11 commits
Author | SHA1 | Message | Date | |
---|---|---|---|---|
jlam
|
49970e3866 |
Fix packages that had INSTALLATION_DIRS+=$(PKG_SYSCONFDIR}.
Set PKG_SYSCONFSUBDIR where appropriate, and use {MAKE,OWN}_DIRS to create the directory tree under ${PKG_SYSCONFDIR} instead of using INSTALLATION_DIRS. Bump the PKGREVISION of packages that changed due to changes in the package install scripts. |
||
he
|
27136202ac |
Move the ansible/roles file tree out from under etc/ to share/,
so that any packages which want to install files there don't have to battle with pkgsrc's requirement to use CONF_FILES. Bump PKGREVISION. |
||
he
|
5b1abb9d44 |
Upgrade to version 1.9.4nb1, copied over from pkgsrc-wip.
Upstream changes: Version 1.9.4, "Dancing In the Street" - Oct 9, 2015: * Fixes a bug where yum state=latest would error if there were no updates to install. * Fixes a bug where yum state=latest did not work with wildcard package names. * Fixes a bug in lineinfile relating to escape sequences. * Fixes a bug where vars_prompt was not keeping passwords private by default. * Fix ansible-galaxy and the hipchat callback plugin to check that the host it is contacting matches its TLS Certificate. Version 1.9.3, "Dancing In the Street" - Sep 3, 2015: * Fixes a bug related to keyczar messing up encodings internally, resulting in decrypted messages coming out as empty strings. * AES Keys generated for use in accelerated mode are now 256-bit by default instead of 128. * Fix url fetching for SNI with python-2.7.9 or greater. SNI does not work with python < 2.7.9. The best workaround is probably to use the command module with curl or wget. * Fix url fetching to allow tls-1.1 and tls-1.2 if the system's openssl library supports those protocols * Fix ec2_ami_search module to check TLS Certificates * Fix the following extras modules to check TLS Certificates: campfire layman librarto_annotate twilio typetalk * Fix docker module's parsing of docker-py version for dev checkouts * Fix docker module to work with docker server api 1.19 * Change yum module's state=latest feature to update all packages specified in a single transaction. This is the same type of fix as was made for yum's state=installed in 1.9.2 and both solves the same problems and with the same caveats. * Fixed a bug where stdout from a module might be blank when there were were non-printable ASCII characters contained within it Version 1.9.2, "Dancing In the Street" - Jun 26, 2015: * Security fixes to check that hostnames match certificates with https urls (CVE-2015-3908) get_url and uri modules url and etcd lookup plugins * Security fixes to the zone (Solaris containers), jail (bsd containers), and chroot connection plugins. These plugins can be used to connect to their respective container types in leiu of the standard ssh connection. Prior to this fix being applied these connection plugins didn't properly handle symlinks within the containers which could lead to files intended to be written to or read from the container being written to or read from the host system instead. (CVE pending) * Fixed a bug in the service module where init scripts were being incorrectly used instead of upstart/systemd. * Fixed a bug where sudo/su settings were not inherited from ansible.cfg correctly. * Fixed a bug in the rds module where a traceback may occur due to an unbound variable. * Fixed a bug where certain remote file systems where the SELinux context was not being properly set. * Re-enabled several windows modules which had been partially merged (via action plugins): win_copy.ps1 win_copy.py win_file.ps1 win_file.py win_template.py * Fix bug using with_sequence and a count that is zero. Also allows counting backwards isntead of forwards * Fix get_url module bug preventing use of custom ports with https urls * Fix bug disabling repositories in the yum module. * Fix giving yum module a url to install a package from on RHEL/CENTOS5 * Fix bug in dnf module preventing it from working when yum-utils was not already installed Version 1.9.1, "Dancing In the Street" - Apr 27, 2015: * Fixed a bug related to Kerberos auth when using winrm with a domain account. * Fixing several bugs in the s3 module. * Fixed a bug with upstart service detection in the service module. * Fixed several bugs with the user module when used on OSX. * Fixed unicode handling in some module situations (assert and shell/command execution). * Fixed a bug in redhat_subscription when using the activationkey parameter. * Fixed a traceback in the gce module on EL6 distros when multiple pycrypto installations are available. * Added support for PostgreSQL 9.4 in rds_param_group * Several other minor fixes. Version 1.9, "Dancing In the Street" - Mar 25, 2015: Major changes: * Added kerberos support to winrm connection plugin. * Tags rehaul: added 'all', 'always', 'untagged' and 