adds GFS2 support (#12285)
* adds GFS support
* changes PR id
(cherry picked from commit 57739cbbd9)
Co-authored-by: Robert Sander <r.sander@heinlein-support.de>
filesystem: remove test setup for Ubuntu <16.04 (#12281)
* filesystem: remove test setup for Ubuntu <16.04
* more Ubuntu 16.04 refs
* and more old Ubuntu refs in tests
* and yet more truisms in tests conditionals
(cherry picked from commit b2a8fbe9c7)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Unhardcode dnf_config_manager DNF bin path (#12219)
Unhardcode the binary path to dnf in dnf_config_manager
(cherry picked from commit 07df65f293)
Co-authored-by: Maksym Hazevych <mhazevych@mailbox.org>
xbps: include `stdout` and `stderr` in module output (#12234)
* fix(xbps): add stdout/stderr to module output and fix error message typo
Include stdout and stderr from the last executed command in all
exit_json and fail_json calls so users can see the actual xbps output
when debugging failures (addresses issue #2478).
* test(xbps): add basic unit tests using uthelper
Cover install (new, already present, failure) and remove (installed,
absent) scenarios. Verifies stdout/stderr are propagated in output.
* changelog: add fragment for PR 12234
* Add version_added.
---------
(cherry picked from commit 7dc2441fc8)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
filesystem: re-enable (and fix) most tests for Alpine (#12274)
Re-enable (and fix) most tests for Alpine.
(cherry picked from commit 4775dfbcb2)
Co-authored-by: Felix Fontein <felix@fontein.de>
filesystem: handle BusyBox `blkid` output when detecting existing filesystem (#12235)
* fix(filesystem): handle BusyBox blkid output when detecting existing filesystem
BusyBox blkid ignores util-linux -o/-s flags and outputs the full device
info line instead of just the filesystem type. Parse the TYPE= field from
the raw output when it does not look like a plain type name.
Fixes#7283
* changelog: add fragment for PR 12235
(cherry picked from commit 33ae6c1018)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Antsibull-nox: split up unit tests by Python version (#12200)
* antsibull-nox: split up unit tests by Python version.
* Adjust syntax for Python-version specific unit tests.
* Update Python version in ansible-test example.
(cherry picked from commit 112050ee7a)
Co-authored-by: Felix Fontein <felix@fontein.de>
add go module to manage Go packages via go install (#12152)
* add golang_package module to manage Go packages via go install
Adds a new module to install, update, and remove Go packages
using go install. Supports inline version pinning in package
names (e.g. pkg/tool/cmd with version suffix).
Assisted-by: Claude Opus 4.6
* fix copyright year and BOTMETA alphabetical order
* fix environment keyword docs, add integration test aliases
- Use C(environment) instead of O(ignore:environment) for task keyword
- Add tests/integration/targets/golang_package/aliases for CI
- Fix setup.yml: handle Alpine/ArchLinux/FreeBSD package names, skip Go < 1.16
- Pin tests to x/tools v0.24.1 (only version compatible with Go 1.16-1.25)
* test signing trace
---------
(cherry picked from commit b34ef22c82)
Co-authored-by: Shreyash <shrbhosa@redhat.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
* Fix dnf_config_manager incompatibility with DNF5 (#12206)
* Extract fixtures from dnf_config_manager tests
* Implement support for DNF5
* Format code
(cherry picked from commit ff7f90fb4f)
* Exclude dnf_config_manager fixtures from trailing space check.
(cherry picked from commit ebb813680e)
---------
Co-authored-by: Maksym Hazevych <mhazevych@mailbox.org>
Co-authored-by: Felix Fontein <felix@fontein.de>
Revert "filesystem module gfs2 support (#12218)" (#12262)
This reverts commit 9c0051e325.
(cherry picked from commit f1317d3039)
Co-authored-by: Felix Fontein <felix@fontein.de>
Re-enable most filesystem tests (#12258)
* Re-enable most filesystem tests.
* Fix conditionals (ansible-core 2.19).
* Fedora also needs gfs2-utils.
* fatresize seems to be broken on Ubuntu.
* Install util-linux-extra on Debian/Ubuntu.
* Fix conditionals.
* Temporarily disable bcachefs tests on Arch (and thus on all platforms).
* [TEMP] Generally disable gfs2 tests.
(cherry picked from commit ed8afeb16b)
Co-authored-by: Felix Fontein <felix@fontein.de>
zypper_repository: fix `enabled`/`autorefresh`/`gpgcheck` being overridden by .repo file content (#12022)
* fix(zypper_repository): stop .repo file content overriding user-specified enabled/autorefresh/gpgcheck
When repo= pointed to a .repo file, values parsed from that file were
overwriting the desired state set from module params, causing enabled: false
to have no effect.
