From d2e49329ddc5ce75cd5ffb9492cfff23894ae031 Mon Sep 17 00:00:00 2001 From: Matthew Jones Date: Tue, 12 Jan 2016 11:26:55 -0500 Subject: [PATCH 01/25] Fix old python support in scan_services Python 2.4/RHEL5 doesn't support in-line conditionals so this breaks it out into a normal multi-line condition --- awx/plugins/library/scan_services.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/awx/plugins/library/scan_services.py b/awx/plugins/library/scan_services.py index 22a5352b2c..be343291b5 100644 --- a/awx/plugins/library/scan_services.py +++ b/awx/plugins/library/scan_services.py @@ -66,7 +66,10 @@ class ServiceScanService(BaseService): if len(line_data) < 4: continue # Skipping because we expected more data service_name = " ".join(line_data[3:]) - service_state = "running" if line_data[1] == "+" else "stopped" + if line_data[1] == "+": + service_state = "running" + else: + service_state = "stopped" services.append({"name": service_name, "state": service_state, "source": "sysv"}) rc, stdout, stderr = self.module.run_command("%s list" % initctl_path) real_stdout = stdout.replace("\r","") From 70d89354618c1eb156c7b17da105db8ec01b817f Mon Sep 17 00:00:00 2001 From: Matthew Jones Date: Thu, 14 Jan 2016 11:59:27 -0500 Subject: [PATCH 02/25] Fix v2 playbook_on_start method signature --- awx/plugins/callback/job_event_callback.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/awx/plugins/callback/job_event_callback.py b/awx/plugins/callback/job_event_callback.py index 9fdfa4e23a..838b3fde1d 100644 --- a/awx/plugins/callback/job_event_callback.py +++ b/awx/plugins/callback/job_event_callback.py @@ -326,9 +326,9 @@ class JobCallbackModule(BaseCallbackModule): def playbook_on_start(self): self._log_event('playbook_on_start') - def v2_playbook_on_start(self): - # since there is no task/play info, this is currently identical - # to the v1 callback which does the same thing + def v2_playbook_on_start(self, playbook): + # NOTE: the playbook parameter was added late in Ansible 2.0 development + # so we don't currently utilize but could later. self.playbook_on_start() def playbook_on_notify(self, host, handler): From be1cceff03c8a6a0cda1c38fd5a6decb33cabb4c Mon Sep 17 00:00:00 2001 From: Matthew Jones Date: Fri, 15 Jan 2016 11:39:05 -0500 Subject: [PATCH 03/25] Bump 2.4.4 release branch version --- awx/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/awx/__init__.py b/awx/__init__.py index e3cb8020b1..72b8f62cbf 100644 --- a/awx/__init__.py +++ b/awx/__init__.py @@ -6,7 +6,7 @@ import sys import warnings import site -__version__ = '2.4.3' +__version__ = '2.4.4' __all__ = ['__version__'] From 53d025c6d4f118b9f23942ce82081df5dc0ff1c7 Mon Sep 17 00:00:00 2001 From: Matthew Jones Date: Fri, 15 Jan 2016 13:40:03 -0500 Subject: [PATCH 04/25] Fixes rhel 7.2 websocket issue Rev gevent and greenlet, on another side a fix has been applied to gevent-socketio. --- requirements/requirements.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements/requirements.txt b/requirements/requirements.txt index 369daf43d5..addd05760c 100644 --- a/requirements/requirements.txt +++ b/requirements/requirements.txt @@ -30,7 +30,7 @@ dogpile.cache==0.5.6 dogpile.core==0.4.1 enum34==1.0.4 #functools32==3.2.3-2 -gevent==1.0.2 +gevent==1.1rc3 gevent-websocket==0.9.3 git+https://github.com/chrismeyersfsu/django-jsonfield.git@tower_0.9.12#egg=django-jsonfield git+https://github.com/chrismeyersfsu/django-qsstats-magic.git@tower_0.7.2#egg=django-qsstats-magic @@ -40,7 +40,7 @@ git+https://github.com/chrismeyersfsu/python-ipy.git@fix-127_localhost#egg=IPy git+https://github.com/chrismeyersfsu/python-keystoneclient.git@1.3.0#egg=python-keystoneclient git+https://github.com/chrismeyersfsu/shade.git@tower_0.5.0#egg=shade git+https://github.com/chrismeyersfsu/sitecustomize.git#egg=sitecustomize -greenlet==0.4.7 +greenlet==0.4.9 httplib2==0.9 idna==2.0 importlib==1.0.3 From 7ca73a4df1c43f4076553c07b0909734072d5a0f Mon Sep 17 00:00:00 2001 From: Matthew Jones Date: Fri, 15 Jan 2016 15:43:17 -0500 Subject: [PATCH 05/25] Rev PBR to 0.11.1 to fix up some dependencies All openstack modules claim they'll work with this version --- requirements/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements/requirements.txt b/requirements/requirements.txt index addd05760c..8158d952df 100644 --- a/requirements/requirements.txt +++ b/requirements/requirements.txt @@ -70,7 +70,7 @@ oslo.serialization==1.4.0 oslo.utils==1.4.0 os-networksv2-python-novaclient-ext==0.25 os-virtual-interfacesv2-python-novaclient-ext==0.19 -pbr==0.10.0 +pbr==0.11.1 pexpect==3.1 pip==1.5.4 prettytable==0.7.2 From fd8c07660532f8a8714c5f750ef85978b4570626 Mon Sep 17 00:00:00 2001 From: AlanCoding Date: Fri, 4 Dec 2015 11:20:05 -0500 Subject: [PATCH 06/25] store yaml output, test to cover bug, and docs update --- awx/api/templates/api/job_template_launch.md | 9 ++++---- awx/main/models/jobs.py | 4 +++- awx/main/tests/jobs/job_launch.py | 24 +++++++++++++++++++- 3 files changed, 31 insertions(+), 6 deletions(-) diff --git a/awx/api/templates/api/job_template_launch.md b/awx/api/templates/api/job_template_launch.md index 90846940a8..1dddde4210 100644 --- a/awx/api/templates/api/job_template_launch.md +++ b/awx/api/templates/api/job_template_launch.md @@ -18,10 +18,11 @@ The response will include the following fields: associated with the job template. If not then one should be supplied when launching the job (boolean, read-only) -Make a POST request to this resource to launch the job_template. If any -passwords or variables are required, they must be passed via POST data. -If `credential_needed_to_start` is `True` then the `credential` field is -required as well. +Make a POST request to this resource to launch the job_template. If any +passwords or extra variables (extra_vars) are required, they must be passed +via POST data, with extra_vars given as a YAML or JSON string and escaped +parentheses. If `credential_needed_to_start` is `True` then the `credential` +field is required as well. If successful, the response status code will be 202. If any required passwords are not provided, a 400 status code will be returned. If the job cannot be diff --git a/awx/main/models/jobs.py b/awx/main/models/jobs.py index ebc6a0fa78..51f577bac5 100644 --- a/awx/main/models/jobs.py +++ b/awx/main/models/jobs.py @@ -4,6 +4,7 @@ # Python import hmac import json +import yaml import logging # Django @@ -304,7 +305,8 @@ class JobTemplate(UnifiedJobTemplate, JobOptions): kwargs_extra_vars = json.loads(kwargs_extra_vars) except Exception: try: - yaml.safe_load(kwargs_extra_vars) + kwargs_extra_vars = yaml.safe_load(kwargs_extra_vars) + assert type(kwargs_extra_vars) is dict except: kwargs_extra_vars = {} else: diff --git a/awx/main/tests/jobs/job_launch.py b/awx/main/tests/jobs/job_launch.py index b0a0a35abe..66a0ca5a72 100644 --- a/awx/main/tests/jobs/job_launch.py +++ b/awx/main/tests/jobs/job_launch.py @@ -11,6 +11,7 @@ from django.core.urlresolvers import reverse # AWX from awx.main.models import * # noqa from .base import BaseJobTestMixin +import yaml __all__ = ['JobTemplateLaunchTest', 'JobTemplateLaunchPasswordsTest'] @@ -70,6 +71,28 @@ class JobTemplateLaunchTest(BaseJobTestMixin, django.test.TestCase): j = Job.objects.get(pk=response['job']) self.assertTrue(j.status == 'new') + def test_launch_extra_vars_json(self): + # Sending extra_vars as a JSON string, implicit credentials + with self.current_user(self.user_sue): + data = dict(extra_vars = '{\"a\":3}') + response = self.post(self.launch_url, data, expect=202) + j = Job.objects.get(pk=response['job']) + ev_dict = yaml.load(j.extra_vars) + self.assertIn('a', ev_dict) + if 'a' in ev_dict: + self.assertEqual(ev_dict['a'], 3) + + def test_launch_extra_vars_yaml(self): + # Sending extra_vars as a JSON string, implicit credentials + with self.current_user(self.user_sue): + data = dict(extra_vars = 'a: 3') + response = self.post(self.launch_url, data, expect=202) + j = Job.objects.get(pk=response['job']) + ev_dict = yaml.load(j.extra_vars) + self.assertIn('a', ev_dict) + if 'a' in ev_dict: + self.assertEqual(ev_dict['a'], 3) + def test_credential_explicit(self): # Explicit, credential with self.current_user(self.user_sue): @@ -195,4 +218,3 @@ class JobTemplateLaunchPasswordsTest(BaseJobTestMixin, django.test.TestCase): with self.current_user(self.user_sue): response = self.post(self.launch_url, {'ssh_password': ''}, expect=400) self.assertIn('ssh_password', response['passwords_needed_to_start']) - From 6c0af3ebd9031545846cf46fec74bf003c977dcd Mon Sep 17 00:00:00 2001 From: AlanCoding Date: Tue, 19 Jan 2016 09:54:25 -0500 Subject: [PATCH 07/25] Add special case to scan_services that fixes SLES11 scan failure issue --- awx/plugins/library/scan_services.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/awx/plugins/library/scan_services.py b/awx/plugins/library/scan_services.py index be343291b5..accbd232b4 100644 --- a/awx/plugins/library/scan_services.py +++ b/awx/plugins/library/scan_services.py @@ -97,6 +97,13 @@ class ServiceScanService(BaseService): #print '%s --status-all | grep -E "is (running|stopped)"' % service_path p = re.compile('(?P.*?)\s+[0-9]:(?Pon|off)\s+[0-9]:(?Pon|off)\s+[0-9]:(?Pon|off)\s+[0-9]:(?Pon|off)\s+[0-9]:(?Pon|off)\s+[0-9]:(?Pon|off)\s+[0-9]:(?Pon|off)') rc, stdout, stderr = self.module.run_command('%s' % chkconfig_path, use_unsafe_shell=True) + # extra flags needed for SLES11 + if not any(p.match(line) for line in stdout.split('\n')): + # If p pattern is not found but p_simple is, we have single-column ouptut + p_simple = re.compile('(?P.*?)\s+(?Pon|off)') + if any(p_simple.match(line) for line in stdout.split('\n')): + # Try extra flags " -l --allservices" to output all columns + rc, stdout, stderr = self.module.run_command('%s -l --allservices' % chkconfig_path, use_unsafe_shell=True) for line in stdout.split('\n'): m = p.match(line) if m: From ed99d1eb1591dba04f7b77cad2f103a42b0f1c3e Mon Sep 17 00:00:00 2001 From: AlanCoding Date: Tue, 19 Jan 2016 12:45:16 -0500 Subject: [PATCH 08/25] fix 2nd instance of in-line conditional for RHEL5 scan issue --- awx/plugins/library/scan_services.