fix: treat chdev execution failures as module errors in aix_devices (#12185)
* fix: treat chdev execution failures as module errors in aix_devices
##### SUMMARY
Fix the aix_devices module so that a failed chdev command is reported as a module failure instead of a successful result.
The previous implementation called fail_json incorrectly by returning success through the normal completion path when chdev returned a non-zero exit status. This could allow a playbook to continue even though the requested device attribute change was not applied.
This change replaces the success-style error handling with proper failure handling in the chdev execution path, making task results consistent with the actual command outcome.
##### ISSUE TYPE
- Bugfix Pull Request
##### COMPONENT NAME
aix_devices
##### ADDITIONAL INFORMATION
The affected code path is in change_device_attr() when the module executes chdev to apply attribute updates.
Before this change:
- chdev could fail
- the module could still report success
- later tasks could run against an unexpected system state
After this change:
- chdev failures are returned through fail_json
- the task stops with an error
- playbook behavior matches the real execution result
```paste below
Before:
module.exit_json(msg="Failed to run chdev.", rc=rc, err=err)
After:
module.fail_json(msg="Failed to run chdev.", rc=rc, err=err)
```
* Add changelog fragment for aix_devices chdev failure fix (#12185)
---------
(cherry picked from commit 213581bef8)
Co-authored-by: Hirofumi Arimoto <hiro0107@users.noreply.github.com>
Co-authored-by: Hirofumi Arimoto <harimoto@jp.ibm.com>
CI: Remove FreeBSD 14.2 (#12191)
Remove FreeBSD 14.2 from CI.
It seems to be finally EOL, with mirrors removed.
(cherry picked from commit 57ad07a94e)
Co-authored-by: Felix Fontein <felix@fontein.de>
opkg - path_prefix needs to be a list (#12182)
* opkg - path_prefix needs to be a list
path_prefix is passed to get_bin_path() which expects opt_dirs to be a list
of paths. Passing in a string instead of a list of paths results in incorrect
values being adding to the path when searching for the command to run.
* Add changelog
(cherry picked from commit 4d66b3dae8)
Co-authored-by: Sam Doran <sdoran@redhat.com>
filetree lookup: handle invalid exclude regex with AnsibleError (#12140)
* filetree lookup - handle invalid exclude regex with AnsibleError Wrap re.compile() for the exclude option so invalid regular expressions produce a clear AnsibleError instead of an uncaught re.error traceback.
* add changelog fragment
* add changelog fragment
* Fix changelog fragment line endings (LF)
* Used AnsibleLookupError instead of AnsibleError
* Update changelogs/fragments/12140-filetree-exclude-regex-error.yml
* Used AnsibleLookupError instead of AnsibleError
* Updated changelog format
---------
(cherry picked from commit 48db863096)
Co-authored-by: Santosh Mahale <santoshmahale7676@gmail.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
version_sort filter: fix example's description (#12167)
Fix description in example of community.general.version_sort filter
Example had some left overs, that were not aligned with code.
It was explaining conversion between tuples and dict. But example here maps list of strings to list of strings.
(cherry picked from commit 97b464deb3)
Co-authored-by: juremedvesek <jure.medvesek@xlab.si>
redfish_config: fix `KeyError: 'ret'` when `SetManagerNic` cannot find a matching NIC (#12124)
* fix(redfish_config): return proper error dict when manager NIC not found
get_manager_ethernet_uri() returned an empty dict {} when no matching NIC
was found, causing a KeyError on 'ret' in main(). Now returns a consistent
{"ret": False, "msg": ...} like all other error paths in the function.
Fixes#5892
* feat(changelog): add fragment for PR 12124
(cherry picked from commit b799c6f579)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
portage: include msg in depclean failure fail_json (#12168)
cleanup_packages() called module.fail_json(cmd=, rc=, stdout=, stderr=)
without the mandatory msg= argument. When the underlying emerge --depclean
exited non-zero, AnsibleModule.fail_json() itself crashed with
"AnsibleModule.fail_json() missing 1 required positional argument: 'msg'"
before the real failure could reach the controller, leaving users with no
diagnostic about why depclean actually failed.
Same wording style as the sibling install_packages() failure branch
("Packages not installed.").
