Merge 6280bb8ec8 into 1c1dd005c8

[CI] bump ansible-core version to 2.20 for devel branch

SUMMARY
Bump ansible-core version to 2.20 for devel branch.

Bump devel test to ansible-core 2.19
Add ansible-core 2.18 to the stable list

ISSUE TYPE

CI Pull Request

COMPONENT NAME

ansible.posix

ADDITIONAL INFORMATION
None

.azure-pipelines/azure-pipelines.yml

@@ -57,8 +57,23 @@ stages:
               test: units
             - name: Lint
               test: lint
+  - stage: Sanity_2_19
+    displayName: Ansible 2.19 sanitay & Units & Lint
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: "{0}"
+          testFormat: 2.19/{0OI}
+          targets:
+            - name: Sanity
+              test: sanity
+            - name: Units
+              test: units
+            - name: Lint
+              test: lint
   - stage: Sanity_2_18
-    displayName: Ansible 2.18 sanity
+    displayName: Ansible 2.18 sanity & Units & Lint
     dependsOn: []
     jobs:
       - template: templates/matrix.yml
@@ -73,10 +88,11 @@ stages:
             - name: Lint
               test: lint
   - stage: Sanity_2_17
-    displayName: Ansible 2.17 sanity
+    displayName: Ansible 2.17 sanity & Units & Lint
     dependsOn: []
     jobs:
       - template: templates/matrix.yml
+        I
         parameters:
           nameFormat: "{0}"
           testFormat: 2.17/{0}
@@ -88,7 +104,7 @@ stages:
             - name: Lint
               test: lint
   - stage: Sanity_2_16
-    displayName: Ansible 2.16 sanity
+    displayName: Ansible 2.16 sanity & Units & Lint
     dependsOn: []
     jobs:
       - template: templates/matrix.yml
@@ -101,7 +117,7 @@ stages:
             - name: Units
               test: units
   - stage: Sanity_2_15
-    displayName: Ansible 2.15 sanity
+    displayName: Ansible 2.15 sanity & Units & Lint
     dependsOn: []
     jobs:
       - template: templates/matrix.yml
@@ -122,14 +138,28 @@ stages:
         parameters:
           testFormat: devel/linux/{0}/1
           targets:
-            - name: Fedora 40
+            - name: Fedora 41
-              test: fedora40
+              test: fedora41
+            - name: Ubuntu 22.04
+              test: ubuntu2204
+            - name: Ubuntu 24.04
+              test: ubuntu2404
+  - stage: Docker_2_19
+    displayName: Docker 2.19
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: devel/linux/{0}/1
+          targets:
+            - name: Fedora 41
+              test: fedora41
             - name: Ubuntu 22.04
               test: ubuntu2204
             - name: Ubuntu 24.04
               test: ubuntu2404
   - stage: Docker_2_18
-    displayName: Docker devel
+    displayName: Docker 2.18
     dependsOn: []
     jobs:
       - template: templates/matrix.yml
@@ -152,8 +182,6 @@ stages:
           targets:
             - name: Fedora 39
               test: fedora39
-            - name: Ubuntu 20.04
-              test: ubuntu2004
             - name: Ubuntu 22.04
               test: ubuntu2204
   - stage: Docker_2_16
@@ -168,8 +196,6 @@ stages:
               test: centos7
             - name: Fedora 38
               test: fedora38
-            - name: Ubuntu 20.04
-              test: ubuntu2004
             - name: Ubuntu 22.04
               test: ubuntu2204
 
@@ -187,8 +213,6 @@ stages:
               test: fedora37
             - name: openSUSE 15 py3
               test: opensuse15
-            - name: Ubuntu 20.04
-              test: ubuntu2004
             - name: Ubuntu 22.04
               test: ubuntu2204
 
@@ -201,14 +225,32 @@ stages:
         parameters:
           testFormat: devel/{0}/1
           targets:
-            - name: RHEL 9.4
+            - name: RHEL 10.0
-              test: rhel/9.4
+              test: rhel/10.0
-            - name: FreeBSD 14.1
+            - name: RHEL 9.5
-              test: freebsd/14.1
+              test: rhel/9.5
-            - name: FreeBSD 13.4
+            - name: FreeBSD 14.2
-              test: freebsd/13.4
+              test: freebsd/14.2
+            - name: FreeBSD 13.5
+              test: freebsd/13.5
+  - stage: Remote_2_19
+    displayName: Remote 2.19
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: devel/{0}/1
+          targets:
+            - name: RHEL 10.0
+              test: rhel/10.0
+            - name: RHEL 9.5
+              test: rhel/9.5
+            - name: FreeBSD 14.2
+              test: freebsd/14.2
+            - name: FreeBSD 13.5
+              test: freebsd/13.5
   - stage: Remote_2_18
-    displayName: Remote devel
+    displayName: Remote 2.18
     dependsOn: []
     jobs:
       - template: templates/matrix.yml
@@ -243,8 +285,6 @@ stages:
               test: rhel/8.8
             - name: RHEL 9.2
               test: rhel/9.2
-            - name: FreeBSD 13.2
-              test: freebsd/13.2
 
   - stage: Remote_2_15
     displayName: Remote 2.15
@@ -260,8 +300,6 @@ stages:
               test: rhel/8.7
             - name: RHEL 9.1
               test: rhel/9.1
-            - name: FreeBSD 13.2
-              test: freebsd/13.2
 
   ## Finally
 
@@ -280,6 +318,9 @@ stages:
       - Sanity_2_18
       - Remote_2_18
       - Docker_2_18
+      - Sanity_2_19
+      - Remote_2_19
+      - Docker_2_19
       - Sanity_devel
       - Remote_devel
       - Docker_devel