'tagged' special tags and normalized tag resolution. Added tag information to --list-tasks and new --list-tags option. * Privilege Escalation generalization, new 'Become' system and variables now will handle existing and new methods. Sudo and su have been kept for backwards compatibility. New methods pbrun and pfexec in 'alpha' state, planned adding 'runas' for winrm connection plugin. * Improved ssh connection error reporting, now you get back the specific message from ssh. * Added facility to document task module return values for registered vars, both for ansible-doc and the docsite. Documented copy, stats and acl modules, the rest must be updated individually (we will start doing so incrementally). * Optimize the plugin loader to cache available plugins much more efficiently. For some use cases this can lead to dramatic improvements in startup time. * Overhaul of the checksum system, now supports more systems and more cases more reliably and uniformly. * Fix skipped tasks to not display their parameters if no_log is specified. * Many fixes to unicode support, standarized functions to make it easier to add to input/output boundaries. * Added travis integration to github for basic tests, this should speed up ticket triage and merging. * environment: directive now can also be applied to play and is inhertited by tasks, which can still override it. * expanded facts and OS/distribution support for existing facts and improved performance with pypy. * new 'wantlist' option to lookups allows for selecting a list typed variable vs a comma delimited string as the return. * the shared module code for file backups now uses a timestamp resolution of seconds (previouslly minutes). * allow for empty inventories, this is now a warning and not an error (for those using localhost and cloud modules). * sped up YAML parsing in ansible by up to 25% by switching to CParser loader. New Modules: * cryptab: manages linux encrypted block devices * gce_img: for utilizing GCE image resources * gluster_volume: manage glusterfs volumes * haproxy: for the load balancer of same name * known_hosts: manages the ssh known_hosts file * lxc_container: manage lxc containers * patch: allows for patching files on target systems * pkg5: installing and uninstalling packages on Solaris * pkg5_publisher: manages Solaris pkg5 repository configuration * postgresql_ext: manage postgresql extensions * snmp_facts: gather facts via snmp * svc: manages daemontools based services * uptimerobot: manage monitoring with this service New Filters: * ternary: allows for trueval/falseval assignment dependent on conditional * cartesian: returns the Cartesian product of 2 lists * to_uuid: given a string it will return an ansible domain specific UUID * checksum: uses the ansible internal checksum to return a hash from a string * hash: get a hash from a string (md5, sha1, etc) * password_hash: get a hash form as string that can be used as a password in the user module (and others) * A whole set of ip/network manipulation filters: ipaddr,ipwrap,ipv4,ipv6ipsubnet,nthhost,hwaddr,macaddr Version 1.8.4, "You Really Got Me" - Feb 19, 2015: * Fixed regressions in ec2 and mount modules, introduced in 1.8.3 Version 1.8.3, "You Really Got Me" - Feb 17, 2015: * Fixing a security bug related to the default permissions set on a temporary file created when using "ansible-vault view ". * Many bug fixes, for both core code and core modules. Version 1.8.2, "You Really Got Me" - Dec 04, 2014: * Various bug fixes for packaging issues related to modules. * Various bug fixes for lookup plugins. * Various bug fixes for some modules (continued cleanup of postgresql issues, etc.). * Add a clone parameter to git module that allows you to get information about a remote repo even if it doesn't exist locally. Version 1.8.1, "You Really Got Me" - Nov 26, 2014: * Various bug fixes in postgresql and mysql modules. * Fixed a bug related to lookup plugins used within roles not finding files based on the relative paths to the roles files/ directory. * Fixed a bug related to vars specified in plays being templated too early, resulting in incorrect variable interpolation. * Fixed a bug related to git submodules in bare repos. Version 1.8, "You Really Got Me" - Nov 25, 2014: Major changes: * fact caching support, pluggable, initially supports Redis (DOCS pending) * 'serial' size in a rolling update can be specified as a percentage * added new Jinja2 filters, 'min' and 'max' that take lists * new 'ansible_version' variable available contains a dictionary of version info * For ec2 dynamic inventory, ec2.ini can has various new configuration options 'ansible vault view filename.yml' opens filename.yml decrypted in a pager. no_log parameter now surpressess data from callbacks/output as well as syslog * ansible-galaxy install -f requirements.yml allows