opkg - path_prefix needs to be a list (#12182)
* opkg - path_prefix needs to be a list
path_prefix is passed to get_bin_path() which expects opt_dirs to be a list
of paths. Passing in a string instead of a list of paths results in incorrect
values being adding to the path when searching for the command to run.
* Add changelog
(cherry picked from commit 4d66b3dae8)
Co-authored-by: Sam Doran <sdoran@redhat.com>
filetree lookup: handle invalid exclude regex with AnsibleError (#12140)
* filetree lookup - handle invalid exclude regex with AnsibleError Wrap re.compile() for the exclude option so invalid regular expressions produce a clear AnsibleError instead of an uncaught re.error traceback.
* add changelog fragment
* add changelog fragment
* Fix changelog fragment line endings (LF)
* Used AnsibleLookupError instead of AnsibleError
* Update changelogs/fragments/12140-filetree-exclude-regex-error.yml
* Used AnsibleLookupError instead of AnsibleError
* Updated changelog format
---------
(cherry picked from commit 48db863096)
Co-authored-by: Santosh Mahale <santoshmahale7676@gmail.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
version_sort filter: fix example's description (#12167)
Fix description in example of community.general.version_sort filter
Example had some left overs, that were not aligned with code.
It was explaining conversion between tuples and dict. But example here maps list of strings to list of strings.
(cherry picked from commit 97b464deb3)
Co-authored-by: juremedvesek <jure.medvesek@xlab.si>
portage: include msg in depclean failure fail_json (#12168)
cleanup_packages() called module.fail_json(cmd=, rc=, stdout=, stderr=)
without the mandatory msg= argument. When the underlying emerge --depclean
exited non-zero, AnsibleModule.fail_json() itself crashed with
"AnsibleModule.fail_json() missing 1 required positional argument: 'msg'"
before the real failure could reach the controller, leaving users with no
diagnostic about why depclean actually failed.
Same wording style as the sibling install_packages() failure branch
("Packages not installed.").
(cherry picked from commit 1e3da48d70)
Co-authored-by: Yoann Gauthier-Colin <yoann@gwerlas.net>
redfish_config: fix `KeyError: 'ret'` when `SetManagerNic` cannot find a matching NIC (#12124)
* fix(redfish_config): return proper error dict when manager NIC not found
get_manager_ethernet_uri() returned an empty dict {} when no matching NIC
was found, causing a KeyError on 'ret' in main(). Now returns a consistent
{"ret": False, "msg": ...} like all other error paths in the function.
Fixes#5892
* feat(changelog): add fragment for PR 12124
(cherry picked from commit b799c6f579)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
test(integration): explicitly add executable to iso_extract on Fedora (#12162)
This provides a (temporary) workaround for https://bugzilla.redhat.com/show_bug.cgi?id=2373874:
On Fedora 43+ 7zip is unable to find the 7z.so module when it is not in the
same path as the 7z binary or in /usr/bin/
(cherry picked from commit cdd9c1ddde)
Co-authored-by: spike77453 <spike77453@users.noreply.github.com>
consul_kv: add `empty_value` option for null Consul values (#12120)
* feat(consul_kv): add empty_value option for null Consul values
Add the ``empty_value`` option to the ``consul_kv`` lookup plugin, allowing
users to control what is returned when a key exists in Consul but has a
null/empty value. Defaults to ``'None'`` to preserve existing behaviour.
* feat(changelog): add fragment for PR 12120
* feat(consul_kv): make empty_value a choices option
Replace the free-form string empty_value with a choices option:
textual_none (default, legacy behaviour), python_none, empty_string.
* docs(consul_kv): use dict form for empty_value choices
---------
(cherry picked from commit d46ce24abb)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
htpasswd: fix `hash_scheme` aliases and Apache-compatible bcrypt (#12123)
* fix(htpasswd): support HtpasswdFile aliases and Apache-compatible bcrypt
CryptContext does not recognise HtpasswdFile alias names such as
portable, portable_apache_24, host_apache_24, causing a KeyError.
In addition, building a CryptContext for bcrypt produced $2b$ hashes
that Apache rejects (it only accepts $2y$/$2a$).
Use htpasswd_context for schemes it already supports, fall back to
htpasswd_context on KeyError for aliases, and import CryptContext
from module_utils/_crypt.py instead of passlib directly.
Fixes#6135
* feat(changelog): add fragment for PR 12123
* fix(_crypt): silence DeprecationWarning when importing stdlib crypt
On Python 3.11/3.12, `import crypt` emits a DeprecationWarning that
ansible-test sanity --test import treats as an error. Suppress it since
the import is an intentional fallback when passlib is not available.
