Pkgsrc changes:
* Adapt patches and PLIST.
Upstream changes (partial, see CHANGELOG.md for the full list):
* Security fix for CVE-2016-8628 - Command injection by compromised
server via fact variables. In some situations, facts returned by
modules could overwrite connection-based facts or some other special
variables, leading to injected commands running on the Ansible
controller as the user running Ansible (or via escalated
permissions).
* Security fix for CVE-2016-8614 - apt_key module not properly
validating keys in some situations.
* Added the `listen` feature for modules. This feature allows tasks to
more easily notify multiple handlers, as well as making it easier
for handlers from decoupled roles to be notified.
* Major performance improvements.
* Added support for binary modules
* Added the ability to specify serial batches as a list (`serial: [1,
5, 10]`), which allows for so-called "canary" actions in one play.
* Fixed 'local type' plugins and actions to have a more predictable
relative path. Fixes a regression of 1.9 (PR #16805). Existing users
of 2.x will need to adjust related tasks.
* `meta` tasks can now use conditionals.
* `raw` now returns `changed: true` to be consistent with
shell/command/script modules. Add `changed_when: false` to `raw`
tasks to restore the pre-2.2 behavior if necessary.n
* New privilege escalation become method `ksu`
* Windows `async:` support for long-running or background tasks.
* Windows `environment:` support for setting module environment vars
in play/task.
* Added a new `meta` option: `end_play`, which can be used to skip to
the end of a play.
* roles can now be included in the middle of a task list via the new
`include_role` module, this also allows for making the role import
'loopable' and/or conditional.
* The service module has been changed to use system specific modules
if they exist and fall back to the old service module if they cannot
be found or detected.
* Add ability to specify what ssh client binary to use on the
controller. This can be configured via ssh_executable in the
ansible config file or by setting ansible_ssh_executable as an
inventory variable if different ones are needed for different
hosts.
(Minor & other changes omitted here)
* Fixed a bug related to creation of retry files (#17456)
* Fixed a bug in the way include params are used when an include task
is dynamic (#17064)
* Fixed a bug related to including blocks in an include task (#15963)
* Fixed a bug related to the use of hostvars internally when creating
the connection plugin. This prevents things like variables using
lookups from being evaluated unnecessarily (#17024)
* Fixed a bug where using a variable containing a list for the `hosts`
of a play resulted in an list of lists (#16583)
* Fixed a bug where integer values would cause an error if a module
param was of type `float` (no issue)
* Fixed a bug with net_template failing if src was not specified (#17726)
* Fixed a bug in "ansible-galaxy import" (#17417)
* Fixed a bug in which INI files incorrectly treated a hosts range as
a section header (#15331)
* Fixed a bug in which the max_fail_percentage calculation erroneously
caused a series of plays to stop executing (#15954)
* Fixed a bug in which the task names were not properly templated (#16295)
* Fixed a bug causing "squashed" loops (ie. yum, apt) to incorrectly
report results (ansible-modules-core#4214)
* Fixed several bugs related to includes:
- when including statically, make sure that all parents were also
included statically (issue #16990)
- properly resolve nested static include paths
- print a message when a file is statically included
* Fixed a bug in which module params expected to be float types were
not converted from integers (only strings) (#17325)
* Fixed a bug introduced by static includes in 2.1, which prevented
notifications from going to the "top level" handler name.
* Fixed a bug where a group_vars or host_vars directory in the current
working directory would be used (and would take precedence) over
those in the inventory and/or playbook directory.
* Fixed a bug which could occur when the result of an async task did
not parse as valid JSON.
* (re)-allowed the use of ansible_python_interpreter lines with more
than one argument.
* Fixed several bugs related to the creation of the implicit localhost
in inventory.
* Fixed a bug related to an unspecified number of retries when using until.
* Fixed a race-condition bug when creating temp directories before the
worker process is forked.
* Fix a bug with async's poll keyword not making use of
ansible_python_interpreter to run (and thus breaking when
/usr/bin/python is not present on the remote machine.)
* Fix a bug where hosts that started with a range in inventory were
being treated as an invalid section header.
