fix: treat chdev execution failures as module errors in aix_devices (#12185)
* fix: treat chdev execution failures as module errors in aix_devices
##### SUMMARY
Fix the aix_devices module so that a failed chdev command is reported as a module failure instead of a successful result.
The previous implementation called fail_json incorrectly by returning success through the normal completion path when chdev returned a non-zero exit status. This could allow a playbook to continue even though the requested device attribute change was not applied.
This change replaces the success-style error handling with proper failure handling in the chdev execution path, making task results consistent with the actual command outcome.
##### ISSUE TYPE
- Bugfix Pull Request
##### COMPONENT NAME
aix_devices
##### ADDITIONAL INFORMATION
The affected code path is in change_device_attr() when the module executes chdev to apply attribute updates.
Before this change:
- chdev could fail
- the module could still report success
- later tasks could run against an unexpected system state
After this change:
- chdev failures are returned through fail_json
- the task stops with an error
- playbook behavior matches the real execution result
```paste below
Before:
module.exit_json(msg="Failed to run chdev.", rc=rc, err=err)
After:
module.fail_json(msg="Failed to run chdev.", rc=rc, err=err)
```
* Add changelog fragment for aix_devices chdev failure fix (#12185)
---------
(cherry picked from commit 213581bef8)
Co-authored-by: Hirofumi Arimoto <hiro0107@users.noreply.github.com>
Co-authored-by: Hirofumi Arimoto <harimoto@jp.ibm.com>
opkg - path_prefix needs to be a list (#12182)
* opkg - path_prefix needs to be a list
path_prefix is passed to get_bin_path() which expects opt_dirs to be a list
of paths. Passing in a string instead of a list of paths results in incorrect
values being adding to the path when searching for the command to run.
* Add changelog
(cherry picked from commit 4d66b3dae8)
Co-authored-by: Sam Doran <sdoran@redhat.com>
filetree lookup: handle invalid exclude regex with AnsibleError (#12140)
* filetree lookup - handle invalid exclude regex with AnsibleError Wrap re.compile() for the exclude option so invalid regular expressions produce a clear AnsibleError instead of an uncaught re.error traceback.
* add changelog fragment
* add changelog fragment
* Fix changelog fragment line endings (LF)
* Used AnsibleLookupError instead of AnsibleError
* Update changelogs/fragments/12140-filetree-exclude-regex-error.yml
* Used AnsibleLookupError instead of AnsibleError
* Updated changelog format
---------
(cherry picked from commit 48db863096)
Co-authored-by: Santosh Mahale <santoshmahale7676@gmail.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
portage: include msg in depclean failure fail_json (#12168)
cleanup_packages() called module.fail_json(cmd=, rc=, stdout=, stderr=)
without the mandatory msg= argument. When the underlying emerge --depclean
exited non-zero, AnsibleModule.fail_json() itself crashed with
"AnsibleModule.fail_json() missing 1 required positional argument: 'msg'"
before the real failure could reach the controller, leaving users with no
diagnostic about why depclean actually failed.
Same wording style as the sibling install_packages() failure branch
("Packages not installed.").
(cherry picked from commit 1e3da48d70)
Co-authored-by: Yoann Gauthier-Colin <yoann@gwerlas.net>
redfish_config: fix `KeyError: 'ret'` when `SetManagerNic` cannot find a matching NIC (#12124)
* fix(redfish_config): return proper error dict when manager NIC not found
get_manager_ethernet_uri() returned an empty dict {} when no matching NIC
was found, causing a KeyError on 'ret' in main(). Now returns a consistent
{"ret": False, "msg": ...} like all other error paths in the function.
Fixes#5892
* feat(changelog): add fragment for PR 12124
(cherry picked from commit b799c6f579)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
consul_kv: add `empty_value` option for null Consul values (#12120)
* feat(consul_kv): add empty_value option for null Consul values
Add the ``empty_value`` option to the ``consul_kv`` lookup plugin, allowing
users to control what is returned when a key exists in Consul but has a
null/empty value. Defaults to ``'None'`` to preserve existing behaviour.