advanced options and installs from non-galaxy SCM sources and tarballs. * command_warnings feature will warn about when usage of the shell/command module can be simplified to use core modules - this can be enabled in ansible.cfg * new omit value can be used to leave off a parameter when not set, like so module_name: a=1 b={{ c | default(omit) }}, would not pass value for b (not even an empty value) if c was not set. * developers: 'baby JSON' in module responses, originally intended for writing modules in bash, is removed as a feature to simplify logic, script module remains available for running bash scripts. * async jobs started in "fire & forget" mode can now be checked on at a later time. * added ability to subcategorize modules for docs.ansible.com * added ability for shipped modules to have aliases with symlinks * added ability to deprecate older modules by starting with "_" and including "deprecated: message why" in module docs New Modules: * cloud: rax_cdb - manages Rackspace Cloud Database instances * cloud: rax_cdb_database - manages Rackspace Cloud Databases * cloud: rax_cdb_user - manages Rackspace Cloud Database users * monitoring: zabbix_maintaince - handles outage windows with Zabbix * monitoring: bigpanda - support for bigpanda * net_infrastructure: a10_server - manages server objects on A10 devices * net_infrastructure: a10_service_group - manages service group objects on A10 devices * net_infrastructure: a10_virtual_server - manages virtual server objects on A10 devices * system: getent - read getent databases Version 1.7.2, "Summer Nights" - Sep 24, 2014: * Fixes a bug in accelerate mode which caused a traceback when trying to use that connection method. * Fixes a bug in vault where the password file option was not being used correctly internally. * Improved multi-line parsing when using YAML literal blocks (using > or |). * Fixed a bug with the file module and the creation of relative symlinks. * Fixed a bug where checkmode was not being honoured during the templating of files. * Other various bug fixes. Version 1.7.1, "Summer Nights" - Aug 14, 2014: * Security fix to disallow specifying 'args:' as a string, which could allow the insertion of extra module parameters through variables. * Performance enhancements related to previous security fixes, which could cause slowness when modules returned very large JSON results. This specifically impacted the unarchive module frequently, which returns the details of all unarchived files in the result. * Docker module bug fixes: Fixed support for specifying rw/ro bind modes for volumes Fixed support for allowing the tag in the image parameter * Various other bug fixes Version 1.7, "Summer Nights" - Aug 06, 2014: Major new features: * Windows support (alpha) using native PowerShell remoting * Tasks can now specify run_once: true, meaning they will be executed exactly once. This can be combined with delegate_to to trigger actions you want done just the one time versus for every host in inventory. New inventory scripts: * SoftLayer * Windows Azure New Modules: * cloud: azure * cloud: rax_meta * cloud: rax_scaling_group * cloud: rax_scaling_policy * windows: version of setup module * windows: version of slurp module * windows: win_feature * windows: win_get_url * windows: win_msi * windows: win_ping * windows: win_user * windows: win_service * windows: win_group Other notable changes: * Security fixes * Prevent the use of lookups when using legacy "{{ }}" syntax round variables and with_* loops. * Remove relative paths in TAR-archived file names used by ansible-galaxy. * Inventory speed improvements for very large inventories. * Vault password files can now be executable, to support scripts that fetch the vault password. |
||
jperkin
|
2084c4f306 |
Fix a couple of issues:
- pkgin changed its output delimiter from a space to ';' when outputting to a non-tty, breaking various configuration management systems which relied on the previous behaviour. Handle both types in ansible until NetBSDfr/pkgin#46 is resolved. - OS X 10.10 changed the behaviour of sysctl(8) to hide certain entries unless they are explicitly named. Apply patch to fix hw.model and hw.usermem from https://github.com/ansible/ansible/pull/8171/files Clean up patches while here. Bump PKGREVISION. |
||
pettai
|
feff5f0b58 |
Add all the rest releases of 1.6.x:
1.6.10 Fixes an issue with the copy module when copying a directory that fails when changing file attributes and the target file already exists Improved unicode handling when splitting args 1.6.9 Further improvements to module parameter parsing to address additional regressions caused by security fixes 1.6.8 Corrects a regression in the way shell and command parameters were being parsed 1.6.7 Security fixes: Strip lookup calls out of inventory variables and clean unsafe data returned from lookup plugins (CVE-2014-4966) Make sure vars don't insert extra parameters into module args and prevent duplicate params from superseding previous params (CVE-2014-4967) 1.6.6 Security updates to further protect against the incorrect execution of untrusted data 1.6.4, 1.6.5 Security updates related to evaluation of untrusted remote inputs |
