File ansible.changes of Package ansible.25442

Tue Jul 19 15:53:08 UTC 2022 - Pablo Suárez Hernández <>

- Update to version 2.9.27 (jsc#SLE-23631) (jsc#SLE-24133)
  * bsc#1187725 CVE-2021-3620 ansible-connection module discloses sensitive
    info in traceback error message (in 2.9.27)
  * bsc#1188061 CVE-2021-3583 Template Injection through yaml multi-line
    strings with ansible facts used in template. (in 2.9.23)
  * bsc#1176460 gh#ansible/ansible#72094 ansible module nmcli is broken in
    ansible 2.9.13 (in 2.9.15)

Tue Jul 19 15:20:11 UTC 2022 - Pablo Suárez Hernández <>

- Update to 2.9.22:
  * CVE-2021-3447 (bsc#1183684) multiple modules expose secured values 

Tue Dec 14 10:33:51 UTC 2021 - Pablo Suárez Hernández <>

- Require python macros for building

Tue May  4 05:24:10 UTC 2021 - Michael Ströder <>

- update to 2.9.21

Fri Apr 16 12:54:09 UTC 2021 - Alexander Graul <>

- Drop python-coverage run-time requirement from openSUSE/SLE

Fri Apr 16 12:05:06 UTC 2021 - Alexander Graul <>

- Switch to python3-cryptography in openSUSE/SLE 

Tue Apr 13 07:44:55 UTC 2021 - Michael Ströder <>

- update to version 2.9.20
  maintenance release containing numerous bugfixes

Tue Mar 16 06:54:38 UTC 2021 - Michael Ströder <>

- update to version 2.9.19 with minor changes and a few bug fixes
  * CVE-2021-20228 (bsc#1181935) no_log with fallback option
  * CVE-2021-20191 (bsc#1181119) multiple collections exposes secured values
  * CVE-2021-20180 (bsc#1180942) bitbucket_pipeline_variable exposes sensitive values
  * CVE-2021-20178 (bsc#1180816) user data leak in snmp_facts module

Fri Feb 19 08:40:14 UTC 2021 - Michael Ströder <>

- update to version 2.9.18
  * CVE-2021-20228 where default and fallback values for no_log parameters
    to modules were not previously masked.
  * CVE-2021-20178 where several parameters to the snmp_facts module were
    logged and displayed despite containing sensitive information.
  * CVE-2021-20180 where several parameters to the
    bitbucket_pipeline_variable were logged and displayed despite
    containing sensitive information.
  * CVE-2021-20191 which addresses a number of modules whose parameters
    were logged and displayed despite containing sensitive
    information. For the full list of affected modules, refer to the
    changelog linked below.
Tue Jan 19 00:48:05 UTC 2021 - Michael Ströder <>

- update to version 2.9.17 with minor changes and a few bug fixes

Tue Dec 15 08:29:48 UTC 2020 - Michael Ströder <>

- update to version 2.9.16 with minor changes and many bug fixes

Tue Nov  3 03:47:34 UTC 2020 - Michael Ströder <>

- update to version 2.9.15 with following breaking change:
  * ansible-galaxy login command has been removed

Tue Oct  6 04:36:05 UTC 2020 - Michael Ströder <>

- update to version 2.9.14 with many small improvements and bug fixes,
  most notably:
  * kubectl - connection plugin now redact kubectl_token and 
    kubectl_password in console log (CVE-2020-1753).
- avoid trailing comments after %endif

Tue Sep  1 08:44:17 UTC 2020 - Michael Ströder <>

- update to version 2.9.13 with many bug fixes, most notably:
  * A security issue was addressed in the "dnf" module, which previously
    did not check GPG signatures of packages.
  * A bug in the "cron" module was fixed. In some cases prior to this
    fix, the module would inadvertently remove cron entries.
- removed obsolete fix-cron-regression-71207.patch

Wed Aug 12 12:44:52 UTC 2020 - Michael Ströder <>

- added fix-cron-regression-71207.patch

Tue Aug 11 05:09:36 UTC 2020 - Michael Ströder <>

- update to version 2.9.12 with many bug fixes,
  most notably the following security fixes:
  * security issue - copy - Redact the value of the no_log 'content' 
    parameter in the result's invocation.module_args in check mode. 
    Previously when used with check mode and with '-vvv', the module would 
    not censor the content if a change would be made to the destination path. 
  * security issue atomic_move - change default permissions when creating 
    temporary files so they are not world readable 
    ( (CVE-2020-1736)
  * Fix warning for default permission change when no mode is specified. 
    Follow up to 
  * Sanitize no_log values from any response keys that might be returned 
    from the uri module (CVE-2020-14330).
  * reset logging level to INFO due to CVE-2019-14846.

Tue Jul 21 04:48:11 UTC 2020 - Michael Ströder <>

- update to version 2.9.11 with many bug fixes
- removed ansible_bugfix_640.diff obsoleted by upstream update

Mon Jul 13 17:53:58 UTC 2020 - Andrey Karepin <>

- added ansible_bugfix_640.diff to fix gh#ansible-collections/community.general#640

Mon Jun 22 23:10:23 UTC 2020 - Michael Ströder <>

- update to version 2.9.10 with many bug fixes.
- removed CVE-2020-1744_avoid_mkdir_p.patch obsoleted by upstream update

Thu May 28 13:57:38 UTC 2020 - Matej Cepl <>

- Correct ID of CVE and rename the patch to

Tue May 26 13:02:10 UTC 2020 - Matej Cepl <>

- Add CVE-2020-1733_avoid_mkdir_p.patch to fix CVE-2020-1733
- Add metadata information to this file to mark which SUSE
  bugzilla have been already fixed.

Tue May 12 23:34:59 UTC 2020 - Michael Ströder <>

- update to version 2.9.9
  * fix for a regression introduced in 2.9.8

Tue May 12 09:42:53 UTC 2020 - Michael Ströder <>

- update to version 2.9.8
  maintenance release containing numerous bugfixes

Fri Apr 17 06:49:56 UTC 2020 - Michael Ströder <>

- update to version 2.9.7 with many bug fixes,
  especially for these security issues:
  - bsc#1164140 CVE-2020-1733 - insecure temporary directory when
    running become_user from become directive
  - bsc#1164139 CVE-2020-1734 shell enabled by default in a pipe
    lookup plugin subprocess
  - bsc#1164137 CVE-2020-1735 - path injection on dest parameter
    in fetch module
  - bsc#1164134 CVE-2020-1736 atomic_move primitive sets
    permissive permissions
  - bsc#1164138 CVE-2020-1737 - Extract-Zip function in win_unzip
    module does not check extracted path
  - bsc#1164136 CVE-2020-1738 module package can be selected by
    the ansible facts
  - bsc#1164133 CVE-2020-1739  - svn module leaks password when
    specified as a parameter
  - bsc#1164135 CVE-2020-1740 - secrets readable after
    ansible-vault edit
  - bsc#1165393 CVE-2020-1746 - information disclosure issue in
    ldap_attr and ldap_entry modules
  - bsc#1166389 CVE-2020-1753 - kubectl connection plugin leaks
    sensitive information
  - bsc#1167532 CVE-2020-10684 - code injection when using
    ansible_facts as a subkey
  - bsc#1167440 CVE-2020-10685 - modules which use files
    encrypted with vault are not properly cleaned up
  - CVE-2020-10691 - archive traversal vulnerability in ansible-galaxy collection install [2]

Mon Apr  6 20:45:04 UTC 2020 - - 2.9.6

- create missing (empty) template and files directories for 
  'ansible-galaxy init' during package build (fixes boo#1137479)
- require python-xml on python 2 systems (boo#1142542)

Thu Mar  5 08:23:57 UTC 2020 - Michael Ströder <>

- update to version 2.9.6 (maintenance release) including
  these security issues:
  - bsc#1171162 CVE-2020-10729 two random password lookups in
    same task return same value

Thu Feb 13 21:38:06 UTC 2020 - Michael Ströder <>

- update to version 2.9.5 (maintenance release)

Tue Jan 28 12:38:16 UTC 2020 - Michael Ströder <>

- update to version 2.9.4 (maintenance release)
  - fix in yum module
  - security fixes:
    - bsc#1157968 CVE-2019-14904 vulnerability in solaris_zone
      module via crafted solaris zone
    - bsc#1157969 CVE-2019-14905 malicious code could craft
      filename in nxos_file_copy module

Thu Jan 16 17:34:28 UTC 2020 - Michael Ströder <>

- update to version 2.9.3 (maintenance release)
  * security fixes
    - CVE-2019-14904 (solaris_zone module) (boo#1157968)
    - CVE-2019-14905 (nxos_file_copy module) (boo#1157969)
  * various bugfixes
Sun Dec 29 15:21:09 UTC 2019 - Lars Vogdt <>

- sync with upstream spec file (especially for RHEL & Fedora builds)
- ran spec-cleaner
- remove old SUSE targets (SLE-11, Leap 42.3 and below)
  This simplifies the spec file and makes building easier
- Additional required packages for building:
  + python-boto3 and python-botocore for Amazon EC2
  + python-jmespath for json queries
  + python-memcached for cloud modules and local caching of JSON 
    formatted, per host records
  + python-redis for cloud modules and local caching of JSON 
    formatted, per host records
  + python-requests for many web-based modules (cloud, network, 
  => as the need for those packages depends on the usage of the 
     tool, they are just recommended on openSUSE/SUSE machines
- made dependencies for gitlab, vmware and winrm modules configurable,
  as most of their dependencies are not (yet) available on current 
  openSUSE/SUSE distributions
- exclude /usr/bin/pwsh from the automatic dependency generation, 
  as the Windows Power Shell is not available (yet) on openSUSE/SUSE
- build additional docs and split up ansible-doc package; 
  moving changelogs, contrib and example directories there
- prepare for building HTML documentation, but disable this per 
  default for the moment, as not all package dependencies are available
  in openSUSE/SUSE (yet)
- package some test scripts with executable permissions

Thu Dec  5 09:21:27 UTC 2019 - Michael Ströder <>

- update to version 2.9.2
  maintenance release containing numerous bugfixes

Thu Nov 21 16:27:05 UTC 2019 - Lars Vogdt <>

- Create system directories that Ansible defines as default locations 
  in ansible/config/base.yml
- rephrase the summary line 
- Disable shebang munging for specific paths. These files are data files.
  ansible-test munges the shebangs itself.

Tue Nov 19 18:04:50 UTC 2019 - Lars Vogdt <>

- split out ansible-test package for module developers

Fri Nov 15 12:44:55 UTC 2019 - - 2.9.1

- update to version 2.9.1
  Full changelog is packaged at /usr/share/doc/packages/ansible/changelogs/
  and also available online at
  + CVE-2019-14864: fixed Splunk and Sumologic callback plugins leak 
    sensitive data in logs (boo#1154830)
- replace all #!/usr/bin/env lines to use #!/usr/bin/$1 directly

Sun Nov  3 19:26:21 UTC 2019 - Johannes Kastl <>

- added file '/usr/bin/ansible-test' to spec file

Fri Nov  1 21:11:03 UTC 2019 - Johannes Kastl <>

- Update to version 2.9.0:
  Full changelog is packaged at /usr/share/doc/packages/ansible/changelogs/
  and also available online at
- Fixed among other this security bug:
  - bsc#1112959 CVE-2018-16837 Information leak in "user" module patch added

Sun Oct 27 14:15:53 UTC 2019 -

- include the sha checksum file in the source, which allows to verify
  the original sources

Wed Oct 23 16:10:41 UTC 2019 -  <>

- Update to version 2.8.6:
  Full changelog is packaged at /usr/share/doc/packages/ansible/changelogs/
  and also available online at
  Included security fixes:
  * CVE-2019-14846: Fixed secrets disclosure on logs due to display is hardcoded
    to DEBUG level (bsc#1153452)
  * CVE-2019-14856: Fixed insufficient fix for CVE-2019-10206 (bsc#1154232)
  * CVE-2019-14858: Fixed data in the sub parameter fields that will not be masked
    and will be displayed when run with increased verbosity (bsc#1154231) 

Fri Sep 13 09:02:36 UTC 2019 - Lars Vogdt <>

- Update to version 2.8.5:
  Full changelog is packaged at /usr/share/doc/packages/ansible/changelogs/
  and also available online at
- removed patches fixed upstream:
  + CVE-2019-10206-data-disclosure.patch
  + CVE-2019-10217-gcp-modules-sensitive-fields.patch

Wed Aug  7 16:30:47 CEST 2019 - Matej Cepl <>

- Update to version 2.8.3:
  Full changelog is packaged, but also at
  - (bsc#1137528) CVE-2019-10156: ansible: templating causing an
    unexpected key file to be set on remote node
- (bsc#1142690) Adds CVE-2019-10206-data-disclosure.patch fixing
  CVE-2019-10206: ansible-playbook -k and ansible cli tools
  prompt passwords by expanding them from templates as they could
  contain special characters. Passwords should be wrapped to
  prevent templates trigger and exposing them.
- (bsc#1144453) Adds CVE-2019-10217-gcp-modules-sensitive-fields.patch
  CVE-2019-10217: Fields managing sensitive data should be set as
  such by no_log feature. Some of these fields in GCP modules are
  not set properly. service_account_contents() which is common
  class for all gcp modules is not setting no_log to True. Any
  sensitive data managed by that function would be leak as an
  output when running ansible playbooks.