* feat(changelog): add fragment for PR 12120
* feat(consul_kv): make empty_value a choices option
Replace the free-form string empty_value with a choices option:
textual_none (default, legacy behaviour), python_none, empty_string.
* docs(consul_kv): use dict form for empty_value choices
---------
(cherry picked from commit d46ce24abb)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
htpasswd: fix `hash_scheme` aliases and Apache-compatible bcrypt (#12123)
* fix(htpasswd): support HtpasswdFile aliases and Apache-compatible bcrypt
CryptContext does not recognise HtpasswdFile alias names such as
portable, portable_apache_24, host_apache_24, causing a KeyError.
In addition, building a CryptContext for bcrypt produced $2b$ hashes
that Apache rejects (it only accepts $2y$/$2a$).
Use htpasswd_context for schemes it already supports, fall back to
htpasswd_context on KeyError for aliases, and import CryptContext
from module_utils/_crypt.py instead of passlib directly.
Fixes#6135
* feat(changelog): add fragment for PR 12123
* fix(_crypt): silence DeprecationWarning when importing stdlib crypt
On Python 3.11/3.12, `import crypt` emits a DeprecationWarning that
ansible-test sanity --test import treats as an error. Suppress it since
the import is an intentional fallback when passlib is not available.
* fix(htpasswd): fix sanity ignores and bcrypt version constraint
- Revert _crypt.py DeprecationWarning suppression; add sanity ignore
entries for htpasswd.py import-3.11/3.12 instead (mirrors existing
entries for _crypt.py itself)
- Pin bcrypt<4.2 in integration tests: bcrypt 4.2 removed __about__
which passlib 1.7.x uses, breaking passlib.apache import
- Fix regex_search assertion to use 'is not none' for a boolean result
- Add bcrypt version constraint note to module documentation
* fix(htpasswd): handle system-installed bcrypt in integration tests
On Debian/Ubuntu, bcrypt may be installed by the system package manager
with no RECORD file, making pip downgrade impossible. Move bcrypt
installation into a self-contained block in test_schemes.yml with
ignore_errors, a functional passlib+bcrypt check, and always-cleanup.
Bcrypt tests are skipped when a compatible version cannot be used.
* refactor(htpasswd): extract obtain_crypt_context(); import CryptContext from passlib directly
Extract context selection logic into obtain_crypt_context(). Import
CryptContext inside the deps.declare("passlib") block instead of from
module_utils/_crypt.py — passlib is already a hard dependency and
other symbols are imported from it there. Remove now-unnecessary
htpasswd.py sanity import ignore entries.
---------
(cherry picked from commit 49ca175f01)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
parted: ignore MBR partition type codes in flags on SUSE systems (#12121)
* parted: ignore MBR partition type codes reported as flags by SUSE parted
SUSE's patched parted reports MBR partition type codes (e.g., type=8e for
Linux LVM) in the machine-parseable flags output. The module was trying to
unset these pseudo-flags via 'parted set N type=8e off', which is not a
valid parted command, causing the task to fail when using flags: [lvm] on
msdos-labelled disks on SUSE systems.
Fixes#6292
* feat(changelog): add fragment for PR 12121
* Update changelogs/fragments/12121-parted-suse-msdos-type-code.yml
---------
(cherry picked from commit 6e6199ae3d)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
xenserver_guest_info: add VDI uuid and vdi_type to disk info (#12119)
* xenserver_guest_info: add VDI uuid and vdi_type to disk info
Add uuid and vdi_type (VHD/QCOW2) fields to the disk information
returned by xenserver_guest_info module.