||
rodent
|
b5817bc0ac |
py-crypto is now a dependency and the package is egg-aware. Update
MASTER_SITES and add pypi to them. Use PREFIX instead of LOCALBASE in one SUBST_CLASS instead of two. ${PKGMANDIR}/man3 is no longer used. Comment patches and delint. From CHANGELOG: 1.6.3 Corrects a regression where handlers were run across all hosts, not just those that triggered the handler. Fixed a bug in which modules did not support properly moving a file atomically when su was in use. Fixed two bugs related to symlinks with directories when using the file module. Fixed a bug related to MySQL master replication syntax. Corrects a regression in the order of variable merging done by the internal runner code. Various other minor bug fixes. 1.6.2 If an improper locale is specified, core modules will now automatically revert to using the 'C' locale. Modules using the fetch_url utility will now obey proxy environment variables. The SSL validation step in fetch_url will likewise obey proxy settings, however only proxies using the http protocol are supported. Fixed multiple bugs in docker module related to version changes upstream. Fixed a bug in the ec2_group module where egress rules were lost when a VPC was specified. Fixed two bugs in the synchronize module: a trailing slash might be lost when calculating relative paths, resulting in an incorrect destination. the sync might use the inventory directory incorrectly instead of the playbook or role directory. Files will now only be chown'd on an atomic move if the src/dest uid/gid do not match. 1.6.1 Fixed a bug in group_by, where systems were being grouped incorrectly. Fixed a bug where file descriptors may leak to a child process when using accelerate. Fixed a bug in apt_repository triggered when python-apt not being installed/available. Fixed a bug in the apache2_module module, where modules were not being disabled correctly. 1.6 Major features/changes: The deprecated legacy variable templating system has been finally removed. Use {{ foo }} always not $foo or ${foo}. Any data file can also be JSON. Use sparingly -- with great power comes great responsibility. Starting file with "{" or "[" denotes JSON. Added 'gathering' param for ansible.cfg to change the default gather_facts policy. Accelerate improvements: multiple users can connect with different keys, when accelerate_multi_key = yes is specified in the ansible.cfg. daemon lifetime is now based on the time from the last activity, not the time from the daemon's launch. ansible-playbook now accepts --force-handlers to run handlers even if tasks result in failures. Added VMWare support with the vsphere_guest module. New Modules: files: replace packaging: cpanm (Perl) packaging: portage packaging: composer (PHP) packaging: homebrew_tap (OS X) packaging: homebrew_cask (OS X) packaging: apt_rpm packaging: layman monitoring: logentries monitoring: rollbar_deployment monitoring: librato_annotation notification: nexmo (SMS) notification: twilio (SMS) notification: slack (Slack.com) notification: typetalk (Typetalk.in) notification: sns (Amazon) system: debconf system: ufw system: locale_gen system: alternatives system: capabilities net_infrastructure: bigip_facts net_infrastructure: dnssimple net_infrastructure: lldp web_infrastructure: apache2_module cloud: digital_ocean_domain cloud: digital_ocean_sshkey cloud: rax_identity cloud: rax_cbs (cloud block storage) cloud: rax_cbs_attachments cloud: ec2_asg (configure autoscaling groups) cloud: ec2_scaling_policy cloud: ec2_metric_alarm cloud: vsphere_guest Other notable changes: example callback plugin added for hipchat added example inventory plugin for vcenter/vsphere added example inventory plugin for doing really trivial inventory from SSH config files libvirt module now supports destroyed and paused as states s3 module can specify metadata security token additions to ec2 modules setup module code moved into module_utils/, facts now accessible by other modules synchronize module sets relative dirs based on inventory or role path misc bugfixes and other parameters the ec2_key module now has wait/wait_timeout parameters added version_compare filter (see docs) added ability for module documentation YAML to utilize shared module snippets for common args apt module now accepts "deb" parameter to install local dpkg files regex_replace filter plugin added added an inventory script for Docker added an inventory script for Abiquo the get_url module now accepts url_username and url_password as parameters, so sites which require authentication no longer need to have them embedded in the url ... to be filled in from changelogs ... 