Skip to content

Latest commit

 

History

History
1712 lines (1042 loc) · 64.7 KB

CHANGELOG-v2.5.rst

File metadata and controls

1712 lines (1042 loc) · 64.7 KB

Ansible 2.5 "Kashmir" Release Notes

v2.5.15

Release Summary

Release Date: 2019-02-21
Security release for CVE-2019-3828 (https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3828)

Bugfixes

  • remote home directory - Disallow use of remote home directories that include relative pathing by means of .. (CVE-2019-3828) (#52133)
  • always correctly template no log for tasks #43294

v2.5.14

Release Summary

Release Date: 2018-12-13
Security release for CVE-2018-16876 (https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16876)

Bugfixes

  • now no log is being respected on retry and high verbosity. CVE-2018-16876

v2.5.13

Release Summary

Release Date: 2018-11-30
Corrects packaging issue which prevented Windows targets from executing

Bugfixes

  • powershell - add lib/ansible/executor/powershell to the packaging data

v2.5.12

Release Summary

Release Date: 2018-11-29
Security release for CVE-2018-16859 (https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16859)

Bugfixes

  • openssl_csr - fix byte encoding issue on Python 3
  • postgresql_user - create pretty error message when creating a user without an encrypted password on newer PostgreSQL versions
  • Windows - prevent sensitive content from appearing in scriptblock logging (CVE 2018-16859)

v2.5.11

Release Summary

Release Date: 2018-10-31
Security release for CVE-2018-16837 (https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16837)

Bugfixes

  • user module - do not pass ssh_key_passphrase on cmdline (CVE-2018-16837)

v2.5.10

Release Summary

Release Date: 2018-09-27
Final scheduled release in 2.5 series; future releases will be for critical security fixes only
Porting Guide

Bugfixes

  • docker connection - Support empty files with copying to target (#36725)
  • chroot connection - Support empty files with copying to target (#36725)
  • jail connection - Support empty files with copying to target (#36725)
  • kubectl connection - Support empty files with copying to target (#36725)
  • libvirt_lxc connection - Support empty files with copying to target (#36725)
  • zone connection - Support empty files with copying to target (#36725)
  • cloudfront - fix bug when CloudFrontOriginAccessIdentityList is missing (#44984)
  • vyos_facts - fix vyos_facts not returning version number issue (#39115)
  • get_url - Don't re-download files unnecessarily when force=no (#45491)
  • loop - Ensure that a loop with a when condition that evaluates to false and delegate_to, will short circuit if the loop references an undefined variable. This matches the behavior in the same scenario without delegate_to (#45189)
  • mysql, proxysql_ - PyMySQL (a pure-Python MySQL driver) is now a preferred dependency also supporting Python 3.X.
  • nxos terminal plugin - fix python2.6 nothing to repeat bug (#45271).
  • ssh connection - Support empty files with piped transfer_method (#45426)
  • PLUGIN_FILTERS_CFG - Ensure that the value is treated as type=path, and that we use the standard section of defaults instead of default (#45994)
  • script inventory plugin - Don't pass file_name to DataLoader.load, which will prevent misleading error messages (#34164)

v2.5.9

Release Summary

Release Date: 2018-09-10
Porting Guide

Minor Changes

  • import_tasks - Do not allow import_tasks to transition to dynamic if the file is missing (#44822)

Bugfixes

  • user - Strip trailing comments in /etc/default/passwd (#43931)
  • fix example code for AWS lightsail documentation
  • fix the enable_snat parameter that is only supposed to be used by an user with the right policies. #44418
  • ios_l2_interface - fix issue with certain interface types (#43819)
  • ios_user - fix unable to delete user admin issue (#44904)
  • ansible-galaxy - properly list all roles in roles_path (#43010)
  • ios_vlan - fix unable to work on certain interface types issue (#43819)
  • The fix for CVE-2018-10875 prints out a warning message about skipping a config file from a world writable current working directory. However, if the user is in a world writable current working directory which does not contain a config file, it should not print a warning message. This release fixes that extaneous warning.
  • Add md5sum check in nxos_file_copy module (#43423).
  • nxos_interface port-channel idempotence fix for mode (#44248).
  • nxos_linkagg mode fix (#44294).
  • Fix check_mode in nxos_static_route module (#44252).
  • Fix Python2.6 regex bug terminal plugin nxos, iosxr (#45135).

v2.5.8

Release Summary

Release Date: 2018-08-16
Porting Guide

Bugfixes

  • fix for the bundled selectors module (used in the ssh and local connection plugins) when a syscall is restarted after being interrupted by a signal (#41630)
  • Fix the mount module's handling of swap entries in fstab (#42837)
  • The fix for CVE-2018-10875 prints out a warning message about skipping a config file from a world writable current working directory. However, if the user explicitly specifies that the config file should be used via the ANSIBLE_CONFIG environment variable then Ansible would honor that but still print out the warning message. This has been fixed so that Ansible honors the user's explicit wishes and does not print a warning message in that circumstance.
  • fact names that conflict with well-known connection vars are now filtered (#41684)
  • get_url - fix the bug that get_url does not change mode when checksum matches (#29614)
  • openvswitch_db - make 'key' argument optional #42108
  • slack callback - Fix invocation by looking up data from cli.options (#43542)
  • vars_prompt - properly template play level variables in vars_prompt (#37984)

v2.5.7

Release Summary

Release Date: 2018-07-26
Porting Guide

Bugfixes

  • eos_facts - fix failure when lldp will be disabled (#42347)
  • ios_vlan - fix unable to identify correct vlan issue (#42247)
  • ios_linkagg - fix picking correct interface names issue (#42557)
  • get_capabilities in nxapi module_utils should not return empty dictionary (#42688).
  • Enforcing NXAPI default HTTP behavior (#41817).
  • pause - do not set stdout to raw mode when redirecting to a file (#41717)
  • pause - nest try except when importing curses to gracefully fail if curses is not present (#42004)

v2.5.6

Release Summary

Release Date: 2018-07-05
Porting Guide

Minor Changes

  • Restore module_utils.basic.BOOLEANS variable for backwards compatibility with the module API in older ansible releases.
  • lineinfile - add warning when using an empty regexp (#29443)

