[ansible-devel] New Ansible releases 2.8.4, 2.7.13, and 2.6.19
Hi all- we're happy to announce that the general releases of Ansible 2.8.4, 2.7.13, and 2.6.19 are now available! How do you get it? -- $ pip install ansible==2.8.4 --user or $ pip install ansible==2.7.13 --user or $ pip install ansible==2.6.19 --user The tar.gz of the releases can be found here: * 2.8.4 https://releases.ansible.com/ansible/ansible-2.8.4.tar.gz SHA256: a0153e2de3619b7e307df179cd91a3c3804cf1fe048273fe4ea5238b76679ff1 * 2.7.13 https://releases.ansible.com/ansible/ansible-2.7.13.tar.gz SHA256: 339c87a1bf9e8555ce1e1c1a9452d8ed1df240944ec1a3fc2e813e6c7d70aeae * 2.6.19 https://releases.ansible.com/ansible/ansible-2.6.19.tar.gz SHA256: dbcfc9ddf620d05e1147b4c713738045a67c32be7260b11cbdbd84e92b77ca06 What's new in 2.8.4, 2.7.13, and 2.6.19 --- 2.7.13 and 2.6.19 are security releases containing a fix for CVE-2019-10206. 2.8.4 is a maintenance release containing numerous bugfixes in addition to a fix for CVE-2019-10206 and CVE-2019-10217 (the latter does not affect 2.7.13 and 2.6.19). CVEs fixed: * CVE-2019-10206: Avoid templating passwords from the command prompt as templating may reveal secret information. * CVE-2019-10217: Add no_log to credential fields in gcp_* modules so that these modules do not display credentials on stdout or save them to log iles. The full changelogs for these releases are at: * 2.8.4 https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.8.rst * 2.7.13 https://github.com/ansible/ansible/blob/stable-2.7/changelogs/CHANGELOG-v2.7.rst * 2.6.19 https://github.com/ansible/ansible/blob/stable-2.6/changelogs/CHANGELOG-v2.6.rst What's the schedule for future maintenance releases? Future maintenance releases of 2.8.4 will occur approximately every 3 weeks. So expect the next one around 2019-09-05. 2.7.x and 2.6.x are released on an as needed basis for critical and security bugfixes respectively. Porting Help We've published a porting guide at https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_2.8.html to help migrate your content to 2.8. If you discover any errors or if any of your working playbooks break when you upgrade to 2.8.4, please use the following link to report the regression: https://github.com/ansible/ansible/issues/new/choose In your issue, be sure to mention the Ansible version that works and the one that doesn't. Thanks! -Toshio Kuratomi -- You received this message because you are subscribed to the Google Groups "Ansible Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-devel/CAPrnkaTKB%3DTsY8JZ3K7LR4tqU4NgHXVz28HGbNs7yx%2BbQhb6bQ%40mail.gmail.com.
[ansible-devel] Re: Who triggers the wrapper script generation on a Windows node ?
Hi This particular script is part of the put_file operation for winrm [1] which is executed like "PowerShell.exe -EncodedCommand ScriptB64". Part of the put_file method is to read the bytes of the file to transfer across and send it over the stdin pipe of the process under the WSMan Send operation. There is an automatic trigger in PowerShell where the begin block runs then the process block will run for each input that is sent until we tell it there is no more until finally the end block runs. The '$input' variable is an automatic variable which contains the input from the stdin pipe for that process (each byte fragment of the file). In saying all this, the put_file operation should not be running at all for standard module execution. We use pipelining in pretty much all cases to execute a module and the only times put_file is used are; - An action plugin on the controller needs to put a file for a module to use, e.g. win_copy, win_template, script - The ANSIBLE_KEEP_REMOTE_FILES=1 env var is set when running Ansible, this should only be used for debugging purposes and is not the standard operation What normally happens in the pipelining scenario is that we run the bootstrap_wrapper.ps1 [2] which takes in data from the stdin pipe to execute. This data is a string split by null chars where the first part is the exec_wrapper and the second part is the module manifest info which drives the wrapper. This way no data touches the disk (unless we need to copy a file) making things a lot faster than before. [1] - https://github.com/ansible/ansible/blob/491a47c7c5be8ba5b4cca4e1a5171c15d669a47f/lib/ansible/plugins/connection/winrm.py#L565 [2] - https://github.com/ansible/ansible/blob/devel/lib/ansible/executor/powershell/bootstrap_wrapper.ps1 Thanks Jordan -- You received this message because you are subscribed to the Google Groups "Ansible Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-devel/7158efd7-65b4-4f0d-86d2-819d4780e22e%40googlegroups.com.
[ansible-devel] Re: error when running a windows command using 'raw'
Actually if your example is literal and -a is on a newline then that's probably your issue, it sounds like you wanted '>' not '|' to folder each newline in your string but I still recommend the way above I posted. -- You received this message because you are subscribed to the Google Groups "Ansible Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-devel/0d34c0d4-2f71-4bfb-9ac2-cc570c930458%40googlegroups.com.
