lxd: fix #6204 #6232

conloos · 2023-03-24T22:46:46Z

SUMMARY

Small bugfixes:

module_utils/lxd.py:
- python3.10 ssl no longer allow to connect with self-signed certificates by "create_default_context", so switched to "_create_unverified_context".
- Add a check if the certificate and the key exist
inventory/lxd.py:
- Add authenticate. This adds the client certificate to the trust store on the server. The trust password is required to add the client certificate.

Fixes #6204

ISSUE TYPE

Bugfix Pull Request

COMPONENT NAME

lxd inventory
maybe all lxd plugins using module_utils/lxd.py

ADDITIONAL INFORMATION

The inventory plugin could not add the cerifikate to the truststore. If the user had done this via the cli, the plugin could build an inventory via https, otherwise only the locale socket worked.

The behavior of the Python3.10 SSL library was changed so that a change was necessary for self-signed certificates.

Before:

$ansible-inventory -i lxd.yml --list
[WARNING]: * Failed to parse /home/me/inventory-lxd/lxd.yml with auto plugin: [Errno 2] No such file or directory
[WARNING]: * Failed to parse /home/me/inventory-lxd/lxd.yml with yaml plugin: Plugin configuration YAML file, not YAML inventory
[WARNING]: * Failed to parse /home/me/inventory-lxd/lxd.yml with ini plugin: Invalid host pattern 'plugin:' supplied, ending in ':' is not
allowed, this character is reserved to provide a port.
[WARNING]: Unable to parse /home/me/inventory-lxd/lxd.yml as an inventory source
[WARNING]: No inventory was parsed, only implicit localhost is available
{
"_meta": {
"hostvars": {}
},
"all": {
"children": [
"ungrouped"
]
}
}

Now:

$ ansible-inventory -i ../ansible_house_keeping/lxd.yml --list
{
    "_meta": {
        "hostvars": {
            "test": {
                "ansible_connection": "ssh",
                "ansible_host": "192.168.178.10",
                "ansible_lxd_location": "gramophone",
                "ansible_lxd_os": "ubuntu",
                "ansible_lxd_profile": [
                    "publicbridge"
                ],
                "ansible_lxd_project": "default",
                "ansible_lxd_release": "kinetic",
                "ansible_lxd_state": "running",
                "ansible_lxd_type": "container"
            },
}

- the lxd server uses self signed certs, switch to _create_unverified_context - add new error message type

github-actions · 2023-03-24T23:09:10Z

Docs Build 📝

Thank you for contribution!✨

The docsite for this PR is available for download as an artifact from this run:
https://github.com/ansible-collections/community.general/actions/runs/4519143176

File changes:

M collections/community/general/apt_rpm_module.html

M collections/community/general/gitlab_runner_module.html

M collections/community/general/lxd_inventory.html

M collections/community/general/proxmox_kvm_module.html

Click to see the diff comparison.

NOTE: only file modifications are shown here. New and deleted files are excluded.
See the file list and check the published docs to see those files.

The diff output was truncated because it exceeded the maximum size.

