Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

mysql_user: waits forever for table metadata lock with loop on MySQL 8 #479

Closed
GhostLyrics opened this issue Dec 23, 2022 · 22 comments · Fixed by #483 or #500
Closed

mysql_user: waits forever for table metadata lock with loop on MySQL 8 #479

GhostLyrics opened this issue Dec 23, 2022 · 22 comments · Fixed by #483 or #500

Comments

@GhostLyrics
Copy link
Contributor

SUMMARY

I am trying to apply GRANTs with a loop on MySQL 8, using a custom --defaults-extra-file. Due to you performing some statements in a transaction (the python db module default - I've used the same module myself), this waits infinitely for a metadata lock on MySQL 8.

Note that I'm not sure whether Ansible is correct here or not. If Ansible is correct, then perhaps someone with better understanding of MySQL should forward this bug to them.

ISSUE TYPE
  • Bug Report
COMPONENT NAME

task: community.mysql.mysql_user
mysql version: mysql Ver 8.0.30-22 for Linux on x86_64 (Percona Server (GPL), Release '22', Revision '7e301439b65')

ANSIBLE VERSION
ansible [core 2.11.6]
  config file = /Users/ghostlyrics/Repositories/ansible/ansible.cfg
  configured module search path = ['/Users/ghostlyrics/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /opt/homebrew/Cellar/ansible@4.8/4.8.0/libexec/lib/python3.10/site-packages/ansible
  ansible collection location = /Users/ghostlyrics/Repositories/ansible/collections
  executable location = /opt/homebrew/bin/ansible
  python version = 3.10.9 (main, Dec 15 2022, 17:11:09) [Clang 14.0.0 (clang-1400.0.29.202)]
  jinja version = 3.0.2
  libyaml = True
COLLECTION VERSION

# /Users/ghostlyrics/Repositories/ansible/collections/ansible_collections
Collection      Version
--------------- -------
community.mysql 3.5.1

# /opt/homebrew/Cellar/ansible@4.8/4.8.0/libexec/lib/python3.10/site-packages/ansible_collections
Collection      Version
--------------- -------
community.mysql 2.3.1
CONFIGURATION
ANSIBLE_FORCE_COLOR(/Users/ghostlyrics/Repositories/ansible/ansible.cfg) = True
ANSIBLE_NOCOWS(/Users/ghostlyrics/Repositories/ansible/ansible.cfg) = True
CACHE_PLUGIN(/Users/ghostlyrics/Repositories/ansible/ansible.cfg) = jsonfile
CACHE_PLUGIN_CONNECTION(/Users/ghostlyrics/Repositories/ansible/ansible.cfg) = ./facts
CACHE_PLUGIN_TIMEOUT(/Users/ghostlyrics/Repositories/ansible/ansible.cfg) = 7200
COLLECTIONS_PATHS(/Users/ghostlyrics/Repositories/ansible/ansible.cfg) = ['/Users/ghostlyrics/Repositories/ansible/collections']
DEFAULT_FILTER_PLUGIN_PATH(/Users/ghostlyrics/Repositories/ansible/ansible.cfg) = ['/Users/ghostlyrics/Repositories/ansible/filter_plugins']
DEFAULT_FORKS(/Users/ghostlyrics/Repositories/ansible/ansible.cfg) = 40
DEFAULT_GATHERING(/Users/ghostlyrics/Repositories/ansible/ansible.cfg) = smart
DEFAULT_HOST_LIST(/Users/ghostlyrics/Repositories/ansible/ansible.cfg) = ['/Users/ghostlyrics/Repositories/ansible/inventory/hosts.ini']
DEFAULT_LOAD_CALLBACK_PLUGINS(/Users/ghostlyrics/Repositories/ansible/ansible.cfg) = True
DEFAULT_LOG_PATH(/Users/ghostlyrics/Repositories/ansible/ansible.cfg) = /Users/ghostlyrics/Repositories/ansible/log
DEFAULT_ROLES_PATH(/Users/ghostlyrics/Repositories/ansible/ansible.cfg) = ['/Users/ghostlyrics/Repositories/ansible/.galaxy', '/Users/ghostlyrics/Reposit>
DEFAULT_STDOUT_CALLBACK(/Users/ghostlyrics/Repositories/ansible/ansible.cfg) = community.general.yaml
DEFAULT_STRATEGY(/Users/ghostlyrics/Repositories/ansible/ansible.cfg) = mitogen_linear
DEFAULT_STRATEGY_PLUGIN_PATH(/Users/ghostlyrics/Repositories/ansible/ansible.cfg) = ['/Users/ghostlyrics/Repositories/ansible/contrib/mitogen-0.3.3/ansib>
DEFAULT_VAULT_IDENTITY_LIST(env: ANSIBLE_VAULT_IDENTITY_LIST) = ['stage@gpg/get-vault-pass-stage', 'common@gpg/get-vault-pass-common']
DEFAULT_VAULT_ID_MATCH(/Users/ghostlyrics/Repositories/ansible/ansible.cfg) = True
MAX_FILE_SIZE_FOR_DIFF(/Users/ghostlyrics/Repositories/ansible/ansible.cfg) = 1048576
OS / ENVIRONMENT