Bugfixes

  • apt - fix apt-mark on debian6 (#41530)
  • Security Fix - avoid loading host/group vars from cwd when not specifying a playbook or playbook base dir
  • copy module - fixed recursive copy with relative paths (#40166)
  • correct debug display for all cases #41331
  • eos_l2_interface - fix eapi (#42270)
  • group_by - support implicit localhost (#41860)
  • influxdb_query - fixed the use of the common return 'results' caused an unexpected fault. The return is renamed to 'query_results'
  • junos_config - fix confirm commit timeout issue (#41527)
  • lineinfile - fix insertbefore when used with BOF to not insert duplicate lines (#38219)
  • nsupdate - allow hmac-sha384 #42209
  • nxos_linkagg - fix issue (#41550).
  • nxos_vxlan_vtep_vni - fix issue (#42240)
  • uses correct conn info for reset_connection #27520
  • correct service facts systemd detection of state #40809
  • correctly check hostvars for vars term #41819
  • vyos_vlan - fix aggregate configuration issues (#41638)
  • win_domain - fixes typo in one of the AD cmdlets #41536
  • win_iis_webapppool - redirect some module output to null so Ansible can read the output JSON #40874
  • win_updates - Fixed issue where running win_updates on async fails without any error
  • winrm - ensure pexpect is set to not echo the input on a failure and have a manual sanity check afterwards #41865
  • Security Fix - avoid using ansible.cfg in a world writable dir.

v2.5.5

Release Summary

Release Date: 2018-06-14
Porting Guide

Bugfixes

  • Changed the admin_users config option to not include "admin" by default as admin is frequently used for a non-privileged account (#41164)
  • aws_s3 - add async support to the action plugin (#40826)
  • aws_s3 - fix decrypting vault files (#39634)
  • ec2_ami - cast the device_mapping volume size to an int (#40938)
  • eos_logging - fix idempotency issues (#40604)
  • cache plugins - A cache timeout of 0 means the cache will not expire.
  • ios_logging - fix idempotency issues (#41029)
  • ios/nxos/eos_config - don't retrieve config in running_config when config is provided for diff (#41400)
  • Security Fix - Some connection exceptions would cause no_log specified on a task to be ignored. If this happened, the task information, including any private information could have been displayed to stdout and (if enabled, not the default) logged to a log file specified in ansible.cfg's log_path. Additionally, sites which redirected stdout from ansible runs to a log file may have stored that private information onto disk that way as well. (#41414)
  • nxos_banner - fix multiline banner issue (#41026).
  • nxos terminal plugin - fix output truncation (#40960)
  • nxos_l3_interface - fix no switchport issue with loopback and svi interfaces (#37392).
  • nxos_snapshot - fix compare_option (#41386)

v2.5.4

Release Summary

Release Date: 2018-05-31
Porting Guide

Bugfixes

  • skip marking packages as manually installed when apt-mark is not available (#40600)
  • jenkins_plugin - fix plugin always updated even if already uptodate (#40645)
  • allow ansible-doc to handle 'keywords' configuration entries #40620
  • ec2_asg - wait for lifecycle hooks to complete (#37281)
  • edgeos modules - add note and warning that the modules require network_cli connection (#39499)
  • edgeos_config - check for a corresponding set command when issuing delete commands to ensure the desired state is met (#40437)
  • callback plugins - correctly reference the callback object when giving an error (#40453)
  • fix doas construction for become (#37511)
  • iptables - use suboptions to properly join tcp_flags options (#36490)
  • known_hosts - add better checking and error reporting to the host field (#38307)
  • meta: reset connection is not run once (#39364)
  • Fix legacy Nexus 3k integration test and module issues (#40322).
  • Skip N35 and N3L platforms for nxos_evpn_global test (#40333).
  • Add normalize_interface in module_utils and fix nxos_l3_interface module (#40598).
  • Fix nxos_interface Disable switchport for loopback/svi (#40314).
  • fixes bug with matching nxos prompts (#40655).
  • fix nxos_vrf and migrate get_interface_type to module_utils (#40825).
  • Fix nxos_vlan vlan creation failure (#40822).
  • pause - ensure ctrl+c interrupt works in all cases (#35372)
  • user - With python 3.6 spwd.getspnam returns PermissionError instead of KeyError if user does not have privileges (#39472)
  • synchronize - Ensure the local connection created by synchronize uses _remote_is_local=True, which causes ActionBase to build a local tmpdir (#40833)
  • synchronize - Ensure rsync_opts is a list when not provided
  • action - Ensure remote user is correctly calculated when expanding the remote user path
  • win_get_url - fixed issue when authenticating when force=yes #40641
  • winrm - allow ansible_user or ansible_winrm_user to override ansible_ssh_user when both are defined in an inventory - #39844
  • winrm - Add better error handling when the kinit process fails
  • xenserver_facts - ensure module works with newer versions of XenServer (#35821)