diff --git a/home/runner/work/community.general/community.general/docsbuild/base/collections/community/general/apt_rpm_module.html b/home/runner/work/community.general/community.general/docsbuild/head/collections/community/general/apt_rpm_module.html
index e6b7fe3..0a1e9bd 100644
--- a/home/runner/work/community.general/community.general/docsbuild/base/collections/community/general/apt_rpm_module.html
+++ b/home/runner/work/community.general/community.general/docsbuild/head/collections/community/general/apt_rpm_module.html
@@ -168,13 +168,40 @@
 </thead>
 <tbody>
 <tr class="row-even"><td><div class="ansible-option-cell">
+<div class="ansibleOptionAnchor" id="parameter-clean"></div><p class="ansible-option-title" id="ansible-collections-community-general-apt-rpm-module-parameter-clean"><strong>clean</strong></p>
+<a class="ansibleOptionLink" href="#parameter-clean" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
+<p><span class="ansible-option-versionadded">added in community.general 6.5.0</span></p>
+</div></td>
+<td><div class="ansible-option-cell"><p>Run the equivalent of <code class="docutils literal notranslate"><span class="pre">apt-get</span> <span class="pre">clean</span></code> to clear out the local repository of retrieved package files. It removes everything but the lock file from <code class="docutils literal notranslate"><span class="pre">/var/cache/apt/archives/</span></code> and <code class="docutils literal notranslate"><span class="pre">/var/cache/apt/archives/partial/</span></code>.</p>
+<p>Can be run as part of the package installation (clean runs before install) or as a separate step.</p>
+<p class="ansible-option-line"><span class="ansible-option-choices">Choices:</span></p>
+<ul class="simple">
+<li><p><code class="ansible-option-default-bold docutils literal notranslate"><span class="pre">false</span></code> <span class="ansible-option-choices-default-mark">← (default)</span></p></li>
+<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">true</span></code></p></li>
+</ul>
+</div></td>
+</tr>
+<tr class="row-odd"><td><div class="ansible-option-cell">
+<div class="ansibleOptionAnchor" id="parameter-dist_upgrade"></div><p class="ansible-option-title" id="ansible-collections-community-general-apt-rpm-module-parameter-dist-upgrade"><strong>dist_upgrade</strong></p>
+<a class="ansibleOptionLink" href="#parameter-dist_upgrade" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
+<p><span class="ansible-option-versionadded">added in community.general 6.5.0</span></p>
+</div></td>
+<td><div class="ansible-option-cell"><p>If true performs an <code class="docutils literal notranslate"><span class="pre">apt-get</span> <span class="pre">dist-upgrade</span></code> to upgrade system.</p>
+<p class="ansible-option-line"><span class="ansible-option-choices">Choices:</span></p>
+<ul class="simple">
+<li><p><code class="ansible-option-default-bold docutils literal notranslate"><span class="pre">false</span></code> <span class="ansible-option-choices-default-mark">← (default)</span></p></li>
+<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">true</span></code></p></li>
+</ul>
+</div></td>
+</tr>
+<tr class="row-even"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-package"></div>
 <div class="ansibleOptionAnchor" id="parameter-name"></div>
 <div class="ansibleOptionAnchor" id="parameter-pkg"></div><p class="ansible-option-title" id="ansible-collections-community-general-apt-rpm-module-parameter-pkg"><span id="ansible-collections-community-general-apt-rpm-module-parameter-package"></span><span id="ansible-collections-community-general-apt-rpm-module-parameter-name"></span><strong>package</strong></p>
 <a class="ansibleOptionLink" href="#parameter-package" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-aliases">aliases: name, pkg</span></p>
-<p class="ansible-option-type-line"><span class="ansible-option-type">list</span> / <span class="ansible-option-elements">elements=string</span> / <span class="ansible-option-required">required</span></p>
+<p class="ansible-option-type-line"><span class="ansible-option-type">list</span> / <span class="ansible-option-elements">elements=string</span></p>
 </div></td>
-<td><div class="ansible-option-cell"><p>list of packages to install, upgrade or remove.</p>
+<td><div class="ansible-option-cell"><p>List of packages to install, upgrade, or remove.</p>
 </div></td>
 </tr>
 <tr class="row-odd"><td><div class="ansible-option-cell">
@@ -195,7 +222,21 @@
 <div class="ansibleOptionAnchor" id="parameter-update_cache"></div><p class="ansible-option-title" id="ansible-collections-community-general-apt-rpm-module-parameter-update-cache"><strong>update_cache</strong></p>
 <a class="ansibleOptionLink" href="#parameter-update_cache" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
 </div></td>
-<td><div class="ansible-option-cell"><p>update the package database first <code class="docutils literal notranslate"><span class="pre">apt-get</span> <span class="pre">update</span></code>.</p>
+<td><div class="ansible-option-cell"><p>Run the equivalent of <code class="docutils literal notranslate"><span class="pre">apt-get</span> <span class="pre">update</span></code> before the operation. Can be run as part of the package installation or as a separate step.</p>
+<p>Default is not to update the cache.</p>
+<p class="ansible-option-line"><span class="ansible-option-choices">Choices:</span></p>
+<ul class="simple">
+<li><p><code class="ansible-option-default-bold docutils literal notranslate"><span class="pre">false</span></code> <span class="ansible-option-choices-default-mark">← (default)</span></p></li>
+<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">true</span></code></p></li>
+</ul>
+</div></td>
+</tr>
+<tr class="row-odd"><td><div class="ansible-option-cell">
+<div class="ansibleOptionAnchor" id="parameter-update_kernel"></div><p class="ansible-option-title" id="ansible-collections-community-general-apt-rpm-module-parameter-update-kernel"><strong>update_kernel</strong></p>
+<a class="ansibleOptionLink" href="#parameter-update_kernel" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
+<p><span class="ansible-option-versionadded">added in community.general 6.5.0</span></p>
+</div></td>
+<td><div class="ansible-option-cell"><p>If true performs an <code class="docutils literal notranslate"><span class="pre">update-kernel</span></code> to upgrade kernel packages.</p>
 <p class="ansible-option-line"><span class="ansible-option-choices">Choices:</span></p>
 <ul class="simple">
 <li><p><code class="ansible-option-default-bold docutils literal notranslate"><span class="pre">false</span></code> <span class="ansible-option-choices-default-mark">← (default)</span></p></li>
@@ -265,6 +306,16 @@
 <span class="w">    </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">bar</span>
 <span class="w">    </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">present</span>
 <span class="w">    </span><span class="nt">update_cache</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
+
+<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Run the equivalent of &quot;apt-get clean&quot; as a separate step</span>
+<span class="w">  </span><span class="nt">community.general.apt_rpm</span><span class="p">:</span>
+<span class="w">    </span><span class="nt">clean</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
+
+<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Perform cache update and complete system upgrade (includes kernel)</span>
+<span class="w">  </span><span class="nt">community.general.apt_rpm</span><span class="p">:</span>
+<span class="w">    </span><span class="nt">update_cache</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
+<span class="w">    </span><span class="nt">dist_upgrade</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
+<span class="w">    </span><span class="nt">update_kernel</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
 </pre></div>
 </div>
 <section id="authors">
diff --git a/home/runner/work/community.general/community.general/docsbuild/base/collections/community/general/gitlab_runner_module.html b/home/runner/work/community.general/community.general/docsbuild/head/collections/community/general/gitlab_runner_module.html
