Add integration test for --system option

Changed the type of the forward and masquerade options from str to bool

SUMMARY
The forward and masquerade options for the firewall module takes either True or False as a value.
Currently, it is defined as a string, but it should be a boolean.

Fixes #582

ISSUE TYPE

Bugfix Pull Request

COMPONENT NAME

ansible.posix.firewalld

ADDITIONAL INFORMATION
None

Reviewed-by: Adam Miller <admiller@redhat.com>
Reviewed-by: Andrew Klychkov <aklychko@redhat.com>

.azure-pipelines/azure-pipelines.yml

@@ -37,13 +37,13 @@ variables:
 resources:
   containers:
     - container: default
-      image: quay.io/ansible/azure-pipelines-test-container:7.0.0
+      image: quay.io/ansible/azure-pipelines-test-container:6.0.0
 
 pool: Standard
 
 stages:
   - stage: Sanity_devel
-    displayName: Ansible devel sanity & Units & Lint
+    displayName: Ansible devel sanity
     dependsOn: []
     jobs:
       - template: templates/matrix.yml
@@ -57,23 +57,8 @@ stages:
               test: units
             - name: Lint
               test: lint
-  - stage: Sanity_2_19
-    displayName: Ansible 2.19 sanity & Units & Lint
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          nameFormat: "{0}"
-          testFormat: 2.19/{0}
-          targets:
-            - name: Sanity
-              test: sanity
-            - name: Units
-              test: units
-            - name: Lint
-              test: lint
   - stage: Sanity_2_18
-    displayName: Ansible 2.18 sanity & Units & Lint
+    displayName: Ansible 2.18 sanity
     dependsOn: []
     jobs:
       - template: templates/matrix.yml
@@ -88,7 +73,7 @@ stages:
             - name: Lint
               test: lint
   - stage: Sanity_2_17
-    displayName: Ansible 2.17 sanity & Units & Lint
+    displayName: Ansible 2.17 sanity
     dependsOn: []
     jobs:
       - template: templates/matrix.yml
@@ -103,7 +88,7 @@ stages:
             - name: Lint
               test: lint
   - stage: Sanity_2_16
-    displayName: Ansible 2.16 sanity & Units & Lint
+    displayName: Ansible 2.16 sanity
     dependsOn: []
     jobs:
       - template: templates/matrix.yml
@@ -115,6 +100,19 @@ stages:
               test: sanity
             - name: Units
               test: units
+  - stage: Sanity_2_15
+    displayName: Ansible 2.15 sanity
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: "{0}"
+          testFormat: 2.15/{0}
+          targets:
+            - name: Sanity
+              test: sanity
+            - name: Units
+              test: units
   ## Docker
   - stage: Docker_devel
     displayName: Docker devel
@@ -124,28 +122,14 @@ stages:
         parameters:
           testFormat: devel/linux/{0}/1
           targets:
-            - name: Fedora 42
+            - name: Fedora 40
-              test: fedora42
+              test: fedora40
-            - name: Ubuntu 22.04
-              test: ubuntu2204
-            - name: Ubuntu 24.04
-              test: ubuntu2404
-  - stage: Docker_2_19
-    displayName: Docker 2.19
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          testFormat: 2.19/linux/{0}/1
-          targets:
-            - name: Fedora 41
-              test: fedora41
             - name: Ubuntu 22.04
               test: ubuntu2204
             - name: Ubuntu 24.04
               test: ubuntu2404
   - stage: Docker_2_18
-    displayName: Docker 2.18
+    displayName: Docker devel
     dependsOn: []
     jobs:
       - template: templates/matrix.yml
@@ -168,6 +152,8 @@ stages:
           targets:
             - name: Fedora 39
               test: fedora39
+            - name: Ubuntu 20.04
+              test: ubuntu2004
             - name: Ubuntu 22.04
               test: ubuntu2204
   - stage: Docker_2_16
@@ -182,6 +168,27 @@ stages:
               test: centos7
             - name: Fedora 38
               test: fedora38
+            - name: Ubuntu 20.04
+              test: ubuntu2004
+            - name: Ubuntu 22.04
+              test: ubuntu2204
+
+  - stage: Docker_2_15
+    displayName: Docker 2.15
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.15/linux/{0}/1
+          targets:
+            - name: CentOS 7
+              test: centos7
+            - name: Fedora 37
+              test: fedora37
+            - name: openSUSE 15 py3
+              test: opensuse15
+            - name: Ubuntu 20.04
+              test: ubuntu2004
             - name: Ubuntu 22.04
               test: ubuntu2204
 
