archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Addresses #6188 Add --vault-password-file to bin/ansible and bin/ansible-playbook

Browse Source
pull/5290/merge
James Tanner 11 years ago
parent 168e3cf685
commit 35def422a3
3 changed files with 48 additions and 4 deletions
Show Stats Download Patch File Download Diff File

24
bin/ansible
Unescape Escape View File

@ -19,6 +19,7 @@
######################################################## ########################################################
import os
import sys import sys
from ansible.runner import Runner from ansible.runner import Runner
@ -75,6 +76,9 @@ class Cli(object):
"and su arguments ('-su', '--su-user', and '--ask-su-pass') are " "and su arguments ('-su', '--su-user', and '--ask-su-pass') are "
"mutually exclusive") "mutually exclusive")
if (options.ask_vault_pass and options.vault_password_file):
parser.error("--ask-vault-pass and --vault-password-file are mutually exclusive")
return (options, args) return (options, args)
# ---------------------------------------------- # ----------------------------------------------
@ -107,14 +111,34 @@ class Cli(object):
sshpass = None sshpass = None
sudopass = None sudopass = None
su_pass = None su_pass = None
vault_pass = None
options.ask_pass = options.ask_pass or C.DEFAULT_ASK_PASS options.ask_pass = options.ask_pass or C.DEFAULT_ASK_PASS
# Never ask for an SSH password when we run with local connection # Never ask for an SSH password when we run with local connection
if options.connection == "local": if options.connection == "local":
options.ask_pass = False options.ask_pass = False
options.ask_sudo_pass = options.ask_sudo_pass or C.DEFAULT_ASK_SUDO_PASS options.ask_sudo_pass = options.ask_sudo_pass or C.DEFAULT_ASK_SUDO_PASS
options.ask_su_pass = options.ask_su_pass or C.DEFAULT_ASK_SU_PASS options.ask_su_pass = options.ask_su_pass or C.DEFAULT_ASK_SU_PASS
options.ask_vault_pass = options.ask_vault_pass or C.DEFAULT_ASK_VAULT_PASS
(sshpass, sudopass, su_pass, vault_pass) = utils.ask_passwords(ask_pass=options.ask_pass, ask_sudo_pass=options.ask_sudo_pass, ask_su_pass=options.ask_su_pass, ask_vault_pass=options.ask_vault_pass) (sshpass, sudopass, su_pass, vault_pass) = utils.ask_passwords(ask_pass=options.ask_pass, ask_sudo_pass=options.ask_sudo_pass, ask_su_pass=options.ask_su_pass, ask_vault_pass=options.ask_vault_pass)
# read vault_pass from a file
if options.vault_password_file:
this_path = os.path.expanduser(options.vault_password_file)
try:
f = open(this_path, "rb")
tmp_vault_pass=f.read()
f.close()
except (OSError, IOError), e:
raise errors.AnsibleError("Could not read %s: %s" % (this_path, e))
# get rid of newline chars
tmp_vault_pass = tmp_vault_pass.strip()
if not options.ask_vault_pass:
vault_pass = tmp_vault_pass
inventory_manager = inventory.Inventory(options.inventory) inventory_manager = inventory.Inventory(options.inventory)
if options.subset: if options.subset:
inventory_manager.subset(options.subset) inventory_manager.subset(options.subset)

18
bin/ansible-playbook
Unescape Escape View File

@ -92,6 +92,9 @@ def main(args):
"and su arguments ('-su', '--su-user', and '--ask-su-pass') are " "and su arguments ('-su', '--su-user', and '--ask-su-pass') are "
"mutually exclusive") "mutually exclusive")
if (options.ask_vault_pass and options.vault_password_file):
parser.error("--ask-vault-pass and --vault-password-file are mutually exclusive")
inventory = ansible.inventory.Inventory(options.inventory) inventory = ansible.inventory.Inventory(options.inventory)
inventory.subset(options.subset) inventory.subset(options.subset)
if len(inventory.list_hosts()) == 0: if len(inventory.list_hosts()) == 0:
@ -110,10 +113,25 @@ def main(args):
options.ask_pass = False options.ask_pass = False
options.ask_sudo_pass = options.ask_sudo_pass or C.DEFAULT_ASK_SUDO_PASS options.ask_sudo_pass = options.ask_sudo_pass or C.DEFAULT_ASK_SUDO_PASS
options.ask_su_pass = options.ask_su_pass or C.DEFAULT_ASK_SU_PASS options.ask_su_pass = options.ask_su_pass or C.DEFAULT_ASK_SU_PASS
options.ask_vault_pass = options.ask_vault_pass or C.DEFAULT_ASK_VAULT_PASS
(sshpass, sudopass, su_pass, vault_pass) = utils.ask_passwords(ask_pass=options.ask_pass, ask_sudo_pass=options.ask_sudo_pass, ask_su_pass=options.ask_su_pass, ask_vault_pass=options.ask_vault_pass) (sshpass, sudopass, su_pass, vault_pass) = utils.ask_passwords(ask_pass=options.ask_pass, ask_sudo_pass=options.ask_sudo_pass, ask_su_pass=options.ask_su_pass, ask_vault_pass=options.ask_vault_pass)
options.sudo_user = options.sudo_user or C.DEFAULT_SUDO_USER options.sudo_user = options.sudo_user or C.DEFAULT_SUDO_USER
options.su_user = options.su_user or C.DEFAULT_SU_USER options.su_user = options.su_user or C.DEFAULT_SU_USER
if options.vault_password_file:
this_path = os.path.expanduser(options.vault_password_file)
try:
f = open(this_path, "rb")
tmp_vault_pass=f.read()
f.close()
except (OSError, IOError), e:
raise errors.AnsibleError("Could not read %s: %s" % (this_path, e))
# get rid of newline chars
tmp_vault_pass = tmp_vault_pass.strip()
if not options.ask_vault_pass:
vault_pass = tmp_vault_pass
extra_vars = {} extra_vars = {}
for extra_vars_opt in options.extra_vars: for extra_vars_opt in options.extra_vars:

10
lib/ansible/utils/__init__.py
Unescape Escape View File

@ -702,10 +702,12 @@ def base_parser(constants=C, usage="", output_opts=False, runas_opts=False,
help='use this file to authenticate the connection') help='use this file to authenticate the connection')
parser.add_option('-K', '--ask-sudo-pass', default=False, dest='ask_sudo_pass', action='store_true', parser.add_option('-K', '--ask-sudo-pass', default=False, dest='ask_sudo_pass', action='store_true',
help='ask for sudo password') help='ask for sudo password')
parser.add_option('--ask-su-pass', default=False, dest='ask_su_pass', parser.add_option('--ask-su-pass', default=False, dest='ask_su_pass', action='store_true',
action='store_true', help='ask for su password') help='ask for su password')
parser.add_option('--ask-vault-pass', default=False, dest='ask_vault_pass', parser.add_option('--ask-vault-pass', default=False, dest='ask_vault_pass', action='store_true',
action='store_true', help='ask for vault password') help='ask for vault password')
parser.add_option('--vault-password-file', default=None, dest='vault_password_file',
help="vault password file")
parser.add_option('--list-hosts', dest='listhosts', action='store_true', parser.add_option('--list-hosts', dest='listhosts', action='store_true',
help='outputs a list of matching hosts; does not execute anything else') help='outputs a list of matching hosts; does not execute anything else')
parser.add_option('-M', '--module-path', dest='module_path', parser.add_option('-M', '--module-path', dest='module_path',

Write Preview
Loading…
Cancel
Save