Re-enable most filesystem tests (#12258)
* Re-enable most filesystem tests.
* Fix conditionals (ansible-core 2.19).
* Fedora also needs gfs2-utils.
* fatresize seems to be broken on Ubuntu.
* Install util-linux-extra on Debian/Ubuntu.
* Fix conditionals.
* Temporarily disable bcachefs tests on Arch (and thus on all platforms).
(cherry picked from commit ed8afeb16b)
zypper_repository: fix `enabled`/`autorefresh`/`gpgcheck` being overridden by .repo file content (#12022)
* fix(zypper_repository): stop .repo file content overriding user-specified enabled/autorefresh/gpgcheck
When repo= pointed to a .repo file, values parsed from that file were
overwriting the desired state set from module params, causing enabled: false
to have no effect.
Fixes#8783
* changelog: add fragment for PR 12022
* fix(zypper_repository): preserve .repo file settings when parameters are not explicitly provided
When enabled/autorefresh/disable_gpg_check are not provided by the user,
fall back to values from the .repo file before applying hard defaults,
so that existing tasks relying on the .repo file content are not broken.
---------
(cherry picked from commit 6c2301db33)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
counter_enabled callback: display output for looped tasks (#12067)
* fix(counter_enabled): display output for looped tasks with delegate_to
Implement v2_runner_item_on_ok, v2_runner_item_on_failed, and
v2_runner_item_on_skipped so that looped tasks (including those
using delegate_to: localhost) produce visible output.
Also extract _host_label, _display_result_ok, _display_result_failed,
and _display_result_skipped helpers to eliminate repeated delegation
and message-building logic across the callback methods.
Fixes#8187
* changelog(counter_enabled): add fragment for PR #12067
* test(counter_enabled): add integration tests, adjust _host_label
* test(counter_enabled): migrate integration tests to callback test framework
* test(counter_enabled): fix integration tests to use set_fact instead of debug
---------
(cherry picked from commit f677c2ab7d)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
java_cert: fix PKCS12 password not passed to `keytool -list` (#12151)
* fix(java_cert): remove -noprompt from keytool -list to allow stdin password
-noprompt is not a valid option for keytool -list (only for importkeystore/
importcert). On Java 8, passing it caused keytool to skip reading the store
password from stdin, resulting in a null password and NullPointerException.
Fixes#3023
* test(java_cert): add idempotency test for pkcs12 import with password
Exercises _export_public_cert_from_pkcs12 when the alias already exists,
verifying the password is correctly read from stdin on the comparison path.
* changelog: add fragment for PR 12151
---------
(cherry picked from commit 994b756026)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
udm_dns_record: fix idempotency with shortened IPv6 addresses (#12149)
* fix(udm_dns_record): normalize IPv6 addresses before comparison
UCS stores IPv6 addresses in expanded form; providing a shortened address
causes obj.diff() to always detect a difference and report changed=True.
Normalize IPv6 values in the data dict to exploded form before updating
the Univention object.
Fixes#317
* changelog: add fragment for PR 12149
* add type hint
(cherry picked from commit 3fa258f5a8)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
launchd: fix `restarted` and `reloaded` always reporting `changed=False` (#12122)
* fix(launchd): restarted and reloaded always report changed
Both actions unconditionally execute commands (unload/load/start),
so changed must always be True in non-check mode, regardless of
whether the PID or state happened to match before and after.
* feat(changelog): add fragment for PR 12122
* fix(launchd): restarted and reloaded always report changed in check mode too
* consolidate if branches
---------
(cherry picked from commit b12c21f0ce)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
xml: preserve DOCTYPE declaration when writing XML files (#12148)
* fix(xml): preserve DOCTYPE declaration when writing XML files
Pass `doctype=tree.docinfo.doctype` to all `ElementTree.write()` calls
so lxml does not silently drop the DOCTYPE on serialization. Also replace
`etree.tostring()` with BytesIO+write() in the diff and xmlstring paths
for consistency.