@@ -194,32 +201,12 @@ stages:
         parameters:
           testFormat: devel/{0}/1
           targets:
-            - name: RHEL 10.0
+            - name: RHEL 9.4
-              test: rhel/10.0
+              test: rhel/9.4
-            - name: RHEL 9.6
+            - name: FreeBSD 13.3
-              test: rhel/9.6
+              test: freebsd/13.3
-            - name: FreeBSD 14.3
-              test: freebsd/14.3
-            - name: FreeBSD 13.5
-              test: freebsd/13.5
-  - stage: Remote_2_19
-    displayName: Remote 2.19
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          testFormat: 2.19/{0}/1
-          targets:
-            - name: RHEL 10.0
-              test: rhel/10.0
-            - name: RHEL 9.5
-              test: rhel/9.5
-            - name: FreeBSD 14.2
-              test: freebsd/14.2
-            - name: FreeBSD 13.5
-              test: freebsd/13.5
   - stage: Remote_2_18
-    displayName: Remote 2.18
+    displayName: Remote devel
     dependsOn: []
     jobs:
       - template: templates/matrix.yml
@@ -228,8 +215,8 @@ stages:
           targets:
             - name: RHEL 9.4
               test: rhel/9.4
-            - name: FreeBSD 13.5
+            - name: FreeBSD 13.3
-              test: freebsd/13.5
+              test: freebsd/13.3
   - stage: Remote_2_17
     displayName: Remote 2.17
     dependsOn: []
@@ -240,8 +227,8 @@ stages:
           targets:
             - name: RHEL 9.3
               test: rhel/9.3
-            - name: FreeBSD 13.5
+            - name: FreeBSD 13.3
-              test: freebsd/13.5
+              test: freebsd/13.3
   - stage: Remote_2_16
     displayName: Remote 2.16
     dependsOn: []
@@ -254,12 +241,34 @@ stages:
               test: rhel/8.8
             - name: RHEL 9.2
               test: rhel/9.2
+            - name: FreeBSD 13.2
+              test: freebsd/13.2
+
+  - stage: Remote_2_15
+    displayName: Remote 2.15
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.15/{0}/1
+          targets:
+            - name: RHEL 7.9
+              test: rhel/7.9
+            - name: RHEL 8.7
+              test: rhel/8.7
+            - name: RHEL 9.1
+              test: rhel/9.1
+            - name: FreeBSD 13.2
+              test: freebsd/13.2
 
   ## Finally
 
   - stage: Summary
     condition: succeededOrFailed()
     dependsOn:
+      - Sanity_2_15
+      - Remote_2_15
+      - Docker_2_15
       - Sanity_2_16
       - Remote_2_16
       - Docker_2_16
@@ -269,11 +278,8 @@ stages:
       - Sanity_2_18
       - Remote_2_18
       - Docker_2_18
-      - Sanity_2_19
-      - Remote_2_19
-      - Docker_2_19
       - Sanity_devel
-      - Remote_devel
+      # - Remote_devel # Wait for test environment release
-      - Docker_devel
+      # - Docker_devel # Wait for test environment release
     jobs:
       - template: templates/coverage.yml

.github/BOTMETA.yml

@@ -40,7 +40,6 @@ files:
     labels: debug
   $plugins/patch.py:
     labels: patch
-  $plugins/skippy.py:
   $plugins/synchronize.py:
     labels: synchronize
   $plugins/timer.py:

CHANGELOG.rst

@@ -4,39 +4,6 @@ ansible.posix Release Notes
 
 .. contents:: Topics
 
-v1.6.2
-======
-
-Release Summary
----------------
-
-This is the bugfix release of the stable version ``ansible.posix`` collection.
-This changelog contains all changes to the modules and plugins
-in this collection that have been added after the release of
-``ansible.posix`` 1.6.1.
-
-Bugfixes
---------
-
-- backport - Drop ansible-core 2.14 and set 2.15 minimum version (https://github.com/ansible-collections/ansible.posix/issues/578).
-
-v1.6.1
-======
-
-Release Summary
----------------
-
-This is the bugfix release of the stable version ``ansible.posix`` collection.
-This changelog contains all changes to the modules and plugins
-in this collection that have been added after the release of
-``ansible.posix`` 1.6.1.
-
-Bugfixes
---------
-
-- acl - Fixed to set ACLs on paths mounted with NFS version 4 correctly (https://github.com/ansible-collections/ansible.posix/issues/240).
-- mount - Handle ``boot`` option on Linux, NetBSD and OpenBSD correctly (https://github.com/ansible-collections/ansible.posix/issues/364).
-- skippy - Revert removal of skippy plugin. It will be removed in version 2.0.0 (https://github.com/ansible-collections/ansible.posix/issues/573).
 
