|
|
|
|
#!/usr/bin/env python
|
|
|
|
|
# Copyright: (c) 2012, Michael DeHaan <michael.dehaan@gmail.com>
|
|
|
|
|
# Copyright: (c) 2018, Ansible Project
|
|
|
|
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
|
|
|
# PYTHON_ARGCOMPLETE_OK
|
|
|
|
|
|
|
|
|
|
from __future__ import (absolute_import, division, print_function)
|
|
|
|
|
__metaclass__ = type
|
|
|
|
|
|
|
|
|
|
# ansible.cli needs to be imported first, to ensure the source bin/* scripts run that code first
|
|
|
|
|
from ansible.cli import CLI
|
|
|
|
|
|
|
|
|
|
import datetime
|
|
|
|
|
import os
|
|
|
|
|
import platform
|
|
|
|
|
import random
|
|
|
|
|
import shutil
|
|
|
|
|
import socket
|
|
|
|
|
import sys
|
|
|
|
|
import time
|
|
|
|
|
|
|
|
|
|
from ansible import constants as C
|
|
|
|
|
from ansible import context
|
|
|
|
|
from ansible.cli.arguments import option_helpers as opt_help
|
|
|
|
|
from ansible.errors import AnsibleOptionsError
|
|
|
|
|
from ansible.module_utils._text import to_native, to_text
|
|
|
|
|
from ansible.module_utils.six.moves import shlex_quote
|
|
|
|
|
from ansible.plugins.loader import module_loader
|
|
|
|
|
from ansible.utils.cmd_functions import run_cmd
|
|
|
|
|
from ansible.utils.display import Display
|
|
|
|
|
|
|
|
|
|
display = Display()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class PullCLI(CLI):
|
|
|
|
|
''' Used to pull a remote copy of ansible on each managed node,
|
|
|
|
|
each set to run via cron and update playbook source via a source repository.
|
|
|
|
|
This inverts the default *push* architecture of ansible into a *pull* architecture,
|
|
|
|
|
which has near-limitless scaling potential.
|
|
|
|
|
|
|
|
|
|
The setup playbook can be tuned to change the cron frequency, logging locations, and parameters to ansible-pull.
|
|
|
|
|
This is useful both for extreme scale-out as well as periodic remediation.
|
|
|
|
|
Usage of the 'fetch' module to retrieve logs from ansible-pull runs would be an
|
|
|
|
|
excellent way to gather and analyze remote logs from ansible-pull.
|
|
|
|
|
'''
|
|
|
|
|
|
|
|
|
|
name = 'ansible-pull'
|
|
|
|
|
|
|
|
|
|
DEFAULT_REPO_TYPE = 'git'
|
|
|
|
|
DEFAULT_PLAYBOOK = 'local.yml'
|
|
|
|
|
REPO_CHOICES = ('git', 'subversion', 'hg', 'bzr')
|
|
|
|
|
PLAYBOOK_ERRORS = {
|
|
|
|
|
1: 'File does not exist',
|
|
|
|
|
2: 'File is not readable',
|
|
|
|
|
}
|
|
|
|
|
ARGUMENTS = {'playbook.yml': 'The name of one the YAML format files to run as an Ansible playbook.'
