bootstrap-vz/bootstrapvz/plugins/ansible/tasks.py

from bootstrapvz.base import Task
from bootstrapvz.common.tasks import host
from bootstrapvz.common import phases
from bootstrapvz.common.tools import rel_path
from bootstrapvz.common.tools import log_check_call
import os
import json


class AddRequiredCommands(Task):
    description = 'Adding commands required for provisioning with ansible'
    phase = phases.validation
    successors = [host.CheckExternalCommands]

    @classmethod
    def run(cls, info):
        info.host_dependencies['ansible'] = 'ansible'


class CheckPlaybookPath(Task):
    description = 'Checking whether the playbook path exist'
    phase = phases.validation

    @classmethod
    def run(cls, info):
        from bootstrapvz.common.exceptions import TaskError
        playbook = rel_path(info.manifest.path, info.manifest.plugins['ansible']['playbook'])
        if not os.path.exists(playbook):
            msg = 'The playbook file {playbook} does not exist.'.format(playbook=playbook)
            raise TaskError(msg)
        if not os.path.isfile(playbook):
            msg = 'The playbook path {playbook} does not point to a file.'.format(playbook=playbook)
            raise TaskError(msg)


class AddPackages(Task):
    description = 'Making sure python is installed'
    phase = phases.preparation

    @classmethod
    def run(cls, info):
        info.packages.add('python')


class RunAnsiblePlaybook(Task):
    description = 'Running ansible playbook'
    phase = phases.user_modification

    @classmethod
    def run(cls, info):
        # Extract playbook and directory
        playbook = rel_path(info.manifest.path, info.manifest.plugins['ansible']['playbook'])

        # build the inventory file
        inventory = os.path.join(info.root, 'tmp/bootstrap-inventory')
        with open(inventory, 'w') as handle:
            conn = '{} ansible_connection=chroot'.format(info.root)
            content = ""

            if 'groups' in info.manifest.plugins['ansible']:
                for group in info.manifest.plugins['ansible']['groups']:
                    content += '[{}]\n{}\n'.format(group, conn)
            else:
                content = conn

            handle.write(content)

        # build the ansible command
        cmd = ['ansible-playbook', '-i', inventory, playbook]
        if 'extra_vars' in info.manifest.plugins['ansible']:
            cmd.extend(['--extra-vars', json.dumps(info.manifest.plugins['ansible']['extra_vars'])])
        if 'tags' in info.manifest.plugins['ansible']:
            cmd.extend(['--tags', ','.join(info.manifest.plugins['ansible']['tags'])])
        if 'skip_tags' in info.manifest.plugins['ansible']:
            cmd.extend(['--skip-tags', ','.join(info.manifest.plugins['ansible']['skip_tags'])])
        if 'opt_flags' in info.manifest.plugins['ansible']:
            # Should probably do proper validation on these, but I don't think it should be used very often.
            cmd.extend(info.manifest.plugins['ansible']['opt_flags'])

        # Run and remove the inventory file
        log_check_call(cmd)
        os.remove(inventory)


class RemoveAnsibleSSHUserDir(Task):
    description = 'Removing .ansible directory'
    phase = phases.user_modification
    predecessors = [RunAnsiblePlaybook]

