* Compatibility of gce.py (inventory) with Python 3
* Revert './secrets.py' file check (will import 'secrets' from PYTHONPATH)
Instead of checking if secrets.py exists in the current directory, this
commit will make gce import 'secrets' from one of PYTHONPATH's paths.
There are 2 possibilities:
1. secrets.py will be used if secrets.GCE_PARAMS and
secrets.GCE_KEYWORD_PARAMS are declared.
2. secrets.py will be ignored if secrets.GCE_PARAMS and
secrets.GCE_KEYWORD_PARAMS aren't declared. This could happen in Python
>=3.6 where a module named 'secrets' could be imported if a custom
secrets.py doesn't exist in PYTHONPATH.
Check out https://www.python.org/dev/peps/pep-0506/ and
https://docs.python.org/3/library/secrets.html for more information.
Consolidate the module_utils, constants, and config functions that
convert values into booleans into a single function in module_utils.
Port code to use the module_utils.validate.convert_bool.boolean function
isntead of mk_boolean.
Make pyca/cryptography the preferred backend for cryptographic needs (mainly vault) falling back to pycrypto
pyca/cryptography is already implicitly a dependency in many cases
through paramiko (2.0+) as well as the new openssl_publickey module,
which requires pyOpenSSL 16.0+. Additionally, pyca/cryptography is
an optional dep for better performance with vault already.
This commit leverages cryptography's padding, constant time comparisons,
and CBC/CTR modes to reduce the amount of code ansible needs to
maintain.
* Handle wrong password given for VaultAES format
* Do not display deprecation warning for cryptography on python-2.6
* Namespace all of the pycrypto imports and always import them
Makes unittests better and the code less likely to get stupid mistakes
(like using HMAC from cryptogrpahy when the one from pycrypto is needed)
* Add back in atfork since we need pycrypto to reinitialize its RNG just in case we're being used with old paramiko
* contrib/inventory/gce: Remove spurious require on pycrypto
(cherry picked from commit 9e16b9db275263b3ea8d1b124966fdebfc9ab271)
* Add cryptography to ec2_win_password module requirements
* Fix python3 bug which would pass text strings to a function which
requires byte strings.
* Attempt to add pycrypto version to setup deps
* Change hacking README for dual pycrypto/cryptography
* update dependencies for various CI scripts
* additional CI dockerfile/script updates
* add paramiko to the windows and sanity requirement set
This is needed because ansible lists it as a requirement. Previously
the missing dep wasn't enforced, but cryptography imports pkg_resources
so you can't ignore a requirement any more
* Add integration test cases for old vault and for wrong passwords
* helper script for manual testing of pycrypto/cryptography
* Skip the pycrypto tests so that users without it installed can still run the unittests
* Run unittests for vault with both cryptography and pycrypto backend
* create Ansible groups from host collections
* fix paging logic in _get_json
* replace Satellite with Foreman
* improve comment for environment variables
* enable host collections by default
* use requests params instead of urllib.quote_plus
* disable host collections by default
* change organization filter
* clean up load_cache methods
* remove usage of function defaults
* replace environment variables with host_filters
OpenStack dynamic inventory is still using the deprecated
ansible_ssh_host. This patch adds ansible_host until such
time as ansible_ssh_host is removed
* Do not ask for templates in Brook inventory if they do not exist
* Add availability zone variable to Brook inventory
* Add provider id variable to Brook inventory
* Error output sent to stderr in Brook inventory
* A basic start on an lxd dynamic inventory script
The script is a fairly basic start on an lxd dynamic inventory script. Only tested on ubuntu 16.04 and currently only reports ipv4 container addresses. Improvements to come.
* Updated formatting, indenting and python3 support
Updated to work on python3
* Additional options read from the ini file
Added options for connection and group to the ini file and modified to use these.
Host returned is now the name by default. For non-lxd connection, the ansible_host var is populated with the ip address.
* Additional options for group and connection
* Minor change to re-run tests
* Update module_utils.six to latest
We've been held back on the version of six we could use on the module
side to 1.4.x because of python-2.4 compatibility. Now that our minimum
is Python-2.6, we can update to the latest version of six in
module_utils and get rid of the second copy in lib/ansible/compat.
When specifying a literal whitelist of AWS EC2 regions in the dynamic
inventory configuration file, it should not be necessary to also include
a literal blacklist, especially as the blacklist is not honored in this
case anyway. By reading the literal blacklist only when necessary, it is
possible for a user to provide a more minimal EC2 configuration file.
Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
* EC2 inventory can now connect using an IAM role
* Fix comment indentation
* Make sure that Ec2Inventory.iam_role is always defined
* Add missing import
* Add ads server itself as an host in the inventory
* Comment all value in example
* Add Id in variable list per device
* Centralize code to add device status to variables
* Fix device variable name for blueprint
* Add Nagios livestatus inventory plugin.
* Add new capabilities for the nagios_livestatus inventory:
- host_field: set the name returned (default: 'name')
- group_field: set the field used for group (default: 'groups')
- host_filter: filter host using this filter (default: None)
To be more consistent, prefix was renamed into var_prefix.
* Fix py34 runtests errors against print call.
With this proposed PR, we want to make the use of many ec2 dynamic inventory files more flexible.
We are using multiple AWS accounts. We want to use different ini file (one for every account) and only one ec2.py.
* Use with statement when doing rw on files
* Deserialize file-like object directly instead of a string
For python 2/3 compatibility reasons, per PR feedback.