Fixes#2762
* test(xml): add integration test for DOCTYPE preservation
* feat(changelog): add fragment for xml DOCTYPE fix (#12148)
---------
(cherry picked from commit 5004c9f70f)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
fix: treat chdev execution failures as module errors in aix_devices (#12185)
* fix: treat chdev execution failures as module errors in aix_devices
##### SUMMARY
Fix the aix_devices module so that a failed chdev command is reported as a module failure instead of a successful result.
The previous implementation called fail_json incorrectly by returning success through the normal completion path when chdev returned a non-zero exit status. This could allow a playbook to continue even though the requested device attribute change was not applied.
This change replaces the success-style error handling with proper failure handling in the chdev execution path, making task results consistent with the actual command outcome.
##### ISSUE TYPE
- Bugfix Pull Request
##### COMPONENT NAME
aix_devices
##### ADDITIONAL INFORMATION
The affected code path is in change_device_attr() when the module executes chdev to apply attribute updates.
Before this change:
- chdev could fail
- the module could still report success
- later tasks could run against an unexpected system state
After this change:
- chdev failures are returned through fail_json
- the task stops with an error
- playbook behavior matches the real execution result
```paste below
Before:
module.exit_json(msg="Failed to run chdev.", rc=rc, err=err)
After:
module.fail_json(msg="Failed to run chdev.", rc=rc, err=err)
```
* Add changelog fragment for aix_devices chdev failure fix (#12185)
---------
(cherry picked from commit 213581bef8)
Co-authored-by: Hirofumi Arimoto <hiro0107@users.noreply.github.com>
Co-authored-by: Hirofumi Arimoto <harimoto@jp.ibm.com>
CI: Remove FreeBSD 14.2 (#12191)
Remove FreeBSD 14.2 from CI.
It seems to be finally EOL, with mirrors removed.
(cherry picked from commit 57ad07a94e)
Co-authored-by: Felix Fontein <felix@fontein.de>
opkg - path_prefix needs to be a list (#12182)
* opkg - path_prefix needs to be a list
path_prefix is passed to get_bin_path() which expects opt_dirs to be a list
of paths. Passing in a string instead of a list of paths results in incorrect
values being adding to the path when searching for the command to run.
* Add changelog
(cherry picked from commit 4d66b3dae8)
Co-authored-by: Sam Doran <sdoran@redhat.com>
filetree lookup: handle invalid exclude regex with AnsibleError (#12140)
* filetree lookup - handle invalid exclude regex with AnsibleError Wrap re.compile() for the exclude option so invalid regular expressions produce a clear AnsibleError instead of an uncaught re.error traceback.
* add changelog fragment
* add changelog fragment
* Fix changelog fragment line endings (LF)
* Used AnsibleLookupError instead of AnsibleError
* Update changelogs/fragments/12140-filetree-exclude-regex-error.yml
* Used AnsibleLookupError instead of AnsibleError
* Updated changelog format
---------
(cherry picked from commit 48db863096)
Co-authored-by: Santosh Mahale <santoshmahale7676@gmail.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
version_sort filter: fix example's description (#12167)
Fix description in example of community.general.version_sort filter
Example had some left overs, that were not aligned with code.
It was explaining conversion between tuples and dict. But example here maps list of strings to list of strings.
(cherry picked from commit 97b464deb3)
Co-authored-by: juremedvesek <jure.medvesek@xlab.si>
redfish_config: fix `KeyError: 'ret'` when `SetManagerNic` cannot find a matching NIC (#12124)
* fix(redfish_config): return proper error dict when manager NIC not found
get_manager_ethernet_uri() returned an empty dict {} when no matching NIC
was found, causing a KeyError on 'ret' in main(). Now returns a consistent
{"ret": False, "msg": ...} like all other error paths in the function.
Fixes#5892
* feat(changelog): add fragment for PR 12124
(cherry picked from commit b799c6f579)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
portage: include msg in depclean failure fail_json (#12168)
cleanup_packages() called module.fail_json(cmd=, rc=, stdout=, stderr=)
without the mandatory msg= argument. When the underlying emerge --depclean
exited non-zero, AnsibleModule.fail_json() itself crashed with
"AnsibleModule.fail_json() missing 1 required positional argument: 'msg'"
before the real failure could reach the controller, leaving users with no
diagnostic about why depclean actually failed.