(cherry picked from commit 1e3da48d70)
Co-authored-by: Yoann Gauthier-Colin <yoann@gwerlas.net>
test(integration): explicitly add executable to iso_extract on Fedora (#12162)
This provides a (temporary) workaround for https://bugzilla.redhat.com/show_bug.cgi?id=2373874:
On Fedora 43+ 7zip is unable to find the 7z.so module when it is not in the
same path as the 7z binary or in /usr/bin/
(cherry picked from commit cdd9c1ddde)
Co-authored-by: spike77453 <spike77453@users.noreply.github.com>
htpasswd: fix `hash_scheme` aliases and Apache-compatible bcrypt (#12123)
* fix(htpasswd): support HtpasswdFile aliases and Apache-compatible bcrypt
CryptContext does not recognise HtpasswdFile alias names such as
portable, portable_apache_24, host_apache_24, causing a KeyError.
In addition, building a CryptContext for bcrypt produced $2b$ hashes
that Apache rejects (it only accepts $2y$/$2a$).
Use htpasswd_context for schemes it already supports, fall back to
htpasswd_context on KeyError for aliases, and import CryptContext
from module_utils/_crypt.py instead of passlib directly.
Fixes#6135
* feat(changelog): add fragment for PR 12123
* fix(_crypt): silence DeprecationWarning when importing stdlib crypt
On Python 3.11/3.12, `import crypt` emits a DeprecationWarning that
ansible-test sanity --test import treats as an error. Suppress it since
the import is an intentional fallback when passlib is not available.
* fix(htpasswd): fix sanity ignores and bcrypt version constraint
- Revert _crypt.py DeprecationWarning suppression; add sanity ignore
entries for htpasswd.py import-3.11/3.12 instead (mirrors existing
entries for _crypt.py itself)
- Pin bcrypt<4.2 in integration tests: bcrypt 4.2 removed __about__
which passlib 1.7.x uses, breaking passlib.apache import
- Fix regex_search assertion to use 'is not none' for a boolean result
- Add bcrypt version constraint note to module documentation
* fix(htpasswd): handle system-installed bcrypt in integration tests
On Debian/Ubuntu, bcrypt may be installed by the system package manager
with no RECORD file, making pip downgrade impossible. Move bcrypt
installation into a self-contained block in test_schemes.yml with
ignore_errors, a functional passlib+bcrypt check, and always-cleanup.
Bcrypt tests are skipped when a compatible version cannot be used.
* refactor(htpasswd): extract obtain_crypt_context(); import CryptContext from passlib directly
Extract context selection logic into obtain_crypt_context(). Import
CryptContext inside the deps.declare("passlib") block instead of from
module_utils/_crypt.py — passlib is already a hard dependency and
other symbols are imported from it there. Remove now-unnecessary
htpasswd.py sanity import ignore entries.
---------
(cherry picked from commit 49ca175f01)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
parted: ignore MBR partition type codes in flags on SUSE systems (#12121)
* parted: ignore MBR partition type codes reported as flags by SUSE parted
SUSE's patched parted reports MBR partition type codes (e.g., type=8e for
Linux LVM) in the machine-parseable flags output. The module was trying to
unset these pseudo-flags via 'parted set N type=8e off', which is not a
valid parted command, causing the task to fail when using flags: [lvm] on
msdos-labelled disks on SUSE systems.
Fixes#6292
* feat(changelog): add fragment for PR 12121
* Update changelogs/fragments/12121-parted-suse-msdos-type-code.yml
---------
(cherry picked from commit 6e6199ae3d)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
unixy callback: fix KeyError when task is delegated to host without ansible_host set (#12113)
* fixes issue #12112
* adjust PR ID
* adjust PR ID, mistake was made
* adjust PR ID
* I messed up all these numbers
---------
(cherry picked from commit ef5b22d18e)
Co-authored-by: Stefan Midjich <stemid@users.noreply.github.com>
Co-authored-by: Stefan Midjich <stefan@sydit.se>
zpool: reduce disk usage in integration tests by using sparse files (#12128)
* zpool: use sparse files in integration tests to reduce diskspace usage
* changelog: add PR link to zpool disk space fragment
* remove changelog fragment for test-only change
(cherry picked from commit a794ccf127)
Co-authored-by: Shreyashxredhat <shrbhosa@redhat.com>
multiple: mark integration tests that run `pip install` as destructive (#12095)
test(integration): mark pip-installing tests as destructive
(cherry picked from commit b1c7700a1b)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
nmcli: fix check/diff for bond arp_interval and arp_ip_target (#11588) (#12085)
* nmcli: bond ARP options stop lying in check/diff (#11588)
Align arp_interval/arp_ip_target keys with bond.options parsing, route
ARP settings via +bond.options, and fix bond MTU false positives.