index 4082402..d747383 100644
--- a/home/runner/work/community.general/community.general/docsbuild/base/collections/community/general/gitlab_runner_module.html
+++ b/home/runner/work/community.general/community.general/docsbuild/head/collections/community/general/gitlab_runner_module.html
@@ -283,6 +283,15 @@ see <a class="reference internal" href="#ansible-collections-community-general-g
 </div></td>
 </tr>
 <tr class="row-even"><td><div class="ansible-option-cell">
+<div class="ansibleOptionAnchor" id="parameter-group"></div><p class="ansible-option-title" id="ansible-collections-community-general-gitlab-runner-module-parameter-group"><strong>group</strong></p>
+<a class="ansibleOptionLink" href="#parameter-group" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
+<p><span class="ansible-option-versionadded">added in community.general 6.5.0</span></p>
+</div></td>
+<td><div class="ansible-option-cell"><p>ID or full path of the group in the form group/subgroup.</p>
+<p>Mutually exclusive with <em>owned</em> and <em>project</em>.</p>
+</div></td>
+</tr>
+<tr class="row-odd"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-locked"></div><p class="ansible-option-title" id="ansible-collections-community-general-gitlab-runner-module-parameter-locked"><strong>locked</strong></p>
 <a class="ansibleOptionLink" href="#parameter-locked" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
 </div></td>
@@ -294,7 +303,7 @@ see <a class="reference internal" href="#ansible-collections-community-general-g
 </ul>
 </div></td>
 </tr>
-<tr class="row-odd"><td><div class="ansible-option-cell">
+<tr class="row-even"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-maximum_timeout"></div><p class="ansible-option-title" id="ansible-collections-community-general-gitlab-runner-module-parameter-maximum-timeout"><strong>maximum_timeout</strong></p>
 <a class="ansibleOptionLink" href="#parameter-maximum_timeout" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">integer</span></p>
 </div></td>
@@ -302,13 +311,14 @@ see <a class="reference internal" href="#ansible-collections-community-general-g
 <p class="ansible-option-line"><span class="ansible-option-default-bold">Default:</span> <code class="ansible-option-default docutils literal notranslate"><span class="pre">3600</span></code></p>
 </div></td>
 </tr>
-<tr class="row-even"><td><div class="ansible-option-cell">
+<tr class="row-odd"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-owned"></div><p class="ansible-option-title" id="ansible-collections-community-general-gitlab-runner-module-parameter-owned"><strong>owned</strong></p>
 <a class="ansibleOptionLink" href="#parameter-owned" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
 <p><span class="ansible-option-versionadded">added in community.general 2.0.0</span></p>
 </div></td>
 <td><div class="ansible-option-cell"><p>Searches only runners available to the user when searching for existing, when false admin token required.</p>
 <p>Mutually exclusive with <em>project</em> since community.general 4.5.0.</p>
+<p>Mutually exclusive with <em>group</em>.</p>
 <p class="ansible-option-line"><span class="ansible-option-choices">Choices:</span></p>
 <ul class="simple">
 <li><p><code class="ansible-option-default-bold docutils literal notranslate"><span class="pre">false</span></code> <span class="ansible-option-choices-default-mark">← (default)</span></p></li>
@@ -316,16 +326,17 @@ see <a class="reference internal" href="#ansible-collections-community-general-g
 </ul>
 </div></td>
 </tr>
-<tr class="row-odd"><td><div class="ansible-option-cell">
+<tr class="row-even"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-project"></div><p class="ansible-option-title" id="ansible-collections-community-general-gitlab-runner-module-parameter-project"><strong>project</strong></p>
 <a class="ansibleOptionLink" href="#parameter-project" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
 <p><span class="ansible-option-versionadded">added in community.general 3.7.0</span></p>
 </div></td>
 <td><div class="ansible-option-cell"><p>ID or full path of the project in the form of group/name.</p>
 <p>Mutually exclusive with <em>owned</em> since community.general 4.5.0.</p>
+<p>Mutually exclusive with <em>group</em>.</p>
 </div></td>
 </tr>
-<tr class="row-even"><td><div class="ansible-option-cell">
+<tr class="row-odd"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-registration_token"></div><p class="ansible-option-title" id="ansible-collections-community-general-gitlab-runner-module-parameter-registration-token"><strong>registration_token</strong></p>
 <a class="ansibleOptionLink" href="#parameter-registration_token" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
 </div></td>
@@ -333,7 +344,7 @@ see <a class="reference internal" href="#ansible-collections-community-general-g
 <p>Required if <em>state</em> is <code class="docutils literal notranslate"><span class="pre">present</span></code>.</p>
 </div></td>
 </tr>
-<tr class="row-odd"><td><div class="ansible-option-cell">
+<tr class="row-even"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-run_untagged"></div><p class="ansible-option-title" id="ansible-collections-community-general-gitlab-runner-module-parameter-run-untagged"><strong>run_untagged</strong></p>
 <a class="ansibleOptionLink" href="#parameter-run_untagged" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
 </div></td>
@@ -345,7 +356,7 @@ see <a class="reference internal" href="#ansible-collections-community-general-g
 </ul>
 </div></td>
 </tr>
-<tr class="row-even"><td><div class="ansible-option-cell">
+<tr class="row-odd"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-state"></div><p class="ansible-option-title" id="ansible-collections-community-general-gitlab-runner-module-parameter-state"><strong>state</strong></p>
 <a class="ansibleOptionLink" href="#parameter-state" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
 </div></td>
@@ -357,7 +368,7 @@ see <a class="reference internal" href="#ansible-collections-community-general-g
 </ul>
 </div></td>
 </tr>
-<tr class="row-odd"><td><div class="ansible-option-cell">
+<tr class="row-even"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-tag_list"></div><p class="ansible-option-title" id="ansible-collections-community-general-gitlab-runner-module-parameter-tag-list"><strong>tag_list</strong></p>
 <a class="ansibleOptionLink" href="#parameter-tag_list" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">list</span> / <span class="ansible-option-elements">elements=string</span></p>
 </div></td>
@@ -365,7 +376,7 @@ see <a class="reference internal" href="#ansible-collections-community-general-g
 <p class="ansible-option-line"><span class="ansible-option-default-bold">Default:</span> <code class="ansible-option-default docutils literal notranslate"><span class="pre">[]</span></code></p>
 </div></td>
 </tr>
-<tr class="row-even"><td><div class="ansible-option-cell">
+<tr class="row-odd"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-validate_certs"></div><p class="ansible-option-title" id="ansible-collections-community-general-gitlab-runner-module-parameter-validate-certs"><strong>validate_certs</strong></p>
 <a class="ansibleOptionLink" href="#parameter-validate_certs" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
 </div></td>
diff --git a/home/runner/work/community.general/community.general/docsbuild/base/collections/community/general/lxd_inventory.html b/home/runner/work/community.general/community.general/docsbuild/head/collections/community/general/lxd_inventory.html
index 12d5fcf..d1cd329 100644
--- a/home/runner/work/community.general/community.general/docsbuild/base/collections/community/general/lxd_inventory.html
+++ b/home/runner/work/community.general/community.general/docsbuild/head/collections/community/general/lxd_inventory.html
@@ -319,6 +319,14 @@ see <a class="reference internal" href="#ansible-collections-community-general-l
 <span class="nt">url</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">unix:/var/snap/lxd/common/lxd/unix.socket</span>
 <span class="nt">type_filter</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">both</span>
 