1.5.5 Security fix for vault, to ensure the umask is set to a restrictive mode before creating/editing vault files. Backported apt_repository security fixes relating to filename/mode upon sources list file creation. 1.5.4 Security fix for safe_eval, which further hardens the checking of the evaluation function. Changing order of variable precendence for system facts, to ensure that inventory variables take precedence over any facts that may be set on a host. 1.5.3 Fix validate_certs and run_command errors from previous release Fixes to the git module related to host key checking 1.5.2 Fix module errors in airbrake and apt from previous release 1.5.1 Force command action to not be executed by the shell unless specifically enabled. Validate SSL certs accessed through urllib*. Implement new default cipher class AES256 in ansible-vault. Misc bug fixes. 1.5 Major features/changes: when_foo which was previously deprecated is now removed, use "when:" instead. Code generates appropriate error suggestion. include + with_items which was previously deprecated is now removed, ditto. Use with_nested / with_together, etc. only_if, which is much older than when_foo and was deprecated, is similarly removed. ssh connection plugin is now more efficient if you add 'pipelining=True' in ansible.cfg under [ssh_connection], see example.cfg localhost/127.0.0.1 is not required to be in inventory if referenced, if not in inventory, it does not implicitly appear in the 'all' group. git module has new parameters (accept_hostkey, key_file, ssh_opts) to ease the usage of git and ssh protocols. when using accelerate mode, the daemon will now be restarted when specifying a different remote_user between plays. added no_log: option for tasks. When used, no logging information will be sent to syslog during the module execution. acl module now handles 'default' and allows for either shorthand entry or specific fields per entry section play_hosts is a new magic variable to provide a list of hosts in scope for the current play. ec2 module now accepts 'exact_count' and 'count_tag' as a way to enforce a running number of nodes by tags. all ec2 modules that work with Eucalyptus also now support a 'validate_certs' option, which can be set to 'off' for installations using self-signed certs. Start of new integration test infrastructure (WIP, more details TBD) if repoquery is unavailble, the yum module will automatically attempt to install yum-utils ansible-vault: a framework for encrypting your playbooks and variable files added support for privilege escalation via 'su' into bin/ansible and bin/ansible-playbook and associated keywords 'su', 'su_user', 'su_pass' for tasks/plays New modules: cloud: ec2_elb_lb cloud: ec2_key cloud: ec2_snapshot cloud: rax_dns cloud: rax_dns_record cloud: rax_files cloud: rax_files_objects cloud: rax_keypair cloud: rax_queue cloud: docker_image messaging: rabbitmq_policy system: at utilities: assert Other notable changes (many new module params & bugfixes may not not listed): no_reboot is now defaulted to "no" in the ec2_ami module to ensure filesystem consistency in the resulting AMI. sysctl module overhauled authorized_key module overhauled synchronized module now handles local transport better apt_key module now ignores case on keys zypper_repository now skips on check mode file module now responds to force behavior when dealing with hardlinks new lookup plugin 'csvfile' fixes to allow hash_merge behavior to work with dynamic inventory mysql module will use port argument on dump/import subversion module now ignores locale to better intercept status messages rax api_key argument is no longer logged backwards/forwards compatibility for OpenStack modules, 'quantum' modules grok neutron renaming hosts properly uniqueified if appearing in redundant groups hostname module support added for ScientificLinux ansible-pull can now show live stdout and pass verbosity levels to ansible-playbook ec2 instances can now be stopped or started additional volumes can be created when creating new ec2 instances user module can move a home directory significant enhancement and cleanup of rackspace modules ansible_ssh_private_key_file can be templated docker module updated to support docker-py 0.3.0 various other bug fixes md5 logic improved during sudo operation support for ed25519 keys in authorized_key module ability to set directory permissions during a recursive copy (directory_mode parameter) 1.4.5 fixed issue with permissions being incorrect on fireball/accelerate keys when the umask setting was too loose. 1.4.4 fixed a minor issue with newer versions of pip dropping the "use-mirrors" parameter. |
||
hubertf
|
e2fe132084 |
Update ansible to 1.4.1.