Module fixes:
* Fixed a bug where the temporary CA files created by the module
helper code were not being deleted properly in some situations
(#17073)
* Fixed many bugs in the unarchive module
* Fixes for module ec2:
- Fixed a bug related to source_dest_check when used with non-vpc
instances (core#3243)
- Fixed a bug in ec2 where instances were not powering of when
referenced via tags only (core#4765)
- Fixed a bug where instances with multiple interfaces were not
powering up/down correctly (core#3234)
* Fixes for module get_url:
- Fixed a bug in get_url module to force a download if there is a
checksum mismatch regardless of the last modified time (core#4262)
- Fixed a bug in get_url module to properly process FTP results
(core#3661 and core#4601)
* Fixed a bug in win_user related to users with disabled
accounts/expired passwords (core#4369)
* ini_file:
- Fixed a bug where option lines are now inserted before blank lines.
- Fixed a bug where leading whitespace prevented matches on options.
* Fixed a bug in iam_cert when dup_ok is used as a string.
* Fixed a bug in postgresql_db related to the changed logic when state=absent.
* Fixed a bug where single_transaction and quick were not passed into
db_dump for the mysql_db module.
* Fixed a bug where the fetch module was not idempotent when
retrieving the target of a symlink.
* Many minor fixes for bugs in extras modules.
Mostly minor bugfixes relative to 2.1.0.0:
* If the user is not using paramiko or vault, allow Ansible to run
if pycrypto is not installed.
* Fixed a bug in pkg_util module that caused "update_catalog must
be one of" error if 'update_catalog' arg was used.
* Fixed a bug where psuedo-connection vars (eg, ansible_winrm_transport)
defined in group_vars or host_vars were not getting passed to the
connection.
* Fixed a bug where temp file permissions on BSDs were not using
filesystem acls when available.
* Fixed some bugs in variable dependency resolution. These were
mainly related to includes and roles, to bringe the VariableManager
code in-line with our documentation.
* Fixed a bug in unarchive, when the destination was a symlinked directory.
* Fixed a bug related to performance when loading a large number of groups.
* Fixed bugs related to the way host and group vars are loaded,
which (for large sets of inventory variables) can reduce CPU and
memory usage by 50%.
* Fixed a bug where includes were not being implicitly evaluated
as static when no loop or variables were being used.
* Fixed several more bugs in relation to the way play execution
continues or halts when hosts fail, to bringe the behavior more in
line with 1.9.x.
* Fixed bugs related to the use of the underlying shell executable
with the script and raw modules.
* Fixed several bugs in relation to the way ssh keys were used with
various networking modules.
* Fixed a bug related to the way handlers are tracked internally,
which could cause bugs when roles are reused within the same play
(allow_duplicates: yes) or when the role dependencies formed a
"diamond" pattern.
* Fixed a bug related to setfacl on platforms which do not support
the -R option for recursive changes.
* Several fixes to the way async works to prevent race conditions
and other bugs
* More fixes to the way failed and unreachable hosts affect future plays
* Fixed a bug in the way the to_json filter encoded some objects
* Fixed a bug in the way roles and dependencies are loaded, and
how they inherit params from parent roles.
* Fixed a bug in which the number of retries in a do/until loop was off by one
* Fixed a bug in the way the passwd lookup deals with salts
* When using the local connection, internally the remote_user value
is now forced to be the current user even if remote_user is specified,
to prevent issues with become settings
* Fix for Azure modules to work with most recent Azure python
library (2.0.0rc5)
* Fix for bug related to unreachable hosts and any_errors_fatal in
the linear strategy
* Fix for error handling in relation to killed/dead worker processes.
If workers are killed via SIGKILL or SIGTERM, this will halt
execution of the playbook.
* Fixed a regression in the way we handle variables from dependent roles.
* Added better handling for certain errors thrown from the cryptography.
* Fixed a typo in the azure_rm_storageaccount module.
* Fixed some minor bugs in the os_user_role and cs_volume modules.
* Fixed a bug related to the return value of a low-level inventory
API call related to getting variables for hosts and groups.
The perhaps most notable change is official and integrated support
for the networking modules.
For the rest of the changes, see CHANGES.md for a detailed list of
changes between this version and the previous.
Ansible is a radically simple model-driven configuration management,
multi-node deployment, and remote task execution system. Ansible works
over SSH and does not require any software or daemons to be installed
on remote nodes. Extension modules can be written in any language and
are transferred to managed machines automatically.