* Wed Mar 27 2024 Johannes Kastl <opensuse_buildservice@ojkastl.de>
- update to 2.16.5:
https://github.com/ansible/ansible/blob/v2.16.5/changelogs/CHANGELOG-v2.16.rst
* Minor Changes
- ansible-test - Add a work-around for permission denied errors
when using pytest >= 8 on multi-user systems with an
installed version of ansible-test.
* Bugfixes
- Fix an issue when setting a plugin name from an unsafe source
resulted in ValueError: unmarshallable object (#82708)
- Harden python templates for respawn and ansiballz around str
literal quoting
- ansible-test - The libexpat package is automatically upgraded
during remote bootstrapping to maintain compatibility with
newer Python packages.
- template - Fix error when templating an unsafe string which
corresponds to an invalid type in Python (#82600).
- winrm - does not hang when attempting to get process output
when stdin write failed
* Sat Mar 16 2024 Johannes Kastl <opensuse_buildservice@ojkastl.de>
- update to 2.16.4:
https://github.com/ansible/ansible/blob/v2.16.4/changelogs/CHANGELOG-v2.16.rst
* Bugfixes
- Fix loading vars_plugins in roles (#82239).
- expect - fix argument spec error using timeout=null (#80982).
- include_vars - fix calculating depth relative to the root and
ensure all files are included (#80987).
- templating - ensure syntax errors originating from a template
being compiled into Python code object result in a failure
(#82606)
* Tue Jan 30 2024 Johannes Kastl <opensuse_buildservice@ojkastl.de>
- update to 2.16.3:
https://github.com/ansible/ansible/blob/v2.16.3/changelogs/CHANGELOG-v2.16.rst
* Security Fixes
- ANSIBLE_NO_LOG - Address issue where ANSIBLE_NO_LOG was
ignored (CVE-2024-0690)
* Bugfixes
- Run all handlers with the same listen topic, even when
notified from another handler (#82363).
- ansible-galaxy role import - fix using the role_name in a
standalone role's galaxy_info metadata by disabling automatic
removal of the ansible-role- prefix. This matches the
behavior of the Galaxy UI which also no longer implicitly
removes the ansible-role- prefix. Use the --role-name option
or add a role_name to the galaxy_info dictionary in the
role's meta/main.yml to use an alternate role name.
- ansible-test sanity --test runtime-metadata - add
action_plugin as a valid field for modules in the schema
(#82562).
- ansible-config init will now dedupe ini entries from plugins.
- ansible-galaxy role import - exit with 1 when the import
fails (#82175).
- ansible-galaxy role install - normalize tarfile paths and
symlinks using ansible.utils.path.unfrackpath and consider
them valid as long as the realpath is in the tarfile's role
directory (#81965).
- delegate_to when set to an empty or undefined variable will
now give a proper error.
- dwim functions for lookups should be better at detectging
role context even in abscense of tasks/main.
- roles, code cleanup and performance optimization of
dependencies, now cached, and public setting is now
determined once, at role instantiation.
- roles, the static property is now correctly set, this will
fix issues with public and DEFAULT_PRIVATE_ROLE_VARS controls
on exporting vars.
- unsafe data - Enable directly using AnsibleUnsafeText with
Python pathlib (#82414)
* Sun Jan 21 2024 Johannes Kastl <opensuse_buildservice@ojkastl.de>
- update to 2.16.2:
https://github.com/ansible/ansible/blob/v2.16.2/changelogs/CHANGELOG-v2.16.rst
* Bugfixes
- unsafe data - Address an incompatibility when iterating or
getting a single index from AnsibleUnsafeBytes
- unsafe data - Address an incompatibility with
AnsibleUnsafeText and AnsibleUnsafeBytes when pickling with
protocol=0
* Sun Jan 21 2024 Johannes Kastl <opensuse_buildservice@ojkastl.de>
- update to 2.16.1:
https://github.com/ansible/ansible/blob/v2.16.1/changelogs/CHANGELOG-v2.16.rst
* Breaking Changes / Porting Guide
- assert - Nested templating may result in an inability for the
conditional to be evaluated. See the porting guide for more
information.