Some changes: * Many new modules, sorted in the following subdirs: cloud commands database files internal inventory messaging monitoring net_infrastructure network notification packaging source_control system utilities web_infrastructure * accelerated mode: An enhanced fireball mode that requires zero bootstrapping and fewer requirements plus adds capabilities like sudo commands * Connection default is now "smart", which discovers if the system openssh can support ControlPersist, and uses it if so, if not falls back to paramiko * external inventory scripts may now return host variables in one pass, which allows them to be much more efficient for large numbers of hosts (AWS!) * "~" now expanded on each component of configured plugin paths * Countless feature enhancements and bugfixes For a full list, see https://github.com/ansible/ansible/blob/devel/CHANGELOG.md |
||
riz
|
4e6bda04c4 |
Update ansible to version 1.1. From the CHANGELOG.md:
1.1 "Mean Street" -- 4/2/2013 Core Features * added --check option for "dry run" mode * added --diff option to show how templates or copied files change, or might change * --list-tasks for the playbook will list the tasks without running them * able to set the environment by setting "environment:" as a dictionary on any task (go proxy support!) * added ansible_ssh_user and ansible_ssh_pass for per-host/group username and password * jinja2 extensions can now be loaded from the config file * support for complex arguments to modules (within reason) * can specify ansible_connection=X to define the connection type in inventory variables * a new chroot connection type * module common code now has basic type checking (and casting) capability * module common now supports a 'no_log' attribute to mark a field as not to be syslogged * inventory can now point to a directory containing multiple scripts/hosts files, if using this, put group_vars/host_vars directories inside this directory * added configurable crypt scheme for 'vars_prompt' * password generating lookup plugin -- $PASSWORD(path/to/save/data/in) * added --step option to ansible-playbook, works just like Linux interactive startup! Modules Added: * bzr (bazaar version control) * cloudformation * django-manage * gem (ruby gems) * homebrew * lvg (logical volume groups) * lvol (LVM logical volumes) * macports * mongodb_user * netscaler * okg * openbsd_pkg * rabbit_mq_plugin * rabbit_mq_user * rabbit_mq_vhost * rabbit_mq_parameter * rhn_channel * s3 -- allows putting file contents in buckets for sharing over s3 * uri module -- can get/put/post/etc * vagrant -- launching VMs with vagrant, this is different from existing vagrant plugin * zfs |
||
hubertf
|
be60c08396 |
Fix 'service' module not to hang when starting mysql.
Bump version to 1.0nb1, also sent upstream |
||
riz
|
de24370464 |
Some fixes for the package:
- install manpages - replace "etc" with PKG_SYSCONFDIR in a number of locations - replace "usr/share" with @PREFIX@/share in some places - do some cleanup so things install with PKG_DEVELOPER set. |
||
hubertf
|
f372e42260 |
Add ansible-1.0:
Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. |