Fixes#11998
* changelog: add PR URL to changelog fragment
* xenserver_guest_info: add uuid and vdi_type to RETURN example output
(cherry picked from commit 9208cbfd43)
Co-authored-by: Shreyash <shrbhosa@redhat.com>
unixy callback: fix KeyError when task is delegated to host without ansible_host set (#12113)
* fixes issue #12112
* adjust PR ID
* adjust PR ID, mistake was made
* adjust PR ID
* I messed up all these numbers
---------
(cherry picked from commit ef5b22d18e)
Co-authored-by: Stefan Midjich <stemid@users.noreply.github.com>
Co-authored-by: Stefan Midjich <stefan@sydit.se>
snap: enforce hold when installing at a specific revision (#12097)
* snap: enforce hold when installing at a specific revision
When `revision` is specified, run `snap refresh --hold` after install/refresh
to actually pin the snap and prevent automatic updates from overriding it.
Detects hold-mismatch idempotently via the Notes column of `snap list`.
Fixes#12088
* feat(changelog): add fragment for snap hold fix (#12097)
* test(snap): remove incorrect manual-refresh assertion from hold test
snap refresh --hold only blocks the snapd auto-refresh daemon; a manual
snap refresh bypasses the hold. Remove the block that ran snap refresh
manually and asserted the revision was unchanged.
* snap: add bare-refresh hold test and docs warning for manual refresh bypass
---------
(cherry picked from commit 850ef03fe7)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
iptables_state: clean up code (#12093)
* Get rid of unnecessary dummy variables.
* wrap_async isn't defined if the if condition isn't true.
* _back is in module_args if and only if both starter_cmd and confirm_cmd are not None.
* Add changelog.
(cherry picked from commit 1bf5e6e69a)
Co-authored-by: Felix Fontein <felix@fontein.de>
nmcli: fix check/diff for bond arp_interval and arp_ip_target (#11588) (#12085)
* nmcli: bond ARP options stop lying in check/diff (#11588)
Align arp_interval/arp_ip_target keys with bond.options parsing, route
ARP settings via +bond.options, and fix bond MTU false positives.
* Changelog: nmcli fragment gets PR links and clearer diff wording
Address reviewer feedback on #12085 — both entries now cite the PR URL
and the MTU entry says "incorrectly reports diff" instead of "false positives".
---------
(cherry picked from commit fdace38501)
Co-authored-by: Asif Draxi <47986843+AsifAd@users.noreply.github.com>
Co-authored-by: Asif Draxi <asif.draxi@blackline.com>
* Start opentelemetry spans on host start instead of task start
v2_playbook_on_task_start does not have the host information, so spans
would always start at the same time for every host in that task, even if
they started at different times, like when hosts > forks with strategy
host_pinned. This also hides the duration of the task for that host.
This change uses the newer v2_runner_on_start callback and adds the acutal
host start time to the span. The change is backwards compatible with ansible
versions that do not have v2_runner_on_start and makes no assumptions around
the ordering of v2_runner_on_start and v2_playbook_on_task_start.
* Add changelog fragment
* Remove redundant callback hooks
v2_runner_on_starts gets called by ansible right after the strategy has called on_task_start or on_handler_start. So there is no need to keep this code as the minimum ansible-core version is guaranteed to have this function. on_cleanup (removed around ansible-core 2.0) and on_no_hosts (removed around ansible-core 2.5) never get called.
* Fix unreachable hosts causing exceptions
If finish_task is never called for a host the result object stays None, which caused an exception in update_span_data. This was the case for unreachable hosts, as the callback plugin did not implement v2_runner_on_unreachable.
* Fix import order in test_opentelemetry
* Fix flatpak id check
This PR fixes the flatpak ID check by allowing the last component of the ID to contain dashes. The regular expression will match the flatpak ID according to the flatpak specification. It matches all 4600+ IDs currently present in flathub.
Fixes#12062
* Add changelog fragment
* Update plugins/modules/flatpak.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update changelog fragment.
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* fix(xml): no-op when predicated xpath finds no match instead of creating nodes
When using xpath like element[text()='old'] with value=new, a no-match due
to the predicate not being satisfied incorrectly triggered node creation,
corrupting the XML. Now treats predicate misses as a no-op.
Fixes#8730
* changelog(xml): add fragment for PR #12031
* fix(xml): remove spurious test-unset-element-value include from main.yml
That file belongs to a different branch and was accidentally dragged in
during a stash conflict resolution.