Fixes#8783
* changelog: add fragment for PR 12022
* fix(zypper_repository): preserve .repo file settings when parameters are not explicitly provided
When enabled/autorefresh/disable_gpg_check are not provided by the user,
fall back to values from the .repo file before applying hard defaults,
so that existing tasks relying on the .repo file content are not broken.
---------
(cherry picked from commit 6c2301db33)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
counter_enabled callback: display output for looped tasks (#12067)
* fix(counter_enabled): display output for looped tasks with delegate_to
Implement v2_runner_item_on_ok, v2_runner_item_on_failed, and
v2_runner_item_on_skipped so that looped tasks (including those
using delegate_to: localhost) produce visible output.
Also extract _host_label, _display_result_ok, _display_result_failed,
and _display_result_skipped helpers to eliminate repeated delegation
and message-building logic across the callback methods.
Fixes#8187
* changelog(counter_enabled): add fragment for PR #12067
* test(counter_enabled): add integration tests, adjust _host_label
* test(counter_enabled): migrate integration tests to callback test framework
* test(counter_enabled): fix integration tests to use set_fact instead of debug
---------
(cherry picked from commit f677c2ab7d)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
java_cert: fix PKCS12 password not passed to `keytool -list` (#12151)
* fix(java_cert): remove -noprompt from keytool -list to allow stdin password
-noprompt is not a valid option for keytool -list (only for importkeystore/
importcert). On Java 8, passing it caused keytool to skip reading the store
password from stdin, resulting in a null password and NullPointerException.
Fixes#3023
* test(java_cert): add idempotency test for pkcs12 import with password
Exercises _export_public_cert_from_pkcs12 when the alias already exists,
verifying the password is correctly read from stdin on the comparison path.
* changelog: add fragment for PR 12151
---------
(cherry picked from commit 994b756026)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
udm_dns_record: fix idempotency with shortened IPv6 addresses (#12149)
* fix(udm_dns_record): normalize IPv6 addresses before comparison
UCS stores IPv6 addresses in expanded form; providing a shortened address
causes obj.diff() to always detect a difference and report changed=True.
Normalize IPv6 values in the data dict to exploded form before updating
the Univention object.
Fixes#317
* changelog: add fragment for PR 12149
* add type hint
(cherry picked from commit 3fa258f5a8)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
launchd: fix `restarted` and `reloaded` always reporting `changed=False` (#12122)
* fix(launchd): restarted and reloaded always report changed
Both actions unconditionally execute commands (unload/load/start),
so changed must always be True in non-check mode, regardless of
whether the PID or state happened to match before and after.
* feat(changelog): add fragment for PR 12122
* fix(launchd): restarted and reloaded always report changed in check mode too
* consolidate if branches
---------
(cherry picked from commit b12c21f0ce)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
xml: preserve DOCTYPE declaration when writing XML files (#12148)
* fix(xml): preserve DOCTYPE declaration when writing XML files
Pass `doctype=tree.docinfo.doctype` to all `ElementTree.write()` calls
so lxml does not silently drop the DOCTYPE on serialization. Also replace
`etree.tostring()` with BytesIO+write() in the diff and xmlstring paths
for consistency.
Fixes#2762
* test(xml): add integration test for DOCTYPE preservation
* feat(changelog): add fragment for xml DOCTYPE fix (#12148)
---------
(cherry picked from commit 5004c9f70f)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
keycloak_realm_users_info: add missing doc fragment (#12236)
For some reason, the keycloak module defaults group doc fragment was missing.
(cherry picked from commit b738e42e24)
Co-authored-by: Felix Fontein <felix@fontein.de>
xenserver_guest_info: use fallback chain for VDI format detection (#12215)
* xenserver_guest_info: use fallback chain for VDI format detection
* changelog: add PR URL to
changelog fragment
* test: set mismatched vdi_type in vm-3 fixture to test fallback chain precedence
Set vdi_type to "vhd" while image-format remains "qcow2" so the unit
test verifies that image-format takes precedence in the fallback chain.