v2.5.3

Release Summary

Release Date: 2018-05-17
Porting Guide

Bugfixes

  • openstack.os_stack - extend failure message with the server response (#39660).
  • vmware_guest - typecast VLAN ID to match various conditions. (#39793)
  • vmware_guest - Do not update cpu/memory allocation in configspec if there is no change (#39865)
  • Fix unset 'ansible_virtualization_role' fact while setting virtualization facts for real hardware.
  • loop_control - update template vars for loop_control fields on each loop iteration (#39818).
  • template - Fix for encoding issues when a template path contains non-ascii characters and using the template path in ansible_managed (#27262)
  • apt - Auto install of python-apt without recommends (#37121)
  • apt - Mark installed packages manual (#37751)
  • async - Ensure that the implicit async_status gets the env from a task with async (#39764)
  • Fallback to instance role STS credentials if none are explicitly provided for the aws_ec2 inventory plugin
  • Support tag values as hostnames in aws_ec2 inventory plugin
  • Fix regression in aws_s3 to allow uploading files on the remote host to an S3 bucket
  • dont require property for older callbacks to load #38281
  • fix diff callback only being called when global diff option was set and not honoring task diff (#31129)
  • minor doc fix #39111
  • ec2_vpc_route_table - fix regression by skipping routes without DestinationCidrBlock (#37010)
  • Use custom waiters
  • Add integration tests for check mode
  • Fix non-monotonic AWS behavior by waiting until attributes are the correct value before returning the subnet
  • Don't use custom waiter configs for older versions of botocore
  • return empty list if host pattern is empty #37931
  • Fix an encoding issue when parsing the examples from a plugins' documentation
  • Fix misuse of self in module_utils/network/eos/eos.py (#39074)
  • eos_vlan - Fix eos_vlan associated interface name check (#39661)
  • file module - Fix error when running a task which assures a symlink to a nonexistent file exists for the second and subsequent times (#39558)
  • file module - Fix error when recursively assigning permissions and a symlink to a nonexistent file is present in the directory tree (#39456)
  • file - Eliminate an error if we're asked to remove a file but something removes it while we are processing the request (#39466)
  • Capture correct exception type #39406
  • dont emit empty error due to n #39019
  • single bad path for galaxy is just a warning, error only if no usable paths found #39082
  • correctly deal with user homedir (~) translations #36755
  • Fix interfaces_file to support allow- #37847
  • ios cliconf plugin fix regex for version (#40066)
  • ios_config - If defaults is enabled append default flag to command (#39741)
  • ios_config - Fix ios get_config to fetch config without defaults (#39475)
  • ios_iosxr_terminal - fixed issue with ios and iosxr terminal prompt regex
  • iosxr_config - handle configuration block with mis-indented sublevel command (#39673)
  • iosxr* modules do not work with iosxr version >= 6.3.2 as cisco has deprecated 'show version brief'
  • Fix junos_config confirm timeout issue (#40238)
  • avoid uneeded reloading of plugin files #37648
  • Fix nested noop block padding in dynamic includes (#38814)
  • nio_lookup_error - fixed nios lookup errors out when there are no results
  • nxos_feature - Handle nxos_feature issue where json isn't supported (#39150)
  • nxos_ntp - Fix nxos_ntp issues (#39178)
  • nxos_interface - Fix AttributeError NoneType object has no attribute group (#38544)
  • nxos_snmp_community - Fix nxos_snmp_community issues (#39258)
  • nxos_l2_interface - Add aggregate example in nxos_l2_interface module doc (#39275)
  • nxos_snmp_host - Fix for nxos_snmp_host issues (#39642)
  • nxos_snmp_traps - Fix nxos_snmp_traps issues (#39444)
  • nxos_linkagg - nxos_linkagg abbreviated form issue (#39591)
  • nxos_snmp_user - Fix nxos_snmp_user (#39760)
  • nxos_logging - remove purge from nxos_logging doc, argspec (#39947)
  • nxos_ping - Fix nxos_ping issues (#40028)
  • nxos_vxlan_vtep_vni - Fix nxos_vxlan_vtep_vni test (#39968)
  • nxos_snapshot - Fix logic for save_snapshot_locally (#40227)
  • nxos terminal plugin on_become (#39355)
  • nxos module_doc_fragments for authorize, auth_pass (#39946)
  • Fix nxos terminal plugin regex (#39659)
  • protect against bad plugin verify method #36591
  • include_role - disambiguate keywords from variables (#38968)
  • filter was removed ... docs shoudl be too #37946
  • ensure C locale for chkconfig to allow sane screen scraping #38980
  • template action plugin - fix the encoding of filenames to avoid tracebacks on Python2 when characters that are not present in the user's locale are present. (#39424)
  • ufw - "route" has to be the first option in ufw command #31756
  • user - only change the expiration time when necessary (#13235)
  • firewalld - fixed fw_offline undefined error (#39394)
  • ansible-connection - properly unlock the socket file lock (#39223)
  • apt - added --no-install-recommends to PYTHON_APT dep installation (#39409)
  • ec2_vpc_route_table - updated matching_count parsing (#39899)
  • ovirt - fixed quota_id check (#40081)
  • vdirect_file - deal with invalid upload source (#37461)
  • win_file - fix issue where special chars like [ and ] were not being handled correctly #37901
  • win_get_url - fixed a few bugs around authentication and force no when using an FTP URL
  • win_template - fix when specifying the dest option as a directory with and without the trailing slash #39886
  • win_updates - Fix typo that hid the download error when a download failed
  • win_updates - Fix logic when using a whitelist for multiple updates
  • windows become - Show better error messages when the become process fails

v2.5.2

Release Summary

Release Date: 2018-04-26
Porting Guide

Minor Changes

  • Return virtual_facts after VMware platform detection, otherwise we're falling back to 'NA' for virtualization type and virtualization role.

Bugfixes

  • copy - fixed copy to only follow symlinks for files in the non-recursive case
  • file - fixed the default follow behaviour of file to be true
  • docker modules - Error with useful message is both docker and docker-py are found to both be installed (#38884)
  • dynamic includes - Improved performance by fixing re-parenting on copy (#38747)
  • dynamic includes - Fix IncludedFile comparison for free strategy (#37083)
  • dynamic includes - Allow inheriting attributes from static parents (#38827)
  • Fix ios and iosxr terminal prompt regex (#39063)
  • set_fact/include_vars - allow incremental update for vars in loop (#38302)
  • cloudfront_distribution - support missing protocol versions (#38990)
  • slice filter - removed Ansible-provided impl in favor of Jinja builtin (#37944)
  • ovirt_host_networks - fix removing of network attachments (#38816)
  • ovirt_disk - support removing unmanaged networks (#38726)
  • ovirt_disk - FCP storage domains don't have to have target (#38882)
  • Ansible.ModuleUtils.FileUtil - support using Test-AnsiblePath with non file system providers (#39200)
  • win_get_url - Compare the UTC time of the web file to the local UTC time (#39152)

v2.5.1

Release Summary

Release Date: 2018-04-18
Porting Guide

Minor Changes

  • Updated example in vcenter_license module.
  • Updated virtual machine facts with instanceUUID which is unique for each VM irrespective of name and BIOS UUID.

