Merge pull request #363 from saito-hideki/release_1.4.0

Release 1.4.0 commit

SUMMARY
Release 1.4.0 commit
ISSUE TYPE

Feature Pull Request

COMPONENT NAME

ansible.posix

ADDITIONAL INFORMATION
None

Reviewed-by: Abhijeet Kasurde <None>
Reviewed-by: Felix Fontein <felix@fontein.de>

.azure-pipelines/README.md

@@ -0,0 +1,3 @@
+## Azure Pipelines Configuration
+
+Please see the [Documentation](https://github.com/ansible/community/wiki/Testing:-Azure-Pipelines) for more information.

.azure-pipelines/azure-pipelines.yml

@@ -0,0 +1,311 @@
+trigger:
+  batch: true
+  branches:
+    include:
+      - main
+      - stable-*
+
+pr:
+  autoCancel: true
+  branches:
+    include:
+      - main
+      - stable-*
+
+schedules:
+  - cron: 0 9 * * *
+    displayName: Nightly
+    always: true
+    branches:
+      include:
+        - main
+        - stable-*
+
+variables:
+  - name: checkoutPath
+    value: ansible_collections/ansible/posix
+  - name: coverageBranches
+    value: main
+  - name: pipelinesCoverage
+    value: coverage
+  - name: entryPoint
+    value: tests/utils/shippable/shippable.sh
+  - name: fetchDepth
+    value: 0
+
+resources:
+  containers:
+    - container: default
+      image: quay.io/ansible/azure-pipelines-test-container:1.9.0
+
+pool: Standard
+
+stages:
+
+## Docker
+  - stage: Docker_devel
+    displayName: Docker devel
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: devel/linux/{0}/1
+          targets:
+            - name: CentOS 7
+              test: centos7
+            - name: Fedora 34
+              test: fedora34
+            - name: Fedora 35
+              test: fedora35
+            - name: openSUSE 15 py3
+              test: opensuse15
+            - name: Ubuntu 18.04
+              test: ubuntu1804
+            - name: Ubuntu 20.04
+              test: ubuntu2004
+  - stage: Docker_2_13
+    displayName: Docker 2.13
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.13/linux/{0}/1
+          targets:
+            - name: CentOS 7
+              test: centos7
+            - name: Fedora 34
+              test: fedora34
+            - name: Fedora 35
+              test: fedora35
+            - name: openSUSE 15 py3
+              test: opensuse15
+            - name: Ubuntu 18.04
+              test: ubuntu1804
+            - name: Ubuntu 20.04
+              test: ubuntu2004
+  - stage: Docker_2_12
+    displayName: Docker 2.12
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.12/linux/{0}/1
+          targets:
+            - name: CentOS 6
+              test: centos6
+            - name: CentOS 7
+              test: centos7
+            - name: Fedora 33
+              test: fedora33
+            - name: Fedora 34
+              test: fedora34
+            - name: openSUSE 15 py2
+              test: opensuse15py2
+            - name: openSUSE 15 py3
+              test: opensuse15
+            - name: Ubuntu 18.04
+              test: ubuntu1804
+            - name: Ubuntu 20.04
+              test: ubuntu2004
+  - stage: Docker_2_11
+    displayName: Docker 2.11
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.11/linux/{0}/1
+          targets:
+            - name: CentOS 6
+              test: centos6
+            - name: CentOS 7
+              test: centos7
+            - name: Fedora 32
+              test: fedora32
+            - name: Fedora 33
+              test: fedora33
+            - name: openSUSE 15 py2
+              test: opensuse15py2
+            - name: openSUSE 15 py3
+              test: opensuse15
+            - name: Ubuntu 18.04
+              test: ubuntu1804
+            - name: Ubuntu 20.04
+              test: ubuntu2004
+  - stage: Docker_2_10
+    displayName: Docker 2.10
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.10/linux/{0}/1
+          targets:
+            - name: CentOS 6
+              test: centos6
+            - name: CentOS 7
+              test: centos7
+            - name: Fedora 30
+              test: fedora30
+            - name: Fedora 31
+              test: fedora31
+            - name: openSUSE 15 py2
+              test: opensuse15py2
+            - name: openSUSE 15 py3
+              test: opensuse15
+            - name: Ubuntu 16.04
+              test: ubuntu1604
+            - name: Ubuntu 18.04
+              test: ubuntu1804
+  - stage: Docker_2_9
+    displayName: Docker 2.9
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.9/linux/{0}/1
+          targets:
+            - name: CentOS 6
+              test: centos6
+            - name: CentOS 7
+              test: centos7
+            - name: Fedora 30
+              test: fedora30
+            - name: Fedora 31
+              test: fedora31
+            - name: openSUSE 15 py2
+              test: opensuse15py2
+            - name: openSUSE 15 py3
+              test: opensuse15
+            - name: Ubuntu 16.04
+              test: ubuntu1604
+            - name: Ubuntu 18.04
+              test: ubuntu1804
+
+## Remote
+  - stage: Remote_devel
+    displayName: Remote devel
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: devel/{0}/1
+          targets:
+            - name: MacOS 12.0
+              test: macos/12.0
+            - name: RHEL 7.9
+              test: rhel/7.9
+            - name: RHEL 8.5
+              test: rhel/8.5
+            - name: FreeBSD 12.3
+              test: freebsd/12.3
+            - name: FreeBSD 13.0
+              test: freebsd/13.0
+  - stage: Remote_2_13
+    displayName: Remote 2.13
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.13/{0}/1
+          targets:
+            - name: MacOS 12.0
+              test: macos/12.0
+            - name: RHEL 7.9
+              test: rhel/7.9
+            - name: RHEL 8.5
+              test: rhel/8.5
+            - name: FreeBSD 12.3
+              test: freebsd/12.3
+            - name: FreeBSD 13.0
+              test: freebsd/13.0
+  - stage: Remote_2_12
+    displayName: Remote 2.12
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.12/{0}/1
+          targets:
+            - name: MacOS 11.1
+              test: macos/11.1
+            - name: RHEL 7.9
+              test: rhel/7.9
+            - name: RHEL 8.4
+              test: rhel/8.4
+            - name: FreeBSD 12.2
+              test: freebsd/12.2
+            - name: FreeBSD 13.0
+              test: freebsd/13.0
+  - stage: Remote_2_11
+    displayName: Remote 2.11
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.11/{0}/1
+          targets:
+            - name: MacOS 11.1
+              test: macos/11.1
+            - name: RHEL 7.9
+              test: rhel/7.9
+            - name: RHEL 8.3
+              test: rhel/8.3
+            - name: FreeBSD 11.4
+              test: freebsd/11.4
+            - name: FreeBSD 12.2
+              test: freebsd/12.2
+  - stage: Remote_2_10
+    displayName: Remote 2.10
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.10/{0}/1
+          targets:
+            - name: OS X 10.11
+              test: osx/10.11
+            - name: RHEL 7.9
+              test: rhel/7.9
+            - name: RHEL 8.2
+              test: rhel/8.2
+            - name: FreeBSD 11.1
+              test: freebsd/11.1
+            - name: FreeBSD 12.1
+              test: freebsd/12.1
+
+  - stage: Remote_2_9
+    displayName: Remote 2.9
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.9/{0}/1
+          targets:
+            - name: OS X 10.11
+              test: osx/10.11
+            - name: RHEL 7.9
+              test: rhel/7.9
+            - name: RHEL 8.1
+              test: rhel/8.1
+            - name: FreeBSD 11.1
+              test: freebsd/11.1
+            - name: FreeBSD 12.0
+              test: freebsd/12.0
+## Finally
+
+  - stage: Summary
+    condition: succeededOrFailed()
+    dependsOn:
+      - Remote_2_9
+      - Docker_2_9
+      - Remote_2_10
+      - Docker_2_10
+      - Remote_2_11
+      - Docker_2_11
+      - Remote_2_12
+      - Docker_2_12
+      - Remote_2_13
+      - Docker_2_13
+      - Remote_devel
+      - Docker_devel
+    jobs:
+      - template: templates/coverage.yml

.azure-pipelines/scripts/aggregate-coverage.sh

@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+# Aggregate code coverage results for later processing.
+
+set -o pipefail -eu
+
+agent_temp_directory="$1"
+
+PATH="${PWD}/bin:${PATH}"
+
+mkdir "${agent_temp_directory}/coverage/"
+
+options=(--venv --venv-system-site-packages --color -v)
+
+ansible-test coverage combine --export "${agent_temp_directory}/coverage/" "${options[@]}"
+
+if ansible-test coverage analyze targets generate --help >/dev/null 2>&1; then
+    # Only analyze coverage if the installed version of ansible-test supports it.
+    # Doing so allows this script to work unmodified for multiple Ansible versions.
+    ansible-test coverage analyze targets generate "${agent_temp_directory}/coverage/coverage-analyze-targets.json" "${options[@]}"
+fi

.azure-pipelines/scripts/combine-coverage.py

@@ -0,0 +1,60 @@
+#!/usr/bin/env python
+"""
+Combine coverage data from multiple jobs, keeping the data only from the most recent attempt from each job.
+Coverage artifacts must be named using the format: "Coverage $(System.JobAttempt) {StableUniqueNameForEachJob}"
+The recommended coverage artifact name format is: Coverage $(System.JobAttempt) $(System.StageDisplayName) $(System.JobDisplayName)
+Keep in mind that Azure Pipelines does not enforce unique job display names (only names).
+It is up to pipeline authors to avoid name collisions when deviating from the recommended format.
+"""
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import re
+import shutil
+import sys
+
+
+def main():
+    """Main program entry point."""
+    source_directory = sys.argv[1]
+
+    if '/ansible_collections/' in os.getcwd():
+        output_path = "tests/output"
+    else:
+        output_path = "test/results"
+
+    destination_directory = os.path.join(output_path, 'coverage')
+
+    if not os.path.exists(destination_directory):
+        os.makedirs(destination_directory)
+
+    jobs = {}
+    count = 0
+
+    for name in os.listdir(source_directory):
+        match = re.search('^Coverage (?P<attempt>[0-9]+) (?P<label>.+)$', name)
+        label = match.group('label')
+        attempt = int(match.group('attempt'))
+        jobs[label] = max(attempt, jobs.get(label, 0))
+
+    for label, attempt in jobs.items():
+        name = 'Coverage {attempt} {label}'.format(label=label, attempt=attempt)
+        source = os.path.join(source_directory, name)
+        source_files = os.listdir(source)
+
+        for source_file in source_files:
+            source_path = os.path.join(source, source_file)
+            destination_path = os.path.join(destination_directory, source_file + '.' + label)
+            print('"%s" -> "%s"' % (source_path, destination_path))
+            shutil.copyfile(source_path, destination_path)
+            count += 1
+
+    print('Coverage file count: %d' % count)
+    print('##vso[task.setVariable variable=coverageFileCount]%d' % count)
+    print('##vso[task.setVariable variable=outputPath]%s' % output_path)
+
+
+if __name__ == '__main__':
+    main()

.azure-pipelines/scripts/process-results.sh

@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+# Check the test results and set variables for use in later steps.
+
+set -o pipefail -eu
+
+if [[ "$PWD" =~ /ansible_collections/ ]]; then
+    output_path="tests/output"
+else
+    output_path="test/results"
+fi
+
+echo "##vso[task.setVariable variable=outputPath]${output_path}"
+
+if compgen -G "${output_path}"'/junit/*.xml' > /dev/null; then
+    echo "##vso[task.setVariable variable=haveTestResults]true"
+fi
+
+if compgen -G "${output_path}"'/bot/ansible-test-*' > /dev/null; then
+    echo "##vso[task.setVariable variable=haveBotResults]true"
+fi
+
+if compgen -G "${output_path}"'/coverage/*' > /dev/null; then
+    echo "##vso[task.setVariable variable=haveCoverageData]true"
+fi

.azure-pipelines/scripts/publish-codecov.sh

@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+# Upload code coverage reports to codecov.io.
+# Multiple coverage files from multiple languages are accepted and aggregated after upload.
+# Python coverage, as well as PowerShell and Python stubs can all be uploaded.
+
+set -o pipefail -eu
+
+output_path="$1"
+
+curl --silent --show-error https://ansible-ci-files.s3.us-east-1.amazonaws.com/codecov/codecov.sh > codecov.sh
+
+for file in "${output_path}"/reports/coverage*.xml; do
+    name="${file}"
+    name="${name##*/}"  # remove path
+    name="${name##coverage=}"  # remove 'coverage=' prefix if present
+    name="${name%.xml}"  # remove '.xml' suffix
+
+    bash codecov.sh \
+        -f "${file}" \
+        -n "${name}" \
+        -X coveragepy \
+        -X gcov \
+        -X fix \
+        -X search \
+        -X xcode \
+        || echo "Failed to upload code coverage report to codecov.io: ${file}"
+done

.azure-pipelines/scripts/report-coverage.sh

@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+# Generate code coverage reports for uploading to Azure Pipelines and codecov.io.
+
+set -o pipefail -eu
+
+PATH="${PWD}/bin:${PATH}"
+
+if ! ansible-test --help >/dev/null 2>&1; then
+    # Install the devel version of ansible-test for generating code coverage reports.
+    # This is only used by Ansible Collections, which are typically tested against multiple Ansible versions (in separate jobs).
+    # Since a version of ansible-test is required that can work the output from multiple older releases, the devel version is used.
+    pip install https://github.com/ansible/ansible/archive/devel.tar.gz --disable-pip-version-check
+fi
+
+ansible-test coverage xml --stub --venv --venv-system-site-packages --color -v

.azure-pipelines/scripts/run-tests.sh

@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+# Configure the test environment and run the tests.
+
+set -o pipefail -eu
+
+entry_point="$1"
+test="$2"
+read -r -a coverage_branches <<< "$3"  # space separated list of branches to run code coverage on for scheduled builds
+
+export COMMIT_MESSAGE
+export COMPLETE
+export COVERAGE
+export IS_PULL_REQUEST
+
+if [ "${SYSTEM_PULLREQUEST_TARGETBRANCH:-}" ]; then
+    IS_PULL_REQUEST=true
+    COMMIT_MESSAGE=$(git log --format=%B -n 1 HEAD^2)
+else
+    IS_PULL_REQUEST=
+    COMMIT_MESSAGE=$(git log --format=%B -n 1 HEAD)
+fi
+
+COMPLETE=
+COVERAGE=
+
+if [ "${BUILD_REASON}" = "Schedule" ]; then
+    COMPLETE=yes
+
+    if printf '%s\n' "${coverage_branches[@]}" | grep -q "^${BUILD_SOURCEBRANCHNAME}$"; then
+        COVERAGE=yes
+    fi
+fi
+
+"${entry_point}" "${test}" 2>&1 | "$(dirname "$0")/time-command.py"

.azure-pipelines/scripts/time-command.py

@@ -0,0 +1,25 @@
+#!/usr/bin/env python
+"""Prepends a relative timestamp to each input line from stdin and writes it to stdout."""
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import sys
+import time
+
+
+def main():
+    """Main program entry point."""
+    start = time.time()
+
+    sys.stdin.reconfigure(errors='surrogateescape')
+    sys.stdout.reconfigure(errors='surrogateescape')
+
+    for line in sys.stdin:
+        seconds = time.time() - start
+        sys.stdout.write('%02d:%02d %s' % (seconds // 60, seconds % 60, line))
+        sys.stdout.flush()
+
+
+if __name__ == '__main__':
+    main()

.azure-pipelines/templates/coverage.yml

@@ -0,0 +1,39 @@
+# This template adds a job for processing code coverage data.
+# It will upload results to Azure Pipelines and codecov.io.
+# Use it from a job stage that completes after all other jobs have completed.
+# This can be done by placing it in a separate summary stage that runs after the test stage(s) have completed.
+
+jobs:
+  - job: Coverage
+    displayName: Code Coverage
+    container: default
+    workspace:
+      clean: all
+    steps:
+      - checkout: self
+        fetchDepth: $(fetchDepth)
+        path: $(checkoutPath)
+      - task: DownloadPipelineArtifact@2
+        displayName: Download Coverage Data
+        inputs:
+          path: coverage/
+          patterns: "Coverage */*=coverage.combined"
+      - bash: .azure-pipelines/scripts/combine-coverage.py coverage/
+        displayName: Combine Coverage Data
+      - bash: .azure-pipelines/scripts/report-coverage.sh
+        displayName: Generate Coverage Report
+        condition: gt(variables.coverageFileCount, 0)
+      - task: PublishCodeCoverageResults@1
+        inputs:
+          codeCoverageTool: Cobertura
+          # Azure Pipelines only accepts a single coverage data file.
+          # That means only Python or PowerShell coverage can be uploaded, but not both.
+          # Set the "pipelinesCoverage" variable to determine which type is uploaded.
+          # Use "coverage" for Python and "coverage-powershell" for PowerShell.
+          summaryFileLocation: "$(outputPath)/reports/$(pipelinesCoverage).xml"
+        displayName: Publish to Azure Pipelines
+        condition: gt(variables.coverageFileCount, 0)
+      - bash: .azure-pipelines/scripts/publish-codecov.sh "$(outputPath)"
+        displayName: Publish to codecov.io
+        condition: gt(variables.coverageFileCount, 0)
+        continueOnError: true

.azure-pipelines/templates/matrix.yml

@@ -0,0 +1,55 @@
+# This template uses the provided targets and optional groups to generate a matrix which is then passed to the test template.
+# If this matrix template does not provide the required functionality, consider using the test template directly instead.
+
+parameters:
+  # A required list of dictionaries, one per test target.
+  # Each item in the list must contain a "test" or "name" key.
+  # Both may be provided. If one is omitted, the other will be used.
+  - name: targets
+    type: object
+
+  # An optional list of values which will be used to multiply the targets list into a matrix.
+  # Values can be strings or numbers.
+  - name: groups
+    type: object
+    default: []
+
+  # An optional format string used to generate the job name.
+  # - {0} is the name of an item in the targets list.
+  - name: nameFormat
+    type: string
+    default: "{0}"
+
+  # An optional format string used to generate the test name.
+  # - {0} is the name of an item in the targets list.
+  - name: testFormat
+    type: string
+    default: "{0}"
+
+  # An optional format string used to add the group to the job name.
+  # {0} is the formatted name of an item in the targets list.
+  # {{1}} is the group -- be sure to include the double "{{" and "}}".
+  - name: nameGroupFormat
+    type: string
+    default: "{0} - {{1}}"
+
+  # An optional format string used to add the group to the test name.
+  # {0} is the formatted test of an item in the targets list.
+  # {{1}} is the group -- be sure to include the double "{{" and "}}".
+  - name: testGroupFormat
+    type: string
+    default: "{0}/{{1}}"
+
+jobs:
+  - template: test.yml
+    parameters:
+      jobs:
+        - ${{ if eq(length(parameters.groups), 0) }}:
+          - ${{ each target in parameters.targets }}:
+            - name: ${{ format(parameters.nameFormat, coalesce(target.name, target.test)) }}
+              test: ${{ format(parameters.testFormat, coalesce(target.test, target.name)) }}
+        - ${{ if not(eq(length(parameters.groups), 0)) }}:
+          - ${{ each group in parameters.groups }}:
+            - ${{ each target in parameters.targets }}:
+              - name: ${{ format(format(parameters.nameGroupFormat, parameters.nameFormat), coalesce(target.name, target.test), group) }}
+                test: ${{ format(format(parameters.testGroupFormat, parameters.testFormat), coalesce(target.test, target.name), group) }}

.azure-pipelines/templates/test.yml

@@ -0,0 +1,45 @@
+# This template uses the provided list of jobs to create test one or more test jobs.
+# It can be used directly if needed, or through the matrix template.
+
+parameters:
+  # A required list of dictionaries, one per test job.
+  # Each item in the list must contain a "job" and "name" key.
+  - name: jobs
+    type: object
+
+jobs:
+  - ${{ each job in parameters.jobs }}:
+    - job: test_${{ replace(replace(replace(job.test, '/', '_'), '.', '_'), '-', '_') }}
+      displayName: ${{ job.name }}
+      container: default
+      workspace:
+        clean: all
+      steps:
+        - checkout: self
+          fetchDepth: $(fetchDepth)
+          path: $(checkoutPath)
+        - bash: .azure-pipelines/scripts/run-tests.sh "$(entryPoint)" "${{ job.test }}" "$(coverageBranches)"
+          displayName: Run Tests
+        - bash: .azure-pipelines/scripts/process-results.sh
+          condition: succeededOrFailed()
+          displayName: Process Results
+        - bash: .azure-pipelines/scripts/aggregate-coverage.sh "$(Agent.TempDirectory)"
+          condition: eq(variables.haveCoverageData, 'true')
+          displayName: Aggregate Coverage Data
+        - task: PublishTestResults@2
+          condition: eq(variables.haveTestResults, 'true')
+          inputs:
+            testResultsFiles: "$(outputPath)/junit/*.xml"
+          displayName: Publish Test Results
+        - task: PublishPipelineArtifact@1
+          condition: eq(variables.haveBotResults, 'true')
+          displayName: Publish Bot Results
+          inputs:
+            targetPath: "$(outputPath)/bot/"
+            artifactName: "Bot $(System.JobAttempt) $(System.StageDisplayName) $(System.JobDisplayName)"
+        - task: PublishPipelineArtifact@1
+          condition: eq(variables.haveCoverageData, 'true')
+          displayName: Publish Coverage Data
+          inputs:
+            targetPath: "$(Agent.TempDirectory)/coverage/"
+            artifactName: "Coverage $(System.JobAttempt) $(System.StageDisplayName) $(System.JobDisplayName)"

.github/BOTMETA.yml

@@ -1,7 +1,7 @@
 automerge: false
 files:
-  $module_utils/ismount.py:
-    labels: ismount
+  $module_utils/mount.py:
+    labels: mount
   $modules/acl.py:
     authors: astorije bcoca
     labels: acl

.github/settings.yml

@@ -1,61 +0,0 @@
-###
-# https://probot.github.io/apps/settings/
-#
-
-# DO NOT MODIFY
-# this is a copy of https://github.com/gundalow-collection/.github/blob/master/.github/settings.yml
-# Work around till https://github.com/probot/settings/pull/179 is merged
-
-
-
-repository:
-  # See https://developer.github.com/v3/repos/#edit for all available settings.
-  has_issues: true
-  has_wiki: false
-  has_pages: false
-  default_branch: devel
-  allow_squash_merge: true
-  allow_merge_commit: false
-  allow_rebase_merge: true
-
-# Labels: define labels for Issues and Pull Requests
-labels:
-  - name: bug
-    color: fbca04
-    description: This issue/PR relates to a bug.
-  - name: feature
-    description: This issue/PR relates to a feature request.
-    color: 006b75
-  - name: migrated_from_ansible_ansible
-    color: 5319e7
-    description: This issue/PR was moved from gh/ansible/ansible
-
-branches:
-  - name: master
-    # https://developer.github.com/v3/repos/branches/#update-branch-protection
-    # Branch Protection settings. Set to null to disable
-    protection:
-      # Required. Require at least one approving review on a pull request, before merging. Set to null to disable.
-      required_pull_request_reviews:
-        # The number of approvals required. (1-6)
-        required_approving_review_count: 1
-        # Dismiss approved reviews automatically when a new commit is pushed.
-        dismiss_stale_reviews: true
-        # Blocks merge until code owners have reviewed.
-        require_code_owner_reviews: true
-        # Specify which users and teams can dismiss pull request reviews. Pass an empty dismissal_restrictions object to disable. User and team dismissal_restrictions are only available for organization-owned repositories. Omit this parameter for personal repositories.
-        dismissal_restrictions:
-          users: []
-          teams: []
-      # Required. Require status checks to pass before merging. Set to null to disable
-      required_status_checks:
-        # Required. Require branches to be up to date before merging.
-        strict: true
-        # Required. The list of status checks to require in order to merge into this branch
-        contexts: []
-      # Required. Enforce all configured restrictions for administrators. Set to true to enforce required status checks for repository administrators. Set to null to disable.
-      enforce_admins: true
-      # Required. Restrict who can push to this branch. Team and user restrictions are only available for organization-owned repositories. Set to null to disable.
-      #restrictions:
-      #  users: []
-      #  teams: []

.gitignore

@@ -384,4 +384,7 @@ $RECYCLE.BIN/
 # Windows shortcuts
 *.lnk
 
+# Antsibull-changelog
+changelogs/.plugin-cache.yaml
+
 # End of https://www.gitignore.io/api/git,linux,pydev,python,windows,pycharm+all,jupyternotebook,vim,webstorm,emacs,dotenv

CHANGELOG.rst

@@ -0,0 +1,175 @@
+===========================
+ansible.posix Release Notes
+===========================
+
+.. contents:: Topics
+
+
+v1.4.0
+======
+
+Release Summary
+---------------
+
+This is the minor release of the ``ansible.posix`` collection.
+This changelog contains all changes to the modules in this collection that
+have been added after the release of ``ansible.posix`` 1.3.0.
+
+Minor Changes
+-------------
+
+- firewalld - Show warning message that variable type of ``masquerade`` and ``icmp_block_inversion`` will be changed from ``str`` to ``boolean`` in the future release (https://github.com/ansible-collections/ansible.posix/pull/254).
+- selinux - optionally update kernel boot params when disabling/re-enabling SELinux (https://github.com/ansible-collections/ansible.posix/pull/142).
+
+Bugfixes
+--------
+
+- Fix for whitespace in source full path causing error ```code 23) at main.c(1330) [sender=3.2.3]``` (https://github.com/ansible-collections/ansible.posix/pull/278)
+- Include ``PSF-license.txt`` file for ``plugins/module_utils/_version.py``.
+- Use vendored version of ``distutils.version`` instead of the deprecated Python standard library to address PEP 632 (https://github.com/ansible-collections/ansible.posix/issues/303).
+- firewalld - Correct usage of queryForwardPort (https://github.com/ansible-collections/ansible.posix/issues/247).
+- firewalld - Refine the handling of exclusive options (https://github.com/ansible-collections/ansible.posix/issues/255).
+- mount - add a newline at the end of line in ``fstab`` (https://github.com/ansible-collections/ansible.posix/issues/210).
+- profile_tasks - Correctly calculate task execution time with serial execution (https://github.com/ansible-collections/ansible.posix/issues/83).
+- seboolean - add ``python3-libsemanage`` package dependency for RHEL8+ systems.
+
+v1.3.0
+======
+
+Release Summary
+---------------
+
+This is the minor release of the ``ansible.posix`` collection.
+This changelog contains all changes to the modules in this collection that
+have been added after the release of ``ansible.posix`` 1.2.0.
+
+Minor Changes
+-------------
+
+- acl - add new alias ``recurse`` for ``recursive`` parameter (https://github.com/ansible-collections/ansible.posix/issues/124).
+- added 2.11 branch to test matrix, added ignore-2.12.txt.
+- authorized_key - add ``no_log=False`` in ``argument_spec`` to clear false-positives of ``no-log-needed`` (https://github.com/ansible-collections/ansible.posix/pull/156).
+- authorized_key - add a list of valid key types (https://github.com/ansible-collections/ansible.posix/issues/134).
+- mount - Change behavior of ``boot`` option to set ``noauto`` on BSD nodes (https://github.com/ansible-collections/ansible.posix/issues/28).
+- mount - Change behavior of ``boot`` option to set ``noauto`` on Linux nodes (https://github.com/ansible-collections/ansible.posix/issues/28).
+- mount - add ``no_log=False`` in ``argument_spec`` to clear false-positives of ``no-log-needed`` (https://github.com/ansible-collections/ansible.posix/pull/156).
+- mount - returns ``backup_file`` value when a backup fstab is created.
+- synchronize - add ``delay_updates`` option (https://github.com/ansible-collections/ansible.posix/issues/157).
+- synchronize - fix typo (https://github.com/ansible-collections/ansible.posix/pull/198).
+
+Bugfixes
+--------
+
+- Synchronize module not recognizing remote ssh key (https://github.com/ansible-collections/ansible.posix/issues/24).
+- Synchronize not using quotes around arguments like --out-format (https://github.com/ansible-collections/ansible.posix/issues/190).
+- at - append line-separator to the end of the ``command`` (https://github.com/ansible-collections/ansible.posix/issues/169).
+- csh - define ``ECHO`` and ``COMMAND_SEP`` (https://github.com/ansible-collections/ansible.posix/issues/204).
+- firewalld - enable integration after migration (https://github.com/ansible-collections/ansible.posix/pull/239).
+- firewalld - ensure idempotency with firewalld 0.9.3 (https://github.com/ansible-collections/ansible.posix/issues/179).
+- firewalld - fix setting zone target to ``%%REJECT%%`` (https://github.com/ansible-collections/ansible.posix/pull/215).
+- mount - Handle ``boot`` option on Solaris correctly (https://github.com/ansible-collections/ansible.posix/issues/184).
+- synchronize - add ``community.podman.podman`` to the list of supported connection plugins (https://github.com/ansible-community/molecule-podman/issues/45).
+- synchronize - complete podman support for synchronize module.
+- synchronize - properly quote rsync CLI parameters (https://github.com/ansible-collections/ansible.posix/pull/241).
+- synchronize - replace removed ``ansible_ssh_user`` by ``ansible_user`` everywhere; do the same for ``ansible_ssh_port`` and ``ansible_ssh_host`` (https://github.com/ansible-collections/ansible.posix/issues/60).
+- synchronize - use SSH args from SSH connection plugin (https://github.com/ansible-collections/ansible.posix/issues/222).
+- synchronize - use become_user when invoking rsync on remote with sudo (https://github.com/ansible-collections/ansible.posix/issues/186).
+- sysctl - modifying conditional check for docker to fix tests being skipped (https://github.com/ansible-collections/ansible.posix/pull/226).
+
+v1.2.0
+======
+
+Release Summary
+---------------
+
+This is the minor release of the ``ansible.posix`` collection.
+This changelog contains all changes to the modules in this collection that
+have been added after the release of ``ansible.posix`` 1.1.0.
+
+Minor Changes
+-------------
+
+- firewalld - bring the ``target`` feature back (https://github.com/ansible-collections/ansible.posix/issues/112).
+- fix sanity test for various modules.
+- synchronize - add the ``ssh_connection_multiplexing`` option to allow SSH connection multiplexing (https://github.com/ansible/ansible/issues/24365).
+
+Bugfixes
+--------
+
+- at - add AIX support (https://github.com/ansible-collections/ansible.posix/pull/99).
+- synchronize - add ``community.docker.docker`` to the list of supported transports (https://github.com/ansible-collections/ansible.posix/issues/132).
+- synchronize - do not prepend PWD when path is in form user@server:path or server:path (https://github.com/ansible-collections/ansible.posix/pull/118).
+- synchronize - fix for private_key overriding in synchronize module.
+- sysctl - do not persist sysctl when value is invalid (https://github.com/ansible-collections/ansible.posix/pull/101).
+
+v1.1.1
+======
+
+Minor Changes
+-------------
+
+- skippy - fixed the deprecation warning (by date) for skippy callback plugin
+
+Bugfixes
+--------
+
+- Fix synchronize to work with renamed docker and buildah connection plugins.
+
+v1.1.0
+======
+
+Minor Changes
+-------------
+
+- firewalld - add firewalld module to ansible.posix collection
+
+v1.0.0
+======
+
+Major Changes
+-------------
+
+- Bootstrap Collection (https://github.com/ansible-collections/ansible.posix/pull/1).
+
+Minor Changes
+-------------
+
+- CI should use devel (https://github.com/ansible-collections/ansible.posix/pull/6).
+- Enable tests for at, patch and synchronize modules (https://github.com/ansible-collections/ansible.posix/pull/5).
+- Enabled tags in galaxy.yml (https://github.com/ansible-collections/ansible.posix/issues/18).
+- Migrate hacking/cgroup_perf_recap_graph.py to this collection, since the cgroup_perf_recap callback lives here.
+- Remove license key from galaxy.yml.
+- Remove sanity jobs from shippable (https://github.com/ansible-collections/ansible.posix/pull/43).
+- Removed ANSIBLE_METADATA from all the modules.
+- Revert "Enable at, patch and synchronize tests (https://github.com/ansible-collections/ansible.posix/pull/5)".
+- Update EXAMPLES section in modules to use FQCN.
+- Update README.md (https://github.com/ansible-collections/ansible.posix/pull/4/).
+
+Bugfixes
+--------
+
+- Allow unsetting existing environment vars via environment by specifying a null value (https://github.com/ansible/ansible/pull/68236).
+- Mount - Handle remount with new options (https://github.com/ansible/ansible/issues/59460).
+- Profile_tasks - result was a odict_items which is not subscriptable, so the slicing was failing (https://github.com/ansible/ansible/issues/59059).
+- Revert "mount - Check if src exists before mounted (ansible/ansible#61752)".
+- Typecast results before use in profile_tasks callback (https://github.com/ansible/ansible/issues/69563).
+- authorized_keys - Added FIDO2 security keys (https://github.com/ansible-collections/ansible.posix/issues/17).
+- authorized_keys - fix inconsistent return value for check mode (https://github.com/ansible-collections/ansible.posix/issues/37)
+- json callback - Fix host result to task references in the resultant JSON output for non-lockstep strategy plugins such as free (https://github.com/ansible/ansible/issues/65931)
+- mount - fix issues with ismount module_util pathing for Ansible 2.9 (fixes https://github.com/ansible-collections/ansible.posix/issues/21)
+- patch - fix FQCN usage for action plugin (https://github.com/ansible-collections/ansible.posix/issues/11)
+- selinux - add missing configuration keys for /etc/selinux/config (https://github.com/ansible-collections/ansible.posix/issues/23)
+- synchronize - fix FQCN usage for action plugin (https://github.com/ansible-collections/ansible.posix/issues/11)
+
+New Modules
+-----------
+
+- acl - Set and retrieve file ACL information.
+- at - Schedule the execution of a command or script file via the at command
+- authorized_key - Adds or removes an SSH authorized key
+- mount - Control active and configured mount points
+- patch - Apply patch files using the GNU patch tool
+- seboolean - Toggles SELinux booleans
+- selinux - Change policy and state of SELinux
+- synchronize - A wrapper around rsync to make common tasks in your playbooks quick and easy
+- sysctl - Manage entries in sysctl.conf.

PSF-license.txt

@@ -0,0 +1,48 @@
+PYTHON SOFTWARE FOUNDATION LICENSE VERSION 2
+--------------------------------------------
+
+1. This LICENSE AGREEMENT is between the Python Software Foundation
+("PSF"), and the Individual or Organization ("Licensee") accessing and
+otherwise using this software ("Python") in source or binary form and
+its associated documentation.
+
+2. Subject to the terms and conditions of this License Agreement, PSF hereby
+grants Licensee a nonexclusive, royalty-free, world-wide license to reproduce,
+analyze, test, perform and/or display publicly, prepare derivative works,
+distribute, and otherwise use Python alone or in any derivative version,
+provided, however, that PSF's License Agreement and PSF's notice of copyright,
+i.e., "Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
+2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Python Software Foundation;
+All Rights Reserved" are retained in Python alone or in any derivative version
+prepared by Licensee.
+
+3. In the event Licensee prepares a derivative work that is based on
+or incorporates Python or any part thereof, and wants to make
+the derivative work available to others as provided herein, then
+Licensee hereby agrees to include in any such work a brief summary of
+the changes made to Python.
+
+4. PSF is making Python available to Licensee on an "AS IS"
+basis.  PSF MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR
+IMPLIED.  BY WAY OF EXAMPLE, BUT NOT LIMITATION, PSF MAKES NO AND
+DISCLAIMS ANY REPRESENTATION OR WARRANTY OF MERCHANTABILITY OR FITNESS
+FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF PYTHON WILL NOT
+INFRINGE ANY THIRD PARTY RIGHTS.
+
+5. PSF SHALL NOT BE LIABLE TO LICENSEE OR ANY OTHER USERS OF PYTHON
+FOR ANY INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES OR LOSS AS
+A RESULT OF MODIFYING, DISTRIBUTING, OR OTHERWISE USING PYTHON,
+OR ANY DERIVATIVE THEREOF, EVEN IF ADVISED OF THE POSSIBILITY THEREOF.
+
+6. This License Agreement will automatically terminate upon a material
+breach of its terms and conditions.
+
+7. Nothing in this License Agreement shall be deemed to create any
+relationship of agency, partnership, or joint venture between PSF and
+Licensee.  This License Agreement does not grant permission to use PSF
+trademarks or trade name in a trademark sense to endorse or promote
+products or services of Licensee, or any third party.
+
+8. By copying, installing or otherwise using Python, Licensee
+agrees to be bound by the terms and conditions of this License
+Agreement.

README.md

@@ -1,22 +1,58 @@
 # ansible.posix
 <!-- Add CI and code coverage badges here. Samples included below. -->
-[![Run Status](https://api.shippable.com/projects/5e669aaf8b17a60007e4d18d/badge?branch=master)]() [![Codecov](https://img.shields.io/codecov/c/github/ansible-collections/ansible.posix)](https://codecov.io/gh/ansible-collections/ansible.posix)
+[![Build Status](
+https://dev.azure.com/ansible/ansible.posix/_apis/build/status/CI?branchName=main)](https://dev.azure.com/ansible/ansible.posix/_build?definitionId=26)
+[![Run Status](https://api.shippable.com/projects/5e669aaf8b17a60007e4d18d/badge?branch=main)]() <!--[![Codecov](https://img.shields.io/codecov/c/github/ansible-collections/ansible.posix)](https://codecov.io/gh/ansible-collections/ansible.posix)-->
 
 <!-- Describe the collection and why a user would want to use it. What does the collection do? -->
+An Ansible Collection of modules and plugins that target POSIX UNIX/Linux and derivative Operating Systems.
 
-## Tested with Ansible
+## Supported Versions of Ansible
+<!--start requires_ansible-->
+## Ansible version compatibility
 
-<!-- List the versions of Ansible the collection has been tested with. Must match what is in galaxy.yml. -->
+This collection has been tested against following Ansible versions: **>=2.9**.
 
-* ansible-base 2.10 (devel)
-
-## External requirements
-
-None
+For collections that support Ansible 2.9, please ensure you update your `network_os` to use the
+fully qualified collection name (for example, `cisco.ios.ios`).
+Plugins and modules within a collection may be tested with only specific Ansible versions.
+A collection may contain metadata that identifies these versions.
+PEP440 is the schema used to describe the versions of Ansible.
+<!--end requires_ansible-->
 
 ## Included content
-
 <!-- Galaxy will eventually list the module docs within the UI, but until that is ready, you may need to either describe your plugins etc here, or point to an external docsite to cover that information. -->
+<!--start collection content-->
+### Modules
+Name | Description
+--- | ---
+[ansible.posix.acl](https://github.com/ansible-collections/ansible.posix/blob/main/docs/ansible.posix.acl_module.rst)|Set and retrieve file ACL information.
+[ansible.posix.at](https://github.com/ansible-collections/ansible.posix/blob/main/docs/ansible.posix.at_module.rst)|Schedule the execution of a command or script file via the at command
+[ansible.posix.authorized_key](https://github.com/ansible-collections/ansible.posix/blob/main/docs/ansible.posix.authorized_key_module.rst)|Adds or removes an SSH authorized key
+[ansible.posix.firewalld](https://github.com/ansible-collections/ansible.posix/blob/main/docs/ansible.posix.firewalld_module.rst)|Manage arbitrary ports/services with firewalld
+[ansible.posix.firewalld_info](https://github.com/ansible-collections/ansible.posix/blob/main/docs/ansible.posix.firewalld_info_module.rst)|Gather information about firewalld
+[ansible.posix.mount](https://github.com/ansible-collections/ansible.posix/blob/main/docs/ansible.posix.mount_module.rst)|Control active and configured mount points
+[ansible.posix.patch](https://github.com/ansible-collections/ansible.posix/blob/main/docs/ansible.posix.patch_module.rst)|Apply patch files using the GNU patch tool
+[ansible.posix.seboolean](https://github.com/ansible-collections/ansible.posix/blob/main/docs/ansible.posix.seboolean_module.rst)|Toggles SELinux booleans
+[ansible.posix.selinux](https://github.com/ansible-collections/ansible.posix/blob/main/docs/ansible.posix.selinux_module.rst)|Change policy and state of SELinux
+[ansible.posix.synchronize](https://github.com/ansible-collections/ansible.posix/blob/main/docs/ansible.posix.synchronize_module.rst)|A wrapper around rsync to make common tasks in your playbooks quick and easy
+[ansible.posix.sysctl](https://github.com/ansible-collections/ansible.posix/blob/main/docs/ansible.posix.sysctl_module.rst)|Manage entries in sysctl.conf.
+
+<!--end collection content-->
+
+## Installing this collection
+
+You can install the ``ansible.posix`` collection with the Ansible Galaxy CLI:
+
+    ansible-galaxy collection install ansible.posix
+
+You can also include it in a `requirements.yml` file and install it with `ansible-galaxy collection install -r requirements.yml`, using the format:
+
+```yaml
+---
+collections:
+  - name: ansible.posix
+```
 
 ## Using this collection
 
@@ -24,18 +60,40 @@ None
 
 See [Ansible Using collections](https://docs.ansible.com/ansible/latest/user_guide/collections_using.html) for more details.
 
+**NOTE**: For Ansible 2.9, you may not see deprecation warnings when you run your playbooks with this collection. Use this documentation to track when a module is deprecated.
+
 ## Contributing to this collection
 
 <!--Describe how the community can contribute to your collection. At a minimum, include how and where users can create issues to report problems or request features for this collection.  List contribution requirements, including preferred workflows and necessary testing, so you can benefit from community PRs. If you are following general Ansible contributor guidelines, you can link to - [Ansible Community Guide](https://docs.ansible.com/ansible/latest/community/index.html). -->
 
+We welcome community contributions to this collection. See [Contributing to Ansible-maintained collections](https://docs.ansible.com/ansible/devel/community/contributing_maintained_collections.html#contributing-maintained-collections) for complete details.
+
 * [Issues](https://github.com/ansible-collections/ansible.posix/issues)
 * [Pull Requests](https://github.com/ansible-collections/ansible.posix/pulls)
 * [Ansible Community Guide](https://docs.ansible.com/ansible/latest/community/index.html)
 
-## Release notes
+### Code of Conduct
+This collection follows the Ansible project's
+[Code of Conduct](https://docs.ansible.com/ansible/devel/community/code_of_conduct.html).
+Please read and familiarize yourself with this document.
 
-* 0.1.1 Initial stable build
-* 0.1.0 Internal only build
+## Release notes
+See [changelog](https://github.com/ansible-collections/ansible.posix/blob/main/CHANGELOG.rst) for more details.
+
+## External requirements
+
+None
+
+## Tested with Ansible
+
+<!-- List the versions of Ansible the collection has been tested with. Must match what is in galaxy.yml. -->
+
+- ansible-core 2.14 (devel)
+- ansible-core 2.13 (stable)
+- ansible-core 2.12 (stable)
+- ansible-core 2.11 (stable)
+- ansible-base 2.10 (stable)
+- ansible 2.9 (stable)
 
 ## Roadmap
 
@@ -54,5 +112,4 @@ See [Ansible Using collections](https://docs.ansible.com/ansible/latest/user_gui
 
 GNU General Public License v3.0 or later.
 