---------
(cherry picked from commit 4d72ec3299)
Co-authored-by: Shreyash <shrbhosa@redhat.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Add integration tests for filetree lookup exclude handling (#12205)
* Add unit tests for filetree lookup exclude handling
* Fix import order in filetree lookup unit tests
* Replace filetree unit tests with integration tests
* Fix lookup_filetree integration test setup directories
* Fix lookup_filetree integration test lookup term path
* Use remote_tmp_dir for lookup_filetree integration test files
(cherry picked from commit 4cc0fbd3af)
Co-authored-by: Santosh Mahale <santoshmahale7676@gmail.com>
remove references to FreeBSD versions that are no longer used in CI (#12195)
(cherry picked from commit 10d77d934b)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
fix: treat chdev execution failures as module errors in aix_devices (#12185)
* fix: treat chdev execution failures as module errors in aix_devices
##### SUMMARY
Fix the aix_devices module so that a failed chdev command is reported as a module failure instead of a successful result.
The previous implementation called fail_json incorrectly by returning success through the normal completion path when chdev returned a non-zero exit status. This could allow a playbook to continue even though the requested device attribute change was not applied.
This change replaces the success-style error handling with proper failure handling in the chdev execution path, making task results consistent with the actual command outcome.
##### ISSUE TYPE
- Bugfix Pull Request
##### COMPONENT NAME
aix_devices
##### ADDITIONAL INFORMATION
The affected code path is in change_device_attr() when the module executes chdev to apply attribute updates.
Before this change:
- chdev could fail
- the module could still report success
- later tasks could run against an unexpected system state
After this change:
- chdev failures are returned through fail_json
- the task stops with an error
- playbook behavior matches the real execution result
```paste below
Before:
module.exit_json(msg="Failed to run chdev.", rc=rc, err=err)
After:
module.fail_json(msg="Failed to run chdev.", rc=rc, err=err)
```
* Add changelog fragment for aix_devices chdev failure fix (#12185)
---------
(cherry picked from commit 213581bef8)
Co-authored-by: Hirofumi Arimoto <hiro0107@users.noreply.github.com>
Co-authored-by: Hirofumi Arimoto <harimoto@jp.ibm.com>
CI: Remove FreeBSD 14.2 (#12191)
Remove FreeBSD 14.2 from CI.
It seems to be finally EOL, with mirrors removed.
(cherry picked from commit 57ad07a94e)
Co-authored-by: Felix Fontein <felix@fontein.de>
opkg - path_prefix needs to be a list (#12182)
* opkg - path_prefix needs to be a list
path_prefix is passed to get_bin_path() which expects opt_dirs to be a list
of paths. Passing in a string instead of a list of paths results in incorrect
values being adding to the path when searching for the command to run.
* Add changelog
(cherry picked from commit 4d66b3dae8)
Co-authored-by: Sam Doran <sdoran@redhat.com>
filetree lookup: handle invalid exclude regex with AnsibleError (#12140)
* filetree lookup - handle invalid exclude regex with AnsibleError Wrap re.compile() for the exclude option so invalid regular expressions produce a clear AnsibleError instead of an uncaught re.error traceback.
* add changelog fragment
* add changelog fragment
* Fix changelog fragment line endings (LF)
* Used AnsibleLookupError instead of AnsibleError
* Update changelogs/fragments/12140-filetree-exclude-regex-error.yml
* Used AnsibleLookupError instead of AnsibleError
* Updated changelog format
---------
(cherry picked from commit 48db863096)
Co-authored-by: Santosh Mahale <santoshmahale7676@gmail.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
version_sort filter: fix example's description (#12167)
Fix description in example of community.general.version_sort filter
Example had some left overs, that were not aligned with code.
It was explaining conversion between tuples and dict. But example here maps list of strings to list of strings.
(cherry picked from commit 97b464deb3)
Co-authored-by: juremedvesek <jure.medvesek@xlab.si>
portage: include msg in depclean failure fail_json (#12168)
cleanup_packages() called module.fail_json(cmd=, rc=, stdout=, stderr=)
without the mandatory msg= argument. When the underlying emerge --depclean
exited non-zero, AnsibleModule.fail_json() itself crashed with
"AnsibleModule.fail_json() missing 1 required positional argument: 'msg'"
before the real failure could reach the controller, leaving users with no
diagnostic about why depclean actually failed.
Same wording style as the sibling install_packages() failure branch
("Packages not installed.").
(cherry picked from commit 1e3da48d70)
Co-authored-by: Yoann Gauthier-Colin <yoann@gwerlas.net>
redfish_config: fix `KeyError: 'ret'` when `SetManagerNic` cannot find a matching NIC (#12124)
* fix(redfish_config): return proper error dict when manager NIC not found
get_manager_ethernet_uri() returned an empty dict {} when no matching NIC
was found, causing a KeyError on 'ret' in main(). Now returns a consistent
{"ret": False, "msg": ...} like all other error paths in the function.
