=zone,
desired_state=expected_state,
permanent=permanent,
immediate=immediate,
)
changed, transaction_msgs = transaction.run()
msgs = msgs + transaction_msgs
if masquerade is not None:
# Type of masquerade will be changed to boolean in a future release.
masquerade_status = True

2
plugins/modules/firewalld_info.py
View File

@@ -21,7 +21,7 @@ options:
zones:
description:
- Gather information about specific zones.
- If only works if C(active_zones) is set to C(false).
- If only works if O(active_zones=false).
required: false
type: list
elements: str

89
plugins/modules/mount.py
View File

@@ -24,75 +24,80 @@ options:
path:
description:
- Path to the mount point (e.g. C(/mnt/files)).
- Before Ansible 2.3 this option was only usable as I(dest), I(destfile) and I(name).
- Before Ansible 2.3 this option was only usable as O(ignore:dest), O(ignore:destfile), and O(name).
type: path
required: true
aliases: [ name ]
src:
description:
- Device (or NFS volume, or something else) to be mounted on I(path).
- Required when I(state) set to C(present), C(mounted) or C(ephemeral).
- Ignored when I(state) set to C(absent) or C(unmounted).
- Required when O(state) set to V(present), V(mounted), or V(ephemeral).
- Ignored when O(state) set to V(absent) or V(unmounted).
type: path
fstype:
description:
- Filesystem type.
- Required when I(state) is C(present), C(mounted) or C(ephemeral).
- Required when O(state) is V(present), V(mounted), or V(ephemeral).
type: str
opts:
description:
- Mount options (see fstab(5), or vfstab(4) on Solaris).
type: str
opts_no_log:
description:
- Do not log opts.
type: bool
default: false
dump:
description:
- Dump (see fstab(5)).
- Note that if set to C(null) and I(state) set to C(present),
- Note that if set to C(null) and O(state=present),
it will cease to work and duplicate entries will be made
with subsequent runs.
- Has no effect on Solaris systems or when used with C(ephemeral).
- Has no effect on Solaris systems or when used with O(state=ephemeral).
type: str
default: '0'
passno:
description:
- Passno (see fstab(5)).
- Note that if set to C(null) and I(state) set to C(present),
- Note that if set to C(null) and O(state=present),
it will cease to work and duplicate entries will be made
with subsequent runs.
- Deprecated on Solaris systems. Has no effect when used with C(ephemeral).
- Deprecated on Solaris systems. Has no effect when used with O(state=ephemeral).
type: str
default: '0'
state:
description:
- If C(mounted), the device will be actively mounted and appropriately
- If V(mounted), the device will be actively mounted and appropriately
configured in I(fstab). If the mount point is not present, the mount
point will be created.
- If C(unmounted), the device will be unmounted without changing I(fstab).
- C(present) only specifies that the device is to be configured in
- If V(unmounted), the device will be unmounted without changing I(fstab).
- V(present) only specifies that the device is to be configured in
I(fstab) and does not trigger or require a mount.
- C(ephemeral) only specifies that the device is to be mounted, without changing
- V(ephemeral) only specifies that the device is to be mounted, without changing
I(fstab). If it is already mounted, a remount will be triggered.
This will always return changed=True. If the mount point I(path)
has already a device mounted on, and its source is different than I(src),
This will always return RV(ignore:changed=true). If the mount point O(path)
has already a device mounted on, and its source is different than O(src),
the module will fail to avoid unexpected unmount or mount point override.
If the mount point is not present, the mount point will be created.
The I(fstab) is completely ignored. This option is added in version 1.5.0.
- C(absent) specifies that the mount point entry I(path) will be removed
- V(absent) specifies that the mount point entry O(path) will be removed
from I(fstab) and will also unmount the mounted device and remove the
mount point. A mounted device will be unmounted regardless of I(src) or its
real source. C(absent) does not unmount recursively, and the module will
mount point. A mounted device will be unmounted regardless of O(src) or its
real source. V(absent) does not unmount recursively, and the module will
fail if multiple devices are mounted on the same mount point. Using
C(absent) with a mount point that is not registered in the I(fstab) has
no effect. Use C(unmounted) instead..