CHANGELOG.rst

@@ -4,6 +4,74 @@ ansible.posix Release Notes
 
 .. contents:: Topics
 
+v2.0.0
+======
+
+Release Summary
+---------------
+
+This is the major release of the ``ansible.posix`` collection.
+This changelog contains all changes to the modules and plugins
+in this collection that have been added after the release of
+``ansible.posix`` 1.6.2
+
+Minor Changes
+-------------
+
+- authorized_keys - allow using absolute path to a file as a SSH key(s) source (https://github.com/ansible-collections/ansible.posix/pull/568)
+- callback plugins - Add recap information to timer, profile_roles and profile_tasks callback outputs (https://github.com/ansible-collections/ansible.posix/pull/387).
+
+Breaking Changes / Porting Guide
+--------------------------------
+
+- firewalld - Changed the type of forward and masquerade options from str to bool (https://github.com/ansible-collections/ansible.posix/issues/582).
+- firewalld - Changed the type of icmp_block_inversion option from str to bool (https://github.com/ansible-collections/ansible.posix/issues/586).
+
+Removed Features (previously deprecated)
+----------------------------------------
+
+- skippy - Remove skippy pluglin as it is no longer supported(https://github.com/ansible-collections/ansible.posix/issues/350).
+
+Bugfixes
+--------
+
+- acl - Fixed to set ACLs on paths mounted with NFS version 4 correctly (https://github.com/ansible-collections/ansible.posix/issues/240).
+- mount - Handle ``boot`` option on Linux, NetBSD and OpenBSD correctly (https://github.com/ansible-collections/ansible.posix/issues/364).
+- mount - If a comment is appended to a fstab entry, state present creates a double-entry (https://github.com/ansible-collections/ansible.posix/issues/595).
+
+v1.6.2
+======
+
+Release Summary
+---------------
+
+This is the bugfix release of the stable version ``ansible.posix`` collection.
+This changelog contains all changes to the modules and plugins
+in this collection that have been added after the release of
+``ansible.posix`` 1.6.1.
+
+Bugfixes
+--------
+
+- backport - Drop ansible-core 2.14 and set 2.15 minimum version (https://github.com/ansible-collections/ansible.posix/issues/578).
+
+v1.6.1
+======
+
+Release Summary
+---------------
+
+This is the bugfix release of the stable version ``ansible.posix`` collection.
+This changelog contains all changes to the modules and plugins
+in this collection that have been added after the release of
+``ansible.posix`` 1.6.1.
+
+Bugfixes
+--------
+
+- acl - Fixed to set ACLs on paths mounted with NFS version 4 correctly (https://github.com/ansible-collections/ansible.posix/issues/240).
+- mount - Handle ``boot`` option on Linux, NetBSD and OpenBSD correctly (https://github.com/ansible-collections/ansible.posix/issues/364).
+- skippy - Revert removal of skippy plugin. It will be removed in version 2.0.0 (https://github.com/ansible-collections/ansible.posix/issues/573).
 
 v1.6.0
 ======

changelogs/changelog.yaml

@@ -405,3 +405,88 @@ releases:
     - dropping-ansible29.yml
     - test-reqs.yml
     release_date: '2024-09-11'
+  1.6.1:
+    changes:
+      bugfixes:
+      - acl - Fixed to set ACLs on paths mounted with NFS version 4 correctly (https://github.com/ansible-collections/ansible.posix/issues/240).
+      - mount - Handle ``boot`` option on Linux, NetBSD and OpenBSD correctly (https://github.com/ansible-collections/ansible.posix/issues/364).
+      - skippy - Revert removal of skippy plugin. It will be removed in version 2.0.0
+        (https://github.com/ansible-collections/ansible.posix/issues/573).
+      release_summary: 'This is the bugfix release of the stable version ``ansible.posix``
+        collection.
+
+        This changelog contains all changes to the modules and plugins
+
+        in this collection that have been added after the release of
+
+        ``ansible.posix`` 1.6.1.'
+    fragments:
+    - 1.6.1.yml
+    - 365-boot-linux.yml
+    - 566_bump_version_161.yml
+    - 567_remove_version_added.yml
+    - 570_nfs4_acl.yml
+    - 571_ci_bump_core_version.yml
+    - 572_revert_removal_of_skippy.yml
+    release_date: '2024-10-11'
+  1.6.2:
+    changes:
+      bugfixes:
+      - backport - Drop ansible-core 2.14 and set 2.15 minimum version (https://github.com/ansible-collections/ansible.posix/issues/578).
+      release_summary: 'This is the bugfix release of the stable version ``ansible.posix``
+        collection.
+
+        This changelog contains all changes to the modules and plugins
+
+        in this collection that have been added after the release of
+
+        ``ansible.posix`` 1.6.1.'
+    fragments:
+    - 1.6.2.yml
+    - 580_drop_ansible214.yml
+    release_date: '2024-10-22'
+  2.0.0:
+    changes:
+      breaking_changes:
+      - firewalld - Changed the type of forward and masquerade options from str to
+        bool (https://github.com/ansible-collections/ansible.posix/issues/582).
+      - firewalld - Changed the type of icmp_block_inversion option from str to bool
+        (https://github.com/ansible-collections/ansible.posix/issues/586).
+      bugfixes:
+      - acl - Fixed to set ACLs on paths mounted with NFS version 4 correctly (https://github.com/ansible-collections/ansible.posix/issues/240).
+      - mount - Handle ``boot`` option on Linux, NetBSD and OpenBSD correctly (https://github.com/ansible-collections/ansible.posix/issues/364).
+      - mount - If a comment is appended to a fstab entry, state present creates a
+        double-entry (https://github.com/ansible-collections/ansible.posix/issues/595).
+      minor_changes:
+      - authorized_keys - allow using absolute path to a file as a SSH key(s) source
+        (https://github.com/ansible-collections/ansible.posix/pull/568)
+      - callback plugins - Add recap information to timer, profile_roles and profile_tasks
+        callback outputs (https://github.com/ansible-collections/ansible.posix/pull/387).
+      release_summary: 'This is the major release of the ``ansible.posix`` collection.
+
+        This changelog contains all changes to the modules and plugins
+
+        in this collection that have been added after the release of
+
+        ``ansible.posix`` 1.6.2'
+      removed_features:
+      - skippy - Remove skippy pluglin as it is no longer supported(https://github.com/ansible-collections/ansible.posix/issues/350).
+    fragments:
+    - 2.0.0.yml
+    - 365-boot-linux.yml
+    - 387_callback_output_header.yml
+    - 556_remove_skippy_callback.yml
+    - 566_bump_version_161.yml
+    - 567_remove_version_added.yml
+    - 568_update_authorized_key.yml
+    - 570_nfs4_acl.yml
+    - 571_ci_bump_core_version.yml
+    - 576_bump_version_2.yml
+    - 581_ci_selinux.yml
+    - 584_firewalld_opt_type.yml
+    - 587_update_README.yml
+    - 588_ci_enable_devel.yml
+    - 593_replace_freebsd_version.yml
+    - 597_remove_fstab_comment_on_updating.yml
+    - 598_icmp_block_inversion.yml
+    release_date: '2024-12-04'

changelogs/fragments/365-boot-linux.yml

@@ -1,3 +0,0 @@
----
-bugfixes:
-  - mount - Handle ``boot`` option on Linux, NetBSD and OpenBSD correctly (https://github.com/ansible-collections/ansible.posix/issues/364).

changelogs/fragments/387_callback_output_header.yml

@@ -1,3 +0,0 @@
----
-minor_changes:
-  - callback plugins - Add recap information to timer, profile_roles and profile_tasks callback outputs (https://github.com/ansible-collections/ansible.posix/pull/387).

changelogs/fragments/566_bump_version_161.yml

@@ -1,3 +0,0 @@
----
-trivial:
-  - Bump version to 1.6.1 for next release.

changelogs/fragments/567_remove_version_added.yml

@@ -1,3 +0,0 @@
----
-trivial:
-  - mount - remove wrong version_added section from ``opts_no_log``.

changelogs/fragments/568_update_authorized_key.yml

@@ -1,3 +0,0 @@
----
-minor_changes:
-  - authorized_keys - allow using absolute path to a file as a SSH key(s) source (https://github.com/ansible-collections/ansible.posix/pull/568)

changelogs/fragments/570_nfs4_acl.yml

@@ -1,3 +0,0 @@
----
-bugfixes:
-  - acl - Fixed to set ACLs on paths mounted with NFS version 4 correctly (https://github.com/ansible-collections/ansible.posix/issues/240).

changelogs/fragments/571_ci_bump_core_version.yml

@@ -1,3 +0,0 @@
----
-trivial:
-  - Bump ansible-core version to 2.19 of devel branch and add 2.18 to CI.

