From a57a2e1d4f9b8553492f566865a83362473bfb24 Mon Sep 17 00:00:00 2001 From: Matt Davis Date: Thu, 22 Mar 2018 16:45:26 -0700 Subject: [PATCH] sync old changelogs --- changelogs/CHANGELOG-v2.0.rst | 297 ++++++++++---------- changelogs/CHANGELOG-v2.1.rst | 11 + changelogs/CHANGELOG-v2.2.rst | 102 ++++++- changelogs/CHANGELOG-v2.3.rst | 33 ++- changelogs/CHANGELOG-v2.4.rst | 495 +++++++++++++++++++++++++++++++++- 5 files changed, 782 insertions(+), 156 deletions(-) diff --git a/changelogs/CHANGELOG-v2.0.rst b/changelogs/CHANGELOG-v2.0.rst index 9d63f9ef219260..cd375861b53a35 100644 --- a/changelogs/CHANGELOG-v2.0.rst +++ b/changelogs/CHANGELOG-v2.0.rst @@ -1,6 +1,13 @@ ======================================================= Ansible 2.0 "Over the Hills and Far Away" Release Notes ======================================================= +2.0.3 "Over the Hills and Far Away" +----------------------------------- + +- Backport fix to uri module to return the body of an error response +- Backport fix to uri module to handle file:/// uris. +- Backport fix to uri module to fix traceback when handling certain + server error types. 2.0.2 "Over the Hills and Far Away" ----------------------------------- @@ -210,6 +217,11 @@ Major Changes: # Output "msg": "Testing some things" +- In 1.9.x, newlines in templates were converted to Unix EOL + conventions. If someone wanted a templated file to end up with + Windows or Mac EOL conventions, this could cause problems for them. + In 2.x newlines now remain as specified in the template file. + - When specifying complex args as a variable, the variable must use the full jinja2 variable syntax ('{{var\_name}}') - bare variable names there are no longer accepted. In fact, even specifying args with @@ -231,6 +243,14 @@ Major Changes: args: "{{item}}" with_items: my_dirs +- The bigip\* networking modules have a new parameter, validate\_certs. + When True (the default) the module will validate any hosts it + connects to against the TLS certificates it presents when run on new + enough python versions. If the python version is too old to validate + certificates or you used certificates that cannot be validated + against available CAs you will need to add validate\_certs=no to your + playbook for those tasks. + Plugins ~~~~~~~ @@ -259,196 +279,180 @@ Deprecated Modules (new ones in parens): New Modules: ^^^^^^^^^^^^ -- amazon -- ec2\_ami\_copy -- ec2\_ami\_find -- ec2\_elb\_facts -- ec2\_eni -- ec2\_eni\_facts -- ec2\_remote\_facts -- ec2\_vpc\_igw -- ec2\_vpc\_net -- ec2\_vpc\_net\_facts -- ec2\_vpc\_route\_table -- ec2\_vpc\_route\_table\_facts -- ec2\_vpc\_subnet -- ec2\_vpc\_subnet\_facts -- ec2\_win\_password -- ecs\_cluster -- ecs\_task -- ecs\_taskdefinition -- elasticache\_subnet\_group\_facts -- iam -- iam\_cert -- iam\_policy -- route53\_facts -- route53\_health\_check -- route53\_zone -- s3\_bucket -- s3\_lifecycle -- s3\_logging -- sns\_topic -- sqs\_queue -- sts\_assume\_role +- amazon: ec2\_ami\_copy +- amazon: ec2\_ami\_find +- amazon: ec2\_elb\_facts +- amazon: ec2\_eni +- amazon: ec2\_eni\_facts +- amazon: ec2\_remote\_facts +- amazon: ec2\_vpc\_igw +- amazon: ec2\_vpc\_net +- amazon: ec2\_vpc\_net\_facts +- amazon: ec2\_vpc\_route\_table +- amazon: ec2\_vpc\_route\_table\_facts +- amazon: ec2\_vpc\_subnet +- amazon: ec2\_vpc\_subnet\_facts +- amazon: ec2\_win\_password +- amazon: ecs\_cluster +- amazon: ecs\_task +- amazon: ecs\_taskdefinition +- amazon: elasticache\_subnet\_group\_facts +- amazon: iam +- amazon: iam\_cert +- amazon: iam\_policy +- amazon: route53\_facts +- amazon: route53\_health\_check +- amazon: route53\_zone +- amazon: sts\_assume\_role +- amazon: s3\_bucket +- amazon: s3\_lifecycle +- amazon: s3\_logging +- amazon: sqs\_queue +- amazon: sns\_topic +- amazon: sts\_assume\_role - apk - bigip\_gtm\_wide\_ip - bundler -- centurylink -- clc\_aa\_policy -- clc\_alert\_policy -- clc\_blueprint\_package -- clc\_firewall\_policy -- clc\_group -- clc\_loadbalancer -- clc\_modify\_server -- clc\_publicip -- clc\_server -- clc\_server\_snapshot +- centurylink: clc\_aa\_policy +- centurylink: clc\_alert\_policy +- centurylink: clc\_blueprint\_package +- centurylink: clc\_firewall\_policy +- centurylink: clc\_group +- centurylink: clc\_loadbalancer +- centurylink: clc\_modify\_server +- centurylink: clc\_publicip +- centurylink: clc\_server +- centurylink: clc\_server\_snapshot - circonus\_annotation - consul -- consul - consul\_acl - consul\_kv - consul\_session - cloudtrail -- cloudstack -- cs\_account -- cs\_affinitygroup -- cs\_domain -- cs\_facts -- cs\_firewall -- cs\_iso -- cs\_instance -- cs\_instancegroup -- cs\_ip\_address -- cs\_loadbalancer\_rule -- cs\_loadbalancer\_rule\_member -- cs\_network -- cs\_portforward -- cs\_project -- cs\_securitygroup -- cs\_securitygroup\_rule -- cs\_sshkeypair -- cs\_staticnat -- cs\_template -- cs\_user -- cs\_vmsnapshot +- cloudstack: cs\_account +- cloudstack: cs\_affinitygroup +- cloudstack: cs\_domain +- cloudstack: cs\_facts +- cloudstack: cs\_firewall +- cloudstack: cs\_iso +- cloudstack: cs\_instance +- cloudstack: cs\_instancegroup +- cloudstack: cs\_ip\_address +- cloudstack: cs\_loadbalancer\_rule +- cloudstack: cs\_loadbalancer\_rule\_member +- cloudstack: cs\_network +- cloudstack: cs\_portforward +- cloudstack: cs\_project +- cloudstack: cs\_sshkeypair +- cloudstack: cs\_securitygroup +- cloudstack: cs\_securitygroup\_rule +- cloudstack: cs\_staticnat +- cloudstack: cs\_template +- cloudstack: cs\_user +- cloudstack: cs\_vmsnapshot - cronvar - datadog\_monitor - deploy\_helper -- docker -- docker\_login +- docker: docker\_login - dpkg\_selections - elasticsearch\_plugin - expect - find -- google -- gce\_tag +- google: gce\_tag - hall - ipify\_facts - iptables -- libvirt -- virt\_net -- virt\_pool +- libvirt: virt\_net +- libvirt: virt\_pool - maven\_artifact -- openstack -- os\_auth -- os\_client\_config -- os\_image -- os\_image\_facts -- os\_floating\_ip -- os\_ironic -- os\_ironic\_node -- os\_keypair -- os\_network -- os\_network\_facts -- os\_nova\_flavor -- os\_object -- os\_port -- os\_project -- os\_router -- os\_security\_group -- os\_security\_group\_rule -- os\_server -- os\_server\_actions -- os\_server\_facts -- os\_server\_volume -- os\_subnet -- os\_subnet\_facts -- os\_user -- os\_user\_group -- os\_volume -- openvswitch\_db +- openstack: os\_auth +- openstack: os\_client\_config +- openstack: os\_image +- openstack: os\_image\_facts +- openstack: os\_floating\_ip +- openstack: os\_ironic +- openstack: os\_ironic\_node +- openstack: os\_keypair +- openstack: os\_network +- openstack: os\_network\_facts +- openstack: os\_nova\_flavor +- openstack: os\_object +- openstack: os\_port +- openstack: os\_project +- openstack: os\_router +- openstack: os\_security\_group +- openstack: os\_security\_group\_rule +- openstack: os\_server +- openstack: os\_server\_actions +- openstack: os\_server\_facts +- openstack: os\_server\_volume +- openstack: os\_subnet +- openstack: os\_subnet\_facts +- openstack: os\_user +- openstack: os\_user\_group +- openstack: os\_volume +- openvswitch\_db. - osx\_defaults - pagerduty\_alert - pam\_limits - pear -- profitbricks -- profitbricks -- profitbricks\_datacenter -- profitbricks\_nic -- profitbricks\_snapshot -- profitbricks\_volume -- profitbricks\_volume\_attachments -- proxmox -- proxmox -- proxmox\_template +- profitbricks: profitbricks +- profitbricks: profitbricks\_datacenter +- profitbricks: profitbricks\_nic +- profitbricks: profitbricks\_volume +- profitbricks: profitbricks\_volume\_attachments +- profitbricks: profitbricks\_snapshot +- proxmox: proxmox +- proxmox: proxmox\_template - puppet - pushover - pushbullet -- rax -- rax\_clb\_ssl -- rax\_mon\_alarm -- rax\_mon\_check -- rax\_mon\_entity -- rax\_mon\_notification -- rax\_mon\_notification\_plan -- rabbitmq +- rax: rax\_clb\_ssl +- rax: rax\_mon\_alarm +- rax: rax\_mon\_check +- rax: rax\_mon\_entity +- rax: rax\_mon\_notification +- rax: rax\_mon\_notification\_plan - rabbitmq\_binding - rabbitmq\_exchange - rabbitmq\_queue - selinux\_permissive - sendgrid -- sensu - sensu\_check - sensu\_subscription - seport - slackpkg - solaris\_zone - taiga\_issue -- vertica - vertica\_configuration - vertica\_facts - vertica\_role - vertica\_schema - vertica\_user -- vmware -- vca\_fw -- vca\_nat -- vmware\_cluster -- vmware\_datacenter -- vmware\_dns\_config -- vmware\_dvs\_host -- vmware\_dvs\_portgroup -- vmware\_dvswitch -- vmware\_host -- vmware\_migrate\_vmk -- vmware\_portgroup -- vmware\_target\_canonical\_facts -- vmware\_vm\_facts -- vmware\_vm\_vss\_dvs\_migrate -- vmware\_vmkernel -- vmware\_vmkernel\_ip\_config -- vmware\_vsan\_cluster -- vmware\_vswitch -- vsphere\_copy -- webfaction +- vmware: vca\_fw +- vmware: vca\_nat +- vmware: vmware\_cluster +- vmware: vmware\_datacenter +- vmware: vmware\_dns\_config +- vmware: vmware\_dvs\_host +- vmware: vmware\_dvs\_portgroup +- vmware: vmware\_dvswitch +- vmware: vmware\_host +- vmware: vmware\_migrate\_vmk +- vmware: vmware\_portgroup +- vmware: vmware\_target\_canonical\_facts +- vmware: vmware\_vm\_facts +- vmware: vmware\_vm\_vss\_dvs\_migrate +- vmware: vmware\_vmkernel +- vmware: vmware\_vmkernel\_ip\_config +- vmware: vmware\_vsan\_cluster +- vmware: vmware\_vswitch +- vmware: vsphere\_copy - webfaction\_app - webfaction\_db - webfaction\_domain - webfaction\_mailbox - webfaction\_site -- windows - win\_acl - win\_dotnet\_ngen - win\_environment @@ -467,7 +471,6 @@ New Modules: - win\_updates - win\_webpicmd - xenserver\_facts -- zabbbix - zabbix\_host - zabbix\_hostmacro - zabbix\_screen @@ -575,3 +578,11 @@ Minor changes: :: - debug: msg="The error message was: {{error_code |default('') }}" + +- The yum module's detection of installed packages has been made more + robust by using /usr/bin/rpm in cases where it woud have used + repoquery before. +- The pip module now properly reports changes when packages are coming + from a VCS. +- Fixes for retrieving files over https when a CONNECT-only proxy is in + the middle. diff --git a/changelogs/CHANGELOG-v2.1.rst b/changelogs/CHANGELOG-v2.1.rst index cc202d6a412ef8..5c5c00294b0452 100644 --- a/changelogs/CHANGELOG-v2.1.rst +++ b/changelogs/CHANGELOG-v2.1.rst @@ -1,6 +1,17 @@ ===================================================== Ansible 2.1 "The Song Remains the Same" Release Notes ===================================================== +2.1.6 "The Song Remains the Same" - 06-01-2017 +---------------------------------------------- + +- Security fix for CVE-2017-7481 - data for lookup plugins used as + variables was not being correctly marked as "unsafe". + +2.1.5 "The Song Remains the Same" - 03-27-2017 +---------------------------------------------- + +- Security continued fix for CVE-2016-9587 - Handle some additional + corner cases in the way conditionals are parsed and evaluated. 