[ansible-devel] Re: error when running a windows command using 'raw'
Not sure why it is complaining here, maybe an invisble control character. Anyway you are best off doing the following; - name: Installing the license raw: '"C:\Program Files\IBM\SQLLIB\BIN\db2licm" -a "{{ temp_area }}\{{ db2_lic_file }}"' Raw in Windows is not truly raw as it is run in a PowerShell shell so the standard quoting rules apply. Having C:\'Progam Files'\.. wouldn't work as that isn't valid PowerShell. The example above will quote that whole string as well as your -a arg in case it has a space in it. You can also consider using win_command for this if you want to talk advantage of things like become, environment, async and some of the other options it adds. Thanks Jordan -- You received this message because you are subscribed to the Google Groups "Ansible Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-devel/eddb6332-07ea-41b0-ae8f-3d7c90c22a7f%40googlegroups.com.
Re: [ansible-devel] error when running a windows command using 'raw'
On Thu, Aug 15, 2019 at 4:07 PM Bob Harold wrote: > > On Thu, Aug 15, 2019 at 12:08 PM Chris Jackson wrote: > >> >> Hi all, >> >> Tearing my hair out trying to resolve this. I am getting the following:- >> >> "reason": "failed at splitting arguments, either an unbalanced jinja2 >> block or quotes: C:\\'Program Files'\\IBM\\SQLLIB\\BIN\\db2licm -a\n{{ >> temp_area }}\\{{ db2_lic_file }}\n\nThe error appears to have been in >> '/var/lib/awx/projects/_49__ansible_chrisj_testing/playbooks/MQ_Test/Machine_Setup/roles/DB2_Install/tasks/Win32NT_DB2_Install.yml': >> line 51, column 7, but may\nbe elsewhere in the file depending on the exact >> syntax problem.\n\nThe offending line appears to be:\n\n\n- name: >> Installing the license\n ^ here\n" >> >> This is the errant piece of yaml:- >> >> - name: Installing the license >> raw: | >>C:\'Program Files'\IBM\SQLLIB\BIN\db2licm -a >>{{ temp_area }}\{{ db2_lic_file }} >> >> Can anyone help? >> >> Many Thanks >> >> Chris. >> > > My first guess is that the backslash "\" characters are 'escaping' the > following character. Try doubling each of them "\\" > > -- > Bob Harold > Probably not that, it seems to have understood the backslash. It is complaining about the "name:" line, so either there is an invisible character (happens when I cut/paste from a doc or web page), or likely the problem is before that line, so it is not expecting the 'name:' line. Can you show us the preceding few lines? -- Bob Harold -- You received this message because you are subscribed to the Google Groups "Ansible Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-devel/CA%2Bnkc8Dcg_M4vTURZfy79LtWOfX0FqaEQ6VfL2pYH8cY8Sjuig%40mail.gmail.com.
Re: [ansible-devel] error when running a windows command using 'raw'
On Thu, Aug 15, 2019 at 12:08 PM Chris Jackson wrote: > > Hi all, > > Tearing my hair out trying to resolve this. I am getting the following:- > > "reason": "failed at splitting arguments, either an unbalanced jinja2 > block or quotes: C:\\'Program Files'\\IBM\\SQLLIB\\BIN\\db2licm -a\n{{ > temp_area }}\\{{ db2_lic_file }}\n\nThe error appears to have been in > '/var/lib/awx/projects/_49__ansible_chrisj_testing/playbooks/MQ_Test/Machine_Setup/roles/DB2_Install/tasks/Win32NT_DB2_Install.yml': > line 51, column 7, but may\nbe elsewhere in the file depending on the exact > syntax problem.\n\nThe offending line appears to be:\n\n\n- name: > Installing the license\n ^ here\n" > > This is the errant piece of yaml:- > > - name: Installing the license > raw: | >C:\'Program Files'\IBM\SQLLIB\BIN\db2licm -a >{{ temp_area }}\{{ db2_lic_file }} > > Can anyone help? > > Many Thanks > > Chris. > My first guess is that the backslash "\" characters are 'escaping' the following character. Try doubling each of them "\\" -- Bob Harold -- You received this message because you are subscribed to the Google Groups "Ansible Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-devel/CA%2Bnkc8BSYTEjM6%2Bu2nkv1zmLrL8AUL5d66jG6Mt4UDpX772FhA%40mail.gmail.com.
[ansible-devel] Who triggers the wrapper script generation on a Windows node ?