Sat Jun  8 16:33:53 UTC 2019 - Lars Vogdt <>

- Update to version 2.8.1
  Full changelog is at /usr/share/doc/packages/ansible/changelogs/
  - ACI - DO not encode query_string
  - ACI modules - Fix non-signature authentication
  - Add missing directory provided via ``--playbook-dir`` to adjacent collection loading
  - Fix "Interface not found" errors when using eos_l2_interface with nonexistant
    interfaces configured
  - Fix cannot get credential when `source_auth` set to `credential_file`.
  - Fix netconf_config backup string issue
  - Fix privilege escalation support for the docker connection plugin when
    credentials need to be supplied (e.g. sudo with password).
  - Fix vyos cli prompt inspection
  - Fixed loading namespaced documentation fragments from collections.
  - Fixing bug came up after running cnos_vrf module against coverity.
  - Properly handle data importer failures on PVC creation, instead of timing out.
  - To fix the ios static route TC failure in CI
  - To fix the nios member module params
  - To fix the nios_zone module idempotency failure
  - add terminal initial prompt for initial connection
  - allow include_role to work with ansible command
  - allow python_requirements_facts to report on dependencies containing dashes
  - asa_config fix
  - azure_rm_roledefinition - fix a small error in build scope.
  - azure_rm_virtualnetworkpeering - fix cross subscriptions virtual network
  - cgroup_perf_recap - When not using file_per_task, make sure we don't
    prematurely close the perf files
  - display underlying error when reporting an invalid ``tasks:`` block.
  - dnf - fix wildcard matching for state: absent
  - docker connection plugin - accept version ``dev`` as 'newest version' and
    print warning.
  - docker_container - ``oom_killer`` and ``oom_score_adj`` options are available
    since docker-py 1.8.0, not 2.0.0 as assumed by the version check.
  - docker_container - fix network creation when ``networks_cli_compatible`` is
  - docker_container - use docker API's ``restart`` instead of ``stop``/``start``
    to restart a container.
  - docker_image - if ``build`` was not specified, the wrong default for
    ``build.rm`` is used.
  - docker_image - if ``nocache`` set to ``yes`` but not ``build.nocache``, the
    module failed.
  - docker_image - module failed when ``source: build`` was set but
    ``build.path`` options not specified.
  - docker_network module - fix idempotency when using ``aux_addresses`` in
  - ec2_instance - make Name tag idempotent
  - eos: don't fail modules without become set, instead show message and continue
  - eos_config: check for session support when asked to 'diff_against: session'
  - eos_eapi: fix idempotency issues when vrf was unspecified.
  - fix bugs for ce - more info see
  - fix incorrect uses of to_native that should be to_text instead.
  - hcloud_volume - Fix idempotency when attaching a server to a volume.
  - ibm_storage - Added a check for null fields in ibm_storage utils module.
  - include_tasks - whitelist ``listen`` as a valid keyword
  - k8s - resource updates applied with force work correctly now
  - keep results subset also when not no_log.
  - meraki_switchport - improve reliability with native VLAN functionality.
  - netapp_e_iscsi_target - fix netapp_e_iscsi_target chap secret size and
    clearing functionality
  - netapp_e_volumes - fix workload profileId indexing when no previous workload
    tags exist on the storage array.
  - nxos_acl some platforms/versions raise when no ACLs are present
  - nxos_facts fix <>
  - nxos_file_copy fix passwordless workflow
  - nxos_interface Fix admin_state check for n6k
  - nxos_snmp_traps fix group all for N35 platforms
  - nxos_snmp_user fix platform fixes for get_snmp_user
  - nxos_vlan mode idempotence bug
  - nxos_vlan vlan names containing regex ctl chars should be escaped
  - nxos_vtp_* modules fix n6k issues
  - openssl_certificate - fix private key passphrase handling for
    ``cryptography`` backend.
  - openssl_pkcs12 - fixes crash when private key has a passphrase and the module
    is run a second time.
  - os_stack - Apply tags conditionally so that the module does not throw up an
    error when using an older distro of openstacksdk
  - pass correct loading context to persistent connections other than local
  - pkg_mgr - Ansible 2.8.0 failing to install yum packages on Amazon Linux
  - postgresql - added initial SSL related tests
  - postgresql - added missing_required_libs, removed excess param mapping
  - postgresql - move connect_to_db and get_pg_version into
    module_utils/ (
  - postgresql_db - add note to the documentation about state dump and the
    incorrect rc (
  - postgresql_db - fix for postgresql_db fails if stderr contains output
  - postgresql_ping - fixed a typo in the module documentation
  - preserve actual ssh error when we cannot connect.
  - route53_facts - the module did not advertise check mode support, causing it
    not to be run in check mode.
  - sysctl: the module now also checks the output of STDERR to report if values
    are correctly set (
  - ufw - correctly check status when logging is off
  - uri - always return a value for status even during failure
  - urls - Handle redirects properly for IPv6 address by not splitting on ``:``
    and rely on already parsed hostname and port values
  - vmware_vm_facts - fix the support with regular ESXi
  - vyos_interface fix <>
  - we don't really need to template vars on definition as we do this on demand
    in templating.
  - win_acl - Fix qualifier parser when using UNC paths -
  - win_hostname - Fix non netbios compliant name handling
  - winrm - Fix issue when attempting to parse CLIXML on send input failure
  - xenserver_guest - fixed an issue where VM whould be powered off even though
    check mode is used if reconfiguration requires VM to be powered off.
  - xenserver_guest - proper error message is shown when maximum number of
    network interfaces is reached and multiple network interfaces are added at
  - yum - Fix false error message about autoremove not being supported
  - yum - fix failure when using ``update_cache`` standalone
  - yum - handle special "_none_" value for proxy in yum.conf and .repo files

Wed May 22 14:42:42 UTC 2019 - Marcel Kuehlhorn <>

- Update to version 2.8.0
  Major changes:
  * Experimental support for Ansible Collections and content namespacing -
    Ansible content can now be packaged in a collection and addressed via
    namespaces. This allows for easier sharing, distribution, and installation
    of bundled modules/roles/plugins, and consistent rules for accessing
    specific content via namespaces.
  * Python interpreter discovery - The first time a Python module runs on a
    target, Ansible will attempt to discover the proper default Python
    interpreter to use for the target platform/version (instead of immediately
    defaulting to /usr/bin/python). You can override this behavior by
    setting ansible_python_interpreter or via config. 
  * become - The deprecated CLI arguments for --sudo, --sudo-user,
    --ask-sudo-pass, -su, --su-user, and --ask-su-pass have been removed, in
    favor of the more generic --become, --become-user, --become-method, and
  * become - become functionality has been migrated to a plugin architecture,
    to allow customization of become functionality and 3rd party become methods
- addresses CVE-2018-16859, CVE-2018-16876, CVE-2019-3828, CVE-2018-16837

For the full changelog see /usr/share/doc/packages/ansible/changelogs or online:

Thu Apr  4 17:22:58 UTC 2019 - Michael Ströder <>

- Update to version 2.7.10

Minor Changes
- Catch all connection timeout related exceptions and raise AnsibleConnectionError instead
- openssl_pkcs12, openssl_privatekey, openssl_publickey - These modules no longer delete the output file before starting to regenerate the output, or when generating the output failed.

- Backport of, pamd - fix idempotence issue when removing rules
- Use custom JSON encoder in so that ansible objects (AnsibleVaultEncryptedUnicode, for example) can be sent to the persistent connection process
- allow 'dict()' jinja2 global to function the same even though it has changed in jinja2 versions
- azure_rm inventory plugin - fix missing hostvars properties (
- azure_rm inventory plugin - fix no nic type in vmss nic. (
- deprecate {Get/Set}ManagerAttributes commands (
- flatpak_remote - Handle empty output in remote_exists, fixes
- foreman - fix Foreman returning host parameters
- get_url - Fix issue with checksum validation when using a file to ensure we skip lines in the file that do not contain exactly 2 parts. Also restrict exception handling to the minimum number of necessary lines (
- grafana_datasource - Fixed an issue when running Python3 and using basic auth (
- include_tasks - Fixed an unexpected exception if no file was given to include.
- openssl_certificate - fix ``state=absent``.
- openssl_certificate, openssl_csr, openssl_pkcs12, openssl_privatekey, openssl_publickey - The modules are now able to overwrite write-protected files (
- openssl_dhparam - fix ``state=absent`` idempotency and ``changed`` flag.
- openssl_pkcs12, openssl_privatekey - These modules now accept the output file mode in symbolic form or as a octal string (
- openssl_publickey - fixed crash on Python 3 when OpenSSH private keys were used with passphrases.
- openstack inventory plugin: allow "constructed" functionality (``compose``, ``groups``, and ``keyed_groups``) to work as documented.
- random_mac - generate a proper MAC address when the provided vendor prefix is two or four characters (
- replace - fix behavior when ``before`` and ``after`` are used together (
- report correct CPU information on ARM systems (
- slurp - Fix issues when using paths on Windows with glob like characters, e.g. ``[``, ``]``
- ssh - Check the return code of the ssh process before raising AnsibleConnectionFailure, as the error message for the ssh process will likely contain more useful information. This will improve the missing interpreter messaging when using modules such as setup which have a larger payload to transfer when combined with pipelining. (
- tower_settings - 'name' and 'value' parameters are always required, module can not be used in order to get a setting
- win_acl - Fix issues when using paths with glob like characters, e.g. ``[``, ``]``
- win_acl_inheritance - Fix issues when using paths with glob like characters, e.g. ``[``, ``]``
- win_certificate_store - Fix issues when using paths with glob like characters, e.g. ``[``, ``]``
- win_chocolatey - Fix incompatibilities with the latest release of Chocolatey ``v0.10.12+``
- win_copy - Fix issues when using paths with glob like characters, e.g. ``[``, ``]``
- win_file - Fix issues when using paths with glob like characters, e.g. ``[``, ``]``
- win_find - Ensure found files are sorted alphabetically by the path instead of it being random
- win_find - Fix issues when using paths with glob like characters, e.g. ``[``, ``]``
- win_owner - Fix issues when using paths with glob like characters, e.g. ``[``, ``]``
- win_psexec - Support executables with a space in the path
- win_reboot - Fix reboot command validation failure when running under the psrp connection plugin
- win_tempfile - Always return the full NTFS absolute path and not a DOS 8.3 path.
- win_user_right - Fix output containing non json data -
- windows - Fixed various module utils that did not work with path that had glob like chars
- yum - fix disable_excludes on systems with yum rhn plugin enabled (

Sun Mar 17 07:42:28 UTC 2019 - Michael Ströder <>

- Update to version 2.7.9
  Minor Changes
  * Add missing import for ConnectionError in edge and routeros module_utils.
  * ``to_yaml`` filter updated to maintain formatting consistency when used 
    with ``pyyaml`` versions 5.1 and later 
  * docker_image * set ``changed`` to ``false`` when using ``force: yes`` to 
    tag or push an image that ends up being identical to one already present on 
    the Docker host or Docker registry.

  * jenkins_plugin * Set new default value for the update_url parameter 

  * Fix bug where some inventory parsing tracebacks were missing or reported under the wrong plugin.
  * Fix rabbitmq_plugin idempotence due to information message in new version of rabbitmq (
  * Fixed KeyError issue in vmware_host_config_manager when a supported option isn't already set (
  * Fixed issue related to --yaml flag in vmware_vm_inventory. Also fixed caching issue in vmware_vm_inventory (
  * If large integers are passed as options to modules under Python 2, module argument parsing will reject them as they are of type ``long`` and not of type ``int``.
  * allow nice error to work when auto plugin reads file w/o `plugin` field
  * ansible-doc * Fix traceback on providing arguemnt --all to ansible-doc command
  * azure_rm_virtualmachine_facts * fixed crash related to attached managed disks (
  * basic * modify the correct variable when determining available hashing algorithms to avoid errors when md5 is not available (
  * cloudscale * Fix compatibilty with Python3 in version 3.5 and lower.
  * convert input into text to ensure valid comparisons in nmap inventory plugin
  * dict2items * Allow dict2items to work with hostvars
  * dnsimple * fixed a KeyError exception related to record types handling.
  * docker_container * now returns warnings from docker daemon on container creation and updating.
  * docker_swarm * Fixed node_id parameter not working for node removal (
  * docker_swarm * do not crash with older docker daemons (
  * docker_swarm * fixes idempotency for the ``ca_force_rotate`` option.
  * docker_swarm * improve Swarm detection.
  * docker_swarm * improve idempotency checking; ``rotate_worker_token`` and ``rotate_manager_token`` are now also used when all other parameters have not changed.
  * docker_swarm * now supports docker-py 1.10.0 and newer for most operations, instead only docker 2.6.0 and newer.
  * docker_swarm * properly implement check mode (it did apply changes).
  * docker_swarm * the ``force`` option was ignored when ``state: present``.
  * docker_swarm_service * do basic validation of ``publish`` option if specified (must be list of dicts).
  * docker_swarm_service * don't crash when ``publish`` is not specified.
  * docker_swarm_service * fix problem with docker daemons which do not return ``UpdateConfig`` in the swarm service spec.
  * docker_swarm_service * the return value was documented as ``ansible_swarm_service``, but the module actually returned ``ansible_docker_service``. Documentation and code have been updated so that the variable is now called ``swarm_service``. In Ansible 2.7.x, the old name ``ansible_docker_service`` can still be used to access the result.
  * ec2 * if the private_ip has been provided for the new network interface it shouldn't also be added to top level parameters for run_instances()
  * fix DNSimple to ensure check works even when the number of records is larger than 100
  * get_url * return no change in check mode when checksum matches
  * inventory plugins * Fix creating groups from composed variables by getting the latest host variables
  * inventory_aws_ec2 * fix no_log indentation so AWS temporary credentials aren't displayed in tests
  * jenkins_plugin * Prevent plugin to be reinstalled when state=present (
  * lvol * fixed ValueError when using float size (,
  * mysql * MySQLdb doesn't import the cursors module for its own purposes so it has to be imported in MySQL module utilities before it can be used in dependent modules like the proxysql module family.
  * mysql * fixing unexpected keyword argument 'cursorclass' issue after migration from MySQLdb to PyMySQL.
  * mysql_user: match backticks, single and double quotes when checking user privileges.
  * onepassword_facts * Fixes issues which prevented this module working with 1Password CLI version 0.5.5 (or greater). Older versions of the CLI were deprecated by 1Password and will no longer function.
  * openssl_certificate * ``has_expired`` correctly checks if the certificate is expired or not
  * openssl_certificate * fix Python 3 string/bytes problems for `notBefore`/`notAfter` for self-signed and ownCA providers.
  * openssl_certificate * make sure that extensions are actually present when their values should be checked.
  * openssl_csr * improve ``subject`` validation.
  * openssl_csr * improve error messages for invalid SANs.
  * play order is now applied under all circumstances, fixes
  * remote_management foreman * Fixed issue where it was impossible to createdelete a product because product was missing in dict choices ( )
  * rhsm_repository * handle systems without any repos
  * skip invalid plugin after warning in loader
  * urpmi module * fixed issue
  * win_certificate_store * Fix exception handling typo
  * win_chocolatey * Fix issue when parsing a beta Chocolatey install *
  * win_chocolatey_source * fix bug where a Chocolatey source could not be disabled unless ``source`` was also set *
  * win_domain * Do not fail if DC is already promoted but a reboot is required, return ``reboot_required: True``
  * win_domain * Fix when running without credential delegated authentication *
  * win_file * Fix issue when managing hidden files and directories *
  * winrm * attempt to recover from a WinRM send input failure if possible
  * zabbix_hostmacro: fixes truncation of macro contexts that contain colons (see

  New Plugins
  * vmware_vm_inventory * VMware Guest inventory source

Sat Mar 16 20:12:47 UTC 2019 - Lars Vogdt <>

- update URL (use SSL version of the URL)
- prepare update for multiple releases (bsc#1102126, bsc#1109957)