Same wording style as the sibling install_packages() failure branch
("Packages not installed.").
(cherry picked from commit 1e3da48d70)
Co-authored-by: Yoann Gauthier-Colin <yoann@gwerlas.net>
test(integration): explicitly add executable to iso_extract on Fedora (#12162)
This provides a (temporary) workaround for https://bugzilla.redhat.com/show_bug.cgi?id=2373874:
On Fedora 43+ 7zip is unable to find the 7z.so module when it is not in the
same path as the 7z binary or in /usr/bin/
(cherry picked from commit cdd9c1ddde)
Co-authored-by: spike77453 <spike77453@users.noreply.github.com>
htpasswd: fix `hash_scheme` aliases and Apache-compatible bcrypt (#12123)
* fix(htpasswd): support HtpasswdFile aliases and Apache-compatible bcrypt
CryptContext does not recognise HtpasswdFile alias names such as
portable, portable_apache_24, host_apache_24, causing a KeyError.
In addition, building a CryptContext for bcrypt produced $2b$ hashes
that Apache rejects (it only accepts $2y$/$2a$).
Use htpasswd_context for schemes it already supports, fall back to
htpasswd_context on KeyError for aliases, and import CryptContext
from module_utils/_crypt.py instead of passlib directly.
Fixes#6135
* feat(changelog): add fragment for PR 12123
* fix(_crypt): silence DeprecationWarning when importing stdlib crypt
On Python 3.11/3.12, `import crypt` emits a DeprecationWarning that
ansible-test sanity --test import treats as an error. Suppress it since
the import is an intentional fallback when passlib is not available.
* fix(htpasswd): fix sanity ignores and bcrypt version constraint
- Revert _crypt.py DeprecationWarning suppression; add sanity ignore
entries for htpasswd.py import-3.11/3.12 instead (mirrors existing
entries for _crypt.py itself)
- Pin bcrypt<4.2 in integration tests: bcrypt 4.2 removed __about__
which passlib 1.7.x uses, breaking passlib.apache import
- Fix regex_search assertion to use 'is not none' for a boolean result
- Add bcrypt version constraint note to module documentation
* fix(htpasswd): handle system-installed bcrypt in integration tests
On Debian/Ubuntu, bcrypt may be installed by the system package manager
with no RECORD file, making pip downgrade impossible. Move bcrypt
installation into a self-contained block in test_schemes.yml with
ignore_errors, a functional passlib+bcrypt check, and always-cleanup.
Bcrypt tests are skipped when a compatible version cannot be used.
* refactor(htpasswd): extract obtain_crypt_context(); import CryptContext from passlib directly
Extract context selection logic into obtain_crypt_context(). Import
CryptContext inside the deps.declare("passlib") block instead of from
module_utils/_crypt.py — passlib is already a hard dependency and
other symbols are imported from it there. Remove now-unnecessary
htpasswd.py sanity import ignore entries.
---------
(cherry picked from commit 49ca175f01)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
parted: ignore MBR partition type codes in flags on SUSE systems (#12121)
* parted: ignore MBR partition type codes reported as flags by SUSE parted
SUSE's patched parted reports MBR partition type codes (e.g., type=8e for
Linux LVM) in the machine-parseable flags output. The module was trying to
unset these pseudo-flags via 'parted set N type=8e off', which is not a
valid parted command, causing the task to fail when using flags: [lvm] on
msdos-labelled disks on SUSE systems.