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/awx/plugins/library/scan_services.py b/awx/plugins/library/scan_services.py index accbd232b4..a786b791bf 100644 --- a/awx/plugins/library/scan_services.py +++ b/awx/plugins/library/scan_services.py @@ -149,8 +149,12 @@ class SystemctlScanService(BaseService): line_data = line.split() if len(line_data) != 2: continue + if line_data[1] == "enabled": + state_val = "running" + else: + state_val = "stopped" services.append({"name": line_data[0], - "state": "running" if line_data[1] == "enabled" else "stopped", + "state": state_val, "source": "systemd"}) return services From 8978c5bf5465dd4f481b09c2d8cb512e847e1765 Mon Sep 17 00:00:00 2001 From: Jared Tabor Date: Wed, 20 Jan 2016 10:45:42 -0800 Subject: [PATCH 09/25] Re-Enabling Pendo User Guides --- awx/ui/templates/ui/index.html | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/awx/ui/templates/ui/index.html b/awx/ui/templates/ui/index.html index ea180697f2..7587a79fba 100644 --- a/awx/ui/templates/ui/index.html +++ b/awx/ui/templates/ui/index.html @@ -30,8 +30,7 @@ window.pendo_options = { // This is required to be able to load data client side - usePendoAgentAPI: true, - disableGuides: true + usePendoAgentAPI: true }; From de7be08856db9e5e7b454df127e08dfa119f08a2 Mon Sep 17 00:00:00 2001 From: Akita Noek Date: Wed, 20 Jan 2016 15:11:49 -0500 Subject: [PATCH 10/25] Obey no_log with ansible 2.0 Fixes #645 --- awx/plugins/callback/job_event_callback.py | 26 ++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/awx/plugins/callback/job_event_callback.py b/awx/plugins/callback/job_event_callback.py index 838b3fde1d..b4eaae083d 100644 --- a/awx/plugins/callback/job_event_callback.py +++ b/awx/plugins/callback/job_event_callback.py @@ -37,6 +37,7 @@ import logging import os import pwd import urlparse +import re # Requests import requests @@ -126,6 +127,31 @@ class BaseCallbackModule(object): self._init_connection() if self.context is None: self._start_connection() + if 'res' in event_data \ + and event_data['res'].get('_ansible_no_log', False): + res = event_data['res'] + if 'stdout' in res and res['stdout']: + res['stdout'] = '' + if 'stdout_lines' in res and res['stdout_lines']: + res['stdout_lines'] = [''] + if 'stderr' in res and res['stderr']: + res['stderr'] = '' + if 'stderr_lines' in res and res['stderr_lines']: + res['stderr_lines'] = [''] + if res.get('cmd', None) and re.search(r'\s', res['cmd']): + res['cmd'] = re.sub(r'^(([^\s\\]|\\\s)+).*$', + r'\1 ', + res['cmd']) + if 'invocation' in res \ + and 'module_args' in res['invocation'] \ + and '_raw_params' in res['invocation']['module_args'] \ + and re.search(r'\s', + res['invocation']['module_args']['_raw_params']): + res['invocation']['module_args']['_raw_params'] = \ + re.sub(r'^(([^\s\\]|\\\s)+).*$', + r'\1 ', + res['invocation']['module_args']['_raw_params']) + msg['event_data']['res'] = res self.socket.send_json(msg) self.socket.recv() From 32366b5544981bce765e9b05dfe2411ed54fde61 Mon Sep 17 00:00:00 2001 From: Matthew Jones Date: Wed, 20 Jan 2016 15:12:52 -0500 Subject: [PATCH 11/25] Fix for rax cache timeout issue 2.4.0 level of rax.py introduces a default cache timeout of 600s, this fixes that and includes a new rax.py inventory module that has been submitted upstream. --- awx/main/tasks.py | 1 + awx/plugins/inventory/rax.py | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/awx/main/tasks.py b/awx/main/tasks.py index eef1590d1a..e8e36a8e10 100644 --- a/awx/main/tasks.py +++ b/awx/main/tasks.py @@ -1193,6 +1193,7 @@ class RunInventoryUpdate(BaseTask): elif inventory_update.source == 'rax': env['RAX_CREDS_FILE'] = cloud_credential env['RAX_REGION'] = inventory_update.source_regions or 'all' + env['RAX_CACHE_MAX_AGE'] = 0 # Set this environment variable so the vendored package won't # complain about not being able to determine its version number. env['PBR_VERSION'] = '0.5.21' diff --git a/awx/plugins/inventory/rax.py b/awx/plugins/inventory/rax.py index 0028f54d20..4ac6b0f47e 100755 --- a/awx/plugins/inventory/rax.py +++ b/awx/plugins/inventory/rax.py @@ -355,9 +355,12 @@ def get_cache_file_path(regions): def _list(regions, refresh_cache=True): + cache_max_age = int(get_config(p, 'rax', 'cache_max_age', + 'RAX_CACHE_MAX_AGE', 600)) + if (not os.path.exists(get_cache_file_path(regions)) or refresh_cache or - (time() - os.stat(get_cache_file_path(regions))[-1]) > 600): + (time() - os.stat(get_cache_file_path(regions))[-1]) > cache_max_age): # Cache file doesn't exist or older than 10m or refresh cache requested _list_into_cache(regions) From 483fc507d6acfc04619e60bcc33f9a5360189cd6 Mon Sep 17 00:00:00 2001 From: Matthew Jones Date: Mon, 25 Jan 2016 16:51:33 -0500 Subject: [PATCH 12/25] tasks env vars should be strings This was causing rax unit test failures which are now alleviated --- awx/main/tasks.