Debian Bullseye

STEPS TO REPRODUCE
- name: Create mysql root user
2  community.mysql.mysql_user:
3    name: root
4    host: "{{ item }}"
5    password: "{{ mysql_root_password }}"
6    config_file: /etc/mysql/debian.cnf
7    priv: "*.*:ALL,GRANT"
8  with_items:
9    - localhost
10    - 127.0.0.1
11    - '%'

PS: I'm not 100% sure if this is enough to re-produce the issue. If it isn't, I'll do my best to construct a better minimal case, but I'll have to un-entangle it from company-internal things.

EXPECTED RESULTS

Ansible properly applies and processes all users.

ACTUAL RESULTS

Ansible stops because MySQL never returns.

If I manually add autocommit=True to the cursor object at mysql_user.py , it works flawlessly.

if not cursor:
    cursor, db_conn = mysql_connect(module, login_user, login_password, config_file, ssl_cert, ssl_key, ssl_ca, db,
                                    connect_timeout=connect_timeout, check_hostname=check_hostname, autocommit=True)
MySQL internals (maybe relevant)
mysql> show processlist;
+----+-----------------+-----------+--------------------+---------+------+---------------------------------+--------------------------------+---------+-----------+---------------+
| Id | User            | Host      | db                 | Command | Time | State                           | Info                           | Time_ms | Rows_sent | Rows_examined |
+----+-----------------+-----------+--------------------+---------+------+---------------------------------+--------------------------------+---------+-----------+---------------+
|  5 | event_scheduler | localhost | NULL               | Daemon  | 1050 | Waiting on empty queue          | NULL                           | 1050016 |         0 |             0 |
| 24 | root            | localhost | NULL               | Sleep   |  650 |                                 | NULL                           |  650160 |         0 |             0 |
| 25 | root            | localhost | performance_schema | Query   |    0 | init                            | show processlist               |       0 |         0 |             0 |
| 32 | root            | localhost | NULL               | Sleep   |  527 |                                 | NULL                           |  526943 |         0 |             0 |
| 33 | root            | localhost | NULL               | Query   |  527 | Waiting for table metadata lock | GRANT ALL ON *.* TO 'root'@'%' |  526826 |         0 |             0 |
+----+-----------------+-----------+--------------------+---------+------+---------------------------------+--------------------------------+---------+-----------+---------------+
5 rows in set (0.00 sec)
mysql> SELECT   pslst.id 'PROCESS ID'  ,itrx.trx_id 'TRX_ID'     ,pesh.event_name 'EVENT NAME'     ,pesh.sql_text 'SQL'     ,th.processlist_user 'USER'     ,th.processlist_host 'HOST' FROM   information_schema.innodb_trx itrx JOIN information_schema.processlist pslst ON   itrx.trx_mysql_thread_id = pslst.id JOIN performance_schema.threads th ON   th.processlist_id = itrx.trx_mysql_thread_id JOIN performance_schema.events_statements_history pesh ON   pesh.thread_id = th.thread_id WHERE   itrx.trx_started < CURRENT_TIME - INTERVAL 100 SECOND  AND pslst.USER != 'SYSTEM_USER' GROUP BY  pesh.sql_text ORDER BY   pesh.EVENT_ID\G