Bugfixes

  • EOS can not check configuration without use of config session (ANSIBLE_EOS_USE_SESSIONS=0). Fix is to throw error when hiting into this exception case. Configs would neither be checked nor be played on the eos device.
  • Adds exception handling which is raised when user does not have correct set of permissions/privileges to read virtual machine facts.
  • onyx_pfc_interface - Add support for changes in pfc output in onyx 3.6.6000 #37651
  • Fix mlag summary json parsing for onyx version 3.6.6000 and above #38191
  • Update documentation related to datacenter in vmware_guest_find module. Mark datacenter as optional.
  • Set default network type as 'dhcp' if user has not specified any.
  • Changed hostname variable in order for the esxi host to be found when authentication against a vcenter was done.
  • nmcli change default value of autoconnect
  • azure_rm_image - Allow Azure images to be created with tags, bug was introduced in Ansible v2.5.0
  • azure_rm_networkinterface - Network interface can attach an existing NSG or create a new NSG with specified name in Ansible v2.5.0.
  • azure_rm_virtualmachine - removed docs note that says on marketplace images can be used, custom images were added in 2.5
  • Improve keyed groups for complex inventory
  • Made separator configurable
  • Fixed some exception types
  • Better error messages
  • backup options doc change to reflect backup directory location in case playbook is run from a role
  • filters - Don't overwrite builtin jinja2 filters with tests (#37881)
  • edgeos_command - add action plugin to backup config (#37619)
  • eos cliconf get_config() format type fix (#38682)
  • eos_vlan - fixed eos_vlan not working when having more than 6 interfaces (#38347)
  • Various grafana* modules - Port away from the deprecated b64encodestring function to the b64encode function instead. (#38388)
  • include_role - Fix parameter templating (#36372)
  • include_vars - Call DataLoader.load with the correct signature to prevent hang on error processing (#38194)
  • ios_interface - neighbors option now include CDP neighbors (#37667)
  • ios_l2_interface - fix removal of trunk vlans (#37389)
  • ios_l2_interface - use show run instead of section pipeline ios_l2_interface (#39658)
  • Add supported connection in junos module documentation (#38813)
  • junos_netconf - Report error is wrong connection type is used for junos_netconf (#38527)
  • _nxos_switchport - fix removal of trunk vlans (#37328)
  • nxos_l2_interface - fix removal of trunk vlans (#37336)
  • nxos_snapshot - fix documentation and add required parameter logic (#37232, #37248)
  • Improve integration test - Ensure each transport test runs only once (#37462)
  • nxos_user - Integration test (#37852)
  • nxos_bgp_af - Fix UnboundLocalError (#37610)
  • nxos_vrf - Fix nxos_vrf issues (#37092)
  • nxos_vrf_af - Fix nxos_vrf_af issues (#37211)
  • nxos_udld - Fix nxos_udld issues (#37418)
  • nxos_vlan - Fix nxos_vlan issues (#38008)
  • nxos_vlan - nxos_vlan purge (#38202)
  • nxos_aaa_server - Fix nxos_aaa_server (#38117)
  • nxos_aaa_server_host - Fix nxos_aaa_server_host (#38188)
  • nxos_acl - Fix nxos_acl (#38283)
  • nxos_static_route - Fix nxos_static_route (#37614)
  • nxos_acl_interface test - Fix nxos_acl_interface test (#38230)
  • nxos_igmp - Fix nxos_igmp (#38496)
  • nxos_hsrp - Fix nxos_hsrp (#38410)
  • nxos_igmp_snooping - Fix nxos_igmp_snooping (#38566)
  • nxos_ntp_auth - Fix nxos_ntp_auth issues (#38824)
  • nxos_ntp_options - Fix nxos_ntp_options issues (#38695)
  • Fix onyx_config action plugin when used on Python 3 #38343
  • openssl-certificate - Add space between arguments for acme-tiny (#36739)
  • Fix traceback when creating or stopping ovirt vms (#37249)
  • Add url to troubleshoot persistent socket path related issues #38542
  • Fix for consul_kv idempotence on Python3 #35893
  • Fix csvfile lookup plugin when used on Python3 #37625
  • ec2 - Fix ec2 user_data parameter to properly convert to base64 on python3 (#37628)
  • Fix to send and receive bytes over a socket in the haproxy module which was causing tracebacks on Python3 #35176
  • jira module - Fix bytes/text handling for base64 encoding authentication tokens (#33862)
  • ansible-pull - fixed a bug checking for changes when we've pulled from the git repository on python3 #36962
  • Fix bytes/text handling in vagrant dynamic inventory #37631
  • wait_for_connection - Fix python3 compatibility bug (#37646)
  • restore stderr ouput even if script module run is successful (#38177)
  • ec2_asg - no longer terminates an instance before creating a replacement (#36679)
  • ec2_group - security groups in default VPCs now have a default egress rule (#38018)
  • inventory correctly removes hosts from 'ungrouped' group (#37617)
  • letsencrypt - fixed domain matching authorization (#37558)
  • letsencrypt - improved elliptic curve account key parsing (#37275)
  • facts are no longer processed more than once for each action (#37535)
  • cs_vpc_offering - only return VPC offferings matching name arg (#37783)
  • cs_configuration - filter names inside the module instead of relying on API (#37910)
  • various fixes to networking module connection subsystem (#37529)
  • ios* - fixed netconf issues (#38155)
  • ovirt* - various bugfixes (#38341)
  • ansible-vault no longer requires '--encrypt-vault-id' with edit (#35923)
  • k8s lookup plugin now uses same auth method as other k8s modules (#37533)
  • ansible-inventory now properly displays group_var graph (#38744)
  • setup - FreeBSD fact gathering no longer fails on missing dmesg, sysctl, etc (#37194)
  • inventory scripts now read passwords without byte interpolation (#35582)
  • user - fixed password expiration support in FreeBSD
  • meta - inventory_refresh now works properly on YAML inventory plugins (#38242)
  • foreman callback plugin - fixed API options (#38138)
  • win_certificate_store - fixed a typo that stopped it from getting the key_storage values
  • win_copy - Preserve the local tmp folder instead of deleting it so future tasks can use it (#37964)
  • win_environment - Fix for issue where the environment value was deleted when a null value or empty string was set - #40450
  • Ansible.ModuleUtils.FileUtil - Catch DirectoryNotFoundException with Test-AnsiblePath (#37968)
  • win_exec_wrapper - support loading of Windows modules different different line endings than the core modules (#37291)
  • win_reboot - fix deprecated warning message to show version in correct spot (#37898)
  • win_regedit - wait for garbage collection to finish before trying to unload the hive in case handles didn't unload in time (#38912)
  • win_service - Fix bug with win_service not being able to handle special chars like '[' (#37897)
  • win_setup - Use connection name for network interfaces as interface name isn't helpful (#37327)
  • win_setup - fix bug where getting the machine SID would take a long time in large domain environments (#38646)
  • win_updates - handle if the module fails to load and return the error message (#38363)
  • win_uri - do not override existing header when using the headers key. (#37845)
  • win_uri - convert status code values to an int before validating them in server response (#38080)
  • windows - display UTF-8 characters correctly in Windows return json (#37229)
  • winrm - when managing Kerberos tickets in Ansible, get a forwardable ticket if delegation is set (#37815)