- C(remounted) specifies that the device will be remounted for when you
V(absent) with a mount point that is not registered in the I(fstab) has
no effect, use V(unmounted) instead.
- V(remounted) specifies that the device will be remounted for when you
want to force a refresh on the mount itself (added in 2.9). This will
always return changed=true. If I(opts) is set, the options will be
always return RV(ignore:changed=true). If O(opts) is set, the options will be
applied to the remount, but will not change I(fstab). Additionally,
if I(opts) is set, and the remount command fails, the module will
error to prevent unexpected mount changes. Try using C(mounted)
instead to work around this issue. C(remounted) expects the mount point
if O(opts) is set, and the remount command fails, the module will
error to prevent unexpected mount changes. Try using V(mounted)
instead to work around this issue. V(remounted) expects the mount point
to be present in the I(fstab). To remount a mount point not registered
in I(fstab), use C(ephemeral) instead, especially with BSD nodes.
- C(absent_from_fstab) specifies that the device mount's entry will be
in I(fstab), use V(ephemeral) instead, especially with BSD nodes.
- V(absent_from_fstab) specifies that the device mount's entry will be
removed from I(fstab). This option does not unmount it or delete the
mountpoint.
type: str
@@ -105,20 +110,20 @@ options:
- This might be useful if you need to configure mountpoints in a chroot environment.
- OpenBSD does not allow specifying alternate fstab files with mount so do not
use this on OpenBSD with any state that operates on the live filesystem.
- This parameter defaults to /etc/fstab or /etc/vfstab on Solaris.
- This parameter is ignored when I(state) is set to C(ephemeral).
- This parameter defaults to C(/etc/fstab) or C(/etc/vfstab) on Solaris.
- This parameter is ignored when O(state=ephemeral).
type: str
boot:
description:
- Determines if the filesystem should be mounted on boot.
- Only applies to Solaris and Linux systems.
- For Solaris systems, C(true) will set C(yes) as the value of mount at boot
in I(/etc/vfstab).
in C(/etc/vfstab).
- For Linux, FreeBSD, NetBSD and OpenBSD systems, C(false) will add C(noauto)
to mount options in I(/etc/fstab).
- To avoid mount option conflicts, if C(noauto) specified in C(opts),
mount module will ignore C(boot).
- This parameter is ignored when I(state) is set to C(ephemeral).
to mount options in C(/etc/fstab).
- To avoid mount option conflicts, if C(noauto) specified in O(opts),
mount module will ignore O(boot).
- This parameter is ignored when O(state=ephemeral).
type: bool
default: true
backup:
@@ -128,9 +133,9 @@ options:
type: bool
default: false
notes:
- As of Ansible 2.3, the I(name) option has been changed to I(path) as
default, but I(name) still works as well.
- Using C(remounted) with I(opts) set may create unexpected results based on
- As of Ansible 2.3, the O(name) option has been changed to O(path) as
default, but O(name) still works as well.
- Using O(state=remounted) with O(opts) set may create unexpected results based on
the existing options already defined on mount, so care should be taken to
ensure that conflicting options are not present before hand.
'''
@@ -209,6 +214,7 @@ EXAMPLES = r'''
src: //192.168.1.200/share
path: /mnt/smb_share
opts: "rw,vers=3,file_mode=0600,dir_mode=0700,dom={{ ad_domain }},username={{ ad_username }},password={{ ad_password }}"
opts_no_log: true
fstype: cifs
state: ephemeral
'''
@@ -768,6 +774,7 @@ def main():
fstype=dict(type='str'),
path=dict(type='path', required=True, aliases=['name']),
opts=dict(type='str'),
opts_no_log=dict(type='bool', default=False),
passno=dict(type='str', no_log=False, default='0'),
src=dict(type='path'),
backup=dict(type='bool', default=False),
@@ -781,6 +788,9 @@ def main():
),
)
if module.params['opts_no_log']:
module.no_log_values.add(module.params['opts'])
# solaris args:
# name, src, fstype, opts, boot, passno, state, fstab=/etc/vfstab
# linux args:
@@ -840,11 +850,8 @@ def main():
args['warnings'].append("Ignore the 'boot' due to 'opts' contains 'noauto'.")
elif not module.params['boot']:
args['boot'] = 'no'
if 'defaults' in opts:
args['warnings'].append("Ignore the 'boot' due to 'opts' contains 'defaults'.")
else:
opts.append('noauto')
args['opts'] = ','.join(opts)
opts.append('noauto')
args['opts'] = ','.join(opts)
# If fstab file does not exist, we first need to create it. This mainly
# happens when fstab option is passed to the module.