*************************** 1. row ***************************
PROCESS ID: 32
    TRX_ID: 421243532045688
EVENT NAME: statement/sql/select
       SQL: SELECT COLUMN_NAME FROM information_schema.COLUMNS
                    WHERE TABLE_SCHEMA = 'mysql' AND TABLE_NAME = 'user' AND COLUMN_NAME IN ('Password', 'authentication_string')
                    ORDER BY COLUMN_NAME DESC LIMIT 1
      USER: root
      HOST: localhost
*************************** 2. row ***************************
PROCESS ID: 32
    TRX_ID: 421243532045688
EVENT NAME: statement/sql/select
       SQL: SELECT COLUMN_NAME FROM information_schema.COLUMNS
                    WHERE TABLE_SCHEMA = 'mysql' AND TABLE_NAME = 'user' AND COLUMN_NAME IN ('Password', 'authentication_string')
                    ORDER BY COLUMN_NAME ASC  LIMIT 1
      USER: root
      HOST: localhost
*************************** 3. row ***************************
PROCESS ID: 32
    TRX_ID: 421243532045688
EVENT NAME: statement/sql/select
       SQL: SELECT COALESCE(
                            CASE WHEN authentication_string = '' THEN NULL ELSE authentication_string END,
                            CASE WHEN authentication_string = '' THEN NULL ELSE authentication_string END
                        )
                    FROM mysql.user WHERE user = 'root' AND host = '%'
      USER: root
      HOST: localhost
*************************** 4. row ***************************
PROCESS ID: 32
    TRX_ID: 421243532045688
EVENT NAME: statement/sql/select
       SQL: SELECT CONCAT('*', UCASE(SHA1(UNHEX(SHA1('REDACTED')))))
      USER: root
      HOST: localhost
*************************** 5. row ***************************
PROCESS ID: 32
    TRX_ID: 421243532045688
EVENT NAME: statement/sql/grant
       SQL: GRANT ALL PRIVILEGES ON *.* TO 'root'@'%'
      USER: root
      HOST: localhost
*************************** 6. row ***************************
PROCESS ID: 32
    TRX_ID: 421243532045688
EVENT NAME: statement/sql/show_grants
       SQL: SHOW GRANTS FOR 'root'@'%'
      USER: root
      HOST: localhost
*************************** 7. row ***************************
PROCESS ID: 32
    TRX_ID: 421243532045688
EVENT NAME: statement/sql/select
       SQL: SELECT VERSION() AS version
      USER: root
      HOST: localhost
*************************** 8. row ***************************
PROCESS ID: 32
    TRX_ID: 421243532045688
EVENT NAME: statement/sql/show_create_user
       SQL: SHOW CREATE USER 'root'@'%'
      USER: root
      HOST: localhost
8 rows in set (0.00 sec)

Additionally, it may help to take a look at select * from performance schema.metadata locks;.

@strafer
Copy link

strafer commented Dec 28, 2022

I have this happening with the mysql_role module as well.

@Andersson007
Copy link
Collaborator

Andersson007 commented Jan 2, 2023

@GhostLyrics @st-rafer hello, thanks for reporting the issue! and sorry for the late reply, holidays..

So does adding autocommit=True solve it?

I think we could just add it (we use commit/rollback only in the mysql_query module as far as i can see). Ideas?

cc @laurent-indermuehle @betanummeric

If no objections, does anyone want to do it? We have the Quick-start guide for folks who has no experience.