 v1.6.0
 ======

README.md

@@ -22,7 +22,7 @@ For more information about communication, see the [Ansible communication guide](
 <!--start requires_ansible-->
 ## Ansible version compatibility
 
-This collection has been tested against following Ansible versions: **>=2.16**.
+This collection has been tested against following Ansible versions: **>=2.15**.
 <!--end requires_ansible-->
 
 ## Included content
@@ -74,9 +74,13 @@ None
 
 <!-- List the versions of Ansible the collection has been tested with. Must match what is in galaxy.yml. -->
 
+- ansible-core 2.19 (devel)
 - ansible-core 2.18 (stable) *
 - ansible-core 2.17 (stable)
 - ansible-core 2.16 (stable)
+- ansible-core 2.15 (stable)
+
+*Note: For ansible-core 2.18, CI only covers sanity tests and no integration tests will be run until the test environment is released.*
 
 ## Roadmap
 

changelogs/changelog.yaml

@@ -405,43 +405,3 @@ releases:
     - dropping-ansible29.yml
     - test-reqs.yml
     release_date: '2024-09-11'
-  1.6.1:
-    changes:
-      bugfixes:
-      - acl - Fixed to set ACLs on paths mounted with NFS version 4 correctly (https://github.com/ansible-collections/ansible.posix/issues/240).
-      - mount - Handle ``boot`` option on Linux, NetBSD and OpenBSD correctly (https://github.com/ansible-collections/ansible.posix/issues/364).
-      - skippy - Revert removal of skippy plugin. It will be removed in version 2.0.0
-        (https://github.com/ansible-collections/ansible.posix/issues/573).
-      release_summary: 'This is the bugfix release of the stable version ``ansible.posix``
-        collection.
-
-        This changelog contains all changes to the modules and plugins
-
-        in this collection that have been added after the release of
-
-        ``ansible.posix`` 1.6.1.'
-    fragments:
-    - 1.6.1.yml
-    - 365-boot-linux.yml
-    - 566_bump_version_161.yml
-    - 567_remove_version_added.yml
-    - 570_nfs4_acl.yml
-    - 571_ci_bump_core_version.yml
-    - 572_revert_removal_of_skippy.yml
-    release_date: '2024-10-11'
-  1.6.2:
-    changes:
-      bugfixes:
-      - backport - Drop ansible-core 2.14 and set 2.15 minimum version (https://github.com/ansible-collections/ansible.posix/issues/578).
-      release_summary: 'This is the bugfix release of the stable version ``ansible.posix``
-        collection.
-
-        This changelog contains all changes to the modules and plugins
-
-        in this collection that have been added after the release of
-
-        ``ansible.posix`` 1.6.1.'
-    fragments:
-    - 1.6.2.yml
-    - 580_drop_ansible214.yml
-    release_date: '2024-10-22'

changelogs/fragments/365-boot-linux.yml

@@ -0,0 +1,3 @@
+---
+bugfixes:
+  - mount - Handle ``boot`` option on Linux, NetBSD and OpenBSD correctly (https://github.com/ansible-collections/ansible.posix/issues/364).

changelogs/fragments/387_callback_output_header.yml

@@ -0,0 +1,3 @@
+---
+minor_changes:
+  - callback plugins - Add recap information to timer, profile_roles and profile_tasks callback outputs (https://github.com/ansible-collections/ansible.posix/pull/387).

changelogs/fragments/566_bump_version_161.yml

@@ -0,0 +1,3 @@
+---
+trivial:
+  - Bump version to 1.6.1 for next release.

changelogs/fragments/567_remove_version_added.yml

@@ -0,0 +1,3 @@
+---
+trivial:
+  - mount - remove wrong version_added section from ``opts_no_log``.

changelogs/fragments/568_update_authorized_key.yml

@@ -0,0 +1,3 @@
+---
+minor_changes:
+  - authorized_keys - allow using absolute path to a file as a SSH key(s) source (https://github.com/ansible-collections/ansible.posix/pull/568)

changelogs/fragments/570_nfs4_acl.yml

@@ -0,0 +1,3 @@
+---
+bugfixes:
+  - acl - Fixed to set ACLs on paths mounted with NFS version 4 correctly (https://github.com/ansible-collections/ansible.posix/issues/240).

changelogs/fragments/571_ci_bump_core_version.yml

@@ -0,0 +1,3 @@
+---
+trivial:
+  - Bump ansible-core version to 2.19 of devel branch and add 2.18 to CI.

changelogs/fragments/576_bump_version_2.yml

@@ -0,0 +1,3 @@
+---
+trivial:
+  - Bump ansible.posix version to 2.0.0.

changelogs/fragments/581_ci_selinux.yml

@@ -0,0 +1,3 @@
+---
+trivial:
+  - selinux - conditions for selinux integration tests have been modified to be more accurate.