|
|
|
|
|
'This can be a relative path within the checkout. By default, Ansible will'
|
|
|
|
|
"look for a playbook based on the host's fully-qualified domain name,"
|
|
|
|
|
'on the host hostname and finally a playbook named *local.yml*.', }
|
|
|
|
|
|
|
|
|
|
SKIP_INVENTORY_DEFAULTS = True
|
|
|
|
|
|
|
|
|
|
@staticmethod
|
|
|
|
|
def _get_inv_cli():
|
|
|
|
|
inv_opts = ''
|
|
|
|
|
if context.CLIARGS.get('inventory', False):
|
|
|
|
|
for inv in context.CLIARGS['inventory']:
|
|
|
|
|
if isinstance(inv, list):
|
|
|
|
|
inv_opts += " -i '%s' " % ','.join(inv)
|
|
|
|
|
elif ',' in inv or os.path.exists(inv):
|
|
|
|
|
inv_opts += ' -i %s ' % inv
|
|
|
|
|
|
|
|
|
|
return inv_opts
|
|
|
|
|
|
|
|
|
|
def init_parser(self):
|
|
|
|
|
''' create an options parser for bin/ansible '''
|
|
|
|
|
|
|
|
|
|
super(PullCLI, self).init_parser(
|
|
|
|
|
usage='%prog -U <repository> [options] [<playbook.yml>]',
|
|
|
|
|
desc="pulls playbooks from a VCS repo and executes them for the local host")
|
|
|
|
|
|
|
|
|
|
# Do not add check_options as there's a conflict with --checkout/-C
|
|
|
|
|
opt_help.add_connect_options(self.parser)
|
|
|
|
|
opt_help.add_vault_options(self.parser)
|
|
|
|
|
opt_help.add_runtask_options(self.parser)
|
|
|
|
|
opt_help.add_subset_options(self.parser)
|
|
|
|
|
opt_help.add_inventory_options(self.parser)
|
|
|
|
|
opt_help.add_module_options(self.parser)
|
|
|
|
|
opt_help.add_runas_prompt_options(self.parser)
|
|
|
|
|
|
|
|
|
|
self.parser.add_argument('args', help='Playbook(s)', metavar='playbook.yml', nargs='*')
|
|
|
|
|
|
|
|
|
|
# options unique to pull
|
|
|
|
|
self.parser.add_argument('--purge', default=False, action='store_true', help='purge checkout after playbook run')
|
|
|
|
|
self.parser.add_argument('-o', '--only-if-changed', dest='ifchanged', default=False, action='store_true',
|
|
|
|
|
help='only run the playbook if the repository has been updated')
|
|
|
|
|
self.parser.add_argument('-s', '--sleep', dest='sleep', default=None,
|
|
|
|
|
help='sleep for random interval (between 0 and n number of seconds) before starting. '
|
|
|
|
|
'This is a useful way to disperse git requests')
|
|
|
|
|
self.parser.add_argument('-f', '--force', dest='force', default=False, action='store_true',
|
|
|
|
|
help='run the playbook even if the repository could not be updated')
|
|
|
|
|
self.parser.add_argument('-d', '--directory', dest='dest', default=None,
|
|
|
|
|
help='absolute path of repository checkout directory (relative paths are not supported)')
|
|
|
|
|
self.parser.add_argument('-U', '--url', dest='url', default=None, help='URL of the playbook repository')
|
|
|
|
|
self.parser.add_argument('--full', dest='fullclone', action='store_true', help='Do a full clone, instead of a shallow one.')
|
|
|
|
|
self.parser.add_argument('-C', '--checkout', dest='checkout',
|
|
|
|
|
help='branch/tag/commit to checkout. Defaults to behavior of repository module.')
|
|
|
|
|
self.parser.add_argument('--accept-host-key', default=False, dest='accept_host_key', action='store_true',
|
|
|
|
|
help='adds the hostkey for the repo url if not already added')
|
|
|
|
|
self.parser.add_argument('-m', '--module-name', dest='module_name', default=self.DEFAULT_REPO_TYPE,
|
|
|
|
|
help='Repository module name, which ansible will use to check out the repo. Choices are %s. Default is %s.'