@GhostLyrics
Copy link
Contributor Author

It did for me, but be aware that I haven't checked against a comprehensive suite of tests if adding
autocommit=true has any side effects.

@Andersson007
Copy link
Collaborator

It did for me, but be aware that I haven't checked against a comprehensive suite of tests if adding autocommit=true has any side effects.

@GhostLyrics i think everything should be fine, would you like to submit a PR using https://docs.ansible.com/ansible/devel/community/create_pr_quick_start.html ?

@betanummeric
Copy link
Member

As far as I see the mysql_user module does not explicitly use transactions, so enabling autocommit would make sense.

@laurent-indermuehle
Copy link
Collaborator

Question: What should be rollback? The whole loop or only the current item?
The module description state "Adds or removes a user". It is not responsible for handling multiple users at once, this is the job of Ansible.

@Andersson007
Copy link
Collaborator

@betanummeric @laurent-indermuehle thanks for the feedback!
@GhostLyrics feel free to proceed with #479 (comment)
If no time, please let us know

@betanummeric
Copy link
Member

@GhostLyrics Can you share the content of /etc/mysql/debian.cnf? (You can censor secrets.)

@Andersson007
Copy link
Collaborator

@GhostLyrics please take a look ^

@GhostLyrics
Copy link
Contributor Author

Getting on things, I was on leave. 😁

@GhostLyrics
Copy link
Contributor Author

Here's my /etc/mysql/debian.cnf:

root@REDACTED ~ # cat /etc/mysql/debian.cnf
[client]
host     = localhost
user     = root
password = REDACTED
socket   = /var/run/mysqld/mysqld.sock

[mysql_upgrade]
host     = localhost
user     = root
password = REDACTED
socket   = /var/run/mysqld/mysqld.sock
basedir  = /usr

I'm about to read the document for submitting patches.

@GhostLyrics
Copy link
Contributor Author

I have this happening with the mysql_role module as well. - @st-rafer

Since I can't easily reproduce this with code I have and no example has been provided, I'll not update mysql_role in my branch.

@GhostLyrics
Copy link
Contributor Author

@Andersson007 @betanummeric I've submitted #483.

Having said that, most things are nicely documented in your instructions (safe for whether to use the issue key or the pull request key for the changelog fragment). It's great for people that want to become regular contributors but it took me more than an hour to read everything and submit a single line change. 😕

@Andersson007
Copy link
Collaborator

@GhostLyrics thanks!

@betanummeric would you like to take a look at the cfg?

It's great for people that want to become regular contributors but it took me more than an hour to read everything and submit a single line change.

@GhostLyrics we hope you'll be coming back and will become a regular contributor;) Getting regular contributors is our first priority

BTW we have #mysql:ansible.com on Matrix, welcome

@betanummeric
Copy link
Member

ah, the module uses only the part of the config file to set login_host and login_port, so no side effect here

@Andersson007
Copy link
Collaborator

@GhostLyrics would you like to fix this for mysql_role module?
@st-rafer reported that they have same issue there as well

@GhostLyrics
Copy link
Contributor Author

@st-rafer could you please try the following:

  • in your regular Ansible setup, go to the relevant file for mysql_role (similar to Repositories/ansible/collections/ansible_collections/community/mysql/plugins/modules/mysql_role.py on my machine)
  • In the function call to mysql_connect(), add the keyword parameter autocommit=True, for both occurences (for me that's line 1008-1011 and line 1016-1019)
  • Try if that solves the metadata lock problem for you.
  • Report back with your findings in this thread.

If it does, I'll submit a second Pull Request. Given that I can't easily test this myself given that you haven't submitted additional example code for how to trigger it, I think that's the best I can do. 👍

@strafer
Copy link

strafer commented Jan 19, 2023

@GhostLyrics I made this change immediately in both modules as soon as I saw this issue, it works flawlessly.
I think mysql_role can also be changed.

@Andersson007
Copy link
Collaborator

@GhostLyrics @st-rafer thanks for collaboration!