+<span class="c1"># simple lxd.yml including virtual machines and containers</span>
+<span class="nt">plugin</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">community.general.lxd</span>
+<span class="nt">url</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;https://example.com:8443&quot;</span>
+<span class="nt">type_filter</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">both</span>
+<span class="nt">client_cert</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;~/.config/lxc/client.crt&quot;</span>
+<span class="nt">client_key</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;~/.config/lxc/client.key&quot;</span>
+<span class="nt">trust_password</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;SUPERSECRET&quot;</span>
+
 <span class="c1"># grouping lxd.yml</span>
 <span class="nt">groupby</span><span class="p">:</span>
 <span class="w">  </span><span class="nt">locationBerlin</span><span class="p">:</span>
diff --git a/home/runner/work/community.general/community.general/docsbuild/base/collections/community/general/proxmox_kvm_module.html b/home/runner/work/community.general/community.general/docsbuild/head/collections/community/general/proxmox_kvm_module.html
index a869abb..38fa7f9 100644
--- a/home/runner/work/community.general/community.general/docsbuild/base/collections/community/general/proxmox_kvm_module.html
+++ b/home/runner/work/community.general/community.general/docsbuild/head/collections/community/general/proxmox_kvm_module.html
@@ -240,6 +240,14 @@ see <a class="reference internal" href="#ansible-collections-community-general-p
 </div></td>
 </tr>
 <tr class="row-odd"><td><div class="ansible-option-cell">
+<div class="ansibleOptionAnchor" id="parameter-archive"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-archive"><strong>archive</strong></p>
+<a class="ansibleOptionLink" href="#parameter-archive" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
+<p><span class="ansible-option-versionadded">added in community.general 6.5.0</span></p>
+</div></td>
+<td><div class="ansible-option-cell"><p>Specify a path to an archive to restore (instead of creating or cloning a VM).</p>
+</div></td>
+</tr>
+<tr class="row-even"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-args"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-args"><strong>args</strong></p>
 <a class="ansibleOptionLink" href="#parameter-args" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
 </div></td>
@@ -248,7 +256,7 @@ see <a class="reference internal" href="#ansible-collections-community-general-p
 <p>If <em>proxmox_default_behavior</em> is set to <code class="docutils literal notranslate"><span class="pre">compatiblity</span></code>, this option has a default of <code class="docutils literal notranslate"><span class="pre">-serial</span> <span class="pre">unix:/var/run/qemu-server/&lt;vmid&gt;.serial,server,nowait</span></code>.</p>
 </div></td>
 </tr>
-<tr class="row-even"><td><div class="ansible-option-cell">
+<tr class="row-odd"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-autostart"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-autostart"><strong>autostart</strong></p>
 <a class="ansibleOptionLink" href="#parameter-autostart" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
 </div></td>
@@ -261,7 +269,7 @@ see <a class="reference internal" href="#ansible-collections-community-general-p
 </ul>
 </div></td>
 </tr>
-<tr class="row-odd"><td><div class="ansible-option-cell">
+<tr class="row-even"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-balloon"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-balloon"><strong>balloon</strong></p>
 <a class="ansibleOptionLink" href="#parameter-balloon" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">integer</span></p>
 </div></td>
@@ -270,7 +278,7 @@ see <a class="reference internal" href="#ansible-collections-community-general-p
 <p>This option has no default unless <em>proxmox_default_behavior</em> is set to <code class="docutils literal notranslate"><span class="pre">compatiblity</span></code>; then the default is <code class="docutils literal notranslate"><span class="pre">0</span></code>.</p>
 </div></td>
 </tr>
-<tr class="row-even"><td><div class="ansible-option-cell">
+<tr class="row-odd"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-bios"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-bios"><strong>bios</strong></p>
 <a class="ansibleOptionLink" href="#parameter-bios" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
 </div></td>
@@ -282,7 +290,7 @@ see <a class="reference internal" href="#ansible-collections-community-general-p
 </ul>
 </div></td>
 </tr>
-<tr class="row-odd"><td><div class="ansible-option-cell">
+<tr class="row-even"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-boot"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-boot"><strong>boot</strong></p>
 <a class="ansibleOptionLink" href="#parameter-boot" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
 </div></td>
@@ -291,14 +299,14 @@ see <a class="reference internal" href="#ansible-collections-community-general-p
 <p>This option has no default unless <em>proxmox_default_behavior</em> is set to <code class="docutils literal notranslate"><span class="pre">compatiblity</span></code>; then the default is <code class="docutils literal notranslate"><span class="pre">cnd</span></code>.</p>
 </div></td>
 </tr>
-<tr class="row-even"><td><div class="ansible-option-cell">
+<tr class="row-odd"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-bootdisk"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-bootdisk"><strong>bootdisk</strong></p>
 <a class="ansibleOptionLink" href="#parameter-bootdisk" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
 </div></td>
 <td><div class="ansible-option-cell"><p>Enable booting from specified disk. <code class="docutils literal notranslate"><span class="pre">(ide|sata|scsi|virtio</span></code>\d+)</p>
 </div></td>
 </tr>
-<tr class="row-odd"><td><div class="ansible-option-cell">
+<tr class="row-even"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-cicustom"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-cicustom"><strong>cicustom</strong></p>
 <a class="ansibleOptionLink" href="#parameter-cicustom" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
 <p><span class="ansible-option-versionadded">added in community.general 1.3.0</span></p>
@@ -306,7 +314,7 @@ see <a class="reference internal" href="#ansible-collections-community-general-p
 <td><div class="ansible-option-cell"><p>cloud-init: Specify custom files to replace the automatically generated ones at start.</p>
 </div></td>
 </tr>
-<tr class="row-even"><td><div class="ansible-option-cell">
+<tr class="row-odd"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-cipassword"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-cipassword"><strong>cipassword</strong></p>
 <a class="ansibleOptionLink" href="#parameter-cipassword" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
 <p><span class="ansible-option-versionadded">added in community.general 1.3.0</span></p>
@@ -314,7 +322,7 @@ see <a class="reference internal" href="#ansible-collections-community-general-p
 <td><div class="ansible-option-cell"><p>cloud-init: password of default user to create.</p>
 </div></td>
 </tr>
-<tr class="row-odd"><td><div class="ansible-option-cell">
+<tr class="row-even"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-citype"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-citype"><strong>citype</strong></p>
 <a class="ansibleOptionLink" href="#parameter-citype" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
 <p><span class="ansible-option-versionadded">added in community.general 1.3.0</span></p>
@@ -329,7 +337,7 @@ see <a class="reference internal" href="#ansible-collections-community-general-p
 </ul>
 </div></td>
 </tr>
-<tr class="row-even"><td><div class="ansible-option-cell">
+<tr class="row-odd"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-ciuser"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-ciuser"><strong>ciuser</strong></p>
 <a class="ansibleOptionLink" href="#parameter-ciuser" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
 <p><span class="ansible-option-versionadded">added in community.general 1.3.0</span></p>
@@ -337,14 +345,14 @@ see <a class="reference internal" href="#ansible-collections-community-general-p
 <td><div class="ansible-option-cell"><p>cloud-init: username of default user to create.</p>
 </div></td>
 </tr>
-<tr class="row-odd"><td><div class="ansible-option-cell">
+<tr class="row-even"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-clone"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-clone"><strong>clone</strong></p>
 <a class="ansibleOptionLink" href="#parameter-clone" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
 </div></td>
 <td><div class="ansible-option-cell"><p>Name of VM to be cloned. If <em>vmid</em> is set, <em>clone</em> can take an arbitrary value but is required for initiating the clone.</p>
 </div></td>
 </tr>
-<tr class="row-even"><td><div class="ansible-option-cell">
+<tr class="row-odd"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-cores"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-cores"><strong>cores</strong></p>
 <a class="ansibleOptionLink" href="#parameter-cores" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">integer</span></p>
 </div></td>
@@ -352,7 +360,7 @@ see <a class="reference internal" href="#ansible-collections-community-general-p
 <p>This option has no default unless <em>proxmox_default_behavior</em> is set to <code class="docutils literal notranslate"><span class="pre">compatiblity</span></code>; then the default is <code class="docutils literal notranslate"><span class="pre">1</span></code>.</p>
 </div></td>
 </tr>
-<tr class="row-odd"><td><div class="ansible-option-cell">
+<tr class="row-even"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-cpu"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-cpu"><strong>cpu</strong></p>
 <a class="ansibleOptionLink" href="#parameter-cpu" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
 </div></td>
@@ -360,7 +368,7 @@ see <a class="reference internal" href="#ansible-collections-community-general-p
 <p>This option has no default unless <em>proxmox_default_behavior</em> is set to <code class="docutils literal notranslate"><span class="pre">compatiblity</span></code>; then the default is <code class="docutils literal notranslate"><span class="pre">kvm64</span></code>.</p>
 </div></td>
 </tr>
-<tr class="row-even"><td><div class="ansible-option-cell">
+<tr class="row-odd"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-cpulimit"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-cpulimit"><strong>cpulimit</strong></p>
 <a class="ansibleOptionLink" href="#parameter-cpulimit" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">integer</span></p>