changelogs/fragments/584_firewalld_opt_type.yml

@@ -0,0 +1,3 @@
+---
+breaking_changes:
+  - firewalld - Changed the type of forward and masquerade options from str to bool (https://github.com/ansible-collections/ansible.posix/issues/582).

changelogs/fragments/631_fixes_module_path.yml

@@ -1,6 +0,0 @@
----
-bugfixes:
-  - ansible.posix.cgroup_perf_recap - fixes json module load path (https://github.com/ansible-collections/ansible.posix/issues/630).
-trivial:
-  - ansible.posix.seboolean - remove unnecessary condition from seboolean integration tests (https://github.com/ansible-collections/ansible.posix/issues/630).
-  - ansible.posix.selinux - optimize conditions for selinux integration tests (https://github.com/ansible-collections/ansible.posix/issues/630).

changelogs/fragments/642_ci_add_rhel10.yml

@@ -1,2 +0,0 @@
-trivial:
-  - Add Red Hat Enterprise Linux 10.0 to the CI matrix (https://github.com/ansible-collections/ansible.posix/issues/642).

changelogs/fragments/655_ci_remove_devel_from_stable1.yml

@@ -1,2 +0,0 @@
-trivial:
-  - Remove devel branch test from CI matrix for stable-1.

changelogs/fragments/675_update_ci_matrix_202508.yml

@@ -1,2 +0,0 @@
-trivial:
-  - Update AZP CI matrix to bump test container version 7.0.0(https://github.com/ansible-collections/ansible.posix/pull/673).

galaxy.yml

@@ -1,7 +1,7 @@
 ---
 namespace: ansible
 name: posix
-version: 1.6.2
+version: 2.0.0
 readme: README.md
 authors:
   - Ansible (github.com/ansible)

meta/runtime.yml

@@ -1,8 +1,2 @@
 ---
 requires_ansible: ">=2.15.0"
-plugin_routing:
-  callback:
-    skippy:
-      deprecation:
-        removal_date: "2024-12-05"
-        warning_text: See the plugin documentation for more details

plugins/callback/cgroup_perf_recap.py

@@ -132,7 +132,6 @@ DOCUMENTATION = '''
 
 import csv
 import datetime
-import json
 import os
 import time
 import threading
@@ -143,7 +142,7 @@ from functools import partial
 
 from ansible.module_utils._text import to_bytes, to_text
 from ansible.module_utils.six import with_metaclass
-from ansible.parsing.ajson import AnsibleJSONEncoder
+from ansible.parsing.ajson import AnsibleJSONEncoder, json
 from ansible.plugins.callback import CallbackBase
 
 

plugins/callback/profile_roles.py

@@ -128,7 +128,10 @@ class CallbackModule(CallbackBase):
         self._display_tasktime()
 
     def playbook_on_stats(self, stats):
-        self._display_tasktime()
+        # Align summary report header with other callback plugin summary
+        self._display.banner("ROLES RECAP")
+
+        self._display.display(tasktime())
         self._display.display(filled("", fchar="="))
 
         timestamp(self)

plugins/callback/profile_tasks.py

@@ -193,7 +193,10 @@ class CallbackModule(CallbackBase):
         self._display_tasktime()
 
     def playbook_on_stats(self, stats):
-        self._display_tasktime()
+        # Align summary report header with other callback plugin summary
+        self._display.banner("TASKS RECAP")
+
+        self._display.display(tasktime())
         self._display.display(filled("", fchar="="))
 
         timestamp(self)

plugins/callback/skippy.py

@@ -1,43 +0,0 @@
-# (c) 2012-2014, Michael DeHaan <michael.dehaan@gmail.com>
-# (c) 2017 Ansible Project
-# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
-
-# Make coding more python3-ish
-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
-
-DOCUMENTATION = '''
-    name: skippy
-    type: stdout
-    requirements:
-      - set as main display callback
-    short_description: Ansible screen output that ignores skipped status
-    deprecated:
-      why: The 'default' callback plugin now supports this functionality
-      removed_at_date: '2024-12-05'
-      alternative: "'default' callback plugin with 'display_skipped_hosts = no' option"
-    extends_documentation_fragment:
-      - default_callback
-    description:
-      - This callback does the same as the default except it does not output skipped host/task/item status
-'''
-
-from ansible.plugins.callback.default import CallbackModule as CallbackModule_default
-
-
-class CallbackModule(CallbackModule_default):
-
-    '''
-    This is the default callback interface, which simply prints messages
-    to stdout when new callback events are received.
-    '''
-
-    CALLBACK_VERSION = 2.0
-    CALLBACK_TYPE = 'stdout'
-    CALLBACK_NAME = 'ansible.posix.skippy'
-
-    def v2_runner_on_skipped(self, result):
-        pass
-
-    def v2_runner_item_on_skipped(self, result):
-        pass