|
|
|
|
|
% (self.REPO_CHOICES, self.DEFAULT_REPO_TYPE))
|
|
|
|
|
self.parser.add_argument('--verify-commit', dest='verify', default=False, action='store_true',
|
|
|
|
|
help='verify GPG signature of checked out commit, if it fails abort running the playbook. '
|
|
|
|
|
'This needs the corresponding VCS module to support such an operation')
|
|
|
|
|
self.parser.add_argument('--clean', dest='clean', default=False, action='store_true',
|
|
|
|
|
help='modified files in the working repository will be discarded')
|
|
|
|
|
self.parser.add_argument('--track-subs', dest='tracksubs', default=False, action='store_true',
|
|
|
|
|
help='submodules will track the latest changes. This is equivalent to specifying the --remote flag to git submodule update')
|
|
|
|
|
# add a subset of the check_opts flag group manually, as the full set's
|
|
|
|
|
# shortcodes conflict with above --checkout/-C
|
|
|
|
|
self.parser.add_argument("--check", default=False, dest='check', action='store_true',
|
|
|
|
|
help="don't make any changes; instead, try to predict some of the changes that may occur")
|
|
|
|
|
self.parser.add_argument("--diff", default=C.DIFF_ALWAYS, dest='diff', action='store_true',
|
|
|
|
|
help="when changing (small) files and templates, show the differences in those files; works great with --check")
|
|
|
|
|
|
|
|
|
|
def post_process_args(self, options):
|
|
|
|
|
options = super(PullCLI, self).post_process_args(options)
|
|
|
|
|
|
|
|
|
|
if not options.dest:
|
|
|
|
|
hostname = socket.getfqdn()
|
|
|
|
|
# use a hostname dependent directory, in case of $HOME on nfs
|
|
|
|
|
options.dest = os.path.join('~/.ansible/pull', hostname)
|
|
|
|
|
options.dest = os.path.expandvars(os.path.expanduser(options.dest))
|
|
|
|
|
|
|
|
|
|
if os.path.exists(options.dest) and not os.path.isdir(options.dest):
|
|
|
|
|
raise AnsibleOptionsError("%s is not a valid or accessible directory." % options.dest)
|
|
|
|
|
|
|
|
|
|
if options.sleep:
|
|
|
|
|
try:
|
|
|
|
|
secs = random.randint(0, int(options.sleep))
|
|
|
|
|
options.sleep = secs
|
|
|
|
|
except ValueError:
|
|
|
|
|
raise AnsibleOptionsError("%s is not a number." % options.sleep)
|
|
|
|
|
|
|
|
|
|
if not options.url:
|
|
|
|
|
raise AnsibleOptionsError("URL for repository not specified, use -h for help")
|
|
|
|
|
|
|
|
|
|
if options.module_name not in self.REPO_CHOICES:
|
|
|
|
|
raise AnsibleOptionsError("Unsupported repo module %s, choices are %s" % (options.module_name, ','.join(self.REPO_CHOICES)))
|
|
|
|
|
|
|
|
|
|
display.verbosity = options.verbosity
|
|
|
|
|
self.validate_conflicts(options)
|
|
|
|
|
|
|
|
|
|
return options
|
|
|
|
|
|
|
|
|
|
def run(self):
|
|
|
|
|
''' use Runner lib to do SSH things '''
|
|
|
|
|
|
|
|
|
|
super(PullCLI, self).run()
|
|
|
|
|
|
|
|
|
|
# log command line
|
|
|
|
|
now = datetime.datetime.now()
|
|
|
|
|
display.display(now.strftime("Starting Ansible Pull at %F %T"))
|
|
|
|
|
display.display(' '.join(sys.argv))
|
|
|
|
|
|
|
|
|
|
# Build Checkout command
|
|
|
|
|
# Now construct the ansible command
|
|
|
|
|
node = platform.node()
|
|
|
|
|
host = socket.getfqdn()
|
|
|
|
|
limit_opts = 'localhost,%s,127.0.0.1' % ','.join(set([host, node, host.split('.')[0], node.split('.')[0]]))
|
|
|
|
|