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/awx/main/tasks.py b/awx/main/tasks.py index e8e36a8e10..f1e1e56e56 100644 --- a/awx/main/tasks.py +++ b/awx/main/tasks.py @@ -1193,7 +1193,7 @@ class RunInventoryUpdate(BaseTask): elif inventory_update.source == 'rax': env['RAX_CREDS_FILE'] = cloud_credential env['RAX_REGION'] = inventory_update.source_regions or 'all' - env['RAX_CACHE_MAX_AGE'] = 0 + env['RAX_CACHE_MAX_AGE'] = "0" # Set this environment variable so the vendored package won't # complain about not being able to determine its version number. env['PBR_VERSION'] = '0.5.21' From 60e242cb26d182c3ac811066a55c1f4263960f90 Mon Sep 17 00:00:00 2001 From: AlanCoding Date: Wed, 20 Jan 2016 16:34:30 -0500 Subject: [PATCH 13/25] RHEL5 compatibility and handling of error scenarios --- awx/plugins/library/scan_services.py | 29 ++++++++++++++++++++-------- 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/awx/plugins/library/scan_services.py b/awx/plugins/library/scan_services.py index a786b791bf..779d44effd 100644 --- a/awx/plugins/library/scan_services.py +++ b/awx/plugins/library/scan_services.py @@ -97,13 +97,23 @@ class ServiceScanService(BaseService): #print '%s --status-all | grep -E "is (running|stopped)"' % service_path p = re.compile('(?P.*?)\s+[0-9]:(?Pon|off)\s+[0-9]:(?Pon|off)\s+[0-9]:(?Pon|off)\s+[0-9]:(?Pon|off)\s+[0-9]:(?Pon|off)\s+[0-9]:(?Pon|off)\s+[0-9]:(?Pon|off)') rc, stdout, stderr = self.module.run_command('%s' % chkconfig_path, use_unsafe_shell=True) - # extra flags needed for SLES11 - if not any(p.match(line) for line in stdout.split('\n')): - # If p pattern is not found but p_simple is, we have single-column ouptut + # Check for special cases where stdout does not fit pattern + match_any = False + for line in stdout.split('\n'): + if p.match(line): + match_any = True + if not match_any: p_simple = re.compile('(?P.*?)\s+(?Pon|off)') - if any(p_simple.match(line) for line in stdout.split('\n')): - # Try extra flags " -l --allservices" to output all columns + match_any = False + for line in stdout.split('\n'): + if p_simple.match(line): + match_any = True + if match_any: + # Try extra flags " -l --allservices" needed for SLES11 rc, stdout, stderr = self.module.run_command('%s -l --allservices' % chkconfig_path, use_unsafe_shell=True) + elif '--list' in stderr: + # Extra flag needed for RHEL5 + rc, stdout, stderr = self.module.run_command('%s --list' % chkconfig_path, use_unsafe_shell=True) for line in stdout.split('\n'): m = p.match(line) if m: @@ -116,11 +126,12 @@ class ServiceScanService(BaseService): service_state = 'running' #elif rc in (1,3): else: - service_state = 'stopped' + if 'root' in stderr or 'permission' in stderr.lower() or 'not in sudoers' in stderr.lower(): + service_state = 'unable to scan, requires root' + else: + service_state = 'stopped' service_data = {"name": service_name, "state": service_state, "source": "sysv"} services.append(service_data) - # rc, stdout, stderr = self.module.run_command("%s --list" % chkconfig_path) - # Do something with chkconfig status return services class SystemctlScanService(BaseService): @@ -167,6 +178,8 @@ def main(): svc = svcmod.gather_services() if svc is not None: all_services += svc + if len(all_services) == 0: + module.fail_json(msg="Failed to find any services. Sometimes this solved by running with privilege escalation.") results = dict(ansible_facts=dict(services=all_services)) module.exit_json(**results) From 7afa14aabbf2561e556af6b84ccff3e5f46dae4b Mon Sep 17 00:00:00 2001 From: Chris Meyers Date: Wed, 27 Jan 2016 11:50:57 -0500 Subject: [PATCH 14/25] bump shade from 0.5.0 to 1.4 --- requirements/requirements.txt | 123 ++++++++++++++++++---------------- 1 file changed, 66 insertions(+), 57 deletions(-) diff --git a/requirements/requirements.txt b/requirements/requirements.txt index 8158d952df..24ef4311c9 100644 --- a/requirements/requirements.txt +++ b/requirements/requirements.txt @@ -1,121 +1,130 @@ -amqp==1.4.5 git+https://github.com/chrismeyersfsu/ansiconv.git@tower_1.0.0#egg=ansiconv +amqp==1.4.5 anyjson==0.3.3 apache-libcloud==0.15.1 appdirs==1.4.0 -argparse==1.2.1 azure==0.9.0 -Babel==1.3 +Babel==2.2.0 billiard==3.3.0.16 boto==2.34.0 celery==3.1.10 -cffi==1.1.2 -cliff==1.13.0 +cffi==1.5.0 +cliff==1.15.0 cmd2==0.6.8 cryptography==0.9.3 d2to1==0.2.11 -defusedxml==0.4.1 +debtcollector==1.2.0 +decorator==4.0.6 Django==1.6.7 +defusedxml==0.4.1 django-auth-ldap==1.2.6 django-celery==3.1.10 django-crum==0.6.1 django-extensions==1.3.3 django-polymorphic==0.5.3 django-radius==1.0.0 -djangorestframework==2.3.13 django-split-settings==0.1.1 django-taggit==0.11.2 -git+https://github.com/matburt/dm.xmlsec.binding.git@master#egg=dm.xmlsec.binding -dogpile.cache==0.5.6 -dogpile.core==0.4.1 -enum34==1.0.4 -#functools32==3.2.3-2 -gevent==1.1rc3 -gevent-websocket==0.9.3 +djangorestframework==2.3.13 git+https://github.com/chrismeyersfsu/django-jsonfield.git@tower_0.9.12#egg=django-jsonfield git+https://github.com/chrismeyersfsu/django-qsstats-magic.git@tower_0.7.2#egg=django-qsstats-magic git+https://github.com/chrismeyersfsu/django-rest-framework-mongoengine.git@0c79515257a33a0ce61500b65fa497398628a03d#egg=django-rest-framework-mongoengine +git+https://github.com/matburt/dm.xmlsec.binding.git@master#egg=dm.xmlsec.binding +dogpile.cache==0.5.7 +dogpile.core==0.4.1 +enum34==1.1.2 +funcsigs==0.4 +#functools32==3.2.3.post2 +futures==3.0.4 git+https://github.com/chrismeyersfsu/gevent-socketio.git@tower_0.3.6#egg=gevent-socketio -git+https://github.com/chrismeyersfsu/python-ipy.git@fix-127_localhost#egg=IPy -git+https://github.com/chrismeyersfsu/python-keystoneclient.git@1.3.0#egg=python-keystoneclient -git+https://github.com/chrismeyersfsu/shade.git@tower_0.5.0#egg=shade -git+https://github.com/chrismeyersfsu/sitecustomize.git#egg=sitecustomize +gevent-websocket==0.9.3 +gevent==1.1rc3 greenlet==0.4.9 -httplib2==0.9 +httplib2==0.9.2 idna==2.0 importlib==1.0.3 -ipaddress==1.0.14 -iso8601==0.1.10 +ip-associations-python-novaclient-ext==0.1 +ipaddress==1.0.16 +git+https://github.com/chrismeyersfsu/python-ipy.git@fix-127_localhost#egg=IPy +iso8601==0.1.11 isodate==0.5.1 -jsonpatch==1.11 -jsonpointer==1.9 +jsonpatch==1.12 +jsonpointer==1.10 jsonschema==2.5.1 -keyring==4.1 +keyring==8.1.1 +keystoneauth1==2.2.0 kombu==3.0.21 lxml==3.4.4 -M2Crypto==0.22.3 Markdown==2.4.1 -mock==1.0.1 +M2Crypto==0.22.3 +mock==1.3.0 mongoengine==0.9.0 -msgpack-python==0.4.6 -netaddr==0.7.14 +monotonic==0.6 +msgpack-python==0.4.7 +munch==2.0.4 +netaddr==0.7.18 netifaces==0.10.4 oauthlib==1.0.3 ordereddict==1.1 -os-client-config==1.6.1 -os-diskconfig-python-novaclient-ext==0.1.2 -oslo.config==1.9.3 -oslo.i18n==1.5.0 -oslo.serialization==1.4.0 -oslo.utils==1.4.0 +os-client-config==1.14.0 +os-diskconfig-python-novaclient-ext==0.1.3 os-networksv2-python-novaclient-ext==0.25 os-virtual-interfacesv2-python-novaclient-ext==0.19 -pbr==0.11.1 +oslo.config==3.4.0 +oslo.i18n==3.2.0 +oslo.serialization==2.2.0 +oslo.utils==3.4.0 +pbr==1.8.1 pexpect==3.1 -pip==1.5.4 prettytable==0.7.2 psphere==0.5.2 psutil==3.1.1 psycopg2 -pyasn1==0.1.8 +pyasn1==0.1.9 pycparser==2.14 -pycrypto==2.6.1 PyJWT==1.4.0 pymongo==2.8 -pyOpenSSL==0.15.1 -pyparsing==2.0.3 +pyparsing==2.0.7 pyrad==2.0 -pyrax==1.9.3 -python-cinderclient==1.1.1 +pyrax==1.9.7 +python-cinderclient==1.5.0 python-dateutil==2.4.0 -python-glanceclient==0.17.0 -python-ironicclient==0.5.0 +python-glanceclient==1.2.0 +python-heatclient==0.8.1 +python-ironicclient==1.0.0 +python-keystoneclient==2.1.1 python-ldap==2.4.20 -python-neutronclient==2.3.11 -python-novaclient==2.20.0 +python-neutronclient==4.0.0 +python-novaclient==3.2.0 python-openid==2.2.5 +python-openstackclient==2.0.0 python-radius==1.0 -git+https://github.com/matburt/python-social-auth.git@master#egg=python-social-auth python-saml==2.1.4 -python-swiftclient==2.2.0 -python-troveclient==1.0.9 +git+https://github.com/matburt/python-social-auth.git@master#egg=python-social-auth +python-swiftclient==2.7.0 +python-troveclient==1.4.0 pytz==2014.10 pywinrm==0.1.1 PyYAML==3.11 pyzmq==14.5.0 rackspace-auth-openstack==1.3 -rackspace-novaclient==1.4 -rax-default-network-flags-python-novaclient-ext==0.2.3 -rax-scheduled-images-python-novaclient-ext==0.2.1 +rackspace-novaclient==1.5 +rax-default-network-flags-python-novaclient-ext==0.3.2 +rax-scheduled-images-python-novaclient-ext==0.3.1 redis==2.10.3 -requests==2.5.1 requests-oauthlib==0.5.0 -simplejson==3.6.0 +requests==2.5.1 +requestsexceptions==1.1.2 +shade==1.4.0 +simplejson==3.8.1 +git+https://github.com/chrismeyersfsu/sitecustomize.git#egg=sitecustomize six==1.9.0 -South==1.0.2 -stevedore==1.3.0 +stevedore==1.10.0 suds==0.4 -warlock==1.1.0 +South==1.0.2 +unicodecsv==0.14.1 +warlock==1.2.0 wheel==0.24.0 +wrapt==1.10.6 wsgiref==0.1.2 xmltodict==0.9.2 From 94e6d2a72aa80a811becbfdb9772f714944132a8 Mon Sep 17 00:00:00 2001 From: Akita Noek Date: Thu, 28 Jan 2016 11:34:43 -0500 Subject: [PATCH 15/25] Obey no_log even more when using ansible 2.0 Hopefully fixes #645 this time. New function handles recursing down our results array when it's present, also attempts to proactively protect against future data leaks by only allowing white listed fields through. --- awx/plugins/callback/job_event_callback.py | 65 +++++++++++++--------- 1 file changed, 40 insertions(+), 25 deletions(-) diff --git a/awx/plugins/callback/job_event_callback.py b/awx/plugins/callback/job_event_callback.py index b4eaae083d..b5cdea63e4 100644 --- a/awx/plugins/callback/job_event_callback.py +++ b/awx/plugins/callback/job_event_callback.py @@ -38,6 +38,7 @@ import os import pwd import urlparse import re +from copy import deepcopy # Requests import requests @@ -47,6 +48,42 @@ import zmq import psutil + +CENSOR_FIELD_WHITELIST=[ + 'msg', + 'failed', + 'changed', + 'results', + 'start', + 'end', + 'delta', + 'cmd', + '_ansible_no_log', + 'cmd', + 'rc', + 'failed_when_result', + 'skip_reason', +] + +def censor(obj): + if obj.get('_ansible_no_log', False): + new_obj = {} + for k in CENSOR_FIELD_WHITELIST: + if k in obj: + new_obj[k] = obj[k] + if k == 'cmd' and k in obj: + if re.search(r'\s', obj['cmd']): + new_obj['cmd'] = re.sub(r'^(([^\s\\]|\\\s)+).*$', + r'\1 ', + obj['cmd']) + new_obj['censored'] = "the output has been hidden due to the fact that 'no_log: true' was specified for this result" + obj = new_obj + if 'results' in obj: + for i in xrange(len(obj['results'])): + obj['results'][i] = censor(obj['results'][i]) + return obj + + class TokenAuth(requests.auth.AuthBase): def __init__(self, token): @@ -127,31 +164,6 @@ class BaseCallbackModule(object): self._init_connection() if self.context is None: self._start_connection() - if 'res' in event_data \ - and event_data['res'].get('_ansible_no_log', False): - res = event_data['res'] - if 'stdout' in res and res['stdout']: - res['stdout'] = '' - if 'stdout_lines' in res and res['stdout_lines']: - res['stdout_lines'] = [''] - if 'stderr' in res and res['stderr']: - res['stderr'] = '' - if 'stderr_lines' in res and res['stderr_lines']: - res['stderr_lines'] = [''] - if res.get('cmd', None) and re.search(r'\s', res['cmd']): - res['cmd'] = re.sub(r'^(([^\s\\]|\\\s)+).