plugins/callback/timer.py

@@ -46,4 +46,6 @@ class CallbackModule(CallbackBase):
     def v2_playbook_on_stats(self, stats):
         end_time = datetime.utcnow()
         runtime = end_time - self.start_time
-        self._display.display("Playbook run took %s days, %s hours, %s minutes, %s seconds" % (self.days_hours_minutes_seconds(runtime)))
+        # Align summary report header with other callback plugin summary
+        self._display.banner("PLAYBOOK RECAP")
+        self._display.display("Playbook run took %s days, %s hours, %s minutes, %s seconds\n\r" % (self.days_hours_minutes_seconds(runtime)))

plugins/modules/authorized_key.py

@@ -24,6 +24,7 @@ options:
   key:
     description:
       - The SSH public key(s), as a string or (since Ansible 1.9) url (https://github.com/username.keys).
+      - You can also use V(file://) prefix to search remote for a file with SSH key(s).
     type: str
     required: true
   path:
@@ -96,6 +97,12 @@ EXAMPLES = r'''
     state: present
     key: https://github.com/charlie.keys
 
+- name: Set authorized keys taken from path on controller node
+  ansible.posix.authorized_key:
+    user: charlie
+    state: present
+    key: file:///home/charlie/.ssh/id_rsa.pub
+
 - name: Set authorized keys taken from url using lookup
   ansible.posix.authorized_key:
     user: charlie
@@ -223,6 +230,7 @@ from operator import itemgetter
 from ansible.module_utils._text import to_native
 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.urls import fetch_url
+from ansible.module_utils.six.moves.urllib.parse import urlparse
 
 
 class keydict(dict):
@@ -556,7 +564,7 @@ def enforce_state(module, params):
     follow = params.get('follow', False)
     error_msg = "Error getting key from: %s"
 
-    # if the key is a url, request it and use it as key source
+    # if the key is a url or file, request it and use it as key source
     if key.startswith("http"):
         try:
             resp, info = fetch_url(module, key)
@@ -570,6 +578,19 @@ def enforce_state(module, params):
         # resp.read gives bytes on python3, convert to native string type
         key = to_native(key, errors='surrogate_or_strict')
 
+    if key.startswith("file"):
+        # if the key is an absolute path, check for existense and use it as a key source
+        key_path = urlparse(key).path
+        if not os.path.exists(key_path):
+            module.fail_json(msg="Path to a key file not found: %s" % key_path)
+        if not os.path.isfile(key_path):
+            module.fail_json(msg="Path to a key is a directory and must be a file: %s" % key_path)
+        try:
+            with open(key_path, 'r') as source_fh:
+                key = source_fh.read()
+        except OSError as e:
+            module.fail_json(msg="Failed to read key file %s : %s" % (key_path, to_native(e)))
+
     # extract individual keys into an array, skipping blank lines and comments
     new_keys = [s for s in key.splitlines() if s and not s.startswith('#')]
 

plugins/modules/firewalld.py

@@ -112,11 +112,13 @@ options:
     description:
       - The forward setting you would like to enable/disable to/from zones within firewalld.
       - This option only is supported by firewalld v0.9.0 or later.
-    type: str
+      - Note that the option type is changed to bool in ansible.posix version 2.0.0 and later.
+    type: bool
   masquerade:
     description:
       - The masquerade setting you would like to enable/disable to/from zones within firewalld.
-    type: str
+      - Note that the option type is changed to bool in ansible.posix version 2.0.0 and later.
+    type: bool
   offline:
     description:
       - Ignores O(immediate) if O(permanent=true) and firewalld is not running.
@@ -875,8 +877,8 @@ def main():
             state=dict(type='str', required=True, choices=['absent', 'disabled', 'enabled', 'present']),
             timeout=dict(type='int', default=0),
             interface=dict(type='str'),
-            forward=dict(type='str'),
+            forward=dict(type='bool'),
-            masquerade=dict(type='str'),
+            masquerade=dict(type='bool'),
             offline=dict(type='bool', default=False),
             target=dict(type='str', choices=['default', 'ACCEPT', 'DROP', '%%REJECT%%']),
         ),
@@ -1129,16 +1131,7 @@ def main():
         msgs = msgs + transaction_msgs
 