base_opts = '-c local '
|
|
|
|
|
if context.CLIARGS['verbosity'] > 0:
|
|
|
|
|
base_opts += ' -%s' % ''.join(["v" for x in range(0, context.CLIARGS['verbosity'])])
|
|
|
|
|
|
|
|
|
|
# Attempt to use the inventory passed in as an argument
|
|
|
|
|
# It might not yet have been downloaded so use localhost as default
|
|
|
|
|
inv_opts = self._get_inv_cli()
|
|
|
|
|
if not inv_opts:
|
|
|
|
|
inv_opts = " -i localhost, "
|
|
|
|
|
# avoid interpreter discovery since we already know which interpreter to use on localhost
|
|
|
|
|
inv_opts += '-e %s ' % shlex_quote('ansible_python_interpreter=%s' % sys.executable)
|
|
|
|
|
|
|
|
|
|
# SCM specific options
|
|
|
|
|
if context.CLIARGS['module_name'] == 'git':
|
|
|
|
|
repo_opts = "name=%s dest=%s" % (context.CLIARGS['url'], context.CLIARGS['dest'])
|
|
|
|
|
if context.CLIARGS['checkout']:
|
|
|
|
|
repo_opts += ' version=%s' % context.CLIARGS['checkout']
|
|
|
|
|
|
|
|
|
|
if context.CLIARGS['accept_host_key']:
|
|
|
|
|
repo_opts += ' accept_hostkey=yes'
|
|
|
|
|
|
|
|
|
|
if context.CLIARGS['private_key_file']:
|
|
|
|
|
repo_opts += ' key_file=%s' % context.CLIARGS['private_key_file']
|
|
|
|
|
|
|
|
|
|
if context.CLIARGS['verify']:
|
|
|
|
|
repo_opts += ' verify_commit=yes'
|
|
|
|
|
|
|
|
|
|
if context.CLIARGS['tracksubs']:
|
|
|
|
|
repo_opts += ' track_submodules=yes'
|
|
|
|
|
|
|
|
|
|
if not context.CLIARGS['fullclone']:
|
|
|
|
|
repo_opts += ' depth=1'
|
|
|
|
|
elif context.CLIARGS['module_name'] == 'subversion':
|
|
|
|
|
repo_opts = "repo=%s dest=%s" % (context.CLIARGS['url'], context.CLIARGS['dest'])
|
|
|
|
|
if context.CLIARGS['checkout']:
|
|
|
|
|
repo_opts += ' revision=%s' % context.CLIARGS['checkout']
|
|
|
|
|
if not context.CLIARGS['fullclone']:
|
|
|
|
|
repo_opts += ' export=yes'
|
|
|
|
|
elif context.CLIARGS['module_name'] == 'hg':
|
|
|
|
|
repo_opts = "repo=%s dest=%s" % (context.CLIARGS['url'], context.CLIARGS['dest'])
|
|
|
|
|
if context.CLIARGS['checkout']:
|
|
|
|
|
repo_opts += ' revision=%s' % context.CLIARGS['checkout']
|
|
|
|
|
elif context.CLIARGS['module_name'] == 'bzr':
|
|
|
|
|
repo_opts = "name=%s dest=%s" % (context.CLIARGS['url'], context.CLIARGS['dest'])
|
|
|
|
|
if context.CLIARGS['checkout']:
|
|
|
|
|
repo_opts += ' version=%s' % context.CLIARGS['checkout']
|
|
|
|
|
else:
|
|
|
|
|
raise AnsibleOptionsError('Unsupported (%s) SCM module for pull, choices are: %s'
|
|
|
|
|
% (context.CLIARGS['module_name'],
|
|
|
|
|
','.join(self.REPO_CHOICES)))
|
|
|
|
|
|
|
|
|
|
# options common to all supported SCMS
|
|
|
|
|
if context.CLIARGS['clean']:
|
|
|
|
|
repo_opts += ' force=yes'
|
|
|
|
|
|
|
|
|
|
path = module_loader.find_plugin(context.CLIARGS['module_name'])
|
|
|
|
|
if path is None:
|
|
|
|
|
raise AnsibleOptionsError(("module '%s' not found.\n" % context.CLIARGS['module_name']))
|
|
|
|
|
|
|
|
|
|
bin_path = os.path.dirname(os.path.abspath(sys.argv[0]))
|
|
|
|
|
# hardcode local and inventory/host as this is just meant to fetch the repo
|
|
|
|
|
cmd = '%s/ansible %s %s -m %s -a "%s" all -l "%s"' % (bin_path, inv_opts, base_opts,
|
|
|
|
|
context.CLIARGS['module_name'],
|
|
|
|
|
repo_opts, limit_opts)
|
|
|
|
|
for ev in context.CLIARGS['extra_vars']:
|
|
|
|
|
cmd += ' -e %s' % shlex_quote(ev)
