filesystem: xfs resize: minimal required increment (#11033)
Internally XFS uses allocation groups. Allocation groups have a maximum
size of 1 TiB - 1 block. For devices >= 4 TiB XFS uses max size
allocation groups. If a filesystem is extended and the last allocation
group is already at max size, a new allocation group is added. An
allocation group seems to require at least 64 4 KiB blocks.
For devices with integer TiB size (>4), this creates a filesystem that
has initially has 1 unused block per TiB size. The `resize` option
detects this unused space, and tries to resize the filesystem. The
xfs_growfs call is successful (exit 0), but does not increase the file
system size. This is detected as repeated change in the task.
Test case:
```
- hosts: localhost
tasks:
- ansible.builtin.command:
cmd: truncate -s 4T /media/xfs.img
creates: /media/xfs.img
notify: loopdev xfs
- ansible.builtin.meta: flush_handlers
- name: pickup xfs.img resize
ansible.builtin.command:
cmd: losetup -c /dev/loop0
changed_when: false
- community.general.filesystem:
dev: "/dev/loop0"
fstype: "xfs"
- ansible.posix.mount:
src: "/dev/loop0"
fstype: "xfs"
path: "/media/xfs"
state: "mounted"
# always shows a diff even for newly created filesystems
- community.general.filesystem:
dev: "/dev/loop0"
fstype: "xfs"
resizefs: true
handlers:
- name: loopdev xfs
ansible.builtin.command:
cmd: losetup /dev/loop0 /media/xfs.img
```
NB: If the last allocation group is not yet at max size, the filesystem
can be resized. Detecting this requires considering the XFS topology.
Other filesystems (at least ext4) also seem to require a minimum
increment after the initial device size, but seem to use the entire
device after initial creation.
Fun observation: creating a 64(+) TiB filesystem leaves a 64(+) block
gap at the end, that is allocated in a subsequent xfs_growfs call.
(cherry picked from commit f5943201b9)
Co-authored-by: jnaab <25617714+jnaab@users.noreply.github.com>
Co-authored-by: Johannes Naab <johannes.naab@hetzner-cloud.de>
omapi_host: fix bytes vs. str confusion (#11001)
* omapi_host: fix bytes vs. str confusion
After an update of the control node from Debian
bookworm to trixie, the omapi_host module fails to
work with the error message:
Key of type 'bytes' is not JSON serializable by the
'module_legacy_m2c' profile.
https://github.com/ansible/ansible/issues/85937 had the
same error, but the fix is a bit more intricate here
because the result dict is dynamically generated from
an API response object.
This also fixes unpacking the MAC and IP address and
hardware type, which were broken for Python3.
* Merge suggestion for changelog fragment
* do not unpack_ip twice
Noticed by Felix Fontein <felix@fontein.de>
* mention py3k in changelog fragment, too
---------
(cherry picked from commit eb6337c0c9)
Co-authored-by: mirabilos <tg@mirbsd.org>
Co-authored-by: Felix Fontein <felix@fontein.de>
keycloak_user: mark credentials[].value as no_log=True (#11005)
Mark credentials[].value as no_log=True.
(cherry picked from commit 54af64ad36)
Co-authored-by: Felix Fontein <felix@fontein.de>
fix(pritunl_user): improve resilience to null or missing user parameters (#10955)
* fix(pritunl_user): improve resilience to null or missing user parameters
* added changelog fragment - 10955
* standardize 10955 changelog fragment content
* simplify user params comparison
* simplify list fetch
* simplify remote value retrieval
---------
(cherry picked from commit e84f59a62d)
Co-authored-by: David Jenkins <david.jenkins@twosixtech.com>
Co-authored-by: djenkins <djenkins@twosix.net>
Co-authored-by: Felix Fontein <felix@fontein.de>
onepassword: extend CLI class initialization with additional parameters (#10965)
* onepassword: extend CLI class initialization with additional parameters
* add changelog fragment 10965-onepassword-bugfix.yml
* Update changelogs/fragments/10965-onepassword-bugfix.yml
---------
(cherry picked from commit ce0d06b306)
Co-authored-by: Matthew <mjmjelde@gmail.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
terraform: Fix bug when None values aren't processed correctly (#10961)
* terraform: Fix bug when None values aren't processed correctly
Just found that i can't pass null values as complex variables into terraform using this module, while i can do that with terraform itself. Fixed undesired behavior.