*$', - r'\1 ', - res['cmd']) - if 'invocation' in res \ - and 'module_args' in res['invocation'] \ - and '_raw_params' in res['invocation']['module_args'] \ - and re.search(r'\s', - res['invocation']['module_args']['_raw_params']): - res['invocation']['module_args']['_raw_params'] = \ - re.sub(r'^(([^\s\\]|\\\s)+).*$', - r'\1 ', - res['invocation']['module_args']['_raw_params']) - msg['event_data']['res'] = res self.socket.send_json(msg) self.socket.recv() @@ -185,6 +197,9 @@ class BaseCallbackModule(object): response.raise_for_status() def _log_event(self, event, **event_data): + if 'res' in event_data: + event_data['res'] = censor(deepcopy(event_data['res'])) + if self.callback_consumer_port: self._post_job_event_queue_msg(event, event_data) else: From f8a7fb0ea10807eb5caf91aed8697ee74fef96d2 Mon Sep 17 00:00:00 2001 From: Akita Noek Date: Thu, 28 Jan 2016 12:43:49 -0500 Subject: [PATCH 16/25] Added missing 'skipped' field for no_log --- awx/plugins/callback/job_event_callback.py | 1 + 1 file changed, 1 insertion(+) diff --git a/awx/plugins/callback/job_event_callback.py b/awx/plugins/callback/job_event_callback.py index b5cdea63e4..041ce5bc53 100644 --- a/awx/plugins/callback/job_event_callback.py +++ b/awx/plugins/callback/job_event_callback.py @@ -62,6 +62,7 @@ CENSOR_FIELD_WHITELIST=[ 'cmd', 'rc', 'failed_when_result', + 'skipped', 'skip_reason', ] From 264fca1f3dca9c0191a8f39f558bf2fba0cc7543 Mon Sep 17 00:00:00 2001 From: Chris Meyers Date: Thu, 28 Jan 2016 17:35:21 -0500 Subject: [PATCH 17/25] separate pip requirements file for python2.6 * platforms, like centos6, with python2.6 need old raggity packages. Let them have the old raggity packages. --- requirements/requirements_python26.txt | 121 +++++++++++++++++++++++++ 1 file changed, 121 insertions(+) create mode 100644 requirements/requirements_python26.txt diff --git a/requirements/requirements_python26.txt b/requirements/requirements_python26.txt new file mode 100644 index 0000000000..8158d952df --- /dev/null +++ b/requirements/requirements_python26.txt @@ -0,0 +1,121 @@ +amqp==1.4.5 +git+https://github.com/chrismeyersfsu/ansiconv.git@tower_1.0.0#egg=ansiconv +anyjson==0.3.3 +apache-libcloud==0.15.1 +appdirs==1.4.0 +argparse==1.2.1 +azure==0.9.0 +Babel==1.3 +billiard==3.3.0.16 +boto==2.34.0 +celery==3.1.10 +cffi==1.1.2 +cliff==1.13.0 +cmd2==0.6.8 +cryptography==0.9.3 +d2to1==0.2.11 +defusedxml==0.4.1 +Django==1.6.7 +django-auth-ldap==1.2.6 +django-celery==3.1.10 +django-crum==0.6.1 +django-extensions==1.3.3 +django-polymorphic==0.5.3 +django-radius==1.0.0 +djangorestframework==2.3.13 +django-split-settings==0.1.1 +django-taggit==0.11.2 +git+https://github.com/matburt/dm.xmlsec.binding.git@master#egg=dm.xmlsec.binding +dogpile.cache==0.5.6 +dogpile.core==0.4.1 +enum34==1.0.4 +#functools32==3.2.3-2 +gevent==1.1rc3 +gevent-websocket==0.9.3 +git+https://github.com/chrismeyersfsu/django-jsonfield.git@tower_0.9.12#egg=django-jsonfield +git+https://github.com/chrismeyersfsu/django-qsstats-magic.git@tower_0.7.2#egg=django-qsstats-magic +git+https://github.com/chrismeyersfsu/django-rest-framework-mongoengine.git@0c79515257a33a0ce61500b65fa497398628a03d#egg=django-rest-framework-mongoengine +git+https://github.com/chrismeyersfsu/gevent-socketio.git@tower_0.3.6#egg=gevent-socketio +git+https://github.com/chrismeyersfsu/python-ipy.git@fix-127_localhost#egg=IPy +git+https://github.com/chrismeyersfsu/python-keystoneclient.git@1.3.0#egg=python-keystoneclient +git+https://github.com/chrismeyersfsu/shade.git@tower_0.5.0#egg=shade +git+https://github.com/chrismeyersfsu/sitecustomize.git#egg=sitecustomize +greenlet==0.4.9 +httplib2==0.9 +idna==2.0 +importlib==1.0.3 +ipaddress==1.0.14 +iso8601==0.1.10 +isodate==0.5.1 +jsonpatch==1.11 +jsonpointer==1.9 +jsonschema==2.5.1 +keyring==4.1 +kombu==3.0.21 +lxml==3.4.4 +M2Crypto==0.22.3 +Markdown==2.4.1 +mock==1.0.1 +mongoengine==0.9.0 +msgpack-python==0.4.6 +netaddr==0.7.14 +netifaces==0.10.4 +oauthlib==1.0.3 +ordereddict==1.1 +os-client-config==1.6.1 +os-diskconfig-python-novaclient-ext==0.1.2 +oslo.config==1.9.3 +oslo.i18n==1.5.0 +oslo.serialization==1.4.0 +oslo.utils==1.4.0 +os-networksv2-python-novaclient-ext==0.25 +os-virtual-interfacesv2-python-novaclient-ext==0.19 +pbr==0.11.1 +pexpect==3.1 +pip==1.5.4 +prettytable==0.7.2 +psphere==0.5.2 +psutil==3.1.1 +psycopg2 +pyasn1==0.1.8 +pycparser==2.14 +pycrypto==2.6.1 +PyJWT==1.4.0 +pymongo==2.8 +pyOpenSSL==0.15.1 +pyparsing==2.0.3 +pyrad==2.0 +pyrax==1.9.3 +python-cinderclient==1.1.1 +python-dateutil==2.4.0 +python-glanceclient==0.17.0 +python-ironicclient==0.5.0 +python-ldap==2.4.20 +python-neutronclient==2.3.11 +python-novaclient==2.20.0 +python-openid==2.2.5 +python-radius==1.0 +git+https://github.com/matburt/python-social-auth.git@master#egg=python-social-auth +python-saml==2.1.4 +python-swiftclient==2.2.0 +python-troveclient==1.0.9 +pytz==2014.10 +pywinrm==0.1.1 +PyYAML==3.11 +pyzmq==14.5.0 +rackspace-auth-openstack==1.3 +rackspace-novaclient==1.4 +rax-default-network-flags-python-novaclient-ext==0.2.3 +rax-scheduled-images-python-novaclient-ext==0.2.1 +redis==2.10.3 +requests==2.5.1 +requests-oauthlib==0.5.0 +simplejson==3.6.0 +six==1.9.0 +South==1.0.2 +stevedore==1.3.0 +suds==0.4 +warlock==1.1.0 +wheel==0.24.0 +wsgiref==0.1.2 +xmltodict==0.9.2 From 6b20539e3839724f4fd0219b625bc0faf80760f4 Mon Sep 17 00:00:00 2001 From: James Laska Date: Fri, 29 Jan 2016 09:03:03 -0500 Subject: [PATCH 18/25] Conditionally install 2.6 python requirements --- Makefile | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index ecc7e69210..8f07e9903a 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,5 @@ PYTHON = python +PYTHON_VERSION = $(shell $(PYTHON) -c "from distutils.sysconfig import get_python_version; print get_python_version()") SITELIB=$(shell $(PYTHON) -c "from distutils.sysconfig import get_python_lib; print get_python_lib()") OFFICIAL ?= no PACKER ?= packer @@ -234,7 +235,11 @@ requirements requirements_dev requirements_jenkins: %: real-% # * --user (in conjunction with PYTHONUSERBASE="awx" may be a better option # * --target implies --ignore-installed real-requirements: - pip install -r requirements/requirements.txt --target awx/lib/site-packages/ --install-option="--install-platlib=\$$base/lib/python" + @if [ "$(PYTHON_VERSION)" == "2.6" ]; then \ + pip install -r requirements/requirements_python26.txt --target awx/lib/site-packages/ --install-option="--install-platlib=\$$base/lib/python" \ + else \ + pip install -r requirements/requirements.txt --target awx/lib/site-packages/ --install-option="--install-platlib=\$$base/lib/python" \ + fi real-requirements_dev: pip install -r requirements/requirements_dev.txt --target awx/lib/site-packages/ --install-option="--install-platlib=\$$base/lib/python" From 305b4fdead2bab7d543c4d093f6edf181d58999c Mon Sep 17 00:00:00 2001 From: James Laska Date: Fri, 29 Jan 2016 09:54:48 -0500 Subject: [PATCH 19/25] Typo's are bad and should be vanquished --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 8f07e9903a..77fb92f6e4 100644 --- a/Makefile +++ b/Makefile @@ -236,9 +236,9 @@ requirements requirements_dev requirements_jenkins: %: real-% # * --target implies --ignore-installed real-requirements: @if [ "$(PYTHON_VERSION)" == "2.6" ]; then \ - pip install -r requirements/requirements_python26.txt --target awx/lib/site-packages/ --install-option="--install-platlib=\$$base/lib/python" \ + pip install -r requirements/requirements_python26.txt --target awx/lib/site-packages/ --install-option="--install-platlib=\$$base/lib/python"; \ else \ - pip install -r requirements/requirements.txt --target awx/lib/site-packages/ --install-option="--install-platlib=\$$base/lib/python" \ + pip install -r requirements/requirements.txt --target awx/lib/site-packages/ --install-option="--install-platlib=\$$base/lib/python"; \ fi real-requirements_dev: From ad27ae1f7d29f7e6f01c40a37c915d786c7b2929 Mon Sep 17 00:00:00 2001 From: Chris Meyers Date: Fri, 29 Jan 2016 11:19:30 -0500 Subject: [PATCH 20/25] pyrax bumpb new python license --- .../ip_associations_python_novaclient_ext.txt | 73 +++++++++++++++++++ 1 file changed, 73 insertions(+) create mode 100644 docs/licenses/ip_associations_python_novaclient_ext.txt diff --git a/docs/licenses/ip_associations_python_novaclient_ext.txt b/docs/licenses/ip_associations_python_novaclient_ext.txt new file mode 100644 index 0000000000..137069b823 --- /dev/null +++ b/docs/licenses/ip_associations_python_novaclient_ext.txt @@ -0,0 +1,73 @@ +Apache License +Version 2.0, January 2004 +http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + +"License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. + +"Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. + +"Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. + +"You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. + +"Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. + +"Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. + +"Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). + +"Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. + +"Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." + +"Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: + + (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. + + You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + +To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. From 7d73cb1bcf4a41295c13ee1638dc7aecca0624fc Mon Sep 17 00:00:00 2001 From: Chris Meyers Date: Fri, 29 Jan 2016 16:25:37 -0500 Subject: [PATCH 21/25] requests needs openssl --- requirements/requirements.