     if forward is not None:
-        # Type of forward will be changed to boolean in a future release.
+        expected_state = 'enabled' if (desired_state == 'enabled') == forward else 'disabled'
-        forward_status = False
-        try:
-            forward_status = boolean(forward, False)
-        except TypeError:
-            module.warn('The value of the forward option is "%s". '
-                        'The type of the option will be changed from string to boolean in a future release. '
-                        'To avoid unexpected behavior, please change the value to boolean.' % forward)
-
-        expected_state = 'enabled' if (desired_state == 'enabled') == forward_status else 'disabled'
         transaction = ForwardTransaction(
             module,
             action_args=(),
@@ -1152,16 +1145,7 @@ def main():
         msgs = msgs + transaction_msgs
 
     if masquerade is not None:
-        # Type of masquerade will be changed to boolean in a future release.
+        expected_state = 'enabled' if (desired_state == 'enabled') == masquerade else 'disabled'
-        masquerade_status = True
-        try:
-            masquerade_status = boolean(masquerade, True)
-        except TypeError:
-            module.warn('The value of the masquerade option is "%s". '
-                        'The type of the option will be changed from string to boolean in a future release. '
-                        'To avoid unexpected behavior, please change the value to boolean.' % masquerade)
-
-        expected_state = 'enabled' if (desired_state == 'enabled') == masquerade_status else 'disabled'
         transaction = MasqueradeTransaction(
             module,
             action_args=(),

plugins/modules/sysctl.py

@@ -101,6 +101,7 @@ import os
 import platform
 import re
 import tempfile
+import glob
 
 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.six import string_types
@@ -114,12 +115,24 @@ class SysctlModule(object):
     # success or failure.
     LANG_ENV = {'LANG': 'C', 'LC_ALL': 'C', 'LC_MESSAGES': 'C'}
 
+    # We define a variable to keep all the directories to be read, equivalent to
+    # (/sbin/sysctl --system) option
+    SYSCTL_DIRS = [
+        '/etc/sysctl.d/*.conf',
+        '/run/sysctl.d/*.conf',
+        '/usr/local/lib/sysctl.d/*.conf',
+        '/usr/lib/sysctl.d/*.conf',
+        '/lib/sysctl.d/*.conf',
+        '/etc/sysctl.conf'
+    ]
+
     def __init__(self, module):
         self.module = module
         self.args = self.module.params
 
         self.sysctl_cmd = self.module.get_bin_path('sysctl', required=True)
         self.sysctl_file = self.args['sysctl_file']
+        self.system_Wide = self.args['system_Wide']
 
         self.proc_value = None  # current token value in proc fs
         self.file_value = None  # current token value in file
@@ -299,15 +312,22 @@ class SysctlModule(object):
             # https://github.com/ansible/ansible/issues/58158
             return
         else:
-            # system supports reloading via the -p flag to sysctl, so we'll use that
+            if self.system_Wide:
-            sysctl_args = [self.sysctl_cmd, '-p', self.sysctl_file]
+                for sysctl_file in self.SYSCTL_DIRS:
-            if self.args['ignoreerrors']:
+                    for conf_file in glob.glob(sysctl_file):
-                sysctl_args.insert(1, '-e')
+                        rc, out, err = self.module.run_command([self.sysctl_cmd, '-p', conf_file], environ_update=self.LANG_ENV)
+                        if rc != 0 or self._stderr_failed(err):
+                            self.module.fail_json(msg="Failed to reload sysctl: %s" % to_native(out) + to_native(err))
+            else:
+                # system supports reloading via the -p flag to sysctl, so we'll use that
+                sysctl_args = [self.sysctl_cmd, '-p', self.sysctl_file]
+                if self.args['ignoreerrors']:
+                    sysctl_args.insert(1, '-e')
 
-            rc, out, err = self.module.run_command(sysctl_args, environ_update=self.LANG_ENV)
+                rc, out, err = self.module.run_command(sysctl_args, environ_update=self.LANG_ENV)
 
-        if rc != 0 or self._stderr_failed(err):
+            if rc != 0 or self._stderr_failed(err):
-            self.module.fail_json(msg="Failed to reload sysctl: %s" % to_native(out) + to_native(err))
+                self.module.fail_json(msg="Failed to reload sysctl: %s" % to_native(out) + to_native(err))
 