* Security Fixes
- templating - Address issues where internal templating can
cause unsafe variables to lose their unsafe designation
(CVE-2023-5764)
* Bugfixes
- Fix issue where an include_tasks handler in a role was not
able to locate a file in tasks/ when tasks_from was used as a
role entry point and main.yml was not present (#82241)
- Plugin loader does not dedupe nor cache filter/test plugins
by file basename, but full path name.
- Restoring the ability of filters/tests can have same file
base name but different tests/filters defined inside.
- ansible-pull now will expand relative paths for the
- d|--directory option is now expanded before use.
- ansible-pull will now correctly handle become and connection
password file options for ansible-playbook.
- flush_handlers - properly handle a handler failure in a
nested block when force_handlers is set
(http://github.com/ansible/ansible/issues/81532)
- module no_log will no longer affect top level booleans, for
example no_log_module_parameter='a' will no longer hide
changed=False as a 'no log value' (matches 'a').
- role params now have higher precedence than host facts again,
matching documentation, this had unintentionally changed in
2.15.
- wait_for should not handle 'non mmapable files' again.
* Sun Jan 21 2024 Johannes Kastl <opensuse_buildservice@ojkastl.de>
- update to 2.16.0:
https://github.com/ansible/ansible/blob/v2.16.0/changelogs/CHANGELOG-v2.16.rst
* Bugfixes and Minor changes omitted for brevity, see full
changelog
* Breaking Changes / Porting Guide
- Any plugin using the config system and the cli entry to use
the timeout from the command line, will see the value change
if the use had configured it in any of the lower precedence
methods. If relying on this behaviour to consume the
global/generic timeout from the DEFAULT_TIMEOUT constant,
please consult the documentation on plugin configuration to
add the overlaping entries.
- ansible-test - Test plugins that rely on containers no longer
support reusing running containers. The previous behavior was
an undocumented, untested feature.
- service module will not permanently configure variables/flags
for openbsd when doing enable/disable operation anymore, this
module was never meant to do this type of work, just to
manage the service state itself. A rcctl_config or similar
module should be created and used instead.
* Deprecated Features
- Deprecated ini config option collections_paths, use the
singular form collections_path instead
- Deprecated the env var ANSIBLE_COLLECTIONS_PATHS, use the
singular form ANSIBLE_COLLECTIONS_PATH instead
- Old style vars plugins which use the entrypoints
get_host_vars or get_group_vars are deprecated. The plugin
should be updated to inherit from BaseVarsPlugin and define a
get_vars method as the entrypoint.
- Support for Windows Server 2012 and 2012 R2 has been removed
as the support end of life from Microsoft is October 10th
2023. These versions of Windows will no longer be tested in
this Ansible release and it cannot be guaranteed that they
will continue to work going forward.
- STRING_CONVERSION_ACTION config option is deprecated as it is
no longer used in the Ansible Core code base.
- the 'smart' option for setting a connection plugin is being
removed as it's main purpose (choosing between ssh and
paramiko) is now irrelevant.
- vault and unfault filters - the undocumented vaultid
parameter is deprecated and will be removed in ansible-core
2.20. Use vault_id instead.
- yum_repository - deprecated parameter 'keepcache' (#78693).
* Removed Features (previously deprecated)
- ActionBase - remove deprecated _remote_checksum method
- PlayIterator - remove deprecated cache_block_tasks and
get_original_task methods
- Remove deprecated FileLock class
- Removed Python 3.9 as a supported version on the controller.
Python 3.10 or newer is required.
- Removed include which has been deprecated in Ansible 2.12.
Use include_tasks or import_tasks instead.
- Templar - remove deprecated shared_loader_obj parameter of
__init__
- fetch_url - remove auto disabling decompress when gzip is not
available
- get_action_args_with_defaults - remove deprecated
redirected_names method parameter
- ansible-test - Removed support for the remote Windows targets
2012 and 2012-R2
- inventory_cache - remove deprecated
default.fact_caching_prefix ini configuration option, use
defaults.fact_caching_prefix instead.