changelogs/fragments/576_bump_version_2.yml

@@ -1,3 +0,0 @@
----
-trivial:
-  - Bump ansible.posix version to 2.0.0.

changelogs/fragments/581_ci_selinux.yml

@@ -1,3 +0,0 @@
----
-trivial:
-  - selinux - conditions for selinux integration tests have been modified to be more accurate.

changelogs/fragments/584_firewalld_opt_type.yml

@@ -1,3 +0,0 @@
----
-breaking_changes:
-  - firewalld - Changed the type of forward and masquerade options from str to bool (https://github.com/ansible-collections/ansible.posix/issues/582).

changelogs/fragments/587_update_README.yml

@@ -1,3 +0,0 @@
----
-trivial:
-  - README.md - update README to cover RH guidelines (https://github.com/ansible-collections/ansible.posix/issues/585).

changelogs/fragments/588_ci_enable_devel.yml

@@ -1,3 +0,0 @@
----
-trivial:
-  - Enabled remote and docker integration tests for devel branch.

changelogs/fragments/593_replace_freebsd_version.yml

@@ -1,3 +0,0 @@
----
-trivial:
-  - Replaced FreeBSD version 13.3 with 13.4 and 14.1 in CI for devel branch.

changelogs/fragments/603_bump_version_3.yml

@@ -0,0 +1,2 @@
+trivial:
+  - Bump version to 3.0.0 for the next release (https://github.com/ansible-collections/ansible.posix/issues/603).

changelogs/fragments/618_ci_remove_ubuntu2004.yml

@@ -0,0 +1,2 @@
+trivial:
+  - Remove ubuntu20.04 from CI tests (https://github.com/ansible-collections/ansible.posix/issues/612).

changelogs/fragments/626_profile_tasks_datetime_format.yml

@@ -0,0 +1,3 @@
+---
+minor_changes:
+  - profile_tasks - Add option to provide a different date/time format (https://github.com/ansible-collections/ansible.posix/issues/279).

changelogs/fragments/631_fixes_module_path.yml

@@ -0,0 +1,6 @@
+---
+bugfixes:
+  - ansible.posix.cgroup_perf_recap - fixes json module load path (https://github.com/ansible-collections/ansible.posix/issues/630).
+trivial:
+  - ansible.posix.seboolean - remove unnecessary condition from seboolean integration tests (https://github.com/ansible-collections/ansible.posix/issues/630).
+  - ansible.posix.selinux - optimize conditions for selinux integration tests (https://github.com/ansible-collections/ansible.posix/issues/630).

changelogs/fragments/642_ci_add_rhel10.yml

@@ -0,0 +1,2 @@
+trivial:
+  - Add Red Hat Enterprise Linux 10.0 to the CI matrix (https://github.com/ansible-collections/ansible.posix/issues/642).

changelogs/fragments/650-profile_tasks_roles.yml

@@ -0,0 +1,2 @@
+minor_changes:
+  - "profile_tasks and profile_roles callback plugins - avoid deleted/deprecated callback functions, instead use modern interface that was introduced a longer time ago (https://github.com/ansible-collections/ansible.posix/issues/650)."

changelogs/fragments/654_ci_bump_core_version.yml

@@ -0,0 +1,3 @@
+~--
+trivial:
+  - Bump ansible-core version to 2.20 of devel branch and add 2.19 to CI

galaxy.yml

@@ -1,7 +1,7 @@
 ---
 namespace: ansible
 name: posix
-version: 2.0.0
+version: 3.0.0
 readme: README.md
 authors:
   - Ansible (github.com/ansible)

plugins/callback/cgroup_perf_recap.py

@@ -132,6 +132,7 @@ DOCUMENTATION = '''
 
 import csv
 import datetime
+import json
 import os
 import time
 import threading
@@ -142,7 +143,7 @@ from functools import partial
 
 from ansible.module_utils._text import to_bytes, to_text
 from ansible.module_utils.six import with_metaclass
-from ansible.parsing.ajson import AnsibleJSONEncoder, json
+from ansible.parsing.ajson import AnsibleJSONEncoder
 from ansible.plugins.callback import CallbackBase
 
 

plugins/callback/profile_roles.py

@@ -124,10 +124,7 @@ class CallbackModule(CallbackBase):
     def v2_playbook_on_handler_task_start(self, task):
         self._record_task(task)
 
-    def playbook_on_setup(self):
+    def v2_playbook_on_stats(self, stats):
-        self._display_tasktime()
-
-    def playbook_on_stats(self, stats):
         # Align summary report header with other callback plugin summary
         self._display.banner("ROLES RECAP")
 

plugins/callback/profile_tasks.py

@@ -52,6 +52,17 @@ DOCUMENTATION = '''
           - section: callback_profile_tasks
             key: summary_only
         version_added: 1.5.0
+      datetime_format:
+        description:
+          - Datetime format, as expected by the C(strftime) and C(strptime) methods.
+            An C(iso8601) alias will be translated to C('%Y-%m-%dT%H:%M:%S.%f') if that datetime standard wants to be used.
+        default: '%A %d %B %Y  %H:%M:%S %z'
+        env:
+          - name: PROFILE_TASKS_DATETIME_FORMAT
+        ini:
+          - section: callback_profile_tasks
+            key: datetime_format
+        version_added: 3.0.0
 '''
 
 EXAMPLES = '''
@@ -72,14 +83,15 @@ sample output: >
 '''
 
 import collections
-import time
+
+from datetime import datetime
 
 from ansible.module_utils.six.moves import reduce
 from ansible.plugins.callback import CallbackBase
 
 
 # define start time
-t0 = tn = time.time()
+dt0 = dtn = datetime.now().astimezone()
 
 
 def secondsToStr(t):
@@ -104,17 +116,18 @@ def filled(msg, fchar="*"):
 
 def timestamp(self):
     if self.current is not None:
-        elapsed = time.time() - self.stats[self.current]['started']
+        elapsed = (datetime.now().astimezone() - self.stats[self.current]['started']).total_seconds()
         self.stats[self.current]['elapsed'] += elapsed
 
 
-def tasktime():
+def tasktime(self):
-    global tn
+    global dtn
-    time_current = time.strftime('%A %d %B %Y  %H:%M:%S %z')
+    cdtn = datetime.now().astimezone()
-    time_elapsed = secondsToStr(time.time() - tn)
+    datetime_current = cdtn.strftime(self.datetime_format)
-    time_total_elapsed = secondsToStr(time.time() - t0)
+    time_elapsed = secondsToStr((cdtn - dtn).total_seconds())
-    tn = time.time()
+    time_total_elapsed = secondsToStr((cdtn - dt0).total_seconds())
-    return filled('%s (%s)%s%s' % (time_current, time_elapsed, ' ' * 7, time_total_elapsed))
+    dtn = cdtn
+    return filled('%s (%s)%s%s' % (datetime_current, time_elapsed, ' ' * 7, time_total_elapsed))
 
 
 class CallbackModule(CallbackBase):
@@ -134,6 +147,7 @@ class CallbackModule(CallbackBase):
         self.sort_order = None
         self.summary_only = None
         self.task_output_limit = None
+        self.datetime_format = None
 
         super(CallbackModule, self).__init__()
 