Sun Feb 24 10:06:31 UTC 2019 - Michael Ströder <>

- Update to version 2.7.8
  Minor Changes:
  * Raise AnsibleConnectionError on winrm connnection errors
  * Backport of , fixes name collision in haproxy module
  * Fix aws_ec2 inventory plugin code to automatically populate regions when missing as documentation states, also leverage config system vs self default/type validation
  * Fix unexpected error when using Jinja2 native types with non-strict constructed keyed_groups (
  * If an ios module uses a section filter on a device which does not support it, retry the command without the filter.
  * acme_challenge_cert_helper * the module no longer crashes when the required ``cryptography`` library cannot be found.
  * azure_rm_managed_disk_facts * added missing implementation of listing managed disks by resource group
  * azure_rm_mysqlserver * fixed issues with passing parameters while updating existing server instance
  * azure_rm_postgresqldatabase * fix force_update bug (
  * azure_rm_postgresqldatabase * fix force_update bug.
  * azure_rm_postgresqlserver * fixed issues with passing parameters while updating existing server instance
  * azure_rm_sqlserver * fix for tags support
  * azure_rm_virtualmachine * fixed several crashes in module
  * azure_rm_virtualmachine_facts * fix crash when vm created from custom image
  * azure_rm_virtualmachine_facts * fixed crash related to VM with managed disk attached
  * ec2 * Correctly sets the end date of the Spot Instance request. Sets `ValidUntil` value in proper way so it will be auto-canceled through `spot_wait_timeout` interval.
  * openssl_csr * fixes idempotence problem with PyOpenSSL backend when no Subject Alternative Names were specified.
  * openstack inventory plugin * send logs from sdk to stderr so they do not combine with output
  * psrp * do not display bootstrap wrapper for each module exec run
  * redfish_utils * get standard properties for firmware entries (
  * remote home directory * Disallow use of remote home directories that include relative pathing by means of `..` (CVE-2019-3828, bsc#1126503) (
  * ufw * when using ``state: reset`` in check mode, ``ufw --dry-run reset`` was executed, which causes a loss of firewall rules. The ``ufw`` module was adjusted to no longer run ``ufw --dry-run reset`` to prevent this from happening.
  * ufw: make sure that only valid values for ``direction`` are passed on.
  * update GetBiosBootOrder to use standard Redfish resources (
  * win become * Fix some scenarios where become failed to create an elevated process
  * win_psmodule * the NuGet package provider will be updated, if needed, to avoid issue under adding a repository
  * yum * Remove incorrect disable_includes error message when using disable_excludes (
  * yum * properly handle a proxy config in yum.conf for an unauthenticated proxy

Sat Feb  9 16:55:54 UTC 2019 - Matthias Eliasson <>

- Update to version 2.7.7
  Minor Changes:
  * Allow check_mode with supports_generate_diff capability in cli_config. (
  * Fixed typo in vmware documentation fragment. Changed "supported added" to "support added".
  * All K8S_AUTH_* environment variables are now properly loaded by the k8s lookup plugin
  * Change backup file globbing for network _config modules so backing up one host's config will not delete the backed up config of any host whose hostname is a subset of the first host's hostname (e.g., switch1 and switch11)
  * Fixes bug where nios_a_record wasn't getting deleted if an uppercase named a_record was being passed. (
  * aci_aaa_user - Fix setting user description (
  * apt_repository - fixed failure under Python 3.7 (
  * archive - Fix check if archive is created in path to be removed
  * azure_rm inventory plugin - fix azure batch request (
  * cnos_backup - fixed syntax error (
  * cnos_image - fixed syntax error (
  * consul_kv - minor error-handling bugfix under Python 3.7 (
  * copy - align invocation in return value between check and normal mode
  * delegate_facts - fix to work properly under block and include_role (
  * docker_swarm_service - fix endpoint_mode and publish idempotency.
  * ec2_instance - Correctly adds description when adding a single ENI to the instance
  * ensure we have a XDG_RUNTIME_DIR, as it is not handled correctly by some privilege escalation configurations
  * file - Allow state=touch on file the user does not own
  * fix ansible-pull hanlding of extra args, complex quoting is needed for inline JSON
  * fix ansible_connect_timeout variable in network_cli,netconf,httpapi and nxos_install_os timeout check
  * netapp_e_storagepool - fixed failure under Python 3.7 (
  * onepassword_facts - Fix an issue looking up some 1Password items which have a 'password' attribute alongside the 'fields' attribute, not inside it.
  * prevent import_role from inserting dupe into roles: execution when duplicate signature role already exists in the section.
  * reboot - Fix bug where the connection timeout was not reset in the same task after rebooting
  * ssh connection - do not retry with invalid credentials to prevent account lockout (
  * systemd - warn when exeuting in a chroot environment rather than failing (
  * win_chocolatey - Fix hang when used with proxy for the first time -
  * win_power_plan - Fix issue where win_power_plan failed on newer Windows 10 builds -

Sun Jan 20 19:55:26 UTC 2019 - Matthias Eliasson <>

- update to version 2.7.6
  Minor Changes:
  * Added documentation about using VMware dynamic inventory plugin.
  * Fixed bug around populating host_ip in hostvars in vmware_vm_inventory.
  * Image reference change in Azure VMSS is detected and applied correctly.
  * docker_volume - reverted changed behavior of force, which was released in Ansible 2.7.1 to 2.7.5, and Ansible 2.6.8 to 2.6.11. Volumes are now only recreated if the parameters changed and force is set to true (instead of or). This is the behavior which has been described in the documentation all the time.
  * set ansible_os_family from name variable in os-release
  * yum and dnf can now handle installing packages from URIs that are proxy redirects and don't end in the .rpm file extension
  * Added log message at -vvvv when using netconf connection listing connection details.
  * Changes how ansible-connection names socket lock files. They now use the same name as the socket itself, and as such do not lock other attempts on connections to the same host, or cause issues with overly-long hostnames.
  * Fix mandatory statement error for junos modules (
  * Moved error in netconf connection plugin from at import to on connection.
  * This reverts some changes from commit 723daf3. If a line is found in the file, exactly or via regexp matching, it must not be added again. insertafter/insertbefore options are used only when a line is to be inserted, to specify where it must be added.
  * allow using openstack inventory plugin w/o a cache
  * callbacks - Do not filter out exception, warnings, deprecations on failure when using debug (
  * certificate_complete_chain - fix behavior when invalid file is parsed while reading intermediate or root certificates.
  * copy - Ensure that the src file contents is converted to unicode in diff information so that it is properly wrapped by AnsibleUnsafeText to prevent unexpected templating of diff data in Python3 (
  * correct behaviour of verify_file for vmware inventory plugin, it was always returning True
  * dnf - fix issue where conf_file was not being loaded properly
  * dnf - fix update_cache combined with install operation to not cause dnf transaction failure
  * docker_container - fix network_mode idempotency if the container:<container-name> form is used (as opposed to container:<container-id>) (
  * docker_container - warning when non-string env values are found, avoiding YAML parsing issues. Will be made an error in Ansible 2.8. (
  * docker_swarm_service - Document labels and container_labels with correct type.
  * docker_swarm_service - Document limit_memory and reserve_memory correctly on how to specify sizes.
  * docker_swarm_service - Document minimal API version for configs and secrets.
  * docker_swarm_service - fix use of Docker API so that services are not detected as present if there is an existing service whose name is a substring of the desired service
  * docker_swarm_service - fixing falsely reporting update_order as changed when option is not used.
  * document old option that was initally missed
  * ec2_instance now respects check mode
  * fix for network_cli - ansible_command_timeout not working as expected (#49466)
  * fix handling of firewalld port if protocol is missing
  * fix lastpass lookup failure on python 3 (
  * flatpak - Fixed Python 2/3 compatibility
  * flatpak - Fixed issue where newer versions of flatpak failed on flatpak removal
  * flatpak_remote - Fixed Python 2/3 compatibility
  * gcp_compute_instance - fix crash when the instance metadata is not set
  * grafana_dashboard - Fix a pair of unicode string handling issues with version checking (
  * host execution order - Fix reverse_inventory not to change the order of the items before reversing on python2 and to not backtrace on python3
  * icinga2_host - fixed the issue with not working use_proxy option of the module.
  * influxdb_user - An unspecified password now sets the password to blank, except on existing users. This previously caused an unhandled exception.
  * influxdb_user - Fixed unhandled exception when using invalid login credentials (
  * openssl_* - fix error when path contains a file name without path.
  * openssl_csr - fix problem with idempotency of keyUsage option.
  * openssl_pkcs12 - now does proper path expansion for ca_certificates.
  * os_security_group_rule - os_security_group_rule doesn't exit properly when secgroup doesn't exist and state=absent (
  * paramiko_ssh - add auth_timeout parameter to ssh.connect when supported by installed paramiko version. This will prevent "Authentication timeout" errors when a slow authentication step (>30s) happens with a host (
  * purefa_facts and purefb_facts now correctly adds facts into main ansible_fact dictionary (
  * reboot - add appropriate commands to make the plugin work with VMware ESXi (
  * reboot - add support for rebooting AIX (
  * reboot - gather distribution information in order to support Alpine and other distributions (
  * reboot - search common paths for the shutdown command and use the full path to the binary rather than depending on the PATH of the remote system (
  * reboot - use a common set of commands for older and newer Solaris and SunOS variants (
  * redfish_utils - fix reference to local variable 'systems_service'
  * setup - fix the rounding of the ansible_memtotal_mb value on VMWare vm's (
  * vultr_server - fixed multiple ssh keys were not handled.
  * win_copy - Fix copy of a dir that contains an empty directory -
  * win_firewall_rule - Remove invalid 'bypass' action
  * win_lineinfile - Fix issue where a malformed json block was returned causing an error
  * win_updates - Correctly report changes on success

Sun Dec 16 00:20:24 UTC 2018 - Matthias Eliasson <>

- update to version 2.7.5
  Minor Changes:
  * Add warning about falling back to jinja2_native=false when Jinja2 version is lower than 2.10.
  * Change the position to search os-release since clearlinux new versions are providing /etc/os-release too
  * Fixed typo in ansible-galaxy info command.
  * Improve the deprecation message for squashing, to not give misleading advice
  * Update docs and return section of vmware_host_service_facts module.
  * ansible-galaxy: properly warn when git isn't found in an installed bin path instead of traceback
  * dnf module properly load and initialize dnf package manager plugins
  * docker_swarm_service: use docker defaults for the user parameter if it is set to null 
  * bsc#1118896 CVE-2018-16876 Information disclosure in vvv+ mode with no_log on (
  * ACME modules: improve error messages in some cases (include error returned by server).
  * Added unit test for VMware module_utils.
  * Also check stdout for interpreter errors for more intelligent messages to user
  * Backported support for Devuan-based distribution
  * Convert hostvars data in OpenShift inventory plugin to be serializable by ansible-inventory
  * Fix AttributeError (Python 3 only) when an exception occurs while rendering a template
  * Fix N3K power supply facts (
  * Fix NameError nxos_facts (
  * Fix VMware module utils for self usage.
  * Fix error in OpenShift inventory plugin when a pod has errored and is empty
  * Fix if the route table changed to none (
  * Fix iosxr netconf plugin response namespace (
  * Fix issues with nxos_install_os module for nxapi (
  * Fix lldp and cdp neighbors information (
  * Fix nxos_interface and nxos_linkagg Idempotence issue (
  * Fix traceback when updating facts and the fact cache plugin was nonfunctional
  * Fix using vault encrypted data with jinja2_native (
  * Fixed: Make sure that the files excluded when extracting the archive are not checked.
  * Fixes issue where a password parameter was not set to no_log
  * Respect no_log on retry and high verbosity (CVE-2018-16876)
  * aci_rest - Fix issue ignoring custom port
  * acme_account, acme_account_facts - in some cases, it could happen that the modules return information on disabled accounts accidentally returned by the ACME server.
  * docker_swarm - decreased minimal required API version from 1.35 to 1.25; some features require API version 1.30 though.
  * docker_swarm_service: fails because of default "user: root" (
  * ec2_metadata_facts - Parse IAM role name from the security credential field since the instance profile name is different
  * fix azure_rm_image module use positional parameter (
  * fixes an issue with dict_merge in network utils (
  * gcp_utils - fix google auth scoping issue with application default credentials or google cloud engine credentials. Only scope credentials that can be scoped.
  * mail - fix python 2.7 regression
  * openstack - fix parameter handling when cloud provided as dict
  * os_user - Include domain parameter in user deletion
  * os_user - Include domain parameter in user lookup
  * ovirt_storage_connection - comparing passwords breaks idempotency in update_check (
  * paramiko_ssh - improve log message to state the connection type
  * reboot - use IndexError instead of TypeError in exception
  * redis cache - Support version 3 of the redis python library (
  * sensu_silence - Cast int for expire field to avoid call failure to sensu API.
  * vmware_host_service_facts - handle exception when service package does not have package name.
  * win_nssm - Switched to Argv-ToString for escaping NSSM credentials (
  * zabbix_hostmacro - Added missing validate_certs logic for running module against Zabbix servers with untrused SSL certificates (
  * zabbix_hostmacro - Fixed support for user macros with context (

Sun Dec  2 21:25:32 UTC 2018 - Matthias Eliasson <>

- update to version 2.7.4
  * powershell - add lib/ansible/executor/powershell to the packaging data

Sun Dec  2 21:17:22 UTC 2018 - Matthias Eliasson <>

- update to version 2.7.3
  Minor Changes:
  * Document Path and Port are mutually exclusive parameters in wait_for module
  * Puppet module remove --ignorecache to allow Puppet 6 support
  * dnf properly support modularity appstream installation via overloaded group
	modifier syntax
  * proxmox_kvm - fix exception
  * win_security_policy - warn users to use win_user_right instead when editing
	Privilege Rights
  * Fix the issue that FTD HTTP API retries authentication-related HTTP requests
  * Fix the issue that module fails when the Swagger model does not have required fields
  * Fix the issue with comparing string-like objects
  * Fix using omit on play keywords
  * Windows - prevent sensitive content from appearing in scriptblock logging (CVE-2018-16859)
  * apt_key - Disable TTY requirement in GnuPG for the module to work correctly 
	when SSH pipelining is enabled
  * better error message when bad type in config, deal with EVNAR= more gracefully
  * configuration retrieval would fail on non primed plugins
  * cs_template - Fixed a KeyError on state=extracted
  * docker_container - fix idempotency problems with docker-py caused by previous
	init idempotency fix
  * docker_container - fix interplay of docker-py version check with argument_spec
	validation improvements
  * docker_network - driver_options containing Python booleans would cause Docker
    to throw exceptions
  * ec2_group - Fix comparison of determining which rules to purge by ignoring descriptions
  * pip module - fix setuptools/distutils replacement
  * sysvinit - enabling a service should use "defaults" if no runlevels are specified

Wed Nov 28 18:57:37 UTC 2018 - Matthias Eliasson <>

- update to version 2.7.2
  Minor changes:
  * Fix documentation for cloning template
  * Parsing plugin filter may raise TypeError, gracefully handle this 
	exception and let user know about the syntax error in plugin filter file
  * Scenario guide for VMware HTTP API usage
  * Update plugin filter documentation
  * fix yum and dnf autoremove input sanitization to properly warn user if 
	invalid options passed and update documentation to match
  * improve readability and fix privileges names on vmware scenario_clone_template
  * k8s - updated module documentation to mention how to avoid SSL validation errors
  * yum - when checking for updates, now properly include Obsoletes 
	(both old and new) package data in the module JSON output