-See [LICENCE](https://www.gnu.org/licenses/gpl-3.0.txt) to see the full text.
-
+See [COPYING](https://www.gnu.org/licenses/gpl-3.0.txt) to see the full text.

bindep.txt

@@ -0,0 +1,4 @@
+# This is a cross-platform list tracking distribution packages needed by tests;
+# see https://docs.openstack.org/infra/bindep/ for additional information.
+
+rsync [platform:rhel-8 platform:rhel-9]

changelogs/changelog.yaml

@@ -0,0 +1,262 @@
+ancestor: null
+releases:
+  1.0.0:
+    changes:
+      bugfixes:
+      - Allow unsetting existing environment vars via environment by specifying a
+        null value (https://github.com/ansible/ansible/pull/68236).
+      - Mount - Handle remount with new options (https://github.com/ansible/ansible/issues/59460).
+      - Profile_tasks - result was a odict_items which is not subscriptable, so the
+        slicing was failing (https://github.com/ansible/ansible/issues/59059).
+      - Revert "mount - Check if src exists before mounted (ansible/ansible#61752)".
+      - Typecast results before use in profile_tasks callback (https://github.com/ansible/ansible/issues/69563).
+      - authorized_keys - Added FIDO2 security keys (https://github.com/ansible-collections/ansible.posix/issues/17).
+      - authorized_keys - fix inconsistent return value for check mode (https://github.com/ansible-collections/ansible.posix/issues/37)
+      - json callback - Fix host result to task references in the resultant JSON output
+        for non-lockstep strategy plugins such as free (https://github.com/ansible/ansible/issues/65931)
+      - mount - fix issues with ismount module_util pathing for Ansible 2.9 (fixes
+        https://github.com/ansible-collections/ansible.posix/issues/21)
+      - patch - fix FQCN usage for action plugin (https://github.com/ansible-collections/ansible.posix/issues/11)
+      - selinux - add missing configuration keys for /etc/selinux/config (https://github.com/ansible-collections/ansible.posix/issues/23)
+      - synchronize - fix FQCN usage for action plugin (https://github.com/ansible-collections/ansible.posix/issues/11)
+      major_changes:
+      - Bootstrap Collection (https://github.com/ansible-collections/ansible.posix/pull/1).
+      minor_changes:
+      - CI should use devel (https://github.com/ansible-collections/ansible.posix/pull/6).
+      - Enable tests for at, patch and synchronize modules (https://github.com/ansible-collections/ansible.posix/pull/5).
+      - Enabled tags in galaxy.yml (https://github.com/ansible-collections/ansible.posix/issues/18).
+      - Migrate hacking/cgroup_perf_recap_graph.py to this collection, since the cgroup_perf_recap
+        callback lives here.
+      - Remove license key from galaxy.yml.
+      - Remove sanity jobs from shippable (https://github.com/ansible-collections/ansible.posix/pull/43).
+      - Removed ANSIBLE_METADATA from all the modules.
+      - Revert "Enable at, patch and synchronize tests (https://github.com/ansible-collections/ansible.posix/pull/5)".
+      - Update EXAMPLES section in modules to use FQCN.
+      - Update README.md (https://github.com/ansible-collections/ansible.posix/pull/4/).
+    fragments:
+    - 11-action-plugins-use-fqcn.yml
+    - 12_migrate_cgroup_perf_recap_graph.yml
+    - 14_mount_option.yml
+    - 15_profile_tasks.yml
+    - 17_authorized_keys.yml
+    - 19_enable_tags.yml
+    - 21-mount-module_util-routing-issue.yml
+    - 23-selinux-doesnt-create-missing-config-keys.yml
+    - 25_ansible_metadata.yml
+    - 26_profile_tasks_doc.yml
+    - 27_update_examples.yml
+    - 33_mount.yml
+    - 35_disable_tests.yml
+    - 37-authorized_keys-inconsistent-check-mode-values.yml
+    - 39_remove_license.yml
+    - 43_remove_shippable.yml
+    - 4_update_readme.yml
+    - 5_enable_tests.yml
+    - 65931-json-callback-non-lockstep-output.yml
+    - 6_test_devel.yml
+    - 7_env.yml
+    - initial_commit.yaml
+    modules:
+    - description: Set and retrieve file ACL information.
+      name: acl
+      namespace: ''
+    - description: Schedule the execution of a command or script file via the at command
+      name: at
+      namespace: ''
+    - description: Adds or removes an SSH authorized key
+      name: authorized_key
+      namespace: ''
+    - description: Control active and configured mount points
+      name: mount
+      namespace: ''
+    - description: Apply patch files using the GNU patch tool
+      name: patch
+      namespace: ''
+    - description: Toggles SELinux booleans
+      name: seboolean
+      namespace: ''
+    - description: Change policy and state of SELinux
+      name: selinux
+      namespace: ''
+    - description: A wrapper around rsync to make common tasks in your playbooks quick
+        and easy
+      name: synchronize
+      namespace: ''
+    - description: Manage entries in sysctl.conf.
+      name: sysctl
+      namespace: ''
+    release_date: '2020-06-19'
+  1.1.0:
+    changes:
+      minor_changes:
+      - firewalld - add firewalld module to ansible.posix collection
+    fragments:
+    - firewalld_migration.yml
+    release_date: '2020-07-15'
+  1.1.1:
+    changes:
+      bugfixes:
+      - Fix synchronize to work with renamed docker and buildah connection plugins.
+      minor_changes:
+      - skippy - fixed the deprecation warning (by date) for skippy callback plugin
+    fragments:
+    - 74_synchronize_docker.yml
+    - skippy_deprecation.yml
+    release_date: '2020-09-02'
+  1.2.0:
+    changes:
+      bugfixes:
+      - at - add AIX support (https://github.com/ansible-collections/ansible.posix/pull/99).
+      - synchronize - add ``community.docker.docker`` to the list of supported transports
+        (https://github.com/ansible-collections/ansible.posix/issues/132).
+      - synchronize - do not prepend PWD when path is in form user@server:path or
+        server:path (https://github.com/ansible-collections/ansible.posix/pull/118).
+      - synchronize - fix for private_key overriding in synchronize module.
+      - sysctl - do not persist sysctl when value is invalid (https://github.com/ansible-collections/ansible.posix/pull/101).
+      minor_changes:
+      - firewalld - bring the ``target`` feature back (https://github.com/ansible-collections/ansible.posix/issues/112).
+      - fix sanity test for various modules.
+      - synchronize - add the ``ssh_connection_multiplexing`` option to allow SSH
+        connection multiplexing (https://github.com/ansible/ansible/issues/24365).
+      release_summary: 'This is the minor release of the ``ansible.posix`` collection.
+
+        This changelog contains all changes to the modules in this collection that
+
+        have been added after the release of ``ansible.posix`` 1.1.0.'
+    fragments:
+    - 1.2.0.yml
+    - 101-sysctl-dont-persist-when-invalid.yml
+    - 118-synchronize_bugfix.yml
+    - 120-synchronize_add_option.yml
+    - 144_add_community_docker_connection_plugin_alias.yml
+    - 82-private-key-override-fix.yml
+    - 99-at_add_aix_support.yml
+    - firewalld_zone_target.yml
+    - misc_fix.yml
+    release_date: '2021-03-08'
+  1.3.0:
+    changes:
+      bugfixes:
+      - Synchronize module not recognizing remote ssh key (https://github.com/ansible-collections/ansible.posix/issues/24).
+      - Synchronize not using quotes around arguments like --out-format (https://github.com/ansible-collections/ansible.posix/issues/190).
+      - at - append line-separator to the end of the ``command`` (https://github.com/ansible-collections/ansible.posix/issues/169).
+      - csh - define ``ECHO`` and ``COMMAND_SEP`` (https://github.com/ansible-collections/ansible.posix/issues/204).
+      - firewalld - enable integration after migration (https://github.com/ansible-collections/ansible.posix/pull/239).
+      - firewalld - ensure idempotency with firewalld 0.9.3 (https://github.com/ansible-collections/ansible.posix/issues/179).
+      - firewalld - fix setting zone target to ``%%REJECT%%`` (https://github.com/ansible-collections/ansible.posix/pull/215).
+      - mount - Handle ``boot`` option on Solaris correctly (https://github.com/ansible-collections/ansible.posix/issues/184).
+      - synchronize - add ``community.podman.podman`` to the list of supported connection
+        plugins (https://github.com/ansible-community/molecule-podman/issues/45).
+      - synchronize - complete podman support for synchronize module.
+      - synchronize - properly quote rsync CLI parameters (https://github.com/ansible-collections/ansible.posix/pull/241).
+      - synchronize - replace removed ``ansible_ssh_user`` by ``ansible_user`` everywhere;
+        do the same for ``ansible_ssh_port`` and ``ansible_ssh_host`` (https://github.com/ansible-collections/ansible.posix/issues/60).
+      - synchronize - use SSH args from SSH connection plugin (https://github.com/ansible-collections/ansible.posix/issues/222).
+      - synchronize - use become_user when invoking rsync on remote with sudo (https://github.com/ansible-collections/ansible.posix/issues/186).
+      - sysctl - modifying conditional check for docker to fix tests being skipped
+        (https://github.com/ansible-collections/ansible.posix/pull/226).
+      minor_changes:
+      - acl - add new alias ``recurse`` for ``recursive`` parameter (https://github.com/ansible-collections/ansible.posix/issues/124).
+      - added 2.11 branch to test matrix, added ignore-2.12.txt.
+      - authorized_key - add ``no_log=False`` in ``argument_spec`` to clear false-positives
+        of ``no-log-needed`` (https://github.com/ansible-collections/ansible.posix/pull/156).
+      - authorized_key - add a list of valid key types (https://github.com/ansible-collections/ansible.posix/issues/134).
+      - mount - Change behavior of ``boot`` option to set ``noauto`` on BSD nodes
+        (https://github.com/ansible-collections/ansible.posix/issues/28).
+      - mount - Change behavior of ``boot`` option to set ``noauto`` on Linux nodes
+        (https://github.com/ansible-collections/ansible.posix/issues/28).
+      - mount - add ``no_log=False`` in ``argument_spec`` to clear false-positives
+        of ``no-log-needed`` (https://github.com/ansible-collections/ansible.posix/pull/156).
+      - mount - returns ``backup_file`` value when a backup fstab is created.
+      - synchronize - add ``delay_updates`` option (https://github.com/ansible-collections/ansible.posix/issues/157).
+      - synchronize - fix typo (https://github.com/ansible-collections/ansible.posix/pull/198).
+      release_summary: 'This is the minor release of the ``ansible.posix`` collection.
+
+        This changelog contains all changes to the modules in this collection that
+
+        have been added after the release of ``ansible.posix`` 1.2.0.'
+    fragments:
+    - 1.3.0.yml
+    - 124_acl.yml
+    - 126_mount_not_returning_backup_file.yml
+    - 134_authorized_key.yml
+    - 156-fix_no-log-needed_false_positives.yml
+    - 159-fix-60-deprecated-ansible_ssh_user.yml
+    - 167-synchronize-add_delay_option.yml
+    - 169_add_lineseparator_to_command.yml
+    - 175_synchronize.yml
+    - 179_firewalld.yml
+    - 181-update_codecov_sh_url.yml
+    - 185_mount_at_boot.yml
+    - 187-fix-synchronize-become-user.yml
+    - 193_firewalld.yml
+    - 196_boot_opt_for_linux.yml
+    - 203_boot_opt_for_bsd.yml
+    - 204_csh_shell.yml
+    - 207-mount_tests.yml
+    - 213_quote_cmd_args.yml
+    - 214-add_firewalld_info_module.yml
+    - 215_fix_REJECT_target_name.yml
+    - 217-restructure_authrized_key_test.yml
+    - 222_synchronize.yml
+    - 226_sysctl_fix_integration_test.yml
+    - 229_add_podman_connection_plugin_to_synchronize.yml
+    - 230_complete_podman_support_for_synchronize.yml
+    - 233-fix-wrong-firewalld-version-info.yml
+    - 241-synchronize-shell-quoting.yml
+    - firewalld_integ_test.yml
+    - firewalld_test.yml
+    - sanity_test_ignore_file.yml
+    - synchronize.yml
+    - test_matrix.yml
+    release_date: '2021-08-11'
+  1.4.0:
+    changes:
+      bugfixes:
+      - Fix for whitespace in source full path causing error ```code 23) at main.c(1330)
+        [sender=3.2.3]``` (https://github.com/ansible-collections/ansible.posix/pull/278)
+      - Include ``PSF-license.txt`` file for ``plugins/module_utils/_version.py``.
+      - Use vendored version of ``distutils.version`` instead of the deprecated Python
+        standard library to address PEP 632 (https://github.com/ansible-collections/ansible.posix/issues/303).
+      - firewalld - Correct usage of queryForwardPort (https://github.com/ansible-collections/ansible.posix/issues/247).
+      - firewalld - Refine the handling of exclusive options (https://github.com/ansible-collections/ansible.posix/issues/255).
+      - mount - add a newline at the end of line in ``fstab`` (https://github.com/ansible-collections/ansible.posix/issues/210).
+      - profile_tasks - Correctly calculate task execution time with serial execution
+        (https://github.com/ansible-collections/ansible.posix/issues/83).
+      - seboolean - add ``python3-libsemanage`` package dependency for RHEL8+ systems.
+      minor_changes:
+      - firewalld - Show warning message that variable type of ``masquerade`` and
+        ``icmp_block_inversion`` will be changed from ``str`` to ``boolean`` in the
+        future release (https://github.com/ansible-collections/ansible.posix/pull/254).
+      - selinux - optionally update kernel boot params when disabling/re-enabling
+        SELinux (https://github.com/ansible-collections/ansible.posix/pull/142).
+      release_summary: 'This is the minor release of the ``ansible.posix`` collection.
+
+        This changelog contains all changes to the modules in this collection that
+
+        have been added after the release of ``ansible.posix`` 1.3.0.'
+    fragments:
+    - 1.4.0.yml
+    - 211_fstab_append_newline.yml
+    - 247_firewalld.yml
+    - 254_variable_warnings.yml
+    - 255_authorized_key_url.yml
+    - 263_profile_tasks_with_serial.yml
+    - 272-copy_ignore_txt.yml
+    - 277_fix_integration_test_on_devel.yml
+    - 282_fix_unit_test_for_synchronize.yml
+    - 287_firewalld_requirements.yml
+    - 288_mounts_options.yml
+    - 297_firewalld_exclusive_options_handling.yml
+    - 299_seboolean_python3.yml
+    - 302_shippable_exit_code.yml
+    - 304_pep632.yml
+    - 346_copy_ignore_txt_for_devel.yml
+    - 347_add_branch_213.yml
+    - 349_follow_new_guidelines.yml
+    - 353_ci_fix_unittest_for_synchronize.yml
+    - disable_selinux_via_kernel_cmdline.yml
+    - psf-license.yml
+    - sanity_fixes.yml
+    - shell_escape_full_path_for_rsync.yml
+    release_date: '2022-05-23'

changelogs/config.yaml

@@ -0,0 +1,29 @@
+changelog_filename_template: ../CHANGELOG.rst
+changelog_filename_version_depth: 0
+changes_file: changelog.yaml
+changes_format: combined
+keep_fragments: false
+mention_ancestor: true
+new_plugins_after_name: removed_features
+notesdir: fragments
+prelude_section_name: release_summary
+prelude_section_title: Release Summary
+sections:
+- - major_changes
+  - Major Changes
+- - minor_changes
+  - Minor Changes
+- - breaking_changes
+  - Breaking Changes / Porting Guide
+- - deprecated_features
+  - Deprecated Features
+- - removed_features
+  - Removed Features (previously deprecated)
+- - security_fixes
+  - Security Fixes
+- - bugfixes
+  - Bugfixes
+- - known_issues
+  - Known Issues
+title: ansible.posix
+trivial_section_name: trivial

codecov.yml

@@ -0,0 +1 @@
+comment: false

docs/ansible.posix.acl_module.rst

@@ -0,0 +1,345 @@
+.. _ansible.posix.acl_module:
+
+
+*****************
+ansible.posix.acl
+*****************
+
+**Set and retrieve file ACL information.**
+
+
+Version added: 1.0.0
+
+.. contents::
+   :local:
+   :depth: 1
+
+
+Synopsis
+--------
+- Set and retrieve file ACL information.
+
+
+
+
+Parameters
+----------
+
+.. raw:: html
+
+    <table  border=0 cellpadding=0 class="documentation-table">
+        <tr>
+            <th colspan="1">Parameter</th>
+            <th>Choices/<font color="blue">Defaults</font></th>
+            <th width="100%">Comments</th>
+        </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>default</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li><div style="color: blue"><b>no</b>&nbsp;&larr;</div></li>
+                                    <li>yes</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>If the target is a directory, setting this to <code>yes</code> will make it the default ACL for entities created inside the directory.</div>
+                        <div>Setting <code>default</code> to <code>yes</code> causes an error if the path is a file.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>entity</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>The actual user or group that the ACL applies to when matching entity types user or group are selected.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>entry</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>DEPRECATED.</div>
+                        <div>The ACL to set or remove.</div>
+                        <div>This must always be quoted in the form of <code>&lt;etype&gt;:&lt;qualifier&gt;:&lt;perms&gt;</code>.</div>
+                        <div>The qualifier may be empty for some types, but the type and perms are always required.</div>
+                        <div><code>-</code> can be used as placeholder when you do not care about permissions.</div>
+                        <div>This is now superseded by entity, type and permissions fields.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>etype</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li>group</li>
+                                    <li>mask</li>
+                                    <li>other</li>
+                                    <li>user</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>The entity type of the ACL to apply, see <code>setfacl</code> documentation for more info.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>follow</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li>no</li>
+                                    <li><div style="color: blue"><b>yes</b>&nbsp;&larr;</div></li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Whether to follow symlinks on the path if a symlink is encountered.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>path</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">path</span>
+                         / <span style="color: red">required</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>The full path of the file or object.</div>
+                        <div style="font-size: small; color: darkgreen"><br/>aliases: name</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>permissions</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>The permissions to apply/remove can be any combination of <code>r</code>, <code>w</code>, <code>x</code></div>
+                        <div>(read, write and execute respectively), and <code>X</code> (execute permission if the file is a directory or already has execute permission for some user)</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>recalculate_mask</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li><div style="color: blue"><b>default</b>&nbsp;&larr;</div></li>
+                                    <li>mask</li>
+                                    <li>no_mask</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Select if and when to recalculate the effective right masks of the files.</div>
+                        <div>See <code>setfacl</code> documentation for more info.</div>
+                        <div>Incompatible with <code>state=query</code>.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>recursive</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li><div style="color: blue"><b>no</b>&nbsp;&larr;</div></li>
+                                    <li>yes</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Recursively sets the specified ACL.</div>
+                        <div>Incompatible with <code>state=query</code>.</div>
+                        <div>Alias <code>recurse</code> added in version 1.3.0.</div>
+                        <div style="font-size: small; color: darkgreen"><br/>aliases: recurse</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>state</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li>absent</li>
+                                    <li>present</li>
+                                    <li><div style="color: blue"><b>query</b>&nbsp;&larr;</div></li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Define whether the ACL should be present or not.</div>
+                        <div>The <code>query</code> state gets the current ACL without changing it, for use in <code>register</code> operations.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>use_nfsv4_acls</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li><div style="color: blue"><b>no</b>&nbsp;&larr;</div></li>
+                                    <li>yes</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Use NFSv4 ACLs instead of POSIX ACLs.</div>
+                </td>
+            </tr>
+    </table>
+    <br/>
+
+
+Notes
+-----
+
+.. note::
+   - The ``acl`` module requires that ACLs are enabled on the target filesystem and that the ``setfacl`` and ``getfacl`` binaries are installed.
+   - As of Ansible 2.0, this module only supports Linux distributions.
+   - As of Ansible 2.3, the *name* option has been changed to *path* as default, but *name* still works as well.
+
+
+
+Examples
+--------
+
+.. code-block:: yaml
+
+    - name: Grant user Joe read access to a file
+      ansible.posix.acl:
+        path: /etc/foo.conf
+        entity: joe
+        etype: user
+        permissions: r
+        state: present
+
+    - name: Removes the ACL for Joe on a specific file
+      ansible.posix.acl:
+        path: /etc/foo.conf
+        entity: joe
+        etype: user
+        state: absent
+
+    - name: Sets default ACL for joe on /etc/foo.d/
+      ansible.posix.acl:
+        path: /etc/foo.d/
+        entity: joe
+        etype: user
+        permissions: rw
+        default: yes
+        state: present
+
+    - name: Same as previous but using entry shorthand
+      ansible.posix.acl:
+        path: /etc/foo.d/
+        entry: default:user:joe:rw-
+        state: present
+
+    - name: Obtain the ACL for a specific file
+      ansible.posix.acl:
+        path: /etc/foo.conf
+      register: acl_info
+
+
+
+Return Values
+-------------
+Common return values are documented `here <https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values>`_, the following are the fields unique to this module:
+
+.. raw:: html
+
+    <table border=0 cellpadding=0 class="documentation-table">
+        <tr>
+            <th colspan="1">Key</th>
+            <th>Returned</th>
+            <th width="100%">Description</th>
+        </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="return-"></div>
+                    <b>acl</b>
+                    <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
+                    <div style="font-size: small">
+                      <span style="color: purple">list</span>
+                    </div>
+                </td>
+                <td>success</td>
+                <td>
+                            <div>Current ACL on provided path (after changes, if any)</div>
+                    <br/>
+                        <div style="font-size: smaller"><b>Sample:</b></div>
+                        <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">[&#x27;user::rwx&#x27;, &#x27;group::rwx&#x27;, &#x27;other::rwx&#x27;]</div>
+                </td>
+            </tr>
+    </table>
+    <br/><br/>
+
+
+Status
+------
+
+
+Authors
+~~~~~~~
+
+- Brian Coca (@bcoca)
+- Jérémie Astori (@astorije)

docs/ansible.posix.at_module.rst

@@ -0,0 +1,186 @@
+.. _ansible.posix.at_module:
+
+
+****************
+ansible.posix.at
+****************
+
+**Schedule the execution of a command or script file via the at command**
+
+
+Version added: 1.0.0
+
+.. contents::
+   :local:
+   :depth: 1
+
+
+Synopsis
+--------
+- Use this module to schedule a command or script file to run once in the future.
+- All jobs are executed in the 'a' queue.
+
+
+
+Requirements
+------------
+The below requirements are needed on the host that executes this module.
+
+- at
+
+
+Parameters
+----------
+
+.. raw:: html
+
+    <table  border=0 cellpadding=0 class="documentation-table">
+        <tr>
+            <th colspan="1">Parameter</th>
+            <th>Choices/<font color="blue">Defaults</font></th>
+            <th width="100%">Comments</th>
+        </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>command</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>A command to be executed in the future.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>count</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">integer</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>The count of units in the future to execute the command or script file.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>script_file</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>An existing script file to be executed in the future.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>state</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li>absent</li>
+                                    <li><div style="color: blue"><b>present</b>&nbsp;&larr;</div></li>
+                        </ul>
+                </td>
+                <td>
+                        <div>The state dictates if the command or script file should be evaluated as present(added) or absent(deleted).</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>unique</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li><div style="color: blue"><b>no</b>&nbsp;&larr;</div></li>
+                                    <li>yes</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>If a matching job is present a new job will not be added.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>units</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li>minutes</li>
+                                    <li>hours</li>
+                                    <li>days</li>
+                                    <li>weeks</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>The type of units in the future to execute the command or script file.</div>
+                </td>
+            </tr>
+    </table>
+    <br/>
+
+
+
+
+Examples
+--------
+
+.. code-block:: yaml
+
+    - name: Schedule a command to execute in 20 minutes as root
+      ansible.posix.at:
+        command: ls -d / >/dev/null
+        count: 20
+        units: minutes
+
+    - name: Match a command to an existing job and delete the job
+      ansible.posix.at:
+        command: ls -d / >/dev/null
+        state: absent
+
+    - name: Schedule a command to execute in 20 minutes making sure it is unique in the queue
+      ansible.posix.at:
+        command: ls -d / >/dev/null
+        count: 20
+        units: minutes
+        unique: yes
+
+
+
+
+Status
+------
+
+
+Authors
+~~~~~~~
+
+- Richard Isaacson (@risaacson)

docs/ansible.posix.authorized_key_module.rst

@@ -0,0 +1,480 @@
+.. _ansible.posix.authorized_key_module:
+
+
+****************************
+ansible.posix.authorized_key
+****************************
+
+**Adds or removes an SSH authorized key**
+
+
+Version added: 1.0.0
+
+.. contents::
+   :local:
+   :depth: 1
+
+
+Synopsis
+--------
+- Adds or removes SSH authorized keys for particular user accounts.
+
+
+
+
+Parameters
+----------
+
+.. raw:: html
+
+    <table  border=0 cellpadding=0 class="documentation-table">
+        <tr>
+            <th colspan="1">Parameter</th>
+            <th>Choices/<font color="blue">Defaults</font></th>
+            <th width="100%">Comments</th>
+        </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>comment</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Change the comment on the public key.</div>
+                        <div>Rewriting the comment is useful in cases such as fetching it from GitHub or GitLab.</div>
+                        <div>If no comment is specified, the existing comment will be kept.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>exclusive</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li><div style="color: blue"><b>no</b>&nbsp;&larr;</div></li>
+                                    <li>yes</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Whether to remove all other non-specified keys from the authorized_keys file.</div>
+                        <div>Multiple keys can be specified in a single <code>key</code> string value by separating them by newlines.</div>
+                        <div>This option is not loop aware, so if you use <code>with_</code> , it will be exclusive per iteration of the loop.</div>
+                        <div>If you want multiple keys in the file you need to pass them all to <code>key</code> in a single batch as mentioned above.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>follow</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li><div style="color: blue"><b>no</b>&nbsp;&larr;</div></li>
+                                    <li>yes</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Follow path symlink instead of replacing it.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>key</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                         / <span style="color: red">required</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>The SSH public key(s), as a string or (since Ansible 1.9) url (https://github.com/username.keys).</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>key_options</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>A string of ssh key options to be prepended to the key in the authorized_keys file.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>manage_dir</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li>no</li>
+                                    <li><div style="color: blue"><b>yes</b>&nbsp;&larr;</div></li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Whether this module should manage the directory of the authorized key file.</div>
+                        <div>If set to <code>yes</code>, the module will create the directory, as well as set the owner and permissions of an existing directory.</div>
+                        <div>Be sure to set <code>manage_dir=no</code> if you are using an alternate directory for authorized_keys, as set with <code>path</code>, since you could lock yourself out of SSH access.</div>
+                        <div>See the example below.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>path</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">path</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Alternate path to the authorized_keys file.</div>
+                        <div>When unset, this value defaults to <em>~/.ssh/authorized_keys</em>.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>state</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li>absent</li>
+                                    <li><div style="color: blue"><b>present</b>&nbsp;&larr;</div></li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Whether the given key (with the given key_options) should or should not be in the file.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>user</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                         / <span style="color: red">required</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>The username on the remote host whose authorized_keys file will be modified.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>validate_certs</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li>no</li>
+                                    <li><div style="color: blue"><b>yes</b>&nbsp;&larr;</div></li>
+                        </ul>
+                </td>
+                <td>
+                        <div>This only applies if using a https url as the source of the keys.</div>
+                        <div>If set to <code>no</code>, the SSL certificates will not be validated.</div>
+                        <div>This should only set to <code>no</code> used on personally controlled sites using self-signed certificates as it avoids verifying the source site.</div>
+                        <div>Prior to 2.1 the code worked as if this was set to <code>yes</code>.</div>
+                </td>
+            </tr>
+    </table>
+    <br/>
+
+
+
+
+Examples
+--------
+
+.. code-block:: yaml
+
+    - name: Set authorized key taken from file
+      ansible.posix.authorized_key:
+        user: charlie
+        state: present
+        key: "{{ lookup('file', '/home/charlie/.ssh/id_rsa.pub') }}"
+
+    - name: Set authorized keys taken from url
+      ansible.posix.authorized_key:
+        user: charlie
+        state: present
+        key: https://github.com/charlie.keys
+
+    - name: Set authorized keys taken from url using lookup
+      ansible.posix.authorized_key:
+        user: charlie
+        state: present
+        key: "{{ lookup('url', 'https://github.com/charlie.keys', split_lines=False) }}"
+
+    - name: Set authorized key in alternate location
+      ansible.posix.authorized_key:
+        user: charlie
+        state: present
+        key: "{{ lookup('file', '/home/charlie/.ssh/id_rsa.pub') }}"
+        path: /etc/ssh/authorized_keys/charlie
+        manage_dir: False
+
+    - name: Set up multiple authorized keys
+      ansible.posix.authorized_key:
+        user: deploy
+        state: present
+        key: '{{ item }}'
+      with_file:
+        - public_keys/doe-jane
+        - public_keys/doe-john
+
+    - name: Set authorized key defining key options
+      ansible.posix.authorized_key:
+        user: charlie
+        state: present
+        key: "{{ lookup('file', '/home/charlie/.ssh/id_rsa.pub') }}"
+        key_options: 'no-port-forwarding,from="10.0.1.1"'
+
+    - name: Set authorized key without validating the TLS/SSL certificates
+      ansible.posix.authorized_key:
+        user: charlie
+        state: present
+        key: https://github.com/user.keys
+        validate_certs: False
+
+    - name: Set authorized key, removing all the authorized keys already set
+      ansible.posix.authorized_key:
+        user: root
+        key: "{{ lookup('file', 'public_keys/doe-jane') }}"
+        state: present
+        exclusive: True
+
+    - name: Set authorized key for user ubuntu copying it from current user
+      ansible.posix.authorized_key:
+        user: ubuntu
+        state: present
+        key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/id_rsa.pub') }}"
+
+
+
+Return Values
+-------------
+Common return values are documented `here <https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values>`_, the following are the fields unique to this module:
+
+.. raw:: html
+
+    <table border=0 cellpadding=0 class="documentation-table">
+        <tr>
+            <th colspan="1">Key</th>
+            <th>Returned</th>
+            <th width="100%">Description</th>
+        </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="return-"></div>
+                    <b>exclusive</b>
+                    <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
+                    <div style="font-size: small">
+                      <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>success</td>
+                <td>
+                            <div>If the key has been forced to be exclusive or not.</div>
+                    <br/>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="return-"></div>
+                    <b>key</b>
+                    <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
+                    <div style="font-size: small">
+                      <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>success</td>
+                <td>
+                            <div>The key that the module was running against.</div>
+                    <br/>
+                        <div style="font-size: smaller"><b>Sample:</b></div>
+                        <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">https://github.com/user.keys</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="return-"></div>
+                    <b>key_option</b>
+                    <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
+                    <div style="font-size: small">
+                      <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>success</td>
+                <td>
+                            <div>Key options related to the key.</div>
+                    <br/>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="return-"></div>
+                    <b>keyfile</b>
+                    <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
+                    <div style="font-size: small">
+                      <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>success</td>
+                <td>
+                            <div>Path for authorized key file.</div>
+                    <br/>
+                        <div style="font-size: smaller"><b>Sample:</b></div>
+                        <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">/home/user/.ssh/authorized_keys</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="return-"></div>
+                    <b>manage_dir</b>
+                    <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
+                    <div style="font-size: small">
+                      <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>success</td>
+                <td>
+                            <div>Whether this module managed the directory of the authorized key file.</div>
+                    <br/>
+                        <div style="font-size: smaller"><b>Sample:</b></div>
+                        <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">True</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="return-"></div>
+                    <b>path</b>
+                    <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
+                    <div style="font-size: small">
+                      <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>success</td>
+                <td>
+                            <div>Alternate path to the authorized_keys file</div>
+                    <br/>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="return-"></div>
+                    <b>state</b>
+                    <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
+                    <div style="font-size: small">
+                      <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>success</td>
+                <td>
+                            <div>Whether the given key (with the given key_options) should or should not be in the file</div>
+                    <br/>
+                        <div style="font-size: smaller"><b>Sample:</b></div>
+                        <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">present</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="return-"></div>
+                    <b>unique</b>
+                    <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
+                    <div style="font-size: small">
+                      <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>success</td>
+                <td>
+                            <div>Whether the key is unique</div>
+                    <br/>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="return-"></div>
+                    <b>user</b>
+                    <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
+                    <div style="font-size: small">
+                      <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>success</td>
+                <td>
+                            <div>The username on the remote host whose authorized_keys file will be modified</div>
+                    <br/>
+                        <div style="font-size: smaller"><b>Sample:</b></div>
+                        <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">user</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="return-"></div>
+                    <b>validate_certs</b>
+                    <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
+                    <div style="font-size: small">
+                      <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>success</td>
+                <td>
+                            <div>This only applies if using a https url as the source of the keys. If set to <code>no</code>, the SSL certificates will not be validated.</div>
+                    <br/>
+                        <div style="font-size: smaller"><b>Sample:</b></div>
+                        <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">True</div>
+                </td>
+            </tr>
+    </table>
+    <br/><br/>
+
+
+Status
+------
+
+
+Authors
+~~~~~~~
+
+- Ansible Core Team

docs/ansible.posix.firewalld_info_module.rst

@@ -0,0 +1,520 @@
+.. _ansible.posix.firewalld_info_module:
+
+
+****************************
+ansible.posix.firewalld_info
+****************************
+
+**Gather information about firewalld**
+
+
+
+.. contents::
+   :local:
+   :depth: 1
+
+
+Synopsis
+--------
+- This module gathers information about firewalld rules.
+
+
+
+Requirements
+------------
+The below requirements are needed on the host that executes this module.
+
+- firewalld >= 0.2.11
+- python-firewall
+- python-dbus
+
+
+Parameters
+----------
+
+.. raw:: html
+
+    <table  border=0 cellpadding=0 class="documentation-table">
+        <tr>
+            <th colspan="1">Parameter</th>
+            <th>Choices/<font color="blue">Defaults</font></th>
+            <th width="100%">Comments</th>
+        </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>active_zones</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li><div style="color: blue"><b>no</b>&nbsp;&larr;</div></li>
+                                    <li>yes</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Gather information about active zones.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>zones</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">list</span>
+                         / <span style="color: purple">elements=string</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Gather information about specific zones.</div>
+                        <div>If only works if <code>active_zones</code> is set to <code>false</code>.</div>
+                </td>
+            </tr>
+    </table>
+    <br/>
+
+
+
+
+Examples
+--------
+
+.. code-block:: yaml
+
+    - name: Gather information about active zones
+      ansible.posix.firewalld_info:
+        active_zones: yes
+
+    - name: Gather information about specific zones
+      ansible.posix.firewalld_info:
+        zones:
+          - public
+          - external
+          - internal
+
+
+
+Return Values
+-------------
+Common return values are documented `here <https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values>`_, the following are the fields unique to this module:
+
+.. raw:: html
+
+    <table border=0 cellpadding=0 class="documentation-table">
+        <tr>
+            <th colspan="4">Key</th>
+            <th>Returned</th>
+            <th width="100%">Description</th>
+        </tr>
+            <tr>
+                <td colspan="4">
+                    <div class="ansibleOptionAnchor" id="return-"></div>
+                    <b>active_zones</b>
+                    <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
+                    <div style="font-size: small">
+                      <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>success</td>
+                <td>
+                            <div>Gather active zones only if turn it <code>true</code>.</div>
+                    <br/>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="4">
+                    <div class="ansibleOptionAnchor" id="return-"></div>
+                    <b>collected_zones</b>
+                    <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
+                    <div style="font-size: small">
+                      <span style="color: purple">list</span>
+                    </div>
+                </td>
+                <td>success</td>
+                <td>
+                            <div>A list of collected zones.</div>
+                    <br/>
+                        <div style="font-size: smaller"><b>Sample:</b></div>
+                        <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">[&#x27;external&#x27;, &#x27;internal&#x27;]</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="4">
+                    <div class="ansibleOptionAnchor" id="return-"></div>
+                    <b>firewalld_info</b>
+                    <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
+                    <div style="font-size: small">
+                      <span style="color: purple">complex</span>
+                    </div>
+                </td>
+                <td>success</td>
+                <td>
+                            <div>Returns various information about firewalld configuration.</div>
+                    <br/>
+                </td>
+            </tr>
+                                <tr>
+                    <td class="elbow-placeholder">&nbsp;</td>
+                <td colspan="3">
+                    <div class="ansibleOptionAnchor" id="return-"></div>
+                    <b>default_zones</b>
+                    <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
+                    <div style="font-size: small">
+                      <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>success</td>
+                <td>
+                            <div>The zone name of default zone.</div>
+                    <br/>
+                        <div style="font-size: smaller"><b>Sample:</b></div>
+                        <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">public</div>
+                </td>
+            </tr>
+            <tr>
+                    <td class="elbow-placeholder">&nbsp;</td>
+                <td colspan="3">
+                    <div class="ansibleOptionAnchor" id="return-"></div>
+                    <b>version</b>
+                    <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
+                    <div style="font-size: small">
+                      <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>success</td>
+                <td>
+                            <div>The version information of firewalld.</div>
+                    <br/>
+                        <div style="font-size: smaller"><b>Sample:</b></div>
+                        <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">0.8.2</div>
+                </td>
+            </tr>
+            <tr>
+                    <td class="elbow-placeholder">&nbsp;</td>
+                <td colspan="3">
+                    <div class="ansibleOptionAnchor" id="return-"></div>
+                    <b>zones</b>
+                    <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
+                    <div style="font-size: small">
+                      <span style="color: purple">complex</span>
+                    </div>
+                </td>
+                <td>success</td>
+                <td>
+                            <div>A dict of zones to gather information.</div>
+                    <br/>
+                </td>
+            </tr>
+                                <tr>
+                    <td class="elbow-placeholder">&nbsp;</td>
+                    <td class="elbow-placeholder">&nbsp;</td>
+                <td colspan="2">
+                    <div class="ansibleOptionAnchor" id="return-"></div>
+                    <b>zone</b>
+                    <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
+                    <div style="font-size: small">
+                      <span style="color: purple">complex</span>
+                    </div>
+                </td>
+                <td>success</td>
+                <td>
+                            <div>The zone name registered in firewalld.</div>
+                    <br/>
+                        <div style="font-size: smaller"><b>Sample:</b></div>
+                        <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">external</div>
+                </td>
+            </tr>
+                                <tr>
+                    <td class="elbow-placeholder">&nbsp;</td>
+                    <td class="elbow-placeholder">&nbsp;</td>
+                    <td class="elbow-placeholder">&nbsp;</td>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="return-"></div>
+                    <b>forward</b>
+                    <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
+                    <div style="font-size: small">
+                      <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>success</td>
+                <td>
+                            <div>The network interface forwarding.</div>
+                            <div>This parameter supports on python-firewall 0.9.0(or later) and is not collected in earlier versions.</div>
+                    <br/>
+                </td>
+            </tr>
+            <tr>
+                    <td class="elbow-placeholder">&nbsp;</td>
+                    <td class="elbow-placeholder">&nbsp;</td>
+                    <td class="elbow-placeholder">&nbsp;</td>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="return-"></div>
+                    <b>forward_ports</b>
+                    <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
+                    <div style="font-size: small">
+                      <span style="color: purple">list</span>
+                    </div>
+                </td>
+                <td>success</td>
+                <td>
+                            <div>A list of forwarding port pair with protocol.</div>
+                    <br/>
+                        <div style="font-size: smaller"><b>Sample:</b></div>
+                        <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">[&#x27;icmp&#x27;, &#x27;ipv6-icmp&#x27;]</div>
+                </td>
+            </tr>
+            <tr>
+                    <td class="elbow-placeholder">&nbsp;</td>
+                    <td class="elbow-placeholder">&nbsp;</td>
+                    <td class="elbow-placeholder">&nbsp;</td>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="return-"></div>
+                    <b>icmp_block_inversion</b>
+                    <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
+                    <div style="font-size: small">
+                      <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>success</td>
+                <td>
+                            <div>The ICMP block inversion to block all ICMP requests.</div>
+                    <br/>
+                </td>
+            </tr>
+            <tr>
+                    <td class="elbow-placeholder">&nbsp;</td>
+                    <td class="elbow-placeholder">&nbsp;</td>
+                    <td class="elbow-placeholder">&nbsp;</td>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="return-"></div>
+                    <b>icmp_blocks</b>
+                    <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
+                    <div style="font-size: small">
+                      <span style="color: purple">list</span>
+                    </div>
+                </td>
+                <td>success</td>
+                <td>
+                            <div>A list of blocking icmp protocol.</div>
+                    <br/>
+                        <div style="font-size: smaller"><b>Sample:</b></div>
+                        <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">[&#x27;echo-request&#x27;]</div>
+                </td>
+            </tr>
+            <tr>
+                    <td class="elbow-placeholder">&nbsp;</td>
+                    <td class="elbow-placeholder">&nbsp;</td>
+                    <td class="elbow-placeholder">&nbsp;</td>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="return-"></div>
+                    <b>interfaces</b>
+                    <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
+                    <div style="font-size: small">
+                      <span style="color: purple">list</span>
+                    </div>
+                </td>
+                <td>success</td>
+                <td>
+                            <div>A list of network interfaces.</div>
+                    <br/>
+                        <div style="font-size: smaller"><b>Sample:</b></div>
+                        <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">[&#x27;eth0&#x27;, &#x27;eth1&#x27;]</div>
+                </td>
+            </tr>
+            <tr>
+                    <td class="elbow-placeholder">&nbsp;</td>
+                    <td class="elbow-placeholder">&nbsp;</td>
+                    <td class="elbow-placeholder">&nbsp;</td>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="return-"></div>
+                    <b>masquerade</b>
+                    <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
+                    <div style="font-size: small">
+                      <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>success</td>
+                <td>
+                            <div>The network interface masquerading.</div>
+                    <br/>
+                </td>
+            </tr>
+            <tr>
+                    <td class="elbow-placeholder">&nbsp;</td>
+                    <td class="elbow-placeholder">&nbsp;</td>
+                    <td class="elbow-placeholder">&nbsp;</td>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="return-"></div>
+                    <b>ports</b>
+                    <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
+                    <div style="font-size: small">
+                      <span style="color: purple">list</span>
+                    </div>
+                </td>
+                <td>success</td>
+                <td>
+                            <div>A list of network port with protocol.</div>
+                    <br/>
+                        <div style="font-size: smaller"><b>Sample:</b></div>
+                        <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">[[&#x27;22&#x27;, &#x27;tcp&#x27;], [&#x27;80&#x27;, &#x27;tcp&#x27;]]</div>
+                </td>
+            </tr>
+            <tr>
+                    <td class="elbow-placeholder">&nbsp;</td>
+                    <td class="elbow-placeholder">&nbsp;</td>
+                    <td class="elbow-placeholder">&nbsp;</td>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="return-"></div>
+                    <b>protocols</b>
+                    <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
+                    <div style="font-size: small">
+                      <span style="color: purple">list</span>
+                    </div>
+                </td>
+                <td>success</td>
+                <td>
+                            <div>A list of network protocol.</div>
+                    <br/>
+                        <div style="font-size: smaller"><b>Sample:</b></div>
+                        <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">[&#x27;icmp&#x27;, &#x27;ipv6-icmp&#x27;]</div>
+                </td>
+            </tr>
+            <tr>
+                    <td class="elbow-placeholder">&nbsp;</td>
+                    <td class="elbow-placeholder">&nbsp;</td>
+                    <td class="elbow-placeholder">&nbsp;</td>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="return-"></div>
+                    <b>rich_rules</b>
+                    <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
+                    <div style="font-size: small">
+                      <span style="color: purple">list</span>
+                    </div>
+                </td>
+                <td>success</td>
+                <td>
+                            <div>A list of rich language rule.</div>
+                    <br/>
+                        <div style="font-size: smaller"><b>Sample:</b></div>
+                        <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">[&#x27;rule protocol value=&quot;icmp&quot; reject&#x27;, &#x27;rule priority=&quot;32767&quot; reject&#x27;]</div>
+                </td>
+            </tr>
+            <tr>
+                    <td class="elbow-placeholder">&nbsp;</td>
+                    <td class="elbow-placeholder">&nbsp;</td>
+                    <td class="elbow-placeholder">&nbsp;</td>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="return-"></div>
+                    <b>services</b>
+                    <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
+                    <div style="font-size: small">
+                      <span style="color: purple">list</span>
+                    </div>
+                </td>
+                <td>success</td>
+                <td>
+                            <div>A list of network services.</div>
+                    <br/>
+                        <div style="font-size: smaller"><b>Sample:</b></div>
+                        <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">[&#x27;dhcp&#x27;, &#x27;dns&#x27;, &#x27;ssh&#x27;]</div>
+                </td>
+            </tr>
+            <tr>
+                    <td class="elbow-placeholder">&nbsp;</td>
+                    <td class="elbow-placeholder">&nbsp;</td>
+                    <td class="elbow-placeholder">&nbsp;</td>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="return-"></div>
+                    <b>source_ports</b>
+                    <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
+                    <div style="font-size: small">
+                      <span style="color: purple">list</span>
+                    </div>
+                </td>
+                <td>success</td>
+                <td>
+                            <div>A list of network source port with protocol.</div>
+                    <br/>
+                        <div style="font-size: smaller"><b>Sample:</b></div>
+                        <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">[[&#x27;30000&#x27;, &#x27;tcp&#x27;], [&#x27;30001&#x27;, &#x27;tcp&#x27;]]</div>
+                </td>
+            </tr>
+            <tr>
+                    <td class="elbow-placeholder">&nbsp;</td>
+                    <td class="elbow-placeholder">&nbsp;</td>
+                    <td class="elbow-placeholder">&nbsp;</td>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="return-"></div>
+                    <b>sources</b>
+                    <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
+                    <div style="font-size: small">
+                      <span style="color: purple">list</span>
+                    </div>
+                </td>
+                <td>success</td>
+                <td>
+                            <div>A list of source network address.</div>
+                    <br/>
+                        <div style="font-size: smaller"><b>Sample:</b></div>
+                        <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">[&#x27;172.16.30.0/24&#x27;, &#x27;172.16.31.0/24&#x27;]</div>
+                </td>
+            </tr>
+            <tr>
+                    <td class="elbow-placeholder">&nbsp;</td>
+                    <td class="elbow-placeholder">&nbsp;</td>
+                    <td class="elbow-placeholder">&nbsp;</td>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="return-"></div>
+                    <b>target</b>
+                    <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
+                    <div style="font-size: small">
+                      <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>success</td>
+                <td>
+                            <div>A list of services in the zone.</div>
+                    <br/>
+                        <div style="font-size: smaller"><b>Sample:</b></div>
+                        <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">ACCEPT</div>
+                </td>
+            </tr>
+
+
+
+            <tr>
+                <td colspan="4">
+                    <div class="ansibleOptionAnchor" id="return-"></div>
+                    <b>undefined_zones</b>
+                    <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
+                    <div style="font-size: small">
+                      <span style="color: purple">list</span>
+                    </div>
+                </td>
+                <td>success</td>
+                <td>
+                            <div>A list of undefined zones in <code>zones</code> option.</div>
+                            <div><code>undefined_zones</code> will be ignored for gathering process.</div>
+                    <br/>
+                        <div style="font-size: smaller"><b>Sample:</b></div>
+                        <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">[&#x27;foo&#x27;, &#x27;bar&#x27;]</div>
+                </td>
+            </tr>
+    </table>
+    <br/><br/>
+
+
+Status
+------
+
+
+Authors
+~~~~~~~
+
+- Hideki Saito (@saito-hideki)

docs/ansible.posix.firewalld_module.rst

@@ -0,0 +1,500 @@
+.. _ansible.posix.firewalld_module:
+
+
+***********************
+ansible.posix.firewalld
+***********************
+
+**Manage arbitrary ports/services with firewalld**
+
+
+
+.. contents::
+   :local:
+   :depth: 1
+
+
+Synopsis
+--------
+- This module allows for addition or deletion of services and ports (either TCP or UDP) in either running or permanent firewalld rules.
+
+
+
+Requirements
+------------
+The below requirements are needed on the host that executes this module.
+
+- firewalld >= 0.2.11
+- python-firewall >= 0.2.11
+
+
+Parameters
+----------
+
+.. raw:: html
+
+    <table  border=0 cellpadding=0 class="documentation-table">
+        <tr>
+            <th colspan="2">Parameter</th>
+            <th>Choices/<font color="blue">Defaults</font></th>
+            <th width="100%">Comments</th>
+        </tr>
+            <tr>
+                <td colspan="2">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>icmp_block</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>The ICMP block you would like to add/remove to/from a zone in firewalld.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="2">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>icmp_block_inversion</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Enable/Disable inversion of ICMP blocks for a zone in firewalld.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="2">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>immediate</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li><div style="color: blue"><b>no</b>&nbsp;&larr;</div></li>
+                                    <li>yes</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Should this configuration be applied immediately, if set as permanent.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="2">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>interface</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>The interface you would like to add/remove to/from a zone in firewalld.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="2">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>masquerade</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>The masquerade setting you would like to enable/disable to/from zones within firewalld.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="2">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>offline</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li>no</li>
+                                    <li>yes</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Whether to run this module even when firewalld is offline.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="2">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>permanent</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li>no</li>
+                                    <li>yes</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Should this configuration be in the running firewalld configuration or persist across reboots.</div>
+                        <div>As of Ansible 2.3, permanent operations can operate on firewalld configs when it is not running (requires firewalld &gt;= 0.3.9).</div>
+                        <div>Note that if this is <code>no</code>, immediate is assumed <code>yes</code>.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="2">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>port</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Name of a port or port range to add/remove to/from firewalld.</div>
+                        <div>Must be in the form PORT/PROTOCOL or PORT-PORT/PROTOCOL for port ranges.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="2">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>port_forward</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">list</span>
+                         / <span style="color: purple">elements=dictionary</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Port and protocol to forward using firewalld.</div>
+                </td>
+            </tr>
+                                <tr>
+                    <td class="elbow-placeholder"></td>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>port</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                         / <span style="color: red">required</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Source port to forward from</div>
+                </td>
+            </tr>
+            <tr>
+                    <td class="elbow-placeholder"></td>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>proto</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                         / <span style="color: red">required</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li>udp</li>
+                                    <li>tcp</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>protocol to forward</div>
+                </td>
+            </tr>
+            <tr>
+                    <td class="elbow-placeholder"></td>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>toaddr</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Optional address to forward to</div>
+                </td>
+            </tr>
+            <tr>
+                    <td class="elbow-placeholder"></td>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>toport</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                         / <span style="color: red">required</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>destination port</div>
+                </td>
+            </tr>
+
+            <tr>
+                <td colspan="2">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>rich_rule</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Rich rule to add/remove to/from firewalld.</div>
+                        <div>See <a href='https://firewalld.org/documentation/man-pages/firewalld.richlanguage.html'>Syntax for firewalld rich language rules</a>.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="2">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>service</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Name of a service to add/remove to/from firewalld.</div>
+                        <div>The service must be listed in output of firewall-cmd --get-services.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="2">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>source</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>The source/network you would like to add/remove to/from firewalld.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="2">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>state</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                         / <span style="color: red">required</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li>absent</li>
+                                    <li>disabled</li>
+                                    <li>enabled</li>
+                                    <li>present</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Enable or disable a setting.</div>
+                        <div>For ports: Should this port accept (enabled) or reject (disabled) connections.</div>
+                        <div>The states <code>present</code> and <code>absent</code> can only be used in zone level operations (i.e. when no other parameters but zone and state are set).</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="2">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>target</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                    <div style="font-style: italic; font-size: small; color: darkgreen">added in 1.2.0</div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li>default</li>
+                                    <li>ACCEPT</li>
+                                    <li>DROP</li>
+                                    <li>%%REJECT%%</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>firewalld Zone target</div>
+                        <div>If state is set to <code>absent</code>, this will reset the target to default</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="2">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>timeout</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">integer</span>
+                    </div>
+                </td>
+                <td>
+                        <b>Default:</b><br/><div style="color: blue">0</div>
+                </td>
+                <td>
+                        <div>The amount of time in seconds the rule should be in effect for when non-permanent.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="2">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>zone</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>The firewalld zone to add/remove to/from.</div>
+                        <div>Note that the default zone can be configured per system but <code>public</code> is default from upstream.</div>
+                        <div>Available choices can be extended based on per-system configs, listed here are &quot;out of the box&quot; defaults.</div>
+                        <div>Possible values include <code>block</code>, <code>dmz</code>, <code>drop</code>, <code>external</code>, <code>home</code>, <code>internal</code>, <code>public</code>, <code>trusted</code>, <code>work</code>.</div>
+                </td>
+            </tr>
+    </table>
+    <br/>
+
+
+Notes
+-----
+
+.. note::
+   - Not tested on any Debian based system.
+   - Requires the python2 bindings of firewalld, which may not be installed by default.
+   - For distributions where the python2 firewalld bindings are unavailable (e.g Fedora 28 and later) you will have to set the ansible_python_interpreter for these hosts to the python3 interpreter path and install the python3 bindings.
+   - Zone transactions (creating, deleting) can be performed by using only the zone and state parameters "present" or "absent". Note that zone transactions must explicitly be permanent. This is a limitation in firewalld. This also means that you will have to reload firewalld after adding a zone that you wish to perform immediate actions on. The module will not take care of this for you implicitly because that would undo any previously performed immediate actions which were not permanent. Therefore, if you require immediate access to a newly created zone it is recommended you reload firewalld immediately after the zone creation returns with a changed state and before you perform any other immediate, non-permanent actions on that zone.
+   - This module needs ``python-firewall`` or ``python3-firewall`` on managed nodes. It is usually provided as a subset with ``firewalld`` from the OS distributor for the OS default Python interpreter.
+
+
+
+Examples
+--------
+
+.. code-block:: yaml
+
+    - name: permit traffic in default zone for https service
+      ansible.posix.firewalld:
+        service: https
+        permanent: yes
+        state: enabled
+
+    - name: do not permit traffic in default zone on port 8081/tcp
+      ansible.posix.firewalld:
+        port: 8081/tcp
+        permanent: yes
+        state: disabled
+
+    - ansible.posix.firewalld:
+        port: 161-162/udp
+        permanent: yes
+        state: enabled
+
+    - ansible.posix.firewalld:
+        zone: dmz
+        service: http
+        permanent: yes
+        state: enabled
+
+    - ansible.posix.firewalld:
+        rich_rule: rule service name="ftp" audit limit value="1/m" accept
+        permanent: yes
+        state: enabled
+
+    - ansible.posix.firewalld:
+        source: 192.0.2.0/24
+        zone: internal
+        state: enabled
+
+    - ansible.posix.firewalld:
+        zone: trusted
+        interface: eth2
+        permanent: yes
+        state: enabled
+
+    - ansible.posix.firewalld:
+        masquerade: yes
+        state: enabled
+        permanent: yes
+        zone: dmz
+
+    - ansible.posix.firewalld:
+        zone: custom
+        state: present
+        permanent: yes
+
+    - ansible.posix.firewalld:
+        zone: drop
+        state: enabled
+        permanent: yes
+        icmp_block_inversion: yes
+
+    - ansible.posix.firewalld:
+        zone: drop
+        state: enabled
+        permanent: yes
+        icmp_block: echo-request
+
+    - ansible.posix.firewalld:
+        zone: internal
+        state: present
+        permanent: yes
+        target: ACCEPT
+
+    - name: Redirect port 443 to 8443 with Rich Rule
+      ansible.posix.firewalld:
+        rich_rule: rule family=ipv4 forward-port port=443 protocol=tcp to-port=8443
+        zone: public
+        permanent: yes
+        immediate: yes
+        state: enabled
+
+
+
+
+Status
+------
+
+
+Authors
+~~~~~~~
+
+- Adam Miller (@maxamillion)

docs/ansible.posix.mount_module.rst

@@ -0,0 +1,322 @@
+.. _ansible.posix.mount_module:
+
+
+*******************
+ansible.posix.mount
+*******************
+
+**Control active and configured mount points**
+
+
+Version added: 1.0.0
+
+.. contents::
+   :local:
+   :depth: 1
+
+
+Synopsis
+--------
+- This module controls active and configured mount points in ``/etc/fstab``.
+
+
+
+
+Parameters
+----------
+
+.. raw:: html
+
+    <table  border=0 cellpadding=0 class="documentation-table">
+        <tr>
+            <th colspan="1">Parameter</th>
+            <th>Choices/<font color="blue">Defaults</font></th>
+            <th width="100%">Comments</th>
+        </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>backup</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li><div style="color: blue"><b>no</b>&nbsp;&larr;</div></li>
+                                    <li>yes</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Create a backup file including the timestamp information so you can get the original file back if you somehow clobbered it incorrectly.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>boot</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li>no</li>
+                                    <li><div style="color: blue"><b>yes</b>&nbsp;&larr;</div></li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Determines if the filesystem should be mounted on boot.</div>
+                        <div>Only applies to Solaris and Linux systems.</div>
+                        <div>For Solaris systems, <code>true</code> will set <code>yes</code> as the value of mount at boot in <em>/etc/vfstab</em>.</div>
+                        <div>For Linux, FreeBSD, NetBSD and OpenBSD systems, <code>false</code> will add <code>noauto</code> to mount options in <em>/etc/fstab</em>.</div>
+                        <div>To avoid mount option conflicts, if <code>noauto</code> specified in <code>opts</code>, mount module will ignore <code>boot</code>.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>dump</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                        <b>Default:</b><br/><div style="color: blue">"0"</div>
+                </td>
+                <td>
+                        <div>Dump (see fstab(5)).</div>
+                        <div>Note that if set to <code>null</code> and <em>state</em> set to <code>present</code>, it will cease to work and duplicate entries will be made with subsequent runs.</div>
+                        <div>Has no effect on Solaris systems.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>fstab</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>File to use instead of <code>/etc/fstab</code>.</div>
+                        <div>You should not use this option unless you really know what you are doing.</div>
+                        <div>This might be useful if you need to configure mountpoints in a chroot environment.</div>
+                        <div>OpenBSD does not allow specifying alternate fstab files with mount so do not use this on OpenBSD with any state that operates on the live filesystem.</div>
+                        <div>This parameter defaults to /etc/fstab or /etc/vfstab on Solaris.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>fstype</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Filesystem type.</div>
+                        <div>Required when <em>state</em> is <code>present</code> or <code>mounted</code>.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>opts</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Mount options (see fstab(5), or vfstab(4) on Solaris).</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>passno</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                        <b>Default:</b><br/><div style="color: blue">"0"</div>
+                </td>
+                <td>
+                        <div>Passno (see fstab(5)).</div>
+                        <div>Note that if set to <code>null</code> and <em>state</em> set to <code>present</code>, it will cease to work and duplicate entries will be made with subsequent runs.</div>
+                        <div>Deprecated on Solaris systems.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>path</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">path</span>
+                         / <span style="color: red">required</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Path to the mount point (e.g. <code>/mnt/files</code>).</div>
+                        <div>Before Ansible 2.3 this option was only usable as <em>dest</em>, <em>destfile</em> and <em>name</em>.</div>
+                        <div style="font-size: small; color: darkgreen"><br/>aliases: name</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>src</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">path</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Device (or NFS volume, or something else) to be mounted on <em>path</em>.</div>
+                        <div>Required when <em>state</em> set to <code>present</code> or <code>mounted</code>.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>state</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                         / <span style="color: red">required</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li>absent</li>
+                                    <li>mounted</li>
+                                    <li>present</li>
+                                    <li>unmounted</li>
+                                    <li>remounted</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>If <code>mounted</code>, the device will be actively mounted and appropriately configured in <em>fstab</em>. If the mount point is not present, the mount point will be created.</div>
+                        <div>If <code>unmounted</code>, the device will be unmounted without changing <em>fstab</em>.</div>
+                        <div><code>present</code> only specifies that the device is to be configured in <em>fstab</em> and does not trigger or require a mount.</div>
+                        <div><code>absent</code> specifies that the device mount&#x27;s entry will be removed from <em>fstab</em> and will also unmount the device and remove the mount point.</div>
+                        <div><code>remounted</code> specifies that the device will be remounted for when you want to force a refresh on the mount itself (added in 2.9). This will always return changed=true. If <em>opts</em> is set, the options will be applied to the remount, but will not change <em>fstab</em>.  Additionally, if <em>opts</em> is set, and the remount command fails, the module will error to prevent unexpected mount changes.  Try using <code>mounted</code> instead to work around this issue.</div>
+                </td>
+            </tr>
+    </table>
+    <br/>
+
+
+Notes
+-----
+
+.. note::
+   - As of Ansible 2.3, the *name* option has been changed to *path* as default, but *name* still works as well.
+   - Using ``remounted`` with *opts* set may create unexpected results based on the existing options already defined on mount, so care should be taken to ensure that conflicting options are not present before hand.
+
+
+
+Examples
+--------
+
+.. code-block:: yaml
+
+    # Before 2.3, option 'name' was used instead of 'path'
+    - name: Mount DVD read-only
+      ansible.posix.mount:
+        path: /mnt/dvd
+        src: /dev/sr0
+        fstype: iso9660
+        opts: ro,noauto
+        state: present
+
+    - name: Mount up device by label
+      ansible.posix.mount:
+        path: /srv/disk
+        src: LABEL=SOME_LABEL
+        fstype: ext4
+        state: present
+
+    - name: Mount up device by UUID
+      ansible.posix.mount:
+        path: /home
+        src: UUID=b3e48f45-f933-4c8e-a700-22a159ec9077
+        fstype: xfs
+        opts: noatime
+        state: present
+
+    - name: Unmount a mounted volume
+      ansible.posix.mount:
+        path: /tmp/mnt-pnt
+        state: unmounted
+
+    - name: Remount a mounted volume
+      ansible.posix.mount:
+        path: /tmp/mnt-pnt
+        state: remounted
+
+    # The following will not save changes to fstab, and only be temporary until
+    # a reboot, or until calling "state: unmounted" followed by "state: mounted"
+    # on the same "path"
+    - name: Remount a mounted volume and append exec to the existing options
+      ansible.posix.mount:
+        path: /tmp
+        state: remounted
+        opts: exec
+
+    - name: Mount and bind a volume
+      ansible.posix.mount:
+        path: /system/new_volume/boot
+        src: /boot
+        opts: bind
+        state: mounted
+        fstype: none
+
+    - name: Mount an NFS volume
+      ansible.posix.mount:
+        src: 192.168.1.100:/nfs/ssd/shared_data
+        path: /mnt/shared_data
+        opts: rw,sync,hard
+        state: mounted
+        fstype: nfs
+
+    - name: Mount NFS volumes with noauto according to boot option
+      ansible.posix.mount:
+        src: 192.168.1.100:/nfs/ssd/shared_data
+        path: /mnt/shared_data
+        opts: rw,sync,hard
+        boot: no
+        state: mounted
+        fstype: nfs
+
+
+
+
+Status
+------
+
+
+Authors
+~~~~~~~
+
+- Ansible Core Team
+- Seth Vidal (@skvidal)

docs/ansible.posix.patch_module.rst

@@ -0,0 +1,245 @@
+.. _ansible.posix.patch_module:
+
+
+*******************
+ansible.posix.patch
+*******************
+
+**Apply patch files using the GNU patch tool**
+
+
+Version added: 1.0.0
+
+.. contents::
+   :local:
+   :depth: 1
+
+
+Synopsis
+--------
+- Apply patch files using the GNU patch tool.
+
+
+
+
+Parameters
+----------
+
+.. raw:: html
+
+    <table  border=0 cellpadding=0 class="documentation-table">
+        <tr>
+            <th colspan="1">Parameter</th>
+            <th>Choices/<font color="blue">Defaults</font></th>
+            <th width="100%">Comments</th>
+        </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>backup</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li><div style="color: blue"><b>no</b>&nbsp;&larr;</div></li>
+                                    <li>yes</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Passes <code>--backup --version-control=numbered</code> to patch, producing numbered backup copies.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>basedir</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">path</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Path of a base directory in which the patch file will be applied.</div>
+                        <div>May be omitted when <code>dest</code> option is specified, otherwise required.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>binary</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li><div style="color: blue"><b>no</b>&nbsp;&larr;</div></li>
+                                    <li>yes</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Setting to <code>yes</code> will disable patch&#x27;s heuristic for transforming CRLF line endings into LF.</div>
+                        <div>Line endings of src and dest must match.</div>
+                        <div>If set to <code>no</code>, <code>patch</code> will replace CRLF in <code>src</code> files on POSIX.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>dest</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">path</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Path of the file on the remote machine to be patched.</div>
+                        <div>The names of the files to be patched are usually taken from the patch file, but if there&#x27;s just one file to be patched it can specified with this option.</div>
+                        <div style="font-size: small; color: darkgreen"><br/>aliases: originalfile</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>ignore_whitespace</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li><div style="color: blue"><b>no</b>&nbsp;&larr;</div></li>
+                                    <li>yes</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Setting to <code>yes</code> will ignore white space changes between patch and input..</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>remote_src</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li><div style="color: blue"><b>no</b>&nbsp;&larr;</div></li>
+                                    <li>yes</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>If <code>no</code>, it will search for src at originating/controller machine, if <code>yes</code> it will go to the remote/target machine for the <code>src</code>.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>src</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">path</span>
+                         / <span style="color: red">required</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Path of the patch file as accepted by the GNU patch tool. If <code>remote_src</code> is &#x27;no&#x27;, the patch source file is looked up from the module&#x27;s <em>files</em> directory.</div>
+                        <div style="font-size: small; color: darkgreen"><br/>aliases: patchfile</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>state</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li>absent</li>
+                                    <li><div style="color: blue"><b>present</b>&nbsp;&larr;</div></li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Whether the patch should be applied or reverted.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>strip</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">integer</span>
+                    </div>
+                </td>
+                <td>
+                        <b>Default:</b><br/><div style="color: blue">0</div>
+                </td>
+                <td>
+                        <div>Number that indicates the smallest prefix containing leading slashes that will be stripped from each file name found in the patch file.</div>
+                        <div>For more information see the strip parameter of the GNU patch tool.</div>
+                </td>
+            </tr>
+    </table>
+    <br/>
+
+
+Notes
+-----
+
+.. note::
+   - This module requires GNU *patch* utility to be installed on the remote host.
+
+
+
+Examples
+--------
+
+.. code-block:: yaml
+
+    - name: Apply patch to one file
+      ansible.posix.patch:
+        src: /tmp/index.html.patch
+        dest: /var/www/index.html
+
+    - name: Apply patch to multiple files under basedir
+      ansible.posix.patch:
+        src: /tmp/customize.patch
+        basedir: /var/www
+        strip: 1
+
+    - name: Revert patch to one file
+      ansible.posix.patch:
+        src: /tmp/index.html.patch
+        dest: /var/www/index.html
+        state: absent
+
+
+
+
+Status
+------
+
+
+Authors
+~~~~~~~
+
+- Jakub Jirutka (@jirutka)
+- Luis Alberto Perez Lazaro (@luisperlaz)

docs/ansible.posix.seboolean_module.rst

@@ -0,0 +1,151 @@
+.. _ansible.posix.seboolean_module:
+
+
+***********************
+ansible.posix.seboolean
+***********************
+
+**Toggles SELinux booleans**
+
+
+Version added: 1.0.0
+
+.. contents::
+   :local:
+   :depth: 1
+
+
+Synopsis
+--------
+- Toggles SELinux booleans.
+
+
+
+Requirements
+------------
+The below requirements are needed on the host that executes this module.
+
+- libselinux-python
+- libsemanage-python
+- python3-libsemanage
+
+
+Parameters
+----------
+
+.. raw:: html
+
+    <table  border=0 cellpadding=0 class="documentation-table">
+        <tr>
+            <th colspan="1">Parameter</th>
+            <th>Choices/<font color="blue">Defaults</font></th>
+            <th width="100%">Comments</th>
+        </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>ignore_selinux_state</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li><div style="color: blue"><b>no</b>&nbsp;&larr;</div></li>
+                                    <li>yes</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Useful for scenarios (chrooted environment) that you can&#x27;t get the real SELinux state.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>name</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                         / <span style="color: red">required</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Name of the boolean to configure.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>persistent</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li><div style="color: blue"><b>no</b>&nbsp;&larr;</div></li>
+                                    <li>yes</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Set to <code>yes</code> if the boolean setting should survive a reboot.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>state</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                         / <span style="color: red">required</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li>no</li>
+                                    <li>yes</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Desired boolean value</div>
+                </td>
+            </tr>
+    </table>
+    <br/>
+
+
+Notes
+-----
+
+.. note::
+   - Not tested on any Debian based system.
+
+
+
+Examples
+--------
+
+.. code-block:: yaml
+
+    - name: Set httpd_can_network_connect flag on and keep it persistent across reboots
+      ansible.posix.seboolean:
+        name: httpd_can_network_connect
+        state: yes
+        persistent: yes
+
+
+
+
+Status
+------
+
+
+Authors
+~~~~~~~
+
+- Stephen Fromm (@sfromm)

docs/ansible.posix.selinux_module.rst

@@ -0,0 +1,253 @@
+.. _ansible.posix.selinux_module:
+
+
+*********************
+ansible.posix.selinux
+*********************
+
+**Change policy and state of SELinux**
+
+
+Version added: 1.0.0
+
+.. contents::
+   :local:
+   :depth: 1
+
+
+Synopsis
+--------
+- Configures the SELinux mode and policy.
+- A reboot may be required after usage.
+- Ansible will not issue this reboot but will let you know when it is required.
+
+
+
+Requirements
+------------
+The below requirements are needed on the host that executes this module.
+
+- libselinux-python
+
+
+Parameters
+----------
+
+.. raw:: html
+
+    <table  border=0 cellpadding=0 class="documentation-table">
+        <tr>
+            <th colspan="1">Parameter</th>
+            <th>Choices/<font color="blue">Defaults</font></th>
+            <th width="100%">Comments</th>
+        </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>configfile</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                        <b>Default:</b><br/><div style="color: blue">"/etc/selinux/config"</div>
+                </td>
+                <td>
+                        <div>The path to the SELinux configuration file, if non-standard.</div>
+                        <div style="font-size: small; color: darkgreen"><br/>aliases: conf, file</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>policy</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>The name of the SELinux policy to use (e.g. <code>targeted</code>) will be required if <em>state</em> is not <code>disabled</code>.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>state</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                         / <span style="color: red">required</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li>disabled</li>
+                                    <li>enforcing</li>
+                                    <li>permissive</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>The SELinux mode.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>update_kernel_param</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                    <div style="font-style: italic; font-size: small; color: darkgreen">added in 1.4.0</div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li><div style="color: blue"><b>no</b>&nbsp;&larr;</div></li>
+                                    <li>yes</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>If set to <em>true</em>, will update also the kernel boot parameters when disabling/enabling SELinux.</div>
+                        <div>The <code>grubby</code> tool must be present on the target system for this to work.</div>
+                </td>
+            </tr>
+    </table>
+    <br/>
+
+
+
+
+Examples
+--------
+
+.. code-block:: yaml
+
+    - name: Enable SELinux
+      ansible.posix.selinux:
+        policy: targeted
+        state: enforcing
+
+    - name: Put SELinux in permissive mode, logging actions that would be blocked.
+      ansible.posix.selinux:
+        policy: targeted
+        state: permissive
+
+    - name: Disable SELinux
+      ansible.posix.selinux:
+        state: disabled
+
+
+
+Return Values
+-------------
+Common return values are documented `here <https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values>`_, the following are the fields unique to this module:
+
+.. raw:: html
+
+    <table border=0 cellpadding=0 class="documentation-table">
+        <tr>
+            <th colspan="1">Key</th>
+            <th>Returned</th>
+            <th width="100%">Description</th>
+        </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="return-"></div>
+                    <b>configfile</b>
+                    <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
+                    <div style="font-size: small">
+                      <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>always</td>
+                <td>
+                            <div>Path to SELinux configuration file.</div>
+                    <br/>
+                        <div style="font-size: smaller"><b>Sample:</b></div>
+                        <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">/etc/selinux/config</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="return-"></div>
+                    <b>msg</b>
+                    <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
+                    <div style="font-size: small">
+                      <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>always</td>
+                <td>
+                            <div>Messages that describe changes that were made.</div>
+                    <br/>
+                        <div style="font-size: smaller"><b>Sample:</b></div>
+                        <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">Config SELinux state changed from &#x27;disabled&#x27; to &#x27;permissive&#x27;</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="return-"></div>
+                    <b>policy</b>
+                    <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
+                    <div style="font-size: small">
+                      <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>always</td>
+                <td>
+                            <div>Name of the SELinux policy.</div>
+                    <br/>
+                        <div style="font-size: smaller"><b>Sample:</b></div>
+                        <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">targeted</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="return-"></div>
+                    <b>reboot_required</b>
+                    <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
+                    <div style="font-size: small">
+                      <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>always</td>
+                <td>
+                            <div>Whether or not an reboot is required for the changes to take effect.</div>
+                    <br/>
+                        <div style="font-size: smaller"><b>Sample:</b></div>
+                        <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">True</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="return-"></div>
+                    <b>state</b>
+                    <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a>
+                    <div style="font-size: small">
+                      <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>always</td>
+                <td>
+                            <div>SELinux mode.</div>
+                    <br/>
+                        <div style="font-size: smaller"><b>Sample:</b></div>
+                        <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">enforcing</div>
+                </td>
+            </tr>
+    </table>
+    <br/><br/>
+
+
+Status
+------
+
+
+Authors
+~~~~~~~
+
+- Derek Carter (@goozbach) <goozbach@friocorte.com>

docs/ansible.posix.synchronize_module.rst

@@ -0,0 +1,744 @@
+.. _ansible.posix.synchronize_module:
+
+
+*************************
+ansible.posix.synchronize
+*************************
+
+**A wrapper around rsync to make common tasks in your playbooks quick and easy**
+
+
+Version added: 1.0.0
+
+.. contents::
+   :local:
+   :depth: 1
+
+
+Synopsis
+--------
+- ``synchronize`` is a wrapper around rsync to make common tasks in your playbooks quick and easy.
+- It is run and originates on the local host where Ansible is being run.
+- Of course, you could just use the ``command`` action to call rsync yourself, but you also have to add a fair number of boilerplate options and host facts.
+- This module is not intended to provide access to the full power of rsync, but does make the most common invocations easier to implement. You `still` may need to call rsync directly via ``command`` or ``shell`` depending on your use case.
+
+
+
+
+Parameters
+----------
+
+.. raw:: html
+
+    <table  border=0 cellpadding=0 class="documentation-table">
+        <tr>
+            <th colspan="1">Parameter</th>
+            <th>Choices/<font color="blue">Defaults</font></th>
+            <th width="100%">Comments</th>
+        </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>archive</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li>no</li>
+                                    <li><div style="color: blue"><b>yes</b>&nbsp;&larr;</div></li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Mirrors the rsync archive flag, enables recursive, links, perms, times, owner, group flags and -D.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>checksum</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li><div style="color: blue"><b>no</b>&nbsp;&larr;</div></li>
+                                    <li>yes</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Skip based on checksum, rather than mod-time &amp; size; Note that that &quot;archive&quot; option is still enabled by default - the &quot;checksum&quot; option will not disable it.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>compress</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li>no</li>
+                                    <li><div style="color: blue"><b>yes</b>&nbsp;&larr;</div></li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Compress file data during the transfer.</div>
+                        <div>In most cases, leave this enabled unless it causes problems.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>copy_links</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li><div style="color: blue"><b>no</b>&nbsp;&larr;</div></li>
+                                    <li>yes</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Copy symlinks as the item that they point to (the referent) is copied, rather than the symlink.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>delay_updates</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                    <div style="font-style: italic; font-size: small; color: darkgreen">added in 1.3.0</div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li>no</li>
+                                    <li><div style="color: blue"><b>yes</b>&nbsp;&larr;</div></li>
+                        </ul>
+                </td>
+                <td>
+                        <div>This option puts the temporary file from each updated file into a holding directory until the end of the transfer, at which time all the files are renamed into place in rapid succession.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>delete</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li><div style="color: blue"><b>no</b>&nbsp;&larr;</div></li>
+                                    <li>yes</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Delete files in <em>dest</em> that do not exist (after transfer, not before) in the <em>src</em> path.</div>
+                        <div>This option requires <em>recursive=yes</em>.</div>
+                        <div>This option ignores excluded files and behaves like the rsync opt <code>--delete-after</code>.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>dest</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                         / <span style="color: red">required</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Path on the destination host that will be synchronized from the source.</div>
+                        <div>The path can be absolute or relative.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>dest_port</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">integer</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Port number for ssh on the destination host.</div>
+                        <div>Prior to Ansible 2.0, the ansible_ssh_port inventory var took precedence over this value.</div>
+                        <div>This parameter defaults to the value of <code>ansible_port</code>, the <code>remote_port</code> config setting or the value from ssh client configuration if none of the former have been set.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>dirs</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li><div style="color: blue"><b>no</b>&nbsp;&larr;</div></li>
+                                    <li>yes</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Transfer directories without recursing.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>existing_only</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li><div style="color: blue"><b>no</b>&nbsp;&larr;</div></li>
+                                    <li>yes</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Skip creating new files on receiver.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>group</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li>no</li>
+                                    <li>yes</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Preserve group.</div>
+                        <div>This parameter defaults to the value of the archive option.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>link_dest</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">list</span>
+                         / <span style="color: purple">elements=string</span>
+                    </div>
+                </td>
+                <td>
+                        <b>Default:</b><br/><div style="color: blue">null</div>
+                </td>
+                <td>
+                        <div>Add a destination to hard link against during the rsync.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>links</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li>no</li>
+                                    <li>yes</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Copy symlinks as symlinks.</div>
+                        <div>This parameter defaults to the value of the archive option.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>mode</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li>pull</li>
+                                    <li><div style="color: blue"><b>push</b>&nbsp;&larr;</div></li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Specify the direction of the synchronization.</div>
+                        <div>In push mode the localhost or delegate is the source.</div>
+                        <div>In pull mode the remote host in context is the source.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>owner</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li>no</li>
+                                    <li>yes</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Preserve owner (super user only).</div>
+                        <div>This parameter defaults to the value of the archive option.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>partial</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li><div style="color: blue"><b>no</b>&nbsp;&larr;</div></li>
+                                    <li>yes</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Tells rsync to keep the partial file which should make a subsequent transfer of the rest of the file much faster.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>perms</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li>no</li>
+                                    <li>yes</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Preserve permissions.</div>
+                        <div>This parameter defaults to the value of the archive option.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>private_key</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">path</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Specify the private key to use for SSH-based rsync connections (e.g. <code>~/.ssh/id_rsa</code>).</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>recursive</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li>no</li>
+                                    <li>yes</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Recurse into directories.</div>
+                        <div>This parameter defaults to the value of the archive option.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>rsync_opts</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">list</span>
+                         / <span style="color: purple">elements=string</span>
+                    </div>
+                </td>
+                <td>
+                        <b>Default:</b><br/><div style="color: blue">null</div>
+                </td>
+                <td>
+                        <div>Specify additional rsync options by passing in an array.</div>
+                        <div>Note that an empty string in <code>rsync_opts</code> will end up transfer the current working directory.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>rsync_path</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Specify the rsync command to run on the remote host. See <code>--rsync-path</code> on the rsync man page.</div>
+                        <div>To specify the rsync command to run on the local host, you need to set this your task var <code>ansible_rsync_path</code>.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>rsync_timeout</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">integer</span>
+                    </div>
+                </td>
+                <td>
+                        <b>Default:</b><br/><div style="color: blue">0</div>
+                </td>
+                <td>
+                        <div>Specify a <code>--timeout</code> for the rsync command in seconds.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>set_remote_user</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li>no</li>
+                                    <li><div style="color: blue"><b>yes</b>&nbsp;&larr;</div></li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Put user@ for the remote paths.</div>
+                        <div>If you have a custom ssh config to define the remote user for a host that does not match the inventory user, you should set this parameter to <code>no</code>.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>src</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                         / <span style="color: red">required</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Path on the source host that will be synchronized to the destination.</div>
+                        <div>The path can be absolute or relative.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>ssh_connection_multiplexing</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li><div style="color: blue"><b>no</b>&nbsp;&larr;</div></li>
+                                    <li>yes</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>SSH connection multiplexing for rsync is disabled by default to prevent misconfigured ControlSockets from resulting in failed SSH connections. This is accomplished by setting the SSH <code>ControlSocket</code> to <code>none</code>.</div>
+                        <div>Set this option to <code>yes</code> to allow multiplexing and reduce SSH connection overhead.</div>
+                        <div>Note that simply setting this option to <code>yes</code> is not enough; You must also configure SSH connection multiplexing in your SSH client config by setting values for <code>ControlMaster</code>, <code>ControlPersist</code> and <code>ControlPath</code>.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>times</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li>no</li>
+                                    <li>yes</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Preserve modification times.</div>
+                        <div>This parameter defaults to the value of the archive option.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>use_ssh_args</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li><div style="color: blue"><b>no</b>&nbsp;&larr;</div></li>
+                                    <li>yes</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>In Ansible 2.10 and lower, it uses the ssh_args specified in <code>ansible.cfg</code>.</div>
+                        <div>In Ansible 2.11 and onwards, when set to <code>true</code>, it uses all SSH connection configurations like <code>ansible_ssh_args</code>, <code>ansible_ssh_common_args</code>, and <code>ansible_ssh_extra_args</code>.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>verify_host</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li><div style="color: blue"><b>no</b>&nbsp;&larr;</div></li>
+                                    <li>yes</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Verify destination host key.</div>
+                </td>
+            </tr>
+    </table>
+    <br/>
+
+
+Notes
+-----
+
+.. note::
+   - rsync must be installed on both the local and remote host.
+   - For the ``synchronize`` module, the "local host" is the host `the synchronize task originates on`, and the "destination host" is the host `synchronize is connecting to`.
+   - The "local host" can be changed to a different host by using `delegate_to`.  This enables copying between two remote hosts or entirely on one remote machine.
+   - The user and permissions for the synchronize `src` are those of the user running the Ansible task on the local host (or the remote_user for a delegate_to host when delegate_to is used).
+
+   - The user and permissions for the synchronize `dest` are those of the `remote_user` on the destination host or the `become_user` if `become=yes` is active.
+   - In Ansible 2.0 a bug in the synchronize module made become occur on the "local host".  This was fixed in Ansible 2.0.1.
+   - Currently, synchronize is limited to elevating permissions via passwordless sudo.  This is because rsync itself is connecting to the remote machine and rsync doesn't give us a way to pass sudo credentials in.
+   - Currently there are only a few connection types which support synchronize (ssh, paramiko, local, and docker) because a sync strategy has been determined for those connection types.  Note that the connection for these must not need a password as rsync itself is making the connection and rsync does not provide us a way to pass a password to the connection.
+   - Expect that dest=~/x will be ~<remote_user>/x even if using sudo.
+   - Inspect the verbose output to validate the destination user/host/path are what was expected.
+   - To exclude files and directories from being synchronized, you may add ``.rsync-filter`` files to the source directory.
+   - rsync daemon must be up and running with correct permission when using rsync protocol in source or destination path.
+   - The ``synchronize`` module enables `--delay-updates` by default to avoid leaving a destination in a broken in-between state if the underlying rsync process encounters an error. Those synchronizing large numbers of files that are willing to trade safety for performance should disable this option.
+   - link_destination is subject to the same limitations as the underlying rsync daemon. Hard links are only preserved if the relative subtrees of the source and destination are the same. Attempts to hardlink into a directory that is a subdirectory of the source will be prevented.
+
+
+See Also
+--------
+
+.. seealso::
+
+   :ref:`copy_module`
+      The official documentation on the **copy** module.
+   :ref:`community.windows.win_robocopy_module`
+      The official documentation on the **community.windows.win_robocopy** module.
+
+
+Examples
+--------
+
+.. code-block:: yaml
+
+    - name: Synchronization of src on the control machine to dest on the remote hosts
+      ansible.posix.synchronize:
+        src: some/relative/path
+        dest: /some/absolute/path
+
+    - name: Synchronization using rsync protocol (push)
+      ansible.posix.synchronize:
+        src: some/relative/path/
+        dest: rsync://somehost.com/path/
+
+    - name: Synchronization using rsync protocol (pull)
+      ansible.posix.synchronize:
+        mode: pull
+        src: rsync://somehost.com/path/
+        dest: /some/absolute/path/
+
+    - name:  Synchronization using rsync protocol on delegate host (push)
+      ansible.posix.synchronize:
+        src: /some/absolute/path/
+        dest: rsync://somehost.com/path/
+      delegate_to: delegate.host
+
+    - name: Synchronization using rsync protocol on delegate host (pull)
+      ansible.posix.synchronize:
+        mode: pull
+        src: rsync://somehost.com/path/
+        dest: /some/absolute/path/
+      delegate_to: delegate.host
+
+    - name: Synchronization without any --archive options enabled
+      ansible.posix.synchronize:
+        src: some/relative/path
+        dest: /some/absolute/path
+        archive: no
+
+    - name: Synchronization with --archive options enabled except for --recursive
+      ansible.posix.synchronize:
+        src: some/relative/path
+        dest: /some/absolute/path
+        recursive: no
+
+    - name: Synchronization with --archive options enabled except for --times, with --checksum option enabled
+      ansible.posix.synchronize:
+        src: some/relative/path
+        dest: /some/absolute/path
+        checksum: yes
+        times: no
+
+    - name: Synchronization without --archive options enabled except use --links
+      ansible.posix.synchronize:
+        src: some/relative/path
+        dest: /some/absolute/path
+        archive: no
+        links: yes
+
+    - name: Synchronization of two paths both on the control machine
+      ansible.posix.synchronize:
+        src: some/relative/path
+        dest: /some/absolute/path
+      delegate_to: localhost
+
+    - name: Synchronization of src on the inventory host to the dest on the localhost in pull mode
+      ansible.posix.synchronize:
+        mode: pull
+        src: some/relative/path
+        dest: /some/absolute/path
+
+    - name: Synchronization of src on delegate host to dest on the current inventory host.
+      ansible.posix.synchronize:
+        src: /first/absolute/path
+        dest: /second/absolute/path
+      delegate_to: delegate.host
+
+    - name: Synchronize two directories on one remote host.
+      ansible.posix.synchronize:
+        src: /first/absolute/path
+        dest: /second/absolute/path
+      delegate_to: "{{ inventory_hostname }}"
+
+    - name: Synchronize and delete files in dest on the remote host that are not found in src of localhost.
+      ansible.posix.synchronize:
+        src: some/relative/path
+        dest: /some/absolute/path
+        delete: yes
+        recursive: yes
+
+    # This specific command is granted su privileges on the destination
+    - name: Synchronize using an alternate rsync command
+      ansible.posix.synchronize:
+        src: some/relative/path
+        dest: /some/absolute/path
+        rsync_path: su -c rsync
+
+    # Example .rsync-filter file in the source directory
+    # - var       # exclude any path whose last part is 'var'
+    # - /var      # exclude any path starting with 'var' starting at the source directory
+    # + /var/conf # include /var/conf even though it was previously excluded
+
+    - name: Synchronize passing in extra rsync options
+      ansible.posix.synchronize:
+        src: /tmp/helloworld
+        dest: /var/www/helloworld
+        rsync_opts:
+          - "--no-motd"
+          - "--exclude=.git"
+
+    # Hardlink files if they didn't change
+    - name: Use hardlinks when synchronizing filesystems
+      ansible.posix.synchronize:
+        src: /tmp/path_a/foo.txt
+        dest: /tmp/path_b/foo.txt
+        link_dest: /tmp/path_a/
+
+    # Specify the rsync binary to use on remote host and on local host
+    - hosts: groupofhosts
+      vars:
+        ansible_rsync_path: /usr/gnu/bin/rsync
+
+      tasks:
+        - name: copy /tmp/localpath/ to remote location /tmp/remotepath
+          ansible.posix.synchronize:
+            src: /tmp/localpath/
+            dest: /tmp/remotepath
+            rsync_path: /usr/gnu/bin/rsync
+
+
+
+
+Status
+------
+
+
+Authors
+~~~~~~~
+
+- Timothy Appnel (@tima)

docs/ansible.posix.sysctl_module.rst

@@ -0,0 +1,215 @@
+.. _ansible.posix.sysctl_module:
+
+
+********************
+ansible.posix.sysctl
+********************
+
+**Manage entries in sysctl.conf.**
+
+
+Version added: 1.0.0
+
+.. contents::
+   :local:
+   :depth: 1
+
+
+Synopsis
+--------
+- This module manipulates sysctl entries and optionally performs a ``/sbin/sysctl -p`` after changing them.
+
+
+
+
+Parameters
+----------
+
+.. raw:: html
+
+    <table  border=0 cellpadding=0 class="documentation-table">
+        <tr>
+            <th colspan="1">Parameter</th>
+            <th>Choices/<font color="blue">Defaults</font></th>
+            <th width="100%">Comments</th>
+        </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>ignoreerrors</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li><div style="color: blue"><b>no</b>&nbsp;&larr;</div></li>
+                                    <li>yes</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Use this option to ignore errors about unknown keys.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>name</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                         / <span style="color: red">required</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>The dot-separated path (also known as <em>key</em>) specifying the sysctl variable.</div>
+                        <div style="font-size: small; color: darkgreen"><br/>aliases: key</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>reload</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li>no</li>
+                                    <li><div style="color: blue"><b>yes</b>&nbsp;&larr;</div></li>
+                        </ul>
+                </td>
+                <td>
+                        <div>If <code>yes</code>, performs a <em>/sbin/sysctl -p</em> if the <code>sysctl_file</code> is updated. If <code>no</code>, does not reload <em>sysctl</em> even if the <code>sysctl_file</code> is updated.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>state</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li><div style="color: blue"><b>present</b>&nbsp;&larr;</div></li>
+                                    <li>absent</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Whether the entry should be present or absent in the sysctl file.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>sysctl_file</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">path</span>
+                    </div>
+                </td>
+                <td>
+                        <b>Default:</b><br/><div style="color: blue">"/etc/sysctl.conf"</div>
+                </td>
+                <td>
+                        <div>Specifies the absolute path to <code>sysctl.conf</code>, if not <code>/etc/sysctl.conf</code>.</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>sysctl_set</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">boolean</span>
+                    </div>
+                </td>
+                <td>
+                        <ul style="margin: 0; padding: 0"><b>Choices:</b>
+                                    <li><div style="color: blue"><b>no</b>&nbsp;&larr;</div></li>
+                                    <li>yes</li>
+                        </ul>
+                </td>
+                <td>
+                        <div>Verify token value with the sysctl command and set with -w if necessary</div>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="1">
+                    <div class="ansibleOptionAnchor" id="parameter-"></div>
+                    <b>value</b>
+                    <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
+                    <div style="font-size: small">
+                        <span style="color: purple">string</span>
+                    </div>
+                </td>
+                <td>
+                </td>
+                <td>
+                        <div>Desired value of the sysctl key.</div>
+                        <div style="font-size: small; color: darkgreen"><br/>aliases: val</div>
+                </td>
+            </tr>
+    </table>
+    <br/>
+
+
+
+
+Examples
+--------
+
+.. code-block:: yaml
+
+    # Set vm.swappiness to 5 in /etc/sysctl.conf
+    - ansible.posix.sysctl:
+        name: vm.swappiness
+        value: '5'
+        state: present
+
+    # Remove kernel.panic entry from /etc/sysctl.conf
+    - ansible.posix.sysctl:
+        name: kernel.panic
+        state: absent
+        sysctl_file: /etc/sysctl.conf
+
+    # Set kernel.panic to 3 in /tmp/test_sysctl.conf
+    - ansible.posix.sysctl:
+        name: kernel.panic
+        value: '3'
+        sysctl_file: /tmp/test_sysctl.conf
+        reload: no
+
+    # Set ip forwarding on in /proc and verify token value with the sysctl command
+    - ansible.posix.sysctl:
+        name: net.ipv4.ip_forward
+        value: '1'
+        sysctl_set: yes
+
+    # Set ip forwarding on in /proc and in the sysctl file and reload if necessary
+    - ansible.posix.sysctl:
+        name: net.ipv4.ip_forward
+        value: '1'
+        sysctl_set: yes
+        state: present
+        reload: yes
+
+
+
+
+Status
+------
+
+
+Authors
+~~~~~~~
+
+- David CHANIAL (@davixx)

galaxy.yml

@@ -1,15 +1,14 @@
 namespace: ansible
 name: posix
-version: 0.1.1
+version: 1.4.0
 readme: README.md
 authors:
   - Ansible (github.com/ansible)
-description: null
-license: GPL-3.0-or-later
+description: Ansible Collection targeting POSIX and POSIX-ish platforms.
 license_file: COPYING
-tags: null
+tags: [posix, networking, shell, unix]
 dependencies: {}
 repository: https://github.com/ansible-collections/ansible.posix
-documentation: https://github.com/ansible-collections/ansible.posix/tree/master/docs
+documentation: https://github.com/ansible-collections/ansible.posix/tree/main/docs
 homepage: https://github.com/ansible-collections/ansible.posix
 issues: https://github.com/ansible-collections/ansible.posix

hacking/cgroup_perf_recap_graph.py

@@ -0,0 +1,130 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+# (c) 2018, Matt Martz <matt@sivel.net>
+#
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+
+# Make coding more python3-ish
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import argparse
+import csv
+
+from collections import namedtuple
+
+try:
+    import matplotlib
+    matplotlib.use("Agg")
+    import matplotlib.pyplot as plt
+    import matplotlib.dates as mdates
+except ImportError:
+    raise SystemExit('matplotlib is required for this script to work')
+
+
+Data = namedtuple('Data', ['axis_name', 'dates', 'names', 'values'])
+
+
+def task_start_ticks(dates, names):
+    item = None
+    ret = []
+    for i, name in enumerate(names):
+        if name == item:
+            continue
+        item = name
+        ret.append((dates[i], name))
+    return ret
+
+
+def create_axis_data(filename, relative=False):
+    x_base = None if relative else 0
+
+    axis_name, dummy = os.path.splitext(os.path.basename(filename))
+
+    dates = []
+    names = []
+    values = []
+    with open(filename) as f:
+        reader = csv.reader(f)
+        for row in reader:
+            if x_base is None:
+                x_base = float(row[0])
+            dates.append(mdates.epoch2num(float(row[0]) - x_base))
+            names.append(row[1])
+            values.append(float(row[3]))
+
+    return Data(axis_name, dates, names, values)
+
+
+def create_graph(data1, data2, width=11.0, height=8.0, filename='out.png', title=None):
+    fig, ax1 = plt.subplots(figsize=(width, height), dpi=300)
+
+    task_ticks = task_start_ticks(data1.dates, data1.names)
+
+    ax1.grid(linestyle='dashed', color='lightgray')
+    ax1.xaxis.set_major_formatter(mdates.DateFormatter('%X'))
+    ax1.plot(data1.dates, data1.values, 'b-')
+    if title:
+        ax1.set_title(title)
+    ax1.set_xlabel('Time')
+    ax1.set_ylabel(data1.axis_name, color='b')
+    for item in ax1.get_xticklabels():
+        item.set_rotation(60)
+
+    ax2 = ax1.twiny()
+    ax2.set_xticks([x[0] for x in task_ticks])
+    ax2.set_xticklabels([x[1] for x in task_ticks])
+    ax2.grid(axis='x', linestyle='dashed', color='lightgray')
+    ax2.xaxis.set_ticks_position('bottom')
+    ax2.xaxis.set_label_position('bottom')
+    ax2.spines['bottom'].set_position(('outward', 86))
+    ax2.set_xlabel('Task')
+    ax2.set_xlim(ax1.get_xlim())
+    for item in ax2.get_xticklabels():
+        item.set_rotation(60)
+
+    ax3 = ax1.twinx()
+    ax3.plot(data2.dates, data2.values, 'g-')
+    ax3.set_ylabel(data2.axis_name, color='g')
+    fig.tight_layout()
+    fig.savefig(filename, format='png')
+
+
+def parse_args():
+    parser = argparse.ArgumentParser()
+    parser.add_argument('files', nargs=2, help='2 CSV files produced by cgroup_perf_recap to graph together')
+    parser.add_argument('--relative', default=False, action='store_true',
+                        help='Use relative dates instead of absolute')
+    parser.add_argument('--output', default='out.png', help='output path of PNG file: Default %s(default)s')
+    parser.add_argument('--width', type=float, default=11.0,
+                        help='Width of output image in inches. Default %(default)s')
+    parser.add_argument('--height', type=float, default=8.0,
+                        help='Height of output image in inches. Default %(default)s')
+    parser.add_argument('--title', help='Title for graph')
+    return parser.parse_args()
+
+
+def main():
+    args = parse_args()
+    data1 = create_axis_data(args.files[0], relative=args.relative)
+    data2 = create_axis_data(args.files[1], relative=args.relative)
+    create_graph(data1, data2, width=args.width, height=args.height, filename=args.output, title=args.title)
+    print('Graph written to %s' % os.path.abspath(args.output))
+
+
+if __name__ == '__main__':
+    main()

meta/runtime.yml

@@ -0,0 +1,8 @@
+---
+requires_ansible: '>=2.9'
+plugin_routing:
+  callback:
+    skippy:
+      deprecation:
+        removal_date: '2022-06-01'
+        warning_text: See the plugin documentation for more details

plugins/action/patch.py

@@ -64,7 +64,7 @@ class ActionModule(ActionBase):
                 )
             )
 
-            result.update(self._execute_module('patch', module_args=new_module_args, task_vars=task_vars))
+            result.update(self._execute_module('ansible.posix.patch', module_args=new_module_args, task_vars=task_vars))
         except AnsibleAction as e:
             result.update(e.result)
         finally:

plugins/action/synchronize.py

@@ -21,6 +21,7 @@ import os.path
 
 from ansible import constants as C
 from ansible.module_utils.six import string_types
+from ansible.module_utils.six.moves import shlex_quote
 from ansible.module_utils._text import to_text
 from ansible.module_utils.common._collections_compat import MutableSequence
 from ansible.module_utils.parsing.convert_bool import boolean
@@ -28,12 +29,23 @@ from ansible.plugins.action import ActionBase
 from ansible.plugins.loader import connection_loader
 
 
+DOCKER = ['docker', 'community.general.docker', 'community.docker.docker']
+PODMAN = ['podman', 'ansible.builtin.podman', 'containers.podman.podman']
+BUILDAH = ['buildah', 'containers.podman.buildah']
+
+
 class ActionModule(ActionBase):
 
     def _get_absolute_path(self, path):
         original_path = path
 
-        if path.startswith('rsync://'):
+        #
+        # Check if we have a local relative path and do not process
+        # * remote paths (some.server.domain:/some/remote/path/...)
+        # * URLs (rsync://...)
+        # * local absolute paths (/some/local/path/...)
+        #
+        if ':' in path or path.startswith('/'):
             return path
 
         if self._task._role is not None:
@@ -60,21 +72,19 @@ class ActionModule(ActionBase):
             return path
 
         # If using docker or buildah, do not add user information
-        if self._remote_transport not in ['docker', 'buildah'] and user:
+        if self._remote_transport not in DOCKER + PODMAN + BUILDAH and user:
             user_prefix = '%s@' % (user, )
 
         if self._host_is_ipv6_address(host):
             return '[%s%s]:%s' % (user_prefix, host, path)
-        else:
-            return '%s%s:%s' % (user_prefix, host, path)
+        return '%s%s:%s' % (user_prefix, host, path)
 
     def _process_origin(self, host, path, user):
 
         if host not in C.LOCALHOST:
             return self._format_rsync_rsh_target(host, path, user)
 
-        if ':' not in path and not path.startswith('/'):
-            path = self._get_absolute_path(path=path)
+        path = self._get_absolute_path(path=path)
         return path
 
     def _process_remote(self, task_args, host, path, user, port_matches_localhost_port):
@@ -103,8 +113,7 @@ class ActionModule(ActionBase):
                 task_args['_substitute_controller'] = True
             return self._format_rsync_rsh_target(host, path, user)
 
-        if ':' not in path and not path.startswith('/'):
-            path = self._get_absolute_path(path=path)
+        path = self._get_absolute_path(path=path)
         return path
 
     def _override_module_replaced_vars(self, task_vars):
@@ -168,12 +177,25 @@ class ActionModule(ActionBase):
 
         # Store remote connection type
         self._remote_transport = self._connection.transport
+        use_ssh_args = _tmp_args.pop('use_ssh_args', None)
+
+        if use_ssh_args and self._connection.transport == 'ssh':
+            ssh_args = [
+                self._connection.get_option('ssh_args'),
+                self._connection.get_option('ssh_common_args'),
+                self._connection.get_option('ssh_extra_args'),
+            ]
+            _tmp_args['ssh_args'] = ' '.join([a for a in ssh_args if a])
 
         # Handle docker connection options
-        if self._remote_transport == 'docker':
+        if self._remote_transport in DOCKER:
             self._docker_cmd = self._connection.docker_cmd
             if self._play_context.docker_extra_args:
                 self._docker_cmd = "%s %s" % (self._docker_cmd, self._play_context.docker_extra_args)
+        elif self._remote_transport in PODMAN:
+            self._docker_cmd = self._connection._options['podman_executable']
+            if self._connection._options.get('podman_extra_args'):
+                self._docker_cmd = "%s %s" % (self._docker_cmd, self._connection._options['podman_extra_args'])
 
         # self._connection accounts for delegate_to so
         # remote_transport is the transport ansible thought it would need
@@ -191,8 +213,8 @@ class ActionModule(ActionBase):
 
         # ssh paramiko docker buildah and local are fully supported transports.  Anything
         # else only works with delegate_to
-        if delegate_to is None and self._connection.transport not in \
-                ('ssh', 'paramiko', 'local', 'docker', 'buildah'):
+        if delegate_to is None and self._connection.transport not in [
+                'ssh', 'paramiko', 'local'] + DOCKER + PODMAN + BUILDAH:
             result['failed'] = True
             result['msg'] = (
                 "synchronize uses rsync to function. rsync needs to connect to the remote "
@@ -201,8 +223,6 @@ class ActionModule(ActionBase):
                 "so it cannot work." % self._connection.transport)
             return result
 
-        use_ssh_args = _tmp_args.pop('use_ssh_args', None)
-
         # Parameter name needed by the ansible module
         _tmp_args['_local_rsync_path'] = task_vars.get('ansible_rsync_path') or 'rsync'
         _tmp_args['_local_rsync_password'] = task_vars.get('ansible_ssh_pass') or task_vars.get('ansible_password')
@@ -215,14 +235,10 @@ class ActionModule(ActionBase):
         src_host = '127.0.0.1'
         inventory_hostname = task_vars.get('inventory_hostname')
         dest_host_inventory_vars = task_vars['hostvars'].get(inventory_hostname)
-        try:
-            dest_host = dest_host_inventory_vars['ansible_host']
-        except KeyError:
-            dest_host = dest_host_inventory_vars.get('ansible_ssh_host', inventory_hostname)
+        dest_host = dest_host_inventory_vars.get('ansible_host', inventory_hostname)
 
         dest_host_ids = [hostid for hostid in (dest_host_inventory_vars.get('inventory_hostname'),
-                                               dest_host_inventory_vars.get('ansible_host'),
-                                               dest_host_inventory_vars.get('ansible_ssh_host'))
+                                               dest_host_inventory_vars.get('ansible_host'))
                          if hostid is not None]
 
         localhost_ports = set()
@@ -246,7 +262,7 @@ class ActionModule(ActionBase):
             dest_is_local = True
 
         # CHECK FOR NON-DEFAULT SSH PORT
-        inv_port = task_vars.get('ansible_ssh_port', None) or C.DEFAULT_REMOTE_PORT
+        inv_port = task_vars.get('ansible_port', None) or C.DEFAULT_REMOTE_PORT
         if _tmp_args.get('dest_port', None) is None:
             if inv_port is not None:
                 _tmp_args['dest_port'] = inv_port
@@ -323,20 +339,18 @@ class ActionModule(ActionBase):
             # Src and dest rsync "path" handling
             if boolean(_tmp_args.get('set_remote_user', 'yes'), strict=False):
                 if use_delegate:
-                    user = task_vars.get('ansible_delegated_vars', dict()).get('ansible_ssh_user', None)
+                    user = task_vars.get('ansible_delegated_vars', dict()).get('ansible_user', None)
                     if not user:
-                        user = task_vars.get('ansible_ssh_user') or self._play_context.remote_user
+                        user = task_vars.get('ansible_user') or self._play_context.remote_user
                     if not user:
                         user = C.DEFAULT_REMOTE_USER
 
                 else:
-                    user = task_vars.get('ansible_ssh_user') or self._play_context.remote_user
+                    user = task_vars.get('ansible_user') or self._play_context.remote_user
 
             # Private key handling
-            private_key = self._play_context.private_key_file
-
-            if private_key is not None:
-                _tmp_args['private_key'] = private_key
+            # Use the private_key parameter if passed else use context private_key_file
+            _tmp_args['private_key'] = _tmp_args.get('private_key', self._play_context.private_key_file)
 
             # use the mode to define src and dest's url
             if _tmp_args.get('mode', 'push') == 'pull':
@@ -350,10 +364,8 @@ class ActionModule(ActionBase):
         else:
             # Still need to munge paths (to account for roles) even if we aren't
             # copying files between hosts
-            if not src.startswith('/'):
-                src = self._get_absolute_path(path=src)
-            if not dest.startswith('/'):
-                dest = self._get_absolute_path(path=dest)
+            src = self._get_absolute_path(path=src)
+            dest = self._get_absolute_path(path=dest)
 
         _tmp_args['src'] = src
         _tmp_args['dest'] = dest
@@ -367,11 +379,14 @@ class ActionModule(ActionBase):
         if not dest_is_local:
             # don't escalate for docker. doing --rsync-path with docker exec fails
             # and we can switch directly to the user via docker arguments
-            if self._play_context.become and not rsync_path and self._remote_transport != 'docker':
+            if self._play_context.become and not rsync_path and self._remote_transport not in DOCKER + PODMAN:
                 # If no rsync_path is set, become was originally set, and dest is
                 # remote then add privilege escalation here.
                 if self._play_context.become_method == 'sudo':
-                    rsync_path = 'sudo rsync'
+                    if self._play_context.become_user:
+                        rsync_path = 'sudo -u %s rsync' % self._play_context.become_user
+                    else:
+                        rsync_path = 'sudo rsync'
                 # TODO: have to add in the rest of the become methods here
 
             # We cannot use privilege escalation on the machine running the
@@ -381,17 +396,9 @@ class ActionModule(ActionBase):
 
         _tmp_args['rsync_path'] = rsync_path
 
-        if use_ssh_args:
-            ssh_args = [
-                getattr(self._play_context, 'ssh_args', ''),
-                getattr(self._play_context, 'ssh_common_args', ''),
-                getattr(self._play_context, 'ssh_extra_args', ''),
-            ]
-            _tmp_args['ssh_args'] = ' '.join([a for a in ssh_args if a])
-
         # If launching synchronize against docker container
         # use rsync_opts to support container to override rsh options
-        if self._remote_transport in ['docker', 'buildah'] and not use_delegate:
+        if self._remote_transport in DOCKER + BUILDAH + PODMAN and not use_delegate:
             # Replicate what we do in the module argumentspec handling for lists
             if not isinstance(_tmp_args.get('rsync_opts'), MutableSequence):
                 tmp_rsync_opts = _tmp_args.get('rsync_opts', [])
@@ -404,17 +411,17 @@ class ActionModule(ActionBase):
             if '--blocking-io' not in _tmp_args['rsync_opts']:
                 _tmp_args['rsync_opts'].append('--blocking-io')
 
-            if self._remote_transport in ['docker']:
+            if self._remote_transport in DOCKER + PODMAN:
                 if become and self._play_context.become_user:
-                    _tmp_args['rsync_opts'].append("--rsh=%s exec -u %s -i" % (self._docker_cmd, self._play_context.become_user))
+                    _tmp_args['rsync_opts'].append('--rsh=' + shlex_quote('%s exec -u %s -i' % (self._docker_cmd, self._play_context.become_user)))
                 elif user is not None:
-                    _tmp_args['rsync_opts'].append("--rsh=%s exec -u %s -i" % (self._docker_cmd, user))
+                    _tmp_args['rsync_opts'].append('--rsh=' + shlex_quote('%s exec -u %s -i' % (self._docker_cmd, user)))
                 else:
-                    _tmp_args['rsync_opts'].append("--rsh=%s exec -i" % self._docker_cmd)
-            elif self._remote_transport in ['buildah']:
-                _tmp_args['rsync_opts'].append("--rsh=buildah run --")
+                    _tmp_args['rsync_opts'].append('--rsh=' + shlex_quote('%s exec -i' % self._docker_cmd))
+            elif self._remote_transport in BUILDAH:
+                _tmp_args['rsync_opts'].append('--rsh=' + shlex_quote('buildah run --'))
 
         # run the module and store the result
-        result.update(self._execute_module('synchronize', module_args=_tmp_args, task_vars=task_vars))
+        result.update(self._execute_module('ansible.posix.synchronize', module_args=_tmp_args, task_vars=task_vars))
 
         return result

plugins/callback/cgroup_perf_recap.py

@@ -11,8 +11,8 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
                     'supported_by': 'community'}
 
 DOCUMENTATION = '''
-    callback: cgroup_perf_recap
-    callback_type: aggregate
+    name: cgroup_perf_recap
+    type: aggregate
     requirements:
       - whitelist in configuration
       - cgroups

plugins/callback/debug.py

@@ -5,7 +5,7 @@ from __future__ import (absolute_import, division, print_function)
 __metaclass__ = type
 
 DOCUMENTATION = '''
-    callback: debug
+    name: debug
     type: stdout
     short_description: formatted stdout/stderr display
     description:

plugins/callback/json.py

@@ -7,7 +7,7 @@ from __future__ import (absolute_import, division, print_function)
 __metaclass__ = type
 
 DOCUMENTATION = '''
-    callback: json
+    name: json
     short_description: Ansible screen output as JSON
     description:
         - This callback converts all events into JSON output to stdout
@@ -25,6 +25,11 @@ DOCUMENTATION = '''
           - key: show_custom_stats
             section: defaults
         type: bool
+    notes:
+      - When using a strategy such as free, host_pinned, or a custom strategy, host results will
+        be added to new task results in ``.plays[].tasks[]``. As such, there will exist duplicate
+        task objects indicated by duplicate task IDs at ``.plays[].tasks[].task.id``, each with an
+        individual host result for the task.
 '''
 
 import datetime
@@ -33,10 +38,14 @@ import json
 from functools import partial
 
 from ansible.inventory.host import Host
+from ansible.module_utils._text import to_text
 from ansible.parsing.ajson import AnsibleJSONEncoder
 from ansible.plugins.callback import CallbackBase
 
 
+LOCKSTEP_CALLBACKS = frozenset(('linear', 'debug'))
+
+
 def current_time():
     return '%sZ' % datetime.datetime.utcnow().isoformat()
 
@@ -49,12 +58,15 @@ class CallbackModule(CallbackBase):
     def __init__(self, display=None):
         super(CallbackModule, self).__init__(display)
         self.results = []
+        self._task_map = {}
+        self._is_lockstep = False
 
     def _new_play(self, play):
+        self._is_lockstep = play.strategy in LOCKSTEP_CALLBACKS
         return {
             'play': {
                 'name': play.get_name(),
-                'id': str(play._uuid),
+                'id': to_text(play._uuid),
                 'duration': {
                     'start': current_time()
                 }
@@ -66,7 +78,7 @@ class CallbackModule(CallbackBase):
         return {
             'task': {
                 'name': task.get_name(),
-                'id': str(task._uuid),
+                'id': to_text(task._uuid),
                 'duration': {
                     'start': current_time()
                 }
@@ -74,13 +86,32 @@ class CallbackModule(CallbackBase):
             'hosts': {}
         }
 
+    def _find_result_task(self, host, task):
+        key = (host.get_name(), task._uuid)
+        return self._task_map.get(
+            key,
+            self.results[-1]['tasks'][-1]
+        )
+
     def v2_playbook_on_play_start(self, play):
         self.results.append(self._new_play(play))
 
+    def v2_runner_on_start(self, host, task):
+        if self._is_lockstep:
+            return
+        key = (host.get_name(), task._uuid)
+        task_result = self._new_task(task)
+        self._task_map[key] = task_result
+        self.results[-1]['tasks'].append(task_result)
+
     def v2_playbook_on_task_start(self, task, is_conditional):
+        if not self._is_lockstep:
+            return
         self.results[-1]['tasks'].append(self._new_task(task))
 
     def v2_playbook_on_handler_task_start(self, task):
+        if not self._is_lockstep:
+            return
         self.results[-1]['tasks'].append(self._new_task(task))
 
     def _convert_host_to_name(self, key):
@@ -118,14 +149,22 @@ class CallbackModule(CallbackBase):
         """This function is used as a partial to add failed/skipped info in a single method"""
         host = result._host
         task = result._task
-        task_result = result._result.copy()
-        task_result.update(on_info)
-        task_result['action'] = task.action
-        self.results[-1]['tasks'][-1]['hosts'][host.name] = task_result
+
+        result_copy = result._result.copy()
+        result_copy.update(on_info)
+        result_copy['action'] = task.action
+
+        task_result = self._find_result_task(host, task)
+
+        task_result['hosts'][host.name] = result_copy
         end_time = current_time()
-        self.results[-1]['tasks'][-1]['task']['duration']['end'] = end_time
+        task_result['task']['duration']['end'] = end_time
         self.results[-1]['play']['duration']['end'] = end_time
 
+        if not self._is_lockstep:
+            key = (host.get_name(), task._uuid)
+            del self._task_map[key]
+
     def __getattribute__(self, name):
         """Return ``_record_task_result`` partial with a dict containing skipped/failed if necessary"""
         if name not in ('v2_runner_on_ok', 'v2_runner_on_failed', 'v2_runner_on_unreachable', 'v2_runner_on_skipped'):

plugins/callback/profile_roles.py

@@ -7,7 +7,7 @@ from __future__ import (absolute_import, division, print_function)
 __metaclass__ = type
 
 DOCUMENTATION = '''
-    callback: profile_roles
+    name: profile_roles
     type: aggregate
     short_description: adds timing information to roles
     description:

plugins/callback/profile_tasks.py

@@ -10,7 +10,7 @@ from __future__ import (absolute_import, division, print_function)
 __metaclass__ = type
 
 DOCUMENTATION = '''
-    callback: profile_tasks
+    name: profile_tasks
     type: aggregate
     short_description: adds time information to tasks
     description:
@@ -46,7 +46,7 @@ EXAMPLES = '''
 example: >
   To enable, add this to your ansible.cfg file in the defaults block
     [defaults]
-    callback_whitelist = profile_tasks
+    callback_whitelist = ansible.posix.profile_tasks
 sample output: >
 #
 #    TASK: [ensure messaging security group exists] ********************************
@@ -92,7 +92,8 @@ def filled(msg, fchar="*"):
 
 def timestamp(self):
     if self.current is not None:
-        self.stats[self.current]['time'] = time.time() - self.stats[self.current]['time']
+        elapsed = time.time() - self.stats[self.current]['started']
+        self.stats[self.current]['elapsed'] += elapsed
 
 
 def tasktime():
@@ -151,8 +152,15 @@ class CallbackModule(CallbackBase):
         timestamp(self)
 
         # Record the start time of the current task
+        # stats[TASK_UUID]:
+        #   started: Current task start time. This value will be updated each time a task
+        #            with the same UUID is executed when `serial` is specified in a playbook.
+        #   elapsed: Elapsed time since the first serialized task was started
         self.current = task._uuid
-        self.stats[self.current] = {'time': time.time(), 'name': task.get_name()}
+        if self.current not in self.stats:
+            self.stats[self.current] = {'started': time.time(), 'elapsed': 0.0, 'name': task.get_name()}
+        else:
+            self.stats[self.current]['started'] = time.time()
         if self._display.verbosity >= 2:
             self.stats[self.current]['path'] = task.get_path()
 
@@ -172,22 +180,22 @@ class CallbackModule(CallbackBase):
         timestamp(self)
         self.current = None
 
-        results = self.stats.items()
+        results = list(self.stats.items())
 
         # Sort the tasks by the specified sort
         if self.sort_order is not None:
             results = sorted(
                 self.stats.items(),
-                key=lambda x: x[1]['time'],
+                key=lambda x: x[1]['elapsed'],
                 reverse=self.sort_order,
             )
 
         # Display the number of tasks specified or the default of 20
-        results = results[:self.task_output_limit]
+        results = list(results)[:self.task_output_limit]
 
         # Print the timings
         for uuid, result in results:
-            msg = u"{0:-<{2}}{1:->9}".format(result['name'] + u' ', u' {0:.02f}s'.format(result['time']), self._display.columns - 9)
+            msg = u"{0:-<{2}}{1:->9}".format(result['name'] + u' ', u' {0:.02f}s'.format(result['elapsed']), self._display.columns - 9)
             if 'path' in result:
                 msg += u"\n{0:-<{1}}".format(result['path'] + u' ', self._display.columns)
             self._display.display(msg)

plugins/callback/skippy.py

@@ -7,19 +7,19 @@ from __future__ import (absolute_import, division, print_function)
 __metaclass__ = type
 
 DOCUMENTATION = '''
-    callback: skippy
-    callback_type: stdout
+    name: skippy
+    type: stdout
     requirements:
       - set as main display callback
     short_description: Ansible screen output that ignores skipped status
     deprecated:
-        why: The 'default' callback plugin now supports this functionality
-        removed_in: '2.11'
-        alternative: "'default' callback plugin with 'display_skipped_hosts = no' option"
+      why: The 'default' callback plugin now supports this functionality
+      removed_at_date: '2022-06-01'
+      alternative: "'default' callback plugin with 'display_skipped_hosts = no' option"
     extends_documentation_fragment:
       - default_callback
     description:
-        - This callback does the same as the default except it does not output skipped host/task/item status
+      - This callback does the same as the default except it does not output skipped host/task/item status
 '''
 
 from ansible.plugins.callback.default import CallbackModule as CallbackModule_default

plugins/callback/timer.py

@@ -6,8 +6,8 @@ from __future__ import (absolute_import, division, print_function)
 __metaclass__ = type
 
 DOCUMENTATION = '''
-    callback: timer
-    callback_type: aggregate
+    name: timer
+    type: aggregate
     requirements:
       - whitelist in configuration
     short_description: Adds time to play stats

plugins/module_utils/_version.py

@@ -0,0 +1,344 @@
+# Vendored copy of distutils/version.py from CPython 3.9.5
+#
+# Implements multiple version numbering conventions for the
+# Python Module Distribution Utilities.
+#
+# PSF License (see PSF-license.txt or https://opensource.org/licenses/Python-2.0)
+#
+
+"""Provides classes to represent module version numbers (one class for
+each style of version numbering).  There are currently two such classes
+implemented: StrictVersion and LooseVersion.
+
+Every version number class implements the following interface:
+  * the 'parse' method takes a string and parses it to some internal
+    representation; if the string is an invalid version number,
+    'parse' raises a ValueError exception
+  * the class constructor takes an optional string argument which,
+    if supplied, is passed to 'parse'
+  * __str__ reconstructs the string that was passed to 'parse' (or
+    an equivalent string -- ie. one that will generate an equivalent
+    version number instance)
+  * __repr__ generates Python code to recreate the version number instance
+  * _cmp compares the current instance with either another instance
+    of the same class or a string (which will be parsed to an instance
+    of the same class, thus must follow the same rules)
+"""
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+import re
+
+try:
+    RE_FLAGS = re.VERBOSE | re.ASCII
+except AttributeError:
+    RE_FLAGS = re.VERBOSE
+
+
+class Version:
+    """Abstract base class for version numbering classes.  Just provides
+    constructor (__init__) and reproducer (__repr__), because those
+    seem to be the same for all version numbering classes; and route
+    rich comparisons to _cmp.
+    """
+
+    def __init__(self, vstring=None):
+        if vstring:
+            self.parse(vstring)
+
+    def __repr__(self):
+        return "%s ('%s')" % (self.__class__.__name__, str(self))
+
+    def __eq__(self, other):
+        c = self._cmp(other)
+        if c is NotImplemented:
+            return c
+        return c == 0
+
+    def __lt__(self, other):
+        c = self._cmp(other)
+        if c is NotImplemented:
+            return c
+        return c < 0
+
+    def __le__(self, other):
+        c = self._cmp(other)
+        if c is NotImplemented:
+            return c
+        return c <= 0
+
+    def __gt__(self, other):
+        c = self._cmp(other)
+        if c is NotImplemented:
+            return c
+        return c > 0
+
+    def __ge__(self, other):
+        c = self._cmp(other)
+        if c is NotImplemented:
+            return c
+        return c >= 0
+
+
+# Interface for version-number classes -- must be implemented
+# by the following classes (the concrete ones -- Version should
+# be treated as an abstract class).
+#    __init__ (string) - create and take same action as 'parse'
+#                        (string parameter is optional)
+#    parse (string)    - convert a string representation to whatever
+#                        internal representation is appropriate for
+#                        this style of version numbering
+#    __str__ (self)    - convert back to a string; should be very similar
+#                        (if not identical to) the string supplied to parse
+#    __repr__ (self)   - generate Python code to recreate
+#                        the instance
+#    _cmp (self, other) - compare two version numbers ('other' may
+#                        be an unparsed version string, or another
+#                        instance of your version class)
+
+
+class StrictVersion(Version):
+    """Version numbering for anal retentives and software idealists.
+    Implements the standard interface for version number classes as
+    described above.  A version number consists of two or three
+    dot-separated numeric components, with an optional "pre-release" tag
+    on the end.  The pre-release tag consists of the letter 'a' or 'b'
+    followed by a number.  If the numeric components of two version
+    numbers are equal, then one with a pre-release tag will always
+    be deemed earlier (lesser) than one without.
+
+    The following are valid version numbers (shown in the order that
+    would be obtained by sorting according to the supplied cmp function):
+
+        0.4       0.4.0  (these two are equivalent)
+        0.4.1
+        0.5a1
+        0.5b3
+        0.5
+        0.9.6
+        1.0
+        1.0.4a3
+        1.0.4b1
+        1.0.4
+
+    The following are examples of invalid version numbers:
+
+        1
+        2.7.2.2
+        1.3.a4
+        1.3pl1
+        1.3c4
+
+    The rationale for this version numbering system will be explained
+    in the distutils documentation.
+    """
+
+    version_re = re.compile(r"^(\d+) \. (\d+) (\. (\d+))? ([ab](\d+))?$", RE_FLAGS)
+
+    def parse(self, vstring):
+        match = self.version_re.match(vstring)
+        if not match:
+            raise ValueError("invalid version number '%s'" % vstring)
+
+        (major, minor, patch, prerelease, prerelease_num) = match.group(1, 2, 4, 5, 6)
+
+        if patch:
+            self.version = tuple(map(int, [major, minor, patch]))
+        else:
+            self.version = tuple(map(int, [major, minor])) + (0,)
+
+        if prerelease:
+            self.prerelease = (prerelease[0], int(prerelease_num))
+        else:
+            self.prerelease = None
+
+    def __str__(self):
+        if self.version[2] == 0:
+            vstring = ".".join(map(str, self.version[0:2]))
+        else:
+            vstring = ".".join(map(str, self.version))
+
+        if self.prerelease:
+            vstring = vstring + self.prerelease[0] + str(self.prerelease[1])
+
+        return vstring
+
+    def _cmp(self, other):
+        if isinstance(other, str):
+            other = StrictVersion(other)
+        elif not isinstance(other, StrictVersion):
+            return NotImplemented
+
+        if self.version != other.version:
+            # numeric versions don't match
+            # prerelease stuff doesn't matter
+            if self.version < other.version:
+                return -1
+            else:
+                return 1
+
+        # have to compare prerelease
+        # case 1: neither has prerelease; they're equal
+        # case 2: self has prerelease, other doesn't; other is greater
+        # case 3: self doesn't have prerelease, other does: self is greater
+        # case 4: both have prerelease: must compare them!
+
+        if not self.prerelease and not other.prerelease:
+            return 0
+        elif self.prerelease and not other.prerelease:
+            return -1
+        elif not self.prerelease and other.prerelease:
+            return 1
+        elif self.prerelease and other.prerelease:
+            if self.prerelease == other.prerelease:
+                return 0
+            elif self.prerelease < other.prerelease:
+                return -1
+            else:
+                return 1
+        else:
+            raise AssertionError("never get here")
+
+
+# end class StrictVersion
+
+# The rules according to Greg Stein:
+# 1) a version number has 1 or more numbers separated by a period or by
+#    sequences of letters. If only periods, then these are compared
+#    left-to-right to determine an ordering.
+# 2) sequences of letters are part of the tuple for comparison and are
+#    compared lexicographically
+# 3) recognize the numeric components may have leading zeroes
+#
+# The LooseVersion class below implements these rules: a version number
+# string is split up into a tuple of integer and string components, and
+# comparison is a simple tuple comparison.  This means that version
+# numbers behave in a predictable and obvious way, but a way that might
+# not necessarily be how people *want* version numbers to behave.  There
+# wouldn't be a problem if people could stick to purely numeric version
+# numbers: just split on period and compare the numbers as tuples.
+# However, people insist on putting letters into their version numbers;
+# the most common purpose seems to be:
+#   - indicating a "pre-release" version
+#     ('alpha', 'beta', 'a', 'b', 'pre', 'p')
+#   - indicating a post-release patch ('p', 'pl', 'patch')
+# but of course this can't cover all version number schemes, and there's
+# no way to know what a programmer means without asking him.
+#
+# The problem is what to do with letters (and other non-numeric
+# characters) in a version number.  The current implementation does the
+# obvious and predictable thing: keep them as strings and compare
+# lexically within a tuple comparison.  This has the desired effect if
+# an appended letter sequence implies something "post-release":
+# eg. "0.99" < "0.99pl14" < "1.0", and "5.001" < "5.001m" < "5.002".
+#
+# However, if letters in a version number imply a pre-release version,
+# the "obvious" thing isn't correct.  Eg. you would expect that
+# "1.5.1" < "1.5.2a2" < "1.5.2", but under the tuple/lexical comparison
+# implemented here, this just isn't so.
+#
+# Two possible solutions come to mind.  The first is to tie the
+# comparison algorithm to a particular set of semantic rules, as has
+# been done in the StrictVersion class above.  This works great as long
+# as everyone can go along with bondage and discipline.  Hopefully a
+# (large) subset of Python module programmers will agree that the
+# particular flavour of bondage and discipline provided by StrictVersion
+# provides enough benefit to be worth using, and will submit their
+# version numbering scheme to its domination.  The free-thinking
+# anarchists in the lot will never give in, though, and something needs
+# to be done to accommodate them.
+#
+# Perhaps a "moderately strict" version class could be implemented that
+# lets almost anything slide (syntactically), and makes some heuristic
+# assumptions about non-digits in version number strings.  This could
+# sink into special-case-hell, though; if I was as talented and
+# idiosyncratic as Larry Wall, I'd go ahead and implement a class that
+# somehow knows that "1.2.1" < "1.2.2a2" < "1.2.2" < "1.2.2pl3", and is
+# just as happy dealing with things like "2g6" and "1.13++".  I don't
+# think I'm smart enough to do it right though.
+#
+# In any case, I've coded the test suite for this module (see
+# ../test/test_version.py) specifically to fail on things like comparing
+# "1.2a2" and "1.2".  That's not because the *code* is doing anything
+# wrong, it's because the simple, obvious design doesn't match my
+# complicated, hairy expectations for real-world version numbers.  It
+# would be a snap to fix the test suite to say, "Yep, LooseVersion does
+# the Right Thing" (ie. the code matches the conception).  But I'd rather
+# have a conception that matches common notions about version numbers.
+
+
+class LooseVersion(Version):
+    """Version numbering for anarchists and software realists.
+    Implements the standard interface for version number classes as
+    described above.  A version number consists of a series of numbers,
+    separated by either periods or strings of letters.  When comparing
+    version numbers, the numeric components will be compared
+    numerically, and the alphabetic components lexically.  The following
+    are all valid version numbers, in no particular order:
+
+        1.5.1
+        1.5.2b2
+        161
+        3.10a
+        8.02
+        3.4j
+        1996.07.12
+        3.2.pl0
+        3.1.1.6
+        2g6
+        11g
+        0.960923
+        2.2beta29
+        1.13++
+        5.5.kw
+        2.0b1pl0
+
+    In fact, there is no such thing as an invalid version number under
+    this scheme; the rules for comparison are simple and predictable,
+    but may not always give the results you want (for some definition
+    of "want").
+    """
+
+    component_re = re.compile(r"(\d+ | [a-z]+ | \.)", re.VERBOSE)
+
+    def __init__(self, vstring=None):
+        if vstring:
+            self.parse(vstring)
+
+    def parse(self, vstring):
+        # I've given up on thinking I can reconstruct the version string
+        # from the parsed tuple -- so I just store the string here for
+        # use by __str__
+        self.vstring = vstring
+        components = [x for x in self.component_re.split(vstring) if x and x != "."]
+        for i, obj in enumerate(components):
+            try:
+                components[i] = int(obj)
+            except ValueError:
+                pass
+
+        self.version = components
+
+    def __str__(self):
+        return self.vstring
+
+    def __repr__(self):
+        return "LooseVersion ('%s')" % str(self)
+
+    def _cmp(self, other):
+        if isinstance(other, str):
+            other = LooseVersion(other)
+        elif not isinstance(other, LooseVersion):
+            return NotImplemented
+
+        if self.version == other.version:
+            return 0
+        if self.version < other.version:
+            return -1
+        if self.version > other.version:
+            return 1
+
+
+# end class LooseVersion

plugins/module_utils/firewalld.py

@@ -0,0 +1,319 @@
+# -*- coding: utf-8 -*-
+#
+# (c) 2013-2018, Adam Miller (maxamillion@fedoraproject.org)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+from ansible_collections.ansible.posix.plugins.module_utils.version import LooseVersion
+
+__metaclass__ = type
+
+
+FW_VERSION = None
+fw = None
+fw_offline = False
+import_failure = True
+try:
+    import firewall.config
+    FW_VERSION = firewall.config.VERSION
+
+    from firewall.client import FirewallClient
+    from firewall.client import FirewallClientZoneSettings
+    from firewall.errors import FirewallError
+    import_failure = False
+
+    try:
+        fw = FirewallClient()
+        fw.getDefaultZone()
+
+    except (AttributeError, FirewallError):
+        # Firewalld is not currently running, permanent-only operations
+        fw_offline = True
+
+        # Import other required parts of the firewalld API
+        #
+        # NOTE:
+        #  online and offline operations do not share a common firewalld API
+        try:
+            from firewall.core.fw_test import Firewall_test
+            fw = Firewall_test()
+        except (ModuleNotFoundError):
+            # In firewalld version 0.7.0 this behavior changed
+            from firewall.core.fw import Firewall
+            fw = Firewall(offline=True)
+
+        fw.start()
+except ImportError:
+    pass
+
+
+class FirewallTransaction(object):
+    """
+    FirewallTransaction
+
+    This is the base class for all firewalld transactions we might want to have
+    """
+
+    def __init__(self, module, action_args=(), zone=None, desired_state=None,
+                 permanent=False, immediate=False, enabled_values=None, disabled_values=None):
+        # type: (firewall.client, tuple, str, bool, bool, bool)
+        """
+        initializer the transaction
+
+        :module:          AnsibleModule, instance of AnsibleModule
+        :action_args:     tuple, args to pass for the action to take place
+        :zone:            str,  firewall zone
+        :desired_state:   str,  the desired state (enabled, disabled, etc)
+        :permanent:       bool, action should be permanent
+        :immediate:       bool, action should take place immediately
+        :enabled_values:  str[], acceptable values for enabling something (default: enabled)
+        :disabled_values: str[], acceptable values for disabling something (default: disabled)
+        """
+
+        self.module = module
+        self.fw = fw
+        self.action_args = action_args
+
+        if zone:
+            self.zone = zone
+        else:
+            if fw_offline:
+                self.zone = fw.get_default_zone()
+            else:
+                self.zone = fw.getDefaultZone()
+
+        self.desired_state = desired_state
+        self.permanent = permanent
+        self.immediate = immediate
+        self.fw_offline = fw_offline
+        self.enabled_values = enabled_values or ["enabled"]
+        self.disabled_values = disabled_values or ["disabled"]
+
+        # List of messages that we'll call module.fail_json or module.exit_json
+        # with.
+        self.msgs = []
+
+        # Allow for custom messages to be added for certain subclass transaction
+        # types
+        self.enabled_msg = None
+        self.disabled_msg = None
+
+    #####################
+    # exception handling
+    #
+    def action_handler(self, action_func, action_func_args):
+        """
+        Function to wrap calls to make actions on firewalld in try/except
+        logic and emit (hopefully) useful error messages
+        """
+
+        try:
+            return action_func(*action_func_args)
+        except Exception as e:
+
+            # If there are any commonly known errors that we should provide more
+            # context for to help the users diagnose what's wrong. Handle that here
+            if "INVALID_SERVICE" in "%s" % e:
+                self.msgs.append("Services are defined by port/tcp relationship and named as they are in /etc/services (on most systems)")
+
+            if len(self.msgs) > 0:
+                self.module.fail_json(
+                    msg='ERROR: Exception caught: %s %s' % (e, ', '.join(self.msgs))
+                )
+            else:
+                self.module.fail_json(msg='ERROR: Exception caught: %s' % e)
+
+    def get_fw_zone_settings(self):
+        if self.fw_offline:
+            fw_zone = self.fw.config.get_zone(self.zone)
+            fw_settings = FirewallClientZoneSettings(
+                list(self.fw.config.get_zone_config(fw_zone))
+            )
+        else:
+            fw_zone = self.fw.config().getZoneByName(self.zone)
+            fw_settings = fw_zone.getSettings()
+
+        return (fw_zone, fw_settings)
+
+    def update_fw_settings(self, fw_zone, fw_settings):
+        if self.fw_offline:
+            self.fw.config.set_zone_config(fw_zone, fw_settings.settings)
+        else:
+            fw_zone.update(fw_settings)
+
+    def get_enabled_immediate(self):
+        raise NotImplementedError
+
+    def get_enabled_permanent(self):
+        raise NotImplementedError
+
+    def set_enabled_immediate(self):
+        raise NotImplementedError
+
+    def set_enabled_permanent(self):
+        raise NotImplementedError
+
+    def set_disabled_immediate(self):
+        raise NotImplementedError
+
+    def set_disabled_permanent(self):
+        raise NotImplementedError
+
+    def run(self):
+        """
+        run
+
+        This function contains the "transaction logic" where as all operations
+        follow a similar pattern in order to perform their action but simply
+        call different functions to carry that action out.
+        """
+
+        self.changed = False
+
+        if self.immediate and self.permanent:
+            is_enabled_permanent = self.action_handler(
+                self.get_enabled_permanent,
+                self.action_args
+            )
+            is_enabled_immediate = self.action_handler(
+                self.get_enabled_immediate,
+                self.action_args
+            )
+            self.msgs.append('Permanent and Non-Permanent(immediate) operation')
+
+            if self.desired_state in self.enabled_values:
+                if not is_enabled_permanent or not is_enabled_immediate:
+                    if self.module.check_mode:
+                        self.module.exit_json(changed=True)
+                if not is_enabled_permanent:
+                    self.action_handler(
+                        self.set_enabled_permanent,
+                        self.action_args
+                    )
+                    self.changed = True
+                if not is_enabled_immediate:
+                    self.action_handler(
+                        self.set_enabled_immediate,
+                        self.action_args
+                    )
+                    self.changed = True
+                if self.changed and self.enabled_msg:
+                    self.msgs.append(self.enabled_msg)
+
+            elif self.desired_state in self.disabled_values:
+                if is_enabled_permanent or is_enabled_immediate:
+                    if self.module.check_mode:
+                        self.module.exit_json(changed=True)
+                if is_enabled_permanent:
+                    self.action_handler(
+                        self.set_disabled_permanent,
+                        self.action_args
+                    )
+                    self.changed = True
+                if is_enabled_immediate:
+                    self.action_handler(
+                        self.set_disabled_immediate,
+                        self.action_args
+                    )
+                    self.changed = True
+                if self.changed and self.disabled_msg:
+                    self.msgs.append(self.disabled_msg)
+
+        elif self.permanent and not self.immediate:
+            is_enabled = self.action_handler(
+                self.get_enabled_permanent,
+                self.action_args
+            )
+            self.msgs.append('Permanent operation')
+
+            if self.desired_state in self.enabled_values:
+                if not is_enabled:
+                    if self.module.check_mode:
+                        self.module.exit_json(changed=True)
+
+                    self.action_handler(
+                        self.set_enabled_permanent,
+                        self.action_args
+                    )
+                    self.changed = True
+                if self.changed and self.enabled_msg:
+                    self.msgs.append(self.enabled_msg)
+
+            elif self.desired_state in self.disabled_values:
+                if is_enabled:
+                    if self.module.check_mode:
+                        self.module.exit_json(changed=True)
+
+                    self.action_handler(
+                        self.set_disabled_permanent,
+                        self.action_args
+                    )
+                    self.changed = True
+                if self.changed and self.disabled_msg:
+                    self.msgs.append(self.disabled_msg)
+
+        elif self.immediate and not self.permanent:
+            is_enabled = self.action_handler(
+                self.get_enabled_immediate,
+                self.action_args
+            )
+            self.msgs.append('Non-permanent operation')
+
+            if self.desired_state in self.enabled_values:
+                if not is_enabled:
+                    if self.module.check_mode:
+                        self.module.exit_json(changed=True)
+
+                    self.action_handler(
+                        self.set_enabled_immediate,
+                        self.action_args
+                    )
+                    self.changed = True
+                if self.changed and self.enabled_msg:
+                    self.msgs.append(self.enabled_msg)
+
+            elif self.desired_state in self.disabled_values:
+                if is_enabled:
+                    if self.module.check_mode:
+                        self.module.exit_json(changed=True)
+
+                    self.action_handler(
+                        self.set_disabled_immediate,
+                        self.action_args
+                    )
+                    self.changed = True
+                if self.changed and self.disabled_msg:
+                    self.msgs.append(self.disabled_msg)
+
+        return (self.changed, self.msgs)
+
+    @staticmethod
+    def sanity_check(module):
+        """
+        Perform sanity checking, version checks, etc
+
+        :module:    AnsibleModule instance
+        """
+
+        if FW_VERSION and fw_offline:
+            # Pre-run version checking
+            if LooseVersion(FW_VERSION) < LooseVersion("0.3.9"):
+                module.fail_json(msg='unsupported version of firewalld, offline operations require >= 0.3.9 - found: {0}'.format(FW_VERSION))
+        elif FW_VERSION and not fw_offline:
+            # Pre-run version checking
+            if LooseVersion(FW_VERSION) < LooseVersion("0.2.11"):
+                module.fail_json(msg='unsupported version of firewalld, requires >= 0.2.11 - found: {0}'.format(FW_VERSION))
+
+            # Check for firewalld running
+            try:
+                if fw.connected is False:
+                    module.fail_json(msg='firewalld service must be running, or try with offline=true')
+            except AttributeError:
+                module.fail_json(msg="firewalld connection can't be established,\
+                        installed version (%s) likely too old. Requires firewalld >= 0.2.11" % FW_VERSION)
+
+        if import_failure:
+            module.fail_json(
+                msg='Python Module not found: firewalld and its python module are required for this module, \
+                        version 0.2.11 or newer required (0.3.9 or newer for offline operations)'
+            )

plugins/module_utils/mount.py

@@ -48,6 +48,10 @@
 # agrees to be bound by the terms and conditions of this License
 # Agreement.
 
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
 import os
 
 

plugins/module_utils/version.py

@@ -0,0 +1,18 @@
+# -*- coding: utf-8 -*-
+
+# Copyright: (c) 2021, Felix Fontein <felix@fontein.de>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+"""Provide version object to compare version numbers."""
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+
+# Once we drop support for Ansible 2.9, ansible-base 2.10, and ansible-core 2.11, we can
+# remove the _version.py file, and replace the following import by
+#
+#     from ansible.module_utils.compat.version import LooseVersion
+
+from ._version import LooseVersion, StrictVersion

plugins/modules/acl.py

@@ -7,9 +7,6 @@
 from __future__ import absolute_import, division, print_function
 __metaclass__ = type
 
-ANSIBLE_METADATA = {'metadata_version': '1.1',
-                    'status': ['stableinterface'],
-                    'supported_by': 'core'}
 
 DOCUMENTATION = r'''
 ---
@@ -17,6 +14,7 @@ module: acl
 short_description: Set and retrieve file ACL information.
 description:
 - Set and retrieve file ACL information.
+version_added: "1.0.0"
 options:
   path:
     description:
@@ -30,6 +28,7 @@ options:
     - The C(query) state gets the current ACL without changing it, for use in C(register) operations.
     choices: [ absent, present, query ]
     default: query
+    type: str
   follow:
     description:
     - Whether to follow symlinks on the path if a symlink is encountered.
@@ -44,13 +43,17 @@ options:
   entity:
     description:
     - The actual user or group that the ACL applies to when matching entity types user or group are selected.
+    type: str
   etype:
     description:
     - The entity type of the ACL to apply, see C(setfacl) documentation for more info.
     choices: [ group, mask, other, user ]
+    type: str
   permissions:
     description:
-    - The permissions to apply/remove can be any combination of C(r), C(w) and C(x) (read, write and execute respectively)
+    - The permissions to apply/remove can be any combination of C(r), C(w), C(x)
+    - (read, write and execute respectively), and C(X) (execute permission if the file is a directory or already has execute permission for some user)
+    type: str
   entry:
     description:
     - DEPRECATED.
@@ -59,12 +62,15 @@ options:
     - The qualifier may be empty for some types, but the type and perms are always required.
     - C(-) can be used as placeholder when you do not care about permissions.
     - This is now superseded by entity, type and permissions fields.
+    type: str
   recursive:
     description:
     - Recursively sets the specified ACL.
     - Incompatible with C(state=query).
+    - Alias C(recurse) added in version 1.3.0.
     type: bool
     default: no
+    aliases: [ recurse ]
   use_nfsv4_acls:
     description:
     - Use NFSv4 ACLs instead of POSIX ACLs.
@@ -77,6 +83,7 @@ options:
     - Incompatible with C(state=query).
     choices: [ default, mask, no_mask ]
     default: default
+    type: str
 author:
 - Brian Coca (@bcoca)
 - Jérémie Astori (@astorije)
@@ -88,7 +95,7 @@ notes:
 
 EXAMPLES = r'''
 - name: Grant user Joe read access to a file
-  acl:
+  ansible.posix.acl:
     path: /etc/foo.conf
     entity: joe
     etype: user
@@ -96,14 +103,14 @@ EXAMPLES = r'''
     state: present
 
 - name: Removes the ACL for Joe on a specific file
-  acl:
+  ansible.posix.acl:
     path: /etc/foo.conf
     entity: joe
     etype: user
     state: absent
 
 - name: Sets default ACL for joe on /etc/foo.d/
-  acl:
+  ansible.posix.acl:
     path: /etc/foo.d/
     entity: joe
     etype: user
@@ -112,13 +119,13 @@ EXAMPLES = r'''
     state: present
 
 - name: Same as previous but using entry shorthand
-  acl:
+  ansible.posix.acl:
     path: /etc/foo.d/
     entry: default:user:joe:rw-
     state: present
 
 - name: Obtain the ACL for a specific file
-  acl:
+  ansible.posix.acl:
     path: /etc/foo.conf
   register: acl_info
 '''
@@ -268,7 +275,7 @@ def main():
             ),
             follow=dict(type='bool', default=True),
             default=dict(type='bool', default=False),
-            recursive=dict(type='bool', default=False),
+            recursive=dict(type='bool', default=False, aliases=['recurse']),
             recalculate_mask=dict(
                 type='str',
                 default='default',

plugins/modules/at.py

@@ -7,17 +7,15 @@
 from __future__ import absolute_import, division, print_function
 __metaclass__ = type
 
-ANSIBLE_METADATA = {'metadata_version': '1.1',
-                    'status': ['preview'],
-                    'supported_by': 'core'}
 
-DOCUMENTATION = '''
+DOCUMENTATION = r'''
 ---
 module: at
 short_description: Schedule the execution of a command or script file via the at command
 description:
  - Use this module to schedule a command or script file to run once in the future.
  - All jobs are executed in the 'a' queue.
+version_added: "1.0.0"
 options:
   command:
     description:
@@ -31,12 +29,10 @@ options:
     description:
      - The count of units in the future to execute the command or script file.
     type: int
-    required: true
   units:
     description:
      - The type of units in the future to execute the command or script file.
     type: str
-    required: true
     choices: [ minutes, hours, days, weeks ]
   state:
     description:
@@ -55,20 +51,20 @@ author:
 - Richard Isaacson (@risaacson)
 '''
 
-EXAMPLES = '''
+EXAMPLES = r'''
 - name: Schedule a command to execute in 20 minutes as root
-  at:
+  ansible.posix.at:
     command: ls -d / >/dev/null
     count: 20
     units: minutes
 
 - name: Match a command to an existing job and delete the job
-  at:
+  ansible.posix.at:
     command: ls -d / >/dev/null
     state: absent
 
 - name: Schedule a command to execute in 20 minutes making sure it is unique in the queue
-  at:
+  ansible.posix.at:
     command: ls -d / >/dev/null
     count: 20
     units: minutes
@@ -76,6 +72,7 @@ EXAMPLES = '''
 '''
 
 import os
+import platform
 import tempfile
 
 from ansible.module_utils.basic import AnsibleModule
@@ -91,7 +88,7 @@ def add_job(module, result, at_cmd, count, units, command, script_file):
 
 def delete_job(module, result, at_cmd, command, script_file):
     for matching_job in get_matching_jobs(module, at_cmd, script_file):
-        at_command = "%s -d %s" % (at_cmd, matching_job)
+        at_command = "%s -r %s" % (at_cmd, matching_job)
         rc, out, err = module.run_command(at_command, check_rc=True)
         result['changed'] = True
     if command:
@@ -119,7 +116,8 @@ def get_matching_jobs(module, at_cmd, script_file):
     #   If the script text is contained in a job add job number to list.
     for current_job in current_jobs:
         split_current_job = current_job.split()
-        at_command = "%s -c %s" % (at_cmd, split_current_job[0])
+        at_opt = '-c' if platform.system() != 'AIX' else '-lv'
+        at_command = "%s %s %s" % (at_cmd, at_opt, split_current_job[0])
         rc, out, err = module.run_command(at_command, check_rc=True)
         if script_file_string in out:
             matching_jobs.append(split_current_job[0])
@@ -131,7 +129,7 @@ def get_matching_jobs(module, at_cmd, script_file):
 def create_tempfile(command):
     filed, script_file = tempfile.mkstemp(prefix='at')
     fileh = os.fdopen(filed, 'w')
-    fileh.write(command)
+    fileh.write(command + os.linesep)
     fileh.close()
     return script_file
 

plugins/modules/authorized_key.py

@@ -8,17 +8,13 @@ from __future__ import absolute_import, division, print_function
 __metaclass__ = type
 
 
-ANSIBLE_METADATA = {'metadata_version': '1.1',
-                    'status': ['preview'],
-                    'supported_by': 'core'}
-
-
 DOCUMENTATION = r'''
 ---
 module: authorized_key
 short_description: Adds or removes an SSH authorized key
 description:
     - Adds or removes SSH authorized keys for particular user accounts.
+version_added: "1.0.0"
 options:
   user:
     description:
@@ -54,6 +50,7 @@ options:
   key_options:
     description:
       - A string of ssh key options to be prepended to the key in the authorized_keys file.
+    type: str
   exclusive:
     description:
       - Whether to remove all other non-specified keys from the authorized_keys file.
@@ -86,19 +83,25 @@ author: Ansible Core Team
 
 EXAMPLES = r'''
 - name: Set authorized key taken from file
-  authorized_key:
+  ansible.posix.authorized_key:
     user: charlie
     state: present
     key: "{{ lookup('file', '/home/charlie/.ssh/id_rsa.pub') }}"
 
 - name: Set authorized keys taken from url
-  authorized_key:
+  ansible.posix.authorized_key:
     user: charlie
     state: present
     key: https://github.com/charlie.keys
 
+- name: Set authorized keys taken from url using lookup
+  ansible.posix.authorized_key:
+    user: charlie
+    state: present
+    key: "{{ lookup('url', 'https://github.com/charlie.keys', split_lines=False) }}"
+
 - name: Set authorized key in alternate location
-  authorized_key:
+  ansible.posix.authorized_key:
     user: charlie
     state: present
     key: "{{ lookup('file', '/home/charlie/.ssh/id_rsa.pub') }}"
@@ -106,7 +109,7 @@ EXAMPLES = r'''
     manage_dir: False
 
 - name: Set up multiple authorized keys
-  authorized_key:
+  ansible.posix.authorized_key:
     user: deploy
     state: present
     key: '{{ item }}'
@@ -115,28 +118,28 @@ EXAMPLES = r'''
     - public_keys/doe-john
 
 - name: Set authorized key defining key options
-  authorized_key:
+  ansible.posix.authorized_key:
     user: charlie
     state: present
     key: "{{ lookup('file', '/home/charlie/.ssh/id_rsa.pub') }}"
     key_options: 'no-port-forwarding,from="10.0.1.1"'
 
 - name: Set authorized key without validating the TLS/SSL certificates
-  authorized_key:
+  ansible.posix.authorized_key:
     user: charlie
     state: present
     key: https://github.com/user.keys
     validate_certs: False
 
 - name: Set authorized key, removing all the authorized keys already set
-  authorized_key:
+  ansible.posix.authorized_key:
     user: root
     key: "{{ lookup('file', 'public_keys/doe-jane') }}"
     state: present
     exclusive: True
 
 - name: Set authorized key for user ubuntu copying it from current user
-  authorized_key:
+  ansible.posix.authorized_key:
     user: ubuntu
     state: present
     key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/id_rsa.pub') }}"
@@ -331,7 +334,10 @@ def keyfile(module, user, write=False, path=None, manage_dir=True, follow=False)
 
     if manage_dir:
         if not os.path.exists(sshdir):
-            os.mkdir(sshdir, int('0700', 8))
+            try:
+                os.mkdir(sshdir, int('0700', 8))
+            except OSError as e:
+                module.fail_json(msg="Failed to create directory %s : %s" % (sshdir, to_native(e)))
             if module.selinux_enabled():
                 module.set_default_selinux_context(sshdir, False)
         os.chown(sshdir, uid, gid)
@@ -388,12 +394,29 @@ def parsekey(module, raw_key, rank=None):
     '''
 
     VALID_SSH2_KEY_TYPES = [
-        'ssh-ed25519',
+        'sk-ecdsa-sha2-nistp256@openssh.com',
+        'sk-ecdsa-sha2-nistp256-cert-v01@openssh.com',
+        'webauthn-sk-ecdsa-sha2-nistp256@openssh.com',
         'ecdsa-sha2-nistp256',
+        'ecdsa-sha2-nistp256-cert-v01@openssh.com',
         'ecdsa-sha2-nistp384',
+        'ecdsa-sha2-nistp384-cert-v01@openssh.com',
         'ecdsa-sha2-nistp521',
+        'ecdsa-sha2-nistp521-cert-v01@openssh.com',
+        'sk-ssh-ed25519@openssh.com',
+        'sk-ssh-ed25519-cert-v01@openssh.com',
+        'ssh-ed25519',
+        'ssh-ed25519-cert-v01@openssh.com',
         'ssh-dss',
         'ssh-rsa',
+        'ssh-xmss@openssh.com',
+        'ssh-xmss-cert-v01@openssh.com',
+        'rsa-sha2-256',
+        'rsa-sha2-512',
+        'ssh-rsa-cert-v01@openssh.com',
+        'rsa-sha2-256-cert-v01@openssh.com',
+        'rsa-sha2-512-cert-v01@openssh.com',
+        'ssh-dss-cert-v01@openssh.com',
     ]
 
     options = None   # connection options
@@ -467,15 +490,14 @@ def parsekeys(module, lines):
 
 
 def writefile(module, filename, content):
-
-    fd, tmp_path = tempfile.mkstemp('', 'tmp', os.path.dirname(filename))
-    f = open(tmp_path, "w")
+    dummy, tmp_path = tempfile.mkstemp()
 
     try:
-        f.write(content)
+        with open(tmp_path, "w") as f:
+            f.write(content)
     except IOError as e:
+        module.add_cleanup_file(tmp_path)
         module.fail_json(msg="Failed to write to file %s: %s" % (tmp_path, to_native(e)))
-    f.close()
     module.atomic_move(tmp_path, filename)
 
 
@@ -636,13 +658,9 @@ def enforce_state(module, params):
             }
             params['diff'] = diff
 
-        if module.check_mode:
-            module.exit_json(changed=True, diff=diff)
-        writefile(module, filename, new_content)
+        if not module.check_mode:
+            writefile(module, filename, new_content)
         params['changed'] = True
-    else:
-        if module.check_mode:
-            module.exit_json(changed=False)
 
     return params
 
@@ -651,11 +669,11 @@ def main():
     module = AnsibleModule(
         argument_spec=dict(
             user=dict(type='str', required=True),
-            key=dict(type='str', required=True),
+            key=dict(type='str', required=True, no_log=False),
             path=dict(type='path'),
             manage_dir=dict(type='bool', default=True),
             state=dict(type='str', default='present', choices=['absent', 'present']),
-            key_options=dict(type='str'),
+            key_options=dict(type='str', no_log=False),
             exclusive=dict(type='bool', default=False),
             comment=dict(type='str'),
             validate_certs=dict(type='bool', default=True),

plugins/modules/firewalld_info.py

@@ -0,0 +1,392 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# Copyright: (c) 2021, Hideki Saito <saito@fgrep.org>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+DOCUMENTATION = r'''
+---
+module: firewalld_info
+short_description: Gather information about firewalld
+description:
+    - This module gathers information about firewalld rules.
+options:
+    active_zones:
+        description: Gather information about active zones.
+        type: bool
+        default: no
+    zones:
+        description:
+            - Gather information about specific zones.
+            - If only works if C(active_zones) is set to C(false).
+        required: false
+        type: list
+        elements: str
+requirements:
+    - firewalld >= 0.2.11
+    - python-firewall
+    - python-dbus
+author:
+    - Hideki Saito (@saito-hideki)
+'''
+
+EXAMPLES = r'''
+- name: Gather information about active zones
+  ansible.posix.firewalld_info:
+    active_zones: yes
+
+- name: Gather information about specific zones
+  ansible.posix.firewalld_info:
+    zones:
+      - public
+      - external
+      - internal
+'''
+
+RETURN = r'''
+active_zones:
+    description:
+      - Gather active zones only if turn it C(true).
+    returned: success
+    type: bool
+    sample: false
+collected_zones:
+    description:
+      - A list of collected zones.
+    returned: success
+    type: list
+    sample: [external, internal]
+undefined_zones:
+    description:
+      - A list of undefined zones in C(zones) option.
+      - C(undefined_zones) will be ignored for gathering process.
+    returned: success
+    type: list
+    sample: [foo, bar]
+firewalld_info:
+    description:
+      - Returns various information about firewalld configuration.
+    returned: success
+    type: complex
+    contains:
+        version:
+            description:
+              - The version information of firewalld.
+            returned: success
+            type: str
+            sample: 0.8.2
+        default_zones:
+            description:
+              - The zone name of default zone.
+            returned: success
+            type: str
+            sample: public
+        zones:
+            description:
+              - A dict of zones to gather information.
+            returned: success
+            type: complex
+            contains:
+                zone:
+                    description:
+                      - The zone name registered in firewalld.
+                    returned: success
+                    type: complex
+                    sample: external
+                    contains:
+                        target:
+                            description:
+                              - A list of services in the zone.
+                            returned: success
+                            type: str
+                            sample: ACCEPT
+                        icmp_block_inversion:
+                            description:
+                              - The ICMP block inversion to block
+                                all ICMP requests.
+                            returned: success
+                            type: bool
+                            sample: false
+                        interfaces:
+                            description:
+                              - A list of network interfaces.
+                            returned: success
+                            type: list
+                            sample:
+                              - 'eth0'
+                              - 'eth1'
+                        sources:
+                            description:
+                              - A list of source network address.
+                            returned: success
+                            type: list
+                            sample:
+                              - '172.16.30.0/24'
+                              - '172.16.31.0/24'
+                        services:
+                            description:
+                              - A list of network services.
+                            returned: success
+                            type: list
+                            sample:
+                              - 'dhcp'
+                              - 'dns'
+                              - 'ssh'
+                        ports:
+                            description:
+                              - A list of network port with protocol.
+                            returned: success
+                            type: list
+                            sample:
+                              - - "22"
+                                - "tcp"
+                              - - "80"
+                                - "tcp"
+                        protocols:
+                            description:
+                              - A list of network protocol.
+                            returned: success
+                            type: list
+                            sample:
+                              - "icmp"
+                              - "ipv6-icmp"
+                        forward:
+                            description:
+                              - The network interface forwarding.
+                              - This parameter supports on python-firewall
+                                0.9.0(or later) and is not collected in earlier
+                                versions.
+                            returned: success
+                            type: bool
+                            sample: false
+                        masquerade:
+                            description:
+                              - The network interface masquerading.
+                            returned: success
+                            type: bool
+                            sample: false
+                        forward_ports:
+                            description:
+                              - A list of forwarding port pair with protocol.
+                            returned: success
+                            type: list
+                            sample:
+                              - "icmp"
+                              - "ipv6-icmp"
+                        source_ports:
+                            description:
+                              - A list of network source port with protocol.
+                            returned: success
+                            type: list
+                            sample:
+                              - - "30000"
+                                - "tcp"
+                              - - "30001"
+                                - "tcp"
+                        icmp_blocks:
+                            description:
+                              - A list of blocking icmp protocol.
+                            returned: success
+                            type: list
+                            sample:
+                              - "echo-request"
+                        rich_rules:
+                            description:
+                              - A list of rich language rule.
+                            returned: success
+                            type: list
+                            sample:
+                              - "rule protocol value=\"icmp\" reject"
+                              - "rule priority=\"32767\" reject"
+'''
+
+from ansible.module_utils.basic import AnsibleModule, missing_required_lib
+from ansible.module_utils.six import raise_from
+from ansible.module_utils._text import to_native
+from ansible_collections.ansible.posix.plugins.module_utils.version import StrictVersion
+
+
+try:
+    import dbus
+    HAS_DBUS = True
+except ImportError:
+    HAS_DBUS = False
+
+try:
+    import firewall.client as fw_client
+    import firewall.config as fw_config
+    HAS_FIREWALLD = True
+except ImportError:
+    HAS_FIREWALLD = False
+
+
+def get_version():
+    return fw_config.VERSION
+
+
+def get_active_zones(client):
+    return client.getActiveZones().keys()
+
+
+def get_all_zones(client):
+    return client.getZones()
+
+
+def get_default_zone(client):
+    return client.getDefaultZone()
+
+
+def get_zone_settings(client, zone):
+    return client.getZoneSettings(zone)
+
+
+def get_zone_target(zone_settings):
+    return zone_settings.getTarget()
+
+
+def get_zone_icmp_block_inversion(zone_settings):
+    return zone_settings.getIcmpBlockInversion()
+
+
+def get_zone_interfaces(zone_settings):
+    return zone_settings.getInterfaces()
+
+
+def get_zone_sources(zone_settings):
+    return zone_settings.getSources()
+
+
+def get_zone_services(zone_settings):
+    return zone_settings.getServices()
+
+
+def get_zone_ports(zone_settings):
+    return zone_settings.getPorts()
+
+
+def get_zone_protocols(zone_settings):
+    return zone_settings.getProtocols()
+
+
+# This function supports python-firewall 0.9.0(or later).
+def get_zone_forward(zone_settings):
+    return zone_settings.getForward()
+
+
+def get_zone_masquerade(zone_settings):
+    return zone_settings.getMasquerade()
+
+
+def get_zone_forward_ports(zone_settings):
+    return zone_settings.getForwardPorts()
+
+
+def get_zone_source_ports(zone_settings):
+    return zone_settings.getSourcePorts()
+
+
+def get_zone_icmp_blocks(zone_settings):
+    return zone_settings.getIcmpBlocks()
+
+
+def get_zone_rich_rules(zone_settings):
+    return zone_settings.getRichRules()
+
+
+def main():
+    module_args = dict(
+        active_zones=dict(required=False, type='bool', default=False),
+        zones=dict(required=False, type='list', elements='str'),
+    )
+
+    module = AnsibleModule(
+        argument_spec=module_args,
+        supports_check_mode=True,
+    )
+
+    firewalld_info = dict()
+    result = dict(
+        changed=False,
+        active_zones=module.params['active_zones'],
+        collected_zones=list(),
+        undefined_zones=list(),
+        warnings=list(),
+    )
+
+    # Exit with failure message if requirements modules are not installed.
+    if not HAS_DBUS:
+        module.fail_json(msg=missing_required_lib('python-dbus'))
+    if not HAS_FIREWALLD:
+        module.fail_json(msg=missing_required_lib('python-firewall'))
+
+    # If you want to show warning messages in the task running process,
+    # you can append the message to the 'warn' list.
+    warn = list()
+
+    try:
+        client = fw_client.FirewallClient()
+
+        # Gather general information of firewalld.
+        firewalld_info['version'] = get_version()
+        firewalld_info['default_zone'] = get_default_zone(client)
+
+        # Gather information for zones.
+        zones_info = dict()
+        collect_zones = list()
+        ignore_zones = list()
+        if module.params['active_zones']:
+            collect_zones = get_active_zones(client)
+        elif module.params['zones']:
+            all_zones = get_all_zones(client)
+            specified_zones = module.params['zones']
+            collect_zones = list(set(specified_zones) & set(all_zones))
+            ignore_zones = list(set(specified_zones) - set(collect_zones))
+            warn.append(
+                'Please note: zone:(%s) have been ignored in the gathering process.' % ','.join(ignore_zones))
+        else:
+            collect_zones = get_all_zones(client)
+
+        for zone in collect_zones:
+            # Gather settings for each zone based on the output of
+            # 'firewall-cmd --info-zone=<ZONE>' command.
+            zone_info = dict()
+            zone_settings = get_zone_settings(client, zone)
+            zone_info['target'] = get_zone_target(zone_settings)
+            zone_info['icmp_block_inversion'] = get_zone_icmp_block_inversion(zone_settings)
+            zone_info['interfaces'] = get_zone_interfaces(zone_settings)
+            zone_info['sources'] = get_zone_sources(zone_settings)
+            zone_info['services'] = get_zone_services(zone_settings)
+            zone_info['ports'] = get_zone_ports(zone_settings)
+            zone_info['protocols'] = get_zone_protocols(zone_settings)
+            zone_info['masquerade'] = get_zone_masquerade(zone_settings)
+            zone_info['forward_ports'] = get_zone_forward_ports(zone_settings)
+            zone_info['source_ports'] = get_zone_source_ports(zone_settings)
+            zone_info['icmp_blocks'] = get_zone_icmp_blocks(zone_settings)
+            zone_info['rich_rules'] = get_zone_rich_rules(zone_settings)
+
+            # The 'forward' parameter supports on python-firewall 0.9.0(or later).
+            if StrictVersion(firewalld_info['version']) >= StrictVersion('0.9.0'):
+                zone_info['forward'] = get_zone_forward(zone_settings)
+
+            zones_info[zone] = zone_info
+        firewalld_info['zones'] = zones_info
+    except AttributeError as e:
+        module.fail_json(msg=('firewalld probably not be running, Or the following method '
+                              'is not supported with your python-firewall version. (Error: %s)') % to_native(e))
+    except dbus.exceptions.DBusException as e:
+        module.fail_json(msg=('Unable to gather firewalld settings.'
+                              ' You may need to run as the root user or'
+                              ' use become. (Error: %s)' % to_native(e)))
+
+    result['collected_zones'] = collect_zones
+    result['undefined_zones'] = ignore_zones
+    result['firewalld_info'] = firewalld_info
+    result['warnings'] = warn
+    module.exit_json(**result)
+
+
+if __name__ == '__main__':
+    main()

plugins/modules/mount.py

@@ -9,9 +9,6 @@
 from __future__ import absolute_import, division, print_function
 __metaclass__ = type
 
-ANSIBLE_METADATA = {'metadata_version': '1.1',
-                    'status': ['preview'],
-                    'supported_by': 'core'}
 
 DOCUMENTATION = r'''
 ---
@@ -22,6 +19,7 @@ description:
 author:
   - Ansible Core Team
   - Seth Vidal (@skvidal)
+version_added: "1.0.0"
 options:
   path:
     description:
@@ -32,7 +30,7 @@ options:
     aliases: [ name ]
   src:
     description:
-      - Device to be mounted on I(path).
+      - Device (or NFS volume, or something else) to be mounted on I(path).
       - Required when I(state) set to C(present) or C(mounted).
     type: path
   fstype:
@@ -52,7 +50,7 @@ options:
         with subsequent runs.
       - Has no effect on Solaris systems.
     type: str
-    default: 0
+    default: '0'
   passno:
     description:
       - Passno (see fstab(5)).
@@ -61,7 +59,7 @@ options:
         with subsequent runs.
       - Deprecated on Solaris systems.
     type: str
-    default: 0
+    default: '0'
   state:
     description:
       - If C(mounted), the device will be actively mounted and appropriately
@@ -75,7 +73,11 @@ options:
         point.
       - C(remounted) specifies that the device will be remounted for when you
         want to force a refresh on the mount itself (added in 2.9). This will
-        always return changed=true.
+        always return changed=true. If I(opts) is set, the options will be
+        applied to the remount, but will not change I(fstab).  Additionally,
+        if I(opts) is set, and the remount command fails, the module will
+        error to prevent unexpected mount changes.  Try using C(mounted)
+        instead to work around this issue.
     type: str
     required: true
     choices: [ absent, mounted, present, unmounted, remounted ]
@@ -91,7 +93,13 @@ options:
   boot:
     description:
       - Determines if the filesystem should be mounted on boot.
-      - Only applies to Solaris systems.
+      - Only applies to Solaris and Linux systems.
+      - For Solaris systems, C(true) will set C(yes) as the value of mount at boot
+        in I(/etc/vfstab).
+      - For Linux, FreeBSD, NetBSD and OpenBSD systems, C(false) will add C(noauto)
+        to mount options in I(/etc/fstab).
+      - To avoid mount option conflicts, if C(noauto) specified in C(opts),
+        mount module will ignore C(boot).
     type: bool
     default: yes
   backup:
@@ -103,12 +111,15 @@ options:
 notes:
   - As of Ansible 2.3, the I(name) option has been changed to I(path) as
     default, but I(name) still works as well.
+  - Using C(remounted) with I(opts) set may create unexpected results based on
+    the existing options already defined on mount, so care should be taken to
+    ensure that conflicting options are not present before hand.
 '''
 
 EXAMPLES = r'''
 # Before 2.3, option 'name' was used instead of 'path'
 - name: Mount DVD read-only
-  mount:
+  ansible.posix.mount:
     path: /mnt/dvd
     src: /dev/sr0
     fstype: iso9660
@@ -116,14 +127,14 @@ EXAMPLES = r'''
     state: present
 
 - name: Mount up device by label
-  mount:
+  ansible.posix.mount:
     path: /srv/disk
     src: LABEL=SOME_LABEL
     fstype: ext4
     state: present
 
 - name: Mount up device by UUID
-  mount:
+  ansible.posix.mount:
     path: /home
     src: UUID=b3e48f45-f933-4c8e-a700-22a159ec9077
     fstype: xfs
@@ -131,12 +142,26 @@ EXAMPLES = r'''
     state: present
 
 - name: Unmount a mounted volume
-  mount:
+  ansible.posix.mount:
     path: /tmp/mnt-pnt
     state: unmounted
 
+- name: Remount a mounted volume
+  ansible.posix.mount:
+    path: /tmp/mnt-pnt
+    state: remounted
+
+# The following will not save changes to fstab, and only be temporary until
+# a reboot, or until calling "state: unmounted" followed by "state: mounted"
+# on the same "path"
+- name: Remount a mounted volume and append exec to the existing options
+  ansible.posix.mount:
+    path: /tmp
+    state: remounted
+    opts: exec
+
 - name: Mount and bind a volume
-  mount:
+  ansible.posix.mount:
     path: /system/new_volume/boot
     src: /boot
     opts: bind
@@ -144,27 +169,40 @@ EXAMPLES = r'''
     fstype: none
 
 - name: Mount an NFS volume
-  mount:
+  ansible.posix.mount:
     src: 192.168.1.100:/nfs/ssd/shared_data
     path: /mnt/shared_data
-    opts: rw,sync,hard,intr
+    opts: rw,sync,hard
+    state: mounted
+    fstype: nfs
+
+- name: Mount NFS volumes with noauto according to boot option
+  ansible.posix.mount:
+    src: 192.168.1.100:/nfs/ssd/shared_data
+    path: /mnt/shared_data
+    opts: rw,sync,hard
+    boot: no
     state: mounted
     fstype: nfs
 '''
 
-
+import errno
 import os
 import platform
 
 from ansible.module_utils.basic import AnsibleModule
-from ansible_collections.ansible.posix.plugins.module_utils.ismount import ismount
+from ansible_collections.ansible.posix.plugins.module_utils.mount import ismount
 from ansible.module_utils.six import iteritems
-from ansible.module_utils._text import to_native
+from ansible.module_utils._text import to_bytes, to_native
+from ansible.module_utils.parsing.convert_bool import boolean
 
 
 def write_fstab(module, lines, path):
+
     if module.params['backup']:
-        module.backup_local(path)
+        backup_file = module.backup_local(path)
+    else:
+        backup_file = ""
 
     fs_w = open(path, 'w')
 
@@ -174,6 +212,8 @@ def write_fstab(module, lines, path):
     fs_w.flush()
     fs_w.close()
 
+    return backup_file
+
 
 def _escape_fstab(v):
     """Escape invalid characters in fstab fields.
@@ -195,11 +235,18 @@ def _escape_fstab(v):
 
 def set_mount(module, args):
     """Set/change a mount point location in fstab."""
+    name, backup_lines, changed = _set_mount_save_old(module, args)
+    return name, changed
+
+
+def _set_mount_save_old(module, args):
+    """Set/change a mount point location in fstab. Save the old fstab contents."""
 
     to_write = []
+    old_lines = []
     exists = False
     changed = False
-    escaped_args = dict([(k, _escape_fstab(v)) for k, v in iteritems(args)])
+    escaped_args = dict([(k, _escape_fstab(v)) for k, v in iteritems(args) if k != 'warnings'])
     new_line = '%(src)s %(name)s %(fstype)s %(opts)s %(dump)s %(passno)s\n'
 
     if platform.system() == 'SunOS':
@@ -207,6 +254,12 @@ def set_mount(module, args):
             '%(src)s - %(name)s %(fstype)s %(passno)s %(boot)s %(opts)s\n')
 
     for line in open(args['fstab'], 'r').readlines():
+        # Append newline if the line in fstab does not finished with newline.
+        if not line.endswith('\n'):
+            line += '\n'
+
+        old_lines.append(line)
+
         if not line.strip():
             to_write.append(line)
 
@@ -287,9 +340,9 @@ def set_mount(module, args):
         changed = True
 
     if changed and not module.check_mode:
-        write_fstab(module, to_write, args['fstab'])
+        args['backup_file'] = write_fstab(module, to_write, args['fstab'])
 
-    return (args['name'], changed)
+    return (args['name'], old_lines, changed)
 
 
 def unset_mount(module, args):
@@ -426,9 +479,15 @@ def remount(module, args):
 
     # Multiplatform remount opts
     if platform.system().lower().endswith('bsd'):
-        cmd += ['-u']
+        if module.params['state'] == 'remounted' and args['opts'] != 'defaults':
+            cmd += ['-u', '-o', args['opts']]
+        else:
+            cmd += ['-u']
     else:
-        cmd += ['-o', 'remount']
+        if module.params['state'] == 'remounted' and args['opts'] != 'defaults':
+            cmd += ['-o', 'remount,' + args['opts']]
+        else:
+            cmd += ['-o', 'remount']
 
     if platform.system().lower() == 'openbsd':
         # Use module.params['fstab'] here as args['fstab'] has been set to the
@@ -461,6 +520,16 @@ def remount(module, args):
 
     if rc != 0:
         msg = out + err
+
+        if module.params['state'] == 'remounted' and args['opts'] != 'defaults':
+            module.fail_json(
+                msg=(
+                    'Options were specified with remounted, but the remount '
+                    'command failed. Failing in order to prevent an '
+                    'unexpected mount result. Try replacing this command with '
+                    'a "state: unmounted" followed by a "state: mounted" '
+                    'using the full desired mount options instead.'))
+
         rc, msg = umount(module, args['name'])
 
         if rc == 0:
@@ -598,12 +667,12 @@ def main():
     module = AnsibleModule(
         argument_spec=dict(
             boot=dict(type='bool', default=True),
-            dump=dict(type='str'),
+            dump=dict(type='str', default='0'),
             fstab=dict(type='str'),
             fstype=dict(type='str'),
             path=dict(type='path', required=True, aliases=['name']),
             opts=dict(type='str'),
-            passno=dict(type='str'),
+            passno=dict(type='str', no_log=False, default='0'),
             src=dict(type='path'),
             backup=dict(type='bool', default=False),
             state=dict(type='str', required=True, choices=['absent', 'mounted', 'present', 'unmounted', 'remounted']),
@@ -627,7 +696,8 @@ def main():
             opts='-',
             passno='-',
             fstab=module.params['fstab'],
-            boot='yes'
+            boot='yes' if module.params['boot'] else 'no',
+            warnings=[]
         )
         if args['fstab'] is None:
             args['fstab'] = '/etc/vfstab'
@@ -637,7 +707,9 @@ def main():
             opts='defaults',
             dump='0',
             passno='0',
-            fstab=module.params['fstab']
+            fstab=module.params['fstab'],
+            boot='yes',
+            warnings=[]
         )
         if args['fstab'] is None:
             args['fstab'] = '/etc/fstab'
@@ -646,6 +718,7 @@ def main():
         if platform.system() == 'FreeBSD':
             args['opts'] = 'rw'
 
+    args['backup_file'] = ""
     linux_mounts = []
 
     # Cache all mounts here in order we have consistent results if we need to
@@ -654,14 +727,27 @@ def main():
         linux_mounts = get_linux_mounts(module)
 
         if linux_mounts is None:
-            args['warnings'] = (
-                'Cannot open file /proc/self/mountinfo. '
-                'Bind mounts might be misinterpreted.')
+            args['warnings'].append('Cannot open file /proc/self/mountinfo.'
+                                    ' Bind mounts might be misinterpreted.')
 
     # Override defaults with user specified params
     for key in ('src', 'fstype', 'passno', 'opts', 'dump', 'fstab'):
         if module.params[key] is not None:
             args[key] = module.params[key]
+    if platform.system().lower() == 'linux' or platform.system().lower().endswith('bsd'):
+        # Linux, FreeBSD, NetBSD and OpenBSD have 'noauto' as mount option to
+        # handle mount on boot.  To avoid mount option conflicts, if 'noauto'
+        # specified in 'opts',  mount module will ignore 'boot'.
+        opts = args['opts'].split(',')
+        if 'noauto' in opts:
+            args['warnings'].append("Ignore the 'boot' due to 'opts' contains 'noauto'.")
+        elif not module.params['boot']:
+            args['boot'] = 'no'
+            if 'defaults' in opts:
+                args['warnings'].append("Ignore the 'boot' due to 'opts' contains 'defaults'.")
+            else:
+                opts.append('noauto')
+                args['opts'] = ','.join(opts)
 
     # If fstab file does not exist, we first need to create it. This mainly
     # happens when fstab option is passed to the module.
@@ -716,17 +802,34 @@ def main():
 
             changed = True
     elif state == 'mounted':
-        if not os.path.exists(args['src']):
-            module.fail_json(msg="Unable to mount %s as it does not exist" % args['src'])
-
+        dirs_created = []
         if not os.path.exists(name) and not module.check_mode:
             try:
-                os.makedirs(name)
+                # Something like mkdir -p but with the possibility to undo.
+                # Based on some copy-paste from the "file" module.
+                curpath = ''
+                for dirname in name.strip('/').split('/'):
+                    curpath = '/'.join([curpath, dirname])
+                    # Remove leading slash if we're creating a relative path
+                    if not os.path.isabs(name):
+                        curpath = curpath.lstrip('/')
+
+                    b_curpath = to_bytes(curpath, errors='surrogate_or_strict')
+                    if not os.path.exists(b_curpath):
+                        try:
+                            os.mkdir(b_curpath)
+                            dirs_created.append(b_curpath)
+                        except OSError as ex:
+                            # Possibly something else created the dir since the os.path.exists
+                            # check above. As long as it's a dir, we don't need to error out.
+                            if not (ex.errno == errno.EEXIST and os.path.isdir(b_curpath)):
+                                raise
+
             except (OSError, IOError) as e:
                 module.fail_json(
                     msg="Error making dir %s: %s" % (name, to_native(e)))
 
-        name, changed = set_mount(module, args)
+        name, backup_lines, changed = _set_mount_save_old(module, args)
         res = 0
 
         if (
@@ -743,6 +846,21 @@ def main():
                 res, msg = mount(module, args)
 
         if res:
+            # Not restoring fstab after a failed mount was reported as a bug,
+            # ansible/ansible#59183
+            # A non-working fstab entry may break the system at the reboot,
+            # so undo all the changes if possible.
+            try:
+                write_fstab(module, backup_lines, args['fstab'])
+            except Exception:
+                pass
+
+            try:
+                for dirname in dirs_created[::-1]:
+                    os.rmdir(dirname)
+            except Exception:
+                pass
+
             module.fail_json(msg="Error mounting %s: %s" % (name, msg))
     elif state == 'present':
         name, changed = set_mount(module, args)
@@ -757,6 +875,10 @@ def main():
     else:
         module.fail_json(msg='Unexpected position reached')
 
+    # If the managed node is Solaris, convert the boot value type to Boolean
+    #  to match the type of return value with the module argument.
+    if platform.system().lower() == 'sunos':
+        args['boot'] = boolean(args['boot'])
     module.exit_json(changed=changed, **args)
 
 

plugins/modules/patch.py

@@ -9,9 +9,6 @@
 from __future__ import absolute_import, division, print_function
 __metaclass__ = type
 
-ANSIBLE_METADATA = {'metadata_version': '1.1',
-                    'status': ['stableinterface'],
-                    'supported_by': 'community'}
 
 DOCUMENTATION = r'''
 ---
@@ -22,6 +19,7 @@ author:
 description:
     - Apply patch files using the GNU patch tool.
 short_description: Apply patch files using the GNU patch tool
+version_added: "1.0.0"
 options:
   basedir:
     description:
@@ -52,7 +50,7 @@ options:
     default: present
   remote_src:
     description:
-      - If C(no), it will search for src at originating/master machine, if C(yes) it will
+      - If C(no), it will search for src at originating/controller machine, if C(yes) it will
         go to the remote/target machine for the C(src).
     type: bool
     default: no
@@ -76,24 +74,29 @@ options:
       - If set to C(no), C(patch) will replace CRLF in C(src) files on POSIX.
     type: bool
     default: no
+  ignore_whitespace:
+    description:
+      - Setting to C(yes) will ignore white space changes between patch and input..
+    type: bool
+    default: no
 notes:
   - This module requires GNU I(patch) utility to be installed on the remote host.
 '''
 
 EXAMPLES = r'''
 - name: Apply patch to one file
-  patch:
+  ansible.posix.patch:
     src: /tmp/index.html.patch
     dest: /var/www/index.html
 
 - name: Apply patch to multiple files under basedir
-  patch:
+  ansible.posix.patch:
     src: /tmp/customize.patch
     basedir: /var/www
     strip: 1
 
 - name: Revert patch to one file
-  patch:
+  ansible.posix.patch:
     src: /tmp/index.html.patch
     dest: /var/www/index.html
     state: absent
@@ -118,23 +121,25 @@ def add_dry_run_option(opts):
         opts.append('--dry-run')
 
 
-def is_already_applied(patch_func, patch_file, basedir, dest_file=None, binary=False, strip=0, state='present'):
+def is_already_applied(patch_func, patch_file, basedir, dest_file=None, binary=False, ignore_whitespace=False, strip=0, state='present'):
     opts = ['--quiet', '--forward',
             "--strip=%s" % strip, "--directory='%s'" % basedir,
             "--input='%s'" % patch_file]
     add_dry_run_option(opts)
     if binary:
         opts.append('--binary')
+    if ignore_whitespace:
+        opts.append('--ignore-whitespace')
     if dest_file:
         opts.append("'%s'" % dest_file)
     if state == 'present':
         opts.append('--reverse')
 
-    (rc, _, _) = patch_func(opts)
+    (rc, var1, var2) = patch_func(opts)
     return rc == 0
 
 
-def apply_patch(patch_func, patch_file, basedir, dest_file=None, binary=False, strip=0, dry_run=False, backup=False, state='present'):
+def apply_patch(patch_func, patch_file, basedir, dest_file=None, binary=False, ignore_whitespace=False, strip=0, dry_run=False, backup=False, state='present'):
     opts = ['--quiet', '--forward', '--batch', '--reject-file=-',
             "--strip=%s" % strip, "--directory='%s'" % basedir,
             "--input='%s'" % patch_file]
@@ -142,6 +147,8 @@ def apply_patch(patch_func, patch_file, basedir, dest_file=None, binary=False, s
         add_dry_run_option(opts)
     if binary:
         opts.append('--binary')
+    if ignore_whitespace:
+        opts.append('--ignore-whitespace')
     if dest_file:
         opts.append("'%s'" % dest_file)
     if backup:
@@ -167,6 +174,7 @@ def main():
             #     since patch will create numbered copies, not strftime("%Y-%m-%d@%H:%M:%S~")
             backup=dict(type='bool', default=False),
             binary=dict(type='bool', default=False),
+            ignore_whitespace=dict(type='bool', default=False),
             state=dict(type='str', default='present', choices=['absent', 'present']),
         ),
         required_one_of=[['dest', 'basedir']],
@@ -199,9 +207,10 @@ def main():
     p.src = os.path.abspath(p.src)
 
     changed = False
-    if not is_already_applied(patch_func, p.src, p.basedir, dest_file=p.dest, binary=p.binary, strip=p.strip, state=p.state):
+    if not is_already_applied(patch_func, p.src, p.basedir, dest_file=p.dest, binary=p.binary,
+                              ignore_whitespace=p.ignore_whitespace, strip=p.strip, state=p.state):
         try:
-            apply_patch(patch_func, p.src, p.basedir, dest_file=p.dest, binary=p.binary, strip=p.strip,
+            apply_patch(patch_func, p.src, p.basedir, dest_file=p.dest, binary=p.binary, ignore_whitespace=p.ignore_whitespace, strip=p.strip,
                         dry_run=module.check_mode, backup=p.backup, state=p.state)
             changed = True
         except PatchError as e:

plugins/modules/seboolean.py

@@ -6,21 +6,20 @@
 from __future__ import absolute_import, division, print_function
 __metaclass__ = type
 
-ANSIBLE_METADATA = {'metadata_version': '1.1',
-                    'status': ['stableinterface'],
-                    'supported_by': 'core'}
 
-DOCUMENTATION = '''
+DOCUMENTATION = r'''
 ---
 module: seboolean
 short_description: Toggles SELinux booleans
 description:
      - Toggles SELinux booleans.
+version_added: "1.0.0"
 options:
   name:
     description:
       - Name of the boolean to configure.
     required: true
+    type: str
   persistent:
     description:
       - Set to C(yes) if the boolean setting should survive a reboot.
@@ -41,13 +40,14 @@ notes:
 requirements:
 - libselinux-python
 - libsemanage-python
+- python3-libsemanage
 author:
 - Stephen Fromm (@sfromm)
 '''
 
-EXAMPLES = '''
+EXAMPLES = r'''
 - name: Set httpd_can_network_connect flag on and keep it persistent across reboots
-  seboolean:
+  ansible.posix.seboolean:
     name: httpd_can_network_connect
     state: yes
     persistent: yes
@@ -285,7 +285,7 @@ def main():
         module.fail_json(msg=missing_required_lib('libselinux-python'), exception=SELINUX_IMP_ERR)
 
     if not HAVE_SEMANAGE:
-        module.fail_json(msg=missing_required_lib('libsemanage-python'), exception=SEMANAGE_IMP_ERR)
+        module.fail_json(msg=missing_required_lib('libsemanage-python or python3-libsemanage'), exception=SEMANAGE_IMP_ERR)
 
     ignore_selinux_state = module.params['ignore_selinux_state']
 

plugins/modules/selinux.py

@@ -7,11 +7,6 @@
 from __future__ import absolute_import, division, print_function
 __metaclass__ = type
 
-ANSIBLE_METADATA = {
-    'metadata_version': '1.1',
-    'status': ['stableinterface'],
-    'supported_by': 'core'
-}
 
 DOCUMENTATION = r'''
 ---
@@ -21,20 +16,31 @@ description:
   - Configures the SELinux mode and policy.
   - A reboot may be required after usage.
   - Ansible will not issue this reboot but will let you know when it is required.
+version_added: "1.0.0"
 options:
   policy:
     description:
-      - The name of the SELinux policy to use (e.g. C(targeted)) will be required if state is not C(disabled).
+      - The name of the SELinux policy to use (e.g. C(targeted)) will be required if I(state) is not C(disabled).
+    type: str
   state:
     description:
       - The SELinux mode.
     required: true
     choices: [ disabled, enforcing, permissive ]
+    type: str
+  update_kernel_param:
+    description:
+      - If set to I(true), will update also the kernel boot parameters when disabling/enabling SELinux.
+      - The C(grubby) tool must be present on the target system for this to work.
+    default: no
+    type: bool
+    version_added: '1.4.0'
   configfile:
     description:
       - The path to the SELinux configuration file, if non-standard.
     default: /etc/selinux/config
     aliases: [ conf, file ]
+    type: str
 requirements: [ libselinux-python ]
 author:
 - Derek Carter (@goozbach) <goozbach@friocorte.com>
@@ -42,17 +48,17 @@ author:
 
 EXAMPLES = r'''
 - name: Enable SELinux
-  selinux:
+  ansible.posix.selinux:
     policy: targeted
     state: enforcing
 
 - name: Put SELinux in permissive mode, logging actions that would be blocked.
-  selinux:
+  ansible.posix.selinux:
     policy: targeted
     state: permissive
 
 - name: Disable SELinux
-  selinux:
+  ansible.posix.selinux:
     state: disabled
 '''
 
@@ -98,6 +104,7 @@ except ImportError:
     HAS_SELINUX = False
 
 from ansible.module_utils.basic import AnsibleModule, missing_required_lib
+from ansible.module_utils.common.process import get_bin_path
 from ansible.module_utils.facts.utils import get_file_lines
 
 
@@ -120,6 +127,34 @@ def get_config_policy(configfile):
             return line.split('=')[1].strip()
 
 
+def get_kernel_enabled(module, grubby_bin):
+    if grubby_bin is None:
+        module.fail_json(msg="'grubby' command not found on host",
+                         details="In order to update the kernel command line"
+                                 "enabled/disabled setting, the grubby package"
+                                 "needs to be present on the system.")
+
+    rc, stdout, stderr = module.run_command([grubby_bin, '--info=ALL'])
+    if rc != 0:
+        module.fail_json(msg="unable to run grubby")
+
+    all_enabled = True
+    all_disabled = True
+    for line in stdout.split('\n'):
+        match = re.match('^args="(.*)"$', line)
+        if match is None:
+            continue
+        args = match.group(1).split(' ')
+        if 'selinux=0' in args:
+            all_enabled = False
+        else:
+            all_disabled = False
+    if all_disabled == all_enabled:
+        # inconsistent config - return None to force update
+        return None
+    return all_enabled
+
+
 # setter subroutines
 def set_config_state(module, state, configfile):
     # SELINUX=permissive
@@ -130,9 +165,15 @@ def set_config_state(module, state, configfile):
     tmpfd, tmpfile = tempfile.mkstemp()
 
     with open(tmpfile, "w") as write_file:
+        line_found = False
         for line in lines:
+            if re.match(r'^SELINUX=.*$', line):
+                line_found = True
             write_file.write(re.sub(r'^SELINUX=.*', stateline, line) + '\n')
 
+        if not line_found:
+            write_file.write('SELINUX=%s\n' % state)
+
     module.atomic_move(tmpfile, configfile)
 
 
@@ -148,6 +189,17 @@ def set_state(module, state):
         module.fail_json(msg=msg)
 
 
+def set_kernel_enabled(module, grubby_bin, value):
+    rc, stdout, stderr = module.run_command([grubby_bin, '--update-kernel=ALL',
+                                             '--remove-args' if value else '--args',
+                                             'selinux=0'])
+    if rc != 0:
+        if value:
+            module.fail_json(msg='unable to remove selinux=0 from kernel config')
+        else:
+            module.fail_json(msg='unable to add selinux=0 to kernel config')
+
+
 def set_config_policy(module, policy, configfile):
     if not os.path.exists('/etc/selinux/%s/policy' % policy):
         module.fail_json(msg='Policy %s does not exist in /etc/selinux/' % policy)
@@ -160,9 +212,15 @@ def set_config_policy(module, policy, configfile):
     tmpfd, tmpfile = tempfile.mkstemp()
 
     with open(tmpfile, "w") as write_file:
+        line_found = False
         for line in lines:
+            if re.match(r'^SELINUXTYPE=.*$', line):
+                line_found = True
             write_file.write(re.sub(r'^SELINUXTYPE=.*', policyline, line) + '\n')
 
+        if not line_found:
+            write_file.write('SELINUXTYPE=%s\n' % policy)
+
     module.atomic_move(tmpfile, configfile)
 
 
@@ -170,8 +228,9 @@ def main():
     module = AnsibleModule(
         argument_spec=dict(
             policy=dict(type='str'),
-            state=dict(type='str', required='True', choices=['enforcing', 'permissive', 'disabled']),
+            state=dict(type='str', required=True, choices=['enforcing', 'permissive', 'disabled']),
             configfile=dict(type='str', default='/etc/selinux/config', aliases=['conf', 'file']),
+            update_kernel_param=dict(type='bool', default=False),
         ),
         supports_check_mode=True,
     )
@@ -185,9 +244,11 @@ def main():
     configfile = module.params['configfile']
     policy = module.params['policy']
     state = module.params['state']
+    update_kernel_param = module.params['update_kernel_param']
     runtime_enabled = selinux.is_selinux_enabled()
     runtime_policy = selinux.selinux_getpolicytype()[1]
     runtime_state = 'disabled'
+    kernel_enabled = None
     reboot_required = False
 
     if runtime_enabled:
@@ -204,6 +265,12 @@ def main():
 
     config_policy = get_config_policy(configfile)
     config_state = get_config_state(configfile)
+    if update_kernel_param:
+        try:
+            grubby_bin = get_bin_path('grubby')
+        except ValueError:
+            grubby_bin = None
+        kernel_enabled = get_kernel_enabled(module, grubby_bin)
 
     # check to see if policy is set if state is not 'disabled'
     if state != 'disabled':
@@ -258,6 +325,21 @@ def main():
         msgs.append("Config SELinux state changed from '%s' to '%s'" % (config_state, state))
         changed = True
 
+    requested_kernel_enabled = state in ('enforcing', 'permissive')
+    # Update kernel enabled/disabled config only when setting is consistent
+    # across all kernels AND the requested state differs from the current state
+    if update_kernel_param and kernel_enabled != requested_kernel_enabled:
+        if not module.check_mode:
+            set_kernel_enabled(module, grubby_bin, requested_kernel_enabled)
+        if requested_kernel_enabled:
+            states = ('disabled', 'enabled')
+        else:
+            states = ('enabled', 'disabled')
+        if kernel_enabled is None:
+            states = ('<inconsistent>', states[1])
+        msgs.append("Kernel SELinux state changed from '%s' to '%s'" % states)
+        changed = True
+
     module.exit_json(changed=changed, msg=', '.join(msgs), configfile=configfile, policy=policy, state=state, reboot_required=reboot_required)
 
 

plugins/modules/synchronize.py

@@ -8,9 +8,6 @@
 from __future__ import absolute_import, division, print_function
 __metaclass__ = type
 
-ANSIBLE_METADATA = {'metadata_version': '1.1',
-                    'status': ['preview'],
-                    'supported_by': 'core'}
 
 DOCUMENTATION = r'''
 ---
@@ -23,6 +20,7 @@ description:
       boilerplate options and host facts.
     - This module is not intended to provide access to the full power of rsync, but does make the most common
       invocations easier to implement. You `still` may need to call rsync directly via C(command) or C(shell) depending on your use case.
+version_added: "1.0.0"
 options:
   src:
     description:
@@ -40,9 +38,8 @@ options:
     description:
       - Port number for ssh on the destination host.
       - Prior to Ansible 2.0, the ansible_ssh_port inventory var took precedence over this value.
-      - This parameter defaults to the value of C(ansible_ssh_port) or C(ansible_port),
-        the C(remote_port) config setting or the value from ssh client configuration
-        if none of the former have been set.
+      - This parameter defaults to the value of C(ansible_port), the C(remote_port) config setting
+        or the value from ssh client configuration if none of the former have been set.
     type: int
   mode:
     description:
@@ -76,9 +73,9 @@ options:
     default: no
   delete:
     description:
-      - Delete files in C(dest) that don't exist (after transfer, not before) in the C(src) path.
-      - This option requires C(recursive=yes).
-      - This option ignores excluded files and behaves like the rsync opt --delete-excluded.
+      - Delete files in I(dest) that do not exist (after transfer, not before) in the I(src) path.
+      - This option requires I(recursive=yes).
+      - This option ignores excluded files and behaves like the rsync opt C(--delete-after).
     type: bool
     default: no
   dirs:
@@ -140,7 +137,19 @@ options:
     default: yes
   use_ssh_args:
     description:
-      - Use the ssh_args specified in ansible.cfg.
+      - In Ansible 2.10 and lower, it uses the ssh_args specified in C(ansible.cfg).
+      - In Ansible 2.11 and onwards, when set to C(true), it uses all SSH connection configurations like
+        C(ansible_ssh_args), C(ansible_ssh_common_args), and C(ansible_ssh_extra_args).
+    type: bool
+    default: no
+  ssh_connection_multiplexing:
+    description:
+      - SSH connection multiplexing for rsync is disabled by default to prevent misconfigured ControlSockets from resulting in failed SSH connections.
+        This is accomplished by setting the SSH C(ControlSocket) to C(none).
+      - Set this option to C(yes) to allow multiplexing and reduce SSH connection overhead.
+      - Note that simply setting this option to C(yes) is not enough;
+        You must also configure SSH connection multiplexing in your SSH client config by setting values for
+        C(ControlMaster), C(ControlPersist) and C(ControlPath).
     type: bool
     default: no
   rsync_opts:
@@ -149,6 +158,7 @@ options:
       - Note that an empty string in C(rsync_opts) will end up transfer the current working directory.
     type: list
     default:
+    elements: str
   partial:
     description:
       - Tells rsync to keep the partial file which should make a subsequent transfer of the rest of the file much faster.
@@ -168,6 +178,15 @@ options:
       - Add a destination to hard link against during the rsync.
     type: list
     default:
+    elements: str
+  delay_updates:
+    description:
+      - This option puts the temporary file from each updated file into a holding directory until the end of the transfer,
+        at which time all the files are renamed into place in rapid succession.
+    type: bool
+    default: yes
+    version_added: '1.3.0'
+
 notes:
    - rsync must be installed on both the local and remote host.
    - For the C(synchronize) module, the "local host" is the host `the synchronize task originates on`, and the "destination host" is the host
@@ -188,8 +207,8 @@ notes:
    - Inspect the verbose output to validate the destination user/host/path are what was expected.
    - To exclude files and directories from being synchronized, you may add C(.rsync-filter) files to the source directory.
    - rsync daemon must be up and running with correct permission when using rsync protocol in source or destination path.
-   - The C(synchronize) module forces `--delay-updates` to avoid leaving a destination in a broken in-between state if the underlying rsync process
-     encounters an error. Those synchronizing large numbers of files that are willing to trade safety for performance should call rsync directly.
+   - The C(synchronize) module enables `--delay-updates` by default to avoid leaving a destination in a broken in-between state if the underlying rsync process
+     encounters an error. Those synchronizing large numbers of files that are willing to trade safety for performance should disable this option.
    - link_destination is subject to the same limitations as the underlying rsync daemon. Hard links are only preserved if the relative subtrees
      of the source and destination are the same. Attempts to hardlink into a directory that is a subdirectory of the source will be prevented.
 seealso:
@@ -199,88 +218,88 @@ author:
 - Timothy Appnel (@tima)
 '''
 
-EXAMPLES = '''
+EXAMPLES = r'''
 - name: Synchronization of src on the control machine to dest on the remote hosts
-  synchronize:
+  ansible.posix.synchronize:
     src: some/relative/path
     dest: /some/absolute/path
 
 - name: Synchronization using rsync protocol (push)
-  synchronize:
+  ansible.posix.synchronize:
     src: some/relative/path/
     dest: rsync://somehost.com/path/
 
 - name: Synchronization using rsync protocol (pull)
-  synchronize:
+  ansible.posix.synchronize:
     mode: pull
     src: rsync://somehost.com/path/
     dest: /some/absolute/path/
 
 - name:  Synchronization using rsync protocol on delegate host (push)
-  synchronize:
+  ansible.posix.synchronize:
     src: /some/absolute/path/
     dest: rsync://somehost.com/path/
   delegate_to: delegate.host
 
 - name: Synchronization using rsync protocol on delegate host (pull)
-  synchronize:
+  ansible.posix.synchronize:
     mode: pull
     src: rsync://somehost.com/path/
     dest: /some/absolute/path/
   delegate_to: delegate.host
 
 - name: Synchronization without any --archive options enabled
-  synchronize:
+  ansible.posix.synchronize:
     src: some/relative/path
     dest: /some/absolute/path
     archive: no
 
 - name: Synchronization with --archive options enabled except for --recursive
-  synchronize:
+  ansible.posix.synchronize:
     src: some/relative/path
     dest: /some/absolute/path
     recursive: no
 
 - name: Synchronization with --archive options enabled except for --times, with --checksum option enabled
-  synchronize:
+  ansible.posix.synchronize:
     src: some/relative/path
     dest: /some/absolute/path
     checksum: yes
     times: no
 
 - name: Synchronization without --archive options enabled except use --links
-  synchronize:
+  ansible.posix.synchronize:
     src: some/relative/path
     dest: /some/absolute/path
     archive: no
     links: yes
 
 - name: Synchronization of two paths both on the control machine
-  synchronize:
+  ansible.posix.synchronize:
     src: some/relative/path
     dest: /some/absolute/path
   delegate_to: localhost
 
 - name: Synchronization of src on the inventory host to the dest on the localhost in pull mode
-  synchronize:
+  ansible.posix.synchronize:
     mode: pull
     src: some/relative/path
     dest: /some/absolute/path
 
 - name: Synchronization of src on delegate host to dest on the current inventory host.
-  synchronize:
+  ansible.posix.synchronize:
     src: /first/absolute/path
     dest: /second/absolute/path
   delegate_to: delegate.host
 
 - name: Synchronize two directories on one remote host.
-  synchronize:
+  ansible.posix.synchronize:
     src: /first/absolute/path
     dest: /second/absolute/path
   delegate_to: "{{ inventory_hostname }}"
 
 - name: Synchronize and delete files in dest on the remote host that are not found in src of localhost.
-  synchronize:
+  ansible.posix.synchronize:
     src: some/relative/path
     dest: /some/absolute/path
     delete: yes
@@ -288,7 +307,7 @@ EXAMPLES = '''
 
 # This specific command is granted su privileges on the destination
 - name: Synchronize using an alternate rsync command
-  synchronize:
+  ansible.posix.synchronize:
     src: some/relative/path
     dest: /some/absolute/path
     rsync_path: su -c rsync
@@ -299,7 +318,7 @@ EXAMPLES = '''
 # + /var/conf # include /var/conf even though it was previously excluded
 
 - name: Synchronize passing in extra rsync options
-  synchronize:
+  ansible.posix.synchronize:
     src: /tmp/helloworld
     dest: /var/www/helloworld
     rsync_opts:
@@ -308,7 +327,7 @@ EXAMPLES = '''
 
 # Hardlink files if they didn't change
 - name: Use hardlinks when synchronizing filesystems
-  synchronize:
+  ansible.posix.synchronize:
     src: /tmp/path_a/foo.txt
     dest: /tmp/path_b/foo.txt
     link_dest: /tmp/path_a/
@@ -316,11 +335,11 @@ EXAMPLES = '''
 # Specify the rsync binary to use on remote host and on local host
 - hosts: groupofhosts
   vars:
-        ansible_rsync_path: /usr/gnu/bin/rsync
+    ansible_rsync_path: /usr/gnu/bin/rsync
 
   tasks:
     - name: copy /tmp/localpath/ to remote location /tmp/remotepath
-      synchronize:
+      ansible.posix.synchronize:
         src: /tmp/localpath/
         dest: /tmp/remotepath
         rsync_path: /usr/gnu/bin/rsync
@@ -392,12 +411,14 @@ def main():
             group=dict(type='bool'),
             set_remote_user=dict(type='bool', default=True),
             rsync_timeout=dict(type='int', default=0),
-            rsync_opts=dict(type='list', default=[]),
+            rsync_opts=dict(type='list', default=[], elements='str'),
             ssh_args=dict(type='str'),
+            ssh_connection_multiplexing=dict(type='bool', default=False),
             partial=dict(type='bool', default=False),
             verify_host=dict(type='bool', default=False),
+            delay_updates=dict(type='bool', default=True),
             mode=dict(type='str', default='push', choices=['pull', 'push']),
-            link_dest=dict(type='list')
+            link_dest=dict(type='list', elements='str'),
         ),
         supports_check_mode=True,
     )
@@ -434,13 +455,15 @@ def main():
     group = module.params['group']
     rsync_opts = module.params['rsync_opts']
     ssh_args = module.params['ssh_args']
+    ssh_connection_multiplexing = module.params['ssh_connection_multiplexing']
     verify_host = module.params['verify_host']
     link_dest = module.params['link_dest']
+    delay_updates = module.params['delay_updates']
 
     if '/' not in rsync:
         rsync = module.get_bin_path(rsync, required=True)
 
-    cmd = [rsync, '--delay-updates', '-F']
+    cmd = [rsync]
     _sshpass_pipe = None
     if rsync_password:
         try:
@@ -451,6 +474,9 @@ def main():
             )
         _sshpass_pipe = os.pipe()
         cmd = ['sshpass', '-d' + to_native(_sshpass_pipe[0], errors='surrogate_or_strict')] + cmd
+    if delay_updates:
+        cmd.append('--delay-updates')
+        cmd.append('-F')
     if compress:
         cmd.append('--compress')
     if rsync_timeout:
@@ -509,7 +535,9 @@ def main():
 
         # if the user has not supplied an --rsh option go ahead and add ours
         if not has_rsh:
-            ssh_cmd = [module.get_bin_path('ssh', required=True), '-S', 'none']
+            ssh_cmd = [module.get_bin_path('ssh', required=True)]
+            if not ssh_connection_multiplexing:
+                ssh_cmd.extend(['-S', 'none'])
             if private_key is not None:
                 ssh_cmd.extend(['-i', private_key])
             # If the user specified a port value
@@ -522,10 +550,10 @@ def main():
             ssh_cmd_str = ' '.join(shlex_quote(arg) for arg in ssh_cmd)
             if ssh_args:
                 ssh_cmd_str += ' %s' % ssh_args
-            cmd.append('--rsh=%s' % ssh_cmd_str)
+            cmd.append('--rsh=%s' % shlex_quote(ssh_cmd_str))
 
     if rsync_path:
-        cmd.append('--rsync-path=%s' % rsync_path)
+        cmd.append('--rsync-path=%s' % shlex_quote(rsync_path))
 
     if rsync_opts:
         if '' in rsync_opts:
@@ -551,7 +579,7 @@ def main():
             cmd.append('--link-dest=%s' % link_path)
 
     changed_marker = '<<CHANGED>>'
-    cmd.append('--out-format=' + changed_marker + '%i %n%L')
+    cmd.append('--out-format=%s' % shlex_quote(changed_marker + '%i %n%L'))
 
     # expand the paths
     if '@' not in source:
@@ -559,8 +587,8 @@ def main():
     if '@' not in dest:
         dest = os.path.expanduser(dest)
 
-    cmd.append(source)
-    cmd.append(dest)
+    cmd.append(shlex_quote(source))
+    cmd.append(shlex_quote(dest))
     cmdstr = ' '.join(cmd)
 
     # If we are using password authentication, write the password into the pipe
@@ -575,10 +603,10 @@ def main():
                     raise
 
         (rc, out, err) = module.run_command(
-            cmd, pass_fds=_sshpass_pipe,
+            cmdstr, pass_fds=_sshpass_pipe,
             before_communicate_callback=_write_password_to_pipe)
     else:
-        (rc, out, err) = module.run_command(cmd)
+        (rc, out, err) = module.run_command(cmdstr)
 
     if rc:
         return module.fail_json(msg=err, rc=rc, cmd=cmdstr)

plugins/modules/sysctl.py

@@ -9,32 +9,31 @@ from __future__ import absolute_import, division, print_function
 __metaclass__ = type
 
 
-ANSIBLE_METADATA = {'metadata_version': '1.1',
-                    'status': ['stableinterface'],
-                    'supported_by': 'core'}
-
-
-DOCUMENTATION = '''
+DOCUMENTATION = r'''
 ---
 module: sysctl
 short_description: Manage entries in sysctl.conf.
 description:
     - This module manipulates sysctl entries and optionally performs a C(/sbin/sysctl -p) after changing them.
+version_added: "1.0.0"
 options:
     name:
         description:
-            - The dot-separated path (aka I(key)) specifying the sysctl variable.
+            - The dot-separated path (also known as I(key)) specifying the sysctl variable.
         required: true
         aliases: [ 'key' ]
+        type: str
     value:
         description:
             - Desired value of the sysctl key.
         aliases: [ 'val' ]
+        type: str
     state:
         description:
             - Whether the entry should be present or absent in the sysctl file.
         choices: [ "present", "absent" ]
         default: present
+        type: str
     ignoreerrors:
         description:
             - Use this option to ignore errors about unknown keys.
@@ -51,42 +50,44 @@ options:
         description:
             - Specifies the absolute path to C(sysctl.conf), if not C(/etc/sysctl.conf).
         default: /etc/sysctl.conf
+        type: path
     sysctl_set:
         description:
             - Verify token value with the sysctl command and set with -w if necessary
         type: bool
         default: 'no'
-author: "David CHANIAL (@davixx) <david.chanial@gmail.com>"
+author:
+- David CHANIAL (@davixx)
 '''
 
-EXAMPLES = '''
+EXAMPLES = r'''
 # Set vm.swappiness to 5 in /etc/sysctl.conf
-- sysctl:
+- ansible.posix.sysctl:
     name: vm.swappiness
     value: '5'
     state: present
 
 # Remove kernel.panic entry from /etc/sysctl.conf
-- sysctl:
+- ansible.posix.sysctl:
     name: kernel.panic
     state: absent
     sysctl_file: /etc/sysctl.conf
 
 # Set kernel.panic to 3 in /tmp/test_sysctl.conf
-- sysctl:
+- ansible.posix.sysctl:
     name: kernel.panic
     value: '3'
     sysctl_file: /tmp/test_sysctl.conf
     reload: no
 
 # Set ip forwarding on in /proc and verify token value with the sysctl command
-- sysctl:
+- ansible.posix.sysctl:
     name: net.ipv4.ip_forward
     value: '1'
     sysctl_set: yes
 
 # Set ip forwarding on in /proc and in the sysctl file and reload if necessary
-- sysctl:
+- ansible.posix.sysctl:
     name: net.ipv4.ip_forward
     value: '1'
     sysctl_set: yes
@@ -186,12 +187,12 @@ class SysctlModule(object):
 
         # Do the work
         if not self.module.check_mode:
+            if self.set_proc:
+                self.set_token_value(self.args['name'], self.args['value'])
             if self.write_file:
                 self.write_sysctl()
             if self.changed and self.args['reload']:
                 self.reload_sysctl()
-            if self.set_proc:
-                self.set_token_value(self.args['name'], self.args['value'])
 
     def _values_is_equal(self, a, b):
         """Expects two string values. It will split the string by whitespace

plugins/shell/csh.py

@@ -4,11 +4,8 @@
 from __future__ import (absolute_import, division, print_function)
 __metaclass__ = type
 
-from ansible.plugins.shell import ShellBase
-
 DOCUMENTATION = '''
     name: csh
-    plugin_type: shell
     short_description: C shell (/bin/csh)
     description:
       - When you have no other option than to use csh
@@ -16,6 +13,10 @@ DOCUMENTATION = '''
       - shell_common
 '''
 
+from ansible.module_utils.six import text_type
+from ansible.module_utils.six.moves import shlex_quote
+from ansible.plugins.shell import ShellBase
+
 
 class ShellModule(ShellBase):
 
@@ -24,6 +25,10 @@ class ShellModule(ShellBase):
     # Family of shells this has.  Must match the filename without extension
     SHELL_FAMILY = 'csh'
 
+    # commonly used
+    ECHO = 'echo'
+    COMMAND_SEP = ';'
+
     # How to end lines in a python script one-liner
     _SHELL_EMBEDDED_PY_EOL = '\\\n'
     _SHELL_REDIRECT_ALLNULL = '>& /dev/null'
@@ -35,4 +40,8 @@ class ShellModule(ShellBase):
     _SHELL_GROUP_RIGHT = ')'
 
     def env_prefix(self, **kwargs):
-        return 'env %s' % super(ShellModule, self).env_prefix(**kwargs)
+        ret = []
+        # All the -u options must be first, so we process them first
+        ret += ['-u %s' % k for k, v in kwargs.items() if v is None]
+        ret += ['%s=%s' % (k, shlex_quote(text_type(v))) for k, v in kwargs.items() if v is not None]
+        return 'env %s' % ' '.join(ret)

plugins/shell/fish.py

@@ -4,13 +4,8 @@
 from __future__ import (absolute_import, division, print_function)
 __metaclass__ = type
 
-from ansible.module_utils.six import text_type
-from ansible.module_utils.six.moves import shlex_quote
-from ansible.plugins.shell.sh import ShellModule as ShModule
-
 DOCUMENTATION = '''
     name: fish
-    plugin_type: shell
     short_description: fish shell (/bin/fish)
     description:
       - This is here because some people are restricted to fish.
@@ -18,6 +13,10 @@ DOCUMENTATION = '''
       - shell_common
 '''
 
+from ansible.module_utils.six import text_type
+from ansible.module_utils.six.moves import shlex_quote
+from ansible.plugins.shell.sh import ShellModule as ShModule
+
 
 class ShellModule(ShModule):
 
@@ -38,7 +37,13 @@ class ShellModule(ShModule):
     def env_prefix(self, **kwargs):
         env = self.env.copy()
         env.update(kwargs)
-        return ' '.join(['set -lx %s %s;' % (k, shlex_quote(text_type(v))) for k, v in env.items()])
+        ret = []
+        for k, v in kwargs.items():
+            if v is None:
+                ret.append('set -e %s;' % k)
+            else:
+                ret.append('set -lx %s %s;' % (k, shlex_quote(text_type(v))))
+        return ' '.join(ret)
 
     def build_module_command(self, env_string, shebang, cmd, arg_path=None):
         # don't quote the cmd if it's an empty string, because this will break pipelining mode

shippable.yml

@@ -8,51 +8,50 @@ matrix:
   exclude:
     - env: T=none
   include:
-    - env: T=sanity/1
-    - env: T=sanity/2
-    - env: T=sanity/3
-    - env: T=sanity/4
-    - env: T=sanity/5
-
-    - env: T=units/2.6/1
-    - env: T=units/2.7/1
-    - env: T=units/3.5/1
-    - env: T=units/3.6/1
-    - env: T=units/3.7/1
-    - env: T=units/3.8/1
-    - env: T=units/3.9/1
-
-    - env: T=units/2.6/2
-    - env: T=units/2.7/2
-    - env: T=units/3.5/2
-    - env: T=units/3.6/2
-    - env: T=units/3.7/2
-    - env: T=units/3.8/2
-    - env: T=units/3.9/2
-
-    - env: T=units/2.6/3
-    - env: T=units/2.7/3
-    - env: T=units/3.5/3
-    - env: T=units/3.6/3
-    - env: T=units/3.7/3
-    - env: T=units/3.8/3
-    - env: T=units/3.9/3
-
-    - env: T=aix/7.2/1
-    - env: T=osx/10.11/1
-    - env: T=rhel/7.6/1
-    - env: T=rhel/8.1/1
-    - env: T=freebsd/11.1/1
-    - env: T=freebsd/12.1/1
-    - env: T=linux/centos6/1
-    - env: T=linux/centos7/1
-    - env: T=linux/centos8/1
-    - env: T=linux/fedora30/1
-    - env: T=linux/fedora31/1
-    - env: T=linux/opensuse15py2/1
-    - env: T=linux/opensuse15/1
-    - env: T=linux/ubuntu1604/1
-    - env: T=linux/ubuntu1804/1
+    - env: T=2.9/osx/10.11/1
+    - env: T=2.9/rhel/7.6/1
+    - env: T=2.9/rhel/8.1/1
+    - env: T=2.9/freebsd/11.1/1
+    - env: T=2.9/freebsd/12.0/1
+    - env: T=2.9/linux/centos6/1
+    - env: T=2.9/linux/centos7/1
+#    - env: T=2.9/linux/centos8/1
+    - env: T=2.9/linux/fedora30/1
+    - env: T=2.9/linux/fedora31/1
+    - env: T=2.9/linux/opensuse15py2/1
+    - env: T=2.9/linux/opensuse15/1
+    - env: T=2.9/linux/ubuntu1604/1
+    - env: T=2.9/linux/ubuntu1804/1
+#    - env: T=2.10/aix/7.2/1
+    - env: T=2.10/osx/10.11/1
+    - env: T=2.10/rhel/7.6/1
+    - env: T=2.10/rhel/8.2/1
+    - env: T=2.10/freebsd/11.1/1
+    - env: T=2.10/freebsd/12.1/1
+    - env: T=2.10/linux/centos6/1
+    - env: T=2.10/linux/centos7/1
+#    - env: T=2.10/linux/centos8/1
+    - env: T=2.10/linux/fedora30/1
+    - env: T=2.10/linux/fedora31/1
+    - env: T=2.10/linux/opensuse15py2/1
+    - env: T=2.10/linux/opensuse15/1
+    - env: T=2.10/linux/ubuntu1604/1
+    - env: T=2.10/linux/ubuntu1804/1
+#    - env: T=devel/aix/7.2/1
+    - env: T=devel/osx/10.11/1
+    - env: T=devel/rhel/7.6/1
+    - env: T=devel/rhel/8.1/1
+    - env: T=devel/freebsd/11.1/1
+    - env: T=devel/freebsd/12.1/1
+    - env: T=devel/linux/centos6/1
+    - env: T=devel/linux/centos7/1
+#    - env: T=devel/linux/centos8/1
+    - env: T=devel/linux/fedora30/1
+    - env: T=devel/linux/fedora31/1
+    - env: T=devel/linux/opensuse15py2/1
+    - env: T=devel/linux/opensuse15/1
+    - env: T=devel/linux/ubuntu1604/1
+    - env: T=devel/linux/ubuntu1804/1
 
 branches:
   except:

test-requirements.txt

@@ -0,0 +1,2 @@
+coverage==4.5.4
+pytest-xdist

tests/integration/targets/acl/tasks/acl.yml

@@ -23,6 +23,16 @@
   group:
     name: "{{ test_group }}"
 
+- name: Clean up working directory and files
+  file:
+    path: "{{ output_dir }}"
+    state: absent
+
+- name: Create working directory
+  file:
+    path: "{{ output_dir }}"
+    state: directory
+
 - name: Create ansible file
   file:
     path: "{{ test_file }}"

tests/integration/targets/authorized_key/tasks/check_mode.yml

@@ -0,0 +1,34 @@
+# -------------------------------------------------------------
+# check mode
+
+- name: CHECK MODE | copy an existing file in place with comments
+  copy:
+    src: existing_authorized_keys
+    dest: "{{ output_dir | expanduser }}/authorized_keys"
+
+- name: CHECK MODE | add key in check mode to validate return codes
+  authorized_key:
+    user: root
+    key: "{{ multiple_key_different_order_2 }}"
+    state: present
+    path: "{{ output_dir | expanduser }}/authorized_keys"
+  check_mode: True
+  register: result
+
+- name: CHECK MODE | assert that authorized_keys return values are consistent
+  assert:
+    that:
+      - 'result.changed == True'
+      - '"user" in result'
+      - '"key" in result'
+
+- name: CHECK MODE | recopy authorized_keys to ensure it was not changed
+  copy:
+    src: existing_authorized_keys
+    dest: "{{ output_dir | expanduser }}/authorized_keys"
+  register: result
+
+- name: CHECK MODE | assert that the authorized_keys file was not changed
+  assert:
+    that:
+      - 'result.changed == False'

tests/integration/targets/authorized_key/tasks/comments.yml

@@ -0,0 +1,50 @@
+# -------------------------------------------------------------
+# comments
+
+- name: Add rsa key with existing comment
+  authorized_key:
+    user: root
+    key: "{{ rsa_key_basic }}"
+    state: present
+    path: "{{ output_dir | expanduser }}/authorized_keys"
+  register: result
+
+- name: Change the comment on an existing key
+  authorized_key:
+    user: root
+    key: "{{ rsa_key_basic }}"
+    comment: user@acme.com
+    state: present
+    path: "{{ output_dir | expanduser }}/authorized_keys"
+  register: result
+
+- name: get the file content
+  shell: cat "{{ output_dir | expanduser }}/authorized_keys" | fgrep DATA_BASIC
+  changed_when: no
+  register: content
+
+- name: Assert that comment on an existing key was changed
+  assert:
+    that:
+      - "'user@acme.com' in content.stdout"
+
+- name: Set the same key with comment to ensure no changes are reported
+  authorized_key:
+    user: root
+    key: "{{ rsa_key_basic }}"
+    comment: user@acme.com
+    state: present
+    path: "{{ output_dir | expanduser }}/authorized_keys"
+  register: result
+
+- name: Assert that no changes were made when running again
+  assert:
+    that:
+      - not result.changed
+
+- debug:
+    var: "{{ item }}"
+    verbosity: 1
+  with_items:
+    - result
+    - content

tests/integration/targets/authorized_key/tasks/main.yml

@@ -1,6 +1,6 @@
 # test code for the authorized_key module
-# (c) 2014, James Cammarata <jcammarata@ansible.com>
-
+# - (c) 2014, James Cammarata <jcammarata@ansible.com>
+# - (c) 2021, Hideki Saito <saito@fgrep.org>
 # This file is part of Ansible
 #
 # Ansible is free software: you can redistribute it and/or modify
@@ -16,470 +16,17 @@
 # You should have received a copy of the GNU General Public License
 # along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
 
+- name: Setup testing environment
+  import_tasks: setup_steps.yml
 
-# -------------------------------------------------------------
-# Setup steps
+- name: Test for multiple keys handling
+  import_tasks: multiple_keys.yml
 
+- name: Test for ssh-dss key handling
+  import_tasks: ssh_dss.yml
 
-- name: copy an existing file in place with comments
-  copy:
-    src: existing_authorized_keys
-    dest: "{{ output_dir | expanduser }}/authorized_keys"
+- name: Test for check mode
+  import_tasks: check_mode.yml
 
-- name: add multiple keys different order
-  authorized_key:
-    user: root
-    key: "{{ multiple_key_different_order_2 }}"
-    state: present
-    path: "{{ output_dir | expanduser }}/authorized_keys"
-  register: result
-
-- name: get the file content
-  shell: cat "{{ output_dir | expanduser }}/authorized_keys"
-  changed_when: no
-  register: multiple_keys_existing
-
-- name: assert that the key was added and comments and ordering preserved
-  assert:
-    that:
-      - 'result.changed == True'
-      - '"# I like candy" in multiple_keys_existing.stdout'
-      - '"# I like candy" in multiple_keys_existing.stdout_lines[0]'
-      - '"ssh-rsa DATA_BASIC 1@testing" in multiple_keys_existing.stdout'
-      # The specific index is a little fragile, but I want to verify the line shows up
-      # as the 3rd line in the new entries after the existing entries and comments are preserved
-      - '"ssh-rsa DATA_BASIC 1@testing" in multiple_keys_existing.stdout_lines[7]'
-
-# start afresh
-
-- name: remove file foo.txt
-  file:
-    path: "{{ output_dir | expanduser }}/authorized_keys"
-    state: absent
-
-- name: touch the authorized_keys file
-  file:
-    dest: "{{ output_dir }}/authorized_keys"
-    state: touch
-  register: result
-
-- name: assert that the authorized_keys file was created
-  assert:
-    that:
-      - 'result.changed == True'
-      - 'result.state == "file"'
-
-- name: add multiple keys
-  authorized_key:
-    user: root
-    key: "{{ multiple_key_base }}"
-    state: present
-    path: "{{ output_dir | expanduser }}/authorized_keys"
-  register: result
-
-- name: assert that the key was added
-  assert:
-    that:
-    - 'result.changed == True'
-    - 'result.key == multiple_key_base'
-    - 'result.key_options == None'
-
-- name: add multiple keys different order
-  authorized_key:
-    user: root
-    key: "{{ multiple_key_different_order }}"
-    state: present
-    path: "{{ output_dir | expanduser }}/authorized_keys"
-  register: result
-
-- name: assert that the key was added
-  assert:
-    that:
-    - 'result.changed == True'
-    - 'result.key == multiple_key_different_order'
-    - 'result.key_options == None'
-
-- name: add multiple keys exclusive
-  authorized_key:
-    user: root
-    key: "{{ multiple_key_exclusive }}"
-    state: present
-    path: "{{ output_dir | expanduser }}/authorized_keys"
-    exclusive: true
-  register: result
-
-- name: assert that the key was added
-  assert:
-    that:
-      - 'result.changed == True'
-      - 'result.key == multiple_key_exclusive'
-      - 'result.key_options == None'
-
-- name: add multiple keys in different calls
-  authorized_key:
-    user: root
-    key: "ecdsa-sha2-nistp521 ECDSA_DATA 4@testing"
-    state: present
-    path: "{{ output_dir | expanduser }}/authorized_keys"
-  register: result
-
-- name: add multiple keys in different calls
-  authorized_key:
-    user: root
-    key: "ssh-rsa DATA_BASIC 1@testing"
-    state: present
-    path: "{{ output_dir | expanduser }}/authorized_keys"
-  register: result
-
-- name: get the file content
-  shell: cat "{{ output_dir | expanduser }}/authorized_keys"
-  changed_when: no
-  register: multiple_keys_at_a_time
-
-- name: assert that the key was added
-  assert:
-    that:
-      - 'result.changed == false'
-      - 'multiple_keys_at_a_time.stdout  == multiple_key_exclusive.strip()'
-
-- name: add multiple keys comment
-  authorized_key:
-    user: root
-    key: "{{ multiple_keys_comments }}"
-    state: present
-    path: "{{ output_dir | expanduser }}/authorized_keys"
-    exclusive: true
-  register: result
-
-- name: get the file content
-  shell: cat "{{ output_dir | expanduser }}/authorized_keys"
-  changed_when: no
-  register: multiple_keys_comments
-
-- name: assert that the keys exist and comment only lines were not added
-  assert:
-    that:
-      - 'result.changed == False'
-      - 'multiple_keys_comments.stdout == multiple_key_exclusive.strip()'
-      - 'result.key_options == None'
-
-
-
-# -------------------------------------------------------------
-# basic ssh-dss key
-
-- name: add basic ssh-dss key
-  authorized_key: user=root key="{{ dss_key_basic }}" state=present path="{{ output_dir | expanduser }}/authorized_keys"
-  register: result
-
-- name: assert that the key was added
-  assert:
-    that:
-      - 'result.changed == True'
-      - 'result.key == dss_key_basic'
-      - 'result.key_options == None'
-
-- name: re-add basic ssh-dss key
-  authorized_key: user=root key="{{ dss_key_basic }}" state=present path="{{ output_dir | expanduser }}/authorized_keys"
-  register: result
-
-- name: assert that nothing changed
-  assert:
-    that:
-      - 'result.changed == False'
-
-# -------------------------------------------------------------
-# ssh-dss key with an unquoted option
-
-- name: add ssh-dss key with an unquoted option
-  authorized_key:
-    user: root
-    key: "{{ dss_key_unquoted_option }}"
-    state: present
-    path: "{{ output_dir | expanduser }}/authorized_keys"
-  register: result
-
-- name: assert that the key was added
-  assert:
-    that:
-      - 'result.changed == True'
-      - 'result.key == dss_key_unquoted_option'
-      - 'result.key_options == None'
-
-- name: re-add ssh-dss key with an unquoted option
-  authorized_key:
-    user: root
-    key: "{{ dss_key_unquoted_option }}"
-    state: present
-    path: "{{ output_dir | expanduser }}/authorized_keys"
-  register: result
-
-- name: assert that nothing changed
-  assert:
-    that:
-      - 'result.changed == False'
-
-# -------------------------------------------------------------
-# ssh-dss key with a leading command="/bin/foo"
-
-- name: add ssh-dss key with a leading command
-  authorized_key:
-    user: root
-    key: "{{ dss_key_command }}"
-    state: present
-    path: "{{ output_dir | expanduser }}/authorized_keys"
-  register: result
-
-- name: assert that the key was added
-  assert:
-    that:
-      - 'result.changed == True'
-      - 'result.key == dss_key_command'
-      - 'result.key_options == None'
-
-- name: re-add ssh-dss key with a leading command
-  authorized_key:
-    user: root
-    key: "{{ dss_key_command }}"
-    state: present
-    path: "{{ output_dir | expanduser }}/authorized_keys"
-  register: result
-
-- name: assert that nothing changed
-  assert:
-    that:
-      - 'result.changed == False'
-
-# -------------------------------------------------------------
-# ssh-dss key with a complex quoted leading command
-# ie. command="/bin/echo foo 'bar baz'"
-
-- name: add ssh-dss key with a complex quoted leading command
-  authorized_key:
-    user: root
-    key: "{{ dss_key_complex_command }}"
-    state: present
-    path: "{{ output_dir | expanduser }}/authorized_keys"
-  register: result
-
-- name: assert that the key was added
-  assert:
-    that:
-      - 'result.changed == True'
-      - 'result.key == dss_key_complex_command'
-      - 'result.key_options == None'
-
-- name: re-add ssh-dss key with a complex quoted leading command
-  authorized_key:
-    user: root
-    key: "{{ dss_key_complex_command }}"
-    state: present
-    path: "{{ output_dir | expanduser }}/authorized_keys"
-  register: result
-
-- name: assert that nothing changed
-  assert:
-    that:
-      - 'result.changed == False'
-
-# -------------------------------------------------------------
-# ssh-dss key with a command and a single option, which are
-# in a comma-separated list
-
-- name: add ssh-dss key with a command and a single option
-  authorized_key:
-    user: root
-    key: "{{ dss_key_command_single_option }}"
-    state: present
-    path: "{{ output_dir | expanduser }}/authorized_keys"
-  register: result
-
-- name: assert that the key was added
-  assert:
-    that:
-      - 'result.changed == True'
-      - 'result.key == dss_key_command_single_option'
-      - 'result.key_options == None'
-
-- name: re-add ssh-dss key with a command and a single option
-  authorized_key:
-    user: root
-    key: "{{ dss_key_command_single_option }}"
-    state: present
-    path: "{{ output_dir | expanduser }}/authorized_keys"
-  register: result
-
-- name: assert that nothing changed
-  assert:
-    that:
-      - 'result.changed == False'
-
-# -------------------------------------------------------------
-# ssh-dss key with a command and multiple other options
-
-- name: add ssh-dss key with a command and multiple options
-  authorized_key:
-    user: root
-    key: "{{ dss_key_command_multiple_options }}"
-    state: present
-    path: "{{ output_dir | expanduser }}/authorized_keys"
-  register: result
-
-- name: assert that the key was added
-  assert:
-    that:
-      - 'result.changed == True'
-      - 'result.key == dss_key_command_multiple_options'
-      - 'result.key_options == None'
-
-- name: re-add ssh-dss key with a command and multiple options
-  authorized_key:
-    user: root
-    key: "{{ dss_key_command_multiple_options }}"
-    state: present
-    path: "{{ output_dir | expanduser }}/authorized_keys"
-  register: result
-
-- name: assert that nothing changed
-  assert:
-    that:
-      - 'result.changed == False'
-
-# -------------------------------------------------------------
-# ssh-dss key with multiple trailing parts, which are space-
-# separated and not quoted in any way
-
-- name: add ssh-dss key with trailing parts
-  authorized_key:
-    user: root
-    key: "{{ dss_key_trailing }}"
-    state: present
-    path: "{{ output_dir | expanduser }}/authorized_keys"
-  register: result
-
-- name: assert that the key was added
-  assert:
-    that:
-      - 'result.changed == True'
-      - 'result.key == dss_key_trailing'
-      - 'result.key_options == None'
-
-- name: re-add ssh-dss key with trailing parts
-  authorized_key:
-    user: root
-    key: "{{ dss_key_trailing }}"
-    state: present
-    path: "{{ output_dir | expanduser }}/authorized_keys"
-  register: result
-
-- name: assert that nothing changed
-  assert:
-    that:
-      - 'result.changed == False'
-
-# -------------------------------------------------------------
-# basic ssh-dss key with mutliple permit-open options
-# https://github.com/ansible/ansible-modules-core/issues/1715
-
-- name: add basic ssh-dss key with multi-opts
-  authorized_key:
-    user: root
-    key: "{{ dss_key_basic }}"
-    key_options: 'no-agent-forwarding,no-X11-forwarding,permitopen="10.9.8.1:8080",permitopen="10.9.8.1:9001"'
-    state: present
-    path: "{{ output_dir | expanduser }}/authorized_keys"
-  register: result
-
-- name: assert that the key with multi-opts was added
-  assert:
-    that:
-      - 'result.changed == True'
-      - 'result.key == dss_key_basic'
-      - 'result.key_options == "no-agent-forwarding,no-X11-forwarding,permitopen=\"10.9.8.1:8080\",permitopen=\"10.9.8.1:9001\""'
-
-- name: get the file content
-  shell: cat "{{ output_dir | expanduser }}/authorized_keys" | fgrep DATA_BASIC
-  changed_when: no
-  register: content
-
-- name: validate content
-  assert:
-    that:
-      - 'content.stdout == "no-agent-forwarding,no-X11-forwarding,permitopen=\"10.9.8.1:8080\",permitopen=\"10.9.8.1:9001\" ssh-dss DATA_BASIC root@testing"'
-
-# -------------------------------------------------------------
-# check mode
-
-- name: copy an existing file in place with comments
-  copy:
-    src: existing_authorized_keys
-    dest: "{{ output_dir | expanduser }}/authorized_keys"
-
-- authorized_key:
-    user: root
-    key: "{{ multiple_key_different_order_2 }}"
-    state: present
-    path: "{{ output_dir | expanduser }}/authorized_keys"
-  check_mode: True
-  register: result
-
-- name: assert that the file was not changed
-  copy:
-    src: existing_authorized_keys
-    dest: "{{ output_dir | expanduser }}/authorized_keys"
-  register: result
-
-- assert:
-    that:
-      - 'result.changed == False'
-
-# -------------------------------------------------------------
-# comments
-
-- name: Add rsa key with existing comment
-  authorized_key:
-    user: root
-    key: "{{ rsa_key_basic }}"
-    state: present
-    path: "{{ output_dir | expanduser }}/authorized_keys"
-  register: result
-
-- name: Change the comment on an existing key
-  authorized_key:
-    user: root
-    key: "{{ rsa_key_basic }}"
-    comment: user@acme.com
-    state: present
-    path: "{{ output_dir | expanduser }}/authorized_keys"
-  register: result
-
-- name: get the file content
-  shell: cat "{{ output_dir | expanduser }}/authorized_keys" | fgrep DATA_BASIC
-  changed_when: no
-  register: content
-
-- name: Assert that comment on an existing key was changed
-  assert:
-    that:
-      - "'user@acme.com' in content.stdout"
-
-- name: Set the same key with comment to ensure no changes are reported
-  authorized_key:
-    user: root
-    key: "{{ rsa_key_basic }}"
-    comment: user@acme.com
-    state: present
-    path: "{{ output_dir | expanduser }}/authorized_keys"
-  register: result
-
-- name: Assert that no changes were made when running again
-  assert:
-    that:
-      - not result.changed
-
-- debug:
-    var: "{{ item }}"
-    verbosity: 1
-  with_items:
-    - result
-    - content
+- name: Test for the management of comments with key
+  import_tasks: comments.yml

tests/integration/targets/authorized_key/tasks/multiple_keys.yml

@@ -0,0 +1,96 @@
+# -------------------------------------------------------------
+# multiple keys
+
+- name: add multiple keys
+  authorized_key:
+    user: root
+    key: "{{ multiple_key_base }}"
+    state: present
+    path: "{{ output_dir | expanduser }}/authorized_keys"
+  register: result
+
+- name: assert that the key was added
+  assert:
+    that:
+    - 'result.changed == True'
+    - 'result.key == multiple_key_base'
+    - 'result.key_options == None'
+
+- name: add multiple keys different order
+  authorized_key:
+    user: root
+    key: "{{ multiple_key_different_order }}"
+    state: present
+    path: "{{ output_dir | expanduser }}/authorized_keys"
+  register: result
+
+- name: assert that the key was added
+  assert:
+    that:
+    - 'result.changed == True'
+    - 'result.key == multiple_key_different_order'
+    - 'result.key_options == None'
+
+- name: add multiple keys exclusive
+  authorized_key:
+    user: root
+    key: "{{ multiple_key_exclusive }}"
+    state: present
+    path: "{{ output_dir | expanduser }}/authorized_keys"
+    exclusive: true
+  register: result
+
+- name: assert that the key was added
+  assert:
+    that:
+      - 'result.changed == True'
+      - 'result.key == multiple_key_exclusive'
+      - 'result.key_options == None'
+
+- name: add multiple keys in different calls
+  authorized_key:
+    user: root
+    key: "ecdsa-sha2-nistp521 ECDSA_DATA 4@testing"
+    state: present
+    path: "{{ output_dir | expanduser }}/authorized_keys"
+  register: result
+
+- name: add multiple keys in different calls
+  authorized_key:
+    user: root
+    key: "ssh-rsa DATA_BASIC 1@testing"
+    state: present
+    path: "{{ output_dir | expanduser }}/authorized_keys"
+  register: result
+
+- name: get the file content
+  shell: cat "{{ output_dir | expanduser }}/authorized_keys"
+  changed_when: no
+  register: multiple_keys_at_a_time
+
+- name: assert that the key was added
+  assert:
+    that:
+      - 'result.changed == false'
+      - 'multiple_keys_at_a_time.stdout  == multiple_key_exclusive.strip()'
+
+- name: add multiple keys comment
+  authorized_key:
+    user: root
+    key: "{{ multiple_keys_comments }}"
+    state: present
+    path: "{{ output_dir | expanduser }}/authorized_keys"
+    exclusive: true
+  register: result
+
+- name: get the file content
+  shell: cat "{{ output_dir | expanduser }}/authorized_keys"
+  changed_when: no
+  register: multiple_keys_comments
+
+- name: assert that the keys exist and comment only lines were not added
+  assert:
+    that:
+      - 'result.changed == False'
+      - 'multiple_keys_comments.stdout == multiple_key_exclusive.strip()'
+      - 'result.key_options == None'

tests/integration/targets/authorized_key/tasks/setup_steps.yml

@@ -0,0 +1,50 @@
+# -------------------------------------------------------------
+# Setup steps
+
+- name: copy an existing file in place with comments
+  copy:
+    src: existing_authorized_keys
+    dest: "{{ output_dir | expanduser }}/authorized_keys"
+
+- name: add multiple keys different order
+  authorized_key:
+    user: root
+    key: "{{ multiple_key_different_order_2 }}"
+    state: present
+    path: "{{ output_dir | expanduser }}/authorized_keys"
+  register: result
+
+- name: get the file content
+  shell: cat "{{ output_dir | expanduser }}/authorized_keys"
+  changed_when: no
+  register: multiple_keys_existing
+
+- name: assert that the key was added and comments and ordering preserved
+  assert:
+    that:
+      - 'result.changed == True'
+      - '"# I like candy" in multiple_keys_existing.stdout'
+      - '"# I like candy" in multiple_keys_existing.stdout_lines[0]'
+      - '"ssh-rsa DATA_BASIC 1@testing" in multiple_keys_existing.stdout'
+      # The specific index is a little fragile, but I want to verify the line shows up
+      # as the 3rd line in the new entries after the existing entries and comments are preserved
+      - '"ssh-rsa DATA_BASIC 1@testing" in multiple_keys_existing.stdout_lines[7]'
+
+# start afresh
+
+- name: remove file foo.txt
+  file:
+    path: "{{ output_dir | expanduser }}/authorized_keys"
+    state: absent
+
+- name: touch the authorized_keys file
+  file:
+    dest: "{{ output_dir }}/authorized_keys"
+    state: touch
+  register: result
+
+- name: assert that the authorized_keys file was created
+  assert:
+    that:
+      - 'result.changed == True'
+      - 'result.state == "file"'

tests/integration/targets/authorized_key/tasks/ssh_dss.yml

@@ -0,0 +1,241 @@
+# -------------------------------------------------------------
+# basic ssh-dss key
+
+- name: add basic ssh-dss key
+  authorized_key: user=root key="{{ dss_key_basic }}" state=present path="{{ output_dir | expanduser }}/authorized_keys"
+  register: result
+
+- name: assert that the key was added
+  assert:
+    that:
+      - 'result.changed == True'
+      - 'result.key == dss_key_basic'
+      - 'result.key_options == None'
+
+- name: re-add basic ssh-dss key
+  authorized_key: user=root key="{{ dss_key_basic }}" state=present path="{{ output_dir | expanduser }}/authorized_keys"
+  register: result
+
+- name: assert that nothing changed
+  assert:
+    that:
+      - 'result.changed == False'
+
+# -------------------------------------------------------------
+# ssh-dss key with an unquoted option
+
+- name: add ssh-dss key with an unquoted option
+  authorized_key:
+    user: root
+    key: "{{ dss_key_unquoted_option }}"
+    state: present
+    path: "{{ output_dir | expanduser }}/authorized_keys"
+  register: result
+
+- name: assert that the key was added
+  assert:
+    that:
+      - 'result.changed == True'
+      - 'result.key == dss_key_unquoted_option'
+      - 'result.key_options == None'
+
+- name: re-add ssh-dss key with an unquoted option
+  authorized_key:
+    user: root
+    key: "{{ dss_key_unquoted_option }}"
+    state: present
+    path: "{{ output_dir | expanduser }}/authorized_keys"
+  register: result
+
+- name: assert that nothing changed
+  assert:
+    that:
+      - 'result.changed == False'
+
+# -------------------------------------------------------------
+# ssh-dss key with a leading command="/bin/foo"
+
+- name: add ssh-dss key with a leading command
+  authorized_key:
+    user: root
+    key: "{{ dss_key_command }}"
+    state: present
+    path: "{{ output_dir | expanduser }}/authorized_keys"
+  register: result
+
+- name: assert that the key was added
+  assert:
+    that:
+      - 'result.changed == True'
+      - 'result.key == dss_key_command'
+      - 'result.key_options == None'
+
+- name: re-add ssh-dss key with a leading command
+  authorized_key:
+    user: root
+    key: "{{ dss_key_command }}"
+    state: present
+    path: "{{ output_dir | expanduser }}/authorized_keys"
+  register: result
+
+- name: assert that nothing changed
+  assert:
+    that:
+      - 'result.changed == False'
+
+# -------------------------------------------------------------
+# ssh-dss key with a complex quoted leading command
+# ie. command="/bin/echo foo 'bar baz'"
+
+- name: add ssh-dss key with a complex quoted leading command
+  authorized_key:
+    user: root
+    key: "{{ dss_key_complex_command }}"
+    state: present
+    path: "{{ output_dir | expanduser }}/authorized_keys"
+  register: result
+
+- name: assert that the key was added
+  assert:
+    that:
+      - 'result.changed == True'
+      - 'result.key == dss_key_complex_command'
+      - 'result.key_options == None'
+
+- name: re-add ssh-dss key with a complex quoted leading command
+  authorized_key:
+    user: root
+    key: "{{ dss_key_complex_command }}"
+    state: present
+    path: "{{ output_dir | expanduser }}/authorized_keys"
+  register: result
+
+- name: assert that nothing changed
+  assert:
+    that:
+      - 'result.changed == False'
+
+# -------------------------------------------------------------
+# ssh-dss key with a command and a single option, which are
+# in a comma-separated list
+
+- name: add ssh-dss key with a command and a single option
+  authorized_key:
+    user: root
+    key: "{{ dss_key_command_single_option }}"
+    state: present
+    path: "{{ output_dir | expanduser }}/authorized_keys"
+  register: result
+
+- name: assert that the key was added
+  assert:
+    that:
+      - 'result.changed == True'
+      - 'result.key == dss_key_command_single_option'
+      - 'result.key_options == None'
+
+- name: re-add ssh-dss key with a command and a single option
+  authorized_key:
+    user: root
+    key: "{{ dss_key_command_single_option }}"
+    state: present
+    path: "{{ output_dir | expanduser }}/authorized_keys"
+  register: result
+
+- name: assert that nothing changed
+  assert:
+    that:
+      - 'result.changed == False'
+
+# -------------------------------------------------------------
+# ssh-dss key with a command and multiple other options
+
+- name: add ssh-dss key with a command and multiple options
+  authorized_key:
+    user: root
+    key: "{{ dss_key_command_multiple_options }}"
+    state: present
+    path: "{{ output_dir | expanduser }}/authorized_keys"
+  register: result
+
+- name: assert that the key was added
+  assert:
+    that:
+      - 'result.changed == True'
+      - 'result.key == dss_key_command_multiple_options'
+      - 'result.key_options == None'
+
+- name: re-add ssh-dss key with a command and multiple options
+  authorized_key:
+    user: root
+    key: "{{ dss_key_command_multiple_options }}"
+    state: present
+    path: "{{ output_dir | expanduser }}/authorized_keys"
+  register: result
+
+- name: assert that nothing changed
+  assert:
+    that:
+      - 'result.changed == False'
+
+# -------------------------------------------------------------
+# ssh-dss key with multiple trailing parts, which are space-
+# separated and not quoted in any way
+
+- name: add ssh-dss key with trailing parts
+  authorized_key:
+    user: root
+    key: "{{ dss_key_trailing }}"
+    state: present
+    path: "{{ output_dir | expanduser }}/authorized_keys"
+  register: result
+
+- name: assert that the key was added
+  assert:
+    that:
+      - 'result.changed == True'
+      - 'result.key == dss_key_trailing'
+      - 'result.key_options == None'
+
+- name: re-add ssh-dss key with trailing parts
+  authorized_key:
+    user: root
+    key: "{{ dss_key_trailing }}"
+    state: present
+    path: "{{ output_dir | expanduser }}/authorized_keys"
+  register: result
+
+- name: assert that nothing changed
+  assert:
+    that:
+      - 'result.changed == False'
+
+# -------------------------------------------------------------
+# basic ssh-dss key with mutliple permit-open options
+# https://github.com/ansible/ansible-modules-core/issues/1715
+
+- name: add basic ssh-dss key with multi-opts
+  authorized_key:
+    user: root
+    key: "{{ dss_key_basic }}"
+    key_options: 'no-agent-forwarding,no-X11-forwarding,permitopen="10.9.8.1:8080",permitopen="10.9.8.1:9001"'
+    state: present
+    path: "{{ output_dir | expanduser }}/authorized_keys"
+  register: result
+
+- name: assert that the key with multi-opts was added
+  assert:
+    that:
+      - 'result.changed == True'
+      - 'result.key == dss_key_basic'
+      - 'result.key_options == "no-agent-forwarding,no-X11-forwarding,permitopen=\"10.9.8.1:8080\",permitopen=\"10.9.8.1:9001\""'
+
+- name: get the file content
+  shell: cat "{{ output_dir | expanduser }}/authorized_keys" | fgrep DATA_BASIC
+  changed_when: no
+  register: content
+
+- name: validate content
+  assert:
+    that:
+      - 'content.stdout == "no-agent-forwarding,no-X11-forwarding,permitopen=\"10.9.8.1:8080\",permitopen=\"10.9.8.1:9001\" ssh-dss DATA_BASIC root@testing"'

tests/integration/targets/firewalld/aliases

@@ -0,0 +1,5 @@
+destructive
+shippable/posix/group1
+skip/aix
+skip/freebsd
+skip/osx

tests/integration/targets/firewalld/meta/main.yml

@@ -0,0 +1,2 @@
+dependencies:
+  - setup_pkg_mgr

tests/integration/targets/firewalld/tasks/main.yml

@@ -0,0 +1,50 @@
+# Test playbook for the firewalld module
+# (c) 2017, Adam Miller <admiller@redhat.com>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+- name: Run firewalld tests
+  block:
+    - name: Ensure firewalld is installed
+      package:
+        name: firewalld
+        state: present
+      # This doesn't work for CentOS 6 because firewalld doesn't exist in CentOS6
+
+    - name: Check to make sure the firewalld python module is available.
+      shell: "{{ansible_python.executable}} -c 'import firewall'"
+      register: check_output
+      ignore_errors: true
+
+    - name: Enable dbus-broker daemon
+      service:
+        name: dbus-broker
+        enabled: true
+        state: started
+      when: (ansible_distribution == 'Fedora' and ansible_distribution_major_version is version('34', '=='))
+
+    - name: Test Online Operations
+      block:
+        - name: start firewalld
+          service:
+            name: firewalld
+            state: started
+
+        - import_tasks: run_all_tests.yml
+      when: check_output.rc == 0
+
+    - name: Test Offline Operations
+      block:
+        - name: stop firewalld
+          service:
+            name: firewalld
+            state: stopped
+
+        - import_tasks: run_all_tests.yml
+      when: check_output.rc == 0
+
+  when:
+  - ansible_facts.os_family == "RedHat" and ansible_facts.distribution_major_version is version('7', '>=')
+  - not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('14.04', '=='))
+  # Firewalld package on OpenSUSE (15+) require Python 3, so we skip on OpenSUSE running py2 on these newer distros
+  - not (ansible_os_family == "Suse" and ansible_distribution_major_version|int != 42 and ansible_python.version.major != 3)
+  - not (ansible_facts.distribution == "CentOS" and ansible_distribution_major_version is version('7', '==')) # FIXME

tests/integration/targets/firewalld/tasks/port_forward_test_cases.yml

@@ -0,0 +1,63 @@
+# Test playbook for the firewalld module - port operations
+# (c) 2017, Adam Miller <admiller@redhat.com>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+- name: firewalld port forward test permanent enabled
+  firewalld:
+    port_forward:
+      - port: 8080
+        proto: tcp
+        toport: 8081
+    permanent: true
+    state: enabled
+  register: result
+
+- name: assert firewalld port test permanent enabled worked
+  assert:
+    that:
+    - result is changed
+
+- name: firewalld port test permanent enabled rerun (verify not changed)
+  firewalld:
+    port_forward:
+      - port: 8080
+        proto: tcp
+        toport: 8081
+    permanent: true
+    state: enabled
+  register: result
+
+- name: assert firewalld port test permanent enabled rerun worked (verify not changed)
+  assert:
+    that:
+    - result is not changed
+
+- name: firewalld port test permanent disabled
+  firewalld:
+    port_forward:
+      - port: 8080
+        proto: tcp
+        toport: 8081
+    permanent: true
+    state: disabled
+  register: result
+
+- name: assert firewalld port test permanent disabled worked
+  assert:
+    that:
+    - result is changed
+
+- name: firewalld port test permanent disabled rerun (verify not changed)
+  firewalld:
+    port_forward:
+      - port: 8080
+        proto: tcp
+        toport: 8081
+    permanent: true
+    state: disabled
+  register: result
+
+- name: assert firewalld port test permanent disabled rerun worked (verify not changed)
+  assert:
+    that:
+    - result is not changed

tests/integration/targets/firewalld/tasks/port_test_cases.yml

@@ -0,0 +1,108 @@
+# Test playbook for the firewalld module - port operations
+# (c) 2017, Adam Miller <admiller@redhat.com>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+- name: firewalld port range test permanent enabled
+  firewalld:
+    port: 5500-6950/tcp
+    permanent: true
+    state: enabled
+  register: result
+
+- name: assert firewalld port range test permanent enabled worked
+  assert:
+    that:
+    - result is changed
+
+- name: firewalld port range test permanent enabled rerun (verify not changed)
+  firewalld:
+    port: 5500-6950/tcp
+    permanent: true
+    state: enabled
+  register: result
+
+- name: assert firewalld port range test permanent enabled rerun worked (verify not changed)
+  assert:
+    that:
+    - result is not changed
+
+- name: firewalld port test permanent enabled
+  firewalld:
+    port: 6900/tcp
+    permanent: true
+    state: enabled
+  register: result
+
+- name: assert firewalld port test permanent enabled worked
+  assert:
+    that:
+    - result is changed
+
+- name: firewalld port test permanent enabled
+  firewalld:
+    port: 6900/tcp
+    permanent: true
+    state: enabled
+  register: result
+
+- name: assert firewalld port test permanent enabled worked
+  assert:
+    that:
+    - result is not changed
+
+- name: firewalld port test disabled
+  firewalld:
+    port: "{{ item }}"
+    permanent: true
+    state: disabled
+  loop:
+    - 6900/tcp
+    - 5500-6950/tcp
+
+- name: firewalld port test permanent enabled
+  firewalld:
+    port: 8081/tcp
+    permanent: true
+    state: enabled
+  register: result
+
+- name: assert firewalld port test permanent enabled worked
+  assert:
+    that:
+    - result is changed
+
+- name: firewalld port test permanent enabled rerun (verify not changed)
+  firewalld:
+    port: 8081/tcp
+    permanent: true
+    state: enabled
+  register: result
+
+- name: assert firewalld port test permanent enabled rerun worked (verify not changed)
+  assert:
+    that:
+    - result is not changed
+
+- name: firewalld port test permanent disabled
+  firewalld:
+    port: 8081/tcp
+    permanent: true
+    state: disabled
+  register: result
+
+- name: assert firewalld port test permanent disabled worked
+  assert:
+    that:
+    - result is changed
+
+- name: firewalld port test permanent disabled rerun (verify not changed)
+  firewalld:
+    port: 8081/tcp
+    permanent: true
+    state: disabled
+  register: result
+
+- name: assert firewalld port test permanent disabled rerun worked (verify not changed)
+  assert:
+    that:
+    - result is not changed

tests/integration/targets/firewalld/tasks/run_all_tests.yml

@@ -0,0 +1,23 @@
+# Test playbook for the firewalld module
+# (c) 2017, Adam Miller <admiller@redhat.com>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+- name: Ensure /run/firewalld exists
+  file:
+    path: /run/firewalld
+    state: directory
+
+# firewalld service operation test cases
+- include_tasks: service_test_cases.yml
+
+# firewalld port operation test cases
+- include_tasks: port_test_cases.yml
+
+# firewalld source operation test cases
+- include_tasks: source_test_cases.yml
+
+# firewalld zone target operation test cases
+- include_tasks: zone_target_test_cases.yml
+
+# firewalld port forwarding operation test cases
+- include_tasks: port_forward_test_cases.yml

tests/integration/targets/firewalld/tasks/service_test_cases.yml

@@ -0,0 +1,65 @@
+# Test playbook for the firewalld module - service operations
+# (c) 2017, Adam Miller <admiller@redhat.com>
+
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+
+- name: firewalld service test permanent enabled
+  firewalld:
+    service: https
+    permanent: true
+    state: enabled
+  register: result
+
+- name: assert firewalld service test permanent enabled worked
+  assert:
+    that:
+    - result is changed
+
+- name: firewalld service test permanent enabled rerun (verify not changed)
+  firewalld:
+    service: https
+    permanent: true
+    state: enabled
+  register: result
+
+- name: assert firewalld service test permanent enabled rerun worked (verify not changed)
+  assert:
+    that:
+    - result is not changed
+
+- name: firewalld service test permanent disabled
+  firewalld:
+    service: https
+    permanent: true
+    state: disabled
+  register: result
+
+- name: assert firewalld service test permanent disabled worked
+  assert:
+    that:
+    - result is changed
+
+- name: firewalld service test permanent disabled rerun (verify not changed)
+  firewalld:
+    service: https
+    permanent: true
+    state: disabled
+  register: result
+
+- name: assert firewalld service test permanent disabled rerun worked (verify not changed)
+  assert:
+    that:
+    - result is not changed

tests/integration/targets/firewalld/tasks/source_test_cases.yml

@@ -0,0 +1,85 @@
+# Test playbook for the firewalld module - source operations
+# (c) 2019, Hideki Saito <saito@fgrep.org>
+
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+
+- name: firewalld source test permanent enabled
+  firewalld:
+    source: 192.0.2.0/24
+    zone: internal
+    permanent: True
+    state: enabled
+  register: result
+
+- name: assert firewalld source test permanent enabled worked
+  assert:
+    that:
+    - result is changed
+
+- name: firewalld source test permanent enabled rerun (verify not changed)
+  firewalld:
+    source: 192.0.2.0/24
+    zone: internal
+    permanent: True
+    state: enabled
+  register: result
+
+- name: assert firewalld source test permanent enabled rerun worked (verify not changed)
+  assert:
+    that:
+    - result is not changed
+
+- name: firewalld source test permanent disabled
+  firewalld:
+    source: 192.0.2.0/24
+    zone: internal
+    permanent: True
+    state: disabled
+  register: result
+
+- name: assert firewalld source test permanent disabled worked
+  assert:
+    that:
+    - result is changed
+
+- name: firewalld source test permanent disabled rerun (verify not changed)
+  firewalld:
+    source: 192.0.2.0/24
+    zone: internal
+    permanent: True
+    state: disabled
+  register: result
+
+- name: assert firewalld source test permanent disabled rerun worked (verify not changed)
+  assert:
+    that:
+    - result is not changed
+
+- name: firewalld source test permanent enabled is exclusive (verify exclusive error)
+  firewalld:
+    source: 192.0.2.0/24
+    port: 8081/tcp
+    zone: internal
+    permanent: True
+    state: enabled
+  register: result
+  ignore_errors: true
+
+- name: assert firewalld source test permanent enabled is exclusive (verify exclusive error)
+  assert:
+    that:
+    - result is not changed
+    - "result.msg == 'parameters are mutually exclusive: icmp_block|icmp_block_inversion|service|port|port_forward|rich_rule|interface|masquerade|source|target'"

tests/integration/targets/firewalld/tasks/zone_target_test_cases.yml

@@ -0,0 +1,121 @@
+# Test playbook for the firewalld module - source operations
+# (c) 2020, Adam Miller <admiller@redhat.com>
+
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+
+- name: firewalld dmz zone target DROP
+  firewalld:
+    zone: dmz
+    permanent: True
+    state: present
+    target: DROP
+  register: result
+
+- name: assert firewalld dmz zone target DROP present worked
+  assert:
+    that:
+    - result is changed
+
+- name: firewalld dmz zone target DROP rerun (verify not changed)
+  firewalld:
+    zone: dmz
+    permanent: True
+    state: present
+    target: DROP
+  register: result
+
+- name: assert firewalld dmz zone target DROP present worked (verify not changed)
+  assert:
+    that:
+    - result is not changed
+
+- name: firewalld dmz zone target DROP absent
+  firewalld:
+    zone: dmz
+    permanent: True
+    state: absent
+    target: DROP
+  register: result
+
+- name: assert firewalld dmz zone target DROP absent worked
+  assert:
+    that:
+    - result is changed
+
+- name: firewalld dmz zone target DROP rerun (verify not changed)
+  firewalld:
+    zone: dmz
+    permanent: True
+    state: absent
+    target: DROP
+  register: result
+
+- name: assert firewalld dmz zone target DROP present worked (verify not changed)
+  assert:
+    that:
+    - result is not changed
+
+- name: firewalld dmz zone target %%REJECT%%
+  firewalld:
+    zone: dmz
+    permanent: True
+    state: present
+    target: '%%REJECT%%'
+  register: result
+
+- name: assert firewalld dmz zone target %%REJECT%% present worked
+  assert:
+    that:
+    - result is changed
+
+- name: firewalld dmz zone target %%REJECT%% rerun (verify not changed)
+  firewalld:
+    zone: dmz
+    permanent: True
+    state: present
+    target: '%%REJECT%%'
+  register: result
+
+- name: assert firewalld dmz zone target %%REJECT%% present worked (verify not changed)
+  assert:
+    that:
+    - result is not changed
+
+- name: firewalld dmz zone target %%REJECT%% absent
+  firewalld:
+    zone: dmz
+    permanent: True
+    state: absent
+    target: '%%REJECT%%'
+  register: result
+
+- name: assert firewalld dmz zone target %%REJECT%% absent worked
+  assert:
+    that:
+    - result is changed
+
+- name: firewalld dmz zone target %%REJECT%% rerun (verify not changed)
+  firewalld:
+    zone: dmz
+    permanent: True
+    state: absent
+    target: '%%REJECT%%'
+  register: result
+
+- name: assert firewalld dmz zone target %%REJECT%% present worked (verify not changed)
+  assert:
+    that:
+    - result is not changed

tests/integration/targets/firewalld_info/aliases

@@ -0,0 +1,5 @@
+destructive
+shippable/posix/group3
+skip/aix
+skip/freebsd
+skip/osx

tests/integration/targets/firewalld_info/tasks/main.yml

@@ -0,0 +1,52 @@
+# Test playbook for the firewalld_info module
+# (c) 2021, Hideki Saito <saito@fgrep.org>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+# This test is based on the integration test playbook for firewalld module.
+- name: Run firewalld tests
+  block:
+    - name: Ensure firewalld is installed
+      package:
+        name: firewalld
+        state: present
+      # This doesn't work for CentOS 6 because firewalld doesn't exist in CentOS6
+
+    - name: Check to make sure the firewalld python module is available.
+      shell: "{{ansible_python.executable}} -c 'import firewall'"
+      register: check_output_firewall
+      ignore_errors: true
+
+    - name: Check to make sure the dbus python module is available.
+      shell: "{{ansible_python.executable}} -c 'import dbus'"
+      register: check_output_dbus
+      ignore_errors: true
+
+    - name: Test Online Operations
+      block:
+        - name: start firewalld
+          service:
+            name: firewalld
+            state: started
+
+        - import_tasks: run_tests_in_started.yml
+      when:
+        - check_output_firewall.rc == 0
+        - check_output_dbus.rc == 0
+
+    - name: Test Offline Operations
+      block:
+        - name: stop firewalld
+          service:
+            name: firewalld
+            state: stopped
+
+        - import_tasks: run_tests_in_stopped.yml
+      when:
+        - check_output_firewall.rc == 0
+        - check_output_dbus.rc == 0
+
+  when:
+  - ansible_facts.os_family == "RedHat" and ansible_facts.distribution_major_version is version('7', '>=')
+  - not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('14.04', '=='))
+  # Firewalld package on OpenSUSE (15+) require Python 3, so we skip on OpenSUSE running py2 on these newer distros
+  - not (ansible_os_family == "Suse" and ansible_distribution_major_version|int != 42 and ansible_python.version.major != 3)

tests/integration/targets/firewalld_info/tasks/run_tests_in_started.yml

@@ -0,0 +1,32 @@
+# Test playbook for the firewalld_info module
+# (c) 2021, Hideki Saito <saito@fgrep.org>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+- name: Ensure firewalld_info without options
+  firewalld_info:
+  register: result
+
+- name: Assert collected_zones and undefined_zones
+  assert:
+    that:
+      - 'result.collected_zones and not result.undefined_zones'
+
+- name: Ensure firewalld_info with active_zones
+  firewalld_info:
+    active_zones: yes
+  register: result
+
+- name: Assert turn active_zones true
+  assert:
+    that:
+
+- name: Ensure firewalld_zones with zone list
+  firewalld_info:
+    zones:
+      - public
+      - invalid_zone
+  register: result
+
+- name: Assert specified zones
+  assert:
+    that:

tests/integration/targets/firewalld_info/tasks/run_tests_in_stopped.yml

@@ -0,0 +1,40 @@
+# Test playbook for the firewalld_info module
+# (c) 2021, Hideki Saito <saito@fgrep.org>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+- name: Ensure firewalld_info without options
+  firewalld_info:
+  register: result
+  ignore_errors: yes
+
+- name: Assert firewalld_info fails if firewalld is not running.
+  assert:
+    that:
+      - result.failed
+      - "'firewalld probably not be running,' in result.msg"
+
+- name: Ensure firewalld_info with active_zones
+  firewalld_info:
+    active_zones: yes
+  register: result
+  ignore_errors: yes
+
+- name: Assert firewalld_info with active_zones fails if firewalld is not running.
+  assert:
+    that:
+      - result.failed
+      - "'firewalld probably not be running,' in result.msg"
+
+- name: Ensure firewalld_zones with zone list
+  firewalld_info:
+    zones:
+      - public
+      - invalid_zone
+  register: result
+  ignore_errors: yes
+
+- name: Assert firewalld_info with zones list fails if firewalld is not running.
+  assert:
+    that:
+      - result.failed
+      - "'firewalld probably not be running,' in result.msg"

tests/integration/targets/mount/aliases

@@ -2,4 +2,3 @@ needs/privileged
 needs/root
 shippable/posix/group1
 skip/aix
-disabled # fixme

tests/integration/targets/mount/tasks/main.yml

@@ -2,10 +2,12 @@
   file:
     state: directory
     path: '{{ output_dir }}/mount_dest'
+
 - name: Create a directory to bind mount
   file:
     state: directory
     path: '{{ output_dir }}/mount_source'
+
 - name: Put something in the directory so we see that it worked
   copy:
     content: 'Testing
@@ -13,6 +15,7 @@
       '
     dest: '{{ output_dir }}/mount_source/test_file'
   register: orig_info
+
 - name: Bind mount a filesystem (Linux)
   mount:
     src: '{{ output_dir }}/mount_source'
@@ -22,6 +25,7 @@
     opts: bind
   when: ansible_system == 'Linux'
   register: bind_result_linux
+
 - name: Bind mount a filesystem (FreeBSD)
   mount:
     src: '{{ output_dir }}/mount_source'
@@ -30,11 +34,13 @@
     fstype: nullfs
   when: ansible_system == 'FreeBSD'
   register: bind_result_freebsd
+
 - name: get checksum for bind mounted file
   stat:
     path: '{{ output_dir }}/mount_dest/test_file'
   when: ansible_system in ('FreeBSD', 'Linux')
   register: dest_stat
+
 - name: assert the bind mount was successful
   assert:
     that:
@@ -42,6 +48,7 @@
     - dest_stat['stat']['exists']
     - orig_info['checksum'] == dest_stat['stat']['checksum']
   when: ansible_system in ('FreeBSD', 'Linux')
+
 - name: Bind mount a filesystem (Linux)
   mount:
     src: '{{ output_dir }}/mount_source'
@@ -51,6 +58,7 @@
     opts: bind
   when: ansible_system == 'Linux'
   register: bind_result_linux
+
 - name: Bind mount a filesystem (FreeBSD)
   mount:
     src: '{{ output_dir }}/mount_source'
@@ -59,11 +67,13 @@
     fstype: nullfs
   when: ansible_system == 'FreeBSD'
   register: bind_result_freebsd
+
 - name: Make sure we didn't mount a second time
   assert:
     that:
     - (ansible_system == 'Linux' and not bind_result_linux['changed']) or (ansible_system == 'FreeBSD' and not bind_result_freebsd['changed'])
   when: ansible_system in ('FreeBSD', 'Linux')
+
 - name: Remount filesystem with different opts (Linux)
   mount:
     src: '{{ output_dir }}/mount_source'
@@ -73,6 +83,7 @@
     opts: bind,ro
   when: ansible_system == 'Linux'
   register: bind_result_linux
+
 - name: Remount filesystem with different opts (FreeBSD)
   mount:
     src: '{{ output_dir }}/mount_source'
@@ -82,9 +93,11 @@
     opts: ro
   when: ansible_system == 'FreeBSD'
   register: bind_result_freebsd
+
 - name: Get mount options
   shell: mount | grep mount_dest | grep -E -w '(ro|read-only)' | wc -l
   register: remount_options
+
 - name: Make sure the filesystem now has the new opts
   assert:
     that:
@@ -92,176 +105,213 @@
     - '''1'' in remount_options.stdout'
     - 1 == remount_options.stdout_lines | length
   when: ansible_system in ('FreeBSD', 'Linux')
+
 - name: Unmount the bind mount
   mount:
     name: '{{ output_dir }}/mount_dest'
     state: absent
   when: ansible_system in ('Linux', 'FreeBSD')
   register: unmount_result
+
 - name: Make sure the file no longer exists in dest
   stat:
     path: '{{ output_dir }}/mount_dest/test_file'
   when: ansible_system in ('FreeBSD', 'Linux')
   register: dest_stat
+
 - name: Check that we unmounted
   assert:
     that:
     - unmount_result['changed']
     - not dest_stat['stat']['exists']
   when: ansible_system in ('FreeBSD', 'Linux')
-- name: Create fstab record for the first swap file
-  mount:
-    name: none
-    src: /tmp/swap1
-    opts: sw
-    fstype: swap
-    state: present
-  register: swap1_created
-  when: ansible_system in ('Linux')
-- name: Try to create fstab record for the first swap file again
-  mount:
-    name: none
-    src: /tmp/swap1
-    opts: sw
-    fstype: swap
-    state: present
-  register: swap1_created_again
-  when: ansible_system in ('Linux')
-- name: Check that we created the swap1 record
-  assert:
-    that:
-    - swap1_created['changed']
-    - not swap1_created_again['changed']
-  when: ansible_system in ('Linux')
-- name: Create fstab record for the second swap file
-  mount:
-    name: none
-    src: /tmp/swap2
-    opts: sw
-    fstype: swap
-    state: present
-  register: swap2_created
-  when: ansible_system in ('Linux')
-- name: Try to create fstab record for the second swap file again
-  mount:
-    name: none
-    src: /tmp/swap1
-    opts: sw
-    fstype: swap
-    state: present
-  register: swap2_created_again
-  when: ansible_system in ('Linux')
-- name: Check that we created the swap2 record
-  assert:
-    that:
-    - swap2_created['changed']
-    - not swap2_created_again['changed']
-  when: ansible_system in ('Linux')
-- name: Remove the fstab record for the first swap file
-  mount:
-    name: none
-    src: /tmp/swap1
-    state: absent
-  register: swap1_removed
-  when: ansible_system in ('Linux')
-- name: Try to remove the fstab record for the first swap file again
-  mount:
-    name: none
-    src: /tmp/swap1
-    state: absent
-  register: swap1_removed_again
-  when: ansible_system in ('Linux')
-- name: Check that we removed the swap1 record
-  assert:
-    that:
-    - swap1_removed['changed']
-    - not swap1_removed_again['changed']
-  when: ansible_system in ('Linux')
-- name: Remove the fstab record for the second swap file
-  mount:
-    name: none
-    src: /tmp/swap2
-    state: absent
-  register: swap2_removed
-  when: ansible_system in ('Linux')
-- name: Try to remove the fstab record for the second swap file again
-  mount:
-    name: none
-    src: /tmp/swap2
-    state: absent
-  register: swap2_removed_again
-  when: ansible_system in ('Linux')
-- name: Check that we removed the swap2 record
-  assert:
-    that:
-    - swap2_removed['changed']
-    - not swap2_removed_again['changed']
-  when: ansible_system in ('Linux')
-- name: Create fstab record with missing last two fields
-  copy:
-    dest: /etc/fstab
-    content: '//nas/photo /home/jik/pictures cifs defaults,credentials=/etc/security/nas.creds,uid=jik,gid=users,forceuid,forcegid,noserverino,_netdev
 
-      '
-  when: ansible_system in ('Linux')
-- name: Try to change the fstab record with the missing last two fields
-  mount:
-    src: //nas/photo
-    path: /home/jik/pictures
-    fstype: cifs
-    opts: defaults,credentials=/etc/security/nas.creds,uid=jik,gid=users,forceuid,forcegid,noserverino,_netdev,x-systemd.mount-timeout=0
-    state: present
-  register: optional_fields_update
-  when: ansible_system in ('Linux')
-- name: Get the content of the fstab file
-  shell: cat /etc/fstab
-  register: optional_fields_content
-  when: ansible_system in ('Linux')
-- name: Check if the line containing the missing last two fields was changed
-  assert:
-    that:
-    - optional_fields_update['changed']
-    - ''' 0 0'' in optional_fields_content.stdout'
-    - 1 == optional_fields_content.stdout_lines | length
-  when: ansible_system in ('Linux')
 - name: Block to test remounted option
   block:
+  - name: Create fstab record for the first swap file
+    mount:
+      name: none
+      src: /tmp/swap1
+      opts: sw
+      fstype: swap
+      state: present
+    register: swap1_created
+
+  - name: Try to create fstab record for the first swap file again
+    mount:
+      name: none
+      src: /tmp/swap1
+      opts: sw
+      fstype: swap
+      state: present
+    register: swap1_created_again
+
+  - name: Check that we created the swap1 record
+    assert:
+      that:
+      - swap1_created['changed']
+      - not swap1_created_again['changed']
+
+  - name: Create fstab record for the second swap file
+    mount:
+      name: none
+      src: /tmp/swap2
+      opts: sw
+      fstype: swap
+      state: present
+    register: swap2_created
+
+  - name: Try to create fstab record for the second swap file again
+    mount:
+      name: none
+      src: /tmp/swap1
+      opts: sw
+      fstype: swap
+      state: present
+    register: swap2_created_again
+
+  - name: Check that we created the swap2 record
+    assert:
+      that:
+      - swap2_created['changed']
+      - not swap2_created_again['changed']
+
+  - name: Remove the fstab record for the first swap file
+    mount:
+      name: none
+      src: /tmp/swap1
+      state: absent
+    register: swap1_removed
+
+  - name: Try to remove the fstab record for the first swap file again
+    mount:
+      name: none
+      src: /tmp/swap1
+      state: absent
+    register: swap1_removed_again
+
+  - name: Check that we removed the swap1 record
+    assert:
+      that:
+      - swap1_removed['changed']
+      - not swap1_removed_again['changed']
+
+  - name: Remove the fstab record for the second swap file
+    mount:
+      name: none
+      src: /tmp/swap2
+      state: absent
+    register: swap2_removed
+
+  - name: Try to remove the fstab record for the second swap file again
+    mount:
+      name: none
+      src: /tmp/swap2
+      state: absent
+    register: swap2_removed_again
+
+  - name: Check that we removed the swap2 record
+    assert:
+      that:
+      - swap2_removed['changed']
+      - not swap2_removed_again['changed']
+
+  - name: Create fstab record with missing last two fields
+    copy:
+      dest: /etc/fstab
+      content: '//nas/photo /home/jik/pictures cifs defaults,credentials=/etc/security/nas.creds,uid=jik,gid=users,forceuid,forcegid,noserverino,_netdev
+
+        '
+
+  - name: Try to change the fstab record with the missing last two fields
+    mount:
+      src: //nas/photo
+      path: /home/jik/pictures
+      fstype: cifs
+      opts: defaults,credentials=/etc/security/nas.creds,uid=jik,gid=users,forceuid,forcegid,noserverino,_netdev,x-systemd.mount-timeout=0
+      state: present
+    register: optional_fields_update
+
+  - name: Get the content of the fstab file
+    shell: cat /etc/fstab
+    register: optional_fields_content
+
+  - name: Check if the line containing the missing last two fields was changed
+    assert:
+      that:
+      - optional_fields_update['changed']
+      - ''' 0 0'' in optional_fields_content.stdout'
+      - 1 == optional_fields_content.stdout_lines | length
+
   - name: Create empty file
-    command: dd if=/dev/zero of=/tmp/myfs.img bs=1048576 count=20
-    when: ansible_system in ('Linux')
+    community.general.filesize:
+      path: /tmp/myfs.img
+      size: 20M
+
   - name: Format FS
-    when: ansible_system in ('Linux')
-    community.general.system.filesystem:
+    community.general.filesystem:
       fstype: ext3
       dev: /tmp/myfs.img
+
   - name: Mount the FS for the first time
     mount:
       path: /tmp/myfs
       src: /tmp/myfs.img
       fstype: ext2
       state: mounted
-    when: ansible_system in ('Linux')
+
   - name: Get the last write time
     shell: 'dumpe2fs /tmp/myfs.img 2>/dev/null | grep -i last write time: |cut -d: -f2-'
     register: last_write_time
-    when: ansible_system in ('Linux')
+
   - name: Wait 2 second
     pause:
       seconds: 2
-    when: ansible_system in ('Linux')
+
   - name: Test if the FS is remounted
     mount:
       path: /tmp/myfs
       state: remounted
-    when: ansible_system in ('Linux')
+
   - name: Get again the last write time
     shell: 'dumpe2fs /tmp/myfs.img 2>/dev/null | grep -i last write time: |cut -d: -f2-'
     register: last_write_time2
-    when: ansible_system in ('Linux')
+
   - name: Fail if they are the same
     fail:
       msg: Filesytem was not remounted, testing of the module failed!
-    when: last_write is defined and last_write_time2 is defined and last_write_time.stdout == last_write_time2.stdout and ansible_system in ('Linux')
+    when: last_write is defined and last_write_time2 is defined and last_write_time.stdout == last_write_time2.stdout
+
+  - name: Remount filesystem with different opts using remounted option (Linux only)
+    mount:
+      path: /tmp/myfs
+      state: remounted
+      opts: rw,noexec
+
+  - name: Get remounted options (Linux only)
+    shell: mount | grep myfs | grep -E -w 'noexec' | wc -l
+    register: remounted_options
+
+  - name: Make sure the filesystem now has the new opts after using remounted (Linux only)
+    assert:
+      that:
+        - "'1' in remounted_options.stdout"
+        - "1 == remounted_options.stdout_lines | length"
+
+  - name: Mount the FS again to test backup
+    mount:
+      path: /tmp/myfs
+      src: /tmp/myfs.img
+      fstype: ext2
+      state: mounted
+      backup: yes
+    register: mount_backup_out
+
+  - name: ensure backup_file in returned output
+    assert:
+      that:
+        - "'backup_file' in mount_backup_out"
+
   always:
   - name: Umount the test FS
     mount:
@@ -269,7 +319,7 @@
       src: /tmp/myfs.img
       opts: loop
       state: absent
-    when: ansible_system in ('Linux')
+
   - name: Remove the test FS
     file:
       path: '{{ item }}'
@@ -277,4 +327,82 @@
     loop:
     - /tmp/myfs.img
     - /tmp/myfs
-    when: ansible_system in ('Linux')
+  when: ansible_system in ('Linux')
+
+- name: Block to test boot option for Linux
+  block:
+  - name: Create empty file
+    community.general.filesize:
+      path: /tmp/myfs.img
+      size: 20M
+
+  - name: Format FS
+    community.general.filesystem:
+      fstype: ext3
+      dev: /tmp/myfs.img
+
+  - name: Mount the FS with noauto option
+    mount:
+      path: /tmp/myfs
+      src: /tmp/myfs.img
+      fstype: ext3
+      state: mounted
+      boot: no
+      opts: rw,user,async
+    register: mount_info
+
+  - name: assert the mount without noauto was successful
+    assert:
+      that:
+      - mount_info['opts'] == 'rw,user,async,noauto'
+
+  - name: Unmount FS
+    mount:
+      path: /tmp/myfs
+      state: absent
+
+  - name: Remove the test FS
+    file:
+      path: '{{ item }}'
+      state: absent
+    loop:
+    - /tmp/myfs.img
+    - /tmp/myfs
+  when: ansible_system in ('Linux')
+
+- name: Block to test missing newline at the EOF of fstab
+  block:
+  - name: Create empty file
+    community.general.filesize:
+      path: /tmp/myfs1.img
+      size: 20M
+  - name: Format FS
+    community.general.filesystem:
+      fstype: ext3
+      dev: /tmp/myfs1.img
+  - name: Create custom fstab file without newline
+    copy:
+      content: '#TEST COMMENT WITHOUT NEWLINE'
+      dest: /tmp/test_fstab
+  - name: Mount the FS using the custom fstab
+    mount:
+      path: /tmp/myfs1
+      src: /tmp/myfs1.img
+      fstype: ext3
+      state: mounted
+      opts: defaults
+      fstab: /tmp/test_fstab
+  - name: Unmount the mount point in the custom fstab
+    mount:
+      path: /tmp/myfs1
+      state: absent
+      fstab: /tmp/test_fstab
+  - name: Remove the test FS and the custom fstab
+    file:
+      path: '{{ item }}'
+      state: absent
+    loop:
+    - /tmp/myfs1.img
+    - /tmp/myfs1
+    - /tmp/test_fstab
+  when: ansible_system in ('Linux')

tests/integration/targets/patch/files/result_whitespace.patch

@@ -0,0 +1,24 @@
+--- origin.txt	2018-05-12 10:22:14.155109584 +0200
++++ result.txt	2018-05-12 10:18:07.230811204 +0200
+@@ -2,18 +2,12 @@
+ sit amet.
+ 
+ Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod
+-tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At 
+-vero eos et accusam et justo duo dolores et ea rebum. 
+-
+-Stet clita kasd gubergren, no sea takimata sanctus est  Lorem ipsum dolor
+-sit amet.
+-
+-Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod
+-tempor invidunt ut labore et dolore magna aliquyam erat.
++tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua.
++At vero eos et accusam et justo duo dolores et ea rebum.
+ 
+ Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod
+ tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At
+ vero eos et accusam et justo duo dolores et ea rebum.
+ 
+-Stet clita kasd gubergren,no sea takimata sanctus est Lorem ipsum dolor
++Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor
+ sit amet.

tests/integration/targets/patch/tasks/main.yml

@@ -87,3 +87,38 @@
     dest: '{{ output_dir }}/patch/workfile.txt'
   register: result
   failed_when: result is changed
+
+- name: copy the origin file whitespace
+  copy:
+    src: ./origin.txt
+    dest: '{{ output_dir }}/patch/workfile_whitespace.txt'
+  register: result
+
+- name: patch the origin file
+  register: result
+  patch:
+    src: result_whitespace.patch
+    dest: '{{ output_dir }}/patch/workfile_whitespace.txt'
+    ignore_whitespace: yes
+- name: verify patch the origin file
+  assert:
+    that:
+    - result is changed
+
+- name: test patch the origin file idempotency
+  register: result
+  patch:
+    src: result_whitespace.patch
+    dest: '{{ output_dir }}/patch/workfile_whitespace.txt'
+    ignore_whitespace: yes
+- name: verify test patch the origin file idempotency
+  assert:
+    that:
+    - result is not changed
+
+- name: verify the resulted file matches expectations
+  copy:
+    src: ./result_whitespace.txt
+    dest: '{{ output_dir }}/patch/workfile_whitespace.txt'
+  register: result
+  failed_when: result is changed

tests/integration/targets/selinux/tasks/selinux.yml

@@ -20,11 +20,25 @@
 # ##############################################################################
 # Test changing the state, which requires a reboot
 
+- name: TEST 1 | Make sure grubby is present
+  package:
+    name: grubby
+    state: present
+
 - name: TEST 1 | Get current SELinux config file contents
+  slurp:
+    src: /etc/sysconfig/selinux
+  register: selinux_config_original_base64
+
+- name: TEST 1 | Register SELinux config and SELinux status
   set_fact:
-    selinux_config_original: "{{ lookup('file', '/etc/sysconfig/selinux').split('\n') }}"
+    selinux_config_original_raw: "{{ selinux_config_original_base64.content | b64decode }}"
     before_test_sestatus: "{{ ansible_selinux }}"
 
+- name: TEST 1 | Split by line and register original config
+  set_fact:
+    selinux_config_original: "{{ selinux_config_original_raw.split('\n') }}"
+
 - debug:
     var: "{{ item }}"
     verbosity: 1
@@ -48,9 +62,17 @@
     var: _disable_test1
     verbosity: 1
 
+- name: Before gathering the fact
+  debug:
+    msg: "{{ ansible_selinux }}"
+
 - name: TEST 1 | Re-gather facts
   setup:
 
+- name: After gathering the fact
+  debug:
+    msg: "{{ ansible_selinux }}"
+
 - name: TEST 1 | Assert that status was changed, reboot_required is True, a warning was displayed, and SELinux is configured properly
   assert:
     that:
@@ -74,7 +96,7 @@
     var: _disable_test2
     verbosity: 1
 
-- name: TEST 1 | Assert that no change is reported, a warnking was dispalyed, and reboot_required is True
+- name: TEST 1 | Assert that no change is reported, a warning was displayed, and reboot_required is True
   assert:
     that:
       - _disable_test2 is not changed
@@ -82,8 +104,17 @@
       - _disable_test2.reboot_required
 
 - name: TEST 1 | Get modified config file
+  slurp:
+    src: /etc/sysconfig/selinux
+  register: selinux_config_after_base64
+
+- name: TEST 1 | Register modified config
   set_fact:
-    selinux_config_after: "{{ lookup('file', '/etc/sysconfig/selinux').split('\n') }}"
+    selinux_config_after_raw: "{{ selinux_config_after_base64.content | b64decode }}"
+
+- name: TEST 1 | Split by line and register modified config
+  set_fact:
+    selinux_config_after: "{{ selinux_config_after_raw.split('\n') }}"
 
 - debug:
     var: selinux_config_after
@@ -96,11 +127,52 @@
       - selinux_config_after[selinux_config_after.index('SELINUX=disabled')]  is search("^SELINUX=\w+$")
       - selinux_config_after[selinux_config_after.index('SELINUXTYPE=targeted')]  is search("^SELINUXTYPE=\w+$")
 
-- name: TEST 1 | Reset SELinux configuration for next test
+- name: TEST 1 | Disable SELinux again, with kernel arguments update
+  selinux:
+    state: disabled
+    policy: targeted
+    update_kernel_param: true
+  register: _disable_test2
+
+- name: Check kernel command-line arguments
+  ansible.builtin.command: grubby --info=DEFAULT
+  register: _grubby_test1
+
+- name: TEST 1 | Assert that kernel cmdline contains selinux=0
+  assert:
+    that:
+      - "' selinux=0' in _grubby_test1.stdout"
+
+- name: TEST 1 | Enable SELinux, without kernel arguments update
+  selinux:
+    state: disabled
+    policy: targeted
+  register: _disable_test2
+
+- name: Check kernel command-line arguments
+  ansible.builtin.command: grubby --info=DEFAULT
+  register: _grubby_test1
+
+- name: TEST 1 | Assert that kernel cmdline still contains selinux=0
+  assert:
+    that:
+      - "' selinux=0' in _grubby_test1.stdout"
+
+- name: TEST 1 | Reset SELinux configuration for next test (also kernel args)
   selinux:
     state: enforcing
+    update_kernel_param: true
     policy: targeted
 
+- name: Check kernel command-line arguments
+  ansible.builtin.command: grubby --info=DEFAULT
+  register: _grubby_test2
+
+- name: TEST 1 | Assert that kernel cmdline doesn't contain selinux=0
+  assert:
+    that:
+      - "' selinux=0' not in _grubby_test2.stdout"
+
 
 # Second Test
 # ##############################################################################
@@ -147,7 +219,7 @@
     var: _state_test2
     verbosity: 1
 
-- name: TEST 2 | Assert that no change was reported, no warnings were dispalyed, and reboot_required is False
+- name: TEST 2 | Assert that no change was reported, no warnings were displayed, and reboot_required is False
   assert:
     that:
       - _state_test2 is not changed
@@ -155,8 +227,17 @@
       - not _state_test2.reboot_required
 
 - name: TEST 2 | Get modified config file
+  slurp:
+    src: /etc/sysconfig/selinux
+  register: selinux_config_after_base64
+
+- name: TEST 2 | Register modified config
   set_fact:
-    selinux_config_after: "{{ lookup('file', '/etc/sysconfig/selinux').split('\n') }}"
+    selinux_config_after_raw: "{{ selinux_config_after_base64.content | b64decode }}"
+
+- name: TEST 2 | Split by line and register modified config
+  set_fact:
+    selinux_config_after: "{{ selinux_config_after_raw.split('\n') }}"
 
 - debug:
     var: selinux_config_after
@@ -362,3 +443,79 @@
       - (_check_mode_test5.warnings | length ) >= 1
       - ansible_selinux.config_mode == 'disabled'
       - ansible_selinux.type == 'targeted'
+
+# Fifth Test
+# ##############################################################################
+# Remove SELINUX and SELINUXTYPE keys from /etc/selinux/config and make
+# sure the module re-adds the expected lines
+
+- name: TEST 5 | Remove SELINUX key from /etc/selinux/config
+  lineinfile:
+    path: /etc/selinux/config
+    regexp: '^SELINUX='
+    state: absent
+    backup: yes
+  register: _lineinfile_out1
+
+- debug:
+    var: _lineinfile_out1
+    verbosity: 1
+
+- name: TEST 5 | Set SELinux to enforcing
+  selinux:
+    state: enforcing
+    policy: targeted
+  register: _set_enforcing1
+
+- name: TEST 5 | Re-gather facts
+  setup:
+
+- debug:
+    var: ansible_selinux
+    verbosity: 1
+
+- name: TEST 5 | Assert that SELINUX key is populated
+  assert:
+    that:
+      - _set_enforcing1 is success
+      - _set_enforcing1 is changed
+      - _set_enforcing1.state == 'enforcing'
+      - ansible_selinux.config_mode == 'enforcing'
+
+- name: TEST 5 | Remove SELINUXTYPE key from /etc/selinux/config
+  lineinfile:
+    path: /etc/selinux/config
+    regexp: '^SELINUXTYPE='
+    state: absent
+  register: _lineinfile_out2
+
+- debug:
+    var: _lineinfile_out2
+    verbosity: 1
+
+- name: TEST 5 | Set SELinux Policy to targeted
+  selinux:
+    state: enforcing
+    policy: targeted
+  register: _set_policy2
+
+- name: TEST 5 | Re-gather facts
+  setup:
+
+- debug:
+    var: ansible_selinux
+    verbosity: 1
+
+- name: TEST 5 | Assert that SELINUXTYPE key is populated
+  assert:
+    that:
+      - _set_policy2 is success
+      - _set_policy2 is changed
+      - _set_policy2.policy == 'targeted'
+      - ansible_selinux.type == 'targeted'
+
+- name: TEST 5 | Restore original SELinux config file /etc/selinux/config
+  copy:
+    dest: /etc/selinux/config
+    src: "{{ _lineinfile_out1['backup'] }}"
+    remote_src: yes

tests/integration/targets/setup_pkg_mgr/tasks/main.yml

@@ -0,0 +1,17 @@
+---
+####################################################################
+# WARNING: These are designed specifically for Ansible tests       #
+# and should not be used as examples of how to write Ansible roles #
+####################################################################
+
+- set_fact:
+    pkg_mgr: community.general.pkgng
+    ansible_pkg_mgr: community.general.pkgng
+    cacheable: yes
+  when: ansible_os_family == "FreeBSD"
+
+- set_fact:
+    pkg_mgr: community.general.zypper
+    ansible_pkg_mgr: community.general.zypper
+    cacheable: yes
+  when: ansible_os_family == "Suse"

tests/integration/targets/synchronize/aliases

@@ -1,2 +1 @@
 shippable/posix/group1
-disabled # fixme package

tests/integration/targets/synchronize/tasks/main.yml

@@ -2,16 +2,29 @@
   package:
     name: rsync
   when: ansible_distribution != "MacOSX"
-- name: cleanup old files
-  shell: rm -rf {{output_dir}}/*
+- name: Clean up the working directory and files
+  file:
+    path: '{{ output_dir }}'
+    state: absent
+- name: Create the working directory
+  file:
+    path: '{{ output_dir }}'
+    state: directory
 - name: create test new files
-  copy: dest={{output_dir}}/{{item}} mode=0644 content="hello world"
+  copy:
+    dest: '{{output_dir}}/{{item}}'
+    mode: '0644'
+    content: 'hello world'
   with_items:
   - foo.txt
   - bar.txt
+
 - name: synchronize file to new filename
-  synchronize: src={{output_dir}}/foo.txt dest={{output_dir}}/foo.result
+  synchronize:
+    src: '{{output_dir}}/foo.txt'
+    dest: '{{output_dir}}/foo.result'
   register: sync_result
+  delegate_to: '{{ inventory_hostname }}'
 - assert:
     that:
     - '''changed'' in sync_result'
@@ -31,9 +44,13 @@
     that:
     - stat_result.stat.exists == True
     - stat_result.stat.checksum == '2aae6c35c94fcfb415dbe95f408b9ce91ee846ed'
+
 - name: test that the file is not copied a second time
-  synchronize: src={{output_dir}}/foo.txt dest={{output_dir}}/foo.result
+  synchronize:
+    src='{{output_dir}}/foo.txt'
+    dest='{{output_dir}}/foo.result'
   register: sync_result
+  delegate_to: '{{ inventory_hostname }}'
 - assert:
     that:
     - sync_result.changed == False
@@ -44,12 +61,14 @@
   with_items:
   - foo.result
   - bar.result
+
 - name: Synchronize using the mode=push param
   synchronize:
     src: '{{output_dir}}/foo.txt'
     dest: '{{output_dir}}/foo.result'
     mode: push
   register: sync_result
+  delegate_to: '{{ inventory_hostname }}'
 - assert:
     that:
     - '''changed'' in sync_result'
@@ -69,12 +88,14 @@
     that:
     - stat_result.stat.exists == True
     - stat_result.stat.checksum == '2aae6c35c94fcfb415dbe95f408b9ce91ee846ed'
+
 - name: test that the file is not copied a second time
   synchronize:
     src: '{{output_dir}}/foo.txt'
     dest: '{{output_dir}}/foo.result'
     mode: push
   register: sync_result
+  delegate_to: '{{ inventory_hostname }}'
 - assert:
     that:
     - sync_result.changed == False
@@ -85,12 +106,14 @@
   with_items:
   - foo.result
   - bar.result
+
 - name: Synchronize using the mode=pull param
   synchronize:
     src: '{{output_dir}}/foo.txt'
     dest: '{{output_dir}}/foo.result'
     mode: pull
   register: sync_result
+  delegate_to: '{{ inventory_hostname }}'
 - assert:
     that:
     - '''changed'' in sync_result'
@@ -110,12 +133,14 @@
     that:
     - stat_result.stat.exists == True
     - stat_result.stat.checksum == '2aae6c35c94fcfb415dbe95f408b9ce91ee846ed'
+
 - name: test that the file is not copied a second time
   synchronize:
     src: '{{output_dir}}/foo.txt'
     dest: '{{output_dir}}/foo.result'
     mode: pull
   register: sync_result
+  delegate_to: '{{ inventory_hostname }}'
 - assert:
     that:
     - sync_result.changed == False
@@ -126,12 +151,16 @@
   with_items:
   - foo.result
   - bar.result
+
 - name: synchronize files using with_items (issue#5965)
-  synchronize: src={{output_dir}}/{{item}} dest={{output_dir}}/{{item}}.result
+  synchronize:
+    src: '{{output_dir}}/{{item}}'
+    dest: '{{output_dir}}/{{item}}.result'
   with_items:
   - foo.txt
   - bar.txt
   register: sync_result
+  delegate_to: '{{ inventory_hostname }}'
 - assert:
     that:
     - sync_result.changed
@@ -151,9 +180,14 @@
   with_items:
   - foo.txt
   - bar.txt
+
 - name: synchronize files using rsync_path (issue#7182)
-  synchronize: src={{output_dir}}/foo.txt dest={{output_dir}}/foo.rsync_path rsync_path="sudo rsync"
+  synchronize:
+    src: '{{output_dir}}/foo.txt'
+    dest: '{{output_dir}}/foo.rsync_path'
+    rsync_path: 'sudo rsync'
   register: sync_result
+  delegate_to: '{{ inventory_hostname }}'
 - assert:
     that:
     - '''changed'' in sync_result'
@@ -186,6 +220,7 @@
     dest: '{{output_dir}}/{{item}}/foo.txt'
   with_items:
   - directory_a
+  delegate_to: '{{ inventory_hostname }}'
 - name: synchronize files using link_dest
   synchronize:
     src: '{{output_dir}}/directory_a/foo.txt'
@@ -193,6 +228,7 @@
     link_dest:
     - '{{output_dir}}/directory_a'
   register: sync_result
+  delegate_to: '{{ inventory_hostname }}'
 - name: get stat information for directory_a
   stat:
     path: '{{ output_dir }}/directory_a/foo.txt'
@@ -214,6 +250,8 @@
     - '{{output_dir}}'
   register: sync_result
   ignore_errors: true
+  delegate_to: '{{ inventory_hostname }}'
+
 - assert:
     that:
     - sync_result is not changed
@@ -227,3 +265,46 @@
   - directory_a/foo.txt
   - directory_a
   - directory_b
+
+- name: setup - test for source with working dir with spaces in path
+  file:
+    state: directory
+    path: '{{output_dir}}/{{item}}'
+  delegate_to: '{{ inventory_hostname }}'
+  with_items:
+    - 'directory a'
+    - 'directory b'
+- name: setup - create test new files
+  copy:
+    dest: '{{output_dir}}/directory a/{{item}}'
+    mode: '0644'
+    content: 'hello world'
+  with_items:
+    - foo.txt
+  delegate_to: '{{ inventory_hostname }}'
+- name: copy source with spaces in dir path
+  synchronize:
+    src: '{{output_dir}}/directory a/foo.txt'
+    dest: '{{output_dir}}/directory b/'
+  delegate_to: '{{ inventory_hostname }}'
+  register: sync_result
+  ignore_errors: true
+- name: get stat information for directory_b
+  stat:
+    path: '{{ output_dir }}/directory b/foo.txt'
+  register: stat_result_b
+- assert:
+    that:
+      - '''changed'' in sync_result'
+      - sync_result.changed == true
+      - stat_result_b.stat.exists == True
+      - stat_result_b.stat.checksum == '2aae6c35c94fcfb415dbe95f408b9ce91ee846ed'
+- name: Cleanup
+  file:
+    state: absent
+    path: '{{output_dir}}/{{item}}'
+  with_items:
+    - 'directory b/foo.txt'
+    - 'directory a/foo.txt'
+    - 'directory a'
+    - 'directory b'

tests/integration/targets/sysctl/tasks/main.yml

@@ -22,7 +22,7 @@
 
 - name: Test inside Docker
   when:
-    - ansible_facts.virtualization_type == 'docker'
+    - ansible_facts.virtualization_type == 'docker' or ansible_facts.virtualization_type == 'container'
   block:
     - set_fact:
         output_dir_test: "{{ output_dir }}/test_sysctl"
@@ -123,10 +123,10 @@
         that:
           - sysctl_test2_change_test is not changed
 
-    - name: Try sysctl with an invalid value
+    - name: Try sysctl with an invalid name
       sysctl:
-        name: net.ipv4.ip_forward
-        value: foo
+        name: test.invalid
+        value: 1
       register: sysctl_test3
       ignore_errors: yes
 
@@ -196,10 +196,10 @@
           - sysctl_no_value is failed
           - "sysctl_no_value.msg == 'value cannot be None'"
 
-    - name: Try sysctl with an invalid value
+    - name: Try sysctl with an invalid name
       sysctl:
-        name: net.ipv4.ip_forward
-        value: foo
+        name: test.invalid
+        value: 1
         sysctl_set: yes
       register: sysctl_test4
       ignore_errors: yes
@@ -289,3 +289,24 @@
           - sysctl_check_mode2 is changed
           - "'vm.swappiness=22' in sysctl_check_mode_conf_content.stdout_lines"
           - sysctl_check_mode_current_vm_swappiness.stdout == '22'
+
+    # Test sysctl: invalid value
+    - name: Set invalid sysctl property using module
+      sysctl:
+        name: vm.mmap_rnd_bits
+        value: '1024'
+        state: present
+        reload: yes
+        sysctl_set: True
+      ignore_errors: True
+      register: sysctl_invalid_set1
+
+    - name: Read /etc/sysctl.conf
+      command: 'cat /etc/sysctl.conf'
+      register: sysctl_invalid_conf_content
+
+    - name: Ensure changes were not made
+      assert:
+        that:
+          - sysctl_invalid_set1 is failed
+          - "'vm.mmap_rnd_bits' not in sysctl_invalid_conf_content.stdout"

tests/sanity/ignore-2.10.txt

@@ -1,32 +1,8 @@
-plugins/module_utils/ismount.py future-import-boilerplate
-plugins/module_utils/ismount.py metaclass-boilerplate
-plugins/modules/acl.py validate-modules:parameter-type-not-in-doc
-plugins/modules/patch.py pylint:blacklisted-name
 plugins/modules/synchronize.py pylint:blacklisted-name
 plugins/modules/synchronize.py use-argspec-type-path
 plugins/modules/synchronize.py validate-modules:doc-default-does-not-match-spec
 plugins/modules/synchronize.py validate-modules:nonexistent-parameter-documented
-plugins/modules/synchronize.py validate-modules:parameter-list-no-elements
 plugins/modules/synchronize.py validate-modules:parameter-type-not-in-doc
 plugins/modules/synchronize.py validate-modules:undocumented-parameter
-plugins/modules/at.py validate-modules:doc-required-mismatch
-plugins/modules/authorized_key.py validate-modules:parameter-type-not-in-doc
-plugins/modules/seboolean.py validate-modules:parameter-type-not-in-doc
-plugins/modules/selinux.py validate-modules:invalid-ansiblemodule-schema
-plugins/modules/selinux.py validate-modules:parameter-type-not-in-doc
-plugins/modules/sysctl.py validate-modules:doc-missing-type
-plugins/modules/sysctl.py validate-modules:parameter-type-not-in-doc
-tests/unit/mock/path.py future-import-boilerplate
-tests/unit/mock/path.py metaclass-boilerplate
-tests/unit/mock/yaml_helper.py future-import-boilerplate
-tests/unit/mock/yaml_helper.py metaclass-boilerplate
-tests/unit/modules/conftest.py future-import-boilerplate
-tests/unit/modules/conftest.py metaclass-boilerplate
-tests/unit/modules/system/test_mount.py future-import-boilerplate
-tests/unit/modules/system/test_mount.py metaclass-boilerplate
-tests/unit/modules/utils.py future-import-boilerplate
-tests/unit/modules/utils.py metaclass-boilerplate
-tests/unit/plugins/action/test_synchronize.py future-import-boilerplate
-tests/unit/plugins/action/test_synchronize.py metaclass-boilerplate
 tests/utils/shippable/check_matrix.py replace-urlopen
 tests/utils/shippable/timing.py shebang

tests/sanity/ignore-2.11.txt

@@ -0,0 +1,8 @@
+plugins/modules/synchronize.py pylint:blacklisted-name
+plugins/modules/synchronize.py use-argspec-type-path
+plugins/modules/synchronize.py validate-modules:doc-default-does-not-match-spec
+plugins/modules/synchronize.py validate-modules:nonexistent-parameter-documented
+plugins/modules/synchronize.py validate-modules:parameter-type-not-in-doc
+plugins/modules/synchronize.py validate-modules:undocumented-parameter
+tests/utils/shippable/check_matrix.py replace-urlopen
+tests/utils/shippable/timing.py shebang

tests/sanity/ignore-2.12.txt

@@ -0,0 +1,8 @@
+plugins/modules/synchronize.py pylint:disallowed-name
+plugins/modules/synchronize.py use-argspec-type-path
+plugins/modules/synchronize.py validate-modules:doc-default-does-not-match-spec
+plugins/modules/synchronize.py validate-modules:nonexistent-parameter-documented
+plugins/modules/synchronize.py validate-modules:parameter-type-not-in-doc
+plugins/modules/synchronize.py validate-modules:undocumented-parameter
+tests/utils/shippable/check_matrix.py replace-urlopen
+tests/utils/shippable/timing.py shebang

tests/sanity/ignore-2.13.txt

@@ -0,0 +1,8 @@
+plugins/modules/synchronize.py pylint:disallowed-name
+plugins/modules/synchronize.py use-argspec-type-path
+plugins/modules/synchronize.py validate-modules:doc-default-does-not-match-spec
+plugins/modules/synchronize.py validate-modules:nonexistent-parameter-documented
+plugins/modules/synchronize.py validate-modules:parameter-type-not-in-doc
+plugins/modules/synchronize.py validate-modules:undocumented-parameter
+tests/utils/shippable/check_matrix.py replace-urlopen
+tests/utils/shippable/timing.py shebang

tests/sanity/ignore-2.14.txt

@@ -0,0 +1,8 @@
+plugins/modules/synchronize.py pylint:disallowed-name
+plugins/modules/synchronize.py use-argspec-type-path
+plugins/modules/synchronize.py validate-modules:doc-default-does-not-match-spec
+plugins/modules/synchronize.py validate-modules:nonexistent-parameter-documented
+plugins/modules/synchronize.py validate-modules:parameter-type-not-in-doc
+plugins/modules/synchronize.py validate-modules:undocumented-parameter
+tests/utils/shippable/check_matrix.py replace-urlopen
+tests/utils/shippable/timing.py shebang