openSUSE-SU-2019:1635-1

This update for ansible fixes the following issues:

Ansible was updated to version 2.8.1:

Full changelog is at /usr/share/doc/packages/ansible/changelogs/

• Bugfixes

  • ACI - DO not encode query_string
  • ACI modules - Fix non-signature authentication
  • Add missing directory provided via --playbook-dir to adjacent collection loading
  • Fix 'Interface not found' errors when using eosl2interface with nonexistant interfaces configured
  • Fix cannot get credential when source_auth set to credential_file.
  • Fix netconf_config backup string issue
  • Fix privilege escalation support for the docker connection plugin when credentials need to be supplied (e.g. sudo with password).
  • Fix vyos cli prompt inspection
  • Fixed loading namespaced documentation fragments from collections.
  • Fixing bug came up after running cnos_vrf module against coverity.
  • Properly handle data importer failures on PVC creation, instead of timing out.
  • To fix the ios static route TC failure in CI
  • To fix the nios member module params
  • To fix the nios_zone module idempotency failure
  • add terminal initial prompt for initial connection
  • allow include_role to work with ansible command
  • allow pythonrequirementsfacts to report on dependencies containing dashes
  • asa_config fix
  • azurermroledefinition - fix a small error in build scope.
  • azurermvirtualnetworkpeering - fix cross subscriptions virtual network peering.
  • cgroupperfrecap - When not using filepertask, make sure we don't prematurely close the perf files
  • display underlying error when reporting an invalid tasks: block.
  • dnf - fix wildcard matching for state: absent
  • docker connection plugin - accept version dev as 'newest version' and print warning.
  • docker_container - oom_killer and oom_score_adj options are available since docker-py 1.8.0, not 2.0.0 as assumed by the version check.
  • docker_container - fix network creation when networks_cli_compatible is enabled.
  • docker_container - use docker API's restart instead of stop/start to restart a container.
  • docker_image - if build was not specified, the wrong default for build.rm is used.
  • docker_image - if nocache set to yes but not build.nocache, the module failed.
  • docker_image - module failed when source: build was set but build.path options not specified.
  • docker_network module - fix idempotency when using aux_addresses in ipam_config.
  • ec2_instance - make Name tag idempotent
  • eos: don't fail modules without become set, instead show message and continue
  • eosconfig: check for session support when asked to 'diffagainst: session'
  • eos_eapi: fix idempotency issues when vrf was unspecified.
  • fix bugs for ce - more info see
  • fix incorrect uses of tonative that should be totext instead.
  • hcloud_volume - Fix idempotency when attaching a server to a volume.
  • ibmstorage - Added a check for null fields in ibmstorage utils module.
  • include_tasks - whitelist listen as a valid keyword
  • k8s - resource updates applied with force work correctly now
  • keep results subset also when not no_log.
  • meraki_switchport - improve reliability with native VLAN functionality.
  • netappeiscsitarget - fix netappeiscsitarget chap secret size and clearing functionality
  • netappevolumes - fix workload profileId indexing when no previous workload tags exist on the storage array.
  • nxos_acl some platforms/versions raise when no ACLs are present
  • nxos_facts fix https://github.com/ansible/ansible/pull/57009
  • nxosfilecopy fix passwordless workflow
  • nxosinterface Fix adminstate check for n6k
  • nxossnmptraps fix group all for N35 platforms
  • nxossnmpuser fix platform fixes for getsnmpuser
  • nxos_vlan mode idempotence bug
  • nxos_vlan vlan names containing regex ctl chars should be escaped
  • nxosvtp* modules fix n6k issues
  • openssl_certificate - fix private key passphrase handling for cryptography backend.
  • openssl_pkcs12 - fixes crash when private key has a passphrase and the module is run a second time.
  • os_stack - Apply tags conditionally so that the module does not throw up an error when using an older distro of openstacksdk
  • pass correct loading context to persistent connections other than local
  • pkg_mgr - Ansible 2.8.0 failing to install yum packages on Amazon Linux
  • postgresql - added initial SSL related tests
  • postgresql - added missingrequiredlibs, removed excess param mapping
  • postgresql - move connecttodb and getpgversion into module_utils/postgres.py (https://github.com/ansible/ansible/pull/55514)
  • postgresql_db - add note to the documentation about state dump and the incorrect rc (https://github.com/ansible/ansible/pull/57297)
  • postgresqldb - fix for postgresqldb fails if stderr contains output
  • postgresql_ping - fixed a typo in the module documentation
  • preserve actual ssh error when we cannot connect.
  • route53_facts - the module did not advertise check mode support, causing it not to be run in check mode.
  • sysctl: the module now also checks the output of STDERR to report if values are correctly set (https://github.com/ansible/ansible/pull/55695)
  • ufw - correctly check status when logging is off
  • uri - always return a value for status even during failure
  • urls - Handle redirects properly for IPv6 address by not splitting on : and rely on already parsed hostname and port values
  • vmwarevmfacts - fix the support with regular ESXi
  • vyos_interface fix https://github.com/ansible/ansible/pull/57169
  • we don't really need to template vars on definition as we do this on demand in templating.
  • win_acl - Fix qualifier parser when using UNC paths -
  • win_hostname - Fix non netbios compliant name handling
  • winrm - Fix issue when attempting to parse CLIXML on send input failure
  • xenserver_guest - fixed an issue where VM whould be powered off even though check mode is used if reconfiguration requires VM to be powered off.
  • xenserver_guest - proper error message is shown when maximum number of network interfaces is reached and multiple network interfaces are added at once.
  • yum - Fix false error message about autoremove not being supported
  • yum - fix failure when using update_cache standalone
  • yum - handle special 'none' value for proxy in yum.conf and .repo files

Update to version 2.8.0

Major changes:

• Experimental support for Ansible Collections and content namespacing - Ansible content can now be packaged in a collection and addressed via namespaces. This allows for easier sharing, distribution, and installation of bundled modules/roles/plugins, and consistent rules for accessing specific content via namespaces.
• Python interpreter discovery - The first time a Python module runs on a target, Ansible will attempt to discover the proper default Python interpreter to use for the target platform/version (instead of immediately defaulting to /usr/bin/python). You can override this behavior by setting ansiblepythoninterpreter or via config. (see https://github.com/ansible/ansible/pull/50163)
• become - The deprecated CLI arguments for --sudo, --sudo-user, --ask-sudo-pass, -su, --su-user, and --ask-su-pass have been removed, in favor of the more generic --become, --become-user, --become-method, and --ask-become-pass.

• become - become functionality has been migrated to a plugin architecture, to allow customization of become functionality and 3rd party become methods (https://github.com/ansible/ansible/pull/50991)

  • addresses CVE-2018-16859, CVE-2018-16876, CVE-2019-3828, CVE-2018-16837

For the full changelog see /usr/share/doc/packages/ansible/changelogs or online: https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.8.rst