Sat Oct 27 03:22:44 UTC 2018 -

- update to 2.7.1
  Minor changes:
  * Fix yum module to properly check for empty conf_file value
  * added capability to set the scheme for the consul_kv lookup
  * added optional certificate and certificate validation for consul_kv lookups
  * dnf - properly handle modifying the enable/disable excludes data field
  * dnf appropriately handles disable_excludes repoid argument
  * dnf proerly honors disable_gpg_check for local package installation
  * fix yum module to handle list argument optional empty strings properly
  * netconf_config - Make default_operation optional in netconf_config module
  * yum - properly handle proxy password and username embedded in url
  * yum/dnf - fail when space separated string of names 

Mon Oct 08 06:09:05 UTC 2018 -

- update to 2.7.0
  Major changes:
  * Allow config to enable native jinja types
  * Remove support for simplejson
  * yum and dnf modules now at feature parity

  Minor changes:
  * Changed the prefix of all Vultr modules from vr to vultr
  * Enable installroot tests for yum4(dnf) integration testing, dnf backend now supports that
  * Fixed timer in exponential backoff algorithm in

  * Security Fix - avoid loading host/group vars from cwd when not specifying a playbook or playbook base dir
  * Security Fix - avoid using ansible.cfg in a world writable dir
  * Some connection exception would cause no_log specified on a task to be ignored (stdout info disclosure)
  * Fix glob path of rc.d (SUSE-specific)
  * Fix lambda_policy updates
  * Fix alt linux detection/matching
Tue Sep 11 09:29:01 UTC 2018 -

- update to 2.6.4
  Minor Changes:
  * add azure_rm_storageaccount support to StorageV2 kind. 
  * import_tasks - Do not allow import_tasks to transition to dynamic
    if the file is missing
  * Add md5sum check in nxos_file_copy module
  * Allow arbitrary log_driver for docker_container
  * Fix Python2.6 regex bug terminal plugin nxos, iosxr
  * Fix check_mode in nxos_static_route module
  * Fix glob path of rc.d Some distribtuions like SUSE has the rc%.d
    directories under /etc/init.d
  * Fix network config diff issue for lines 
  * Fixed an issue where ansible_facts.pkg_mgr would incorrectly set 
    to zypper on Debian/Ubuntu systems that happened to have the 
    command installed
  * The docker_* modules respect the DOCKER_* environment variables again
  * The fix for CVE-2018-10875 prints out a warning message about 
    skipping a config file from a world writable current working directory.
    However, if the user is in a world writable current working directory 
    which does not contain a config file, it should not print a warning 
    message. This release fixes that extaneous warning.
  * To resolve nios_network issue where vendor-encapsulated-options 
    can not have a use_option flag.
  * To resolve the issue of handling exception for Nios lookup gracefully.
  * always correctly template no log for tasks
  * ansible-galaxy - properly list all roles in roles_path
  * - catch ValueError in case a FIPS enabled platform 
    raises this exception
  * docker_container: fixing working_dir idempotency problem 
  * docker_container: makes unit parsing for memory sizes more consistent, 
    and fixes idempotency problem when kernel_memory is set
  * fix example code for AWS lightsail documentation
  * fix the enable_snat parameter that is only supposed to be used by 
    an user with the right policies.
  * fixes docker_container check and debug mode
  * improves docker_container idempotency
  * ios_l2_interface - fix bug when list of vlans ends with comma
  * ios_l2_interface - fix issue with certain interface types
  * ios_user - fix unable to delete user admin issue 
  * ios_vlan - fix unable to work on certain interface types issue 
  * nxos_facts test lldp feature and fix nxapi check_rc 
  * nxos_interface port-channel idempotence fix for mode
  * nxos_linkagg mode fix 
  * nxos_system idempotence fix
  * nxos_vlan refactor to support non structured output
  * one_host - fixes settings via environment variables
  * use retry_json nxos_banner
  * user - Strip trailing comments in /etc/default/passwd 
  * user - when creating a new user without an expiration date, 
    properly set no expiration rather that expirining the account
  * win_domain_computer - fixed deletion of computer active directory 
    object that have dependent objects
  * win_domain_computer - fixed error in diff_support
  * win_domain_computer - fixed error when description parameter is empty 
  * win_psexec - changed code to not escape the command option when building the args
  * win_uri -- Fix support for JSON output when charset is set
  * win_wait_for - fix issue where timeout doesn't wait unless state=drained

Mon Aug 27 19:35:38 UTC 2018 -

- update to 2.6.3
  * Fix lxd module to be idempotent when the given configuration for
	the lxd container has not changed
  * Fix setting value type to str to avoid conversion during template
	read. Fix Idempotency in case of 'no key'.
  * Fix the mount module's handling of swap entries in fstab
  * The fix for (CVE-2018-10875) prints out a warning message about
	skipping a config file from a world writable current working
	directory. However, if the user explicitly specifies that the 
	config file should be used via the ANSIBLE_CONFIG environment
	variable then Ansible would honor that but still print out the
	warning message. This has been fixed so that Ansible honors the
	user's explicit wishes and does not print a warning message in
	that circumstance.
  * To fix the bug where existing host_record was deleted when existing
	record name is used with different IP.
  * VMware handle pnic in proxyswitch
  * fix azure security group cannot add rules when purge_rule set to false.
  * fix azure_rm_deployment collect tags from existing Resource Group.
  * fix azure_rm_loadbalancer_facts list takes at least 2 arguments.
  * fix for the bundled selectors module (used in the ssh and local 
	connection plugins) when a syscall is restarted after being 
	interrupted by a signal
  * get_url - fix the bug that get_url does not change mode when checksum matches
  * nicer error when multiprocessing breaks
  * openssl_certificate - Convert valid_date to bytes for conversion
  * dynamic inventory file fixed the plugin to the 
	script so that it will work with current ansible-inventory. Also 
    redirect stdout before dumping the ouptput, because not doing so will
	cause JSON parse errors in some cases.
  * slack callback - Fix invocation by looking up data from cli.options
  * sysvinit module: handle values of optional parameters. Don't disable 
	service when enabled parameter isn't set. Fix command when arguments 
	parameter isn't set.
  * vars_prompt - properly template play level variables in vars_prompt
  * win_domain - ensure the Netlogon service is up and running after 
	promoting host to controller
  * win_domain_controller - ensure the Netlogon service is up and running
	after promoting host to controller

Mon Jul 30 15:05:07 UTC 2018 -

- update to 2.6.2
  Minor Changes
  + Sceanrio guide for removing an existing virtual machine is added.
  + lineinfile - add warning when using an empty regexp 
  + Restore module_utils.basic.BOOLEANS variable for backwards compatibility
    with the module API in older ansible releases.
  + Includes fix for bsc#1099808 (CVE-2018-10875) ansible.cfg is being read
    from current working directory allowing possible code execution
  + Add text output along with structured output in nxos_facts 
  + Allow more than one page of results by using the right pagination 
    indicator ('NextMarker' instead of 'NextToken').
  + Fix an atomic_move error that is 'true', but misleading. 
    Now we show all 3 files involved and clarify what happened.
  + Fix eos_l2_interface eapi.
  + Fix fetching old style facts in junos_facts module
  + Fix get_device_info nxos zero or more whitespace regex
  + Fix nxos CI failures
  + Fix nxos_nxapi default http behavior
  + Fix nxos_vxlan_vtep_vni
  + Fix regex network_os_platform nxos
  + Refactor nxos cliconf get_device_info for non structured 
    output supported devices
  + To fix the NoneType error raised in ios_l2_interface when 
    Access Mode VLAN is unassigned
  + emtpy host/group name is an error
  + fix default SSL version for docker modules
  + fix mail module when using starttls
  + fix nmap config example
  + fix ps detection of service
  + fix the remote tmp folder permissions issue when becoming a non 
    admin user
  + fix typoe in sysvinit that breaks update.rc-d detection
  + fixes docker_container compatibilty with docker-py < 2.2
  + get_capabilities in nxapi module_utils should not return empty dictionary
  + inventory - When using an inventory directory, ensure extension 
    comparison uses text types
  + ios_vlan - fix unable to identify correct vlans issue
  + nxos_facts warning message improved
  + openvswitch_db - make 'key' argument optional
  + pause - do not set stdout to raw mode when redirecting to a file
  + pause - nest try except when importing curses to gracefully fail 
    if curses is not present
  + plugins/inventory/ - Do not create group with empty 
    name if region is not set
  + preseve delegation info on nolog
  + remove ambiguity when it comes to 'the source'
  + remove dupes from var precedence
  + restores filtering out conflicting facts
  + user - fix bug that resulted in module always reporting a change when 
    specifiying the home directory on FreeBSD
  + user - use correct attribute name in FreeBSD for creat_home
  + vultr - Do not fail trying to load configuration from ini files if 
    required variables have been set as environment variables.
  + vyos_command correcting conditionals looping
  + win_chocolatey - enable TLSv1.2 support when downloading the 
    Chocolatey installer 
  + win_reboot - fix for handling an already scheduled reboot and other 
    minor log formatting issues
  + win_reboot - fix issue when overridding connection timeout hung 
    the post reboot uptime check
  + win_reboot - handle post reboots when running test_command 
  + win_security_policy - allows an empty string to reset a policy value
  + win_share - discard any cmdlet output we don't use to ensure only the 
    return json is received by Ansible
  + win_unzip - discard any cmdlet output we don't use to ensure only the 
    return json is received by Ansible
  + win_updates - fixed module return value is lost in error in some cases
  + win_user - Use LogonUser to validate the password as it does not 
    rely on SMB/RPC to be available
  + Security Fix - avoid loading host/group vars from cwd when not 
    specifying a playbook or playbook base dir
  + Security Fix - avoid using ansible.cfg in a world writable dir.
  + Fix junos_config confirm commit timeout issue 
  + file module - The touch subcommand had its diff output broken during
    the 2.6.x development cycle. This is now fixed.
  + inventory manager - This fixes required options being populated before 
    the inventory config file is read, so the required options may be 
    set in the config file.
  + nsupdate - allow hmac-sha384
  + win_domain - fixes typo in one of the AD cmdlets
  + win_group_membership - uses the internal Ansible SID conversion logic 
    and uses that when comparing group membership instead of the name 
- use fdupes to save some space in python_sitelib
- define BuildRoot on older distributions like SLE-11
- be a bit more flexible with the ending of manpage files to allow
  Fedora builds to succeed

Mon Jul  2 17:23:10 UTC 2018 -

- revert some unneeded changes from spec-cleaner

Mon Jul  2 11:38:41 UTC 2018 -

- updated to latest release 2.6.0 
- New Plugins:
  + Callback: 
    - cgroup_memory_recap
    - grafana_annotations
    - sumologic
  + Connection:
    - httpapi
  + Inventory:
    - foreman
    - gcp_compute
    - generator
    - nmap
  + Lookup:
    - onepassword
    - onepassword_raw
- Modules updates too many to mention here
  please look at package documentation directory (/usr/share/doc/packages/.../changelogs)
- bug fixes:
  - **Security Fix** - Some connection exceptions would cause no_log
    specified on a task to be ignored.  If this happened, the task information,
    including any private information coul d have been displayed to stdout and
    (if enabled, not the default) logged to a log file specified in
    ansible.cfg's log_path.  Additionally, sites which redirected stdout from
    ansible runs to a log file may have stored that private information onto
    disk that way as well.  (
  - Changed the admin_users config option to not include "admin" by default
    as admin is frequently used for a non-privileged account
  - Changed the output to "text" for "show vrf" command as default "json"
    output format with respect to "eapi" transport was failing
  - Document mode=preserve for both the copy and template module
  - Fix added for Digital Ocean Volumes API change causing Ansible to
    recieve an unexpected value in the response. 
  - Fix an encoding issue when parsing the examples from a plugins'
  - Fix iosxr_config module to handle route-policy, community-set,
    prefix-set, as-path-set and rd-set blocks.  All these blocks are part of
    route-policy language of iosxr.
  - Fix mode=preserve with remote_src=True for the copy module
  - Implement mode=preserve for the template module
  - The yaml callback plugin now allows non-ascii characters to be
  - Various grafana_* modules - Port away from the deprecated
    b64encodestring function to the b64encode function instead.
  - added missing 'raise' to exception definition
  - allow custom endpoints to be used in the aws_s3 module
  - allow set_options to be called multiple times
  - ansible-doc - fixed traceback on missing plugins
  - cast the device_mapping volume size to an int in the ec2_ami module
  - copy - fixed copy to only follow symlinks for files in the non-recursive case
  - copy module - The copy module was attempting to change the mode of files
    for remote_src=True even if mode was not set as a parameter.  This
    failed on filesystems which do not have permission bits
  - copy module - fixed recursive copy with relative paths
  - correct debug display for all cases
  - correctly check hostvars for vars term
  - correctly handle yaml inventory files when entries are null dicts
  - dynamic includes - Allow inheriting attributes from static parents
  - dynamic includes - Don't treat undefined vars for conditional includes
    as truthy (
  - dynamic includes - Fix IncludedFile comparison for free strategy
  - dynamic includes - Improved performance by fixing re-parenting on copy
  - dynamic includes - Use the copied and merged task for calculating task
    vars (
  - file - fixed the default follow behaviour of file to be true
  - file module - Eliminate an error if we're asked to remove a file but
    something removes it while we are processing the request
  - file module - Fix error when recursively assigning permissions and a
    symlink to a nonexistent file is present in the directory tree
  - file module - Fix error when running a task which assures a symlink to a
    nonexistent file exists for the second and subsequent times
  - file module - The file module allowed the user to specify src as a
    parameter when state was not link or hard.  This is documented as only
    applying to state=link or state=hard but in previous Ansible, this could
    have an effect in rare cornercases.  For instance, "ansible -m file -a
    'state=directory path=/tmp src=/var/lib'" would create /tmp/lib.  This
    has been disabled and a warning emitted (will change to an error in
  - file module - The touch subcommand had its diff output broken during the
    2.6.x development cycle.  This is now fixed
  - fix BotoCoreError exception handling
  - fix apt-mark on debian6 (
  - fix async for the aws_s3 module by adding async support to the action
    plugin (
  - fix decrypting vault files for the aws_s3 module
  - fix errors with S3-compatible APIs if they cannot use ACLs for buckets
    or objects
  - fix permission handling to try to download a file even if the user does
    not have permission to list all objects in the bucket
  - fixed config required handling, specifically for _terms in lookups
  - gce_net - Fix sorting of allowed ports
  - group_by - support implicit localhost
  - import/include - Ensure role handlers have the proper parent, allowing
    for correct attribute inheritance
  - import_playbook - Pass vars applied to import_playbook into parsing of
    the playbook as they may be needed to parse the imported plays
  - include_role/import_role - Don't overwrite included role handlers with
    play handlers on parse (
  - include_role/import_role - Fix parameter templating
  - include_role/import_role - Use the computed role name for
    include_role/import_role so to diffentiate between names computed from
    host vars (
    include_role/import_role - improved performance and recursion depth
  - lineinfile - fix insertbefore when used with BOF to not insert duplicate
    lines (
  - password lookup - Do not load password lookup in network filters,
    allowing the password lookup to be overriden
  - pause - ensure ctrl+c interrupt works in all cases
  - powershell - use the tmpdir set by `remote_tmp` for become/async tasks
    instead of the generic $env:TEMP -
  - selinux - correct check mode behavior to report same changes as normal
    mode (
  - spwd - With python 3.6 spwd.getspnam returns PermissionError instead of
    KeyError if user does not have privileges
  - synchronize - Ensure the local connection created by synchronize uses
    _remote_is_local=True, which causes ActionBase to build a local tmpdir
  - template - Fix for encoding issues when a template path contains
    non-ascii characters and using the template path in ansible_managed
  - template action plugin - fix the encoding of filenames to avoid
    tracebacks on Python2 when characters that are not present in the user's
    locale are present.  (
  - user - only change the expiration time when necessary
  - uses correct conn info for reset_connection
  - win_environment - Fix for issue where the environment value was deleted
    when a null value or empty string was set -
  - win_file - fix issue where special chars like [ and ] were not being
    handled correctly
  - win_get_url - fixed a few bugs around authentication and force no when
    using an FTP URL
  - win_iis_webapppool - redirect some module output to null so Ansible can
    read the output JSON
  - win_template - fix when specifying the dest option as a directory with
    and without the trailing slash
  - win_updates - Added the ability to run on a scheduled task for older
    hosts so async starts working again -
  - win_updates - Fix logic when using a whitelist for multiple updates
  - win_updates - Fix typo that hid the download error when a download
  - win_updates - Fixed issue where running win_updates on async fails
    without any error
  - windows become - Show better error messages when the become process fails
  - winrm - Add better error handling when the kinit process fails
  - winrm - allow `ansible_user` or `ansible_winrm_user` to override
    `ansible_ssh_user` when both are defined in an inventory -
  - winrm - ensure pexpect is set to not echo the input on a failure and have
    a manual sanity check afterwards
  - winrm connection plugin - Fix exception messages sometimes raising a
    traceback when the winrm connection plugin encounters an unrecoverable
  - xenserver_facts - ensure module works with newer versions of XenServer

