Merge pull request #574 from saito-hideki/stable-1_v1.6.1

Release 1.6.1 commit

SUMMARY
Release 1.6.1 commit

#149
#463

ISSUE TYPE

Feature Pull Request

COMPONENT NAME

ansible.posix

ADDITIONAL INFORMATION
None

.azure-pipelines/azure-pipelines.yml

@@ -57,6 +57,21 @@ stages:
               test: units
             - name: Lint
               test: lint
+  - stage: Sanity_2_18
+    displayName: Ansible 2.18 sanity
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: "{0}"
+          testFormat: 2.18/{0}
+          targets:
+            - name: Sanity
+              test: sanity
+            - name: Units
+              test: units
+            - name: Lint
+              test: lint
   - stage: Sanity_2_17
     displayName: Ansible 2.17 sanity
     dependsOn: []
@@ -113,6 +128,20 @@ stages:
               test: ubuntu2204
             - name: Ubuntu 24.04
               test: ubuntu2404
+  - stage: Docker_2_18
+    displayName: Docker devel
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.18/linux/{0}/1
+          targets:
+            - name: Fedora 40
+              test: fedora40
+            - name: Ubuntu 22.04
+              test: ubuntu2204
+            - name: Ubuntu 24.04
+              test: ubuntu2404
   - stage: Docker_2_17
     displayName: Docker 2.17
     dependsOn: []
@@ -176,6 +205,18 @@ stages:
               test: rhel/9.4
             - name: FreeBSD 13.3
               test: freebsd/13.3
+  - stage: Remote_2_18
+    displayName: Remote devel
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.18/{0}/1
+          targets:
+            - name: RHEL 9.4
+              test: rhel/9.4
+            - name: FreeBSD 13.3
+              test: freebsd/13.3
   - stage: Remote_2_17
     displayName: Remote 2.17
     dependsOn: []
@@ -234,8 +275,11 @@ stages:
       - Sanity_2_17
       - Remote_2_17
       - Docker_2_17
+      - Sanity_2_18
+      - Remote_2_18
+      - Docker_2_18
       - Sanity_devel
-      - Remote_devel
+      # - Remote_devel # Wait for test environment release
-      - Docker_devel
+      # - Docker_devel # Wait for test environment release
     jobs:
       - template: templates/coverage.yml

.github/BOTMETA.yml

@@ -40,6 +40,7 @@ files:
     labels: debug
   $plugins/patch.py:
     labels: patch
+  $plugins/skippy.py:
   $plugins/synchronize.py:
     labels: synchronize
   $plugins/timer.py:

CHANGELOG.rst

@@ -4,6 +4,23 @@ ansible.posix Release Notes
 
 .. contents:: Topics
 
+v1.6.1
+======
+
+Release Summary
+---------------
+
+This is the bugfix release of the stable version ``ansible.posix`` collection.
+This changelog contains all changes to the modules and plugins
+in this collection that have been added after the release of
+``ansible.posix`` 1.6.1.
+
+Bugfixes
+--------
+
+- acl - Fixed to set ACLs on paths mounted with NFS version 4 correctly (https://github.com/ansible-collections/ansible.posix/issues/240).
+- mount - Handle ``boot`` option on Linux, NetBSD and OpenBSD correctly (https://github.com/ansible-collections/ansible.posix/issues/364).
+- skippy - Revert removal of skippy plugin. It will be removed in version 2.0.0 (https://github.com/ansible-collections/ansible.posix/issues/573).
 
 v1.6.0
 ======

README.md

@@ -74,11 +74,14 @@ None
 
 <!-- List the versions of Ansible the collection has been tested with. Must match what is in galaxy.yml. -->
 
-- ansible-core 2.18 (devel)
+- ansible-core 2.19 (devel)
+- ansible-core 2.18 (stable) *
 - ansible-core 2.17 (stable)
 - ansible-core 2.16 (stable)
 - ansible-core 2.15 (stable)
 