@GhostLyrics so looking forward to the PR:)

@GhostLyrics
Copy link
Contributor Author

Working on it.
My apologies for the delay. My open source contributions are currently made possible by my employer, but that means that internal tasks get priority. 😅

@GhostLyrics
Copy link
Contributor Author

Pull Request sent.

@Andersson007
Copy link
Collaborator

Merged, thanks everyone for the contribution!

netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this issue Mar 2, 2023
7.3.0

Major Changes
-------------

kubernetes.core
~~~~~~~~~~~~~~~

- refactor K8sAnsibleMixin into module_utils/k8s/ (ansible-collections/kubernetes.core#481).

Minor Changes
-------------

Ansible-core
~~~~~~~~~~~~

- Make using blocks as handlers a parser error (ansible/ansible#79968)
- ansible-test - Specify the configuration file location required by test plugins when the config file is not found. This resolves issue: ansible/ansible#79411
- ansible-test - Update error handling code to use Python 3.x constructs, avoiding direct use of ``errno``.
- ansible-test acme test container - update version to update used Pebble version, underlying Python and Go base containers, and Python requirements (ansible/ansible#79783).

cisco.aci
~~~~~~~~~

- Add Node Profile BGP Peer and Route Control Profile functionalities to aci_l3out_bgp_peer module
- Add SVI auto state support (auto_state attribute) to aci_l3out_interface
- Add aci_aaa_domain, aci_aaa_role and aci_custom_privilege modules
- Add aci_fabric_pod_policy_group module
- Add aci_interface_policy_leaf_profile_fex_policy_group module and add FEX support to aci_access_port_to_interface_policy_leaf_profile
- Add aci_tenant_span_src_group_src module
- Add action_groups for module_defaults
- Add support for filter direction in aci_contract_subject and aci_contract_subject_to_filter
- Update modules to assign roles and permissions to a user

cisco.nxos
~~~~~~~~~~

- `nxos_acls` - Support ICMPv6 option. Please refer to module doc for all new options (ansible-collections/cisco.nxos#624).
- `nxos_facts` - Update facts gathering logic to ensure that `gather_network_resources: all` does not fail for NX-OS on MDS switches.
- `nxos_l2_interfaces` - Add new mode dot1q-tunnel (ansible-collections/cisco.nxos#600).

community.crypto
~~~~~~~~~~~~~~~~

- get_certificate - adds ``ciphers`` option for custom cipher selection (ansible-collections/community.crypto#571).

community.general
~~~~~~~~~~~~~~~~~

- dnsimple - set custom User-Agent for API requests to DNSimple (ansible-collections/community.general#5927).
- flatpak_remote - add new boolean option ``enabled``. It controls, whether the remote is enabled or not (ansible-collections/community.general#5926).
- gitlab_project - add ``releases_access_level``, ``environments_access_level``, ``feature_flags_access_level``, ``infrastructure_access_level``, ``monitor_access_level``, and ``security_and_compliance_access_level`` options (ansible-collections/community.general#5986).
- jc filter plugin - added the ability to use parser plugins (ansible-collections/community.general#6043).
- keycloak_group - add new optional module parameter ``parents`` to properly handle keycloak subgroups (ansible-collections/community.general#5814).
- keycloak_user_federation - make ``org.keycloak.storage.ldap.mappers.LDAPStorageMapper`` the default value for mappers ``providerType`` (ansible-collections/community.general#5863).
- ldap modules - add ``xorder_discovery`` option (ansible-collections/community.general#6045, ansible-collections/community.general#6109).
- lxd_container - add diff and check mode (ansible-collections/community.general#5866).
- mattermost, rocketchat, slack - replace missing default favicon with docs.ansible.com favicon (ansible-collections/community.general#5928).
- modprobe - add ``persistent`` option (ansible-collections/community.general#4028, ansible-collections/community.general#542).
- osx_defaults - include stderr in error messages (ansible-collections/community.general#6011).
- proxmox - suppress urllib3 ``InsecureRequestWarnings`` when ``validate_certs`` option is ``false`` (ansible-collections/community.general#5931).
- redfish_command - adding ``EnableSecureBoot`` functionality (ansible-collections/community.general#5899).
- redfish_command - adding ``VerifyBiosAttributes`` functionality (ansible-collections/community.general#5900).
- sefcontext - add support for path substitutions (ansible-collections/community.general#1193).

