From 5d23406926d789a7ff55601f4890f95ab38b28ab Mon Sep 17 00:00:00 2001 From: Thierry Bouvet Date: Fri, 20 Jul 2018 17:32:04 +0200 Subject: [PATCH 1/3] Fix ssl_version default value. (#42955) * Fix ssl_version default value. * Add changelog --- changelogs/fragments/docker-default-ssl.yml | 3 +++ lib/ansible/module_utils/docker_common.py | 3 +-- lib/ansible/utils/module_docs_fragments/docker.py | 3 +-- 3 files changed, 5 insertions(+), 4 deletions(-) create mode 100644 changelogs/fragments/docker-default-ssl.yml diff --git a/changelogs/fragments/docker-default-ssl.yml b/changelogs/fragments/docker-default-ssl.yml new file mode 100644 index 0000000000..a106501a16 --- /dev/null +++ b/changelogs/fragments/docker-default-ssl.yml @@ -0,0 +1,3 @@ +--- +bugfixes: +- fix default SSL version for docker modules https://github.com/ansible/ansible/issues/42897 diff --git a/lib/ansible/module_utils/docker_common.py b/lib/ansible/module_utils/docker_common.py index 0955e79748..8cd691db71 100644 --- a/lib/ansible/module_utils/docker_common.py +++ b/lib/ansible/module_utils/docker_common.py @@ -80,7 +80,6 @@ DEFAULT_TLS = False DEFAULT_TLS_VERIFY = False DEFAULT_TLS_HOSTNAME = 'localhost' MIN_DOCKER_VERSION = "1.7.0" -DEFAULT_SSL_VERSION = "1.0" DEFAULT_TIMEOUT_SECONDS = 60 DOCKER_COMMON_ARGS = dict( @@ -91,7 +90,7 @@ DOCKER_COMMON_ARGS = dict( cacert_path=dict(type='str', aliases=['tls_ca_cert']), cert_path=dict(type='str', aliases=['tls_client_cert']), key_path=dict(type='str', aliases=['tls_client_key']), - ssl_version=dict(type='str', default=DEFAULT_SSL_VERSION), + ssl_version=dict(type='str'), tls=dict(type='bool', default=DEFAULT_TLS), tls_verify=dict(type='bool', default=DEFAULT_TLS_VERIFY), debug=dict(type='bool', default=False) diff --git a/lib/ansible/utils/module_docs_fragments/docker.py b/lib/ansible/utils/module_docs_fragments/docker.py index 6d3464059a..5ddb13b94a 100644 --- a/lib/ansible/utils/module_docs_fragments/docker.py +++ b/lib/ansible/utils/module_docs_fragments/docker.py @@ -61,8 +61,7 @@ options: - tls_client_key ssl_version: description: - - Provide a valid SSL version number. Default value determined by docker-py, currently 1.0. - default: "1.0" + - Provide a valid SSL version number. Default value determined by ssl.py module. tls: description: - Secure the connection to the API by using TLS without verifying the authenticity of the Docker host From dc42b43cd1ed019a847add4b6ce35eab1a40413d Mon Sep 17 00:00:00 2001 From: Barry Peddycord III Date: Fri, 20 Jul 2018 11:38:29 -0400 Subject: [PATCH 2/3] NCLU Module: Improve performance by not operating on empty lines (#43024) * Update nclu.py Stop module from running `net` on empty commands. * Update nclu.py Updated the copyright date * Update nclu.py Returned metadata version to 1.1 * Update nclu.py Fix indentation to be a multiple of 4. * Create changelog fragment --- changelogs/fragments/43024-nclu-empty-net-commands.yaml | 2 ++ lib/ansible/modules/network/cumulus/nclu.py | 5 +++-- 2 files changed, 5 insertions(+), 2 deletions(-) create mode 100644 changelogs/fragments/43024-nclu-empty-net-commands.yaml diff --git a/changelogs/fragments/43024-nclu-empty-net-commands.yaml b/changelogs/fragments/43024-nclu-empty-net-commands.yaml new file mode 100644 index 0000000000..50a95620be --- /dev/null +++ b/changelogs/fragments/43024-nclu-empty-net-commands.yaml @@ -0,0 +1,2 @@ +bugfixes: +- nclu - no longer runs net on empty lines in templates (https://github.com/ansible/ansible/pull/43024) diff --git a/lib/ansible/modules/network/cumulus/nclu.py b/lib/ansible/modules/network/cumulus/nclu.py index 764e9b2435..0aa5f0d92c 100644 --- a/lib/ansible/modules/network/cumulus/nclu.py +++ b/lib/ansible/modules/network/cumulus/nclu.py @@ -1,7 +1,7 @@ #!/usr/bin/python # -*- coding: utf-8 -*- -# (c) 2016-2017, Cumulus Networks +# (c) 2016-2018, Cumulus Networks # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) from __future__ import absolute_import, division, print_function @@ -185,7 +185,8 @@ def run_nclu(module, command_list, command_string, commit, atomic, abort, descri # Run all of the net commands output_lines = [] for line in commands: - output_lines += [command_helper(module, line.strip(), "Failed on line %s" % line)] + if line.strip(): + output_lines += [command_helper(module, line.strip(), "Failed on line %s" % line)] output = "\n".join(output_lines) # If pending changes changed, report a change. From 40b1ecf38a3b466146f57200e8a7dd30723eb6a8 Mon Sep 17 00:00:00 2001 From: Daniel Schneller Date: Fri, 20 Jul 2018 17:40:11 +0200 Subject: [PATCH 3/3] Add src parameter to elasticsearch_plugin (#39915) * Add src parameter to elasticsearch_plugin Previously specifying a URL or a file name (which is supported by the Elasticsearch plugin tooling) would not work correctly with Ansible, because the detection