Fixes#5892
* feat(changelog): add fragment for PR 12124
(cherry picked from commit b799c6f579)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
test(integration): explicitly add executable to iso_extract on Fedora (#12162)
This provides a (temporary) workaround for https://bugzilla.redhat.com/show_bug.cgi?id=2373874:
On Fedora 43+ 7zip is unable to find the 7z.so module when it is not in the
same path as the 7z binary or in /usr/bin/
(cherry picked from commit cdd9c1ddde)
Co-authored-by: spike77453 <spike77453@users.noreply.github.com>
consul_kv: add `empty_value` option for null Consul values (#12120)
* feat(consul_kv): add empty_value option for null Consul values
Add the ``empty_value`` option to the ``consul_kv`` lookup plugin, allowing
users to control what is returned when a key exists in Consul but has a
null/empty value. Defaults to ``'None'`` to preserve existing behaviour.
* feat(changelog): add fragment for PR 12120
* feat(consul_kv): make empty_value a choices option
Replace the free-form string empty_value with a choices option:
textual_none (default, legacy behaviour), python_none, empty_string.
* docs(consul_kv): use dict form for empty_value choices
---------
(cherry picked from commit d46ce24abb)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
htpasswd: fix `hash_scheme` aliases and Apache-compatible bcrypt (#12123)
* fix(htpasswd): support HtpasswdFile aliases and Apache-compatible bcrypt
CryptContext does not recognise HtpasswdFile alias names such as
portable, portable_apache_24, host_apache_24, causing a KeyError.
In addition, building a CryptContext for bcrypt produced $2b$ hashes
that Apache rejects (it only accepts $2y$/$2a$).
Use htpasswd_context for schemes it already supports, fall back to
htpasswd_context on KeyError for aliases, and import CryptContext
from module_utils/_crypt.py instead of passlib directly.
Fixes#6135
* feat(changelog): add fragment for PR 12123
* fix(_crypt): silence DeprecationWarning when importing stdlib crypt
On Python 3.11/3.12, `import crypt` emits a DeprecationWarning that
ansible-test sanity --test import treats as an error. Suppress it since
the import is an intentional fallback when passlib is not available.
* fix(htpasswd): fix sanity ignores and bcrypt version constraint
- Revert _crypt.py DeprecationWarning suppression; add sanity ignore
entries for htpasswd.py import-3.11/3.12 instead (mirrors existing
entries for _crypt.py itself)
- Pin bcrypt<4.2 in integration tests: bcrypt 4.2 removed __about__
which passlib 1.7.x uses, breaking passlib.apache import
- Fix regex_search assertion to use 'is not none' for a boolean result
- Add bcrypt version constraint note to module documentation
* fix(htpasswd): handle system-installed bcrypt in integration tests
On Debian/Ubuntu, bcrypt may be installed by the system package manager
with no RECORD file, making pip downgrade impossible. Move bcrypt
installation into a self-contained block in test_schemes.yml with
ignore_errors, a functional passlib+bcrypt check, and always-cleanup.
Bcrypt tests are skipped when a compatible version cannot be used.
* refactor(htpasswd): extract obtain_crypt_context(); import CryptContext from passlib directly
Extract context selection logic into obtain_crypt_context(). Import
CryptContext inside the deps.declare("passlib") block instead of from
module_utils/_crypt.py — passlib is already a hard dependency and
other symbols are imported from it there. Remove now-unnecessary
htpasswd.py sanity import ignore entries.
---------
(cherry picked from commit 49ca175f01)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
parted: ignore MBR partition type codes in flags on SUSE systems (#12121)
* parted: ignore MBR partition type codes reported as flags by SUSE parted
SUSE's patched parted reports MBR partition type codes (e.g., type=8e for
Linux LVM) in the machine-parseable flags output. The module was trying to
unset these pseudo-flags via 'parted set N type=8e off', which is not a
valid parted command, causing the task to fail when using flags: [lvm] on
msdos-labelled disks on SUSE systems.
Fixes#6292
* feat(changelog): add fragment for PR 12121
* Update changelogs/fragments/12121-parted-suse-msdos-type-code.yml
---------
(cherry picked from commit 6e6199ae3d)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
xenserver_guest_info: add VDI uuid and vdi_type to disk info (#12119)
* xenserver_guest_info: add VDI uuid and vdi_type to disk info
Add uuid and vdi_type (VHD/QCOW2) fields to the disk information
returned by xenserver_guest_info module.
Fixes#11998
* changelog: add PR URL to changelog fragment
* xenserver_guest_info: add uuid and vdi_type to RETURN example output
(cherry picked from commit 9208cbfd43)
Co-authored-by: Shreyash <shrbhosa@redhat.com>