community.grafana
~~~~~~~~~~~~~~~~~

- able to set `uid` for datasources in grafana via module grafana_datasource

community.mongodb
~~~~~~~~~~~~~~~~~

- 491 mongodb_shell - Add feature to detect if mongo or mongosh is available.
- 494 mongodb_auth - Removes module_defaults from role.
- 494 mongodb_shutdown - Fix examples block.
- 511 mongodb_auth - Adds support for deletion of users.
- 514 mongodb_linux - Remove extended FQCN for pam_limits.
- 524 mongodb_auth - Add supports for Amazon Linux 2.
- 528 multiple roles - Use first ip address when multiple bind IPs provided.
- 530 mongodb_role - Adds new module to manage MongoDB roles.
- 536 mongodb_auth - Add user after enabling authentication.
- 544 mongodb_replicaset - Module documentation improvements.
- 547 mongodb_repository - Bump default of MongoDB to 6.0.

community.mysql
~~~~~~~~~~~~~~~

- mysql_info - add ``connector_name`` and ``connector_version`` to returned values (ansible-collections/community.mysql#497).
- mysql_role - enable auto_commit to avoid MySQL metadata table lock (ansible-collections/community.mysql#479).
- mysql_user - add plugin_auth_string as optional parameter to use a specific pam service if pam/auth_pam plugin is used (ansible-collections/community.mysql#445).
- mysql_user - add the ``session_vars`` argument to set session variables at the beginning of module execution (ansible-collections/community.mysql#478).
- mysql_user - display a more informative invalid privilege exception. Changes the exception handling of the granting permission logic to show the query executed , params and the exception message granting privileges fails` (ansible-collections/community.mysql#465).
- mysql_user - enable auto_commit to avoid MySQL metadata table lock (ansible-collections/community.mysql#479).
- setup_mysql - update MySQL tarball URL (ansible-collections/community.mysql#491).

community.vmware
~~~~~~~~~~~~~~~~

- vmware_guest_disk - Add support for IDE disk add, remove or reconfigure, and change to gather same VM disk info as in vmware_guest_disk_info (ansible-collections/community.vmware#1428).
- vmware_guest_disk - Extend return value documentation for vmware_guest_disk (ansible-collections/community.vmware#1641)
- vmware_guest_disk_info - Move gather VM disk info function to vm_device_helper.py (ansible-collections/community.vmware#1617)
- vmware_vmotion - New parameter timeout in order to allow vmotions running longer than 1 hour (https://github.com/ansible-collections/community.vmware/pulls/1629).

grafana.grafana
~~~~~~~~~~~~~~~

- Updated the return message in grafana.grafana.folder module

hetzner.hcloud
~~~~~~~~~~~~~~

- hcloud_server - add private_networks_info containing name and private ip in responses
- hcloud_server_info - add private_networks_info containing name and private ip in responses
- inventory plugin - Add list of all private networks to server variables.
- inventory plugin - Add new connect_with setting public_ipv6 to connect to discovered servers via public IPv6 address.
- inventory plugin - Add public IPv6 address to server variables.
- inventory plugin - Log warning instead of crashing when some servers do not work with global connect_with setting.

inspur.ispim
~~~~~~~~~~~~

- Change the ansible-test.yml application file version.
- Change the description of the edit_bios module file_url field.
- Modify the description information of the backup module item field.
- Modify the description of the media_attach, retry_count, and retry_time_interval fields of the edit_kvm module.
- Modify the description of the secure_channel field of the edit_media_instance module.
- Modify the description of the slot and vname fields of the add_ldisk module.
- Modify the edit_ntp module example.
- Modify the edit_snmp_trap module version field description information.
- Modify the mode field description information of update_fw module.
- Modify the name field description of the user_group module.
- Modify the restore module example.
- Modify the supporting properties and description information of the edit_ncsi module edit_ncsi field.
- The edit_power_budget module adds the except_action field.

kubernetes.core
~~~~~~~~~~~~~~~