@@ -159,9 +173,14 @@ class CallbackModule(CallbackBase):
             else:
                 self.task_output_limit = int(self.task_output_limit)
 
+        self.datetime_format = self.get_option('datetime_format')
+        if self.datetime_format is not None:
+            if self.datetime_format == 'iso8601':
+                self.datetime_format = '%Y-%m-%dT%H:%M:%S.%f'
+
     def _display_tasktime(self):
         if not self.summary_only:
-            self._display.display(tasktime())
+            self._display.display(tasktime(self))
 
     def _record_task(self, task):
         """
@@ -176,10 +195,11 @@ class CallbackModule(CallbackBase):
         #            with the same UUID is executed when `serial` is specified in a playbook.
         #   elapsed: Elapsed time since the first serialized task was started
         self.current = task._uuid
+        dtn = datetime.now().astimezone()
         if self.current not in self.stats:
-            self.stats[self.current] = {'started': time.time(), 'elapsed': 0.0, 'name': task.get_name()}
+            self.stats[self.current] = {'started': dtn, 'elapsed': 0.0, 'name': task.get_name()}
         else:
-            self.stats[self.current]['started'] = time.time()
+            self.stats[self.current]['started'] = dtn
         if self._display.verbosity >= 2:
             self.stats[self.current]['path'] = task.get_path()
 
@@ -189,14 +209,11 @@ class CallbackModule(CallbackBase):
     def v2_playbook_on_handler_task_start(self, task):
         self._record_task(task)
 
-    def playbook_on_setup(self):
+    def v2_playbook_on_stats(self, stats):
-        self._display_tasktime()
-
-    def playbook_on_stats(self, stats):
         # Align summary report header with other callback plugin summary
         self._display.banner("TASKS RECAP")
 
-        self._display.display(tasktime())
+        self._display.display(tasktime(self))
         self._display.display(filled("", fchar="="))
 
         timestamp(self)

plugins/modules/firewalld.py

@@ -74,7 +74,8 @@ options:
   icmp_block_inversion:
     description:
       - Enable/Disable inversion of ICMP blocks for a zone in firewalld.
-    type: str
+      - Note that the option type is changed to bool in ansible.posix version 2.0.0 and later.
+    type: bool
   zone:
     description:
       - The firewalld zone to add/remove to/from.
@@ -152,7 +153,7 @@ author:
 '''
 
 EXAMPLES = r'''
-- name: permanently enable https service, also enable it immediately if possible
+- name: Permanently enable https service, also enable it immediately if possible
   ansible.posix.firewalld:
     service: https
     state: enabled
@@ -160,81 +161,92 @@ EXAMPLES = r'''
     immediate: true
     offline: true
 
-- name: permit traffic in default zone for https service
+- name: Permit traffic in default zone for https service
   ansible.posix.firewalld:
     service: https
     permanent: true
     state: enabled
 
-- name: permit ospf traffic
+- name: Permit ospf traffic
   ansible.posix.firewalld:
     protocol: ospf
     permanent: true
     state: enabled
 
-- name: do not permit traffic in default zone on port 8081/tcp
+- name: Do not permit traffic in default zone on port 8081/tcp
   ansible.posix.firewalld:
     port: 8081/tcp
     permanent: true
     state: disabled
 
-- ansible.posix.firewalld:
+- name: Permit traffic in default zone on port 161-162/ucp
+  ansible.posix.firewalld:
     port: 161-162/udp
     permanent: true
     state: enabled
 
-- ansible.posix.firewalld:
+- name: Permit traffic in dmz zone on http service
+  ansible.posix.firewalld:
     zone: dmz
     service: http
     permanent: true
     state: enabled
 
-- ansible.posix.firewalld:
+- name: Enable FTP service with rate limiting using firewalld rich rule
+  ansible.posix.firewalld:
     rich_rule: rule service name="ftp" audit limit value="1/m" accept
     permanent: true
     state: enabled
 
-- ansible.posix.firewalld:
+- name: Allow traffic from 192.0.2.0/24 in internal zone
+  ansible.posix.firewalld:
     source: 192.0.2.0/24
     zone: internal
     state: enabled
 
-- ansible.posix.firewalld:
+- name: Assign eth2 interface to trusted zone
+  ansible.posix.firewalld:
     zone: trusted
     interface: eth2
     permanent: true
     state: enabled
 
-- ansible.posix.firewalld:
+- name: Enable forwarding in internal zone
+  ansible.posix.firewalld:
     forward: true
     state: enabled
     permanent: true
     zone: internal
 
-- ansible.posix.firewalld:
+- name: Enable masquerade in dmz zone
+  ansible.posix.firewalld:
     masquerade: true
     state: enabled
     permanent: true
     zone: dmz
 
-- ansible.posix.firewalld:
+- name: Create custom zone if not already present
+  ansible.posix.firewalld:
     zone: custom
     state: present
     permanent: true
 
-- ansible.posix.firewalld:
+- name: Enable ICMP block inversion in drop zone
+  ansible.posix.firewalld:
     zone: drop
     state: enabled
     permanent: true
     icmp_block_inversion: true
 
-- ansible.posix.firewalld:
+- name: Block ICMP echo requests in drop zone
+  ansible.posix.firewalld:
     zone: drop
     state: enabled
     permanent: true
     icmp_block: echo-request
 
-- ansible.posix.firewalld:
+- name: Set internal zone target to ACCEPT
+  ansible.posix.firewalld:
     zone: internal
     state: present
     permanent: true
@@ -250,7 +262,6 @@ EXAMPLES = r'''
 '''
 
 from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.parsing.convert_bool import boolean
 from ansible_collections.ansible.posix.plugins.module_utils.firewalld import FirewallTransaction, fw_offline
 
 try:
@@ -864,7 +875,7 @@ def main():
     module = AnsibleModule(
         argument_spec=dict(
             icmp_block=dict(type='str'),
-            icmp_block_inversion=dict(type='str'),
+            icmp_block_inversion=dict(type='bool'),
             service=dict(type='str'),
             protocol=dict(type='str'),
             port=dict(type='str'),
@@ -987,16 +998,7 @@ def main():
             msgs.append("Changed icmp-block %s to %s" % (icmp_block, desired_state))
 
     if icmp_block_inversion is not None:
-        # Type of icmp_block_inversion will be changed to boolean in a future release.
+        expected_state = 'enabled' if (desired_state == 'enabled') == icmp_block_inversion else 'disabled'
-        icmp_block_inversion_status = True
-        try:
-            icmp_block_inversion_status = boolean(icmp_block_inversion, True)
-        except TypeError:
-            module.warn('The value of the icmp_block_inversion option is "%s". '
-                        'The type of the option will be changed from string to boolean in a future release. '
-                        'To avoid unexpected behavior, please change the value to boolean.' % icmp_block_inversion)
-        expected_state = 'enabled' if (desired_state == 'enabled') == icmp_block_inversion_status else 'disabled'
-
         transaction = IcmpBlockInversionTransaction(
             module,
             action_args=(),

plugins/modules/mount.py

@@ -303,7 +303,7 @@ def _set_mount_save_old(module, args):
 
             continue
 
-        fields = line.split()
+        fields = line.split('#')[0].split()
 