v2.5.0

Release Summary

Release Date: 2018-03-22

Major Changes

  • Ansible Network improvements
    • Created new connection plugins network_cli and netconf to replace connection=local. connection=local will continue to work for a number of Ansible releases.
    • No more unable to open shell. A clear and descriptive message will be displayed in normal ansible-playbook output without needing to enable debug mode
    • Loads of documentation, see Ansible for Network Automation Documentation.
    • Refactor common network shared code into package under module_utils/network/
    • Filters: Add a filter to convert XML response from a network device to JSON object.
    • Loads of bug fixes.
    • Plus lots more.
  • New simpler and more intuitive 'loop' keyword for task loops. The with_<lookup> loops will likely be deprecated in the near future and eventually removed.
  • Added fact namespacing; from now on facts will be available under ansible_facts namespace (for example: ansible_facts.os_distribution) without the ansible_ prefix. They will continue to be added into the main namespace directly, but now with a configuration toggle to enable this. This is currently on by default, but in the future it will default to off.
  • Added a configuration file that a site administrator can use to specify modules to exclude from being used.

Minor Changes

  • ansible-inventory - now supports a --export option to preserve group_var data (#36188)
  • Added a few new magic vars corresponding to configuration/command line options: ansible_diff_mode, ansible_inventory_sources, ansible_limit, ansible_run_tags , ansible_forks and ansible_skip_tags
  • Updated the bundled copy of the six library to 1.11.0
  • Added support to become NT AUTHORITY\System, NT AUTHORITY\LocalService, and NT AUTHORITY\NetworkService on Windows hosts
  • Fixed become to work with async on Windows hosts
  • Improved become elevation process to work on standard Administrator users without disabling UAC on Windows hosts
  • The jenkins_plugin and yum_repository plugins had their params option removed because they circumvented Ansible's option processing.
  • The combine filter now accepts a list of dicts as well as dicts directly
  • New CLI options for ansible-inventory, ansible-console and ansible to allow specifying a playbook_dir to be used for relative search paths.
  • The `stat and win_stat modules have changed the default value of get_md5 to False which will result in the md5 return value not being returned. This option will be removed altogether in Ansible 2.9. Use get_checksum: True with checksum_algorithm: md5 to return an md5 hash of the file under the checksum` return value.
  • The osx_say module was renamed into say.
  • Task debugger functionality was moved into StrategyBase, and extended to allow explicit invocation from use of the debugger keyword. The debug strategy is still functional, and is now just a trigger to enable this functionality.
  • The documentation has undergone a major overhaul. Content has been moved into targeted guides; the table of contents has been cleaned up and streamlined; the CSS theme has been updated to a custom version of the most recent ReadTheDocs theme, and the underlying directory structure for the RST files has been reorganized.
  • The ANSIBLE_REMOTE_TMP environment variable has been added to supplement (and override) ANSIBLE_REMOTE_TEMP. This matches with the spelling of the config value. ANSIBLE_REMOTE_TEMP will be deprecated in the future.
  • aci* modules - added signature based authentication
  • aci* modules - included dedicated ACI documentation
  • aci* modules - improved ACI return values