Tue Jun 26 13:55:07 UTC 2018 -

- use python3 on (open)SUSE 15 or newer

Fri Jun 15 13:49:23 UTC 2018 -

- Update to 2.5.5
  - Fixed the honouration of the no_log option with failed task iterations
    (CVE-2018-10855 boo#1097775)
  - Bufixes:
    - Changed the admin_users config option to not include "admin" by default
      as admin is frequently used for a non-privileged account
    - aws_s3 - add async support to the action plugin
    - aws_s3 - fix decrypting vault files
    - ec2_ami - cast the device_mapping volume size to an int
    - eos_logging - fix idempotency issues
    - cache plugins - A cache timeout of 0 means the cache will not expire.
    - ios_logging - fix idempotency issues
    - ios/nxos/eos_config - don't retrieve config in running_config when config is provided for diff
    - nxos_banner - fix multiline banner issue
    - nxos terminal plugin - fix output truncation
    - nxos_l3_interface - fix no switchport issue with loopback and svi interfaces
    - nxos_snapshot - fix compare_option
- Applied spec-cleaner

Tue Apr 24 15:32:37 UTC 2018 -

- Update to 2.5.1
  Minor Changes
  + Updated example in vcenter_license module.
  + Updated virtual machine facts with instanceUUID which is unique 
    for each VM irrespective of name and BIOS UUID.
  + A lot of Bugfixes, please refer to the Changelog installed in 

Tue Mar 27 15:45:03 UTC 2018 -

- Update to 2.5.0:
  Major Changes
  * Ansible Network improvements
    + Created new connection plugins network_cli and netconf to replace
      connection=local. connection=local will continue to work for a
      number of Ansible releases.
    + No more unable to open shell. A clear and descriptive message will 
      be displayed in normal ansible-playbook output without needing to enable debug mode
    + Loads of documentation, see Ansible for Network Automation Documentation.
    + Refactor common network shared code into package under module_utils/network/
    + Filters: Add a filter to convert XML response from a network device to JSON object.
    + Loads of bug fixes.
    + Plus lots more.
  * New simpler and more intuitive 'loop' keyword for task loops. The 
    with_<lookup> loops will likely be deprecated in the near future 
    and eventually removed.
  * Added fact namespacing; from now on facts will be available under 
    ansible_facts namespace (for example: ansible_facts.os_distribution) 
    without the ansible_ prefix. They will continue to be added into the 
    main namespace directly, but now with a configuration toggle to enable
    this. This is currently on by default, but in the future it will default to off.
  * Added a configuration file that a site administrator can use to 
    specify modules to exclude from being used.
  Minor Changes
  * please refer to /share/doc/packages/ansible/changelogs/CHANGELOG-v2.5.rst
  Deprecated Features
  * Previously deprecated 'hostfile' config settings have been 're-deprecated' 
    because previously code did not warn about deprecated configuration settings.
  * Using Ansible-provided Jinja tests as filters is deprecated and will 
    be removed in Ansible 2.9.
  * The stat and win_stat modules have deprecated get_md5 and the md5 return
    values. These options will become undocumented in Ansible 2.9 and 
    removed in a later version.
  * The redis_kv lookup has been deprecated in favor of new redis lookup
  * Passing arbitrary parameters that begin with HEADER_ to the uri module, 
    used for passing http headers, is deprecated. Use the headers parameter 
    with a dictionary of header names to value instead. 
    This will be removed in Ansible 2.9
  * Passing arbitrary parameters to the zfs module to set zfs properties is 
    deprecated. Use the extra_zfs_properties parameter with a dictionary of
    property names to values instead. This will be removed in Ansible 2.9.
  * Use of the AnsibleModule parameter check\_invalid\_arguments in custom
    modules is deprecated. In the future, all parameters will be checked to 
    see whether they are listed in the arg spec and an error raised if they 
    are not listed. This behaviour is the current and future default so most 
    custom modules can simply remove check\_invalid\_arguments if they set it 
    to the default value of True. The check\_invalid\_arguments parameter 
    will be removed in Ansible 2.9.
  * The nxos_ip_interface module is deprecated in Ansible 2.5. 
    Use nxos_l3_interface module instead.
  * The nxos_portchannel module is deprecated in Ansible 2.5. 
    Use nxos_linkagg module instead.
  * The nxos_switchport module is deprecated in Ansible 2.5. 
    Use nxos_l2_interface module instead.
  * The ec2_ami_find has been deprecated; use ec2_ami_facts instead.
  * panos_security_policy: Use panos_security_rule - the old module uses 
    deprecated API calls
  * vsphere_guest is deprecated in Ansible 2.5 and will be removed in 
    Ansible-2.9. Use vmware_guest module instead.
  Removed Features (previously deprecated)
  * accelerate.
  * boundary_meter: There was no deprecation period for this but the hosted 
    service it relied on has gone away so the module has been removed. #29387
  * cl_ : cl_interface, cl_interface_policy, cl_bridge, cl_img_install, 
    cl_ports, cl_license, cl_bond. Use nclu instead
  * docker. Use docker_container and docker_image instead.
  * ec2_vpc.
  * ec2_ami_search, use ec2_ami_facts instead.
  * nxos_mtu. Use nxos_system's system_mtu option instead. 
    To specify an interface's MTU use nxos_interface.
  * panos_nat_policy: Use panos_nat_rule the old module uses
    deprecated API calls
- also package the changelogs directory below 
  /usr/share/doc/packages/ansible/ for better reference

Tue Mar  6 09:47:28 UTC 2018 -

- License changed to GPL-3.0-or-later, as mentioned in the source
  (former license focues on GPL-3.0 only)

Fri Feb 16 07:54:43 UTC 2018 -

- Add python-passlib as Requires (bsc#1080682)
  passlib is needed for the "vars_prompt" feature of ansible

Sun Feb  4 16:36:34 UTC 2018 -

- Update to version
  * Fix `pamd` rule args regexp to match file paths.
  * Check if SELinux policy exists before setting.
  * Set locale to `C` in `letsencrypt` module to fix date parsing
  * Fix include in loop when stategy=free.
  * Fix save parameter in asa_config.
  * Fix --vault-id support in ansible-pull.
  * In nxos_interface_ospf, fail nicely if loopback is used with
  * Fix quote filter when given an integer to quote.
  * nxos_vrf_interface fix when validating the interface.
  * Fix for win_copy when sourcing files from an SMBv1 share.
  * correctly report callback plugin file.
  * restrict revaulting to vault cli.
  * Fix python3 tracebacks in letsencrypt module.
  * Fix ansible_*_interpreter variables to be templated prior to
    being used.
  * Fix setting of environment in a task that uses a loop
  * Fix fetch on Windows failing to fetch files or particular
    block size.
  * preserve certain fields during no log.
  * fix issue with order of declaration of sections in ini
  * Fix win_iis_webapppool to correctly stop a apppool.
  * Fix CloudEngine host failed.
  * Fix ios_config save issue.
  * Handle vault filenames with nonascii chars when displaying
  * Fix win_iis_webapppool to not return passwords.
  * Fix extended file attributes detection and changing.
  * correctly ensure 'ungrouped' membership rules.
  * made warnings less noisy when empty/no inventory is supplied.
  * Fixes a failure which prevents to create servers in module
  * Fix win_firewall_rule "Specified cast is invalid" error when
    modifying a rule with all of Domain/Public/Private profiles set.
  * Fix case for multilib when installing from a file in the yum
  * Fix WinRM parsing/escaping of IPv6 addresses.
  * Fix win_package to detect MSI regardless of the extension case.
  * Updated win_mapped_drive docs to clarify what it is used for.
  * Fix file related modules run in check_mode when the file being
    operated on does not exist.
  * Make eos_vlan idempotent.
  * Fix win_iis_website to properly check attributes before setting.
  * Fixed the removal date for ios_config save and force parameters.
  * cloudstack: fix timeout from ini config file being ignored.
  * fixes memory usage issues with many blocks/includes.
  * Fixes maximum recursion depth exceeded with include_role.
  * Fix to win_dns_client module to take ordering of DNS servers to
    resolve into account.
  * Fix for the nxos_banner module where some nxos images nest the
    output inside of an additional dict.
  * Fix failure message "got multiple values for keyword argument
    id" in the azure_rm_securitygroup module (caused by changes to
    the azure python API).
  * Bump Azure storage client minimum to 1.5.0 to fix
    deserialization issues.
    This will break Azure Stack until it receives storage API
    version 2017-10-01 or changes are made to support multiple
  * Flush stdin when passing the become password. Fixes some cases
    of timeout on Python 3 with the ssh connection plugin.