* chore: changelog fragment 10961-terraform-complexvars-null-bugfix.yaml
* Update changelogs/fragments/10961-terraform-complexvars-null-bugfix.yaml
* Update plugins/modules/terraform.py
* Update plugins/modules/terraform.py
* Fix condition to check for None type in terraform.py
---------
(cherry picked from commit af8c4fb95e)
Co-authored-by: nbragin4 <139489942+nbragin4@users.noreply.github.com>
keycloak_user_rolemapping: docs fixes and examples about mapping realm roles in keycloak_user_rolemapping (#10953)
* Fix docs and add examples about mapping realm roles for keycloak_user_rolemapping.py module (#7149)
* fix sanity tests
(cherry picked from commit 258e65f5fc)
Co-authored-by: Stanislav Shamilov <shamilovstas@protonmail.com>
Add support for client auth in Keycloak cllient secrets module (#10933)
* keycloak: add client authentication support for client_secret
* readd ['token', 'auth_realm']
---------
(cherry picked from commit c850e209ab)
Signed-off-by: Marius Bertram <marius@brtrm.de>
Co-authored-by: Marius Bertram <marius@brtrm.de>
fix(modules/gitlab_runner): Fix exception in check mode on new runners (#10918)
* fix(modules/gitlab_runner): Fix exception in check mode on new runners
When a new runner is added in check mode, the role used to throw an
exception. Fix this by returning a valid runner object instead of a
boolean.
Fixes#8854
* docs: Add changelog fragment
(cherry picked from commit 7e666a9c31)
Co-authored-by: carlfriedrich <carlfriedrich@posteo.de>
Add __init__.py to work around ansible-test/pylint bug (#10926)
Add __init__.py to work around ansible-test/pylint bug.
(cherry picked from commit 9dedd77459)
Co-authored-by: Felix Fontein <felix@fontein.de>
refactor dict from literal list (#10891)
* refactor dict from literal list
* add changelog frag
(cherry picked from commit 5f471b8e5b)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
pacman: link to yay bug report (#10887)
Link to yay bug report.
(cherry picked from commit 68b8345199)
Co-authored-by: Felix Fontein <felix@fontein.de>
github_app_access_token: add support for GitHub Enterprise Server (#10880)
* github_app_access_token: add support for GitHub Enterprise Server (#10879)
Add option to specify api endpoint for a GitHub Enterprise Server.
If option is not specified, defaults to https://api.github.com.
* refactor: apply changes as suggested by felixfontein
* docs: fix nox check error and type-o
nox check: plugins/lookup/github_app_access_token.py:57:1: DOCUMENTATION: error: too many blank lines (1 > 0) (empty-lines)
* refactor: apply changes as suggested by russoz
* refactor: apply changes as suggested by felixfontein
(cherry picked from commit 30894f4144)
Co-authored-by: Chris <chodonne@gmail.com>
Keycloak role fix changed status (#10829)
* Exclude aliases before comparison
* add test
* fragment
* Update changelogs/fragments/10829-fix-keycloak-role-changed-status.yml
---------
(cherry picked from commit 7c40c6b6b5)
Co-authored-by: desand01 <desrosiers.a@hotmail.com>
Co-authored-by: Andre Desrosiers <andre.desrosiers@ssss.gouv.qc.ca>
Co-authored-by: Felix Fontein <felix@fontein.de>
[doc] update requirements for all consul modules/lookups (#10863)
* [doc] update requirements for consul_kv module
python-consul has been unmaintained for a while. It uses a legacy way of passing the Consul token when sending requests. This leads to warning messages in Consul log, and will eventually break communication. Using the maintained py-consul library ensures compatibility to newer Consul versions.
* [doc] replace all python-consul occurrences with py-consul
* [fix] tests and possible pip server errors
* [chore] remove referencce to python-consul in comment
---------
(cherry picked from commit 9d0150b2c3)
Co-authored-by: Sebastian Damm <SipSeb@users.noreply.github.com>
Co-authored-by: Sebastian Damm <sebastian.damm@pascom.net>
github_deploy_key: make sure variable exists before use (#10857)
Make sure variable exists before use.