Fixes#6292
* feat(changelog): add fragment for PR 12121
* Update changelogs/fragments/12121-parted-suse-msdos-type-code.yml
---------
(cherry picked from commit 6e6199ae3d)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
unixy callback: fix KeyError when task is delegated to host without ansible_host set (#12113)
* fixes issue #12112
* adjust PR ID
* adjust PR ID, mistake was made
* adjust PR ID
* I messed up all these numbers
---------
(cherry picked from commit ef5b22d18e)
Co-authored-by: Stefan Midjich <stemid@users.noreply.github.com>
Co-authored-by: Stefan Midjich <stefan@sydit.se>
zpool: reduce disk usage in integration tests by using sparse files (#12128)
* zpool: use sparse files in integration tests to reduce diskspace usage
* changelog: add PR link to zpool disk space fragment
* remove changelog fragment for test-only change
(cherry picked from commit a794ccf127)
Co-authored-by: Shreyashxredhat <shrbhosa@redhat.com>
multiple: mark integration tests that run `pip install` as destructive (#12095)
test(integration): mark pip-installing tests as destructive
(cherry picked from commit b1c7700a1b)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
nmcli: fix check/diff for bond arp_interval and arp_ip_target (#11588) (#12085)
* nmcli: bond ARP options stop lying in check/diff (#11588)
Align arp_interval/arp_ip_target keys with bond.options parsing, route
ARP settings via +bond.options, and fix bond MTU false positives.
* Changelog: nmcli fragment gets PR links and clearer diff wording
Address reviewer feedback on #12085 — both entries now cite the PR URL
and the MTU entry says "incorrectly reports diff" instead of "false positives".
---------
(cherry picked from commit fdace38501)
Co-authored-by: Asif Draxi <47986843+AsifAd@users.noreply.github.com>
Co-authored-by: Asif Draxi <asif.draxi@blackline.com>
* Fix typing (#12078)
Fix typing.
ansible-core 2.21.0 is out and has more type definitions.
(cherry picked from commit e6ca0df592)
* Also add no-assert to 2.17 ignore file.
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
Fix flatpak id check (#12063)
* Fix flatpak id check
This PR fixes the flatpak ID check by allowing the last component of the ID to contain dashes. The regular expression will match the flatpak ID according to the flatpak specification. It matches all 4600+ IDs currently present in flathub.
Fixes#12062
* Add changelog fragment
* Update plugins/modules/flatpak.py
* Update changelog fragment.
---------
(cherry picked from commit 3558e3c74a)
Co-authored-by: Gerben Welter <gerben@welter.nu>
Co-authored-by: Felix Fontein <felix@fontein.de>
Mark nomad tests as unstable (#12072)
Mark nomad tests as unstable.
(cherry picked from commit 528c2879d5)
Co-authored-by: Felix Fontein <felix@fontein.de>
apt_rpm: fix upgrade of local RPM not present in repository (#9161) (#12039)
(cherry picked from commit c2485ea57b)
Co-authored-by: bne1hm <67783534+bne1hm@users.noreply.github.com>
packet_project and packet_sshkey: fix broken example plays (#12055)
Fix example plays.
(cherry picked from commit a15d9a3510)
Co-authored-by: Felix Fontein <felix@fontein.de>
CI: Replace Ubuntu 22.04 with 26.04 for ansible-core devel (#12052)
Replace Ubuntu 22.04 with 26.04 for devel.
(cherry picked from commit 2f96093dbf)
Co-authored-by: Felix Fontein <felix@fontein.de>
Setup pip path generic (#12045)
* setup_pip_path: use sysconfig to build pip scripts path generically
* setup_pip_path: calculate PATH prepended with pip installation path
* move environment up to block
* obtain path from pip itself
* apparently the python interpreter doesnt go into ansible_facts
* rename role to setup_pip_scripts_path
---------
(cherry picked from commit 5447d0eb4f)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Remove as maintainer (#11911)
Remove ownership
I do not maintain those modules anymore since years. I think the time
has come to remove at least my name from them.
(cherry picked from commit fba7da4394)
Co-authored-by: keachi <1687482+keachi@users.noreply.github.com>
bundler: replace deprecated CLI flags with `BUNDLE_*` env vars (#12024)
* fix(bundler): replace deprecated CLI flags with BUNDLE_* env vars
Bundler 2.1 deprecated --deployment, --without, --path, --clean, and
--binstubs; Bundler 4 has removed --clean entirely. Pass these options
as BUNDLE_* environment variables instead, which have been supported
since Bundler 1.0.0 and are scoped to the process (no persistent
.bundle/config written).
Fixes#4583, fixes#11380
* fix(bundler): add changelog fragment for PR #12024
---------
(cherry picked from commit 00060263a5)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