* Changelog: nmcli fragment gets PR links and clearer diff wording
Address reviewer feedback on #12085 — both entries now cite the PR URL
and the MTU entry says "incorrectly reports diff" instead of "false positives".
---------
(cherry picked from commit fdace38501)
Co-authored-by: Asif Draxi <47986843+AsifAd@users.noreply.github.com>
Co-authored-by: Asif Draxi <asif.draxi@blackline.com>
* Fix typing (#12078)
Fix typing.
ansible-core 2.21.0 is out and has more type definitions.
(cherry picked from commit e6ca0df592)
* Also add no-assert to 2.17 ignore file.
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
Fix flatpak id check (#12063)
* Fix flatpak id check
This PR fixes the flatpak ID check by allowing the last component of the ID to contain dashes. The regular expression will match the flatpak ID according to the flatpak specification. It matches all 4600+ IDs currently present in flathub.
Fixes#12062
* Add changelog fragment
* Update plugins/modules/flatpak.py
* Update changelog fragment.
---------
(cherry picked from commit 3558e3c74a)
Co-authored-by: Gerben Welter <gerben@welter.nu>
Co-authored-by: Felix Fontein <felix@fontein.de>
Mark nomad tests as unstable (#12072)
Mark nomad tests as unstable.
(cherry picked from commit 528c2879d5)
Co-authored-by: Felix Fontein <felix@fontein.de>
apt_rpm: fix upgrade of local RPM not present in repository (#9161) (#12039)
(cherry picked from commit c2485ea57b)
Co-authored-by: bne1hm <67783534+bne1hm@users.noreply.github.com>
packet_project and packet_sshkey: fix broken example plays (#12055)
Fix example plays.
(cherry picked from commit a15d9a3510)
Co-authored-by: Felix Fontein <felix@fontein.de>
CI: Replace Ubuntu 22.04 with 26.04 for ansible-core devel (#12052)
Replace Ubuntu 22.04 with 26.04 for devel.
(cherry picked from commit 2f96093dbf)
Co-authored-by: Felix Fontein <felix@fontein.de>
Setup pip path generic (#12045)
* setup_pip_path: use sysconfig to build pip scripts path generically
* setup_pip_path: calculate PATH prepended with pip installation path
* move environment up to block
* obtain path from pip itself
* apparently the python interpreter doesnt go into ansible_facts
* rename role to setup_pip_scripts_path
---------
(cherry picked from commit 5447d0eb4f)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Remove as maintainer (#11911)
Remove ownership
I do not maintain those modules anymore since years. I think the time
has come to remove at least my name from them.
(cherry picked from commit fba7da4394)
Co-authored-by: keachi <1687482+keachi@users.noreply.github.com>
bundler: replace deprecated CLI flags with `BUNDLE_*` env vars (#12024)
* fix(bundler): replace deprecated CLI flags with BUNDLE_* env vars
Bundler 2.1 deprecated --deployment, --without, --path, --clean, and
--binstubs; Bundler 4 has removed --clean entirely. Pass these options
as BUNDLE_* environment variables instead, which have been supported
since Bundler 1.0.0 and are scoped to the process (no persistent
.bundle/config written).
Fixes#4583, fixes#11380
* fix(bundler): add changelog fragment for PR #12024
---------
(cherry picked from commit 00060263a5)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
datadog_downtime: handle uuid.UUID type in API response (#12019)
* fix(datadog_downtime): convert uuid field to str for datadog-api-client>=2.28.0
* changelog: add fragment for PR 12019
---------
(cherry picked from commit 171feb5a2c)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
gitlab_user: update SSH keys when key material changes (#11996)
* gitlab_user: update SSH keys when key material changes
Compare SSH keys by key type and key material so comment-only differences remain idempotent while changed keys are replaced. Add unit and integration coverage for SSH key updates.