Deprecated Features

  • Apstra's aos_* modules are deprecated as they do not work with AOS 2.1 or higher. See new modules at https://github.com/apstra.
  • Previously deprecated 'hostfile' config settings have been 're-deprecated' because previously code did not warn about deprecated configuration settings.
  • Using Ansible-provided Jinja tests as filters is deprecated and will be removed in Ansible 2.9.
  • The stat and win_stat modules have deprecated get_md5 and the md5 return values. These options will become undocumented in Ansible 2.9 and removed in a later version.
  • The redis_kv lookup has been deprecated in favor of new redis lookup
  • Passing arbitrary parameters that begin with HEADER_ to the uri module, used for passing http headers, is deprecated. Use the headers parameter with a dictionary of header names to value instead. This will be removed in Ansible 2.9
  • Passing arbitrary parameters to the zfs module to set zfs properties is deprecated. Use the extra_zfs_properties parameter with a dictionary of property names to values instead. This will be removed in Ansible 2.9.
  • Use of the AnsibleModule parameter check\_invalid\_arguments in custom modules is deprecated. In the future, all parameters will be checked to see whether they are listed in the arg spec and an error raised if they are not listed. This behaviour is the current and future default so most custom modules can simply remove check\_invalid\_arguments if they set it to the default value of True. The check\_invalid\_arguments parameter will be removed in Ansible 2.9.
  • The nxos_ip_interface module is deprecated in Ansible 2.5. Use nxos_l3_interface module instead.
  • The nxos_portchannel module is deprecated in Ansible 2.5. Use nxos_linkagg module instead.
  • The nxos_switchport module is deprecated in Ansible 2.5. Use nxos_l2_interface module instead.
  • The ec2_ami_find has been deprecated; use ec2_ami_facts instead.
  • panos_security_policy: Use panos_security_rule - the old module uses deprecated API calls
  • vsphere_guest is deprecated in Ansible 2.5 and will be removed in Ansible-2.9. Use vmware_guest module instead.

Removed Features (previously deprecated)

  • accelerate.
  • boundary_meter: There was no deprecation period for this but the hosted service it relied on has gone away so the module has been removed. #29387
  • cl_ : cl_interface, cl_interface_policy, cl_bridge, cl_img_install, cl_ports, cl_license, cl_bond. Use nclu instead
  • docker. Use docker_container and docker_image instead.
  • ec2_vpc.
  • ec2_ami_search, use ec2_ami_facts instead.
  • nxos_mtu. Use nxos_system's system_mtu option instead. To specify an interface's MTU use nxos_interface.
  • panos_nat_policy: Use panos_nat_rule the old module uses deprecated API calls

New Lookup Plugins

  • aws_account_attribute: Query AWS account attributes such as EC2-Classic availability
  • aws_service_ip_ranges: Query AWS IP ranges for services such as EC2/S3
  • aws_ssm: Query AWS ssm data
  • config: Lookup Ansible settings
  • conjur_variable: Fetch credentials from CyberArk Conjur
  • k8s: Query the K8s API
  • nios: Query Infoblox NIOS objects
  • openshift: Return info from Openshift installation
  • redis: look up date from Redis DB, deprecates the redis_kv one.