 </div></td>
@@ -368,7 +376,7 @@ see <a class="reference internal" href="#ansible-collections-community-general-p
 <p>If the computer has 2 CPUs, it has total of ‘2’ CPU time</p>
 </div></td>
 </tr>
-<tr class="row-odd"><td><div class="ansible-option-cell">
+<tr class="row-even"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-cpuunits"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-cpuunits"><strong>cpuunits</strong></p>
 <a class="ansibleOptionLink" href="#parameter-cpuunits" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">integer</span></p>
 </div></td>
@@ -377,14 +385,14 @@ see <a class="reference internal" href="#ansible-collections-community-general-p
 <p>This option has no default unless <em>proxmox_default_behavior</em> is set to <code class="docutils literal notranslate"><span class="pre">compatiblity</span></code>; then the default is <code class="docutils literal notranslate"><span class="pre">1000</span></code>.</p>
 </div></td>
 </tr>
-<tr class="row-even"><td><div class="ansible-option-cell">
+<tr class="row-odd"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-delete"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-delete"><strong>delete</strong></p>
 <a class="ansibleOptionLink" href="#parameter-delete" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
 </div></td>
 <td><div class="ansible-option-cell"><p>Specify a list of settings you want to delete.</p>
 </div></td>
 </tr>
-<tr class="row-odd"><td><div class="ansible-option-cell">
+<tr class="row-even"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-description"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-description"><strong>description</strong></p>
 <a class="ansibleOptionLink" href="#parameter-description" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
 </div></td>
@@ -392,7 +400,7 @@ see <a class="reference internal" href="#ansible-collections-community-general-p
 <p>This is saved as comment inside the configuration file.</p>
 </div></td>
 </tr>
-<tr class="row-even"><td><div class="ansible-option-cell">
+<tr class="row-odd"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-digest"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-digest"><strong>digest</strong></p>
 <a class="ansibleOptionLink" href="#parameter-digest" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
 </div></td>
@@ -400,7 +408,7 @@ see <a class="reference internal" href="#ansible-collections-community-general-p
 <p>This can be used to prevent concurrent modifications.</p>
 </div></td>
 </tr>
-<tr class="row-odd"><td><div class="ansible-option-cell">
+<tr class="row-even"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-efidisk0"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-efidisk0"><strong>efidisk0</strong></p>
 <a class="ansibleOptionLink" href="#parameter-efidisk0" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">dictionary</span></p>
 <p><span class="ansible-option-versionadded">added in community.general 4.5.0</span></p>
@@ -409,7 +417,7 @@ see <a class="reference internal" href="#ansible-collections-community-general-p
 <p>Requires <em>bios=ovmf</em> to be set to be able to use it.</p>
 </div></td>
 </tr>
-<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
+<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-efidisk0/efitype"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-efidisk0-efitype"><strong>efitype</strong></p>
 <a class="ansibleOptionLink" href="#parameter-efidisk0/efitype" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
 </div></td>
@@ -423,14 +431,14 @@ see <a class="reference internal" href="#ansible-collections-community-general-p
 </ul>
 </div></td>
 </tr>
-<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
+<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-efidisk0/format"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-efidisk0-format"><strong>format</strong></p>
 <a class="ansibleOptionLink" href="#parameter-efidisk0/format" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
 </div></td>
 <td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p><code class="docutils literal notranslate"><span class="pre">format</span></code> is the drive’s backing file’s data format. Please refer to the Proxmox VE Administrator Guide, section Proxmox VE Storage (see <a class="reference external" href="https://pve.proxmox.com/pve-docs/chapter-pvesm.html">https://pve.proxmox.com/pve-docs/chapter-pvesm.html</a> for the latest version, tables 3 to 14) to find out format supported by the provided storage backend.</p>
 </div></td>
 </tr>
-<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
+<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-efidisk0/pre_enrolled_keys"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-efidisk0-pre-enrolled-keys"><strong>pre_enrolled_keys</strong></p>
 <a class="ansibleOptionLink" href="#parameter-efidisk0/pre_enrolled_keys" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
 </div></td>
@@ -443,14 +451,14 @@ see <a class="reference internal" href="#ansible-collections-community-general-p
 </ul>
 </div></td>
 </tr>
-<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
+<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-efidisk0/storage"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-efidisk0-storage"><strong>storage</strong></p>
 <a class="ansibleOptionLink" href="#parameter-efidisk0/storage" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
 </div></td>
 <td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p><code class="docutils literal notranslate"><span class="pre">storage</span></code> is the storage identifier where to create the disk.</p>
 </div></td>
 </tr>
-<tr class="row-even"><td><div class="ansible-option-cell">
+<tr class="row-odd"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-force"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-force"><strong>force</strong></p>
 <a class="ansibleOptionLink" href="#parameter-force" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
 </div></td>
@@ -464,7 +472,7 @@ see <a class="reference internal" href="#ansible-collections-community-general-p
 </ul>
 </div></td>
 </tr>
-<tr class="row-odd"><td><div class="ansible-option-cell">
+<tr class="row-even"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-format"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-format"><strong>format</strong></p>
 <a class="ansibleOptionLink" href="#parameter-format" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
 </div></td>
@@ -486,7 +494,7 @@ see <a class="reference internal" href="#ansible-collections-community-general-p
 </ul>
 </div></td>
 </tr>
-<tr class="row-even"><td><div class="ansible-option-cell">
+<tr class="row-odd"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-freeze"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-freeze"><strong>freeze</strong></p>
 <a class="ansibleOptionLink" href="#parameter-freeze" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
 </div></td>
@@ -498,7 +506,7 @@ see <a class="reference internal" href="#ansible-collections-community-general-p
 </ul>
 </div></td>
 </tr>
-<tr class="row-odd"><td><div class="ansible-option-cell">
+<tr class="row-even"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-full"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-full"><strong>full</strong></p>
 <a class="ansibleOptionLink" href="#parameter-full" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
 </div></td>
@@ -512,7 +520,7 @@ see <a class="reference internal" href="#ansible-collections-community-general-p
 </ul>
 </div></td>
 </tr>
-<tr class="row-even"><td><div class="ansible-option-cell">
+<tr class="row-odd"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-hostpci"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-hostpci"><strong>hostpci</strong></p>
 <a class="ansibleOptionLink" href="#parameter-hostpci" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">dictionary</span></p>
 </div></td>
@@ -526,7 +534,7 @@ see <a class="reference internal" href="#ansible-collections-community-general-p
 <p>/!\ This option allows direct access to host hardware. So it is no longer possible to migrate such machines - use with special care.</p>
 </div></td>
 </tr>
-<tr class="row-odd"><td><div class="ansible-option-cell">
+<tr class="row-even"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-hotplug"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-hotplug"><strong>hotplug</strong></p>
 <a class="ansibleOptionLink" href="#parameter-hotplug" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
 </div></td>
@@ -535,7 +543,7 @@ see <a class="reference internal" href="#ansible-collections-community-general-p
 <p>Value 0 disables hotplug completely and value 1 is an alias for the default <code class="docutils literal notranslate"><span class="pre">'network,disk,usb'</span></code>.</p>
 </div></td>
 </tr>
-<tr class="row-even"><td><div class="ansible-option-cell">
+<tr class="row-odd"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-hugepages"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-hugepages"><strong>hugepages</strong></p>
 <a class="ansibleOptionLink" href="#parameter-hugepages" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
 </div></td>
@@ -548,7 +556,7 @@ see <a class="reference internal" href="#ansible-collections-community-general-p
 </ul>
 </div></td>
 </tr>
-<tr class="row-odd"><td><div class="ansible-option-cell">
+<tr class="row-even"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-ide"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-ide"><strong>ide</strong></p>
 <a class="ansibleOptionLink" href="#parameter-ide" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">dictionary</span></p>
 </div></td>
@@ -560,7 +568,7 @@ see <a class="reference internal" href="#ansible-collections-community-general-p
 <p><code class="docutils literal notranslate"><span class="pre">format</span></code> is the drive’s backing file’s data format. <code class="docutils literal notranslate"><span class="pre">qcow2|raw|subvol</span></code>. Please refer to the Proxmox VE Administrator Guide, section Proxmox VE Storage (see <a class="reference external" href="https://pve.proxmox.com/pve-docs/chapter-pvesm.html">https://pve.proxmox.com/pve-docs/chapter-pvesm.html</a> for the latest version, tables 3 to 14) to find out format supported by the provided storage backend.</p>
 </div></td>
 </tr>
-<tr class="row-even"><td><div class="ansible-option-cell">
+<tr class="row-odd"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-ipconfig"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-ipconfig"><strong>ipconfig</strong></p>
 <a class="ansibleOptionLink" href="#parameter-ipconfig" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">dictionary</span></p>
 <p><span class="ansible-option-versionadded">added in community.general 1.3.0</span></p>