- Adjust k8s_user_impersonation tests to be compatible with Kubernetes 1.24 (ansible-collections/kubernetes.core#520).
- add support for dry run with kubernetes client version >=18.20 (ansible-collections/kubernetes.core#245).
- added ignore.txt for Ansible 2.14 devel branch.
- fixed module_defaults by removing routing hacks from runtime.yml (ansible-collections/kubernetes.core#347).
- helm - add support for -set-file, -set-json, -set and -set-string options when running helm install (ansible-collections/kubernetes.core#533).
- helm - add support for helm dependency update (ansible-collections/kubernetes.core#208).
- helm - add support for post-renderer flag (ansible-collections/kubernetes.core#30).
- helm - add support for timeout cli parameter to allow setting Helm timeout independent of wait (ansible-collections/kubernetes.core#67).
- helm - add support for wait parameter for helm uninstall command. (https://github.com/ansible-collections/kubernetes/core/issues/33).
- helm - support repo location for helm diff (ansible-collections/kubernetes.core#174).
- helm - when ansible is executed in check mode, return the diff between what's deployed and what will be deployed.
- helm, helm_plugin, helm_info, helm_plugin_info, kubectl - add support for in-memory kubeconfig. (ansible-collections/kubernetes.core#492).
- helm_info - add hooks, notes and manifest as part of returned information (ansible-collections/kubernetes.core#546).
- helm_info - add release state as a module argument (ansible-collections/kubernetes.core#377).
- helm_info - added possibility to get all values by adding get_all_values parameter (ansible-collections/kubernetes.core#531).
- helm_plugin - Add plugin_version parameter to the helm_plugin module (ansible-collections/kubernetes.core#157).
- helm_plugin - Add support for helm plugin update using state=update.
- helm_repository - Ability to replace (overwrite) the repo if it already exists by forcing (ansible-collections/kubernetes.core#491).
- helm_repository - add support for pass-credentials cli parameter (ansible-collections/kubernetes.core#282).
- helm_repository - added support for ``host``, ``api_key``, ``validate_certs``, and ``ca_cert``.
- helm_repository - mark `pass_credentials` as no_log=True to silence false warning (ansible-collections/kubernetes.core#412).
- helm_template - add name (NAME of release) and disable_hook as optional module arguments (ansible-collections/kubernetes.core#313).
- helm_template - add show_only and release_namespace as module arguments (ansible-collections/kubernetes.core#313).
- helm_template - add support for -set-file, -set-json, -set and -set-string options when running helm template (ansible-collections/kubernetes.core#546).
- k8s - add no_proxy support to k8s* (ansible-collections/kubernetes.core#272).
- k8s - add support for server_side_apply. (ansible-collections/kubernetes.core#87).
- k8s - add support for user impersonation. (https://github.com/ansible-collections/kubernetes/core/issues/40).
- k8s - allow resource definition using metadata.generateName (ansible-collections/kubernetes.core#35).
- k8s lookup plugin - Enable turbo mode via environment variable  (ansible-collections/kubernetes.core#291).
- k8s, k8s_scale, k8s_service - add support for resource definition as manifest via. (ansible-collections/kubernetes.core#451).
- k8s_cp - remove dependency with 'find' executable on remote pod when state=from_pod (ansible-collections/kubernetes.core#486).
- k8s_drain - Adds ``delete_emptydir_data`` option to ``k8s_drain.delete_options`` to evict pods with an ``emptyDir`` volume attached (ansible-collections/kubernetes.core#322).
- k8s_exec - select first container from the pod if none specified (ansible-collections/kubernetes.core#358).
- k8s_exec - update deprecation warning for `return_code` (ansible-collections/kubernetes.core#417).
- k8s_json_patch - minor typo fix in the example section (ansible-collections/kubernetes.core#411).
- k8s_log - add the ``all_containers`` for retrieving all containers' logs in the pod(s).
- k8s_log - added the `previous` parameter for retrieving the previously terminated pod logs (ansible-collections/kubernetes.core#437).
- k8s_log - added the `tail_lines` parameter to limit the number of lines to be retrieved from the end of the logs (ansible-collections/kubernetes.core#488).
- k8s_rollback - add support for check_mode. (https://github.com/ansible-collections/kubernetes/core/issues/243).
- k8s_scale - add support for check_mode. (https://github.com/ansible-collections/kubernetes/core/issues/244).
- kubectl - wait for dd command to complete before proceeding (ansible-collections/kubernetes.core#321).
- kubectl.py - replace distutils.spawn.find_executable with shutil.which in the kubectl connection plugin (ansible-collections/kubernetes.core#456).