|
|
|
|
|
|
|
|
|
|
# Nap?
|
|
|
|
|
if context.CLIARGS['sleep']:
|
|
|
|
|
display.display("Sleeping for %d seconds..." % context.CLIARGS['sleep'])
|
|
|
|
|
time.sleep(context.CLIARGS['sleep'])
|
|
|
|
|
|
|
|
|
|
# RUN the Checkout command
|
|
|
|
|
display.debug("running ansible with VCS module to checkout repo")
|
|
|
|
|
display.vvvv('EXEC: %s' % cmd)
|
|
|
|
|
rc, b_out, b_err = run_cmd(cmd, live=True)
|
|
|
|
|
|
|
|
|
|
if rc != 0:
|
|
|
|
|
if context.CLIARGS['force']:
|
|
|
|
|
display.warning("Unable to update repository. Continuing with (forced) run of playbook.")
|
|
|
|
|
else:
|
|
|
|
|
return rc
|
|
|
|
|
elif context.CLIARGS['ifchanged'] and b'"changed": true' not in b_out:
|
|
|
|
|
display.display("Repository has not changed, quitting.")
|
|
|
|
|
return 0
|
|
|
|
|
|
|
|
|
|
playbook = self.select_playbook(context.CLIARGS['dest'])
|
|
|
|
|
if playbook is None:
|
|
|
|
|
raise AnsibleOptionsError("Could not find a playbook to run.")
|
|
|
|
|
|
|
|
|
|
# Build playbook command
|
|
|
|
|
cmd = '%s/ansible-playbook %s %s' % (bin_path, base_opts, playbook)
|
|
|
|
|
if context.CLIARGS['vault_password_files']:
|
|
|
|
|
for vault_password_file in context.CLIARGS['vault_password_files']:
|
Support multiple vault passwords (#22756)
Fixes #13243
** Add --vault-id to name/identify multiple vault passwords
Use --vault-id to indicate id and path/type
--vault-id=prompt # prompt for default vault id password
--vault-id=myorg@prompt # prompt for a vault_id named 'myorg'
--vault-id=a_password_file # load ./a_password_file for default id
--vault-id=myorg@a_password_file # load file for 'myorg' vault id
vault_id's are created implicitly for existing --vault-password-file
and --ask-vault-pass options.
Vault ids are just for UX purposes and bookkeeping. Only the vault
payload and the password bytestring is needed to decrypt a
vault blob.
Replace passing password around everywhere with
a VaultSecrets object.
If we specify a vault_id, mention that in password prompts
Specifying multiple -vault-password-files will
now try each until one works
** Rev vault format in a backwards compatible way
The 1.2 vault format adds the vault_id to the header line
of the vault text. This is backwards compatible with older
versions of ansible. Old versions will just ignore it and
treat it as the default (and only) vault id.
Note: only 2.4+ supports multiple vault passwords, so while
earlier ansible versions can read the vault-1.2 format, it
does not make them magically support multiple vault passwords.
use 1.1 format for 'default' vault_id
Vaulted items that need to include a vault_id will be
written in 1.2 format.
If we set a new DEFAULT_VAULT_IDENTITY, then the default will
use version 1.2
vault will only use a vault_id if one is specified. So if none
is specified and C.DEFAULT_VAULT_IDENTITY is 'default'
we use the old format.