(cherry picked from commit 68684a7a4c)
Co-authored-by: Felix Fontein <felix@fontein.de>
yaml cache plugin: make compatible with ansible-core 2.19 (#10852)
Make compatible with ansible-core 2.19.
(cherry picked from commit 648ff7db02)
Co-authored-by: Felix Fontein <felix@fontein.de>
Fix keycloak sub-group search (#10840)
* fix bug in missing realm argument when searching for groups
* MR change fragment
* 39+1=40
(cherry picked from commit b865bf5751)
Co-authored-by: Jakub Danek <danekja@users.noreply.github.com>
Force Content-type header to application/json if is_pre740 is false (#10832)
* Force Content-type header to application/json if is_pre740 is false
* Remove response variable from fail_json module
* Add a missing blank line to match pep8 requirement
* Add changelog fragment of issue #10796
* Rename fragment section
* Improve fragment readability
---------
(cherry picked from commit 0f23b9e391)
Co-authored-by: X <2465124+broferek@users.noreply.github.com>
Co-authored-by: ludovic <ludovic.petetin@aleph-networks.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
timezone: mention that Debian 13 also needs util-linux-extra (#10830)
Mention that Debian 13 also needs util-linux-extra.
(cherry picked from commit 2bf8ae88be)
Co-authored-by: Felix Fontein <felix@fontein.de>
homebrew: Support old_tokens and oldnames in homebrew package data (#10805)
* homebrew: Support old_tokens and oldnames in homebrew package data
Fixes#10804
Since brew info will accept old_tokens (for casks) and oldnames (for formulae) when provided by the homebrew module "name" argument, the module also needs to consider thes old names as valid for the given package. This commit updates _extract_package_name to do that.
All existing package name tests, including existing tests for name aliases and tap prefixing, have been consolidated with new name tests into package_names.yml.
* Added changelog fragment.
* homebrew: replace non-py2 compliant f-string usage
* code formatting lint, and py2 compatibility fixes
* homebrew: added licenses to new files, nox lint
* Update plugins/modules/homebrew.py
use str.format() instead of string addition
* Update tests/integration/targets/homebrew/tasks/casks.yml
* Update tests/integration/targets/homebrew/tasks/package_names_item.yml
* Update tests/integration/targets/homebrew/tasks/formulae.yml
* Fixes for performance concerns on new homebrew tests.
1) tests for alternate package names are commented out in main.yml.
2) the "install via alternate name, uninstall via base name" test
case was deemed duplicative, and has been deleted .
3) minor fixes to use jinja2 "~" for string concat instead of "+"
* Fix nox lint
---------
(cherry picked from commit 833e6e36de)
Co-authored-by: brad2014 <brad2014@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
gitlab_protected_branch: refactor, add `allow_force_push`, `code_owner_approval_required` (#10795)
* gitlab_protected_branch: fix typo
* gitlab_protected_branch: lump parameters into options dictionary
Hardcoding parameter lists gets repetitive. Refactor this module to use
an options dictionary like many other gitlab_* modules. This makes it
cleaner to add new options.
* gitlab_protected_branch: update when possible
Until now, the module deletes and re-creates the protected branch if any
change is detected. This makes sense for the access level parameters, as
these are not easily mutated after creation.
However, in order to add further options which _can_ easily be updated,
we should support updating by default, unless known-immutable parameters
are changing.
* gitlab_protected_branch: add `allow_force_push` option
* gitlab_protected_branch: add `code_owner_approval_required` option
* gitlab_protected_branch: add issues to changelog
* Update changelog.
---------
(cherry picked from commit f772bcda88)
Co-authored-by: David Phillips <phillid@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
Add Option to configure webAuthnPolicies for Keycloak (#10791)
* Add Option to configure webAuthnPolicies for Keycloak
* Mark webauth properties as noLog false
* fix line length
* rename webauthn stuff to match api of keycloak
* rename webauthn stuff to match api of keycloak
* Update changelogs/fragments/keycloak-realm-webauthn-policies.yml
* add version for each type
* Update plugins/modules/keycloak_realm.py
---------
(cherry picked from commit cb84a0e99f)
Co-authored-by: Julian Thanner <62133932+Juoper@users.noreply.github.com>
Co-authored-by: Julian Thanner <julian.thanner@check24.de>
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
gitlab_*_variable: support masked-and-hidden variables (#10787)
* gitlab_*_variable: support masked-and-hidden variables
Support masking and hiding GitLab project and group variables. In the
GitLab API, variables that are hidden are also masked by implication.