Fixes#6516
* gitlab_user: add SSH key update modes
Restore backward-compatible same-name SSH key handling by default and
add explicit update and deduplicate modes for controlled replacement
behavior.
Refs: #6516
* Apply suggestions from code review
---------
(cherry picked from commit 2cb4a5d4e7)
Co-authored-by: Fulvius <31437530+LCerebo@users.noreply.github.com>
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
xml: fix `print_match` not populating `matches` return value (#12013)
* fix(xml): populate matches when print_match is set, fix returned doc
* test(xml): add integration tests for print_match
* changelog: add fragment for PR 12013
---------
(cherry picked from commit abef8f2aed)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
pam_limits: only create backup file when content actually changes (#12014)
* fix(pam_limits): only create backup when file is actually changed
Fixes#12011
* changelog: add fragment for PR 12014
---------
(cherry picked from commit b8659f5c61)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Fix gitlab_hook: add default value for releases_events parameter (#11917)
* Fix gitlab_hook: only pass releases_events to API when specified
The releases_events parameter now only gets passed to the GitLab API:
- On create: always passed (fixes 500 error when not specified)
- On update: only passed when explicitly specified by user
This avoids forcing the releases_events value during updates when not
intended by the user.
Fixes: https://github.com/ansible-collections/community.general/issues/11269
* Add changelog fragment for gitlab_hook releases_events fix
Fixes: https://github.com/ansible-collections/community.general/issues/11269
* Add PR link to changelog fragment
* Use .get() for safer dict access in releases_events handling
* Update plugins/modules/gitlab_hook.py
remove `.get()`
* Update plugins/modules/gitlab_hook.py
Remove the null check for `options[“releases_events”]`
---------
(cherry picked from commit 798439f1fe)
Co-authored-by: RealCharlesChia <161665317+RealCharlesChia@users.noreply.github.com>
Co-authored-by: Charles Chia <charleschia@email.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
jenkins_credential: improve example and description in documentation (#11922)
* Fixes and improvements for better undestanding of the module
- Fixed token generation syntax to use `name` instead of `id`.
- Changed `token: {{ token }}` to `token: {{ token_result.token }}` to show accessing token from the registered variable, essentially making the entire Example section a playbook capable of full execution.
- Added notes in the Example section about the intended approach for storing and accessing tokens.
- Mentioned about not using `id` for token generation in the parameter's description.
* Applying FQCN for the `ansible.builtin.copy` module
* Shortened the notes about storing and accessing Jenkins token.
* Added line breaks to reduce width of the shortened notes
- Added line breaks to reduce the width of the shortened note from commit #5bc225b.
- Numbered and indented the notes for clear distinction.
* Changed token storage example to use INI instead of CSV format
---------
(cherry picked from commit cdd0d2521e)
Co-authored-by: Sonal Karmakar <234934724+sonalkarmakar@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
filetree lookup: document RETURN value `state` (#11997)
* Clarify 'state' parameter description in filetree.py
Updated the description for the 'state' parameter to clarify entry types and their meanings.
* Apply suggestion from felixfontein related to description
---------
(cherry picked from commit 240ff65311)
Co-authored-by: Santosh Mahale <santoshmahale7676@gmail.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
seport: fix idempotency when port is covered by an existing range (#11994)
* fix(seport): handle port overlap with existing ranges
Fixes idempotency when a requested port is already covered by an
existing range registered for the same setype/proto. Also improves
the error message when libsemanage raises FileNotFoundError on a
port overlap validation failure.
Fixes#10105
* chore(seport): add changelog fragment for #11994
---------
(cherry picked from commit a43006c7cb)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
ldap_attrs: fix case-insensitive attribute lookup in `state=exact` (#11990)
* fix(ldap_attrs): case-insensitive attribute lookup in _get_all_values_of
LDAP attribute names are case-insensitive (RFC 4512), but the previous
code used a case-sensitive dict lookup on the server's response. When
the server returns an attribute with different casing than requested,
the lookup returns [] causing state=exact to issue MOD_ADD instead of
MOD_REPLACE, which fails on single-valued attributes that already have
a value.
Fixes#1624
* feat(changelogs): add fragment for ldap_attrs fix#11990
---------
(cherry picked from commit 645dd2d448)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