* fix(htpasswd): fix sanity ignores and bcrypt version constraint
- Revert _crypt.py DeprecationWarning suppression; add sanity ignore
entries for htpasswd.py import-3.11/3.12 instead (mirrors existing
entries for _crypt.py itself)
- Pin bcrypt<4.2 in integration tests: bcrypt 4.2 removed __about__
which passlib 1.7.x uses, breaking passlib.apache import
- Fix regex_search assertion to use 'is not none' for a boolean result
- Add bcrypt version constraint note to module documentation
* fix(htpasswd): handle system-installed bcrypt in integration tests
On Debian/Ubuntu, bcrypt may be installed by the system package manager
with no RECORD file, making pip downgrade impossible. Move bcrypt
installation into a self-contained block in test_schemes.yml with
ignore_errors, a functional passlib+bcrypt check, and always-cleanup.
Bcrypt tests are skipped when a compatible version cannot be used.
* refactor(htpasswd): extract obtain_crypt_context(); import CryptContext from passlib directly
Extract context selection logic into obtain_crypt_context(). Import
CryptContext inside the deps.declare("passlib") block instead of from
module_utils/_crypt.py — passlib is already a hard dependency and
other symbols are imported from it there. Remove now-unnecessary
htpasswd.py sanity import ignore entries.
---------
(cherry picked from commit 49ca175f01)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
parted: ignore MBR partition type codes in flags on SUSE systems (#12121)
* parted: ignore MBR partition type codes reported as flags by SUSE parted
SUSE's patched parted reports MBR partition type codes (e.g., type=8e for
Linux LVM) in the machine-parseable flags output. The module was trying to
unset these pseudo-flags via 'parted set N type=8e off', which is not a
valid parted command, causing the task to fail when using flags: [lvm] on
msdos-labelled disks on SUSE systems.
Fixes#6292
* feat(changelog): add fragment for PR 12121
* Update changelogs/fragments/12121-parted-suse-msdos-type-code.yml
---------
(cherry picked from commit 6e6199ae3d)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
xenserver_guest_info: add VDI uuid and vdi_type to disk info (#12119)
* xenserver_guest_info: add VDI uuid and vdi_type to disk info
Add uuid and vdi_type (VHD/QCOW2) fields to the disk information
returned by xenserver_guest_info module.
Fixes#11998
* changelog: add PR URL to changelog fragment
* xenserver_guest_info: add uuid and vdi_type to RETURN example output
(cherry picked from commit 9208cbfd43)
Co-authored-by: Shreyash <shrbhosa@redhat.com>
unixy callback: fix KeyError when task is delegated to host without ansible_host set (#12113)
* fixes issue #12112
* adjust PR ID
* adjust PR ID, mistake was made
* adjust PR ID
* I messed up all these numbers
---------
(cherry picked from commit ef5b22d18e)
Co-authored-by: Stefan Midjich <stemid@users.noreply.github.com>
Co-authored-by: Stefan Midjich <stefan@sydit.se>
pkgng: remove constraints for FreeBSD 12.x from pkgng test (#12138)
(cherry picked from commit d749cf7c85)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
kopia: Add kopia_repository module (#11752)
* Add kopia module util
* fix pipeline suggestions
* add kopia repository module
* apply code review changes
* remove kopia_runner instance unit test
* update botmeta with kopia
* refactor docs and redundant state
* add kopia_info module and fix kopia_repository check mode support
- Add kopia_info module for read-only repository information gathering
(kopia repository status, kopia repository throttle get) following
the pacemaker_info pattern with ModuleHelper and info_module fragment
- Add _fmt_throttle to _kopia.py and register throttle format in
kopia_runner; remove throttle_operation get option from
kopia_repository per Ansible best practices (info ops belong in
_info modules)
- Add throttle suboption dict to kopia_repository with all seven
kopia repository throttle set flags
- Fix check_mode: support from full to actually full by implementing
_predict_value() in kopia_repository; previously check_mode_skip
caused changed to always be false in check mode
- Add check mode test cases to test_kopia_repository.yaml covering
created and disconnected states for both connected and disconnected
initial conditions
- Add BOTMETA.yml entry and full test fixture for kopia_info
* apply code review suggestions
(cherry picked from commit d4031f36e4)
Co-authored-by: munchtoast <45038532+munchtoast@users.noreply.github.com>
Add `from_toml` filter (#12081) (#12081)
* Add `from_toml` filter (#12081)
* Use tasks/main.yml instead of runme.sh for integration tests
* Renamed filter back to to_toml.py, moved from_toml filter to its own file making use of python's native tomllib
* Remove task to install tomlkit library as it's no longer required for the from_toml filter
* Replace deprecated t.Mapping with collections.abc.Mapping (https://docs.python.org/3/library/typing.html#typing.Mapping)
* Type is not determined when function is called. Let isinstance check ensure value has string type.