* feat(xml): add create_if_missing option to control node creation on value no-match
Instead of implicitly creating nodes when value is set and xpath finds no match,
expose create_if_missing (default true, preserving old behavior) so callers
can opt into a silent no-op with create_if_missing=false.
Fixes#8730
* feat: Custom telegram api host
* fix: default param telegram api host
* fix: default api_host for DOCUMENTATION
* fix: Documentation and example
* changelog: add bugfix fragment for telegram api_host
* fix: use [] for module.params access
* feat(snap): support snap system configuration via name=system
Treat `system` as a virtual snap that is always considered installed,
bypassing snap info lookup and install/refresh logic, while still
allowing snap set/get operations via the options parameter.
Fixes#11266
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* docs(snap): note version_added for system support; add changelog fragment
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* gitlab_user: update SSH keys when key material changes
Compare SSH keys by key type and key material so comment-only differences remain idempotent while changed keys are replaced. Add unit and integration coverage for SSH key updates.
Fixes#6516
* gitlab_user: add SSH key update modes
Restore backward-compatible same-name SSH key handling by default and
add explicit update and deduplicate modes for controlled replacement
behavior.
Refs: #6516
* Apply suggestions from code review
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
---------
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* fix(bundler): replace deprecated CLI flags with BUNDLE_* env vars
Bundler 2.1 deprecated --deployment, --without, --path, --clean, and
--binstubs; Bundler 4 has removed --clean entirely. Pass these options
as BUNDLE_* environment variables instead, which have been supported
since Bundler 1.0.0 and are scoped to the process (no persistent
.bundle/config written).
Fixes#4583, fixes#11380
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(bundler): add changelog fragment for PR #12024
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(datadog_downtime): convert uuid field to str for datadog-api-client>=2.28.0
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* changelog: add fragment for PR 12019
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(nmap inventory): add skip_host_discovery option (-Pn)
Adds skip_host_discovery option to suppress nmap's default host
discovery probes (TCP SYN to 80/443), which caused unexpected traffic
when scanning remote hosts over VPN or through firewalls.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* changelog: add fragment for nmap skip_host_discovery option (#11955)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(xml): populate matches when print_match is set, fix returned doc
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* test(xml): add integration tests for print_match
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* changelog: add fragment for PR 12013
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(pam_limits): only create backup when file is actually changed
Fixes#12011
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* changelog: add fragment for PR 12014
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* Fix gitlab_hook: only pass releases_events to API when specified
The releases_events parameter now only gets passed to the GitLab API:
- On create: always passed (fixes 500 error when not specified)
- On update: only passed when explicitly specified by user
This avoids forcing the releases_events value during updates when not
intended by the user.
Fixes: https://github.com/ansible-collections/community.general/issues/11269
* Add changelog fragment for gitlab_hook releases_events fix
Fixes: https://github.com/ansible-collections/community.general/issues/11269
* Add PR link to changelog fragment
* Use .get() for safer dict access in releases_events handling
* Update plugins/modules/gitlab_hook.py
remove `.get()`
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/gitlab_hook.py
Remove the null check for `options[“releases_events”]`
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Charles Chia <charleschia@email.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
* refactor(nomad): extract common connection logic into _nomad module_utils
Fixes#7688
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* changelog: add fragment for PR 11957
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* refactor(nomad): use direct param access instead of params.get()
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(nomad): fix mypy errors in _nomad module utils
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(iso_create): add bootable ISO support via El Torito boot_options
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(changelogs): add fragment for iso_create bootable ISO support #11991
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* Update plugins/modules/iso_create.py
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add support for AddressFamily parameter in ssh_config.
* Added changelog fragment.
* Update changelog fragment with PR link placeholder
* Fixed formatting.
* Fixed format of changelog fragment.
* Add PR number to changelog fragment.
* Incorporated review findings.
* Typo fix.
Co-authored-by: Felix Fontein <felix@fontein.de>
* Limit to allowed values.
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