** Changes/refactors needed to implement multiple vault passwords
raise exceptions on decrypt fail, check vault id early
split out parsing the vault plaintext envelope (with the
sha/original plaintext) to _split_plaintext_envelope()
some cli fixups for specifying multiple paths in
the unfrack_paths optparse callback
fix py3 dict.keys() 'dict_keys object is not indexable' error
pluralize cli.options.vault_password_file -> vault_password_files
pluralize cli.options.new_vault_password_file -> new_vault_password_files
pluralize cli.options.vault_id -> cli.options.vault_ids
** Add a config option (vault_id_match) to force vault id matching.
With 'vault_id_match=True' and an ansible
vault that provides a vault_id, then decryption will require
that a matching vault_id is required. (via
--vault-id=my_vault_id@password_file, for ex).
In other words, if the config option is true, then only
the vault secrets with matching vault ids are candidates for
decrypting a vault. If option is false (the default), then
all of the provided vault secrets will be selected.
If a user doesn't want all vault secrets to be tried to
decrypt any vault content, they can enable this option.
Note: The vault id used for the match is not encrypted or
cryptographically signed. It is just a label/id/nickname used
for referencing a specific vault secret.
7 years ago
|
|
|
cmd += " --vault-password-file=%s" % vault_password_file
|
|
|
|
|
if context.CLIARGS['vault_ids']:
|
|
|
|
|
for vault_id in context.CLIARGS['vault_ids']:
|
|
|
|
|
cmd += " --vault-id=%s" % vault_id
|
|
|
|
|
|
|
|
|
|
for ev in context.CLIARGS['extra_vars']:
|
|
|
|
|
cmd += ' -e %s' % shlex_quote(ev)
|
Become plugins (#50991)
* [WIP] become plugins
Move from hardcoded method to plugins for ease of use, expansion and overrides
- load into connection as it is going to be the main consumer
- play_context will also use to keep backwards compat API
- ensure shell is used to construct commands when needed
- migrate settings remove from base config in favor of plugin specific configs
- cleanup ansible-doc
- add become plugin docs
- remove deprecated sudo/su code and keywords
- adjust become options for cli
- set plugin options from context
- ensure config defs are avaialbe before instance
- refactored getting the shell plugin, fixed tests
- changed into regex as they were string matching, which does not work with random string generation
- explicitly set flags for play context tests
- moved plugin loading up front
- now loads for basedir also
- allow pyc/o for non m modules
- fixes to tests and some plugins
- migrate to play objects fro play_context
- simiplify gathering
- added utf8 headers
- moved option setting
- add fail msg to dzdo
- use tuple for multiple options on fail/missing
- fix relative plugin paths
- shift from play context to play
- all tasks already inherit this from play directly
- remove obsolete 'set play'
- correct environment handling
- add wrap_exe option to pfexec
- fix runas to noop
- fixed setting play context
- added password configs
- removed required false
- remove from doc building till they are ready
future development:
- deal with 'enable' and 'runas' which are not 'command wrappers' but 'state flags' and currently hardcoded in diff subsystems
* cleanup
remove callers to removed func
removed --sudo cli doc refs
remove runas become_exe
ensure keyerorr on plugin
also fix backwards compat, missing method is attributeerror, not ansible error
get remote_user consistently
ignore missing system_tmpdirs on plugin load
correct config precedence
add deprecation
fix networking imports
backwards compat for plugins using BECOME_METHODS
* Port become_plugins to context.CLIARGS
This is a work in progress:
* Stop passing options around everywhere as we can use context.CLIARGS
instead
* Refactor make_become_commands as asked for by alikins
* Typo in comment fix
* Stop loading values from the cli in more than one place
Both play and play_context were saving default values from the cli
arguments directly. This changes things so that the default values are
loaded into the play and then play_context takes them from there.