New Callback Plugins

  • null
  • unixy
  • yaml

New Connection Plugins

  • kubectl
  • oc
  • netconf
  • network_cli

New Filter Plugins

  • parse_xml

New Modules

  • Cloud (amazon)
    • aws_acm_facts
    • aws_application_scaling_policy
    • aws_az_facts
    • aws_batch_compute_environment
    • aws_batch_job_definition
    • aws_batch_job_queue
    • aws_direct_connect_gateway
    • aws_direct_connect_virtual_interface
    • aws_elasticbeanstalk_app
    • aws_kms_facts
    • aws_region_facts
    • aws_s3_cors
    • aws_ses_identity
    • aws_ssm_parameter_store
    • aws_waf_condition
    • aws_waf_rule
    • aws_waf_web_acl
    • cloudfront_distribution
    • cloudfront_invalidation
    • cloudfront_origin_access_identity
    • cloudwatchlogs_log_group
    • cloudwatchlogs_log_group_facts
    • ec2_ami_facts
    • ec2_asg_lifecycle_hook
    • ec2_customer_gateway_facts
    • ec2_instance
    • ec2_placement_group
    • ec2_placement_group_facts
    • ec2_vpc_egress_igw
    • ecs_taskdefinition_facts
    • elasticache_facts
    • elb_target
    • iam_role_facts
    • iam_user
  • Cloud (azure)
    • azure_rm_containerinstance
    • azure_rm_containerregistry
    • azure_rm_image
    • azure_rm_keyvault
    • azure_rm_keyvaultkey
    • azure_rm_keyvaultsecret
    • azure_rm_mysqldatabase
    • azure_rm_mysqlserve
    • azure_rm_postgresqldatabase
    • azure_rm_postgresqlserver
    • azure_rm_sqldatabase
    • azure_rm_sqlserver
    • azure_rm_sqlserver_facts
  • Cloud (cloudstack)
    • cs_network_offering
    • cs_service_offering
    • cs_vpc_offering
    • cs_vpn_connection
    • cs_vpn_customer_gateway
  • Cloud (digital_ocean)
    • digital_ocean_certificate
    • digital_ocean_floating_ip_facts
    • digital_ocean_sshkey_facts
  • Cloud (google)
    • gcp_dns_managed_zone
  • Cloud (misc)
    • cloudscale_floating_ip
    • spotinst_aws_elastigroup
    • terraform
  • Cloud (oneandone)
    • oneandone_firewall_policy
    • oneandone_load_balancer
    • oneandone_monitoring_policy
    • oneandone_private_network
    • oneandone_public_ip
    • oneandone_server
  • Cloud (openstack)
    • os_keystone_endpoint
    • os_project_access
  • Cloud (ovirt)
    • ovirt_api_facts
    • ovirt_disk_facts
  • Cloud (vmware)
    • vcenter_folder
    • vmware_cfg_backup
    • vmware_datastore_facts
    • vmware_drs_rule_facts
    • vmware_guest_file_operation
    • vmware_guest_powerstate
    • vmware_host_acceptance
    • vmware_host_config_facts
    • vmware_host_config_manager
    • vmware_host_datastore
    • vmware_host_dns_facts
    • vmware_host_facts
    • vmware_host_firewall_facts
    • vmware_host_firewall_manager
    • vmware_host_lockdown
    • vmware_host_ntp
    • vmware_host_package_facts
    • vmware_host_service_facts
    • vmware_host_service_manager
    • vmware_host_vmnic_facts
    • vmware_local_role_manager
    • vmware_vm_vm_drs_rule
    • vmware_vmkernel_facts
  • Cloud (vultr)
    • vr_account_facts
    • vr_dns_domain
    • vr_dns_record
    • vr_firewall_group
    • vr_firewall_rule
    • vr_server
    • vr_ssh_key
    • vr_startup_script
    • vr_user
  • Clustering
    • etcd3
    • k8s
    • k8s_raw
    • k8s_scale
    • openshift
    • openshift_raw
    • openshift_scale
  • Crypto
    • openssl_dhparam
  • Database
    • influxdb
    • influxdb_query
    • influxdb_user
    • influxdb_write
  • Identity
    • ipa
    • ipa_dnszone
    • ipa_service
    • ipa_subca
    • keycloak
    • keycloak_client
    • keycloak_clienttemplate
  • Monitoring
    • grafana_dashboard
    • grafana_datasource
    • grafana_plugin
    • icinga2_host
    • zabbix
    • zabbix_proxy
    • zabbix_template
  • Net Tools
    • ip_netns
    • nios
    • nios_dns_view
    • nios_host_record
    • nios_network
    • nios_network_view
    • nios_zone
  • Network (aci)
    • aci_aaa_user
    • aci_aaa_user_certificate
    • aci_access_port_to_interface_policy_leaf_profile
    • aci_aep_to_domain
    • aci_domain
    • aci_domain_to_encap_pool
    • aci_domain_to_vlan_pool
    • aci_encap_pool
    • aci_encap_pool_range
    • aci_fabric_node
    • aci_firmware_source
    • aci_interface_policy_leaf_policy_group
    • aci_interface_policy_leaf_profile
    • aci_interface_selector_to_switch_policy_leaf_profile
    • aci_static_binding_to_epg
    • aci_switch_leaf_selector
    • aci_switch_policy_leaf_profile
    • aci_switch_policy_vpc_protection_group
    • aci_vlan_pool
    • aci_vlan_pool_encap_block
  • Network (avi)
    • avi_api_version
    • avi_clusterclouddetails
    • avi_customipamdnsprofile
    • avi_errorpagebody
    • avi_errorpageprofile
    • avi_gslbservice_patch_member
    • avi_wafpolicy
    • avi_wafprofile
  • Network (dimension data)
    • dimensiondata_vlan
  • Network (edgeos)
    • edgeos_command
    • edgeos_config
    • edgeos_facts
  • Network (enos)
    • enos_command
    • enos_config
    • enos_facts
  • Network (eos)
    • eos_interface
    • eos_l2_interface
    • eos_l3_interface
    • eos_linkagg
    • eos_lldp
    • eos_static_route
  • Network (f5)
    • bigip_asm_policy
    • bigip_device_connectivity
    • bigip_device_group
    • bigip_device_group_member
    • bigip_device_httpd
    • bigip_device_trust
    • bigip_gtm_server
    • bigip_iapplx_package
    • bigip_monitor_http
    • bigip_monitor_https
    • bigip_monitor_snmp_dca
    • bigip_monitor_udp
    • bigip_partition
    • bigip_policy
    • bigip_policy_rule
    • bigip_profile_client_ssl
    • bigip_remote_syslog
    • bigip_security_address_list
    • bigip_security_port_list
    • bigip_software_update
    • bigip_ssl_key
    • bigip_static_route
    • bigip_traffic_group
    • bigip_ucs_fetch
    • bigip_vcmp_guest
    • bigip_wait
    • bigiq_regkey_license
    • bigiq_regkey_pool
  • Network (fortimanager)
    • fmgr_script
  • Network (ios)
    • ios_l2_interface
    • ios_l3_interface
    • ios_linkagg
    • ios_lldp
    • ios_vlan
  • Network (iosxr)
    • iosxr_netconf
  • Network (ironware)
    • ironware_command
    • ironware_config
    • ironware_facts
  • Network (junos)
    • junos_l2_interface
    • junos_scp
  • Network (netact)
    • netact_cm_command
  • Network (netscaler)
    • netscaler_nitro_request
  • Network (nso)
    • nso_action
    • nso_config
    • nso_query
    • nso_show
    • nso_verify
  • Network (nxos)
    • nxos_l2_interface
    • nxos_l3_interface
    • nxos_linkagg
    • nxos_lldp
  • Network (onyx)
    • onyx_bgp
    • onyx_command
    • onyx_config
    • onyx_facts
    • onyx_interface
    • onyx_l2_interface
    • onyx_l3_interface
    • onyx_linkagg
    • onyx_lldp
    • onyx_lldp_interface
    • onyx_magp
    • onyx_mlag_ipl
    • onyx_mlag_vip
    • onyx_ospf
    • onyx_pfc_interface
    • onyx_protocol
    • onyx_vlan
  • Network (panos)
    • panos_dag_tags
    • panos_match_rule
    • panos_op
    • panos_query_rules
  • Network (radware)
    • vdirect_commit
    • vdirect_runnable
  • Network (vyos)
    • vyos_vlan
  • Notification
    • logentries_msg
    • say
    • snow_record
  • Packaging
    • os
    • package_facts
    • rhsm_repository
  • Remote Management (manageiq)
    • manageiq_alert_profiles
    • manageiq_alerts
    • manageiq_policies
    • manageiq_tags
  • Remote Management (oneview)
    • oneview_datacenter_facts
    • oneview_enclosure_facts
    • oneview_logical_interconnect_group
    • oneview_logical_interconnect_group_facts
    • oneview_san_manager_facts
  • Remote Management (ucs)
    • ucs_ip_pool
    • ucs_lan_connectivity
    • ucs_mac_pool
    • ucs_san_connectivity
    • ucs_vhba_template
    • ucs_vlans
    • ucs_vnic_template
    • ucs_vsans
    • ucs_wwn_pool
  • System
    • mksysb
    • nosh
    • service_facts
    • vdo
  • Web Infrastructure
    • jenkins_job_facts
  • Windows
    • win_audit_policy_system
    • win_audit_rule
    • win_certificate_store
    • win_disk_facts
    • win_product_facts
    • win_scheduled_task_stat
    • win_whoami