of the current installation state did not handle this well. This commit adds a new "src" parameter for the module, which can be specified in addition to the plugin name. It will be used to retrieve the plugin from a custom location while keeping the final plugin name available to determine if it is already present or not. The url parameter remains for ES 1.x compatiblity. * Fix sanity test errors * Add version_added for src option * Increase first added version to 2.7 --- .../database/misc/elasticsearch_plugin.py | 42 +++++++++++++++---- 1 file changed, 33 insertions(+), 9 deletions(-) diff --git a/lib/ansible/modules/database/misc/elasticsearch_plugin.py b/lib/ansible/modules/database/misc/elasticsearch_plugin.py index 8652c1a00e..398166ca67 100644 --- a/lib/ansible/modules/database/misc/elasticsearch_plugin.py +++ b/lib/ansible/modules/database/misc/elasticsearch_plugin.py @@ -28,16 +28,30 @@ author: options: name: description: - - Name of the plugin to install. In Eleasticsearch >= 2.0, the name can be an URL or file location. + - Name of the plugin to install. required: True state: description: - Desired state of a plugin. choices: ["present", "absent"] default: present + src: + description: + - Optionally set the source location to retrieve the plugin from. This can be a file:// + URL to install from a local file, or a remote URL. If this is not set, the plugin + location is just based on the name. + - The name parameter must match the descriptor in the plugin ZIP specified. + - Is only used if the state would change, which is solely checked based on the name + parameter. If, for example, the plugin is already installed, changing this has no + effect. + - For ES 1.x use url. + required: False + version_added: "2.7" url: description: - - Set exact URL to download the plugin from (Only works for ES 1.x) + - Set exact URL to download the plugin from (Only works for ES 1.x). + - For ES 2.x and higher, use src. + required: False timeout: description: - "Timeout setting: 30s, 1m, 1h..." @@ -133,8 +147,8 @@ def parse_plugin_repo(string): return repo -def is_plugin_present(plugin_dir, working_dir): - return os.path.isdir(os.path.join(working_dir, plugin_dir)) +def is_plugin_present(plugin_name, plugin_dir): + return os.path.isdir(os.path.join(plugin_dir, plugin_name)) def parse_error(string): @@ -145,11 +159,12 @@ def parse_error(string): return string -def install_plugin(module, plugin_bin, plugin_name, version, url, proxy_host, proxy_port, timeout, force): - cmd_args = [plugin_bin, PACKAGE_STATE_MAP["present"], plugin_name] +def install_plugin(module, plugin_bin, plugin_name, version, src, url, proxy_host, proxy_port, timeout, force): + cmd_args = [plugin_bin, PACKAGE_STATE_MAP["present"]] + is_old_command = (os.path.basename(plugin_bin) == 'plugin') # Timeout and version are only valid for plugin, not elasticsearch-plugin - if os.path.basename(plugin_bin) == 'plugin': + if is_old_command: if timeout: cmd_args.append("--timeout %s" % timeout) @@ -160,11 +175,16 @@ def install_plugin(module, plugin_bin, plugin_name, version, url, proxy_host, pr if proxy_host and proxy_port: cmd_args.append("-DproxyHost=%s -DproxyPort=%s" % (proxy_host, proxy_port)) + # Legacy ES 1.x if url: cmd_args.append("--url %s" % url) if force: cmd_args.append("--batch") + if src: + cmd_args.append(src) + else: + cmd_args.append(plugin_name) cmd = " ".join(cmd_args) @@ -233,6 +253,7 @@ def main(): argument_spec=dict( name=dict(required=True), state=dict(default="present", choices=PACKAGE_STATE_MAP.keys()), + src=dict(default=None), url=dict(default=None), timeout=dict(default="1m"), force=dict(default=False), @@ -242,12 +263,14 @@ def main(): proxy_port=dict(default=None), version=dict(default=None) ), + mutually_exclusive=[("src", "url")], supports_check_mode=True ) name = module.params["name"] state = module.params["state"] url = module.params["url"] + src = module.params["src"] timeout = module.params["timeout"] force = module.params["force"] plugin_bin = module.params["plugin_bin"] @@ -259,14 +282,15 @@ def main(): # Search provided path and system paths for valid binary plugin_bin = get_plugin_bin(module, plugin_bin) - present = is_plugin_present(parse_plugin_repo(name), plugin_dir) + repo = parse_plugin_repo(name) + present = is_plugin_present(repo, plugin_dir) # skip if the state is correct if (present and state == "present") or (state == "absent" and not present): module.exit_json(changed=False, name=name, state=state) if state == "present": - changed, cmd, out, err = install_plugin(module, plugin_bin, name, version, url, proxy_host, proxy_port, timeout, force) + changed, cmd, out, err = install_plugin(module, plugin_bin, name, version, src, url, proxy_host, proxy_port, timeout, force) elif state == "absent": changed, cmd, out, err = remove_plugin(module, plugin_bin, name)