     # ==============================================================
     #   SYSCTL FILE MANAGEMENT
@@ -394,7 +414,8 @@ def main():
             reload=dict(default=True, type='bool'),
             sysctl_set=dict(default=False, type='bool'),
             ignoreerrors=dict(default=False, type='bool'),
-            sysctl_file=dict(default='/etc/sysctl.conf', type='path')
+            sysctl_file=dict(default='/etc/sysctl.conf', type='path'),
+            system_wide=dict(default=False, type='bool'),  # system_wide parameter
         ),
         supports_check_mode=True,
         required_if=[('state', 'present', ['value'])],

tests/integration/targets/acl/tasks/acl.yml

@@ -46,12 +46,6 @@
     path: "{{ test_dir }}"
     state: directory
     mode: "0755"
-
-- name: Install acl package
-  ansible.builtin.package:
-    name: acl
-    state: present
-
 ##############################################################################
 - name: Grant ansible user read access to a file
   ansible.posix.acl:

tests/integration/targets/authorized_key/defaults/main.yml

@@ -35,3 +35,5 @@ multiple_keys_comments: |
   ssh-rsa DATA_BASIC 1@testing
   # I like adding comments yo-dude-this-is-not-a-key INVALID_DATA 2@testing
   ecdsa-sha2-nistp521 ECDSA_DATA 4@testing
+
+key_path: /tmp/id_rsa.pub

tests/integration/targets/authorized_key/tasks/check_path.yml

@@ -0,0 +1,32 @@
+---
+- name: Create key file for test
+  ansible.builtin.copy:
+    dest: "{{ key_path }}"
+    content: "{{ rsa_key_basic }}"
+    mode: "0600"
+
+- name: Add key using path
+  ansible.posix.authorized_key:
+    user: root
+    key: file://{{ key_path }}
+    state: present
+    path: "{{ output_dir | expanduser }}/authorized_keys"
+  register: result
+
+- name: Assert that the key was added
+  ansible.builtin.assert:
+    that:
+      - result.changed == true
+
+- name: Add key using path again
+  ansible.posix.authorized_key:
+    user: root
+    key: file://{{ key_path }}
+    state: present
+    path: "{{ output_dir | expanduser }}/authorized_keys"
+  register: result
+
+- name: Assert that no changes were applied
+  ansible.builtin.assert:
+    that:
+      - result.changed == false

tests/integration/targets/authorized_key/tasks/main.yml

@@ -31,3 +31,6 @@
 
 - name: Test for the management of comments with key
   ansible.builtin.import_tasks: comments.yml
+
+- name: Test for specifying key as a path
+  ansible.builtin.import_tasks: check_path.yml

tests/integration/targets/firewalld/aliases

@@ -1,5 +1,3 @@
-needs/privileged
-needs/root
 destructive
 shippable/posix/group1
 skip/aix

tests/integration/targets/firewalld/tasks/masquerade_test_cases.yml

@@ -114,60 +114,3 @@
       ansible.builtin.assert:
         that:
           - result is not changed
-
-# Validate backwards compatible behavior until masquerade is switched from string to boolean type
-- name: Masquerade enabled when masquerade is non-boolean string and state is enabled
-  block:
-    - name: Testing enable masquerade
-      ansible.posix.firewalld:
-        zone: trusted
-        masquerade: some string
-        permanent: true
-        state: enabled
-      register: result
-
-    - name: Assert masquerade is enabled
-      ansible.builtin.assert:
-        that:
-          - result is changed
-
-    - name: Testing enable masquerade (verify not changed)
-      ansible.posix.firewalld:
-        zone: trusted
-        masquerade: some string
-        permanent: true
-        state: enabled
-      register: result
-
-    - name: Assert masquerade is enabled (verify not changed)
-      ansible.builtin.assert:
-        that:
-          - result is not changed
-
-- name: Masquerade disabled when masquerade is non-boolean string and state is disabled
-  block:
-    - name: Testing disable masquerade
-      ansible.posix.firewalld:
-        zone: trusted
-        masquerade: some string
-        permanent: true
-        state: disabled
-      register: result
-
-    - name: Assert masquerade is disabled
-      ansible.builtin.assert:
-        that:
-          - result is changed
-
-    - name: Testing disable masquerade (verify not changed)
-      ansible.posix.firewalld:
-        zone: trusted
-        masquerade: some string
-        permanent: true
-        state: disabled
-      register: result
-
-    - name: Assert masquerade is disabled (verify not changed)
-      ansible.builtin.assert:
-        that:
-          - result is not changed

tests/integration/targets/seboolean/tasks/main.yml

@@ -20,4 +20,5 @@
   ansible.builtin.include_tasks: seboolean.yml
   when:
     - ansible_selinux is defined
+    - ansible_selinux
     - ansible_selinux.status == 'enabled'

tests/integration/targets/selinux/tasks/main.yml

@@ -19,21 +19,23 @@
 - name: Debug message for when SELinux is disabled
   ansible.builtin.debug:
     msg: SELinux is disabled
-  when: ansible_selinux is defined and ansible_selinux.status == 'disabled'
+  when: ansible_selinux is defined and not ansible_selinux
 
 - name: Debug message for when SELinux is enabled and not disabled
   ansible.builtin.debug:
     msg: SELinux is {{ ansible_selinux.status }}
-  when: ansible_selinux is defined
+  when: ansible_selinux is defined and ansible_selinux
 