    @classmethod
    def run(cls, info):
        ssh_user = info.manifest.plugins['ansible']['extra_vars']['ansible_ssh_user']
        # os.path.expanduser does not work in a chroot,
        # so we use sh instead
        [ssh_user_home] = log_check_call(['chroot', info.root, 'sh', '-c', 'echo ~' + ssh_user])
        from shutil import rmtree
        # [1:] to remove the leading slash from e.g. /home/ansible
        ansible_dir_path = os.path.join(info.root, ssh_user_home[1:], '.ansible')
        rmtree(ansible_dir_path)
Added an Ansible plugin, which runs a playbook on the chroot before before build completion. NOTE: I'm not doing any validation on the opt_flags param and I don't recommend using for more then adding a -vvvv. Also, I'm purposely excluding the vault flags (which also pretty commonly used) because you shouldn't be baking private keys and certs into your images. Instead, just avoid running the vault specific code or use the opt_flags if absolutely necessary. 2014-12-22 23:01:35 -06:00			`from bootstrapvz.base import Task`
ansible: Check for ansible availability before running 2017-07-14 18:26:52 +02:00			`from bootstrapvz.common.tasks import host`
Added an Ansible plugin, which runs a playbook on the chroot before before build completion. NOTE: I'm not doing any validation on the opt_flags param and I don't recommend using for more then adding a -vvvv. Also, I'm purposely excluding the vault flags (which also pretty commonly used) because you shouldn't be baking private keys and certs into your images. Instead, just avoid running the vault specific code or use the opt_flags if absolutely necessary. 2014-12-22 23:01:35 -06:00			`from bootstrapvz.common import phases`
ansible: Make playbook path relative to manifest 2017-07-14 18:26:25 +02:00			`from bootstrapvz.common.tools import rel_path`
ansible: Add task that removes the $HOME/.ansible directory on guest If ansible_ssh_user is set through extra_vars, ansible will create a .ansible directory in the home dir of that user. However, it will be owned by root, which is not what ansible will be expecting when it is provision through SSH at a later date. 2018-07-19 15:28:33 +02:00			`from bootstrapvz.common.tools import log_check_call`
Added an Ansible plugin, which runs a playbook on the chroot before before build completion. NOTE: I'm not doing any validation on the opt_flags param and I don't recommend using for more then adding a -vvvv. Also, I'm purposely excluding the vault flags (which also pretty commonly used) because you shouldn't be baking private keys and certs into your images. Instead, just avoid running the vault specific code or use the opt_flags if absolutely necessary. 2014-12-22 23:01:35 -06:00			`import os`
ansible: Fix extra_vars so that it actually works Also remove tmp_cmd var and fix manifest schema 2017-07-26 14:09:55 +02:00			`import json`
Added an Ansible plugin, which runs a playbook on the chroot before before build completion. NOTE: I'm not doing any validation on the opt_flags param and I don't recommend using for more then adding a -vvvv. Also, I'm purposely excluding the vault flags (which also pretty commonly used) because you shouldn't be baking private keys and certs into your images. Instead, just avoid running the vault specific code or use the opt_flags if absolutely necessary. 2014-12-22 23:01:35 -06:00

ansible: Check for ansible availability before running 2017-07-14 18:26:52 +02:00			`class AddRequiredCommands(Task):`
			`description = 'Adding commands required for provisioning with ansible'`
			`phase = phases.validation`
			`successors = [host.CheckExternalCommands]`

			`@classmethod`
			`def run(cls, info):`
			`info.host_dependencies['ansible'] = 'ansible'`

ansible hosts -> groups 2017-07-14 19:46:35 +02:00
Added an Ansible plugin, which runs a playbook on the chroot before before build completion. NOTE: I'm not doing any validation on the opt_flags param and I don't recommend using for more then adding a -vvvv. Also, I'm purposely excluding the vault flags (which also pretty commonly used) because you shouldn't be baking private keys and certs into your images. Instead, just avoid running the vault specific code or use the opt_flags if absolutely necessary. 2014-12-22 23:01:35 -06:00			`class CheckPlaybookPath(Task):`
			`description = 'Checking whether the playbook path exist'`
Moving checking tasks to the validation phase 2016-09-12 00:52:10 +02:00			`phase = phases.validation`
Added an Ansible plugin, which runs a playbook on the chroot before before build completion. NOTE: I'm not doing any validation on the opt_flags param and I don't recommend using for more then adding a -vvvv. Also, I'm purposely excluding the vault flags (which also pretty commonly used) because you shouldn't be baking private keys and certs into your images. Instead, just avoid running the vault specific code or use the opt_flags if absolutely necessary. 2014-12-22 23:01:35 -06:00
			`@classmethod`
			`def run(cls, info):`
			`from bootstrapvz.common.exceptions import TaskError`
ansible: Make playbook path relative to manifest 2017-07-14 18:26:25 +02:00			`playbook = rel_path(info.manifest.path, info.manifest.plugins['ansible']['playbook'])`
Added an Ansible plugin, which runs a playbook on the chroot before before build completion. NOTE: I'm not doing any validation on the opt_flags param and I don't recommend using for more then adding a -vvvv. Also, I'm purposely excluding the vault flags (which also pretty commonly used) because you shouldn't be baking private keys and certs into your images. Instead, just avoid running the vault specific code or use the opt_flags if absolutely necessary. 2014-12-22 23:01:35 -06:00			`if not os.path.exists(playbook):`
			`msg = 'The playbook file {playbook} does not exist.'.format(playbook=playbook)`
			`raise TaskError(msg)`
			`if not os.path.isfile(playbook):`
			`msg = 'The playbook path {playbook} does not point to a file.'.format(playbook=playbook)`
			`raise TaskError(msg)`