netapp.ontap
~~~~~~~~~~~~

- na_ontap_aggregate - new option ``allow_flexgroups`` added.
- na_ontap_cifs - new options ``access_based_enumeration``, ``change_notify``, ``encryption``, ``home_directory``, ``oplocks``, ``show_snapshot``, ``allow_unencrypted_access``, ``namespace_caching`` and ``continuously_available`` added in REST.
- na_ontap_dns - ``skip_validation`` option requires 9.9.1 or later with REST and ignored for cluster DNS operations.
- na_ontap_dns - support cluster scope for modify and delete.
- na_ontap_interface - do not attempt to migrate FC interface if desired ``home_port``, ``home_node`` and ``current_port``, ``current_node`` are same.
- na_ontap_license - support for NLF v2 license files.
- na_ontap_nfs - new options ``root``, ``windows`` and ``security`` added in REST.
- na_ontap_user_role - ``command_directory_name`` is required if ``privileges`` not set in REST.
- na_ontap_user_role - ``path`` is required if ``privileges`` set in REST.
- na_ontap_volume_efficiency - REST support for ``policy`` requires 9.7 or later, ``path`` requires 9.9.1 or later and ``volume_efficiency`` and ``start_ve_scan_old_data`` requires 9.11.1 or later.
- na_ontap_volume_efficiency - ``schedule``, ``start_ve_scan_all``, ``start_ve_build_metadata``, ``start_ve_delete_checkpoint``, ``start_ve_queue_operation``, ``start_ve_qos_policy`` and ``stop_ve_all_operations`` options are not supported with REST.
- na_ontap_volume_efficiency - new option ``volume_name`` added.
- na_ontap_volume_efficiency - updated private cli with REST API.

netbox.netbox
~~~~~~~~~~~~~

- nb_inventory - Add serial and asset tag to extracted attributes

purestorage.flasharray
~~~~~~~~~~~~~~~~~~~~~~

- purefa_network - Added support for NVMe-RoCE and NVMe-TCP service types
- purefa_user - Added Ops Admin role to choices
- purefa_vlan - Added support for NVMe-TCP service type

Breaking Changes / Porting Guide
--------------------------------

hetzner.hcloud
~~~~~~~~~~~~~~

- inventory plugin - Python v3.5+ is now required.

Deprecated Features
-------------------

- Since the google.cloud collection seems to be maintained again, we `cancelled the removal process <https://github.com/ansible-collections/overview/blob/main/removal_from_ansible.rst#cancelling-removal-of-an-unmaintained-collection>`__. So contrary to an earlier announcement, this collection is NOT deprecated and will NOT be removed from Ansible 8 (ansible-community/community-topics#105).

community.general
~~~~~~~~~~~~~~~~~

- gitlab_runner - the option ``access_level`` will lose its default value in community.general 8.0.0. From that version on, you have set this option to ``ref_protected`` explicitly, if you want to have a protected runner (ansible-collections/community.general#5925).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
5 participants