         # Check if we got a valid line for splitting
         # (on Linux the 5th and the 6th field is optional)

plugins/modules/sysctl.py

@@ -80,6 +80,13 @@ EXAMPLES = r'''
     sysctl_file: /tmp/test_sysctl.conf
     reload: false
 
+# Enable resource limits management in FreeBSD
+- ansible.posix.sysctl:
+    name: kern.racct.enable
+    value: '1'
+    sysctl_file: /boot/loader.conf
+    reload: false
+
 # Set ip forwarding on in /proc and verify token value with the sysctl command
 - ansible.posix.sysctl:
     name: net.ipv4.ip_forward
@@ -101,6 +108,7 @@ import os
 import platform
 import re
 import tempfile
+import glob
 
 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.six import string_types
@@ -114,12 +122,24 @@ class SysctlModule(object):
     # success or failure.
     LANG_ENV = {'LANG': 'C', 'LC_ALL': 'C', 'LC_MESSAGES': 'C'}
 
+    # We define a variable to keep all the directories to be read, equivalent to
+    # (/sbin/sysctl --system) option
+    SYSCTL_DIRS = [
+        '/etc/sysctl.d/*.conf',
+        '/run/sysctl.d/*.conf',
+        '/usr/local/lib/sysctl.d/*.conf',
+        '/usr/lib/sysctl.d/*.conf',
+        '/lib/sysctl.d/*.conf',
+        '/etc/sysctl.conf'
+    ]
+
     def __init__(self, module):
         self.module = module
         self.args = self.module.params
 
         self.sysctl_cmd = self.module.get_bin_path('sysctl', required=True)
         self.sysctl_file = self.args['sysctl_file']
+        self.system_Wide = self.args['system_Wide']
 
         self.proc_value = None  # current token value in proc fs
         self.file_value = None  # current token value in file
@@ -298,6 +318,13 @@ class SysctlModule(object):
             # so return here and do not continue to the error processing below
             # https://github.com/ansible/ansible/issues/58158
             return
+        else:
+            if self.system_Wide:
+                for sysctl_file in self.SYSCTL_DIRS:
+                    for conf_file in glob.glob(sysctl_file):
+                        rc, out, err = self.module.run_command([self.sysctl_cmd, '-p', conf_file], environ_update=self.LANG_ENV)
+                        if rc != 0 or self._stderr_failed(err):
+                            self.module.fail_json(msg="Failed to reload sysctl: %s" % to_native(out) + to_native(err))
             else:
                 # system supports reloading via the -p flag to sysctl, so we'll use that
                 sysctl_args = [self.sysctl_cmd, '-p', self.sysctl_file]
@@ -394,7 +421,8 @@ def main():
             reload=dict(default=True, type='bool'),
             sysctl_set=dict(default=False, type='bool'),
             ignoreerrors=dict(default=False, type='bool'),
-            sysctl_file=dict(default='/etc/sysctl.conf', type='path')
+            sysctl_file=dict(default='/etc/sysctl.conf', type='path'),
+            system_wide=dict(default=False, type='bool'),  # system_wide parameter
         ),
         supports_check_mode=True,
         required_if=[('state', 'present', ['value'])],

tests/integration/targets/acl/tasks/acl.yml

@@ -46,6 +46,12 @@
     path: "{{ test_dir }}"
     state: directory
     mode: "0755"
+
+- name: Install acl package
+  ansible.builtin.package:
+    name: acl
+    state: present
+
 ##############################################################################
 - name: Grant ansible user read access to a file
   ansible.posix.acl:

tests/integration/targets/firewalld/tasks/icmp_block_inversion_test_cases.yml

@@ -114,60 +114,3 @@
       ansible.builtin.assert:
         that:
           - result is not changed
-
-# Validate backwards compatible behavior until icmp block inversion is switched from string to boolean type
-- name: Icmp block inversion enabled when icmp block inversion is non-boolean string and state is enabled
-  block:
-    - name: Testing enable icmp block inversion
-      ansible.posix.firewalld:
-        zone: trusted
-        icmp_block_inversion: some string
-        permanent: true
-        state: enabled
-      register: result
-
-    - name: Assert icmp block inversion is enabled
-      ansible.builtin.assert:
-        that:
-          - result is changed
-
-    - name: Testing enable icmp block inversion (verify not changed)
-      ansible.posix.firewalld:
-        zone: trusted
-        icmp_block_inversion: some string
-        permanent: true
-        state: enabled
-      register: result
-
-    - name: Assert icmp block inversion is enabled (verify not changed)
-      ansible.builtin.assert:
-        that:
-          - result is not changed
-
-- name: Icmp block inversion disabled when icmp block inversion is non-boolean string and state is disabled
-  block:
-    - name: Testing disable icmp block inversion
-      ansible.posix.firewalld:
-        zone: trusted
-        icmp_block_inversion: some string
-        permanent: true
-        state: disabled
-      register: result
-
-    - name: Assert icmp block inversion is disabled
-      ansible.builtin.assert:
-        that:
-          - result is changed
-
-    - name: Testing disable icmp block inversion (verify not changed)
-      ansible.posix.firewalld:
-        zone: trusted
-        icmp_block_inversion: some string
-        permanent: true
-        state: disabled
-      register: result
-
-    - name: Assert icmp block inversion is disabled (verify not changed)
-      ansible.builtin.assert:
-        that:
-          - result is not changed

tests/integration/targets/mount/tasks/main.yml

@@ -1,3 +1,4 @@
+# SETUP ################################################################################
 - name: Install dependencies (Linux)
   ansible.builtin.package:
     name: e2fsprogs
@@ -110,6 +111,42 @@
     mode: '0644'
   register: orig_info
 
+# BIND MOUNT ################################################################################
+# bind mount check mode
+- name: Bind mount a filesystem (Linux) (check mode)
+  ansible.posix.mount:
+    src: '{{ output_dir }}/mount_source'
+    name: '{{ output_dir }}/mount_dest'
+    state: mounted
+    fstype: None
+    opts: bind
+  when: ansible_system == 'Linux'
+  register: bind_result_linux_dry_run
+  check_mode: true
+
+- name: Bind mount a filesystem (FreeBSD) (check mode)
+  ansible.posix.mount:
+    src: '{{ output_dir }}/mount_source'
+    name: '{{ output_dir }}/mount_dest'
+    state: mounted
+    fstype: nullfs
+  when: ansible_system == 'FreeBSD'
+  register: bind_result_freebsd_dry_run
+  check_mode: true
+
+- name: Attempt to stat bind mounted file
+  ansible.builtin.stat:
+    path: '{{ output_dir }}/mount_dest/test_file'
+  when: ansible_system in ('FreeBSD', 'Linux')
+  register: dest_stat
+
+- name: Assert the bind mount did not take place
+  ansible.builtin.assert:
+    that:
+      - not dest_stat['stat']['exists']
+  when: ansible_system in ('FreeBSD', 'Linux')
+
+# bind mount
 - name: Bind mount a filesystem (Linux)
   ansible.posix.mount:
     src: '{{ output_dir }}/mount_source'
@@ -168,6 +205,48 @@
       - (ansible_system == 'Linux' and not bind_result_linux['changed']) or (ansible_system == 'FreeBSD' and not bind_result_freebsd['changed'])
   when: ansible_system in ('FreeBSD', 'Linux')
 