			`class AddPackages(Task):`
			`description = 'Making sure python is installed'`
			`phase = phases.preparation`

			`@classmethod`
			`def run(cls, info):`
			`info.packages.add('python')`


			`class RunAnsiblePlaybook(Task):`
ansible: Make playbook path relative to manifest 2017-07-14 18:26:25 +02:00			`description = 'Running ansible playbook'`
Fix #204, user_modification phase has been introduced 2015-05-02 12:29:55 +02:00			`phase = phases.user_modification`
Added an Ansible plugin, which runs a playbook on the chroot before before build completion. NOTE: I'm not doing any validation on the opt_flags param and I don't recommend using for more then adding a -vvvv. Also, I'm purposely excluding the vault flags (which also pretty commonly used) because you shouldn't be baking private keys and certs into your images. Instead, just avoid running the vault specific code or use the opt_flags if absolutely necessary. 2014-12-22 23:01:35 -06:00
			`@classmethod`
			`def run(cls, info):`
			`# Extract playbook and directory`
ansible: Make playbook path relative to manifest 2017-07-14 18:26:25 +02:00			`playbook = rel_path(info.manifest.path, info.manifest.plugins['ansible']['playbook'])`
Added an Ansible plugin, which runs a playbook on the chroot before before build completion. NOTE: I'm not doing any validation on the opt_flags param and I don't recommend using for more then adding a -vvvv. Also, I'm purposely excluding the vault flags (which also pretty commonly used) because you shouldn't be baking private keys and certs into your images. Instead, just avoid running the vault specific code or use the opt_flags if absolutely necessary. 2014-12-22 23:01:35 -06:00
			`# build the inventory file`
			`inventory = os.path.join(info.root, 'tmp/bootstrap-inventory')`
			`with open(inventory, 'w') as handle:`
			`conn = '{} ansible_connection=chroot'.format(info.root)`
Fix a slew of indentation & spacing issues 2016-06-04 10:04:23 +02:00			`content = ""`
Added an Ansible plugin, which runs a playbook on the chroot before before build completion. NOTE: I'm not doing any validation on the opt_flags param and I don't recommend using for more then adding a -vvvv. Also, I'm purposely excluding the vault flags (which also pretty commonly used) because you shouldn't be baking private keys and certs into your images. Instead, just avoid running the vault specific code or use the opt_flags if absolutely necessary. 2014-12-22 23:01:35 -06:00
ansible hosts -> groups 2017-07-14 19:46:35 +02:00			`if 'groups' in info.manifest.plugins['ansible']:`
			`for group in info.manifest.plugins['ansible']['groups']:`
			`content += '[{}]\n{}\n'.format(group, conn)`
Fix a slew of indentation & spacing issues 2016-06-04 10:04:23 +02:00			`else:`
			`content = conn`
Added an Ansible plugin, which runs a playbook on the chroot before before build completion. NOTE: I'm not doing any validation on the opt_flags param and I don't recommend using for more then adding a -vvvv. Also, I'm purposely excluding the vault flags (which also pretty commonly used) because you shouldn't be baking private keys and certs into your images. Instead, just avoid running the vault specific code or use the opt_flags if absolutely necessary. 2014-12-22 23:01:35 -06:00
			`handle.write(content)`