2.1.4 "The Song Remains the Same" - 2017-01-16 ---------------------------------------------- diff --git a/changelogs/CHANGELOG-v2.2.rst b/changelogs/CHANGELOG-v2.2.rst index 8140736c2471ae..70567ef2baf06c 100644 --- a/changelogs/CHANGELOG-v2.2.rst +++ b/changelogs/CHANGELOG-v2.2.rst @@ -1,12 +1,82 @@ ================================================== Ansible 2.2 "The Battle of Evermore" Release Notes ================================================== +2.2.4 "The Battle of Evermore" - TBD +------------------------------------ -2.2.1 "The Battle of Evermore" - 2017-01-16 +- avoid vault view writing to logs +- moved htpasswd module to use LooseVersion vs StrictVersion to make + usable on Debian +- fix for adhoc not obeying callback options + +2.2.3 "The Battle of Evermore" - 05-09-2017 ------------------------------------------- -Major Changes -~~~~~~~~~~~~~ +Major Changes: +~~~~~~~~~~~~~~ + +- [SECURITY] (HIGH): fix for CVE-2017-7466, which was caused by an + incomplete cherry-picking of commits related to CVE-2016-9587. This + can lead to some jinja2 syntax not being stripped out of templated + results. +- [SECURITY] (MODERATE): fix for CVE-2017-7481, in which data for + lookup plugins used as variables was not being correctly marked as + "unsafe". + +Minor Changes: +~~~~~~~~~~~~~~ + +- Fixes a bug when using YAML inventory where hosts were not put in the + 'all' group, and some other 'ungrouped' issues in inventory. +- Fixes a bug when using ansible commands without a tty for stdin. +- Split on newlines when searching for become prompt. +- Fix crash upon pass prompt in py3 when using the paramiko connection + type. + +2.2.2 "The Battle of Evermore" - 03-27-2017 +------------------------------------------- + +Major Changes: +~~~~~~~~~~~~~~ + +- [SECURITY] (HIGH): (continued fix for CVE-2016-9587) Handle some + additional corner cases in the way conditionals are parsed and + evaluated. +- [SECURITY] (LOW): properly filter passwords out of URLs when + displaying output from some modules. + +Minor Changes: +~~~~~~~~~~~~~~ + +- Fix azure\_rm version checks (#22270). +- Fix for traceback when we encounter non-utf8 characters when using + --diff. +- Ensure ssh hostkey checks respect server port. +- Use proper PyYAML classes for safe loading YAML files. +- Fix for bug related to when statements for older jinja2 versions. +- Fix a bug/traceback when using to\_yaml/to\_nice\_yaml. +- Properly clean data of jinja2-like syntax, even if that data came + from an unsafe source. +- Fix bug regarding undefined entries in HostVars. +- Skip fact gathering if the entire play was included via conditional + which evaluates to False. +- Fixed a performance regression when using a large number of items in + a with loop. +- Fixed a bug in the way the end of role was detected, which in some + cases could cause a role to be run more than once. +- Add jinja2 groupby filter override to cast namedtuple to tuple to + handle a non-compatible change in jinja2 2.9.4-2.9.5. +- Fixed several bugs related to temp directory creation on remote + systems when using shell expansions and become privilege escalation. +- Fixed a bug related to spliting/parsing the output of a become + privilege escalation when looking for a password prompt. +- Several unicode/bytes fixes. + +2.2.1 "The Battle of Evermore" - 01-16-2017 +------------------------------------------- + +Major Changes: +~~~~~~~~~~~~~~ - Security fix for CVE-2016-9587 - An attacker with control over a client system being managed by Ansible and the ability to send facts @@ -47,17 +117,26 @@ Minor Changes - Updated ``make deb`` to use pbuilder. Use ``make local_deb`` for the previous non-pbuilder build. - Fixed Windows async to avoid blocking due to handle inheritance. -- Fixed bugs in the mount module on older Linux kernels and BSDs +- Fixed bugs in the mount module on older Linux kernels and \*BSDs +- Fix regression in jinja2 include search path. - Various minor fixes for Python 3 - Inserted some checks for jinja2-2.9, which can cause some issues with Ansible currently. -2.2 "The Battle of Evermore" - 2016-11-01 +2.2 "The Battle of Evermore" - 11-01-2016 ----------------------------------------- Major Changes: ~~~~~~~~~~~~~~ +- Security fix for CVE-2016-8628 - Command injection by compromised + server via fact variables. In some situations, facts returned by + modules could overwrite connection-based facts or some other special + variables, leading to injected commands running on the Ansible + controller as the user running Ansible (or via escalated + permissions). +- Security fix for CVE-2016-8614 - apt\_key module not properly + validating keys in some situations. - Added the ``listen`` feature for modules. This feature allows tasks to more easily notify multiple handlers, as well as making it easier for handlers from decoupled roles to be notified. @@ -388,9 +467,18 @@ Minor Changes subject to the 'serial' keyword. - ansible\_play\_batch is a new magic variable meant to substitute the current play\_hosts. +- The subversion module from core now marks its password parameter as + no\_log so the password is obscured when logging. +- The postgresql\_lang and postgresql\_ext modules from extras now mark + login\_password as no\_log so the password is obscured when logging. +- Fix for yum module incorrectly thinking it succeeded in installing + packages +- Make the default ansible\_managed template string into a static + string since all of the replacable values lead to non-idempotent + behaviour. -For custom front ends using the API -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +For custom front ends using the API: +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - ansible.parsing.vault: - VaultLib.is\_encrypted() has been deprecated. It will be removed in diff --git a/changelogs/CHANGELOG-v2.3.rst b/changelogs/CHANGELOG-v2.3.rst index 47b91fb20e099d..f8ee0167431aab 100644 --- a/changelogs/CHANGELOG-v2.3.rst +++ b/changelogs/CHANGELOG-v2.3.rst @@ -1,6 +1,20 @@ ===================================== Ansible 2.3 "Ramble On" Release