+# remount check mode
+- name: Remount filesystem with different opts (Linux) (check mode)
+  ansible.posix.mount:
+    src: '{{ output_dir }}/mount_source'
+    name: '{{ output_dir }}/mount_dest'
+    state: mounted
+    fstype: None
+    opts: bind,ro
+  when: ansible_system == 'Linux'
+  register: bind_result_linux
+  check_mode: true
+
+- name: Remount filesystem with different opts (FreeBSD) (check mode)
+  ansible.posix.mount:
+    src: '{{ output_dir }}/mount_source'
+    name: '{{ output_dir }}/mount_dest'
+    state: mounted
+    fstype: nullfs
+    opts: ro
+  when: ansible_system == 'FreeBSD'
+  register: bind_result_freebsd
+  check_mode: true
+
+- name: Get mount options
+  ansible.builtin.shell:
+    cmd: set -o pipefail && mount | grep mount_dest | grep -c -E -w '(ro|read-only)'
+    executable: "{{ shell_executable }}"
+  changed_when: false
+  failed_when: false
+  register: new_options_count
+
+- name: Make sure the filesystem does not have the new opts
+  ansible.builtin.assert:
+    that:
+      - linux_and_changed or freebsd_and_changed
+      - new_options_count.stdout | int == 0
+  vars:
+    linux_and_changed: "{{ ansible_system == 'Linux' and bind_result_linux_dry_run['changed'] }}"
+    freebsd_and_changed: "{{ ansible_system == 'FreeBSD' and bind_result_freebsd['changed'] }}"
+  when: ansible_system in ('FreeBSD', 'Linux')
+
+# remount
 - name: Remount filesystem with different opts (Linux)
   ansible.posix.mount:
     src: '{{ output_dir }}/mount_source'
@@ -203,6 +282,29 @@
       - 1 == remount_options.stdout_lines | length
   when: ansible_system in ('FreeBSD', 'Linux')
 
+# unmount check mode
+- name: Unmount the bind mount (check mode)
+  ansible.posix.mount:
+    name: '{{ output_dir }}/mount_dest'
+    state: absent
+  when: ansible_system in ('Linux', 'FreeBSD')
+  register: unmount_result
+  check_mode: true
+
+- name: Make sure the file still exists in dest
+  ansible.builtin.stat:
+    path: '{{ output_dir }}/mount_dest/test_file'
+  when: ansible_system in ('FreeBSD', 'Linux')
+  register: dest_stat
+
+- name: Check that we did not unmount
+  ansible.builtin.assert:
+    that:
+      - unmount_result['changed']
+      - dest_stat['stat']['exists']
+  when: ansible_system in ('FreeBSD', 'Linux')
+
+# unmount
 - name: Unmount the bind mount
   ansible.posix.mount:
     name: '{{ output_dir }}/mount_dest'
@@ -223,9 +325,36 @@
       - not dest_stat['stat']['exists']
   when: ansible_system in ('FreeBSD', 'Linux')
 
-- name: Block to test remounted option
+# SWAP #############################################################
+- name: Swap
   when: ansible_system in ('Linux')
   block:
+    # mount swap check mode
+    - name: Stat /etc/fstab
+      ansible.builtin.stat:
+        path: /etc/fstab
+      register: stat_fstab_before
+
+    - name: Create fstab record for the first swap file (check mode)
+      ansible.posix.mount:
+        name: none
+        src: /tmp/swap1
+        opts: sw
+        fstype: swap
+        state: present
+      check_mode: true
+
+    - name: Stat /etc/fstab
+      ansible.builtin.stat:
+        path: /etc/fstab
+      register: stat_fstab_after
+
+    - name: Assert that fstab checksum did not change
+      ansible.builtin.assert:
+        that:
+          - stat_fstab_before.stat.checksum == stat_fstab_after.stat.checksum
+
+    # mount swap1
     - name: Create fstab record for the first swap file
       ansible.posix.mount:
         name: none
@@ -250,6 +379,7 @@
           - swap1_created['changed']
           - not swap1_created_again['changed']
 
+    # mount swap2
     - name: Create fstab record for the second swap file
       ansible.posix.mount:
         name: none
@@ -274,6 +404,30 @@
           - swap2_created['changed']
           - not swap2_created_again['changed']
 
+    # remove swap check mode
+    - name: Stat /etc/fstab
+      ansible.builtin.stat:
+        path: /etc/fstab
+      register: stat_fstab_before
+
+    - name: Remove the fstab record for the first swap file (check mode)
+      ansible.posix.mount:
+        name: none
+        src: /tmp/swap1
+        state: absent
+      check_mode: true
+
+    - name: Stat /etc/fstab
+      ansible.builtin.stat:
+        path: /etc/fstab
+      register: stat_fstab_after
+
+    - name: Assert that fstab checksum did not change
+      ansible.builtin.assert:
+        that:
+          - stat_fstab_before.stat.checksum == stat_fstab_after.stat.checksum
+
+    # remove swap1
     - name: Remove the fstab record for the first swap file
       ansible.posix.mount:
         name: none
@@ -294,6 +448,7 @@
           - swap1_removed['changed']
           - not swap1_removed_again['changed']
 
+    # remove swap2
     - name: Remove the fstab record for the second swap file
       ansible.posix.mount:
         name: none
@@ -314,6 +469,10 @@
           - swap2_removed['changed']
           - not swap2_removed_again['changed']
 
+# FIXUP #############################################################
+- name: Fix incomplete entry already present in fstab
+  when: ansible_system == 'Linux'
+  block:
     - name: Create fstab record with missing last two fields
       ansible.builtin.copy:
         dest: /etc/fstab
@@ -343,6 +502,11 @@
           - ''' 0 0'' in optional_fields_content.stdout'
           - 1 == optional_fields_content.stdout_lines | length
 
+# REMOUNTED #############################################################
+- name: Block to test remounted option
+  when: ansible_system in ('Linux')
+  block:
+    # setup
     - name: Create empty file
       community.general.filesize:
         path: /tmp/myfs.img
@@ -372,6 +536,26 @@
       ansible.builtin.pause:
         seconds: 2
 
+    # remount check mode
+    - name: Remount (check mode)
+      ansible.posix.mount:
+        path: /tmp/myfs
+        state: remounted
+
+    - name: Get again the last write time
+      ansible.builtin.shell:
+        cmd: >-
+          set -o pipefail && dumpe2fs /tmp/myfs.img 2>/dev/null | grep -i "last write time:" |cut -d: -f2-
+        executable: "{{ shell_executable }}"
+      changed_when: false
+      register: last_write_time_check
+
+    - name: Fail if they are different
+      ansible.builtin.fail:
+        msg: Filesytem was remounted, testing of the module failed!
+      when: last_write_time.stdout != last_write_time_check.stdout
+
+    # remount
     - name: Test if the FS is remounted
       ansible.posix.mount:
         path: /tmp/myfs
@@ -390,6 +574,29 @@
         msg: Filesytem was not remounted, testing of the module failed!
       when: last_write is defined and last_write_time2 is defined and last_write_time.stdout == last_write_time2.stdout
 