@@ -576,14 +584,14 @@ see <a class="reference internal" href="#ansible-collections-community-general-p
 <p>If cloud-init is enabled and neither an IPv4 nor an IPv6 address is specified, it defaults to using dhcp on IPv4.</p>
 </div></td>
 </tr>
-<tr class="row-odd"><td><div class="ansible-option-cell">
+<tr class="row-even"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-keyboard"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-keyboard"><strong>keyboard</strong></p>
 <a class="ansibleOptionLink" href="#parameter-keyboard" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
 </div></td>
 <td><div class="ansible-option-cell"><p>Sets the keyboard layout for VNC server.</p>
 </div></td>
 </tr>
-<tr class="row-even"><td><div class="ansible-option-cell">
+<tr class="row-odd"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-kvm"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-kvm"><strong>kvm</strong></p>
 <a class="ansibleOptionLink" href="#parameter-kvm" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
 </div></td>
@@ -596,7 +604,7 @@ see <a class="reference internal" href="#ansible-collections-community-general-p
 </ul>
 </div></td>
 </tr>
-<tr class="row-odd"><td><div class="ansible-option-cell">
+<tr class="row-even"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-localtime"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-localtime"><strong>localtime</strong></p>
 <a class="ansibleOptionLink" href="#parameter-localtime" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
 </div></td>
@@ -609,7 +617,7 @@ see <a class="reference internal" href="#ansible-collections-community-general-p
 </ul>
 </div></td>
 </tr>
-<tr class="row-even"><td><div class="ansible-option-cell">
+<tr class="row-odd"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-lock"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-lock"><strong>lock</strong></p>
 <a class="ansibleOptionLink" href="#parameter-lock" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
 </div></td>
@@ -623,7 +631,7 @@ see <a class="reference internal" href="#ansible-collections-community-general-p
 </ul>
 </div></td>
 </tr>
-<tr class="row-odd"><td><div class="ansible-option-cell">
+<tr class="row-even"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-machine"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-machine"><strong>machine</strong></p>
 <a class="ansibleOptionLink" href="#parameter-machine" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
 </div></td>
@@ -631,7 +639,7 @@ see <a class="reference internal" href="#ansible-collections-community-general-p
 <p>type =&gt; <code class="docutils literal notranslate"><span class="pre">(pc|pc(-i440fx</span></code>?-\d+\.\d+(\.pxe)?|q35|pc-q35-\d+\.\d+(\.pxe)?))</p>
 </div></td>
 </tr>
-<tr class="row-even"><td><div class="ansible-option-cell">
+<tr class="row-odd"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-memory"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-memory"><strong>memory</strong></p>
 <a class="ansibleOptionLink" href="#parameter-memory" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">integer</span></p>
 </div></td>
@@ -639,14 +647,14 @@ see <a class="reference internal" href="#ansible-collections-community-general-p
 <p>This option has no default unless <em>proxmox_default_behavior</em> is set to <code class="docutils literal notranslate"><span class="pre">compatiblity</span></code>; then the default is <code class="docutils literal notranslate"><span class="pre">512</span></code>.</p>
 </div></td>
 </tr>
-<tr class="row-odd"><td><div class="ansible-option-cell">
+<tr class="row-even"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-migrate_downtime"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-migrate-downtime"><strong>migrate_downtime</strong></p>
 <a class="ansibleOptionLink" href="#parameter-migrate_downtime" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">integer</span></p>
 </div></td>
 <td><div class="ansible-option-cell"><p>Sets maximum tolerated downtime (in seconds) for migrations.</p>
 </div></td>
 </tr>
-<tr class="row-even"><td><div class="ansible-option-cell">
+<tr class="row-odd"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-migrate_speed"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-migrate-speed"><strong>migrate_speed</strong></p>
 <a class="ansibleOptionLink" href="#parameter-migrate_speed" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">integer</span></p>
 </div></td>
@@ -654,7 +662,7 @@ see <a class="reference internal" href="#ansible-collections-community-general-p
 <p>A value of 0 is no limit.</p>
 </div></td>
 </tr>
-<tr class="row-odd"><td><div class="ansible-option-cell">
+<tr class="row-even"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-name"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-name"><strong>name</strong></p>
 <a class="ansibleOptionLink" href="#parameter-name" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
 </div></td>
@@ -662,7 +670,7 @@ see <a class="reference internal" href="#ansible-collections-community-general-p
 <p>Required only for <code class="docutils literal notranslate"><span class="pre">state=present</span></code>.</p>
 </div></td>
 </tr>
-<tr class="row-even"><td><div class="ansible-option-cell">
+<tr class="row-odd"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-nameservers"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-nameservers"><strong>nameservers</strong></p>
 <a class="ansibleOptionLink" href="#parameter-nameservers" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">list</span> / <span class="ansible-option-elements">elements=string</span></p>
 <p><span class="ansible-option-versionadded">added in community.general 1.3.0</span></p>
@@ -671,7 +679,7 @@ see <a class="reference internal" href="#ansible-collections-community-general-p
 <p>If unset, PVE host settings are used.</p>
 </div></td>
 </tr>
-<tr class="row-odd"><td><div class="ansible-option-cell">
+<tr class="row-even"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-net"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-net"><strong>net</strong></p>
 <a class="ansibleOptionLink" href="#parameter-net" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">dictionary</span></p>
 </div></td>
@@ -685,7 +693,7 @@ see <a class="reference internal" href="#ansible-collections-community-general-p
 <p>If you specify no bridge, we create a kvm ‘user’ (NATed) network device, which provides DHCP and DNS services.</p>
 </div></td>
 </tr>
-<tr class="row-even"><td><div class="ansible-option-cell">
+<tr class="row-odd"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-newid"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-newid"><strong>newid</strong></p>
 <a class="ansibleOptionLink" href="#parameter-newid" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">integer</span></p>
 </div></td>
@@ -693,7 +701,7 @@ see <a class="reference internal" href="#ansible-collections-community-general-p
 <p>If newid is not set, the next available VM ID will be fetched from ProxmoxAPI.</p>
 </div></td>
 </tr>
-<tr class="row-odd"><td><div class="ansible-option-cell">
+<tr class="row-even"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-node"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-node"><strong>node</strong></p>
 <a class="ansibleOptionLink" href="#parameter-node" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
 </div></td>
@@ -702,7 +710,7 @@ see <a class="reference internal" href="#ansible-collections-community-general-p
 <p>For every other states it will be autodiscovered.</p>
 </div></td>
 </tr>
-<tr class="row-even"><td><div class="ansible-option-cell">
+<tr class="row-odd"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-numa"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-numa"><strong>numa</strong></p>
 <a class="ansibleOptionLink" href="#parameter-numa" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">dictionary</span></p>
 </div></td>
@@ -715,7 +723,7 @@ see <a class="reference internal" href="#ansible-collections-community-general-p
 <p><code class="docutils literal notranslate"><span class="pre">policy</span></code> NUMA allocation policy.</p>
 </div></td>
 </tr>
-<tr class="row-odd"><td><div class="ansible-option-cell">
+<tr class="row-even"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-numa_enabled"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-numa-enabled"><strong>numa_enabled</strong></p>
 <a class="ansibleOptionLink" href="#parameter-numa_enabled" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
 </div></td>
@@ -727,7 +735,7 @@ see <a class="reference internal" href="#ansible-collections-community-general-p
 </ul>
 </div></td>
 </tr>
-<tr class="row-even"><td><div class="ansible-option-cell">
+<tr class="row-odd"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-onboot"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-onboot"><strong>onboot</strong></p>
 <a class="ansibleOptionLink" href="#parameter-onboot" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
 </div></td>
@@ -740,7 +748,7 @@ see <a class="reference internal" href="#ansible-collections-community-general-p
 </ul>
 </div></td>
 </tr>
-<tr class="row-odd"><td><div class="ansible-option-cell">
+<tr class="row-even"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-ostype"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-ostype"><strong>ostype</strong></p>
 <a class="ansibleOptionLink" href="#parameter-ostype" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
 </div></td>
@@ -765,7 +773,7 @@ see <a class="reference internal" href="#ansible-collections-community-general-p
 </ul>
 </div></td>
 </tr>
-<tr class="row-even"><td><div class="ansible-option-cell">
+<tr class="row-odd"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-parallel"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-parallel"><strong>parallel</strong></p>
 <a class="ansibleOptionLink" href="#parameter-parallel" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">dictionary</span></p>
 </div></td>
@@ -774,14 +782,14 @@ see <a class="reference internal" href="#ansible-collections-community-general-p
 <p>Values allowed are - <code class="docutils literal notranslate"><span class="pre">&quot;/dev/parport\d+|/dev/usb/lp\d+&quot;</span></code>.</p>
 </div></td>
 </tr>
-<tr class="row-odd"><td><div class="ansible-option-cell">
+<tr class="row-even"><td><div class="ansible-option-cell">
 <div class="ansibleOptionAnchor" id="parameter-pool"></div><p class="ansible-option-title" id="ansible-collections-community-general-proxmox-kvm-module-parameter-pool"><strong>pool</strong></p>
 <a class="ansibleOptionLink" href="#parameter-pool" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
 </div></td>
 <td><div class="ansible-option-cell"><p>Add the new VM to the specified pool.</p>
 </div></td>
 </tr>
-<tr class="row-even"><td><div class="ansible-