			`# build the ansible command`
ansible: Make playbook path relative to manifest 2017-07-14 18:26:25 +02:00			`cmd = ['ansible-playbook', '-i', inventory, playbook]`
ansible: Change tags/skip-tags to be lists and shorten task 2017-07-14 19:23:14 +02:00			`if 'extra_vars' in info.manifest.plugins['ansible']:`
ansible: Fix extra_vars so that it actually works Also remove tmp_cmd var and fix manifest schema 2017-07-26 14:09:55 +02:00			`cmd.extend(['--extra-vars', json.dumps(info.manifest.plugins['ansible']['extra_vars'])])`
ansible: Change tags/skip-tags to be lists and shorten task 2017-07-14 19:23:14 +02:00			`if 'tags' in info.manifest.plugins['ansible']:`
ansible: Fix extra_vars so that it actually works Also remove tmp_cmd var and fix manifest schema 2017-07-26 14:09:55 +02:00			`cmd.extend(['--tags', ','.join(info.manifest.plugins['ansible']['tags'])])`
ansible: Change tags/skip-tags to be lists and shorten task 2017-07-14 19:23:14 +02:00			`if 'skip_tags' in info.manifest.plugins['ansible']:`
ansible: Remove erroneous whitespace 2017-07-26 14:37:24 +02:00			`cmd.extend(['--skip-tags', ','.join(info.manifest.plugins['ansible']['skip_tags'])])`
ansible: Change tags/skip-tags to be lists and shorten task 2017-07-14 19:23:14 +02:00			`if 'opt_flags' in info.manifest.plugins['ansible']:`
Added an Ansible plugin, which runs a playbook on the chroot before before build completion. NOTE: I'm not doing any validation on the opt_flags param and I don't recommend using for more then adding a -vvvv. Also, I'm purposely excluding the vault flags (which also pretty commonly used) because you shouldn't be baking private keys and certs into your images. Instead, just avoid running the vault specific code or use the opt_flags if absolutely necessary. 2014-12-22 23:01:35 -06:00			`# Should probably do proper validation on these, but I don't think it should be used very often.`
ansible: Change tags/skip-tags to be lists and shorten task 2017-07-14 19:23:14 +02:00			`cmd.extend(info.manifest.plugins['ansible']['opt_flags'])`
Added an Ansible plugin, which runs a playbook on the chroot before before build completion. NOTE: I'm not doing any validation on the opt_flags param and I don't recommend using for more then adding a -vvvv. Also, I'm purposely excluding the vault flags (which also pretty commonly used) because you shouldn't be baking private keys and certs into your images. Instead, just avoid running the vault specific code or use the opt_flags if absolutely necessary. 2014-12-22 23:01:35 -06:00
			`# Run and remove the inventory file`
ansible: Make playbook path relative to manifest 2017-07-14 18:26:25 +02:00			`log_check_call(cmd)`
Added an Ansible plugin, which runs a playbook on the chroot before before build completion. NOTE: I'm not doing any validation on the opt_flags param and I don't recommend using for more then adding a -vvvv. Also, I'm purposely excluding the vault flags (which also pretty commonly used) because you shouldn't be baking private keys and certs into your images. Instead, just avoid running the vault specific code or use the opt_flags if absolutely necessary. 2014-12-22 23:01:35 -06:00			`os.remove(inventory)`
ansible: Add task that removes the $HOME/.ansible directory on guest If ansible_ssh_user is set through extra_vars, ansible will create a .ansible directory in the home dir of that user. However, it will be owned by root, which is not what ansible will be expecting when it is provision through SSH at a later date. 2018-07-19 15:28:33 +02:00

			`class RemoveAnsibleSSHUserDir(Task):`
			`description = 'Removing .ansible directory'`
			`phase = phases.user_modification`
			`predecessors = [RunAnsiblePlaybook]`

			`@classmethod`
			`def run(cls, info):`
			`ssh_user = info.manifest.plugins['ansible']['extra_vars']['ansible_ssh_user']`
			`# os.path.expanduser does not work in a chroot,`
			`# so we use sh instead`
			`[ssh_user_home] = log_check_call(['chroot', info.root, 'sh', '-c', 'echo ~' + ssh_user])`
			`from shutil import rmtree`
			`# [1:] to remove the leading slash from e.g. /home/ansible`
			`ansible_dir_path = os.path.join(info.root, ssh_user_home[1:], '.ansible')`
			`rmtree(ansible_dir_path)`