- module_utils/basic.py - Removed Python 3.5 as a supported
remote version. Python 2.7 or Python 3.6+ is now required.
- stat - removed unused get_md5 parameter.
* Security Fixes
- ansible-galaxy - Prevent roles from using symlinks to
overwrite files outside of the installation directory
(CVE-2023-5115)
* Known issues
- ansible-galaxy - dies in the middle of installing a role when
that role contains Java inner classes (files with $ in the
file name). This is by design, to exclude temporary or backup
files. (#81553).
- ansible-test - The pep8 sanity test is unable to detect
f-string spacing issues (E201, E202) on Python 3.10 and 3.11.
They are correctly detected under Python 3.12. See
(PyCQA/pycodestyle#1190).
* Tue Dec 12 2023 Johannes Kastl <kastl@b1-systems.de>
- update to 2.15.8:
* Minor Changes
- ansible-test - Add FreeBSD 13.2 remote.
- ansible-test - Removed freebsd/13.1 remote.
* Bugfixes
- unsafe data - Address an incompatibility when iterating or
getting a single index from AnsibleUnsafeBytes
- unsafe data - Address an incompatibility with
AnsibleUnsafeText and AnsibleUnsafeBytes when pickling with
protocol=0
* Tue Dec 05 2023 Johannes Kastl <kastl@b1-systems.de>
- update to 2.15.7:
This release includes a fix for CVE-2023-5764, where internal
templating actions could result in unsafe data losing its unsafe
designation.
* Breaking Changes / Porting Guide
- assert - Nested templating may result in an inability for the
conditional to be evaluated. See the porting guide for more
information.
* Security Fixes
- templating - Address issues where internal templating can
cause unsafe variables to lose their unsafe designation
(CVE-2023-5764)
* Bugfixes
- ansible-pull now will expand relative paths for the
- d|--directory option is now expanded before use.
- flush_handlers - properly handle a handler failure in a
nested block when force_handlers is set
(http://github.com/ansible/ansible/issues/81532)
- module no_log will no longer affect top level booleans, for
example no_log_module_parameter='a' will no longer hide
changed=False as a 'no log value' (matches 'a').
- modules/user.py - Add check for valid directory when creating
new user homedir (allows /dev/null as skeleton) (#75063)
- role params now have higher precedence than host facts again,
matching documentation, this had unintentionally changed in
2.15.
- wait_for should not handle 'non mmapable files' again.
* Tue Nov 07 2023 Johannes Kastl <kastl@b1-systems.de>
- update to 2.15.6:
* Minor Changes
- ansible-test - Windows 2012 and 2012-R2 instances are now
requested from Azure instead of AWS.
* Bugfixes
- Fix run_once being incorrectly interpreted on handlers
(#81666)
- Plugin loader does not dedupe nor cache filter/test plugins
by file basename, but full path name.
- Properly template tags in parent blocks (#81053)
- Restoring the ability of filters/tests can have same file
base name but different tests/filters defined inside.
- import_role reverts to previous behavior of exporting vars at
compile time.
- ansible-galaxy - Provide a better error message when using a
requirements file with an invalid format - #81901
- ansible-inventory - index available_hosts for major
performance boost when dumping large inventories
- ansible-test - Fix parsing of cgroup entries which contain a
: in the path (#81977).
* Tue Oct 10 2023 Johannes Kastl <kastl@b1-systems.de>
- update to 2.15.5:
* Minor Changes
- ansible-galaxy dependency resolution messages have changed
the unexplained 'virtual' collection for the specific type
('scm', 'dir', etc) that is more user friendly
* Security Fixes
- ansible-galaxy - Prevent roles from using symlinks to
overwrite files outside of the installation directory
(CVE-2023-5115)
* Bugfixes
- Allow for searching handler subdir for included task via
include_role (#81722)
- PluginLoader - fix Jinja plugin performance issues (#79652)
- ansible.module_utils.service - ensure binary data
transmission in daemonize()
- ansible.module_utils.service - fix inter-process
communication in daemonize()
- ansible-galaxy - started allowing the use of pre-releases for
collections that do not have any stable versions published.