* Rename BECOME_PLUGIN_PATH to DEFAULT_BECOME_PLUGIN_PATH
As alikins said, all other plugin paths are named
DEFAULT_plugintype_PLUGIN_PATH. If we're going to rename these, that
should be done all at one time rather than piecemeal.
* One to throw away
This is a set of hacks to get setting FieldAttribute defaults to command
line args to work. It's not fully done yet.
After talking it over with sivel and jimi-c this should be done by
fixing FieldAttributeBase and _get_parent_attribute() calls to do the
right thing when there is a non-None default.
What we want to be able to do ideally is something like this:
class Base(FieldAttributeBase):
_check_mode = FieldAttribute([..] default=lambda: context.CLIARGS['check'])
class Play(Base):
# lambda so that we have a chance to parse the command line args
# before we get here. In the future we might be able to restructure
# this so that the cli parsing code runs before these classes are
# defined.
class Task(Base):
pass
And still have a playbook like this function:
---
- hosts:
tasks:
- command: whoami
check_mode: True
(The check_mode test that is added as a separate commit in this PR will
let you test variations on this case).
There's a few separate reasons that the code doesn't let us do this or
a non-ugly workaround for this as written right now. The fix that
jimi-c, sivel, and I talked about may let us do this or it may still
require a workaround (but less ugly) (having one class that has the
FieldAttributes with default values and one class that inherits from
that but just overrides the FieldAttributes which now have defaults)
* Revert "One to throw away"
This reverts commit 23aa883cbed11429ef1be2a2d0ed18f83a3b8064.
* Set FieldAttr defaults directly from CLIARGS
* Remove dead code
* Move timeout directly to PlayContext, it's never needed on Play
* just for backwards compat, add a static version of BECOME_METHODS to constants
* Make the become attr on the connection public, since it's used outside of the connection
* Logic fix
* Nuke connection testing if it supports specific become methods
* Remove unused vars
* Address rebase issues
* Fix path encoding issue
* Remove unused import
* Various cleanups
* Restore network_cli check in _low_level_execute_command
* type improvements for cliargs_deferred_get and swap shallowcopy to default to False
* minor cleanups
* Allow the su plugin to work, since it doesn't define a prompt the same way
* Fix up ksu become plugin
* Only set prompt if build_become_command was called
* Add helper to assist connection plugins in knowing they need to wait for a prompt
* Fix tests and code expectations
* Doc updates
* Various additional minor cleanups
* Make doas functional
* Don't change connection signature, load become plugin from TaskExecutor
* Remove unused imports
* Add comment about setting the become plugin on the playcontext
* Fix up tests for recent changes
* Support 'Password:' natively for the doas plugin
* Make default prompts raw
* wording cleanups. ci_complete
* Remove unrelated changes
* Address spelling mistake
* Restore removed test, and udpate to use new functionality
* Add changelog fragment
* Don't hard fail in set_attributes_from_cli on missing CLI keys