+*Note: For ansible-core 2.18, CI only covers sanity tests and no integration tests will be run until the test environment is released.*
+
 ## Roadmap
 
 <!-- Optional. Include the roadmap for this collection, and the proposed release/versioning strategy so users can anticipate the upgrade/update cycle. -->

changelogs/changelog.yaml

@@ -405,3 +405,27 @@ releases:
     - dropping-ansible29.yml
     - test-reqs.yml
     release_date: '2024-09-11'
+  1.6.1:
+    changes:
+      bugfixes:
+      - acl - Fixed to set ACLs on paths mounted with NFS version 4 correctly (https://github.com/ansible-collections/ansible.posix/issues/240).
+      - mount - Handle ``boot`` option on Linux, NetBSD and OpenBSD correctly (https://github.com/ansible-collections/ansible.posix/issues/364).
+      - skippy - Revert removal of skippy plugin. It will be removed in version 2.0.0
+        (https://github.com/ansible-collections/ansible.posix/issues/573).
+      release_summary: 'This is the bugfix release of the stable version ``ansible.posix``
+        collection.
+
+        This changelog contains all changes to the modules and plugins
+
+        in this collection that have been added after the release of
+
+        ``ansible.posix`` 1.6.1.'
+    fragments:
+    - 1.6.1.yml
+    - 365-boot-linux.yml
+    - 566_bump_version_161.yml
+    - 567_remove_version_added.yml
+    - 570_nfs4_acl.yml
+    - 571_ci_bump_core_version.yml
+    - 572_revert_removal_of_skippy.yml
+    release_date: '2024-10-11'

changelogs/fragments/566_bump_version_161.yml

@@ -1,3 +0,0 @@
----
-trivial:
-  - Bump version to 1.6.1 for next release.

changelogs/fragments/567_remove_version_added.yml

@@ -1,3 +0,0 @@
----
-trivial:
-  - mount - remove wrong version_added section from ``opts_no_log``.

meta/runtime.yml

@@ -1,2 +1,8 @@
 ---
-requires_ansible: ">=2.15.0"
+requires_ansible: ">=2.14.0"
+plugin_routing:
+  callback:
+    skippy:
+      deprecation:
+        removal_date: "2024-12-05"
+        warning_text: See the plugin documentation for more details

plugins/callback/skippy.py

@@ -0,0 +1,43 @@
+# (c) 2012-2014, Michael DeHaan <michael.dehaan@gmail.com>
+# (c) 2017 Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+# Make coding more python3-ish
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+DOCUMENTATION = '''
+    name: skippy
+    type: stdout
+    requirements:
+      - set as main display callback
+    short_description: Ansible screen output that ignores skipped status
+    deprecated:
+      why: The 'default' callback plugin now supports this functionality
+      removed_at_date: '2024-12-05'
+      alternative: "'default' callback plugin with 'display_skipped_hosts = no' option"
+    extends_documentation_fragment:
+      - default_callback
+    description:
+      - This callback does the same as the default except it does not output skipped host/task/item status
+'''
+
+from ansible.plugins.callback.default import CallbackModule as CallbackModule_default
+
+
+class CallbackModule(CallbackModule_default):
+
+    '''
+    This is the default callback interface, which simply prints messages
+    to stdout when new callback events are received.
+    '''
+
+    CALLBACK_VERSION = 2.0
+    CALLBACK_TYPE = 'stdout'
+    CALLBACK_NAME = 'ansible.posix.skippy'
+
+    def v2_runner_on_skipped(self, result):
+        pass
+
+    def v2_runner_item_on_skipped(self, result):
+        pass

plugins/modules/acl.py

@@ -75,6 +75,10 @@ options:
   use_nfsv4_acls:
     description:
     - Use NFSv4 ACLs instead of POSIX ACLs.
+    - This feature uses C(nfs4_setfacl) and C(nfs4_getfacl). The behavior depends on those implementation.
+      And currently it only supports C(A) in ACE, so C(D) must be replaced with the appropriate C(A).
+    - Permission is set as optimised ACLs by the system. You can check the actual ACLs that has been set using the return value.
+    - More info C(man nfs4_setfacl)
     type: bool
     default: false
   recalculate_mask:
@@ -179,7 +183,7 @@ def split_entry(entry):
 def build_entry(etype, entity, permissions=None, use_nfsv4_acls=False):
     '''Builds and returns an entry string. Does not include the permissions bit if they are not provided.'''
     if use_nfsv4_acls:
-        return ':'.join([etype, entity, permissions, 'allow'])
+        return ':'.join(['A', 'g' if etype == 'group' else '', entity, permissions + 'tcy'])
 
     if permissions:
         return etype + ':' + entity + ':' + permissions
@@ -187,22 +191,27 @@ def build_entry(etype, entity, permissions=None, use_nfsv4_acls=False):
     return etype + ':' + entity
 
 
-def build_command(module, mode, path, follow, default, recursive, recalculate_mask, entry=''):
+def build_command(module, mode, path, follow, default, recursive, recalculate_mask, use_nfsv4_acls, entry=''):
     '''Builds and returns a getfacl/setfacl command.'''
     if mode == 'set':
-        cmd = [module.get_bin_path('setfacl', True)]
+        cmd = [module.get_bin_path('nfs4_setfacl' if use_nfsv4_acls else 'setfacl', True)]
-        cmd.extend(['-m', entry])
+        cmd.extend(['-a' if use_nfsv4_acls else '-m', entry])
     elif mode == 'rm':
-        cmd = [module.get_bin_path('setfacl', True)]
+        cmd = [module.get_bin_path('nfs4_setfacl' if use_nfsv4_acls else 'setfacl', True)]
         cmd.extend(['-x', entry])
     else:  # mode == 'get'
         cmd = [module.get_bin_path('getfacl', True)]
         # prevents absolute path warnings and removes headers
         if platform.system().lower() == 'linux':
+            if use_nfsv4_acls:
+                # use nfs4_getfacl instead of getfacl if use_nfsv4_acls is True
+                cmd = [module.get_bin_path('nfs4_getfacl', True)]
+            else:
+                cmd = [module.get_bin_path('getfacl', True)]
+                cmd.append('--absolute-names')
             cmd.append('--omit-header')
-            cmd.append('--absolute-names')
 
-    if recursive:
+    if recursive and not use_nfsv4_acls:
         cmd.append('--recursive')
 
     if recalculate_mask == 'mask' and mode in ['set', 'rm']:
@@ -210,7 +219,7 @@ def build_command(module, mode, path, follow, default, recursive, recalculate_ma
     elif recalculate_mask == 'no_mask' and mode in ['set', 'rm']:
         cmd.append('--no-mask')
 
-    if not follow:
+    if not follow and not use_nfsv4_acls:
         if platform.system().lower() == 'linux':
             cmd.append('--physical')
         elif platform.system().lower() == 'freebsd':
@@ -223,24 +232,34 @@ def build_command(module, mode, path, follow, default, recursive, recalculate_ma
     return cmd
 
 
-def acl_changed(module, cmd):
+def acl_changed(module, cmd, entry, use_nfsv4_acls=False):
     '''Returns true if the provided command affects the existing ACLs, false otherwise.'''
-    # FreeBSD do not have a --test flag, so by default, it is safer to always say "true"
+    # To check the ACL changes, use the output of setfacl or nfs4_setfacl with '--test'.
+    # FreeBSD do not have a --test flag, so by default, it is safer to always say "true".
     if platform.system().lower() == 'freebsd':
         return True
 
     cmd = cmd[:]  # lists are mutables so cmd would be overwritten without this
     cmd.insert(1, '--test')
     lines = run_acl(module, cmd)
-
+    counter = 0
     for line in lines:
-        if not line.endswith('*,*'):
+        if line.endswith('*,*') and not use_nfsv4_acls:
-            return True
+            return False
-    return False
+        # if use_nfsv4_acls and entry is listed
+        if use_nfsv4_acls and entry == line:
+            counter += 1
+
+    # The current 'nfs4_setfacl --test' lists a new entry,
+    #  which will be added at the top of list, followed by the existing entries.
+    # So if the entry has already been registered, the entry should be find twice.
+    if counter == 2:
+        return False
+    return True
 
 
 def run_acl(module, cmd, check_rc=True):
-
+    '''Runs the provided command and returns the output as a list of lines.'''
     try:
         (rc, out, err) = module.run_command(cmd, check_rc=check_rc)
     except Exception as e:
@@ -313,7 +332,7 @@ def main():
             module.fail_json(msg="'recalculate_mask' MUST NOT be set to 'mask' or 'no_mask' when 'state=query'.")
 
     if not entry:
-        if state == 'absent' and permissions:
+        if state == 'absent' and permissions and not use_nfsv4_acls:
             module.fail_json(msg="'permissions' MUST NOT be set when 'state=absent'.")
 
         if state == 'absent' and not entity:
@@ -350,21 +369,24 @@ def main():
         entry = build_entry(etype, entity, permissions, use_nfsv4_acls)
         command = build_command(
             module, 'set', path, follow,
-            default, recursive, recalculate_mask, entry
+            default, recursive, recalculate_mask, use_nfsv4_acls, entry
         )
-        changed = acl_changed(module, command)
+        changed = acl_changed(module, command, entry, use_nfsv4_acls)
 
         if changed and not module.check_mode:
             run_acl(module, command)
         msg = "%s is present" % entry
 
     elif state == 'absent':
-        entry = build_entry(etype, entity, use_nfsv4_acls)
+        if use_nfsv4_acls:
+            entry = build_entry(etype, entity, permissions, use_nfsv4_acls)
+        else:
+            entry = build_entry(etype, entity, use_nfsv4_acls)
         command = build_command(
             module, 'rm', path, follow,
-            default, recursive, recalculate_mask, entry
+            default, recursive, recalculate_mask, use_nfsv4_acls, entry
         )
-        changed = acl_changed(module, command)
+        changed = acl_changed(module, command, entry, use_nfsv4_acls)
 
         if changed and not module.check_mode:
             run_acl(module, command, False)
@@ -375,7 +397,10 @@ def main():
 
     acl = run_acl(
         module,
-        build_command(module, 'get', path, follow, default, recursive, recalculate_mask)
+        build_command(
+            module, 'get', path, follow, default, recursive,
+            recalculate_mask, use_nfsv4_acls
+        )
     )
 
     module.exit_json(changed=changed, msg=msg, acl=acl)

plugins/modules/mount.py

@@ -850,11 +850,8 @@ def main():
             args['warnings'].append("Ignore the 'boot' due to 'opts' contains 'noauto'.")
         elif not module.params['boot']:
             args['boot'] = 'no'
-            if 'defaults' in opts:
+            opts.append('noauto')
-                args['warnings'].append("Ignore the 'boot' due to 'opts' contains 'defaults'.")
+            args['opts'] = ','.join(opts)
-            else:
-                opts.append('noauto')
-                args['opts'] = ','.join(opts)
 
     # If fstab file does not exist, we first need to create it. This mainly
     # happens when fstab option is passed to the module.

plugins/modules/sysctl.py

@@ -101,7 +101,6 @@ import os
 import platform
 import re
 import tempfile
-import glob
 
 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.six import string_types
@@ -115,24 +114,12 @@ class SysctlModule(object):
     # success or failure.
     LANG_ENV = {'LANG': 'C', 'LC_ALL': 'C', 'LC_MESSAGES': 'C'}
 
-    # We define a variable to keep all the directories to be read, equivalent to
-    # (/sbin/sysctl --system) option
-    SYSCTL_DIRS = [
-        '/etc/sysctl.d/*.conf',
-        '/run/sysctl.d/*.conf',
-        '/usr/local/lib/sysctl.d/*.conf',
-        '/usr/lib/sysctl.d/*.conf',
-        '/lib/sysctl.d/*.conf',
-        '/etc/sysctl.conf'
-    ]
-
     def __init__(self, module):
         self.module = module
         self.args = self.module.params
 
         self.sysctl_cmd = self.module.get_bin_path('sysctl', required=True)
         self.sysctl_file = self.args['sysctl_file']
-        self.system_Wide = self.args['system_Wide']
 
         self.proc_value = None  # current token value in proc fs
         self.file_value = None  # current token value in file
@@ -312,22 +299,15 @@ class SysctlModule(object):
             # https://github.com/ansible/ansible/issues/58158
             return
         else:
-            if self.system_Wide:
+            # system supports reloading via the -p flag to sysctl, so we'll use that
-                for sysctl_file in self.SYSCTL_DIRS:
+            sysctl_args = [self.sysctl_cmd, '-p', self.sysctl_file]
-                    for conf_file in glob.glob(sysctl_file):
+            if self.args['ignoreerrors']:
-                        rc, out, err = self.module.run_command([self.sysctl_cmd, '-p', conf_file], environ_update=self.LANG_ENV)
+                sysctl_args.insert(1, '-e')
-                        if rc != 0 or self._stderr_failed(err):
-                            self.module.fail_json(msg="Failed to reload sysctl: %s" % to_native(out) + to_native(err))
-            else:
-                # system supports reloading via the -p flag to sysctl, so we'll use that
-                sysctl_args = [self.sysctl_cmd, '-p', self.sysctl_file]
-                if self.args['ignoreerrors']:
-                    sysctl_args.insert(1, '-e')
 
-                rc, out, err = self.module.run_command(sysctl_args, environ_update=self.LANG_ENV)
+            rc, out, err = self.module.run_command(sysctl_args, environ_update=self.LANG_ENV)
 
-            if rc != 0 or self._stderr_failed(err):
+        if rc != 0 or self._stderr_failed(err):
-                self.module.fail_json(msg="Failed to reload sysctl: %s" % to_native(out) + to_native(err))
+            self.module.fail_json(msg="Failed to reload sysctl: %s" % to_native(out) + to_native(err))
 
     # ==============================================================
     #   SYSCTL FILE MANAGEMENT
@@ -414,8 +394,7 @@ def main():
             reload=dict(default=True, type='bool'),
             sysctl_set=dict(default=False, type='bool'),
             ignoreerrors=dict(default=False, type='bool'),
-            sysctl_file=dict(default='/etc/sysctl.conf', type='path'),
+            sysctl_file=dict(default='/etc/sysctl.conf', type='path')
-            system_wide=dict(default=False, type='bool'),  # system_wide parameter
         ),
         supports_check_mode=True,
         required_if=[('state', 'present', ['value'])],

tests/integration/targets/mount/tasks/main.yml

@@ -472,6 +472,25 @@
         path: /tmp/myfs
         state: absent
 
+    - name: Mount the FS with noauto option and defaults
+      ansible.posix.mount:
+        path: /tmp/myfs
+        src: /tmp/myfs.img
+        fstype: ext3
+        state: mounted
+        boot: false
+      register: mount_info
+
+    - name: Assert the mount without noauto was successful
+      ansible.builtin.assert:
+        that:
+          - "'noauto' in mount_info['opts'].split(',')"
+
+    - name: Unmount FS
+      ansible.posix.mount:
+        path: /tmp/myfs
+        state: absent
+
     - name: Remove the test FS
       ansible.builtin.file:
         path: '{{ item }}'

tests/sanity/ignore-2.19.txt

@@ -0,0 +1 @@
+tests/utils/shippable/timing.py shebang