Thu Nov 30 06:58:48 UTC 2017 -

update to version v2.4.2.0:
  * lock azure containerservice to below 2.0.0
  * ovirt_host_networks: Fix label assignment
  * Fix vault --ask-vault-pass with no tty (#31493)
  * cherry-pick changes of azure_rm_common from devel to 2.4 (#32607)
  * Fixes #31090. In network parse_cli filter plugin, this change moves the creation of a (#31092) (#32458)
  * Use an abspath for network inventory ssh key path.
  * Remove toLower on source (#31983)
  * Add logging fixes to the changelog
  * inserts enable cmd hash with auth_pass used (#32107)
  * Fix exception upon display.warn() (#31876)
  * ios_system: Fix typo in unit test (#32284)
  * yum: use the C locale when screen scraping (#32203)
  * Use region derived from get_aws_connection_info() in dynamodb_table to fix tagging bug (#32557)
  * fix item var in delegation (#32986)
  * Add changelog entry for elb_application_lb fix
  * Add a validate example to blockinfile. (#32088)
  * Correct formatting --arguments (#31808)
  * Add changelog for URI/get_url fix
  * [cloud] Bugfix for aws_s3 empty directory creation (#32198)
  * Fix junos integration test fixes as per connection refactor (#33050) (#33055)
  * Update win_copy for #32677 (#32682)
  * ios_interface testfix (#32381)
  * Add proper check mode support to the script module (#31852)
  * Add galaxy --force fix to changelog
  * Fix non-ascii errors in config manager
  * Add python3 urllib fixes to changelog
  * Add changelog entry for the stdin py3 fix
  * Update version info for the 2.4.2 release
  * Add max_fail_percentage fix to changelog
  * Changelog entry for script inventory plugin fix.
  * Make RPM spec compatible with RHEL 6 (#31653)
  * Add changelog entry for the yum locale fix
  * Use vyos/1.1.8 in CI.
  * Fix patching to epel package
  * Pass proper error value to to_text (#33030)
  * Fix and re-enable zypper* integration tests in CI.
  * avoid chroot paths (#32778)
  * Add changelog entry for inventory nonascii paths fix
  * Fix ios_config integration test failures (#32959) (#32970)
  * Fix ios_config file prompt issue (#32744) (#32780)
  * Mdd module unit test docs (#31373)
  * dont add all group vars to implicit on create
  * Fix nxos_banner removal idempotence issue in N1 images (#31259)
  * Clarify the release and maintenance cycle (#32402)
  * Add ansible_distribution_major_version to macOS (#31708)
  * Docs (#32718)
  * Keep newlines when reading LXC container config file (#32219)
  * Updated changelog for vmware logon error handling
  * New release v2.4.2.0-0.2.beta2
  * added doc notes about vars plugins in precedence
  * revert module_utils/nxos change from #32846 (#32956)
  * [cloud] add boto3 requirement to `cloudformation` module docs (#31135)
  * Fixes #31056 (#31057)
  * - Fix logging module issue where facility is being deleted along with host (#32234)
  * Get the moid in a more failsafe manner (#32671)
  * Integration Tests only: add static route, snmp_user, snapshot and hsrp it cases (#28933)
  * Add the change to when we escape backslashes (for the template lookup plugin) to changelog
  * correctly deal with changed (#31812)
  * Add the template lookup escaping to the 2.4 porting guide (#32760)
  * tests for InventoryModule error conditions (#31381)
  * Disable pylint rules for stable-2.4.
  * fix typo
  * Enable TLS1.1 and TLS1.2 for win_package (#32184)
  * Add remove host fix to changelog
  * ios_interface provider issue testfix (#32335)
  * win_service: quoted path fix (#32469)
  * Add changes to succeeded/failed tests to the 2.4 porting guide (#33201)
  * Run OS X tests in 3 groups in CI.
  * ini inventory: document value parsing workaround
  * Change netconf port in testcase as per test enviornment (#32883) (#32889)
  * fix inventory loading for ansible-doc
  * jsonify inventory (#32990)
  * firewalld: don't reference undefined variable in error case (#31949)
  * change ports to non well known ports and drop time_range for N1 (#31261)
  * make vars only group declarations an error
  * Add changelog for os_floating_ip fix
  * Fix example on comparing master config (#32406)
  * py2/py3 safer shas on hostvars (#31788)
  * ensure we always have a basedir
  * Add missing ansible-test --remote-terminate support. (#32918)
  * Use show command to support wider platform set for nxos_interface module (#33037)
  * ios_logging: change IOS command pipe to section to include (#33100) (#33116)
  * win_find: allow module to skip on files it fails to check (#32105)
  * New release v2.4.2.0-0.4.beta4
  * multiple nxos fixes (#32905)
  * Add changelog entry for git archive fix
  * Add changelog entries for a myriad of 2.4.2 bugfixes
  * iosxr integration testfix (#32344)
  * Fix #31694: running with closed stdin on python 3 (#31695)
  * Add eos_user fix to changelog
  * updated changelog with win_find fix
  * Added urls python3 fix to changelog
  * [cloud] Support changeset_name parameter on CloudFormation stack create (#31436)
  * use configured ansible_shell_executable
  * New release v2.4.2.0-0.3.beta3
  * Fix ec2_lc failing to create multi-volume configurations (#32191)
  * Changelog win_package TLS fix
  * Fix wrong prompt issue for network modules (#32426) (#32442)
  * New release v2.4.2.0-0.1.beta1
  * Exclude stack policy when running in check mode.
  * change inventory_hostname to ansible_host to fix test (#32890) (#32891)
  * Add azure_rm_acs check mode fix
  * Updated changelog for win_copy fix
  * corrected package docs
  * make sure patterns are strings
  * Add more bugfixes to changelog
  * Fix junos netconf port issue in integration test (#32610) (#32668)
  * fixed .loads error for non decoded json in Python 3 (#32065)
  * nxos_config and nxos_facts - fixes for N35 platform.  (#32762) (#32875)
  * Add changelog entry for #32219
  * Remove provider from  ios integration test (#31037) (#32230)
  * added note about serial behaviour (#32461)
  * Fixes ios_logging unit test (#32240)
  * Avoid AttributeError: internal_network on os_floating_ip (#32887)
  * use to_str instead of json.dumps when serializing k8s object for logging
  * Prefer the stdlib SSLContext over urllib3 context
  * git: fix archive when update is set to no (#31829)
  * Add elb_target_group port fix to the changelog
  * Changelog entry for aws_s3 issue #32144
  * Add error handling for user login (#32613)
  * Move asa provider to suboptions (#32356)
  * fix dci failure nxos (#32877) (#32878)
  * Add inventory jsonification to the changelog
  * eos_eapi: adding the desired state config to the new vrf fixes #32111 (#32112) (#32452)
  * Handle ip name-server lines containing multiple nameservers (#32235) (#32373)
  * Remove provider from prepare_ios_tests integration test (#31038)
  * Add last minute bugfixes and doc updates for rc1
  * Fix snmp bugs on Nexus 3500 platform (#32773) (#32847)
  * validate that existing dest is valid directory
  * Update the release data for 2.4.1 in the changelog
  * add check mode for acs delete (#32063)
  * More fixes added to changelog
  * Add wait_for fix to the changelog
  * removed psobject to hashtables that were missed (#32710)
  * wait_for: treat broken connections as "unready" (#28839)
  * Return all elements in a more robust way
  * fix ios_interface test (#32372)
  * Add missing packages to default docker image.
  * fix nxos_igmp_snooping (#31688)
  * - Fix to return error message back to the module. (#31035)
  * Ensure that readonly result members are serialized (#33170)
  * Keywords docs (#32807)
  * remove hosts from removed when rescuing
  * Add panos_security_rule docs typo fix to changelog
  * Update vyos completion in network.txt.
  * move to use ansible logging
  * ovirt_clusters: Fix fencing and kuma comparision
  * Documentation typo fixes (#32473)
  * [fix] issue #30516 : take care about autoremove in upgrade function
  * Enable ECHO in prompt module (#32083)
  * calculate max fail against all hosts in batch
  * Fix urlparse import for Python3 (#31240)
  * Bunch of changelog updates for cherry-picks
  * restore hostpattern regex/glob behaviour
  * Better handling of malformed vault data envelope (#32515)
  * Updated changelog regarding win_service quoted path fix
  * nxos_interface error handling (#32846)
  * An availability zone will be selected if none is provided. Set az to an empty string if it's None to avoid traceback. (#32216)
  * Use to_native when validating proxy result (#32596)
  * vmware_guest: refactor spec serialization (#32681)
  * Add new default Docker container for ansible-test. (#31944)
  * warn on bad keys in group
  * NXOS: Integration tests to Ansible (part 3) (#29030)
  * Add spec file fix to changelog
  * eos_user testfix (#32264)
  * return iam.role dict when creating roles (#28964)
  * Add networking bug fixes to changelog (#32201)
  * [cloud] sns_topic: Fix unreferenced variable
  * Fix service_mgr fact collection (#32086)
  * Fix include_role unit tests (#31920)
  * Updated changelog for win_iis_* modules things
  * handle ignore_errors in loop
  * adjust nohome param when using luser
  * better cleanup on task results display (#27175)
  * Improve python 2/3 ABC fallback for pylint. (#31848)
  * fix html formatting
  * Add ansible_shell_executable fix to changelog
  * Move resource pool login to a separate function and fix undefined var reference (#32674)
  * Update ansible-test sanity command. (#31958)
  * ios_ping test fix (#32342)
  * fix CI failure yaml syntax (#32374)
  * Scan group_vars/host_vars in sorted order
  *     luseradd defaults to creating w/o need for -m (#32411)
  * Integration Tests only:  nxos_udld, nxos_udld_interface, nxos_vxlan_vtep_vni (#29143) (#32962)
  * Fix: modifying existing application lb using certificates now properly sets certificates (#28217)
  * ios_logging: Fix some smaller issues, add unit test (#32321)
  * Fix nxos_snmp_host bug (#32916) (#32958)
  * ovirt_hosts: Don't fail upgrade when NON_RESPONSIVE state
  * ini plugin should recursively instantiate pending
  * eos_user: sends user secret first on user creation fixes #31680 (#32162)
  * Cast target port to an int in elb_target_group. Fixes #32098 (#32202)
  * New release v2.4.2.0-0.5.rc1
  * remove misleading group vars as they are flat (#32276)
  * Fix typo
  * Avoid default inventory proccessing for pull (#32135)
  * Fix ansible-test default image. (#31966)
  * removed superfluous `type` field from RecordSet constructor (#33167)
  * Update
  * Add ios_logging fixes to changelog 2.4.2beta2 (#32447)
  * Revert "Removed a force conditional (#28851)" (#32282)
  * Add new documentation on writing unittests to the changelog
  * Fix ansible-test race calling get_coverage_path.
  * New release v2.4.2.0-1

Fri Oct 27 19:16:56 UTC 2017 -

- Update to
  * CVE-2017-7550: Prevent jenkins_plugin module from exposing
    passwords in remote host logs (bsc#1065872)
  * Various bug fixes and improvements

Tue Oct  3 08:24:58 UTC 2017 -

- Remove radical wording from descriptions.
  Use improved find syntax.

Sat Sep 23 09:05:01 UTC 2017 -

- update to (final)
  Major Changes
  + Support for Python-2.4 and Python-2.5 on the managed system's side 
    was dropped. If you need to manage a system that ships with Python-2.4 
    or Python-2.5, you'll need to install Python-2.6 or better on the 
    managed system or run Ansible-2.3 until you can upgrade the system.
  + New import/include keywords to replace the old bare include directives. 
    The use of static: {yes|no} on such includes is now deprecated.
  ++ Using import_* (import_playbook, import_tasks, import_role) directives are static.
  ++ Using include_* (include_tasks, include_role) directives are dynamic. 
     This is done to avoid collisions and possible security issues as 
     facts come from the remote targets and they might be compromised.
  + New order play level keyword that allows the user to change the 
    order in which Ansible processes hosts when dispatching tasks.
  + Users can now set group merge priority for groups of the same depth 
    (parent child relationship), using the new ansible_group_priority variable, 
    when values are the same or don't exist it will fallback to the previous 
    sorting by name'.
  + Inventory has been revamped:
  ++ Inventory classes have been split to allow for better 
     management and deduplication
  ++ Logic that each inventory source duplicated is now common and pushed
     up to reconciliation
  ++ VariableManager has been updated for better interaction with inventory
  ++ Updated CLI with helper method to initialize base objects for plays
  ++ New inventory plugins for creating inventory
  ++ Old inventory formats are still supported via plugins
  ++ Inline host_list is also an inventory plugin, an example alternative 
     advanced_host_list is also provided (it supports ranges)
  ++ New configuration option to list enabled plugins and precedence 
     order: whitelist_inventory in ansible.cfg
  ++ vars_plugins have been reworked, they are now run from Vars manager 
     and API has changed (need docs)
  ++ Loading group_vars/host_vars is now a vars plugin and can be overridden
  ++ It is now possible to specify mulitple inventory sources in the 
     command line (-i /etc/hosts1 -i /opt/hosts2)
  ++ Inventory plugins can use the cache plugin (i.e. virtualbox) and 
     is affected by meta: refresh_inventory
  ++ Group variable precedence is now configurable via new 'precedence' 
     option in ansible.cfg (needs docs)
  ++ Improved warnings and error messages across the board
  + Configuration has been changed from a hardcoded listing in the 
    constants module to dynamically loaded from yaml definitions
  ++ Also added an ansible-config CLI to allow for listing config options
     and dumping current config (including origin)
  ++ TODO: build upon this to add many features detailed in ansible-config
  + Windows modules now support the use of multiple shared module_utils 
    files in the form of Powershell modules (.psm1), via 
      #Requires -Module Ansible.ModuleUtils.Whatever.psm1
  + Python module argument_spec now supports custom validation logic 
    by accepting a callable as the type argument.
  + Windows become_method: runas now works across all authtypes and 
    will auto-elevate under UAC if WinRM user has "Act as part of the 
    operating system" privilege
  - please refer to /usr/share/doc/packages/ansible/ for 
    further changes
- added ansible-inventory and ansible-config binaries and manpages
- package contrib and examples directories in docdir
- package all *md files as documentation for now
- recommend the following new packages for (open)SUSE:
  + python-httplib2
  + python-keyczar
  + python-six
- enable/fix build for RHEL and Fedora by redefining __python2 and 
  adding/enhancing the needed (build)requires if needed

Fri Sep  8 08:20:55 UTC 2017 -

- update to (bsc#1056094)
  * Fixes for CVE-2017-7466 and CVE-2017-7481
  * Various minor bug fixes

Tue Aug  8 17:06:10 UTC 2017 -

- update to (final)
- replaced hard-coded version by var

Wed Jun 07 20:51:30 UTC 2017 -

- update to (final)
- clean up of spec file with spec-cleaner

Wed May 10 22:35:24 UTC 2017 -

- update to 2.3.1 RC1 (package version (bsc#1056094):
  * SECURITY (MODERATE): fix for CVE-2017-7481, in which data for 
    lookup plugins used as variables was not being correctly marked
    as "unsafe".
  * SECURITY (MODERATE): fix for CVE-2017-7466, which finally fixes
    an arbitrary command execution vulnerability

Tue Mar 28 08:30:35 UTC 2017 -

- update to
  for full list of changes see

Mon Mar 27 21:26:31 UTC 2017 -

- update to
  This release fixes a few bugs introduced in the previous version,
  as well as another small tweak to catch an additional way in
  which CVE-2016-9587 could be triggered.

Mon Jan 16 18:11:04 UTC 2017 -

- update to (final)

Wed Jan 11 22:46:47 UTC 2017 -

- security update to rc4 of version
  CVE-2016-9587, CVE-2016-8628 and CVE-2016-8614
  for full list of changes see

Mon Oct 17 18:11:08 UTC 2016 -

- update to
  (see /usr/share/doc/packages/ansible/ for details)

Thu Sep 15 16:20:44 UTC 2016 -

- update to
  (see /usr/share/doc/packages/ansible/ for details)
Tue Jun 28 06:25:44 UTC 2016 -

- update to
  (see /usr/share/doc/packages/ansible/ for details)
- changed download link to

Sun May 29 18:51:07 UTC 2016 -

- update to
  (see /usr/share/doc/packages/ansible/ for details)
- on SuSE platforms recommend package python-dnspython for
  DNS lookups in playbooks

Sat May  7 18:12:52 UTC 2016 -

- update to
  * Backport of the 2.1 feature to ensure per-item callbacks are sent as they occur,
    rather than all at once at the end of the task.
  * Fixed bugs related to the iteration of tasks when certain combinations of roles,
    blocks, and includes were used, especially when handling errors in rescue/always
    portions of blocks.
  * Fixed handling of redirects in our helper code, and ported the uri module to use
    this helper code. This removes the httplib dependency for this module while fixing
    some bugs related to redirects and SSL certs.
  * Fixed some bugs related to the incorrect creation of extra temp directories for
    uploading files, which were not cleaned up properly.
  * Improved error reporting in certain situations, to provide more information such as
    the playbook file/line.
  * Fixed a bug related to the variable precedence of role parameters, especially when
    a role may be used both as a dependency of a role and directly by itself within the
    same play.
  * Fixed some bugs in the 2.0 implementation of do/until.
  * Fixed some bugs related to run_once:
    - Ensure that all hosts are marked as failed if a task marked as run_once fails.
    - Show a warning when using the free strategy when a run_once task is encountered, as
      there is no way for the free strategy to guarantee the task is not run more than once.
  * Fixed a bug where the assemble module was not honoring check mode in some situations.
  * Fixed a bug related to delegate_to, where we were incorrectly using variables from
    the inventory host rather than the delegated-to host.
  * The 'package' meta-module now properly squashes items down to a single execution (as the
    apt/yum/other package modules do).
  * Fixed a bug related to the ansible-galaxy CLI command dealing with paged results from
    the Galaxy server.
  * Pipelining support is now available for the local and jail connection plugins, which is
    useful for users who do not wish to have temp files/directories created when running
    tasks with these connection types.
  * Improvements in support for additional shell types.
  * Improvements in the code which is used to calculate checksums for remote files.
  * Some speed ups and bug fixes related to the variable merging code.
  * Workaround bug in python subprocess on El Capitan that was making vault fail
    when attempting to encrypt a file
  * Fix lxc_container module having predictable temp file names and setting file
    permissions on the temporary file too leniently on a temporary file that was
    executed as a script.  Addresses CVE-2016-3096
  * Fix a bug in the uri module where setting headers via module params that
    start with HEADER_ were causing a traceback.
  * Fix bug in the free strategy that was causing it to synchronize its workers
    after every task (making it a lot more like linear than it should have been).

Wed Mar  9 14:37:43 UTC 2016 -

- update to
  * Fixes a major compatibility break in the synchronize module shipped 
    with 2.0.0.x. That version of synchronize ran sudo on the controller
    prior to running rsync. In 1.9.x and previous, sudo was run on the
    host that rsync connected to. 2.0.1 restores the 1.9.x behaviour.
  * Additionally, several other problems with where synchronize chose
    to run when combined with delegate_to were fixed. In particular, if
    a playbook targetted localhost and then delegated_to a remote host
    the prior behavior (in 1.9.x and 2.0.0.x) was to copy files between
    the src and destination directories on the delegated host. This has
    now been fixed to copy between localhost and the delegated host.
  * Fix a regression where synchronize was unable to deal with unicode paths.
  * Fix a regression where synchronize deals with inventory hosts that
    use localhost but with an alternate port.
  * Fixes a regression where the retry files feature was not implemented.
  * Fixes a regression where the any_errors_fatal option was implemented
    in 2.0 incorrectly, and also adds a feature where any_errors_fatal
    can be set at the block level.
  * Fix tracebacks when playbooks or ansible itself were located in
    directories with unicode characters.
  * Fix bug when sending unicode characters to an external pager
    for display.
  * Fix a bug with squashing loops for special modules (mostly package
    managers). The optimization was squashing when the loop did not
    apply to the selection of packages. This has now been fixed.
  * Temp files created when using vault are now "shredded" using the
    unix shred program which overwrites the file with random data.
  * Some fixes to cloudstack modules for case sensitivity
  * Fix non-newstyle modules (non-python modules and old-style modules)
    to disabled pipelining.
  * Fix fetch module failing even if fail_on_missing is set to False
  * Fix for cornercase when local connections, sudo, and raw were
    used together.
  * Fix dnf module to remove dependent packages when state=absent is
    specified. This was a feature of the 1.9.x version that was left
    out by mistake when the module was rewritten for 2.0.
  * Fix bugs with non-english locales in yum, git, and apt modules
  * Fix a bug with the dnf module where state=latest could only
    upgrade, not install.