(#81606)
- ansible-galaxy - started allowing the use of pre-releases for
dependencies on any level of the dependency tree that
specifically demand exact pre-release versions of collections
and not version ranges. (#81606)
- ansible-galaxy error on dependency resolution will not error
itself due to 'virtual' collections not having a
name/namespace.
- ansible-galaxy info - fix reporting no role found when
lookup_role_by_name returns None.
- role deduplication - don't deduplicate before a role has had
a task run for that particular host (#81486).
- uri/urls - Add compat function to handle the ability to parse
the filename from a Content-Disposition header (#81806)
- winrm - Better handle send input failures when communicating
with hosts under load
* Tue Sep 12 2023 Johannes Kastl <kastl@b1-systems.de>
- update to 2.15.4:
* Deprecated Features
- vault and unfault filters - the undocumented vaultid
parameter is deprecated and will be removed in ansible-core
2.20. Use vault_id instead.
* Bugfixes
- PowerShell - Remove some code which is no longer valid for
dotnet 5+
- Prompting - add a short sleep between polling for user input
to reduce CPU consumption (#81516).
- ansible-galaxy - Enabled the data tarfile filter during role
installation for Python versions that support it. A probing
mechanism is used to avoid Python versions with a broken
implementation.
- ansible-test - Always use ansible-test managed entry points
for ansible-core CLI tools when not running from source. This
fixes issues where CLI entry points created during install
are not compatible with ansible-test.
- first found lookup has been updated to use the normalized
argument parsing (pythonic) matching the documented examples.
- handlers - the listen keyword can affect only one handler
with the same name, the last one defined as it is a case with
the notify keyword (#81013)
- include_role - expose variables from parent roles to role's
handlers (#80459)
- tarfile - handle data filter deprecation warning message for
extract and extractall (#80832).
- vault and unvault filters now properly take vault_id
parameter.
* Wed Sep 06 2023 Johannes Kastl <kastl@b1-systems.de>
- as example files were split out into a separate package
ansible-documentation upstream, this package now Recommends that
package
- update to 2.15.3:
* Minor Changes
- Removed exclude and recursive-exclude commands for generated
files from the MANIFEST.in file. These excludes were
unnecessary since releases are expected to be built with a
clean worktree.
- Removed exclude commands for sanity test files from the
MANIFEST.in file. These tests were previously excluded
because they did not pass when run from an sdist. However,
sanity tests are not expected to pass from an sdist, so
excluding some (but not all) of the failing tests makes
little sense.
- Removed redundant include commands from the MANIFEST.in file.
These includes either duplicated default behavior or another
command.
- The ansible-core sdist no longer contains pre-generated man
pages. Instead, a packaging/cli-doc/build.py script is
included in the sdist. This script can generate man pages and
standalone RST documentation for ansible-core CLI programs.
- The docs and examples directories are no longer included in
the ansible-core sdist. These directories have been moved to
the https://github.com/ansible/ansible-documentation
repository.
- Use include where recursive-include is unnecessary in the
MANIFEST.in file.
- ansible-test - Update the logic used to detect when
ansible-test is running from source.
- ansible-test - Updated the CloudStack test container to
version 1.6.1.
* Bugfixes
- Exclude internal options from man pages and docs.
- Fix ansible-config init man page option indentation.
- The ansible-config init command now has a documentation
description.
- The ansible-galaxy collection download command now has a
documentation description.
- The ansible-galaxy collection install command documentation
is now visible (previously hidden by a decorator).
- The ansible-galaxy collection verify command now has a
documentation description.
- The ansible-galaxy role install command documentation is now
visible (previously hidden by a decorator).
- The ansible-inventory command command now has a documentation
description (previously used as the epilog).