Note gitlab_instance_variable is unmodified since instance variables
cannot be hidden.
* gitlab_*_variable: add `hidden` to legacy `vars` syntax
* gitlab_*_variable: address review comments in doc
(cherry picked from commit 3574b3fa93)
Co-authored-by: David Phillips <phillid@users.noreply.github.com>
pacemaker_resource: Add cloning support for resources and groups (#10665)
* add clone state for pacemaker_resource
* add changelog fragment
* Additional description entry for comment header
* Apply suggestions from code review
* Update plugins/modules/pacemaker_resource.py
* fix formatting for yamllint
* Apply code review suggestions
* refactor state name to cloned
* Update plugins/modules/pacemaker_resource.py
* Apply suggestions from code review
* Apply suggestions from code review
---------
(cherry picked from commit 3baa13a3e4)
Co-authored-by: Dexter <45038532+munchtoast@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
gitlab_*_access_token: add missing scopes (#10785)
Over time, GitLab added extra scopes to the API. I'm in here to add
self_rotate, but may as well add all other missing scopes while I'm
here.
(cherry picked from commit aed763dae7)
Co-authored-by: David Phillips <phillid@users.noreply.github.com>
parted: command args as list rather than string (#10642)
* parted: command args as list rather than string
* add changelog frag
* add missing command line dash args
* make scripts as lists as well
* Apply suggestions from code review
---------
(cherry picked from commit f6e1d90870)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
kdeconfig: add support for kwriteconfig6 (#10751)
* kdeconfig: add support for kwriteconfig6
Rationale:
With a minimal install of KDE Plasma 6, the kdeconfig module would systematically fail with the following error: `kwriteconfig is not installed.`
In this configuration, kwriteconfig6 is the only version of kwriteconfig installed, and the kdeconfig module did not not find it.
Fixes#10746
* Add changelog fragment
* Update changelogs/fragments/10751-kdeconfig-support-kwriteconfig6.yml
---------
(cherry picked from commit d6ad9beb58)
Co-authored-by: Thibault Geoffroy <33561374+nebularnoise@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
openbsd_pkg: add support for removing unused dependencies (#10705)
* openbsd_pkg: add support for removing unused dependencies
Add new state 'rm_unused_deps' that uses 'pkg_delete -a' to remove
packages that are no longer required by any other packages.
Features:
- Requires name='*' to avoid accidental usage
- Supports check mode, diff mode, clean and quick flags
- Follows existing module patterns for error handling
- Integrates with existing package list comparison for change detection
* Update the PR number in the frgment link
* Fix the changelog fragment name to include the PR #
* Force non-interactive mode like most of the other modes
* Fix PEP8 E302: add missing blank line before function definition
* Ensure that no matter what, if the package list unchanged then there was no change
Also removed some unused vars from the original code.
* Standardize names in the PR
* Swap over from a new state to implementing an autoremove option
Added code to handle the case where you git a name or list of names as
pkg_delete will correctly filter what it autoremove by the names
* Update the fragment to match the new code
* typo in EXAMPLES
* Fix up a yamllint complaint.
I do note the following:
```
$ ansible-lint tests/test_openbsd_pkg.yml
Passed: 0 failure(s), 0 warning(s) on 1 files. Last profile that met the validation criteria was 'production'.
```
Although that could be due to local config
* While here add realistic examples of packages that might be autoinstalled
* Clean up docs.
* Autoremove is an option, work like the other package managers
* Update changelog for openbsd_pkg autoremove parameter
Clarified the behavior of the `autoremove` parameter to specify it removes autoinstalled packages. Removed flowery text that isn't needed.
* Cut the rest of the cruft out of the changelog fragment
Make it obvious how '*' can be used as a 'name:'
Be more pythonic in the package list comparison.
* Update changelogs/fragments/10705-openbsd-pkg-remove-unused.yml
---------
(cherry picked from commit b1c75339c0)
Co-authored-by: Allen Smith <lazlor@lotaris.org>
Co-authored-by: Felix Fontein <felix@fontein.de>