 - name: Include_tasks for when SELinux is enabled
   ansible.builtin.include_tasks: selinux.yml
   when:
     - ansible_selinux is defined
+    - ansible_selinux
     - ansible_selinux.status == 'enabled'
 
 - name: Include tasks for selogin when SELinux is enabled
   ansible.builtin.include_tasks: selogin.yml
   when:
     - ansible_selinux is defined
+    - ansible_selinux
     - ansible_selinux.status == 'enabled'

tests/integration/targets/sysctl/tasks/main.yml

@@ -229,6 +229,40 @@
       ansible.builtin.assert:
         that:
           - sysctl_test4 is failed
+        
+      ##
+      ## sysctl --system
+      ##
+
+    - name: Set vm.swappiness to 10 with --system option
+      ansible.posix.sysctl:
+        name: vm.swappiness
+        value: 10
+        state: present
+        reload: false
+        sysctl_set: true
+        system: true
+      register: sysctl_system_test1
+
+    - name: Check with sysctl command
+      ansible.builtin.command: sysctl vm.swappiness
+      changed_when: false
+      register: sysctl_check_system1
+
+    - name: Debug sysctl_system_test1 sysctl_check_system1
+      ansible.builtin.debug:
+        var: item
+        verbosity: 1
+      with_items:
+        - "{{ sysctl_system_test1 }}"
+        - "{{ sysctl_check_system1 }}"
+
+    - name: Validate results for --system option
+      ansible.builtin.assert:
+        that:
+          - sysctl_system_test1 is changed
+          - sysctl_check_system1.stdout_lines == ["vm.swappiness = 10"]
+
 
 - name: Test on RHEL VMs
   when:
@@ -366,3 +400,33 @@
         that:
           - stat_result.stat.islnk is defined and stat_result.stat.islnk
           - stat_result.stat.lnk_source == '/tmp/ansible_sysctl_test.conf'
+    
+    # Test sysctl: --system
+    - name: Set vm.swappiness to 10 with --system option
+      ansible.posix.sysctl:
+        name: vm.swappiness
+        value: 10
+        state: present
+        reload: false
+        sysctl_set: true
+        system: true
+      register: sysctl_system_test1
+
+    - name: Check with sysctl command
+      ansible.builtin.command: sysctl vm.swappiness
+      changed_when: false
+      register: sysctl_check_system1
+
+    - name: Debug sysctl_system_test1 sysctl_check_system1
+      ansible.builtin.debug:
+        var: item
+        verbosity: 1
+      with_items:
+        - "{{ sysctl_system_test1 }}"
+        - "{{ sysctl_check_system1 }}"
+
+    - name: Validate results for --system option
+      ansible.builtin.assert:
+        that:
+          - sysctl_system_test1 is changed
+          - sysctl_check_system1.stdout_lines == ["vm.swappiness = 10"]

tests/sanity/ignore-2.20.txt

@@ -1 +0,0 @@
-tests/utils/shippable/timing.py shebang

tests/utils/shippable/shippable.sh

@@ -62,15 +62,15 @@ else
     retry pip install "https://github.com/ansible/ansible/archive/stable-${ansible_version}.tar.gz" --disable-pip-version-check
 fi
 
-export ANSIBLE_COLLECTIONS_PATH="${PWD}/../../../"
+export ANSIBLE_COLLECTIONS_PATHS="${PWD}/../../../"
 
 # START: HACK install dependencies
 if [ "${ansible_version}" == "2.9" ] || [ "${ansible_version}" == "2.10" ]; then
     # Note: Since community.general 5.x, Ansible Core versions prior to 2.11 are not supported.
     # So we need to use 4.8.1 for Ansible 2.9 and Ansible Engine 2.10.
-    retry git clone --depth=1 --single-branch -b 4.8.1 https://github.com/ansible-collections/community.general.git "${ANSIBLE_COLLECTIONS_PATH}/ansible_collections/community/general"
+    retry git clone --depth=1 --single-branch -b 4.8.1 https://github.com/ansible-collections/community.general.git "${ANSIBLE_COLLECTIONS_PATHS}/ansible_collections/community/general"
 else
-    retry git clone --depth=1 --single-branch https://github.com/ansible-collections/community.general.git "${ANSIBLE_COLLECTIONS_PATH}/ansible_collections/community/general"
+    retry git clone --depth=1 --single-branch https://github.com/ansible-collections/community.general.git "${ANSIBLE_COLLECTIONS_PATHS}/ansible_collections/community/general"
 fi
 # Note:  we're installing with git to work around Galaxy being a huge PITA (https://github.com/ansible/galaxy/issues/2429)
 # END: HACK