Notes ===================================== +2.3.4 "Ramble On" - TBD +----------------------- + +- Flush stdin when passing the become password. Fixes some cases of + timeout on Python3 with the ssh connection plugin: + https://github.com/ansible/ansible/pull/35049 + +Bugfixes +~~~~~~~~ + +- Fix setting of environment in a task that uses a loop: + https://github.com/ansible/ansible/issues/32685 +- Fix https retrieval with TLSv1.2: + https://github.com/ansible/ansible/pull/32053 2.3.3 "Ramble On" - TBD ----------------------- @@ -8,6 +22,9 @@ Ansible 2.3 "Ramble On" Release Notes Bugfixes ~~~~~~~~ +- Security fix for CVE-2017-7550 the jenkins\_plugin module was logging + the jenkins server password if the url\_password was passed via the + params field: https://github.com/ansible/ansible/pull/30875 - Fix alternatives module handlling of non existing options - Fix synchronize traceback with the docker connection plugin - Do not escape backslashes in the template lookup plugin to mirror @@ -59,6 +76,19 @@ Bugfixes - Fixed check mode for enable on Solaris for service module - Fix cloudtrail module to allow AWS profiles other than the default - Fix an encoding issue with secret (password) vars\_prompts +- Fix for Windows become to show the stdout and stderr strings on a + failure +- Fix the issue SSL verification can not be disabled for Tower modules +- Use safe\_load instead on load to read a yaml document +- Fix for win\_file to respect check mode when deleting directories +- Include\_role now complains about invalid arguments +- Added socket conditions to ignore for wait\_for, no need to error for + closing already closed connection +- Updated hostname module to work on newer RHEL7 releases +- Security fix to avoid provider password leaking in logs for network + modules + + \* Python3 fixes for azure modules 2.3.2 "Ramble On" - 2017-08-04 ------------------------------ @@ -277,7 +307,6 @@ New: lookups - keyring: allows getting password from the 'controller' system's keyrings -- chef\_databag: allows querying Chef Databags via pychef library New: cache ^^^^^^^^^^ @@ -335,8 +364,6 @@ New Modules - bigswitch: - bigmon\_chain - bigmon\_policy -- cisco -- cisco\_spark - cloudengine: - ce\_command - cloudscale\_server diff --git a/changelogs/CHANGELOG-v2.4.rst b/changelogs/CHANGELOG-v2.4.rst index 860b1cd6bf0aa8..19e73b1e32e762 100644 --- a/changelogs/CHANGELOG-v2.4.rst +++ b/changelogs/CHANGELOG-v2.4.rst @@ -1,6 +1,450 @@ ======================================== Ansible 2.4 "Dancing Days" Release Notes ======================================== +2.4.4 "Dancing Days" - TBD +-------------------------- + +Bugfixes +~~~~~~~~ + +- Fix python 3 dictionary runtime error in ios\_confg and eos\_config + (https://github.com/ansible/ansible/issues/36717) +- Fix ``win_script`` to work with large arguments and removed uneeded + function that produces errors and was not needed + (https://github.com/ansible/ansible/pull/33855) +- Fix timeout when using piped ssh transfer with become + https://github.com/ansible/ansible/issues/34523 +- Fix win\_scheduled\_task docs to correctly reflect what is required + and when (https://github.com/ansible/ansible/issues/35072) +- Updated copy test to create recursive symlink during the test and not + have it located in the git repo + (https://github.com/ansible/ansible/pull/35073) +- Fix Digital Ocean tags data type due to backend API changes no longer + acceping integers (https://github.com/ansible/ansible/pull/33486) +- Fix for nxos\_vxlan\_vtep\_vni issues: + https://github.com/ansible/ansible/pull/34946 +- Fixes for nxos\_bgp: https://github.com/ansible/ansible/pull/34590 +- Enable nxapi nxos\_banner test: + https://github.com/ansible/ansible/pull/35033 +- fix vxlan idempotent issue in nxos\_vxlan\_vtep: + https://github.com/ansible/ansible/pull/34750 +- Fix win\_dns\_client to allow setting dynamic IP from static IP + (https://github.com/ansible/ansible/pull/35149) +- Fix azure\_rm\_subnet absent idempotency issues + (https://github.com/ansible/ansible/pull/35037) +- Fix azure\_rm\_virtualmachine creating VM with vnet in another + resource group (https://github.com/ansible/ansible/pull/35038) +- Fix nxos terminal plugin regex to support certain commands + (https://github.com/ansible/ansible/pull/35186) +- Fix network os\_config modules backward diff + (https://github.com/ansible/ansible/pull/35332) +- Fix nxos\_snmp\_user removing encryption from user on subsequent runs + of the task (https://github.com/ansible/ansible/pull/35433) +- Fix traceback in winrm module when the ipaddress module is not + installed https://github.com/ansible/ansible/pull/35723/files +- Fix bug in ``lineinfile`` where the line would not be inserted when + using ``insertbefore`` or ``insertafter`` if the pattern occured + anywhere in the file. + (https://github.com/ansible/ansible/issues/28721) +- Fix connection local getting overridden by network\_cli for transport + nxapi,eapi for platform agnostic modules + (https://github.com/ansible/ansible/pull/35590) +- Include dest i nthe results from file copy: + https://github.com/ansible/ansible/pull/35702/ +- Fix eos\_config second-level indent idempotece + https://github.com/ansible/ansible/pull/35588 +- Fix the removed\_in\_version to 2.6 ios\_config force option + https://github.com/ansible/ansible/pull/35853 +- Fix memory ballooning caused as a result of task caching changes + https://github.com/ansible/ansible/pull/35921 +- Fix nxos\_igmp\_interface for diff nxos versions + (https://github.com/ansible/ansible/pull/35959) +- Fix recursion error with many flat includes + (https://github.com/ansible/ansible/pull/36075) +- Fix