Hi Folks, I am now trying to understand how ansible module execution happens on a Windows node. I've understood about the wrapper scripts and the json file which contains everything, but cannot find the starting point of the below code begin { $path = 'C:\Users\Administrator\AppData\Local\Temp\ansible-tmp-1565881753.1183164-174629035055307\AnsiballZ_.ps1' $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 $fd = [System.IO.File]::Create($path) $sha1 = [System.Security.Cryptography.SHA1CryptoServiceProvider]::Create() $bytes = @() #initialize for empty file case } process { $bytes = [System.Convert]::FromBase64String($input) $sha1.TransformBlock($bytes, 0, $bytes.Length, $bytes, 0) | Out-Null $fd.Write($bytes, 0, $bytes.Length) } end { $sha1.TransformFinalBlock($bytes, 0, 0) | Out-Null $hash = [System.BitConverter]::ToString($sha1.Hash).Replace("-", "").ToLowerInvariant() $fd.Close() Write-Output "{""sha1"":""$hash""}" } I am searching for the trigger point which give the automatic variable $input the encoded code. -- You received this message because you are subscribed to the Google Groups "Ansible Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-devel/cc79d17b-e9f1-4aef-8c50-7de445f9a9e1%40googlegroups.com.
[ansible-devel] How does ansible trigger the wrapper script on a windows node
Hi Folks, I am now trying to understand how ansible module execution happens on a Windows node. I've understood about the wrapper scripts and the json file which contains everything, but cannot find the starting point of the below code begin { $path = 'C:\Users\Administrator\AppData\Local\Temp\ansible-tmp-1565881753.1183164-174629035055307\AnsiballZ_win_auto_logon.ps1' $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 $fd = [System.IO.File]::Create($path) $sha1 = [System.Security.Cryptography.SHA1CryptoServiceProvider]::Create() $bytes = @() #initialize for empty file case } process { $bytes = [System.Convert]::FromBase64String($input) $sha1.TransformBlock($bytes, 0, $bytes.Length, $bytes, 0) | Out-Null $fd.Write($bytes, 0, $bytes.Length) } end { $sha1.TransformFinalBlock($bytes, 0, 0) | Out-Null $hash = [System.BitConverter]::ToString($sha1.Hash).Replace("-", "").ToLowerInvariant() $fd.Close() Write-Output "{""sha1"":""$hash""}" } I am searching for the trigger point which give the automatic variable $input the encoded code. -- You received this message because you are subscribed to the Google Groups "Ansible Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-devel/47993907-b99a-4516-8b10-475883b0f9be%40googlegroups.com.
[ansible-devel] error when running a windows command using 'raw'
Hi all, Tearing my hair out trying to resolve this. I am getting the following:- "reason": "failed at splitting arguments, either an unbalanced jinja2 block or quotes: C:\\'Program Files'\\IBM\\SQLLIB\\BIN\\db2licm -a\n{{ temp_area }}\\{{ db2_lic_file }}\n\nThe error appears to have been in '/var/lib/awx/projects/_49__ansible_chrisj_testing/playbooks/MQ_Test/Machine_Setup/roles/DB2_Install/tasks/Win32NT_DB2_Install.yml': line 51, column 7, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Installing the license\n ^ here\n" This is the errant piece of yaml:- - name: Installing the license raw: | C:\'Program Files'\IBM\SQLLIB\BIN\db2licm -a {{ temp_area }}\{{ db2_lic_file }} Can anyone help? Many Thanks Chris. -- You received this message because you are subscribed to the Google Groups "Ansible Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-devel/235588e1-b9e7-4e9e-b0c7-e3fef2ce1214%40googlegroups.com.
Re: [ansible-devel] Bypassing no_log for a specific output (dumps of zabbix modules)
Thanks for replying, I guess I will add `notes:` section to zabbix documentation fragment stating that using default Admin password is not recommended and to expect weird output. On Wednesday, August 14, 2019 at 2:55:41 PM UTC+2, Brian Coca wrote: > > if no_log could be bypassed and runtime, it would trigger a CVE ... so > the way to test the modules is to disable no_log in the module code > itself. > > > -- > -- > Brian Coca > -- You received this message because you are subscribed to the Google Groups "Ansible Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-devel/7621008e-e2b0-4ed3-8d82-d2ec8c751f40%40googlegroups.com.
[ansible-devel] potential bug in eric_eccli module,
Hi all, I am currently developing and checking out the eric_eccli module which has been merged to the devel build not long ago. I am using the newest Ansible devel build I got now a failure of a task with, as it seems, a normal command: - name: save configuration to flash memory eric_eccli_command: commands: - save configuration even with - y or wait_for it fails due to command timeout. >From the terminal point of view it asks if the existing file should be overwritten. On playbook execution, it fires the command waits until the timeout and fails. Other commands work just fine, to mention all other commands do not require user input for (y/n). This is a crucial feature for automating the upgrade and configuration management of the devices Also the release download command for the device requests user input of (y/n) Shell, command and raw modules do not solve the issue either. Currently I see no way around this. Shall I report it as a bug on GitHub? Or am I missing something? It seems like the module is not capable of reacting to user input actions like (y/n) To note: It fails on different devices due to the same issue. Feedback is appreciated. //Lucas -- You received this message because you are subscribed to the Google Groups "Ansible Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-devel/1ac0acb8-c99f-4c48-9fdd-d260c2cbc620%40googlegroups.com.