(cherry picked from commit 8faf8c3838)
Co-authored-by: spike77453 <spike77453@users.noreply.github.com>
zpool: reduce disk usage in integration tests by using sparse files (#12128)
* zpool: use sparse files in integration tests to reduce diskspace usage
* changelog: add PR link to zpool disk space fragment
* remove changelog fragment for test-only change
(cherry picked from commit a794ccf127)
Co-authored-by: Shreyashxredhat <shrbhosa@redhat.com>
snap: enforce hold when installing at a specific revision (#12097)
* snap: enforce hold when installing at a specific revision
When `revision` is specified, run `snap refresh --hold` after install/refresh
to actually pin the snap and prevent automatic updates from overriding it.
Detects hold-mismatch idempotently via the Notes column of `snap list`.
Fixes#12088
* feat(changelog): add fragment for snap hold fix (#12097)
* test(snap): remove incorrect manual-refresh assertion from hold test
snap refresh --hold only blocks the snapd auto-refresh daemon; a manual
snap refresh bypasses the hold. Remove the block that ran snap refresh
manually and asserted the revision was unchanged.
* snap: add bare-refresh hold test and docs warning for manual refresh bypass
---------
(cherry picked from commit 850ef03fe7)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
multiple: mark integration tests that run `pip install` as destructive (#12095)
test(integration): mark pip-installing tests as destructive
(cherry picked from commit b1c7700a1b)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
iptables_state: clean up code (#12093)
* Get rid of unnecessary dummy variables.
* wrap_async isn't defined if the if condition isn't true.
* _back is in module_args if and only if both starter_cmd and confirm_cmd are not None.
* Add changelog.
(cherry picked from commit 1bf5e6e69a)
Co-authored-by: Felix Fontein <felix@fontein.de>
nmcli: fix check/diff for bond arp_interval and arp_ip_target (#11588) (#12085)
* nmcli: bond ARP options stop lying in check/diff (#11588)
Align arp_interval/arp_ip_target keys with bond.options parsing, route
ARP settings via +bond.options, and fix bond MTU false positives.
* Changelog: nmcli fragment gets PR links and clearer diff wording
Address reviewer feedback on #12085 — both entries now cite the PR URL
and the MTU entry says "incorrectly reports diff" instead of "false positives".
---------
(cherry picked from commit fdace38501)
Co-authored-by: Asif Draxi <47986843+AsifAd@users.noreply.github.com>
Co-authored-by: Asif Draxi <asif.draxi@blackline.com>
Fix typing (#12078)
Fix typing.
ansible-core 2.21.0 is out and has more type definitions.
(cherry picked from commit e6ca0df592)
Co-authored-by: Felix Fontein <felix@fontein.de>
* Start opentelemetry spans on host start instead of task start
v2_playbook_on_task_start does not have the host information, so spans
would always start at the same time for every host in that task, even if
they started at different times, like when hosts > forks with strategy
host_pinned. This also hides the duration of the task for that host.
This change uses the newer v2_runner_on_start callback and adds the acutal
host start time to the span. The change is backwards compatible with ansible
versions that do not have v2_runner_on_start and makes no assumptions around
the ordering of v2_runner_on_start and v2_playbook_on_task_start.
* Add changelog fragment
* Remove redundant callback hooks
v2_runner_on_starts gets called by ansible right after the strategy has called on_task_start or on_handler_start. So there is no need to keep this code as the minimum ansible-core version is guaranteed to have this function. on_cleanup (removed around ansible-core 2.0) and on_no_hosts (removed around ansible-core 2.5) never get called.
* Fix unreachable hosts causing exceptions
If finish_task is never called for a host the result object stays None, which caused an exception in update_span_data. This was the case for unreachable hosts, as the callback plugin did not implement v2_runner_on_unreachable.
* Fix import order in test_opentelemetry
* Fix flatpak id check
This PR fixes the flatpak ID check by allowing the last component of the ID to contain dashes. The regular expression will match the flatpak ID according to the flatpak specification. It matches all 4600+ IDs currently present in flathub.
Fixes#12062
* Add changelog fragment
* Update plugins/modules/flatpak.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update changelog fragment.
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* fix(xml): no-op when predicated xpath finds no match instead of creating nodes
When using xpath like element[text()='old'] with value=new, a no-match due
to the predicate not being satisfied incorrectly triggered node creation,
corrupting the XML. Now treats predicate misses as a no-op.
Fixes#8730
* changelog(xml): add fragment for PR #12031
* fix(xml): remove spurious test-unset-element-value include from main.yml
That file belongs to a different branch and was accidentally dragged in
during a stash conflict resolution.
* feat(xml): add create_if_missing option to control node creation on value no-match
Instead of implicitly creating nodes when value is set and xpath finds no match,
expose create_if_missing (default true, preserving old behavior) so callers
can opt into a silent no-op with create_if_missing=false.
Fixes#8730