Mon Feb 15 13:23:26 UTC 2016 -

- fix_zypper_errorhandling.patch is being deleted

Thu Feb 11 10:44:40 UTC 2016 -

- update to
  Version 2.0 is a new major version with a lot of changes, among which:
  + New modules for cloud-based services and many more
  + The new block/rescue/always directives allow for making task blocks and exception-like semantics
  + Many API changes
- more info at:

Sun Oct 11 16:11:02 UTC 2015 -

- build again on SLE-11-SP4 by ignoring some dependencies that are
  not available in the official OBS repository: python-paramiko, 
  python-Jinja2, python-PyYAML, python-pycrypto

Sat Oct 10 12:10:59 UTC 2015 -

- update to 1.9.4
  This release addresses several bugs, most notably those related to
  the yum module (introduced in 1.9.3):
  + Fixes a bug where yum state=latest would error if there were no
    updates to install.
  + Fixes a bug where yum state=latest did not work with wildcard
    package names.
  + Fixes a bug in lineinfile relating to escape sequences.
  + Fixes a bug where vars_prompt was not keeping passwords private
    by default.
  + Fix ansible-galaxy and the hipchat callback plugin to check that
    the host it is contacting matches its TLS Certificate.

Sat Sep 26 14:01:30 UTC 2015 -

- Added fix_zypper_errorhandling.patch as it`s have not been accepted
  upstream, in lack of an reviewer. See patch for more comments

Fri Sep 11 16:10:12 UTC 2015 -

- update to 1.9.3:
  - Fixes a bug related to keyczar messing up encodings internally, resulting in decrypted
    messages coming out as empty strings.
  - AES Keys generated for use in accelerated mode are now 256-bit by default instead of 128.
  - Fix url fetching for SNI with python-2.7.9 or greater.  SNI does not work
    with python < 2.7.9.  The best workaround is probably to use the command
    module with curl or wget.
  - Fix url fetching to allow tls-1.1 and tls-1.2 if the system's openssl library
    supports those protocols
  - Fix ec2_ami_search module to check TLS Certificates
  - Fix the following extras modules to check TLS Certificates:
    - campfire
    - layman
    - librarto_annotate
    - twilio
    - typetalk
  - Fix docker module's parsing of docker-py version for dev checkouts
  - Fix docker module to work with docker server api 1.19
  - Change yum module's state=latest feature to update all packages specified in
    a single transaction.  This is the same type of fix as was made for yum's
    state=installed in 1.9.2 and both solves the same problems and with the same caveats.
  - Fixed a bug where stdout from a module might be blank when there were were non-printable
    ASCII characters contained within it

Wed Jul 15 09:17:54 UTC 2015 -

- update to 1.9.2:
  - Security fixes to check that hostnames match certificates with 
    https urls (CVE-2015-3908; bnc #938161):
    + get_url and uri modules
    + url and etcd lookup plugins
  - Security fixes to the zone (Solaris containers), jail (bsd
    containers), and chroot connection plugins.  These plugins can be
    used to connect to their respective container types in leiu of the
    standard ssh connection.  Prior to this fix being applied these
    connection plugins didn't properly handle symlinks within the containers
    which could lead to files intended to be written to or read from the
    container being written to or read from the host system instead. (CVE
  - Fixed a bug in the service module where init scripts were being
    incorrectly used instead of upstart/systemd.
  - Fixed a bug where sudo/su settings were not inherited from
    ansible.cfg correctly.
  - Fixed a bug in the rds module where a traceback may occur due to an
    unbound variable.
  - Fixed a bug where certain remote file systems where the SELinux
    context was not being properly set.
  - Re-enabled several windows modules which had been partially merged
    (via action plugins):
	+ win_copy.ps1
	+ win_file.ps1
  - Fix bug using with_sequence and a count that is zero.  Also allows
    counting backwards isntead of forwards
  - Fix get_url module bug preventing use of custom ports with https
  - Fix bug disabling repositories in the yum module.
  - Fix giving yum module a url to install a package from on
  - Fix bug in dnf module preventing it from working when yum-utils was
    not already installed

Tue Apr 28 19:03:01 UTC 2015 -

- updated to version 1.9.1
  * Fixed a bug related to Kerberos auth when using winrm with a domain account.
  * Fixing several bugs in the s3 module.
  * Fixed a bug with upstart service detection in the service module.
  * Fixed several bugs with the user module when used on OSX.
  * Fixed unicode handling in some module situations (assert and shell/command execution).
  * Fixed a bug in redhat_subscription when using the activationkey parameter.
  * Fixed a traceback in the gce module on EL6 distros when multiple pycrypto installations are available.
  * Added support for PostgreSQL 9.4 in rds_param_group
  * Several other minor fixes. 

Mon Mar 30 22:45:57 UTC 2015 -

- updated to version
  * Added kerberos support to winrm connection plugin.
  * Tags rehaul: added 'all', 'always', 'untagged' and 'tagged' special
    tags and normalized tag resolution.  Added tag information to
    --list-tasks and new --list-tags option.
  * Privilege Escalation generalization, new 'Become' system and variables
    now will handle existing and new methods.  Sudo and su have been kept
    for backwards compatibility.  New methods pbrun and pfexec in 'alpha'
    state, planned adding 'runas' for winrm connection plugin.
  * Improved ssh connection error reporting, now you get back the specific
    message from ssh.
  * Added facility to document task module return values for registered
    vars, both for ansible-doc and the docsite.  Documented copy, stats and
    acl modules, the rest must be updated individually (we will start doing
    so incrementally).
  * Optimize the plugin loader to cache available plugins much more
    efficiently.  For some use cases this can lead to dramatic improvements
    in startup time.
  * Overhaul of the checksum system, now supports more systems and more
    cases more reliably and uniformly.
  * Fix skipped tasks to not display their parameters if no_log is specified.
  * Many fixes to unicode support, standarized functions to make it easier
    to add to input/output boundries.
  * Added travis integration to github for basic tests, this should speed
    up ticket triage and merging.
  * environment: directive now can also be applied to play and is
    inhertited by tasks, which can still override it.
  * expanded facts and OS/distribution support for existing facts and
    improved performance with pypy.
  * new 'wantlist' option to lookups allows for selecting a list typed
    variable vs a command delimited string as the return.
  * the shared module code for file backups now uses a timestamp resolution
    of seconds (previouslly minutes).
  * allow for empty inventories, this is now a warning and not an error
   (for those using localhost and cloud modules).
  * sped up YAML parsing in ansible by up to 25% by switching to CParser loader.
- more info at:

Mon Feb 23 11:46:55 UTC 2015 -

- updated to version 1.8.4 from 1.8.2
 * Fixed regressions in ec2 and mount modules, introduced in 1.8.3
 * Fixing a security bug related to the default permissions set on a
   tempoary file created when using "ansible-vault view ".
 * Many bug fixes, for both core code and core modules.

Fri Dec  5 15:11:43 UTC 2014 -

- updated to version 1.8.2 from 1.8.1
  * Windows modules should now be packaged correctly.
  * A bug regarding wildcard grant strings in the mysql_user module has been fixed.
  * Several other bugs regarding the postgresql modules have also been fixed. 

Mon Dec  1 18:28:18 UTC 2014 -

- enable build for older RHEL and SLE distributions

Thu Nov 27 11:17:53 UTC 2014 -

- updated package to latest release ## 1.8.1 "You Really Got Me"
  * Various bug fixes in postgresql and mysql modules.
  * Fixed a bug related to lookup plugins used within roles not
    finding files based on the relative paths to the roles files/ directory.
  * Fixed a bug related to vars specified in plays being templated too early,
    resulting in incorrect variable interpolation.
  * Fixed a bug related to git submodules in bare repos.
  * fact caching support, pluggable, initially supports Redis (DOCS pending)
  * 'serial' size in a rolling update can be specified as a percentage
  * added new Jinja2 filters, 'min' and 'max' that take lists
  * new 'ansible_version' variable available contains a dictionary of version info
  * For ec2 dynamic inventory, ec2.ini can has various new configuration options
  * 'ansible vault view filename.yml' opens filename.yml decrypted in a pager.
  * no_log parameter now surpressess data from callbacks/output as well as syslog
  * ansible-galaxy install -f requirements.yml allows advanced options and installs
    from non-galaxy SCM sources and tarballs.
  * command_warnings feature will warn about when usage of the shell/command module
    can be simplified to use core modules - this can be enabled in ansible.cfg
  * new omit value can be used to leave off a parameter when not set, like so
    module_name: a=1 b={{ c | default(omit) }}, would not pass value for b (not even
    an empty value) if c was not set.
  * developers: 'baby JSON' in module responses, originally intended for writing modules
    in bash, is removed as a feature to simplify logic, script module remains available
    for running bash scripts.
  * async jobs started in "fire & forget" mode can now be checked on at a later time.
  * added ability to subcategorize modules for
  * added ability for shipped modules to have aliases with symlinks
  * added ability to deprecate older modules by starting with "_" and
    including "deprecated: message why" in module docs

 + New Modules:
  * cloud: rax_cdb - manages Rackspace Cloud Database instances
  * cloud: rax_cdb_database - manages Rackspace Cloud Databases
  * cloud: rax_cdb_user - manages Rackspace Cloud Database users
  * monitoring: zabbix_maintaince - handles outage windows with Zabbix
  * monitoring: bigpanda - support for bigpanda
  * net_infrastructure: a10_server - manages server objects on A10 devices
  * net_infrastructure: a10_service_group - manages service group objects on A10 devices
  * net_infrastructure: a10_virtual_server - manages virtual server objects on A10 devices
  * system: getent - read getent databases

 + Some other notable changes:
  * added the ability to set "instance filters" in the ec2.ini to limit results
    from the inventory plugin.
  * upgrades for various variable precedence items and parsing related items
  * added a new "follow" parameter to the file and copy modules, which allows
    actions to be taken on the target of a symlink rather than the symlink itself.
  * if a module should ever traceback, it will return a standard error, catchable
    by ignore_errors, versus an 'unreachable'
  * ec2_lc: added support for multiple new parameters like kernel_id, ramdisk_id and ebs_optimized.
  * ec2_elb_lb: added support for the connection_draining_timeout and cross_az_load_balancing options.
  * support for symbolic representations (ie. u+rw) for file permission modes (file/copy/template modules etc.).
  * docker: Added support for specifying the net type of the container.
  * docker: support for specifying read-only volumes.
  * docker: support for specifying the API version to use for the remote connection.
  * openstack modules: various improvements
  * irc: ssl support for the notification module
  * npm: fix flags passed to package installation
  * windows: improved error handling
  * setup: additional facts on System Z
  * apt_repository: certificate validation can be disabled if requested
  * pagerduty module: misc improvements
  * ec2_lc: public_ip boolean configurable in launch configurations
  * ec2_asg: fixes related to proper termination of an autoscaling group
  * win_setup: total memory fact correction
  * ec2_vol: ability to list existing volumes
  * ec2: can set optimized flag
  * various parser improvements
  * produce a friendly error message if the SSH key is too permissive
  * ec2_ami_search: support for SSD and IOPS provisioned EBS images
  * can set ansible_sudo_exe as an inventory variable which allows specifying
    a different sudo (or equivalent) command
  * git module: Submodule handling has changed.  Previously if you used the
    "recursive" parameter to handle submodules, ansible would track the
    submodule upstream's head revision.  This has been changed to checkout the
    version of the submodule specified in the superproject's git repository.
    This is inline with what git submodule update does.  If you want the old
    behaviour use the new module parameter track_submodules=yes
  * Checksumming of transferred files has been made more portable and now uses
    the sha1 algorithm instead of md5 to be compatible with FIPS-140.
  + As a small side effect, the fetch module no longer returns a useful value
      in remote_md5.  If you need a replacement, switch to using remote_checksum
    which returns the sha1sum of the remote file.
 * ansible-doc CLI tool contains various improvements for working with different terminals

Mon Oct 27 09:16:52 UTC 2014 -
- update to 1.7.2:
  - Fixes a bug in accelerate mode which caused a traceback when trying to use that connection method.
  - Fixes a bug in vault where the password file option was not being used correctly internally.
  - Improved multi-line parsing when using YAML literal blocks (using > or |).
  - Fixed a bug with the file module and the creation of relative symlinks.
  - Fixed a bug where checkmode was not being honored during the templating of files.
  - Other various bug fixes.
- Switch to xz for source package

Wed Sep 10 12:55:35 UTC 2014 -

- add python-pywinrm to requirements to enable windows hosts automation

Sun Aug 17 15:21:38 UTC 2014 -

- update to 1.7.1:
  Major new features:
  + Windows support (alpha) using native PowerShell remoting
  + Tasks can now specify run_once: true, meaning they will be executed
    exactly once. This can be combined with delegate_to to trigger actions
    you want done just the one time versus for every host in inventory.

  New Modules:
  + cloud: azure
  + cloud: rax_meta
  + cloud: rax_scaling_group
  + cloud: rax_scaling_policy
  + windows: version of setup module
  + windows: version of slurp module
  + windows: win_feature
  + windows: win_get_url
  + windows: win_msi
  + windows: win_ping
  + windows: win_user
  + windows: win_service
  + windows: win_group

  New inventory scripts:
  + SoftLayer
  + Windows Azure

  Docker module bug fixes:
  + Fixed support for specifying rw/ro bind modes for volumes
  + Fixed support for allowing the tag in the image parameter

  Other notable changes:
  + Performance enhancements related to previous security fixes, which
    could cause slowness when modules returned very large JSON results.
    This specifically impacted the unarchive module frequently, which
    returns the details of all unarchived files in the result.
  + Inventory speed improvements for very large inventories.
  + Vault password files can now be executable, to support scripts
    that fetch the vault password.
  + Fixes an issue with the copy module when copying a directory that

Fri Aug 15 15:25:04 UTC 2014 -

- updated to upstream version 1.7.1
  * Security fix to disallow specifying 'args:' as a string,
    which could allow the insertion of extra module parameters through variables.
  * Performance enhancements related to previous security fixes,
    which could cause slowness when modules returned very large JSON results.
    This specifically impacted the unarchive module frequently, which returns
    the details of all unarchived files in the result.
  * Docker module bug fixes:
    + Fixed support for specifying rw/ro bind modes for volumes
    + Fixed support for allowing the tag in the image parameter
  * Major new features:
    + Windows support (alpha) using native PowerShell remoting
    + Tasks can now specify `run_once: true`, meaning they will
      be executed exactly once. This can be combined with delegate_to
      to trigger actions you want done just the one time versus for 
      every host in inventory.
  * Inventory speed improvements for very large inventories.
  * Vault password files can now be executable, to support
    scripts that fetch the vault password.