+    # remount different options check mode
+    - name: Remount filesystem with different opts using remounted option (Linux only)
+      ansible.posix.mount:
+        path: /tmp/myfs
+        state: remounted
+        opts: rw,noexec
+      check_mode: true
+
+    - name: Get remounted options (Linux only)
+      ansible.builtin.shell:
+        cmd: set -o pipefail && mount | grep myfs | grep -E -w 'noexec' | wc -l
+        executable: "{{ shell_executable }}"
+      failed_when: false
+      changed_when: false
+      register: remounted_options
+
+    - name: Make sure the filesystem now has the new opts after using remounted (Linux only)
+      ansible.builtin.assert:
+        that:
+          - "'0' in remounted_options.stdout"
+          - "1 == remounted_options.stdout_lines | length"
+
+    # remount different options
     - name: Remount filesystem with different opts using remounted option (Linux only)
       ansible.posix.mount:
         path: /tmp/myfs
@@ -409,6 +616,7 @@
           - "'1' in remounted_options.stdout"
           - "1 == remounted_options.stdout_lines | length"
 
+    # backup
     - name: Mount the FS again to test backup
       ansible.posix.mount:
         path: /tmp/myfs
@@ -439,9 +647,11 @@
         - /tmp/myfs.img
         - /tmp/myfs
 
+# BOOT #############################################################
 - name: Block to test boot option for Linux
   when: ansible_system in ('Linux')
   block:
+    # setup
     - name: Create empty file
       community.general.filesize:
         path: /tmp/myfs.img
@@ -452,6 +662,7 @@
         fstype: ext3
         dev: /tmp/myfs.img
 
+    # noauto
     - name: Mount the FS with noauto option
       ansible.posix.mount:
         path: /tmp/myfs
@@ -472,6 +683,7 @@
         path: /tmp/myfs
         state: absent
 
+    # noauto + defaults
     - name: Mount the FS with noauto option and defaults
       ansible.posix.mount:
         path: /tmp/myfs
@@ -499,6 +711,7 @@
         - /tmp/myfs.img
         - /tmp/myfs
 
+# NEWLINE END OF FILE ############################################
 - name: Block to test missing newline at the EOF of fstab
   when: ansible_system in ('Linux')
   block:
@@ -537,6 +750,7 @@
         - /tmp/myfs1
         - /tmp/test_fstab
 
+# EPHEMERAL ################################################
 - name: Block to test ephemeral option
   environment:
     PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
@@ -553,7 +767,6 @@
         size: 20M
 
     ##### FORMAT FS ON LINUX
-
     - name: Block to format FS on Linux
       when: ansible_system == 'Linux'
       block:
@@ -568,7 +781,6 @@
             dev: /tmp/myfs_B.img
 
     ##### FORMAT FS ON SOLARIS AND BSD
-
     - name: Create loop devices on Solaris and BSD
       ansible.builtin.shell:
         cmd: "set -o pipefail && {{ ephemeral_create_loop_dev_cmd }}"
@@ -583,14 +795,49 @@
       changed_when: true
       when: ephemeral_format_fs_cmd is defined
 
-  ##### TESTS
-
     - name: Create fstab if it does not exist
       ansible.builtin.file:
         path: "{{ ephemeral_fstab }}"
         state: touch
         mode: '0644'
 
+    # normal ephemeral mount check mode
+    - name: Get checksum of /etc/fstab before mounting anything
+      ansible.builtin.stat:
+        path: '{{ ephemeral_fstab }}'
+      register: fstab_stat_before_mount
+
+    - name: Mount the FS A with ephemeral state (check mode)
+      ansible.posix.mount:
+        path: /tmp/myfs
+        src: '{{ ephemeral_device_a }}'
+        fstype: '{{ ephemeral_fstype }}'
+        opts: rw
+        state: ephemeral
+      register: ephemeral_mount_info
+      check_mode: true
+
+    - name: Get checksum of /etc/fstab after an ephemeral mount
+      ansible.builtin.stat:
+        path: '{{ ephemeral_fstab }}'
+      register: fstab_stat_after_mount
+
+    - name: Get mountinfo
+      ansible.builtin.shell:
+        cmd: grep -c '/tmp/myfs' <(mount -v)
+        executable: "{{ shell_executable }}"
+      register: check_mountinfo
+      failed_when: false
+      changed_when: false
+
+    - name: Assert the mount occurred and the fstab is unchanged
+      ansible.builtin.assert:
+        that:
+          - check_mountinfo.stdout|int == 0
+          - ephemeral_mount_info['changed']
+          - fstab_stat_before_mount['stat']['checksum'] == fstab_stat_after_mount['stat']['checksum']
+
+    # normal ephemeral mount
     - name: Get checksum of /etc/fstab before mounting anything
       ansible.builtin.stat:
         path: '{{ ephemeral_fstab }}'
@@ -631,6 +878,48 @@
           - ephemeral_mount_info['changed']
           - fstab_stat_before_mount['stat']['checksum'] == fstab_stat_after_mount['stat']['checksum']
 
+    # remount different options check mode
+    - name: Get first mount record
+      ansible.builtin.shell:
+        cmd: grep '/tmp/myfs' <(mount -v)
+        executable: "{{ shell_executable }}"
+      register: ephemeral_mount_record_1
+      changed_when: false
+
+    - name: Try to mount FS A where FS A is already mounted (should trigger remount and changed)
+      ansible.posix.mount:
+        path: /tmp/myfs
+        src: '{{ ephemeral_device_a }}'
+        fstype: '{{ ephemeral_fstype }}'
+        opts: ro
+        state: ephemeral
+      register: ephemeral_mount_info
+      check_mode: true
+
+    - name: Get second mount record (should be different than the first)
+      ansible.builtin.shell:
+        cmd: grep '/tmp/myfs' <(mount -v)
+        executable: "{{ shell_executable }}"
+      register: ephemeral_mount_record_2
+      changed_when: false
+
+    - name: Get mountinfo
+      ansible.builtin.shell:
+        cmd: grep -c '/tmp/myfs' <(mount -v)
+        executable: "{{ shell_executable }}"
+      failed_when: false
+      register: check_mountinfo
+      changed_when: false
+
+    - name: Assert the FS A is still mounted, the options unchanged and the fstab unchanged
+      ansible.builtin.assert:
+        that:
+          - check_mountinfo.stdout|int == 1
+          - ephemeral_mount_record_1.stdout == ephemeral_mount_record_2.stdout
+          - ephemeral_mount_info['changed']
+          - fstab_stat_before_mount['stat']['checksum'] == fstab_stat_after_mount['stat']['checksum']
+
+    # remount different options
     - name: Get first mount record
       ansible.builtin.shell:
         cmd: grep '/tmp/myfs' <(mount -v)
@@ -670,6 +959,7 @@
           - ephemeral_mount_info['changed']
           - fstab_stat_before_mount['stat']['checksum'] == fstab_stat_after_mount['stat']['checksum']
 