16
plugins/modules/patch.py
View File

@@ -24,7 +24,7 @@ options:
basedir:
description:
- Path of a base directory in which the patch file will be applied.
- May be omitted when C(dest) option is specified, otherwise required.
- May be omitted when O(dest) option is specified, otherwise required.
type: path
dest:
description:
@@ -37,7 +37,7 @@ options:
src:
description:
- Path of the patch file as accepted by the GNU patch tool. If
C(remote_src) is C(false), the patch source file is looked up from the
O(remote_src=false), the patch source file is looked up from the
module's I(files) directory.
type: path
required: true
@@ -50,8 +50,8 @@ options:
default: present
remote_src:
description:
- If C(false), it will search for src at originating/controller machine, if C(true) it will
go to the remote/target machine for the C(src).
- If V(false), it will search for src at originating/controller machine,
- If C(true), it will go to the remote/target machine for the O(src).
type: bool
default: false
strip:
@@ -68,15 +68,15 @@ options:
default: false
binary:
description:
- Setting to C(true) will disable patch's heuristic for transforming CRLF
- Setting to V(true) will disable patch's heuristic for transforming CRLF
line endings into LF.
- Line endings of src and dest must match.
- If set to C(false), C(patch) will replace CRLF in C(src) files on POSIX.
- Line endings of O(src) and O(dest) must match.
- If set to V(false), C(patch) will replace CRLF in O(src) files on POSIX.
type: bool
default: false
ignore_whitespace:
description:
- Setting to C(true) will ignore white space changes between patch and input.
- Setting to V(true) will ignore white space changes between patch and input.
type: bool
default: false
notes:

2
plugins/modules/rhel_facts.py
View File

@@ -13,7 +13,7 @@ module: rhel_facts
version_added: 1.5.0
short_description: Facts module to set or override RHEL specific facts.
description:
- Compatibility layer for using the "package" module for rpm-ostree based systems via setting the "pkg_mgr" fact correctly.
- Compatibility layer for using the M(ansible.builtin.package) module for rpm-ostree based systems via setting the C(pkg_mgr) fact correctly.
author:
- Adam Miller (@maxamillion)
requirements:

20
plugins/modules/rhel_rpm_ostree.py
View File

@@ -25,12 +25,12 @@ requirements:
options:
name:
description:
- A package name or package specifier with version, like C(name-1.0).
- Comparison operators for package version are valid here C(>), C(<), C(>=), C(<=). Example - C(name>=1.0)
- A package name or package specifier with version, like V(name-1.0).
- Comparison operators for package version are valid here C(>), C(<), C(>=), C(<=). Example - C(name>=1.0).
- If a previous version is specified, the task also needs to turn C(allow_downgrade) on.
See the C(allow_downgrade) documentation for caveats with downgrading packages.
- When using state=latest, this can be C('*') which means run C(yum -y update).
- You can also pass a url or a local path to a rpm file (using state=present).
- When using O(state=latest), this can be V('*') which means run C(yum -y update).
- You can also pass a url or a local path to a rpm file (using O(state=present)).
To operate on several packages this can accept a comma separated string of packages or (as of 2.0) a list of packages.
aliases: [ pkg ]
type: list
@@ -38,12 +38,12 @@ options:
default: []
state:
description:
- Whether to install (C(present) or C(installed), C(latest)), or remove (C(absent) or C(removed)) a package.
- C(present) and C(installed) will simply ensure that a desired package is installed.
- C(latest) will update the specified package if it's not of the latest available version.
- C(absent) and C(removed) will remove the specified package.
- Default is C(None), however in effect the default action is C(present) unless the C(autoremove) option is
enabled for this module, then C(absent) is inferred.
- Whether to install (V(present) or V(installed), V(latest)), or remove (V(absent) or V(removed)) a package.
- V(present) and V(installed) will simply ensure that a desired package is installed.
- V(latest) will update the specified package if it's not of the latest available version.
- V(absent) and V(removed) will remove the specified package.
- Default is C(null), however in effect the default action is V(present) unless the C(autoremove) option is
enabled for this module, then V(absent) is inferred.
type: str
choices: [ absent, installed, latest, present, removed ]
notes:

4
plugins/modules/seboolean.py
View File

@@ -22,12 +22,12 @@ options:
type: str
persistent:
description:
- Set to C(true) if the boolean setting should survive a reboot.
- Set to V(true) if the boolean setting should survive a reboot.
type: bool
default: false
state:
description:
- Desired boolean value
- Desired boolean value.
type: bool
required: true
ignore_selinux_state:

4
plugins/modules/selinux.py
View File

@@ -20,7 +20,7 @@ version_added: "1.0.0"
options:
policy:
description:
- The name of the SELinux policy to use (e.g. C(targeted)) will be required if I(state) is not C(disabled).
- The name of the SELinux policy to use (e.g. C(targeted)) will be required unless O(state=disabled).
type: str
state:
description:
@@ -30,7 +30,7 @@ options:
type: str
update_kernel_param:
description:
- If set to I(true), will update also the kernel boot parameters when disabling/enabling SELinux.
- If set to V(true), will update also the kernel boot parameters when disabling/enabling SELinux.
- The C(grubby) tool must be present on the target system for this to work.
default: false
type: bool

59
plugins/modules/synchronize.py
View File

@@ -14,12 +14,13 @@ DOCUMENTATION = r'''
module: synchronize
short_description: A wrapper around rsync to make common tasks in your playbooks quick and easy
description:
- C(synchronize) is a wrapper around rsync to make common tasks in your playbooks quick and easy.
- M(ansible.posix.synchronize) is a wrapper around C(rsync) to make common tasks in your playbooks quick and easy.
- It is run and originates on the local host where Ansible is being run.
- Of course, you could just use the C(command) action to call rsync yourself, but you also have to add a fair number of
- Of course, you could just use the M(ansible.builtin.command) action to call C(rsync) yourself, but you also have to add a fair number of
boilerplate options and host facts.
- This module is not intended to provide access to the full power of rsync, but does make the most common
invocations easier to implement. You `still` may need to call rsync directly via C(command) or C(shell) depending on your use case.
- This module is not intended to provide access to the full power of C(rsync), but does make the most common
invocations easier to implement.
You I(still) may need to call C(rsync) directly via M(ansible.builtin.command) or M(ansible.builtin.shell) depending on your use case.
version_added: "1.0.0"
options:
src:
@@ -37,27 +38,27 @@ options:
dest_port:
description:
- Port number for ssh on the destination host.
- Prior to Ansible 2.0, the ansible_ssh_port inventory var took precedence over this value.
- Prior to Ansible 2.0, the C(ansible_ssh_port) inventory var took precedence over this value.
- This parameter defaults to the value of C(ansible_port), the C(remote_port) config setting
or the value from ssh client configuration if none of the former have been set.
type: int
mode:
description:
- Specify the direction of the synchronization.
- In push mode the localhost or delegate is the source.
- In pull mode the remote host in context is the source.
- In V(push) mode the localhost or delegate is the source.
- In V(pull) mode the remote host in context is the source.
type: str
choices: [ pull, push ]
default: push
archive:
description:
- Mirrors the rsync archive flag, enables recursive, links, perms, times, owner, group flags and -D.
- Mirrors the rsync archive flag, enables recursive, links, perms, times, owner, group flags, and C(-D).
type: bool
default: true
checksum:
description:
- Skip based on checksum, rather than mod-time & size; Note that that "archive" option is still enabled by default - the "checksum" option will
not disable it.
- Skip based on checksum, rather than mod-time & size; Note that that O(archive) option is still enabled by default -
the O(checksum) option will not disable it.
type: bool
default: false
compress:
@@ -73,8 +74,8 @@ options:
default: false
delete:
description:
- Delete files in I(dest) that do not exist (after transfer, not before) in the I(src) path.
- This option requires I(recursive=true).
- Delete files in O(dest) that do not exist (after transfer, not before) in the O(src) path.
- This option requires O(recursive=true).
- This option ignores excluded files and behaves like the rsync opt C(--delete-after).
type: bool
default: false
@@ -130,17 +131,17 @@ options:
default: 0
set_remote_user:
description:
- Put user@ for the remote paths.
- Put C(user@) for the remote paths.
- If you have a custom ssh config to define the remote user for a host
that does not match the inventory user, you should set this parameter to C(false).
that does not match the inventory user, you should set this parameter to V(false).
type: bool
default: true
ssh_connection_multiplexing:
description:
- SSH connection multiplexing for rsync is disabled by default to prevent misconfigured ControlSockets from resulting in failed SSH connections.
This is accomplished by setting the SSH C(ControlSocket) to C(none).
- Set this option to C(true) to allow multiplexing and reduce SSH connection overhead.
- Note that simply setting this option to C(true) is not enough;
- Set this option to V(true) to allow multiplexing and reduce SSH connection overhead.
- Note that simply setting this option to V(true) is not enough;
You must also configure SSH connection multiplexing in your SSH client config by setting values for
C(ControlMaster), C(ControlPersist) and C(ControlPath).
type: bool
@@ -182,7 +183,7 @@ options:
use_ssh_args:
description:
- In Ansible 2.10 and lower, it uses the ssh_args specified in C(ansible.cfg).
- In Ansible 2.11 and onwards, when set to C(true), it uses all SSH connection configurations like
- In Ansible 2.11 and onwards, when set to V(true), it uses all SSH connection configurations like
C(ansible_ssh_args), C(ansible_ssh_common_args), and C(ansible_ssh_extra_args).
type: bool
default: false
@@ -200,31 +201,31 @@ options:
type: bool
default: false
_ssh_args:
description: Internal use only. See C(use_ssh_args) for ssh arg settings.
description: Internal use only. See O(use_ssh_args) for ssh arg settings.
type: str
required: false
notes:
- rsync must be installed on both the local and remote host.
- For the C(synchronize) module, the "local host" is the host `the synchronize task originates on`, and the "destination host" is the host
`synchronize is connecting to`.
- The "local host" can be changed to a different host by using `delegate_to`. This enables copying between two remote hosts or entirely on one
remote machine.
- C(rsync) must be installed on both the local and remote host.
- For the M(ansible.posix.synchronize) module, the "local host" is the host I(the synchronize task originates on),
and the "destination host" is the host I(synchronize is connecting to).
- The "local host" can be changed to a different host by using C(delegate_to).
This enables copying between two remote hosts or entirely on one remote machine.
- >
The user and permissions for the synchronize `src` are those of the user running the Ansible task on the local host (or the remote_user for a
delegate_to host when delegate_to is used).
The user and permissions for the synchronize O(src) are those of the user running the Ansible task on the local host (or the remote_user for a
C(delegate_to) host when C(delegate_to) is used).
- The user and permissions for the synchronize `dest` are those of the `remote_user` on the destination host or the `become_user` if `become=yes` is active.
- In Ansible 2.0 a bug in the synchronize module made become occur on the "local host". This was fixed in Ansible 2.0.1.
- Currently, synchronize is limited to elevating permissions via passwordless sudo. This is because rsync itself is connecting to the remote machine
and rsync doesn't give us a way to pass sudo credentials in.
- Currently, M(ansible.posix.synchronize) is limited to elevating permissions via passwordless sudo.
This is because rsync itself is connecting to the remote machine and rsync doesn't give us a way to pass sudo credentials in.
- Currently there are only a few connection types which support synchronize (ssh, paramiko, local, and docker) because a sync strategy has been
determined for those connection types. Note that the connection for these must not need a password as rsync itself is making the connection and
rsync does not provide us a way to pass a password to the connection.
- Expect that dest=~/x will be ~<remote_user>/x even if using sudo.
- Expect that O(dest=~/x) will be V(~<remote_user>/x) even if using sudo.
- Inspect the verbose output to validate the destination user/host/path are what was expected.
- To exclude files and directories from being synchronized, you may add C(.rsync-filter) files to the source directory.
- rsync daemon must be up and running with correct permission when using rsync protocol in source or destination path.
- The C(synchronize) module enables `--delay-updates` by default to avoid leaving a destination in a broken in-between state if the underlying rsync process
- The C(synchronize) module enables C(--delay-updates) by default to avoid leaving a destination in a broken in-between state if the underlying rsync process
encounters an error. Those synchronizing large numbers of files that are willing to trade safety for performance should disable this option.
- link_destination is subject to the same limitations as the underlying rsync daemon. Hard links are only preserved if the relative subtrees
of the source and destination are the same. Attempts to hardlink into a directory that is a subdirectory of the source will be prevented.

10
plugins/modules/sysctl.py
View File

@@ -19,7 +19,7 @@ version_added: "1.0.0"
options:
name:
description:
- The dot-separated path (also known as I(key)) specifying the sysctl variable.
- The dot-separated path (also known as O(key)) specifying the sysctl variable.
required: true
aliases: [ 'key' ]
type: str
@@ -41,9 +41,9 @@ options:
default: false
reload:
description:
- If C(true), performs a I(/sbin/sysctl -p) if the C(sysctl_file) is
updated. If C(false), does not reload I(sysctl) even if the
C(sysctl_file) is updated.
- If V(true), performs a C(/sbin/sysctl -p) if the O(sysctl_file) is
updated. If V(false), does not reload C(sysctl) even if the
O(sysctl_file) is updated.
type: bool
default: true
sysctl_file:
@@ -53,7 +53,7 @@ options:
type: path
sysctl_set:
description:
- Verify token value with the sysctl command and set with -w if necessary.
- Verify token value with the sysctl command and set with C(-w) if necessary.
type: bool
default: false
author: