gitea/ansible.posix
1
0
Fork 0
mirror of https://github.com/ansible-collections/ansible.posix.git synced 2026-03-26 21:33:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: gitea:main
Branches Tags
gitea:main gitea:stable-2 gitea:stable-1
gitea:2.1.0 gitea:2.0.0 gitea:1.6.2 gitea:1.6.1 gitea:1.6.0 gitea:1.5.4 gitea:1.5.2 gitea:1.5.1 gitea:1.5.0 gitea:1.4.0 gitea:1.3.0 gitea:1.2.0 gitea:1.1.1 gitea:1.1.0 gitea:1.0.0 gitea:0.1.3 gitea:0.1.2 gitea:0.1.1
..
compare: gitea:cdddb87035efbbd7233a4affa86b7fe6dd48c8c2
Branches Tags
gitea:main gitea:stable-2 gitea:stable-1
gitea:2.1.0 gitea:2.0.0 gitea:1.6.2 gitea:1.6.1 gitea:1.6.0 gitea:1.5.4 gitea:1.5.2 gitea:1.5.1 gitea:1.5.0 gitea:1.4.0 gitea:1.3.0 gitea:1.2.0 gitea:1.1.1 gitea:1.1.0 gitea:1.0.0 gitea:0.1.3 gitea:0.1.2 gitea:0.1.1

19 Commits
main ... cdddb87035

Author SHA1 Message Date
mubashirusman
cdddb87035 Merge df8413f3a0 into b96fad5e5b 2025-08-08 15:43:56 +00:00
mubashir.Ijaz
df8413f3a0 fix try with invalid name 2025-08-08 17:43:48 +02:00
mubashir.Ijaz
f434c19e1e test assertion syntax 2025-08-08 17:32:06 +02:00
mubashir.Ijaz
481de3d2dc Validate results for --system option 2025-08-08 17:11:15 +02:00
mubashir.Ijaz
ae90bac688 Try sysctl with an invalid name 2025-08-08 16:48:00 +02:00
mubashir.Ijaz
80290d8e06 reload: false in docker tests 2025-08-08 16:32:43 +02:00
mubashir.Ijaz
560afe8217 handle ignoreerrors consistently 2025-08-08 16:13:08 +02:00
mubashir.Ijaz
571e80cdba ansible lint 2025-08-08 16:02:15 +02:00
mubashir.Ijaz
9ce933f7d0 remove trailing whitespaces 2025-08-08 15:45:45 +02:00
mubashir.Ijaz
7f8505d693 system_wide fix 2025-08-07 23:31:05 +02:00
mubashir.Ijaz
2f5210f362 Add integration system_wide tests 2025-08-07 17:47:24 +02:00
mubashirusman
a91bbf6c04 Merge branch 'ansible-collections:main' into main 2025-08-07 17:25:01 +02:00
MubashirUsman
6280bb8ec8 Add integration test for --system option 2024-11-03 23:21:39 +01:00
mubashirusman
3b79155e68 Merge branch 'ansible-collections:main' into main 2024-11-03 23:07:55 +01:00
mubashirusman
05724a097b Merge branch 'ansible-collections:main' into main 2024-10-15 22:26:52 +02:00
MubashirUsman
7e1b76c46e write sysctl reverted 2024-05-19 17:47:12 +02:00
MubashirUsman
505a4aaa09 system_wide in defining module 2024-05-19 17:29:02 +02:00
MubashirUsman
d70d2aaaa7 read sysctl_dir files 2024-05-19 16:29:36 +02:00
MubashirUsman
806ff5c1a3 added sysctl_dirs variable and system_wide var 2024-05-19 13:54:43 +02:00
19 changed files with 570 additions and 221 deletions
Expand all files Collapse all files

18
.ansible-lint
View File

@@ -3,13 +3,23 @@
# SPDX-License-Identifier: GPL-3.0-or-later
# SPDX-FileCopyrightText: 2024, Ansible Project
# Use a more permissive profile due to documentation parsing issues
profile: min
skip_list:
- meta-runtime[unsupported-version] # This rule doesn't make any sense
- fqcn[deep] # This rule produces false positives for files in tests/unit/plugins/action/fixtures/
- sanity[cannot-ignore] # This rule is skipped to keep backward compatibility with Python 2
- no-relative-paths # Temporary skip due to documentation parsing issue
- parser-error # Skip documentation parsing errors
- syntax-check # Skip syntax check issues in documentation
- load-failure # Skip module loading failures during documentation parsing
- args # Skip argument validation errors in documentation
exclude_paths:
- changelogs/
- .github/
- tests/
- meta/
# Enable specific rules we want to keep
enable_list:
- yaml
- name
- var-naming

138
.azure-pipelines/azure-pipelines.yml
View File

@@ -43,7 +43,7 @@ pool: Standard
stages:
- stage: Sanity_devel
displayName: Ansible devel Sanity & Units & Lint
displayName: Ansible devel sanity
dependsOn: []
jobs:
- template: templates/matrix.yml
@@ -57,25 +57,8 @@ stages:
test: units
- name: Lint
test: lint
- stage: Sanity_2_20
displayName: Ansible 2.20 Sanity & Units & Lint
dependsOn: []
jobs:
- template: templates/matrix.yml
parameters:
nameFormat: "{0}"
testFormat: 2.20/{0}
targets:
- name: Sanity
test: sanity
- name: Units
test: units
- name: Lint
test: lint
- stage: Sanity_2_19
displayName: Ansible 2.19 Sanity & Units & Lint
displayName: Ansible 2.19 sanitay & Units & Lint
dependsOn: []
jobs:
- template: templates/matrix.yml
@@ -89,9 +72,8 @@ stages:
test: units
- name: Lint
test: lint
- stage: Sanity_2_18
displayName: Ansible 2.18 Sanity & Units & Lint
displayName: Ansible 2.18 sanity & Units & Lint
dependsOn: []
jobs:
- template: templates/matrix.yml
@@ -105,9 +87,8 @@ stages:
test: units
- name: Lint
test: lint
- stage: Sanity_2_17
displayName: Ansible 2.17 Sanity & Units & Lint
displayName: Ansible 2.17 sanity & Units & Lint
dependsOn: []
jobs:
- template: templates/matrix.yml
@@ -121,7 +102,19 @@ stages:
test: units
- name: Lint
test: lint
- stage: Sanity_2_16
displayName: Ansible 2.16 sanity & Units & Lint
dependsOn: []
jobs:
- template: templates/matrix.yml
parameters:
nameFormat: "{0}"
testFormat: 2.16/{0}
targets:
- name: Sanity
test: sanity
- name: Units
test: units
## Docker
- stage: Docker_devel
displayName: Docker devel
@@ -130,21 +123,6 @@ stages:
- template: templates/matrix.yml
parameters:
testFormat: devel/linux/{0}/1
targets:
- name: Fedora 43
test: fedora43
- name: Ubuntu 22.04
test: ubuntu2204
- name: Ubuntu 24.04
test: ubuntu2404
- stage: Docker_2_20
displayName: Docker 2.20
dependsOn: []
jobs:
- template: templates/matrix.yml
parameters:
testFormat: 2.20/linux/{0}/1
targets:
- name: Fedora 42
test: fedora42
@@ -152,7 +130,6 @@ stages:
test: ubuntu2204
- name: Ubuntu 24.04
test: ubuntu2404
- stage: Docker_2_19
displayName: Docker 2.19
dependsOn: []
@@ -167,7 +144,6 @@ stages:
test: ubuntu2204
- name: Ubuntu 24.04
test: ubuntu2404
- stage: Docker_2_18
displayName: Docker 2.18
dependsOn: []
@@ -182,7 +158,6 @@ stages:
test: ubuntu2204
- name: Ubuntu 24.04
test: ubuntu2404
- stage: Docker_2_17
displayName: Docker 2.17
dependsOn: []
@@ -195,6 +170,20 @@ stages:
test: fedora39
- name: Ubuntu 22.04
test: ubuntu2204
- stage: Docker_2_16
displayName: Docker 2.16
dependsOn: []
jobs:
- template: templates/matrix.yml
parameters:
testFormat: 2.16/linux/{0}/1
targets:
- name: CentOS 7
test: centos7
- name: Fedora 38
test: fedora38
- name: Ubuntu 22.04
test: ubuntu2204
## Remote
- stage: Remote_devel
@@ -205,32 +194,14 @@ stages:
parameters:
testFormat: devel/{0}/1
targets:
- name: RHEL 10.1
test: rhel/10.1
- name: RHEL 9.7
test: rhel/9.7
- name: FreeBSD 14.3
test: freebsd/14.3
- name: FreeBSD 15.0
test: freebsd/15.0
- stage: Remote_2_20
displayName: Remote 2.20
dependsOn: []
jobs:
- template: templates/matrix.yml
parameters:
testFormat: 2.20/{0}/1
targets:
- name: RHEL 10.1
test: rhel/10.1
- name: RHEL 9.7
test: rhel/9.7
- name: RHEL 10.0
test: rhel/10.0
- name: RHEL 9.6
test: rhel/9.6
- name: FreeBSD 14.3
test: freebsd/14.3
- name: FreeBSD 13.5
test: freebsd/13.5
- stage: Remote_2_19
displayName: Remote 2.19
dependsOn: []
@@ -239,15 +210,14 @@ stages:
parameters:
testFormat: 2.19/{0}/1
targets:
- name: RHEL 10.1
test: rhel/10.1
- name: RHEL 9.7
test: rhel/9.7
- name: RHEL 10.0
test: rhel/10.0
- name: RHEL 9.5
test: rhel/9.5
- name: FreeBSD 14.2
test: freebsd/14.2
- name: FreeBSD 13.5
test: freebsd/13.5
- stage: Remote_2_18
displayName: Remote 2.18
dependsOn: []
@@ -256,13 +226,10 @@ stages:
parameters:
testFormat: 2.18/{0}/1
targets:
- name: RHEL 10.1
test: rhel/10.1
- name: RHEL 9.7
test: rhel/9.7
- name: RHEL 9.4
test: rhel/9.4
- name: FreeBSD 13.5
test: freebsd/13.5
- stage: Remote_2_17
displayName: Remote 2.17
dependsOn: []
@@ -271,17 +238,31 @@ stages:
parameters:
testFormat: 2.17/{0}/1
targets:
# 2.17 remote target doesn't have RHEL 9 image
- name: RHEL 10.0
test: rhel/10.0
- name: RHEL 9.3
test: rhel/9.3
- name: FreeBSD 13.5
test: freebsd/13.5
- stage: Remote_2_16
displayName: Remote 2.16
dependsOn: []
jobs:
- template: templates/matrix.yml
parameters:
testFormat: 2.16/{0}/1
targets:
- name: RHEL 8.8
test: rhel/8.8
- name: RHEL 9.2
test: rhel/9.2
## Finally
- stage: Summary
condition: succeededOrFailed()
dependsOn:
- Sanity_2_16
- Remote_2_16
- Docker_2_16
- Sanity_2_17
- Remote_2_17
- Docker_2_17
@@ -291,9 +272,6 @@ stages:
- Sanity_2_19
- Remote_2_19
- Docker_2_19
- Sanity_2_20
- Remote_2_20
- Docker_2_20
- Sanity_devel
- Remote_devel
- Docker_devel

52
.github/BOTMETA.yml vendored Normal file
View File

@@ -0,0 +1,52 @@
---
automerge: false
files:
$module_utils/mount.py:
labels: mount
$modules/acl.py:
authors: astorije bcoca
labels: acl
ignore: astorije
$modules/at.py:
authors: risaacson
labels: at
$modules/authorized_key.py:
authors: ansible
labels: authorized_key
$modules/mount.py:
authors: ansible skvidal
maintainers: jtyr
labels: mount
ignore: skvidal
$modules/patch.py:
authors: jirutka luisperlaz
$modules/seboolean.py:
authors: sfromm
labels: seboolean
$modules/selinux.py:
authors: goozbach
maintainers: samdoran
labels: selinux
$modules/synchronize.py:
authors: tima
labels: synchronize
$modules/sysctl.py:
authors: davixx
maintainers: Akasurde
labels: sysctl
$plugins/:
labels: profile
$plugins/debug.py:
labels: debug
$plugins/patch.py:
labels: patch
$plugins/synchronize.py:
labels: synchronize
$plugins/timer.py:
macros:
actions: plugins/action
callbacks: plugins/callback
module_utils: plugins/module_utils
modules: plugins/modules
plugins: plugins/plugins
shells: plugins/shell

35
.github/workflows/certification.yml vendored
View File

@@ -1,35 +0,0 @@
---
# This workflow calls the latest version of the
# reusable workflow.
# You can copy this file into your respository if
# you want to check against pinned versions of
# Automation Hub tests.
name: Run collection certification checks
on:
pull_request:
branches: [main]
workflow_dispatch:
schedule:
- cron: '0 6 * * *'
concurrency:
group: cert-ver-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
# Files that are not related to the core functionality
# of your collection can cause Ansible Lint to fail.
# If this happens, add an .ansible-lint file that includes
# those files and directories to the root of your
# repository; for example:
# https://github.com/ansible-collections/partner-certification-checker/blob/main/.ansible-lint
# https://github.com/ansible-collections/partner-certification-checker/blob/main/.ansible-lint
# If there are sanity test failures that cannot be fixed and are allowed to ignore
# https://docs.ansible.com/projects/lint/rules/sanity/, create a sanity ignore file
# https://docs.ansible.com/projects/ansible/devel/dev_guide/testing/sanity/ignores.html#ignore-file-location
# for each affected version of ansible-core (for example, `tests/sanity/ignore-2.18.txt`) and add corresponding entries.
jobs:
call:
uses: ansible-collections/partner-certification-checker/.github/workflows/certification-reusable.yml@v0.1

2
README.md
View File

@@ -2,7 +2,7 @@
<!-- Add CI and code coverage badges here. Samples included below. -->
[![Build Status](
https://dev.azure.com/ansible/ansible.posix/_apis/build/status/CI?branchName=main)](https://dev.azure.com/ansible/ansible.posix/_build?definitionId=26)
[![Codecov](https://img.shields.io/codecov/c/github/ansible-collections/ansible.posix)](https://codecov.io/gh/ansible-collections/ansible.posix)
[![Run Status](https://api.shippable.com/projects/5e669aaf8b17a60007e4d18d/badge?branch=main)]() <!--[![Codecov](https://img.shields.io/codecov/c/github/ansible-collections/ansible.posix)](https://codecov.io/gh/ansible-collections/ansible.posix)-->
## Communication

3
changelogs/fragments/639_fix_authorized_key.yml
View File

@@ -1,3 +0,0 @@
---
bugfixes:
- ansible.posix.authorized_key - fixes error on permission denied in authorized_key module (https://github.com/ansible-collections/ansible.posix/issues/462).

3
changelogs/fragments/670-deprecations.yml
View File

@@ -1,3 +0,0 @@
bugfixes:
- "firewalld_info - stop returning warnings as return values; this has been deprecated by ansible-core (https://github.com/ansible-collections/ansible.posix/pull/670)."
- "mount - stop returning warnings as return values; this has been deprecated by ansible-core (https://github.com/ansible-collections/ansible.posix/pull/670)."

4
changelogs/fragments/682_update_ci_20250929.yml
View File

@@ -1,4 +0,0 @@
trivial:
- Updatng AZP CI matrix to ignore ansible-bad-import-from on six(https://github.com/ansible-collections/ansible.posix/pull/682).
- Skipped sanity[cannot-ignore] to keep backward compatibility with Python2.
- Consolidate all ansible-lint option locations into .ansible-lint file.

5
changelogs/fragments/693_azp_update_20251205.yml
View File

@@ -1,5 +0,0 @@
---
trivial:
- AZP - Update AZP matrix to follow ansible-test changes.
- Add ignore file for Ansible Core 2.21.
- Remove ignore lines for ansible-bad-import-from in 2.20 sanity tests.

24
plugins/modules/authorized_key.py
View File

@@ -225,8 +225,6 @@ import os.path
import tempfile
import re
import shlex
import errno
import traceback
from operator import itemgetter
from ansible.module_utils._text import to_native
@@ -477,18 +475,16 @@ def parsekey(module, raw_key, rank=None):
return (key, key_type, options, comment, rank)
def readfile(module, filename):
def readfile(filename):
if not os.path.isfile(filename):
return ''
f = open(filename)
try:
with open(filename, 'r') as f:
return f.read()
except IOError as e:
if e.errno == errno.EACCES:
module.fail_json(msg="Permission denied on file or path for authorized keys file: %s" % filename,
exception=traceback.format_exc())
elif e.errno == errno.ENOENT:
return ''
else:
raise
return f.read()
finally:
f.close()
def parsekeys(module, lines):
@@ -601,7 +597,7 @@ def enforce_state(module, params):
# check current state -- just get the filename, don't create file
do_write = False
params["keyfile"] = keyfile(module, user, do_write, path, manage_dir)
existing_content = readfile(module, params["keyfile"])
existing_content = readfile(params["keyfile"])
existing_keys = parsekeys(module, existing_content)
# Add a place holder for keys that should exist in the state=present and

1
plugins/modules/firewalld_info.py
View File

@@ -319,6 +319,7 @@ def main():
active_zones=module.params['active_zones'],
collected_zones=list(),
undefined_zones=list(),
warnings=list(),
)
# Exit with failure message if requirements modules are not installed.

9
plugins/modules/mount.py
View File

@@ -279,7 +279,7 @@ def _set_mount_save_old(module, args):
old_lines = []
exists = False
changed = False
escaped_args = dict([(k, _escape_fstab(v)) for k, v in iteritems(args)])
escaped_args = dict([(k, _escape_fstab(v)) for k, v in iteritems(args) if k != 'warnings'])
new_line = '%(src)s %(name)s %(fstype)s %(opts)s %(dump)s %(passno)s\n'
if platform.system() == 'SunOS':
@@ -804,6 +804,7 @@ def main():
passno='-',
fstab=module.params['fstab'],
boot='yes' if module.params['boot'] else 'no',
warnings=[]
)
if args['fstab'] is None:
args['fstab'] = '/etc/vfstab'
@@ -815,6 +816,7 @@ def main():
passno='0',
fstab=module.params['fstab'],
boot='yes',
warnings=[]
)
if args['fstab'] is None:
args['fstab'] = '/etc/fstab'
@@ -832,7 +834,8 @@ def main():
linux_mounts = get_linux_mounts(module)
if linux_mounts is None:
module.warn('Cannot open file /proc/self/mountinfo. Bind mounts might be misinterpreted.')
args['warnings'].append('Cannot open file /proc/self/mountinfo.'
' Bind mounts might be misinterpreted.')
# Override defaults with user specified params
for key in ('src', 'fstype', 'passno', 'opts', 'dump', 'fstab'):
@@ -844,7 +847,7 @@ def main():
# specified in 'opts', mount module will ignore 'boot'.
opts = args['opts'].split(',')
if module.params['boot'] and 'noauto' in opts:
module.warn("Ignore the 'boot' due to 'opts' contains 'noauto'.")
args['warnings'].append("Ignore the 'boot' due to 'opts' contains 'noauto'.")
elif not module.params['boot']:
args['boot'] = 'no'
opts.append('noauto')

113
plugins/modules/sysctl.py
View File

@@ -56,6 +56,16 @@ options:
- Verify token value with the sysctl command and set with C(-w) if necessary.
type: bool
default: false
system_wide:
description:
- If V(true), uses C(sysctl --system) behavior to reload all sysctl configuration files.
- This will reload configuration from C(/etc/sysctl.d/*.conf), C(/run/sysctl.d/*.conf),
C(/usr/local/lib/sysctl.d/*.conf), C(/usr/lib/sysctl.d/*.conf), C(/lib/sysctl.d/*.conf),
and C(/etc/sysctl.conf) in that order.
- If V(false), only reloads the specific sysctl file defined by O(sysctl_file).
- Only applies when O(reload) is V(true).
type: bool
default: false
author:
- David CHANIAL (@davixx)
'''
@@ -100,6 +110,14 @@ EXAMPLES = r'''
sysctl_set: true
state: present
reload: true
# Set vm.swappiness and reload all system sysctl configuration files (equivalent to sysctl --system)
- ansible.posix.sysctl:
name: vm.swappiness
value: '10'
state: present
reload: true
system_wide: true
'''
# ==============================================================
@@ -108,6 +126,7 @@ import os
import platform
import re
import tempfile
import glob
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.six import string_types
@@ -121,17 +140,30 @@ class SysctlModule(object):
# success or failure.
LANG_ENV = {'LANG': 'C', 'LC_ALL': 'C', 'LC_MESSAGES': 'C'}
# We define a variable to keep all the directories to be read, equivalent to
# (/sbin/sysctl --system) option
SYSCTL_DIRS = [
'/etc/sysctl.d/*.conf',
'/run/sysctl.d/*.conf',
'/usr/local/lib/sysctl.d/*.conf',
'/usr/lib/sysctl.d/*.conf',
'/lib/sysctl.d/*.conf',
'/etc/sysctl.conf'
]
def __init__(self, module):
self.module = module
self.args = self.module.params
self.sysctl_cmd = self.module.get_bin_path('sysctl', required=True)
self.sysctl_file = self.args['sysctl_file']
self.system_wide = self.args['system_wide']
self.proc_value = None # current token value in proc fs
self.file_value = None # current token value in file
self.file_lines = [] # all lines in the file
self.file_values = {} # dict of token values
self.system_wide_file_value = None # current token value from system-wide files
self.changed = False # will change occur
self.set_proc = False # does sysctl need to set value
@@ -161,19 +193,36 @@ class SysctlModule(object):
if thisname not in self.file_values:
self.file_values[thisname] = None
# if system_wide is enabled, also check system-wide configuration
if self.system_wide:
system_wide_values = self.read_system_wide_sysctl_files()
# If the value exists in system-wide config, use that for comparison
if thisname in system_wide_values:
self.system_wide_file_value = system_wide_values[thisname]
else:
self.system_wide_file_value = None
else:
self.system_wide_file_value = None
# update file contents with desired token/value
self.fix_lines()
# what do we need to do now?
if self.file_values[thisname] is None and self.args['state'] == "present":
# Determine the effective current value (system-wide takes precedence if enabled)
if self.system_wide and self.system_wide_file_value is not None:
current_file_value = self.system_wide_file_value
else:
current_file_value = self.file_values[thisname]
if current_file_value is None and self.args['state'] == "present":
self.changed = True
self.write_file = True
elif self.file_values[thisname] is None and self.args['state'] == "absent":
elif current_file_value is None and self.args['state'] == "absent":
self.changed = False
elif self.file_values[thisname] and self.args['state'] == "absent":
elif current_file_value and self.args['state'] == "absent":
self.changed = True
self.write_file = True
elif self.file_values[thisname] != self.args['value']:
elif current_file_value != self.args['value']:
self.changed = True
self.write_file = True
# with reload=yes we should check if the current system values are
@@ -306,15 +355,25 @@ class SysctlModule(object):
# https://github.com/ansible/ansible/issues/58158
return
else:
# system supports reloading via the -p flag to sysctl, so we'll use that
sysctl_args = [self.sysctl_cmd, '-p', self.sysctl_file]
if self.args['ignoreerrors']:
sysctl_args.insert(1, '-e')
if self.system_wide:
for sysctl_file in self.SYSCTL_DIRS:
for conf_file in glob.glob(sysctl_file):
sysctl_args = [self.sysctl_cmd, '-p', conf_file]
if self.args['ignoreerrors']:
sysctl_args.insert(1, '-e')
rc, out, err = self.module.run_command(sysctl_args, environ_update=self.LANG_ENV)
if rc != 0 or self._stderr_failed(err):
self.module.fail_json(msg="Failed to reload sysctl: %s" % to_native(out) + to_native(err))
else:
# system supports reloading via the -p flag to sysctl, so we'll use that
sysctl_args = [self.sysctl_cmd, '-p', self.sysctl_file]
if self.args['ignoreerrors']:
sysctl_args.insert(1, '-e')
rc, out, err = self.module.run_command(sysctl_args, environ_update=self.LANG_ENV)
rc, out, err = self.module.run_command(sysctl_args, environ_update=self.LANG_ENV)
if rc != 0 or self._stderr_failed(err):
self.module.fail_json(msg="Failed to reload sysctl: %s" % to_native(out) + to_native(err))
if rc != 0 or self._stderr_failed(err):
self.module.fail_json(msg="Failed to reload sysctl: %s" % to_native(out) + to_native(err))
# ==============================================================
# SYSCTL FILE MANAGEMENT
@@ -344,6 +403,35 @@ class SysctlModule(object):
v = v.strip()
self.file_values[k] = v.strip()
# Get the token value from all system-wide sysctl files
def read_system_wide_sysctl_files(self):
"""Read all system-wide sysctl configuration files when system_wide=True"""
system_values = {}
for sysctl_pattern in self.SYSCTL_DIRS:
for conf_file in glob.glob(sysctl_pattern):
if os.path.isfile(conf_file):
try:
with open(conf_file, "r") as read_file:
lines = read_file.readlines()
for line in lines:
line = line.strip()
# don't split empty lines or comments or line without equal sign
if not line or line.startswith(("#", ";")) or "=" not in line:
continue
k, v = line.split('=', 1)
k = k.strip()
v = v.strip()
# Later files override earlier ones (mimicking sysctl --system behavior)
system_values[k] = v.strip()
except IOError:
# Skip files that can't be read
continue
return system_values
# Fix the value in the sysctl file content
def fix_lines(self):
checked = []
@@ -401,7 +489,8 @@ def main():
reload=dict(default=True, type='bool'),
sysctl_set=dict(default=False, type='bool'),
ignoreerrors=dict(default=False, type='bool'),
sysctl_file=dict(default='/etc/sysctl.conf', type='path')
sysctl_file=dict(default='/etc/sysctl.conf', type='path'),
system_wide=dict(default=False, type='bool'), # system_wide parameter
),
supports_check_mode=True,
required_if=[('state', 'present', ['value'])],

41
tests/integration/targets/authorized_key/tasks/check_permissions.yml
View File

@@ -1,41 +0,0 @@
---
# -------------------------------------------------------------
# check permissions
- name: Create a file that is not accessible
ansible.builtin.file:
state: touch
path: "{{ output_dir | expanduser }}/file_permissions"
owner: root
mode: '0000'
- name: Create unprivileged user
ansible.builtin.user:
name: nopriv
create_home: true
- name: Try to delete a key from an unreadable file
become: true
become_user: nopriv
ansible.posix.authorized_key:
user: root
key: "{{ dss_key_basic }}"
state: absent
path: "{{ output_dir | expanduser }}/file_permissions"
register: result
ignore_errors: true
- name: Assert that the key deletion has failed
ansible.builtin.assert:
that:
- result is failed
- name: Remove the file
ansible.builtin.file:
state: absent
path: "{{ output_dir | expanduser }}/file_permissions"
- name: Remove the user
ansible.builtin.user:
name: nopriv
state: absent

3
tests/integration/targets/authorized_key/tasks/main.yml
View File

@@ -34,6 +34,3 @@
- name: Test for specifying key as a path
ansible.builtin.import_tasks: check_path.yml
- name: Test for permission denied files
ansible.builtin.import_tasks: check_permissions.yml

122
tests/integration/targets/sysctl/tasks/main.yml
View File

@@ -140,8 +140,10 @@
ansible.posix.sysctl:
name: test.invalid
value: 1
register: sysctl_test3
reload: false
sysctl_set: true
ignore_errors: true
register: sysctl_test3
- name: Debug sysctl_test3
ansible.builtin.debug:
@@ -229,6 +231,91 @@
ansible.builtin.assert:
that:
- sysctl_test4 is failed
##
## sysctl --system
##
- name: Set vm.swappiness to 10 with --system option
ansible.posix.sysctl:
name: vm.swappiness
value: 10
state: present
reload: false
sysctl_set: true
system_wide: true
register: sysctl_system_test1
- name: Check with sysctl command
ansible.builtin.command: sysctl vm.swappiness
changed_when: false
register: sysctl_check_system1
- name: Debug sysctl_system_test1 sysctl_check_system1
ansible.builtin.debug:
var: item
verbosity: 1
with_items:
- "{{ sysctl_system_test1 }}"
- "{{ sysctl_check_system1 }}"
- name: Validate results for --system option
ansible.builtin.assert:
that:
- sysctl_system_test1 is changed
- "'10' in sysctl_check_system1.stdout"
# Test system_wide with reload=true
- name: Set vm.dirty_ratio to 20 with system_wide and reload=true
ansible.posix.sysctl:
name: vm.dirty_ratio
value: 20
state: present
reload: true
system_wide: true
register: sysctl_system_reload_test
- name: Check vm.dirty_ratio value
ansible.builtin.command: sysctl -n vm.dirty_ratio
changed_when: false
register: sysctl_check_dirty_ratio
- name: Validate system_wide with reload
ansible.builtin.assert:
that:
- sysctl_system_reload_test is changed
- sysctl_check_dirty_ratio.stdout == "20"
# Test system_wide=false behavior (default)
- name: Create custom sysctl file for testing
ansible.builtin.copy:
content: |
# Custom sysctl test file
vm.dirty_background_ratio=5
dest: "{{ output_dir_test }}/custom_sysctl.conf"
mode: "0644"
- name: Set vm.dirty_background_ratio with system_wide=false
ansible.posix.sysctl:
name: vm.dirty_background_ratio
value: 10
state: present
reload: true
system_wide: false
sysctl_file: "{{ output_dir_test }}/custom_sysctl.conf"
register: sysctl_system_false_test
- name: Check custom sysctl file content
ansible.builtin.command: cat {{ output_dir_test }}/custom_sysctl.conf
changed_when: false
register: custom_sysctl_content
- name: Validate system_wide=false behavior
ansible.builtin.assert:
that:
- sysctl_system_false_test is changed
- "'vm.dirty_background_ratio=10' in custom_sysctl_content.stdout"
- name: Test on RHEL VMs
when:
@@ -366,3 +453,36 @@
that:
- stat_result.stat.islnk is defined and stat_result.stat.islnk
- stat_result.stat.lnk_source == '/tmp/ansible_sysctl_test.conf'
# Test sysctl: --system
- name: Set vm.swappiness to 10 with --system option
ansible.posix.sysctl:
name: vm.swappiness
value: 10
state: present
reload: false
sysctl_set: true
system_wide: true
register: sysctl_system_test1
- name: Check with sysctl command
ansible.builtin.command: sysctl vm.swappiness
changed_when: false
register: sysctl_check_system1
- name: Debug sysctl_system_test1 sysctl_check_system1
ansible.builtin.debug:
var: item
verbosity: 1
with_items:
- "{{ sysctl_system_test1 }}"
- "{{ sysctl_check_system1 }}"
- name: Validate results for --system option
ansible.builtin.assert:
that:
- sysctl_system_test1 is changed
- sysctl_check_system1.stdout_lines == ["vm.swappiness = 10"]
- name: Include system_wide specific tests
ansible.builtin.include_tasks: system_wide_tests.yml

203
tests/integration/targets/sysctl/tasks/system_wide_tests.yml Normal file
View File