felixfontein

Thanks for your contribution!

felixfontein · 2023-03-25T07:28:47Z

changelogs/fragments/6232-fix-lxd-cert-authentication.yml

@@ -0,0 +1,2 @@
+bugfixes:
+  - lxd inventory - bugfix to authenticate client certificates at the server (https://github.com/ansible-collections/community.general/issues/6204)


Suggested change

- lxd inventory - bugfix to authenticate client certificates at the server (https://github.com/ansible-collections/community.general/issues/6204)

- lxd inventory plugin - bugfix to authenticate client certificates at the server (https://github.com/ansible-collections/community.general/issues/6204).

felixfontein · 2023-03-25T07:29:46Z

plugins/module_utils/lxd.py

+                with open(cert_file, 'r') as fh:
+                    self.cert_file = cert_file
+            except FileNotFoundError:
+                raise LXDClientException('The certificate is not valid.')


How about:

Suggested change

raise LXDClientException('The certificate is not valid.')

raise LXDClientException('The certificate "{0}" does not exist.'.format(cert_file))

(With a similar change below.)

felixfontein · 2023-03-25T07:30:09Z

plugins/module_utils/lxd.py

            parts = generic_urlparse(urlparse(self.url))
-            ctx = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
+            ctx = ssl._create_unverified_context(purpose=ssl.Purpose.SERVER_AUTH)


Changing this is introducing a security vulnerability, since you are disabling certificate validation.

Hi Felix,

Yes and no. By initializing LXD, the setup only asked if lxd should be reachable from the network:

Would you like the LXD server to be available over the network? (yes/no) [default=no]: yes Address to bind LXD to (not including port) [default=all]: Port to bind LXD to [default=8443]: Trust password for new clients:

At this point self signed certificates for the server are generated.

There has already been a discussion on this: #5616
With your PR: #6034 i get the folowing error:

[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:997)

There are changes in the ssl library between python3.9 and python3.10. Previously, the connection establishment was not checked so closely and the access was given.
Now we have two Options to get the old behavior:

ctx = ssl.create_default_context(ssl.Purpose.SERVER_AUTH) ctx.check_hostname = False ctx.verify_mode = ssl.CERT_NONE

From my point of view, however, this only disguises the fact that the remote station is not sufficiently checked, or:

ctx = ssl._create_unverified_context(purpose=ssl.Purpose.SERVER_AUTH)

I absolutely agree with you that both solutions are unattractive, however, the change "only" restores the old behavior.

How do we continue here?

Thanks Frank

At this point self signed certificates for the server are generated.