* adding route53_hostnames option to set the hostnames from route 53
* checking whether the route53_hostnames option is present as suggested by @s-hertel
* setting route53_hostnames to None when config option not present
* skip the to_safe only when using route53_hostnames option, as suggested by @ryansb
* skipping the to_safe strip only for the hostnames that came from route53 as suggested by @ryansb
Allows users to specify a key name in a given project’s `ansible.cfg`
file and thus handle keyring integration with vaults with different
passwords. If no key name is specified, the original default `ansible`
key name will be used.
Other improvements:
* `username` is now optional; defaults to user that invokes the script
* change string interpolation to new `.format()` style
* clean up and expand upon documentation
* enforce PEP 8 compliance
* Add dynamic inventory script and config for Packet.net
* The script and config have been shamelessly cargo
culted from the `ec2.py` and `ec2.ini` dynamic inventory
script.
* This is an initial version and could very well be
enhanced and made better.
Examples:
`PACKET_NET_API_KEY=<MY_AUTH_TOKEN> --list` to get inventory for
all hosts in Packet.net in all projects (defaults to `--list`
if no argument provided).
`PACKET_NET_API_KEY=<MY_AUTH_TOKEN> --host HOST` to get variables
for a single host.
* improvements in Packet host dynamic inventory
Ensure command line profile argument and AWS_PROFILE environment variable
overrides config file
Remove unnecessary `lambda` function
Fix cache file path construction to be more pythonic (and windows-ready)
use inkey attribute in _process_object_types recursive loop to generate key name in skip_keys directive.
This permit to ignore nested variables, for example summary.vm to optimize inventory collect
* vmware_inventory: permit to group by custom field
This permits to create instances, affect some custom fields like EC2 tags and then retrieve groups from custom fields like EC2 inventory
* vmware_inventory: Customize skip_keys & add resourceconfig to skip_keys
Verify if customfield is a str before processing custom fields for a host
* Fix many points reported by PyCharm as PEP 8 code style
* Improve inventory performance by dropping vim.HostSystem & vim.VirtualMachine collect when depth >= 2
* Declare some class variables properly
* Remove some unused variables
* Add documentation in vmware_inventory.ini for VMWARE_USERNAME & VMWARE_PASSWORD env vars
This forces basic auth to be used. Using the normal HTTPPasswordMgrWithDefaultRealm
password manager from urllib2 fails since collins doesn't send a 401 retry on failure.
More about this can be seen here http://stackoverflow.com/questions/2407126/python-urllib2-basic-auth-problem.
I added a small comment about the format of the host so others don't waste time like i did.
- Remove shebangs from:
- ini files
- unit tests
- module_utils
- plugins
- module_docs_fragments
- non-executable Makefiles
- Change non-modules from '/usr/bin/python' to '/usr/bin/env python'.
- Change '/bin/env' to '/usr/bin/env'.
Also removed main functions from unit tests (since they no longer
have a shebang) and fixed a python 3 compatibility issue with
update_bundled.py so it does not need to specify a python 2 shebang.
A script was added to check for unexpected shebangs in files.
This script is run during CI on Shippable.
* [GCE] Caching support for inventory script.
The GCE inventory script now supports reading from a cache rather than making the request each time. The format of the list and host output have not changed.
On script execution, the cache is checked to see if it older than 'cache_max_age', and if so, it is rebuilt (it can also be explicity rebuilt).
To support this functionality, the following have been added.
* Config file (gce.ini) changes: A new 'cache' section has been added to the config file, with 'cache_path' and 'cache_max_age' options to allow for configuration. There are intelligent defaults in place if that section and options are not found in the configuration file.
* Command line argument: A new --refresh-cache argument has been added to force the cache to be rebuild.
* A CloudInventoryCache class, contained in the same file has been added. As a seperate class, it allowed for testing (unit tests not included in this PR) and hopefully could be re-used in the future (it contains borrowed code from other inventory scripts)
* load_inventory_from_cache and do_api_calls_and_update_cache methods (, which were largely lifted from other inventory scripts, in a hope to promote consistency in the future) to determine if the cache is fresh and rebuild if necessary.
* A 'main' check, to support the script being imported and testable.
A new dictionary has been added to the list output, located at ['_meta']['stats'] that informs if the cache was used and how long it took to load the inventory (in 'cache_used' and 'inventory_load_time', respectively).
* fixed default value error; change cache time to 300
This fixes the use of public IPs in the discovered hosts by
ensuring that the use_private_network check doesn't always evaluate
to False if the associated .ini file specifies this option.
Currently the machine_type will not work if the instance type is set in ovirt. In that case, inst.get_instance_type will be an object and will fails while converting to json. This only work if the instance type is not set in ovirt where inst.get_instance_type is a Null value. The current change make sure that correct "instance type" is passed when instance is set in ovirt and Null when it's not set in ovirt.
* vmware_inventory: fix the --host option
* Fix skip_key evaluation
* Short circuit deep dives in datastores and resourcegroups
* Put timestamps in the debug output and add a few more
* Implement a user defined proplist to increase performance
* Make all props into dicts
* Update ini with example
* Fix tests
Trying to preserve the meaning of the examples. Not all occurrences in
`docsite/rst/playbooks_lookups.rst` have been changed for instance to
allow the unchanged examples to be used for testing.
Related to: #17479
* vmware_inventory script improvements
* switch instance finding method to use containerview based searches
* overhaul the serialization method for objects
* Cleanup the debug outputs
* Add a warning about performance
Michael Overmeyer