+    # conflicting mount
     - name: Try to mount file B on file A mountpoint (should fail)
       ansible.posix.mount:
         path: /tmp/myfs
@@ -707,6 +997,39 @@
           - test_file_stat['stat']['exists']
           - ephemeral_mount_b_info is failed
 
+    # unmount check mode
+    - name: Unmount FS with state = unmounted
+      ansible.posix.mount:
+        path: /tmp/myfs
+        state: unmounted
+      check_mode: true
+
+    - name: Get fstab checksum after unmounting an ephemeral mount with state = unmounted
+      ansible.builtin.stat:
+        path: '{{ ephemeral_fstab }}'
+      register: fstab_stat_after_unmount
+
+    - name: Get mountinfo
+      ansible.builtin.shell:
+        cmd: grep -c '/tmp/myfs' <(mount -v)
+        executable: "{{ shell_executable }}"
+      register: check_mountinfo
+      failed_when: false
+      changed_when: false
+
+    - name: Try to stat our test file
+      ansible.builtin.stat:
+        path: /tmp/myfs/test_file
+      register: test_file_stat
+
+    - name: Assert that unmount did not take place and fstab unchanged
+      ansible.builtin.assert:
+        that:
+          - check_mountinfo.stdout|int == 1
+          - test_file_stat['stat']['exists']
+          - fstab_stat_before_mount['stat']['checksum'] == fstab_stat_after_unmount['stat']['checksum']
+
+    # unmount
     - name: Unmount FS with state = unmounted
       ansible.posix.mount:
         path: /tmp/myfs
@@ -759,6 +1082,7 @@
         - /tmp/myfs_B.img
         - /tmp/myfs
 
+# OPTS_NO_LOG ######################################
 - name: Block to test opts_no_log option
   when: ansible_system == 'Linux'
   block:

tests/integration/targets/seboolean/tasks/main.yml

@@ -20,5 +20,4 @@
   ansible.builtin.include_tasks: seboolean.yml
   when:
     - ansible_selinux is defined
-    - ansible_selinux
     - ansible_selinux.status == 'enabled'

tests/integration/targets/selinux/tasks/main.yml

@@ -19,23 +19,21 @@
 - name: Debug message for when SELinux is disabled
   ansible.builtin.debug:
     msg: SELinux is disabled
-  when: ansible_selinux is defined and not ansible_selinux
+  when: ansible_selinux is defined and ansible_selinux.status == 'disabled'
 
 - name: Debug message for when SELinux is enabled and not disabled
   ansible.builtin.debug:
     msg: SELinux is {{ ansible_selinux.status }}
-  when: ansible_selinux is defined and ansible_selinux
+  when: ansible_selinux is defined
 
 - name: Include_tasks for when SELinux is enabled
   ansible.builtin.include_tasks: selinux.yml
   when:
     - ansible_selinux is defined
-    - ansible_selinux
     - ansible_selinux.status == 'enabled'
 
 - name: Include tasks for selogin when SELinux is enabled
   ansible.builtin.include_tasks: selogin.yml
   when:
     - ansible_selinux is defined
-    - ansible_selinux
     - ansible_selinux.status == 'enabled'

tests/integration/targets/sysctl/tasks/main.yml

@@ -230,6 +230,40 @@
         that:
           - sysctl_test4 is failed
         
+      ##
+      ## sysctl --system
+      ##
+
+    - name: Set vm.swappiness to 10 with --system option
+      ansible.posix.sysctl:
+        name: vm.swappiness
+        value: 10
+        state: present
+        reload: false
+        sysctl_set: true
+        system: true
+      register: sysctl_system_test1
+
+    - name: Check with sysctl command
+      ansible.builtin.command: sysctl vm.swappiness
+      changed_when: false
+      register: sysctl_check_system1
+
+    - name: Debug sysctl_system_test1 sysctl_check_system1
+      ansible.builtin.debug:
+        var: item
+        verbosity: 1
+      with_items:
+        - "{{ sysctl_system_test1 }}"
+        - "{{ sysctl_check_system1 }}"
+
+    - name: Validate results for --system option
+      ansible.builtin.assert:
+        that:
+          - sysctl_system_test1 is changed
+          - sysctl_check_system1.stdout_lines == ["vm.swappiness = 10"]
+
+
 - name: Test on RHEL VMs
   when:
     - ansible_facts.virtualization_type != 'docker'
@@ -366,3 +400,33 @@
         that:
           - stat_result.stat.islnk is defined and stat_result.stat.islnk
           - stat_result.stat.lnk_source == '/tmp/ansible_sysctl_test.conf'
+    
+    # Test sysctl: --system
+    - name: Set vm.swappiness to 10 with --system option
+      ansible.posix.sysctl:
+        name: vm.swappiness
+        value: 10
+        state: present
+        reload: false
+        sysctl_set: true
+        system: true
+      register: sysctl_system_test1
+
+    - name: Check with sysctl command
+      ansible.builtin.command: sysctl vm.swappiness
+      changed_when: false
+      register: sysctl_check_system1
+
+    - name: Debug sysctl_system_test1 sysctl_check_system1
+      ansible.builtin.debug:
+        var: item
+        verbosity: 1
+      with_items:
+        - "{{ sysctl_system_test1 }}"
+        - "{{ sysctl_check_system1 }}"
+
+    - name: Validate results for --system option
+      ansible.builtin.assert:
+        that:
+          - sysctl_system_test1 is changed
+          - sysctl_check_system1.stdout_lines == ["vm.swappiness = 10"]

tests/sanity/ignore-2.20.txt

@@ -0,0 +1 @@
+tests/utils/shippable/timing.py shebang

tests/utils/shippable/shippable.sh

@@ -62,15 +62,15 @@ else
     retry pip install "https://github.com/ansible/ansible/archive/stable-${ansible_version}.tar.gz" --disable-pip-version-check
 fi
 
-export ANSIBLE_COLLECTIONS_PATHS="${PWD}/../../../"
+export ANSIBLE_COLLECTIONS_PATH="${PWD}/../../../"
 
 # START: HACK install dependencies
 if [ "${ansible_version}" == "2.9" ] || [ "${ansible_version}" == "2.10" ]; then
     # Note: Since community.general 5.x, Ansible Core versions prior to 2.11 are not supported.
     # So we need to use 4.8.1 for Ansible 2.9 and Ansible Engine 2.10.
-    retry git clone --depth=1 --single-branch -b 4.8.1 https://github.com/ansible-collections/community.general.git "${ANSIBLE_COLLECTIONS_PATHS}/ansible_collections/community/general"
+    retry git clone --depth=1 --single-branch -b 4.8.1 https://github.com/ansible-collections/community.general.git "${ANSIBLE_COLLECTIONS_PATH}/ansible_collections/community/general"
 else
-    retry git clone --depth=1 --single-branch https://github.com/ansible-collections/community.general.git "${ANSIBLE_COLLECTIONS_PATHS}/ansible_collections/community/general"
+    retry git clone --depth=1 --single-branch https://github.com/ansible-collections/community.general.git "${ANSIBLE_COLLECTIONS_PATH}/ansible_collections/community/general"
 fi
 # Note:  we're installing with git to work around Galaxy being a huge PITA (https://github.com/ansible/galaxy/issues/2429)
 # END: HACK