win\_uri to work with ``creates`` and ``removed`` option + (https://github.com/ansible/ansible/pull/36016) +- Fix the oom\_killer parameter to docker\_container not being honored + https://github.com/ansible/ansible/pull/34130 +- Fix docker\_service so a build is not triggered every time + https://github.com/ansible/ansible/issues/36145 +- Be more tolerant about spaces when gathering virtual facts + (https://github.com/ansible/ansible/pull/36042) +- validate add\_host name parameter + (https://github.com/ansible/ansible/pull/36055) +- spelling fixes (https://github.com/ansible/ansible/pull/36007) +- avoid needles vault prompt on ansible-console + (https://github.com/ansible/ansible/pull/36244) +- fix callback function signatures + (https://github.com/ansible/ansible/pull/35664) +- Clarify error message from convert\_bool() + https://github.com/ansible/ansible/pull/36041 +- Fix EC2 C5 instance\_type fact to be kvm: + https://github.com/ansible/ansible/pull/35063 +- Fix templating of loop\_control properties: + https://github.com/ansible/ansible/pull/36124 +- Fix dependency in the deb package on Ubuntu-12.04: + https://github.com/ansible/ansible/pull/36407 +- Fix WinRM Python 3 encoding when getting Kerberos ticket + (https://github.com/ansible/ansible/issues/36255) +- Always show custom prompt in pause module + (https://github.com/ansible/ansible/issues/36057) +- Improve performance and recursion depth in include\_role + (https://github.com/ansible/ansible/pull/36470) +- Fix using ansible\_\*\_interpreter on Python3 with non-new-style + modules (old-style ansible python modules, modules written in another + language, etc) https://github.com/ansible/ansible/pull/36541 +- Fix vyos\_config IndexError in sanitize\_config + (https://github.com/ansible/ansible/issues/36351) +- Fix vyos\_l3\_interface multiple address assignment to interfaces + (https://github.com/ansible/ansible/pull/36721) +- Protect from inventory plugins using verify incorrectly + https://github.com/ansible/ansible/pull/36591 +- loop control templating https://github.com/ansible/ansible/pull/36124 +- fix debug output https://github.com/ansible/ansible/pull/36307 +- Fix credentials for Ansible Tower modules to work with v1 and v2 of + the API (https://github.com/ansible/ansible/pull/36587) + (https://github.com/ansible/ansible/pull/36662) +- Python3 fixes: +- Fix for the znode zookeeper module: + https://github.com/ansible/ansible/pull/36999 +- Fix for the maven\_artifact module: + https://github.com/ansible/ansible/pull/37035 +- Add changes to get docker\_container, docker\_common, and + docker\_network working with Docker SDK 3.x: + https://github.com/ansible/ansible/pull/36973 +- Ensure we install ansible-config and ansible-inventory with + ``pip install -e`` (https://github.com/ansible/ansible/pull/37151) +- Fix for unarchive when users use the --strip-components extra\_opt to + tar causing ansible to set permissions on the wrong directory. + https://github.com/ansible/ansible/pull/37048 +- Fix powershell plugin to handle special chars in environment keys as + well as int and bool values + (https://github.com/ansible/ansible/pull/37215) +- Fix error messages to not be inappropriately templated: + https://github.com/ansible/ansible/pull/37329 +- Fix Python 3 error in the openssl\_certificate module: + https://github.com/ansible/ansible/pull/35143 +- Fix traceback when creating or stopping ovirt vms + (https://github.com/ansible/ansible/pull/37249) +- Connection error messages may contain characters that jinja2 would + interpret as a template. Wrap the error string so this doesn't happen + (https://github.com/ansible/ansible/pull/37329) + +2.4.3 "Dancing Days" - 2018-01-31 +--------------------------------- + +Bugfixes +~~~~~~~~ + +- Fix ``pamd`` rule args regexp to match file paths + (https://github.com/ansible/ansible/pull/33432) +- Check if SELinux policy exists before setting + (https://github.com/ansible/ansible/pull/31834) +- Set locale to ``C`` in ``letsencrypt`` module to fix date parsing + errors (https://github.com/ansible/ansible/pull/31339) +- Fix include in loop when stategy=free + (https://github.com/ansible/ansible/pull/33094) +- Fix save parameter in asa\_config + (https://github.com/ansible/ansible/pull/32761) +- Fix --vault-id support in ansible-pull + (https://github.com/ansible/ansible/pull/33629) +- In nxos\_interface\_ospf, fail nicely if loopback is used with + passive\_interface: (https://github.com/ansible/ansible/pull/33252) +- Fix quote filter when given an integer to quote + (https://github.com/ansible/ansible/issues/33272) +- nxos\_vrf\_interface fix when validating the interface + (https://github.com/ansible/ansible/issues/33227) +- Fix for win\_copy when sourcing files from an SMBv1 share + (https://github.com/ansible/ansible/pull/33576) +- correctly report callback plugin file +- restrict revaulting to vault cli + https://github.com/ansible/ansible/pull/33656 +- Fix python3 tracebacks in letsencrypt module + (https://github.com/ansible/ansible/pull/32734) +- Fix ansible\_\*\_interpreter variables to be templated prior to being + used: https://github.com/ansible/ansible/pull/33698 +- Fix setting of environment in a task that uses a loop: + https://github.com/ansible/ansible/issues/32685 +- Fix fetch on Windows failing to fetch files or particular block size + (https://github.com/ansible/ansible/pull/33697) +- preserve certain fields during no log. + https://github.com/ansible/ansible/pull/33637 +- fix issue with order of declaration of sections in ini inventory + https://github.com/ansible/ansible/pull/33781 +- Fix win\_iis\_webapppool to correctly