@@ -0,0 +1,203 @@
---
# Additional tests specifically for system_wide parameter functionality
- name: Test system_wide parameter basic functionality
block:
# Test system_wide with a simple sysctl parameter
- name: Set vm.swappiness with system_wide=true (first time)
ansible.posix.sysctl:
name: vm.swappiness
value: 35
state: present
reload: false
system_wide: true
register: sysctl_system_wide_first_test
- name: Debug first test result
ansible.builtin.debug:
var: sysctl_system_wide_first_test
- name: Set vm.swappiness with system_wide=true (second time - should not change)
ansible.posix.sysctl:
name: vm.swappiness
value: 35
state: present
reload: false
system_wide: true
register: sysctl_system_wide_second_test
- name: Debug second test result
ansible.builtin.debug:
var: sysctl_system_wide_second_test
- name: Validate system_wide basic functionality
ansible.builtin.assert:
that:
- sysctl_system_wide_first_test is changed
- sysctl_system_wide_second_test is not changed
# Test system_wide with reload=true
- name: Set vm.dirty_expire_centisecs with system_wide=true and reload
ansible.posix.sysctl:
name: vm.dirty_expire_centisecs
value: 3000
state: present
reload: true
system_wide: true
register: sysctl_system_wide_reload_test
- name: Check vm.dirty_expire_centisecs value
ansible.builtin.command: sysctl -n vm.dirty_expire_centisecs
changed_when: false
register: sysctl_check_dirty_expire
- name: Validate system_wide with reload=true
ansible.builtin.assert:
that:
- sysctl_system_wide_reload_test is changed
- sysctl_check_dirty_expire.stdout == "3000"
# Test system_wide=false behavior (default)
- name: Create custom sysctl file for testing system_wide=false
ansible.builtin.copy:
content: |
# Custom sysctl test file
vm.dirty_background_ratio=5
dest: "{{ output_dir_test }}/custom_sysctl.conf"
mode: "0644"
- name: Set vm.dirty_background_ratio with system_wide=false
ansible.posix.sysctl:
name: vm.dirty_background_ratio
value: 10
state: present
reload: true
system_wide: false
sysctl_file: "{{ output_dir_test }}/custom_sysctl.conf"
register: sysctl_system_false_test
- name: Check custom sysctl file content
ansible.builtin.command: cat {{ output_dir_test }}/custom_sysctl.conf
changed_when: false
register: custom_sysctl_content
- name: Validate system_wide=false behavior
ansible.builtin.assert:
that:
- sysctl_system_false_test is changed
- "'vm.dirty_background_ratio=10' in custom_sysctl_content.stdout"
# Test system_wide with check mode
- name: Test system_wide in check mode
ansible.posix.sysctl:
name: vm.swappiness
value: 25
state: present
reload: true
system_wide: true
check_mode: true
register: sysctl_system_wide_check_mode
- name: Validate check mode works with system_wide
ansible.builtin.assert:
that:
- sysctl_system_wide_check_mode is changed
# Test system_wide with missing directories (should not fail)
- name: Test system_wide with potentially missing directories
ansible.posix.sysctl:
name: vm.overcommit_memory
value: 1
state: present
reload: true
system_wide: true
ignoreerrors: true
register: sysctl_system_wide_missing_dirs
- name: Validate system_wide handles missing directories
ansible.builtin.assert:
that:
- sysctl_system_wide_missing_dirs is not failed
- name: Test system_wide with multiple configuration files (RHEL/CentOS only)
when:
- ansible_facts.os_family == 'RedHat'
- ansible_facts.virtualization_type != 'docker'
block:
# Test that system_wide processes multiple configuration files
- name: Create test sysctl.d file
ansible.builtin.copy:
content: |
# Test system-wide sysctl reload
vm.dirty_writeback_centisecs=500
dest: /etc/sysctl.d/99-ansible-test.conf
mode: "0644"
backup: true
register: test_sysctl_file
- name: Apply setting with system_wide to test multiple file processing
ansible.posix.sysctl:
name: vm.overcommit_memory
value: 1
state: present
reload: true
system_wide: true
register: sysctl_multifile_test
- name: Verify both settings are applied
ansible.builtin.shell: |
sysctl -n vm.dirty_writeback_centisecs
sysctl -n vm.overcommit_memory
changed_when: false
register: sysctl_multifile_check
- name: Validate multiple file processing
ansible.builtin.assert:
that:
- sysctl_multifile_test is changed
- "'500' in sysctl_multifile_check.stdout"
- "'1' in sysctl_multifile_check.stdout"
- name: Cleanup test sysctl.d file
ansible.builtin.file:
path: /etc/sysctl.d/99-ansible-test.conf
state: absent
- name: Test system_wide parameter combinations
block:
# Test system_wide with sysctl_set
- name: Test system_wide with sysctl_set=true
ansible.posix.sysctl:
name: vm.swappiness
value: 15
state: present
reload: true
system_wide: true
sysctl_set: true
register: sysctl_system_wide_set_test
- name: Check vm.swappiness value after system_wide + sysctl_set
ansible.builtin.command: sysctl -n vm.swappiness
changed_when: false
register: sysctl_check_swappiness_set
- name: Validate system_wide with sysctl_set
ansible.builtin.assert:
that:
- sysctl_system_wide_set_test is changed
- sysctl_check_swappiness_set.stdout == "15"
# Test system_wide with reload=false (should not trigger system reload)
- name: Test system_wide with reload=false
ansible.posix.sysctl:
name: vm.dirty_ratio
value: 25
state: present
reload: false
system_wide: true
register: sysctl_system_wide_no_reload
- name: Validate system_wide with reload=false
ansible.builtin.assert:
that:
- sysctl_system_wide_no_reload is changed

10
tests/sanity/ignore-2.21.txt
View File

@@ -1,10 +0,0 @@
tests/utils/shippable/timing.py shebang
plugins/action/synchronize.py pylint:ansible-bad-import-from
plugins/callback/cgroup_perf_recap.py pylint:ansible-bad-import-from
plugins/modules/mount.py pylint:ansible-bad-import-from
plugins/modules/sysctl.py pylint:ansible-bad-import-from
plugins/shell/csh.py pylint:ansible-bad-import-from
plugins/shell/fish.py pylint:ansible-bad-import-from
tests/unit/mock/procenv.py pylint:ansible-bad-import-from
tests/unit/mock/yaml_helper.py pylint:ansible-bad-import-from
tests/unit/modules/conftest.py pylint:ansible-bad-import-from

5
tests/utils/shippable/lint.sh
View File

@@ -9,5 +9,6 @@ command -v ansible
pip install --upgrade --user pip
pip install --upgrade --user ansible-lint
# To specify additional options, you can specify them into .ansible-lint file.
PATH="${PATH/\~/${HOME}}" ansible-lint
PATH="${PATH/\~/${HOME}}" ansible-lint \
--exclude changelogs/ \
--profile=production