Bugfixes

  • tower* modules - fix credentials to work with v1 and v2 of Ansible Tower API
  • azure_rm modules - updated with internal changes to use API profiles and kwargs for future Azure Stack support and better stability between SDK updates. (#35538)
  • fixed memory bloat on nested includes by preventing blocks from self-parenting (#36075)
  • updated to ensure displayed messages under peristent connections are returned to the controller (#36064)
  • docker_container, docker_image, docker_network modules - Update to work with Docker SDK 3.1
  • edgeos_facts - fix error when there are no commit revisions (#37123)
  • eos_vrf and eos_eapi - fixed vrf parsing (#35791)
  • include_role - improved performance and recursion depth (#36470)
  • interface_file - now accepts interfaces without address family or method (#34200)
  • lineinfile - fixed insertion if pattern already exists (#33393)
  • lineinfile - fixed regexp used with insert(before|after) inserting duplicate lines (#36156)
  • Connection error messages may contain characters that jinja2 would interpret as a template. Wrap the error string so this doesn't happen (#37329)
  • nxos_evpn_vni - fixed a number of issues (#35930)
  • nxos_igmp_interface - fixed response handling for different nxos versions (#35959)
  • nxos_interface_ospf - added various bugfixes (#35988)
  • Fix onyx_linkagg module writing debugging information to a tempfile on the remote machine (#37308)
  • openshift modules - updated to client version 0.4.0 (#35127)
  • setup.py - Ensure we install ansible-config and ansible-inventory with pip install -e (#37151)
  • Fix for ansible*_interpreter on Python3 when using non-newstyle modules. Those include old-style ansible modules and Ansible modules written in non-python scripting languages (#36541)
  • Fix bytes/text handling in maven_artifact that was causing tracebacks on Python3
  • znode - fixed a bug calling the zookeeper API under Python3 #36999
  • Fix for unarchive when users use the --strip-components extra_opt to tar causing ansible to set permissions on the wrong directory. (#37048)
  • fixed templating issues in loop_control (#36124)
  • ansible-config - fixed traceback when no config file is present (#35965)
  • added various fixes to Linux virtualization facts (#36038)
  • fixed failure when remote_tmp is a subdir of a system tempdir (#36143)
  • ios_ping - updated to allow for count > 70 (#36142)
  • fix for ansible-vault always requesting passwords (#33027)
  • ios CLI - fixed prompt detection (#35662)
  • nxos_user - fixed structured output issue (#36193)
  • nxos* modules - various fixes (#36340)
  • nxos* modules - various fixes (#36374)
  • nxos_install_os - kickstart_image_file is no longer required (#36319)
  • script/patch - fixed tempfile ownership issues (#36398)
  • nxos_bgp_neighbor - fixed various module arg issues (#36318)
  • vyos_l3_interface - fixed issues with multiple addresses on an interface (#36377)
  • nxos_banner - fixed issues with unstructured output (#36411)
  • nxos_bgp_neighbor_af - fixed various issues (#36472)
  • vyos_config - fixed IndexError in sanitize_config (#36375)
  • cs_user - fixed user_api_secret return for ACS 4.10+ (#36447)
  • nxos* modules - various fixes (#36514)
  • fix cases where INVENTORY_UNPARSED_IS_FAILED didn't fail (#36034)
  • aws_ses_identity - fixed failure on missing identity info (#36065)
  • ec2_vpc_net_facts - fixed traceback for regions other than us-east-1 (#35302)
  • aws_waf* - fixed traceback on WAFStaleDataException (#36405)
  • ec2_group - fixed check_mode when using tags (#36503)
  • loop item labels will now update if templated (#36430)
  • (network)_vlan / (network)_vrf - decouple config/state check (#36704)
  • nxos_vlan / nxos_linkagg - fixed various issues (#36711)
  • nios - allow ib_spec attrs to be filtered in update (#36673)
  • nso_config / nso_verify - fixed various issues (#36583)
  • cs_sshkeypair - fixed ssh key rename (#36726)
  • cliconf - fixed get_config traceback (#36682)
  • impi_boot - added floppy option (#36174)
  • nso_config - fixed ordering issues (#36774)
  • nxos_facts - fixed ipv6 parsing issues on new nxos releases (#36796)
  • nso_config - fixed dependency sort cycle issue (#36828)
  • ovirt* - various fixes (#36828)
  • aws_ssm_parameter_store - added no_log to value arg (#36828)
  • openshift_raw - fixed creation of RoleBinding resources (#36887)
  • nxos_interface - fixed multiple issues (#36827)
  • junos_command - fixed Python3 issues (#36782)
  • ios_static_route - fixed idempotence issue (#35912)
  • terraform - fixed typo in module result stdout value (#37253)
  • setup - ensure that ansible_lo is properly nested under ansible_facts (#37360)
  • vmware_guest_snapshot - updated to always check for root snapshot (#36001)
  • vyos - added fixes to check mode support (#35977)
  • vyos_l3_interface - added support for localhost (#36141)
  • win_domain_controller - updated to only specify ReadOnlyReplica when necessary (#36017)
  • win_feature - will display a more helpful error when it fails during execution (#36491)
  • win_lineinfile - fixed issue where r and n as a string was converted to newline (#35100)
  • win_updates - fixed regression with string category names (#36015)
  • win_uri - return response info and content on a non 200 message
  • win_uri - fixed issues with the creates and removes options (#36016)
  • win_wait_for - fixed issue when trying to check a localport when the port is not available externally