Which can be OK if this is only on an internal network (or for testing), but these should be replaced by proper ones. These should not be used in production if you don't work on a trusted network (which you usually shouldn't assume, see zero trust architecture).

The correct solution is to add a new validate_certs option that allows to disable certificate validation. When that option is set to true, you can do

ctx = ssl.create_default_context(ssl.Purpose.SERVER_AUTH) ctx.check_hostname = False ctx.verify_mode = ssl.CERT_NONE

But that should happen in another PR as it is a new feature.

Hi @felixfontein ,

we are through with the topic and now split into bug and feature? You can assign the feature to me.

Thanks Frank

@conloos feel free to create issues or directly PR(s).

felixfontein · 2023-05-10T05:37:45Z

needs_info

conloos · 2023-05-11T17:32:23Z

Hi Felix,

since no functionality was changed, I assumed that the small patch was already accepted.
I have not yet found time to create a patch for the warning, respectively I have to discuss this in the forum of LXD if we change this in a bigger scope.

What do you need, how can I support you?

Thanks Frank

felixfontein · 2023-05-14T08:15:02Z

@conloos as long as this PR contains https://github.com/ansible-collections/community.general/pull/6232/files#diff-aed731038203ef482584466b39dc1c119a3efb510e58053d136e93be6c2da6c1R73 it cannot be merged as it introduces a security vulnerability. If you remove the change to that line it should be OK.

felixfontein · 2024-02-23T20:04:04Z

This PR needs a rebase. Also the problem mentioned above needs to be fixed.

needs_info

ansibullbot · 2024-03-26T20:36:54Z

@conloos This pullrequest is waiting for your response. Please respond or the pullrequest will be closed.

click here for bot help

ansibullbot · 2024-04-27T21:01:33Z

@conloos You have not responded to information requests in this pullrequest so we will assume it no longer affects you. If you are still interested in this, please create a new pullrequest with the requested information.

click here for bot help

conloos added 3 commits March 24, 2023 23:14

add authentication of client certificates

a83f1f4

- add validation if certificate files exist

0605899

- the lxd server uses self signed certs, switch to _create_unverified_context - add new error message type

add example

a352c43

ansibullbot added bug This issue/PR relates to a bug inventory inventory plugin module_utils module_utils plugins plugin (any type) labels Mar 24, 2023

fix sanity check

73a3e6f

This comment was marked as outdated.

Sign in to view

ansibullbot added ci_verified Push fixes to PR branch to re-run CI needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR labels Mar 24, 2023

add fragment

dcdc9bc

ansibullbot removed ci_verified Push fixes to PR branch to re-run CI needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR labels Mar 24, 2023

felixfontein added check-before-release PR will be looked at again shortly before release and merged if possible. backport-5 labels Mar 25, 2023

felixfontein reviewed Mar 25, 2023

View reviewed changes

felixfontein changed the title ~~fix #6204~~ lxd: fix #6204 Mar 25, 2023

conloos added 2 commits March 25, 2023 12:44

Add better error message

ffce4eb

Change description in fragment

22b0491

This comment was marked as outdated.

Sign in to view

ansibullbot added ci_verified Push fixes to PR branch to re-run CI needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR labels Mar 25, 2023

fix sanity errors

f4e2b14

ansibullbot removed ci_verified Push fixes to PR branch to re-run CI needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR labels Mar 25, 2023

ansibullbot added the stale_ci CI is older than 7 days, rerun before merging label Apr 10, 2023

felixfontein removed the backport-5 label Apr 24, 2023

felixfontein added the backport-7 label May 10, 2023

ansibullbot added the needs_info This issue requires further information. Please answer any outstanding questions label May 10, 2023

ansibullbot removed the needs_info This issue requires further information. Please answer any outstanding questions label May 11, 2023

ansibullbot added needs_rebase https://docs.ansible.com/ansible/devel/dev_guide/developing_rebasing.html needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR labels Oct 29, 2023

felixfontein added backport-8 Automatically create a backport for the stable-8 branch and removed backport-6 labels Nov 1, 2023

ansibullbot added the needs_info This issue requires further information. Please answer any outstanding questions label Feb 23, 2024

ansibullbot closed this Apr 27, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

lxd: fix #6204 #6232

lxd: fix #6204 #6232

conloos commented Mar 24, 2023 •

edited

Loading

This comment was marked as outdated.

github-actions bot commented Mar 24, 2023 •

edited

Loading

felixfontein left a comment

felixfontein Mar 25, 2023

felixfontein Mar 25, 2023

felixfontein Mar 25, 2023

conloos Mar 25, 2023

felixfontein Mar 25, 2023

conloos Mar 30, 2023

felixfontein Apr 2, 2023

This comment was marked as outdated.

felixfontein commented May 10, 2023

conloos commented May 11, 2023

felixfontein commented May 14, 2023

felixfontein commented Feb 23, 2024

ansibullbot commented Mar 26, 2024

ansibullbot commented Apr 27, 2024

		@@ -0,0 +1,2 @@
		bugfixes:
		- lxd inventory - bugfix to authenticate client certificates at the server (https://github.com/ansible-collections/community.general/issues/6204)

	- lxd inventory - bugfix to authenticate client certificates at the server (https://github.com/ansible-collections/community.general/issues/6204)
	- lxd inventory plugin - bugfix to authenticate client certificates at the server (https://github.com/ansible-collections/community.general/issues/6204).

	raise LXDClientException('The certificate is not valid.')
	raise LXDClientException('The certificate "{0}" does not exist.'.format(cert_file))

lxd: fix #6204 #6232

lxd: fix #6204 #6232

Conversation

conloos commented Mar 24, 2023 • edited Loading

SUMMARY

ISSUE TYPE

COMPONENT NAME

ADDITIONAL INFORMATION

This comment was marked as outdated.

github-actions bot commented Mar 24, 2023 • edited Loading

Docs Build 📝

felixfontein left a comment

Choose a reason for hiding this comment

felixfontein Mar 25, 2023

Choose a reason for hiding this comment

felixfontein Mar 25, 2023

Choose a reason for hiding this comment

felixfontein Mar 25, 2023

Choose a reason for hiding this comment

conloos Mar 25, 2023

Choose a reason for hiding this comment

felixfontein Mar 25, 2023

Choose a reason for hiding this comment

conloos Mar 30, 2023

Choose a reason for hiding this comment

felixfontein Apr 2, 2023

Choose a reason for hiding this comment

This comment was marked as outdated.

felixfontein commented May 10, 2023

conloos commented May 11, 2023

felixfontein commented May 14, 2023

felixfontein commented Feb 23, 2024

ansibullbot commented Mar 26, 2024

ansibullbot commented Apr 27, 2024

conloos commented Mar 24, 2023 •

edited

Loading

github-actions bot commented Mar 24, 2023 •

edited

Loading