- Update module_utils.urls unit test to work with cryptography
>= 41.0.0.
- When generating man pages, use func to find the command
function instead of looking it up by the command name.
- ansible-galaxy now considers all collection paths when
identifying which collection requirements are already
installed. Use the COLLECTIONS_PATHS and
COLLECTIONS_SCAN_SYS_PATHS config options to modify these.
Previously only the install path was considered when
resolving the candidates. The install path will remain the
only one potentially modified. (#79767, #81163)
- ansible-test - Fix several possible tracebacks when using the
- e option with sanity tests.
- ansible-test - Pre-build a PyYAML wheel before installing
requirements to avoid a potential Cython build failure.
- ansible-test - Remove redundant warning about missing
programs before attempting to execute them.
- core will now also look at the connection plugin to force
'local' interpreter for networking path compatibility as just
ansible_network_os could be misleading.
- man page build - Sub commands of ansible-galaxy role and
ansible-galaxy collection are now documented.
- password_hash - fix salt format for crypt (only used if
passlib is not installed) for the bcrypt algorithm.
- urls.py - fixed cert_file and key_file parameters when
running on Python 3.12 - #80490
* Tue Jul 18 2023 Johannes Kastl <kastl@b1-systems.de>
- update to 2.15.2:
* Minor Changes
- Utilize gpg check provided internally by the transaction.run
method as oppose to calling it manually.
- ansible-test - Add Fedora 38 remote.
- ansible-test - Use a context manager to perform cleanup at
exit instead of using the built-in atexit module.
- dnf5 - enable environment groups installation testing in CI
as its support was added.
- dnf5 - enable now implemented cacheonly functionality
* Bugfixes
- From issue #80880, when notifying a handler from another
handler, handler notifications must be registered immediately
as the flush_handler call is not recursive.
- ansible-galaxy - Fix issue installing collections containing
directories with more than 100 characters on python versions
before 3.10.6
- paramiko_ssh, psrp, and ssh connection plugins - ensure that
all values for options that should be strings are actually
converted to strings (#81029).
- templating - In the template action and lookup, use local
jinja2 environment overlay overrides instead of mutating the
templars environment
* Known Issues
- ansible-test - The Fedora 37 remote is known to occasionally
hang during boot. It is no longer routinely tested as a
result. If possible, use the Fedora 38 remote instead.
* Wed Jun 21 2023 Johannes Kastl <kastl@b1-systems.de>
- update to 2.15.1:
* Minor Changes
- ansible-test - Allow float values for the --timeout option to
the env command. This simplifies testing.
- ansible-test - Refactored env command logic and timeout
handling.
- ansible-test - Use datetime.datetime.now with tz specified
instead of datetime.datetime.utcnow.
* Bugfixes
- Properly disable jinja2_native in the template module when
jinja2 override is used in the template (#80605)
- ansible-galaxy - Fix variable type error when installing
subdir collections (#80943)
- ansible-test - Fix a traceback that occurs when attempting to
test Ansible source using a different ansible-test. A clear
error message is now given when this scenario occurs.
- ansible-test - Fix handling of timeouts exceeding one day.
- ansible-test - Fix various cases where the test timeout could
expire without terminating the tests.
- ansible-test local change detection - use git merge-base
<branch> HEAD instead of git merge-base --fork-point <branch>
(#79734).
- deb822_repository - use http-agent for receiving content
(#80809).
- dnf5 - Update dnf5 module to handle API change for setting
the download directory (#80887)
- man page build - Remove the dependency on the docs directory
for building man pages.
- pep517 build backend - Copy symlinks when copying the source
tree. This avoids tracebacks in various scenarios, such as
when a venv is present in the source tree.