  * Fixes an issue with the copy module when copying a directory that
    fails when changing file attributes and the target file already exists
  + Improved unicode handling when splitting args

  + Further improvements to module parameter parsing to address
    additional regressions caused by security fixes
  + Corrects a regression in the way shell and command parameters
    were being parsed
  + Various other bug fixes

  Security fixes:
  + Security fix to disallow specifying 'args:' as a string, which could
    allow the insertion of extra module parameters through variables.
  + Strip lookup calls out of inventory variables and clean unsafe
    data returned from lookup plugins (CVE-2014-4966)
  + Make sure vars don't insert extra parameters into module args and
    prevent duplicate params from superseding previous params (CVE-2014-4967)
- adapt specfile requirements for RedHat and Fedora

- fixed zypper and zypper_repository modules to support SLE 10

Thu Jul 10 12:53:16 UTC 2014 -

- update to 1.6.6:
  * Security updates to further protect against the incorrect 
    execution of untrusted data
  * Additional tweaks to prevent the incorrect execution of 
    untrusted data
  * Security update to prevent local operations from executing as
    the result of specifically crafted untrusted data

Thu Jun 19 07:28:24 UTC 2014 -

- update to 1.6.3:
  * The deprecated legacy variable templating system has been 
    finally removed. Use {{ foo }} always not $foo or ${foo}.
  * Any data file can also be JSON. Use sparingly -- with great power
    comes great responsibility. Starting file with "{" or "[" denotes JSON.
  * Added 'gathering' param for ansible.cfg to change the default
    gather_facts policy.
  * Accelerate improvements:
    + multiple users can connect with different keys, when 
      accelerate_multi_key = yes is specified in the ansible.cfg.
    + daemon lifetime is now based on the time from the last activity,
      not the time from the daemon's launch.
  * ansible-playbook now accepts --force-handlers to run handlers
    even if tasks result in failures.
  * Added VMWare support with the vsphere_guest module.
  * many new modules and ther notable changes, please read 
    /usr/share/doc/packages/ansible/ for details    
- use new upstream URL(s)
- require python-httplib2 and python-setuptools
- ignore "wrong" permissions of
- ignore rpmlint warning about requiring python-httplib2 explicitely

Thu Mar 20 23:24:56 UTC 2014 -

- update to 1.5.3:
  * Fixes to the git module related to host key checking
  * Force command action to not be executed by the shell unless 
    specifically enabled.
  * Validate SSL certs accessed through urllib*. 
  * Implement new default cipher class AES256 in ansible-vault.
  * Misc bug fixes.

Sat Mar  8 11:08:25 UTC 2014 -

- update to 1.5:
  Major features/changes:
  * when_foo which was previously deprecated is now removed, use 
    "when:" instead.  Code generates appropriate error suggestion.
  * include + with_items which was previously deprecated is now 
    removed, ditto.  Use with_nested / with_together, etc.
  * only_if, which is much older than when_foo and was deprecated, 
    is similarly removed.
  * ssh connection plugin is now more efficient if you add 
    'pipelining=True' in ansible.cfg under [ssh_connection], 
    see example.cfg
  * localhost/ is not required to be in inventory if 
    referenced, if not in inventory, it does not implicitly appear 
    in the 'all' group.
  * git module has new parameters (accept_hostkey, key_file, ssh_opts) 
    to ease the usage of git and ssh protocols. 
  * when using accelerate mode, the daemon will now be restarted 
    when specifying a different remote_user between plays.
  * added no_log: option for tasks. When used, no logging information 
    will be sent to syslog during the module execution.
  * acl module now handles 'default' and allows for either shorthand 
    entry or specific fields per entry section
  * play_hosts is a new magic variable to provide a list of hosts 
    in scope for the current play.
  * ec2 module now accepts 'exact_count' and 'count_tag' as a way to 
    enforce a running number of nodes by tags.
  * all ec2 modules that work with Eucalyptus also now support a 
    'validate_certs' option, which can be set to 'off' for installations 
    using self-signed certs.
  * Start of new integration test infrastructure (WIP)
  * if repoquery is unavailble, the yum module will automatically 
    attempt to install yum-utils
  * ansible-vault: a framework for encrypting your playbooks 
    and variable files 

  Other notable changes (many new module params & bugfixes may not not listed):
  * no_reboot is now defaulted to "no" in the ec2_ami module to ensure 
    filesystem consistency in the resulting AMI.
  * sysctl module overhauled
  * authorized_key module overhauled
  * synchronized module now handles local transport better
  * apt_key module now ignores case on keys
  * zypper_repository now skips on check mode
  * file module now responds to force behavior when dealing with hardlinks
  * new lookup plugin 'csvfile'
  * fixes to allow hash_merge behavior to work with dynamic inventory
  * mysql module will use port argument on dump/import
  * subversion module now ignores locale to better intercept status messages
  * rax api_key argument is no longer logged
  * backwards/forwards compatibility for OpenStack modules, 'quantum' 
    modules grok neutron renaming
  * hosts properly uniqueified if appearing in redundant groups
  * hostname module support added for ScientificLinux
  * ansible-pull can now show live stdout and pass verbosity levels 
    to ansible-playbook
  * ec2 instances can now be stopped or started
  * additional volumes can be created when creating new ec2 instances
  * user module can move a home directory
  * significant enhancement and cleanup of rackspace modules
  * ansible_ssh_private_key_file can be templated
  * docker module updated to support docker-py 0.3.0
  * various other bug fixes
  * md5 logic improved during sudo operation
  * support for ed25519 keys in authorized_key module
  * ability to set directory permissions during a recursive copy 
    (directory_mode parameter)
  * update docker module, support for using docker python 
    library 0.3.0

Thu Feb 27 17:39:07 UTC 2014 -

- update to 1.4.5:
  + fixed issue with permissions being incorrect on 
    fireball/accelerate keys when the umask setting was too loose.

Sun Jan 19 03:12:17 UTC 2014 -

- update to 1.4.4:
  + Fixed issue with newer versions of pip not having --use-mirrors
  + Fixed role_path parsing from ansible.cfg
  + Fixed default role templates
  + Fixed a few bugs related to unicode
  + Fixed errors in the ssh connection method with large data returns
  + Miscellaneous fixes for a few modules
  + Add the ansible-galaxy command

Mon Dec 16 21:28:31 UTC 2013 -

- update to 1.4.1:
  * Misc fix updates

Thu Nov 28 13:54:02 UTC 2013 -

- Update to release 1.4

- Highlighted new features:

 + Added do-until feature, which can be used to retry a failed task a
   specified number of times with a delay in-between the retries.
 + Added failed_when option for tasks, which can be used to specify
   logical statements that make it easier to determine when a task has
   failed, or to make it easier to ignore certain non-zero return
   codes for some commands.
 + Added the "subelement" lookup plugin, which allows iteration of the
   keys of a dictionary or items in a list.
 + Added the capability to use either paramiko or ssh for the inital
   setup connection of an accelerated playbook.
 + Automatically provide advice on common parser errors users
 + Deprecation warnings are now shown for legacy features:
   when_integer/etc, only_if, include+with_items, etc. Can be disabled
   in ansible.cfg
 + The system will now provide helpful tips around possible YAML
   syntax errors increasing ease of use for new users.
 + warnings are now shown for using {{ foo }} in loops and
   conditionals, and suggest leaving the variable expressions bare as
   per docs.
 + The roles search path is now configurable in
   ansible.cfg. 'roles_path' in the config setting.
 + Includes with parameters can now be done like roles for
   consistency: - { include: song.yml, year:1984, song:'jump' }
 + The name of each role is now shown before each task if roles are
   being used
 + Adds a "var=" option to the debug module for debugging variable
   data. "debug: var=hostvars['hostname']" and "debug: var=foo" are
   all valid syntax.
 + Variables in {{ format }} can be used as references even if they
   are structured data
 + Can force binding of accelerate to ipv6 ports.
 + the apt module will auto-install python-apt if not present rather
   than requiring a manual installation
 + the copy module is now recursive if the local 'src' parameter is a
 + syntax checks now scan included task and variable files as well as
   main files

- New modules and plugins:

 + cloud: ec2_eip -- manage AWS elastic IPs
 + cloud: ec2_vpc -- manage ec2 virtual private clouds
 + cloud: elasticcache -- Manages clusters in Amazon Elasticache
 + cloud: rax_network -- sets up Rackspace networks
 + cloud: rax_facts: retrieve facts about a Rackspace Cloud Server
 + cloud: rax_clb_nodes -- manage Rackspace cloud load balanced nodes
 + cloud: rax_clb -- manages Rackspace cloud load balancers
 + cloud: docker - instantiates/removes/manages docker containers
 + cloud: ovirt -- VM lifecycle controls for ovirt
 + files: acl -- set or get acls on a file
 + files: unarchive: pushes and extracts tarballs
 + files: synchronize: a useful wraper around rsyncing trees of files
 + system: firewalld -- manage the firewalld configuration
 + system: modprobe -- manage kernel modules on systems that support
 + system: open_iscsi -- manage targets on an initiator using
 + system: blacklist: add or remove modules from the kernel blacklist
 + system: hostname - sets the systems hostname
 + utilities: include_vars -- dynamically load variables based on
 + packaging: zypper_repository - adds or removes Zypper repositories
 + packaging: urpmi - work with urpmi packages
 + packaging: swdepot - a module for working with swdepot
 + notification: grove - notifies to Grove hosted IRC channels
 + web_infrastructure: ejabberd_user: add and remove users to ejabberd
 + web_infrastructure: jboss: deploys or undeploys apps to jboss
 + source_control: github_hooks: manages GitHub service hooks
 + net_infrastructure: bigip_monitor_http: manages F5 BIG-IP LTM http
 + net_infrastructure: bigip_monitor_tcp: manages F5 BIG-IP LTM TCP
 + net_infrastructure: bigip_pool_member: manages F5 BIG-IP LTM pool
 + net_infrastructure: bigip_node: manages F5 BIG-IP LTM nodes
 + net_infrastructure: openvswitch_port
 + net_infrastructure: openvswitch_bridge

Fri Nov  1 15:09:48 UTC 2013 -

- Updated .spec file:

  + Remove deprecated fireball and node-fireball packages
  + Add dependency on python-keyczar
  + Add recommends for sshpass
  + Fix support for RHEL
  + Correct upstream URL
  + Use upstream release package for 1.3.4
  + Re-add
  + Re-added man3 man pages
  + Updated short description to match upstream description

Thu Oct 31 17:26:44 UTC 2013 -

- update to 1.3.4:
  Highlighted new features:
  + accelerated mode: An enhanced fireball mode that requires zero 
    bootstrapping and fewer requirements plus adds capabilities 
    like sudo commands.
  + role defaults: Allows roles to define a set of variables at the 
    lowest priority. These variables can be overridden by any 
    other variable.
  + new /etc/ansible/facts.d allows JSON or INI-style facts to be 
    provided from the remote node, and supports executable fact 
    programs in this dir. Files must end in *.fact.
  + added the ability to make undefined template variables raise 
    errors (see ansible.cfg)
  + (DOCS PENDING) sudo: True/False and sudo_user: True/False can be 
    set at include and role level
  + added changed_when: (expression) which allows overriding whether
    a result is changed or not and can work with registered expressions
  + --extra-vars can now take a file as input, e.g., "-e @filename" 
    and can also be formatted as YAML
  + external inventory scripts may now return host variables in one 
    pass, which allows them to be much more efficient for large 
    numbers of hosts
  + if --forks exceeds the numbers of hosts, it will be automatically 
    reduced. Set forks to 0 and you get "as many forks as I have 
    hosts" out of the box.
  + enabled error_on_undefined_vars by default, which will make 
    errors in playbooks more obvious
  + role dependencies -- one role can now pull in another, with 
    parameters of its own.
  + added the ability to have tasks execute even during a check 
    run (always_run).
  + added the ability to set the maximum failure percentage for a 
    group of hosts.
  ...and a lot more information can be found at
- removed man3 man pages
- removed separate source - now in upstream tarball

Sun Jun 30 20:05:47 UTC 2013 -

- update to 1.2:
  + new feature: roles
  + massively improved variable support and conditionals
  + Pre and Post tasks provide greater controls to make rolling 
    updates even smoother
  + added 32 new modules: 
  ++ including a openSUSE package management module
  ++ added team chat notification modules for Flowdock, Hipchat, 
     Campfire, IRC, and more
  ++ added monitoring modules to interact with New Relic, Airbrake, 
     Pingdom, Pagerduty and Monit
- added to /usr/share/doc/packages/ansible/ to have 
  the complete changelog at hand

Thu Apr 25 08:01:24 UTC 2013 -

- require python-pyzmq on (open)SUSE

Thu Apr 18 07:42:43 UTC 2013 -

- fix build on other distributions than openSUSE
- License in SPDX format
- added rpmlintrc

Wed Apr 17 11:04:04 UTC 2013 -

- update to 1.1:
  + stderr shown when commands fail to parse
  + uses yaml.safe_dump in filter plugins
  + authentication Q&A no longer happens before --syntax-check, but after
  + ability to get hostvars data for nodes not in the setup cache yet
  + SSH timeout now correctly passed to native SSH connection plugin
  + raise an error when multiple when_ statements are provided
  + --list-hosts applies host limit selections better
  + (internals) template engine specifications to use template_ds everywhere
  + better error message when your host file can not be found
  + end of line comments now work in the inventory file
  + directory destinations now work better with remote md5 code
  + lookup plugin macros like $FILE and $ENV now work without 
    returning arrays in variable definitions/playbooks
  + uses yaml.safe_load everywhere
  + able to add EXAMPLES to documentation via EXAMPLES docstring, 
    rather than just in main documentation YAML
  + can set ANSIBLE_COW_SELECTION to pick other cowsay types (including random)
  + to_nice_yaml and to_nice_json available as Jinja2 filters that indent and sort
  + cowsay able to run out of macports (very important!)
  + improved logging for fireball mode
  + nicer error message when talking to an older system that needs a 
    JSON module installed
  + 'magic' variable 'inventory_basedir' now gives path to inventory file
  + 'magic' variable 'vars' works like 'hostvars' but gives global scope 
    variables, useful for debugging in templates mostly
  + conditionals can be used on plugins like add_host
  + ...and many more...
- specfile cleanup
- just recomend python-paramiko as the user can also use openssh

Tue Jan 22 13:47:16 UTC 2013 -

- Merge changes from upstream

openSUSE Build Service is sponsored by