* Remove unrelated change to loader
* Remove internal deprecated FieldAttributes now
* Emit deprecation warnings now
5 years ago
|
|
|
if context.CLIARGS['become_ask_pass']:
|
|
|
|
|
cmd += ' --ask-become-pass'
|
|
|
|
|
if context.CLIARGS['skip_tags']:
|
|
|
|
|
cmd += ' --skip-tags "%s"' % to_native(u','.join(context.CLIARGS['skip_tags']))
|
|
|
|
|
if context.CLIARGS['tags']:
|
|
|
|
|
cmd += ' -t "%s"' % to_native(u','.join(context.CLIARGS['tags']))
|
|
|
|
|
if context.CLIARGS['subset']:
|
|
|
|
|
cmd += ' -l "%s"' % context.CLIARGS['subset']
|
|
|
|
|
else:
|
|
|
|
|
cmd += ' -l "%s"' % limit_opts
|
|
|
|
|
if context.CLIARGS['check']:
|
|
|
|
|
cmd += ' -C'
|
|
|
|
|
if context.CLIARGS['diff']:
|
|
|
|
|
cmd += ' -D'
|
|
|
|
|
|
|
|
|
|
os.chdir(context.CLIARGS['dest'])
|
|
|
|
|
|
|
|
|
|
# redo inventory options as new files might exist now
|
|
|
|
|
inv_opts = self._get_inv_cli()
|
|
|
|
|
if inv_opts:
|
|
|
|
|
cmd += inv_opts
|
|
|
|
|
|
|
|
|
|
# RUN THE PLAYBOOK COMMAND
|
|
|
|
|
display.debug("running ansible-playbook to do actual work")
|
|
|
|
|
display.debug('EXEC: %s' % cmd)
|
|
|
|
|
rc, b_out, b_err = run_cmd(cmd, live=True)
|
|
|
|
|
|
|
|
|
|
if context.CLIARGS['purge']:
|
|
|
|
|
os.chdir('/')
|
|
|
|
|
try:
|
|
|
|
|
shutil.rmtree(context.CLIARGS['dest'])
|
|
|
|
|
except Exception as e:
|
|
|
|
|
display.error(u"Failed to remove %s: %s" % (context.CLIARGS['dest'], to_text(e)))
|
|
|
|
|
|
|
|
|
|
return rc
|
|
|
|
|
|
|
|
|
|
@staticmethod
|
|
|
|
|
def try_playbook(path):
|
|
|
|
|
if not os.path.exists(path):
|
|
|
|
|
return 1
|
|
|
|
|
if not os.access(path, os.R_OK):
|
|
|
|
|
return 2
|
|
|
|
|
return 0
|
|
|
|
|
|
|
|
|
|
@staticmethod
|
|
|
|
|
def select_playbook(path):
|
|
|
|
|
playbook = None
|
|
|
|
|
errors = []
|
|
|
|
|
if context.CLIARGS['args'] and context.CLIARGS['args'][0] is not None:
|
|
|
|
|
playbooks = []
|
|
|
|
|
for book in context.CLIARGS['args']:
|
|
|
|
|
book_path = os.path.join(path, book)
|
|
|
|
|
rc = PullCLI.try_playbook(book_path)
|
|
|
|
|
if rc != 0:
|
|
|
|
|
errors.append("%s: %s" % (book_path, PullCLI.PLAYBOOK_ERRORS[rc]))
|
|
|
|
|
continue
|
|
|
|
|
playbooks.append(book_path)
|
|
|
|
|
if 0 < len(errors):
|
|
|
|
|
display.warning("\n".join(errors))
|
|
|
|
|
elif len(playbooks) == len(context.CLIARGS['args']):
|
|
|
|
|
playbook = " ".join(playbooks)
|
|
|
|
|
return playbook
|
|
|
|
|
else:
|
|
|
|
|
fqdn = socket.getfqdn()
|
|
|
|
|
hostpb = os.path.join(path, fqdn + '.yml')
|
|
|
|
|
shorthostpb = os.path.join(path, fqdn.split('.')[0] + '.yml')
|
|
|
|
|
localpb = os.path.join(path, PullCLI.DEFAULT_PLAYBOOK)
|
|
|
|
|
for pb in [hostpb, shorthostpb, localpb]:
|
|
|
|
|
rc = PullCLI.try_playbook(pb)
|
|
|
|
|
if rc == 0:
|
|
|
|
|
playbook = pb
|
|
|
|
|
break
|
|
|
|
|
else:
|
|
|
|
|
errors.append("%s: %s" % (pb, PullCLI.PLAYBOOK_ERRORS[rc]))
|
|
|
|
|
if playbook is None:
|
|
|
|
|
display.warning("\n".join(errors))
|
|
|
|
|
return playbook
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def main(args=None):
|
|
|
|
|
PullCLI.cli_executor(args)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if __name__ == '__main__':
|
|
|
|
|
main()
|