stop a apppool + (https://github.com/ansible/ansible/pull/33777) +- Fix CloudEngine host failed + (https://github.com/ansible/ansible/pull/27876) +- Fix ios\_config save issue + (https://github.com/ansible/ansible/pull/33791) +- Handle vault filenames with nonascii chars when displaying messages + (https://github.com/ansible/ansible/pull/33926) +- Fix win\_iis\_webapppool to not return passwords + (https://github.com/ansible/ansible/pull/33931) +- Fix extended file attributes detection and changing: + (https://github.com/ansible/ansible/pull/18731) +- correctly ensure 'ungrouped' membership rules + (https://github.com/ansible/ansible/pull/33878) +- made warnings less noisy when empty/no inventory is supplied + (https://github.com/ansible/ansible/pull/32806) +- Fixes a failure which prevents to create servers in module + cloudscale\_server +- Fix win\_firewall\_rule "Specified cast is invalid" error when + modifying a rule with all of Domain/Public/Private profiles set + (https://github.com/ansible/ansible/pull/34383) +- Fix case for multilib when installing from a file in the yum module + (https://github.com/ansible/ansible/pull/32236) +- Fix WinRM parsing/escaping of IPv6 addresses + (https://github.com/ansible/ansible/pull/34072) +- Fix win\_package to detect MSI regardless of the extension case + (https://github.com/ansible/ansible/issues/34465) +- Updated win\_mapped\_drive docs to clarify what it is used for + (https://github.com/ansible/ansible/pull/34478) +- Fix file related modules run in check\_mode when the file being + operated on does not exist + (https://github.com/ansible/ansible/pull/33967) +- Make eos\_vlan idempotent + (https://github.com/ansible/ansible/pull/34443) +- Fix win\_iis\_website to properly check attributes before setting + (https://github.com/ansible/ansible/pull/34501) +- Fixed the removal date for ios\_config save and force parameters + (https://github.com/ansible/ansible/pull/33885) +- cloudstack: fix timeout from ini config file being ignored + https://github.com/ansible/ansible/pull/34854 +- fixes memory usage issues with many blocks/includes + https://github.com/ansible/ansible/issues/31673 + https://github.com/ansible/ansible/pull/34461 +- Fixes maximum recursion depth exceeded with include\_role + https://github.com/ansible/ansible/issues/23609 +- Fix to win\_dns\_client module to take ordering of DNS servers to + resolve into account: https://github.com/ansible/ansible/pull/34656 +- Fix for the nxos\_banner module where some nxos images nest the + output inside of an additional dict: + https://github.com/ansible/ansible/pull/34695 +- Fix failure message "got multiple values for keyword argument id" in + the azure\_rm\_securitygroup module (caused by changes to the azure + python API): https://github.com/ansible/ansible/pull/34810 +- Bump Azure storage client minimum to 1.5.0 to fix deserialization + issues. This will break Azure Stack until it receives storage API + version 2017-10-01 or changes are made to support multiple versions. + (https://github.com/ansible/ansible/pull/34442) +- Flush stdin when passing the become password. Fixes some cases of + timeout on Python 3 with the ssh connection plugin: + https://github.com/ansible/ansible/pull/35049 + +2.4.2 "Dancing Days" - 2017-11-29 +--------------------------------- + +Bugfixes +~~~~~~~~ + +- Fix formatting typo in panos\_security\_rule.py docs. + (https://github.com/ansible/ansible/commit/c0fc797a06451d2fe1ac4fc077fc64f3a1666447) +- Fix rpm spec file to build on RHEL6 without EPEL packages + (https://github.com/ansible/ansible/pull/31653) +- Keep hosts in play vars if inside of a rescue task + (https://github.com/ansible/ansible/pull/31710) +- Fix wait\_for module to treat broken connections as unready so that + the connection continues to be retried: + https://github.com/ansible/ansible/pull/28839 +- Python3 fixes: +- windows\_azure, clc\_firewall\_policy, and ce\_template modules fixed + for imports of urllib which changed between Python2 and Python3 + lookup plugin for consul\_kv.py fixed for imports of urllib + (https://github.com/ansible/ansible/issues/31240) +- Make internal hashing of hostvars use bytes on both python2 and + python3 (https://github.com/ansible/ansible/pull/31788) +- Fix logging inside of KubernetesAnsibleModule() to not use + self.helper.logging. the Ansible builtin log() method will strip out + parameters marked no\_log and will not log if no\_log was set in the + playbook. self.helper.log() circumvents that + (https://github.com/ansible/ansible/pull/31789) +- Correct task results display so that it more closely matches what was + present in 2.3.x and previous. +- Warn when a group has a bad key (Should be one of vars, children, or + hosts) https://github.com/ansible/ansible/pull/31495 +- Use controller configured ansible\_shell\_executable to run commands + in the module (https://github.com/ansible/ansible/pull/31361) +- Add documentation about writing unittests for Ansible +- Fix bugs in get\_url/uri's SNI and TLS version handling when used on + systems that have Python-2.7.9+ and urllib3 installed. +- Have ansible-pull process inventory in its own way. Fixes issues with + ansible-pull not using the correct inventory, especially for + localhost (https://github.com/ansible/ansible/pull/32135) +- Fix for implicit localhost receiving too many variables from the all + group (https://github.com/ansible/ansible/pull/31959) +- Fix the service module to correctly detect which type of init system + is present on the host. + (https://github.com/ansible/ansible/pull/32086) +- Fix inventory patterns to convert to strings before processing: + (https://github.com/ansible/ansible/issues/31978) +- Fix traceback in firewalld module instead of a nice error message: + (https://github.com/ansible/ansible/pull/31949) +- Fix for entering privileged mode using eos network modules: + (https://github.com/ansible/ansible/issues/30802) +- Validate that the destination for ansible-pull is a valid.directory: + (https://github.com/ansible/ansible/pull/31499) +- Document how to preserve strings of digits as strings in the ini + inventory: (https://github.com/ansible/ansible/pull/32047) +- Make sure we return ansible\_distribution\_major\_version to macOS: + (https://github.com/ansible/ansible/pull/31708) +- Fix to ansible-doc -l to list custom inventory plugins: + (https://github.com/ansible/ansible/pull/31996) +- Fix win\_chocolatey to respect case sensitivity in URLs: + (https://github.com/ansible/ansible/pull/31983) +- Fix config\_format json in the junos\_facts module: + (https://github.com/ansible/ansible/pull/31818) +- Allow the apt module's autoremove parameter to take effect in + upgrades: (https://github.com/ansible/ansible/pull/30747) +- When creating a new use via eos\_user, create the user before setting + the user's privilege level: + (https://github.com/ansible/ansible/pull/32162) +- Fixes nxos\_portchannel idempotence failure on N1 images: + (https://github.com/ansible/ansible/pull/31057) +- Remove provider from prepare\_ios\_tests integration test: + (https://github.com/ansible/ansible/pull/31038) +- Fix nxos\_acl change ports to non well known ports and drop + time\_range for N1: (https://github.com/ansible/ansible/pull/31261) +- Fix nxos\_banner removal idempotence issue in N1 images: + (https://github.com/ansible/ansible/pull/31259) +- Return error message back to the module + (https://github.com/ansible/ansible/pull/31035) +- Fix nxos\_igmp\_snooping idempotence: + (https://github.com/ansible/ansible/pull/31688) +- NXOS integration test nxos\_file\_copy, nxos\_igmp, + nxos\_igmp\_interface nxos\_igmp\_snooping, nxos\_ntp\_auth, + nxos\_ntp\_options: (https://github.com/ansible/ansible/pull/29030) +- Fix elb\_target\_group module traceback when ports were specified + inside of the targets parameter: + (https://github.com/ansible/ansible/pull/32202) +- Fix creation of empty virtual directories in aws\_s3 module: + (https://github.com/ansible/ansible/pull/32169) +- Enable echo for ``pause`` module: + (https://github.com/ansible/ansible/issues/14160) +- Fix for ``hashi_vault`` lookup to return all keys at a given path + when no key is specified + (https://github.com/ansible/ansible/pull/32182) +- Fix for ``win_package`` to allow TLS 1.1 and 1.2 on web requests: + (https://github.com/ansible/ansible/pull/32184) +- Remove provider from ios integration test: + (https://github.com/ansible/ansible/pull/31037) +- Fix eos\_user tests (https://github.com/ansible/ansible/pull/32261) +- Fix ansible-galaxy --force with installed roles: + (https://github.com/ansible/ansible/pull/32282) +- ios\_interface testfix: + (https://github.com/ansible/ansible/pull/32335) +- Fix ios integration tests: + (https://github.com/ansible/ansible/pull/32342) +- Ensure there is always a basdir so we always pickup group/host\_vars + https://github.com/ansible/ansible/pull/32269 +- Fix vars placement in ansible-inventory + https://github.com/ansible/ansible/pull/32276 +- Correct options for luseradd in user module + https://github.com/ansible/ansible/pull/32262 +- Clarified package docs on 'latest' state + https://github.com/ansible/ansible/pull/32397 +- Fix issue with user module when local is true + (https://github.com/ansible/ansible/pull/32262 and + https://github.com/ansible/ansible/pull/32411) +- Fix for max\_fail\_percentage being inaccurate: + (https://github.com/ansible/ansible/issues/32255) +- Fix check mode when deleting ACS instance in azure\_rm\_acs module: + (https://github.com/ansible/ansible/pull/32063) +- Fix ios\_logging smaller issues and make default size for buffered + work: (https://github.com/ansible/ansible/pull/32321) +- Fix ios\_logging module issue where facility is being deleted along + with host: (https://github.com/ansible/ansible/pull/32234) +- Fix wrong prompt issue for network modules + (https://github.com/ansible/ansible/pull/32426) +- Fix eos\_eapi to enable non-default vrfs if the default vrf is + already configured (https://github.com/ansible/ansible/pull/32112) +- Fix network parse\_cli filter in case of single match is not caught + when using start\_block and end\_block + (https://github.com/ansible/ansible/pull/31092) +- Fix win\_find failing on files it can't access, change behaviour to + be more like the find module + (https://github.com/ansible/ansible/issues/31898) +- Amended tracking of 'changed' + https://github.com/ansible/ansible/pull/31812 +- Fix label assignment in ovirt\_host\_networks + (https://github.com/ansible/ansible/pull/31973) +- Fix fencing and kuma usage in ovirt\_cluster module + (https://github.com/ansible/ansible/pull/32190) +- Fix failure during upgrade due to NON\_RESPONSIVE state for + ovirt\_hosts module (https://github.com/ansible/ansible/pull/32192) +- ini inventory format now correclty handles group creation w/o need + for specific orders https://github.com/ansible/ansible/pull/32471 +- Fix for quoted paths in win\_service + (https://github.com/ansible/ansible/issues/32368) +- Fix tracebacks for non-ascii paths when parsing inventory + (https://github.com/ansible/ansible/pull/32511) +- Fix git archive when update is set to no + (https://github.com/ansible/ansible/pull/31829) +- Fix locale when screen scraping in the yum module + (https://github.com/ansible/ansible/pull/32203) +- Fix for validating proxy results on Python3 for modules making http + requests: (https://github.com/ansible/ansible/pull/32596) +- Fix unreferenced variable in SNS topic module + (https://github.com/ansible/ansible/pull/29117) +- Handle ignore\_errors in loops + (https://github.com/ansible/ansible/pull/32546) +- Fix running with closed stdin on python 3 + (https://github.com/ansible/ansible/pull/31695) +- Fix undefined variable in script inventory plugin + (https://github.com/ansible/ansible/pull/31381) +- Fix win\_copy on Python 2.x to support files greater than 4GB + (https://github.com/ansible/ansible/pull/32682) +- Add extra error handling for wmare connect to correctly detect + scenarios where username does not have the required logon permissions + (https://github.com/ansible/ansible/pull/32613) +- Fix ios\_config file prompt issue while using save\_when + (https://github.com/ansible/ansible/pull/32744) +- Prevent host\_group\_vars plugin load errors when using 'path as + inventory hostname' https://github.com/ansible/ansible/issues/32764 +- Better errors when loading malformed vault envelopes + (https://github.com/ansible/ansible/issues/28038) +- nxos\_interface error handling + (https://github.com/ansible/ansible/pull/32846) +- Fix snmp bugs on Nexus 3500 platform + (https://github.com/ansible/ansible/pull/32773) +- nxos\_config and nxos\_facts - fixes for N35 platform + (https://github.com/ansible/ansible/pull/32762) +- fix dci failure nxos (https://github.com/ansible/ansible/pull/32877) +- Do not execute ``script`` tasks is check mode + (https://github.com/ansible/ansible/issues/30676) +- Keep newlines when reading LXC container config file + (https://github.com/ansible/ansible/pull/32219) +- Fix a traceback in os\_floating\_ip when required instance is already + present in the cloud: https://github.com/ansible/ansible/pull/32887 +- Fix for modifying existing application load balancers using + certificates (https://github.com/ansible/ansible/pull/28217) +- Fix --ask-vault-pass with no tty and password from stdin + (https://github.com/ansible/ansible/issues/30993) +- Fix for IIS windows modules to use hashtables instead of + PSCustomObject (https://github.com/ansible/ansible/pull/32710) +- Fix nxos\_snmp\_host bug + (https://github.com/ansible/ansible/pull/32916) +- Make IOS devices consistent ios\_logging + (https://github.com/ansible/ansible/pull/33100) +- restore error on orphan group:vars delcaration for ini inventories + https://github.com/ansible/ansible/pull/32866 +- restore host/group\_vars merge order + https://github.com/ansible/ansible/pull/32963 +- use correct loop var when delegating + https://github.com/ansible/ansible/pull/32986 +- Handle sets and datetime objects in inventory sources fixing + tracebacks https://github.com/ansible/ansible/pull/32990 +- Fix for breaking change to Azure Python SDK DNS RecordSet constructor + in azure-mgmt-dns==1.2.0 + https://github.com/ansible/ansible/pull/33165 +- Fix for breaking change to Azure Python SDK that prevented some + members from being returned in facts modules + https://github.com/ansible/ansible/pull/33169 +- restored glob/regex host pattern matching to traverse groups and + hosts and not return after first found + https://github.com/ansible/ansible/pull/33158 +- change nxos\_interface module to use "show interface" to support more + platforms https://github.com/ansible/ansible/pull/33037 2.4.1 "Dancing Days" - 2017-10-25 --------------------------------- @@ -299,6 +743,9 @@ Major Changes - Windows become\_method: runas now works across all authtypes and will auto-elevate under UAC if WinRM user has "Act as part of the operating system" privilege +- Do not escape backslashes in the template lookup plugin to mirror + what the template module does + https://github.com/ansible/ansible/issues/26397 Deprecations ~~~~~~~~~~~~ @@ -433,11 +880,37 @@ New Callbacks: - profile\_roles - stderr +New Connection plugins: +^^^^^^^^^^^^^^^^^^^^^^^ + +- buildah +- saltstack + New Filters: ^^^^^^^^^^^^ +- ipaddr filter gained several new suboptions +- first\_usable +- ip/prefix +- ip\_netmask +- last\_usable +- next\_usable +- network\_id +- network/prefix +- network\_netmask +- network\_wildcard +- previous\_usable +- range\_usable +- size\_usable +- wildcard +- next\_nth\_usable +- network\_in\_network +- network\_in\_usable +- previous\_nth\_usable - parse\_cli - parse\_cli\_textfsm +- strftime +- urlsplit New Inventory Plugins: ^^^^^^^^^^^^^^^^^^^^^^ @@ -446,6 +919,7 @@ New Inventory Plugins: - constructed - host\_list - ini +- openstack - script - virtualbox - yaml @@ -455,15 +929,30 @@ New Inventory scripts: - lxd -New: Tests +New Lookups: +^^^^^^^^^^^^ + +- chef\_databag +- cyberarkpassword +- hiera + +New Tests: ^^^^^^^^^^ -- ``any``: true if any element is true -- ``all``: true if all elements are true +- any : true if any element is true +- all: true if all elements are true Module Notes ~~~~~~~~~~~~ +- By mistake, an early version of elb\_classic\_lb, elb\_instance, and + elb\_classic\_lb\_facts modules were released and marked as + stableinterface. These are now marked as preview in 2.4.1 and their + parameters and return values may change in 2.5.0. Part of this + mistake included deprecating the ec2\_elb\_lb, ec2\_lb, and + ec2\_elb\_facts modules prematurely. These modules won't be + deprecated until the replacements above have a stableinterface and + the erroneous deprecation has been fixed in 2.4.1. - The docker\_container module has gained a new option, ``working_dir`` which allows specifying the working directory for the command being run in the image.