- uri - fix search for JSON type to include complex strings
containing '+'
* Mon May 15 2023 Johannes Kastl <kastl@b1-systems.de>
- major update to 2.15.0:
https://github.com/ansible/ansible/blob/v2.15.0/changelogs/
CHANGELOG-v2.15.rst
* Sun May 14 2023 Johannes Kastl <kastl@b1-systems.de>
- modify %if-condition to allow building for python3.10 or
python3.11 on SLES15
* Fri May 05 2023 Johannes Kastl <kastl@b1-systems.de>
- change python version on Leap15/SLES15 to python3.11 to use the
new stack supported by SUSE
* Mon May 01 2023 Johannes Kastl <kastl@b1-systems.de>
- BuildRequire python3.9 to follow upstream (does not matter on
Tumbleweed which is using 3.10 already...)
* Mon Apr 24 2023 Johannes Kastl <kastl@b1-systems.de>
- update to 2.14.5:
https://github.com/ansible/ansible/blob/v2.14.5/changelogs/
CHANGELOG-v2.14.rst
* Bugfixes
- ansible-doc - stop generating wrong module URLs for module
see-alsos. The URLs for modules in ansible.builtin do now
work, and URLs for modules outside ansible.builtin are no
longer added (#80280).
- ansible-galaxy - Improve retries for collection installs, to
properly retry, and extend retry logic to common URL related
connection errors (#80170 #80174)
- ansible-galaxy - reduce API calls to servers by fetching
signatures only for final candidates.
- ansible-test - Add support for argcomplete version 3.
- jinja2_native - fix intermittent 'could not find job'
failures when a value of ansible_job_id from a result of an
async task was inadvertently changed during execution; to
prevent this a format of ansible_job_id was changed.
- password lookup now correctly reads stored ident fields.
- pep517 build backend - Use the documented import_module
import from importlib.
- roles - Fix templating public, allow_duplicates and
rolespec_validate (#80304).
- syntax check - Limit --syntax-check to ansible-playbook only,
as that is the only CLI affected by this argument (#80506)
* Tue Mar 28 2023 Johannes Kastl <kastl@b1-systems.de>
- use `with` in dependencies instead of `and`
- update to 2.14.4:
https://github.com/ansible/ansible/blob/v2.14.4/changelogs/
CHANGELOG-v2.14.rst
* Minor Changes
- ansible-test - Moved git handling out of the validate-modules
sanity test and into ansible-test.
- ansible-test - Removed the --keep-git sanity test option,
which was limited to testing ansible-core itself.
- ansible-test - Updated the Azure Pipelines CI plugin to work
with newer versions of git.
* Breaking Changes / Porting Guide
- ansible-test - Integration tests which depend on specific
file permissions when running in an ansible-test managed
host environment may require changes. Tests that require
permissions other than 755 or 644 may need to be updated to
set the necessary permissions as part of the test run.
* Bugfixes
- Fix MANIFEST.in to exclude unwanted files in the packaging/
directory.
- Fix MANIFEST.in to include `*.md` files in the test/support/
directory.
- Fix an issue where the value of become was ignored when used
on a role used as a dependency in main/meta.yml (#79777)
- ansible_eval_concat - avoid redundant unsafe wrapping of
templated strings converted to Python types
- ansible-galaxy role info - fix unhandled AttributeError by
catching the correct exception.
- ansible-test - Always indicate the Python version being used
before installing requirements. Resolves issue #72855
- ansible-test - Exclude ansible-core vendored Python packages
from ansible-test payloads.
- ansible-test - Integration test target prefixes defined in a
tests/integration/target-prefixes.{group} file can now
contain an underscore (`_`) character. Resolves issue #79225
- ansible-test - Removed pointless comparison in diff
evaluation logic.
- ansible-test - Set PYLINTHOME for the pylint sanity test to
prevent failures due to pylint checking for the existence of
an obsolete home directory.
- ansible-test - Support loading of vendored Python packages
from ansible-core.
- ansible-test - Use consistent file permissions when
delegating tests to a container or remote host. Files with
any execute bit set will use permissions 755. All other
files will use permissions 644. (Resolves issue #75079)
- copy - fix creating the dest directory in check mode with
remote_src=True (#78611).
- copy - fix reporting changes to file attributes in check mode
with remote_src=True (#77957).