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/requirements/requirements.txt b/requirements/requirements.txt index 24ef4311c9..c21ade6217 100644 --- a/requirements/requirements.txt +++ b/requirements/requirements.txt @@ -81,9 +81,11 @@ psphere==0.5.2 psutil==3.1.1 psycopg2 pyasn1==0.1.9 +pycrypto==2.6.1 pycparser==2.14 PyJWT==1.4.0 pymongo==2.8 +pyOpenSSL==0.15.1 pyparsing==2.0.7 pyrad==2.0 pyrax==1.9.7 From 306d0d401a43164402540f5fdd4e7f16b5e46e42 Mon Sep 17 00:00:00 2001 From: Chris Meyers Date: Mon, 1 Feb 2016 12:16:26 -0500 Subject: [PATCH 22/25] point at packages with source on pypi * --target doesn't use wheels. Some packages only have wheel. Bump back the package versions that have source in them, but not too far back such that the interfaces change. It's a balancing act. --- requirements/requirements.txt | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/requirements.txt b/requirements/requirements.txt index c21ade6217..971d0d1580 100644 --- a/requirements/requirements.txt +++ b/requirements/requirements.txt @@ -70,7 +70,7 @@ os-client-config==1.14.0 os-diskconfig-python-novaclient-ext==0.1.3 os-networksv2-python-novaclient-ext==0.25 os-virtual-interfacesv2-python-novaclient-ext==0.19 -oslo.config==3.4.0 +oslo.config==3.3.0 oslo.i18n==3.2.0 oslo.serialization==2.2.0 oslo.utils==3.4.0 @@ -91,7 +91,7 @@ pyrad==2.0 pyrax==1.9.7 python-cinderclient==1.5.0 python-dateutil==2.4.0 -python-glanceclient==1.2.0 +python-glanceclient==1.1.0 python-heatclient==0.8.1 python-ironicclient==1.0.0 python-keystoneclient==2.1.1 @@ -105,7 +105,7 @@ python-saml==2.1.4 git+https://github.com/matburt/python-social-auth.git@master#egg=python-social-auth python-swiftclient==2.7.0 python-troveclient==1.4.0 -pytz==2014.10 +pytz==2015.7 pywinrm==0.1.1 PyYAML==3.11 pyzmq==14.5.0 @@ -116,7 +116,7 @@ rax-scheduled-images-python-novaclient-ext==0.3.1 redis==2.10.3 requests-oauthlib==0.5.0 requests==2.5.1 -requestsexceptions==1.1.2 +requestsexceptions==1.1.1 shade==1.4.0 simplejson==3.8.1 git+https://github.com/chrismeyersfsu/sitecustomize.git#egg=sitecustomize From cced99f75d4a013ce1b9e7b06ee25c3a8a5ae5d4 Mon Sep 17 00:00:00 2001 From: James Laska Date: Tue, 2 Feb 2016 12:45:08 -0500 Subject: [PATCH 23/25] Resolve bug when building with /bin/sh on Ubuntu Ubuntu uses /bin/sh by default. This change properly compares strings in a POSIX compliant manner. --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 77fb92f6e4..40eebbe644 100644 --- a/Makefile +++ b/Makefile @@ -235,7 +235,7 @@ requirements requirements_dev requirements_jenkins: %: real-% # * --user (in conjunction with PYTHONUSERBASE="awx" may be a better option # * --target implies --ignore-installed real-requirements: - @if [ "$(PYTHON_VERSION)" == "2.6" ]; then \ + @if [ "$(PYTHON_VERSION)" = "2.6" ]; then \ pip install -r requirements/requirements_python26.txt --target awx/lib/site-packages/ --install-option="--install-platlib=\$$base/lib/python"; \ else \ pip install -r requirements/requirements.txt --target awx/lib/site-packages/ --install-option="--install-platlib=\$$base/lib/python"; \ From dd927c97faa58e642993936d280cf09e0793fd95 Mon Sep 17 00:00:00 2001 From: AlanCoding Date: Fri, 29 Jan 2016 16:27:46 -0500 Subject: [PATCH 24/25] change to warning behavior --- awx/plugins/library/scan_services.py | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/awx/plugins/library/scan_services.py b/awx/plugins/library/scan_services.py index 779d44effd..7e3b011e5c 100644 --- a/awx/plugins/library/scan_services.py +++ b/awx/plugins/library/scan_services.py @@ -47,6 +47,7 @@ class BaseService(object): def __init__(self, module): self.module = module + self.incomplete_warning = False class ServiceScanService(BaseService): @@ -127,7 +128,8 @@ class ServiceScanService(BaseService): #elif rc in (1,3): else: if 'root' in stderr or 'permission' in stderr.lower() or 'not in sudoers' in stderr.lower(): - service_state = 'unable to scan, requires root' + self.incomplete_warning = True + continue else: service_state = 'stopped' service_data = {"name": service_name, "state": service_state, "source": "sysv"} @@ -173,14 +175,19 @@ def main(): module = AnsibleModule(argument_spec = dict()) service_modules = (ServiceScanService, SystemctlScanService) all_services = [] + incomplete_warning = False for svc_module in service_modules: svcmod = svc_module(module) svc = svcmod.gather_services() if svc is not None: all_services += svc + if svcmod.incomplete_warning: + incomplete_warning = True if len(all_services) == 0: - module.fail_json(msg="Failed to find any services. Sometimes this solved by running with privilege escalation.") + module.fail_json(msg="Failed to find any services. Sometimes this is due to insufficient privileges.") results = dict(ansible_facts=dict(services=all_services)) + if incomplete_warning: + results['msg'] = "WARNING: Could not find status for all services. Sometimes this is due to insufficient privileges." module.exit_json(**results) main() From 24b33a52c8d944f6cca6db01dbfe64b323854c4a Mon Sep 17 00:00:00 2001 From: Matthew Jones Date: Wed, 10 Feb 2016 17:01:18 -0500 Subject: [PATCH 25/25] Roll back mock version due to packaging issues --- requirements/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements/requirements.txt b/requirements/requirements.txt index 971d0d1580..d11279e736 100644 --- a/requirements/requirements.txt +++ b/requirements/requirements.txt @@ -57,7 +57,7 @@ kombu==3.0.21 lxml==3.4.4 Markdown==2.4.1 M2Crypto==0.22.3 -mock==1.3.0 +mock==1.0.1 mongoengine==0.9.0 monotonic==0.6 msgpack-python==0.4.7