From 4b896d994503d285d4a386407519f1418645b968 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9my=20G?= Date: Thu, 24 May 2018 14:22:43 +0200 Subject: [PATCH 1/3] ansible_local provisioner tuning example According to @gildegoma in #9863, here's a concrete example about tuning ansible(_local) provisioner. --- .../docs/provisioning/ansible_common.html.md | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/website/source/docs/provisioning/ansible_common.html.md b/website/source/docs/provisioning/ansible_common.html.md index 28848b404..f1597de5d 100644 --- a/website/source/docs/provisioning/ansible_common.html.md +++ b/website/source/docs/provisioning/ansible_common.html.md @@ -80,12 +80,26 @@ Some of these options are for advanced usage only and should not be used unless `ansible-galaxy install --role-file=%{role_file} --roles-path=%{roles_path} --force` + Example: + + ```ruby + Vagrant.configure(2) do |config| + config.vm.box = "centos/7" + config.vm.provision "ansible_local" do |ansible| + ansible.playbook = "/vagrant/playbook.yml" + ansible.galaxy_role_file = "/vagrant/requirements.yml" + ansible.galaxy_role_path = "/etc/ansible/roles" + ansible.galaxy_command = "ansible-galaxy install --force --ignore-certs --role-file=%{role_file} --roles-path=%{roles_path}" + end + end + ``` + - `galaxy_role_file` (string) - The path to the Ansible Galaxy role file. By default, this option is set to `nil` and Galaxy support is then disabled. Note: if an absolute path is given, the `ansible_local` provisioner will assume that it corresponds to the exact location on the guest system. - + - `galaxy_roles_path` (string) - The path to the directory where Ansible Galaxy roles must be installed By default, this option is set to `nil`, which means that the Galaxy roles will be installed in a `roles` subdirectory located in the parent directory of the `playbook` file. From 57f12d115cd8da8aded81d522acc442d3a2a9813 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9my=20G?= Date: Thu, 24 May 2018 14:54:15 +0200 Subject: [PATCH 2/3] Update ansible_common.html.md Added an explanation about locating ansible roles in a non vagrant writeable directory --- website/source/docs/provisioning/ansible_common.html.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/website/source/docs/provisioning/ansible_common.html.md b/website/source/docs/provisioning/ansible_common.html.md index f1597de5d..0f283035a 100644 --- a/website/source/docs/provisioning/ansible_common.html.md +++ b/website/source/docs/provisioning/ansible_common.html.md @@ -89,7 +89,7 @@ Some of these options are for advanced usage only and should not be used unless ansible.playbook = "/vagrant/playbook.yml" ansible.galaxy_role_file = "/vagrant/requirements.yml" ansible.galaxy_role_path = "/etc/ansible/roles" - ansible.galaxy_command = "ansible-galaxy install --force --ignore-certs --role-file=%{role_file} --roles-path=%{roles_path}" + ansible.galaxy_command = "sudo ansible-galaxy install --force --ignore-certs --role-file=%{role_file} --roles-path=%{roles_path}" end end ``` @@ -104,6 +104,8 @@ Some of these options are for advanced usage only and should not be used unless By default, this option is set to `nil`, which means that the Galaxy roles will be installed in a `roles` subdirectory located in the parent directory of the `playbook` file. + Be careful that `ansible-galaxy` command is by default run as vagrant user. Setting `galaxy_roles_path` to a folder like `/etc/ansible/roles` will fail silently : unable to write there, `ansible-galaxy` will extract the role a second time in a `/home/vagrant/.ansible/roles/`. Then if your playbook uses become: true user: root, it will fail with a "role was not found". To work around that, use `ansible.galaxy_command` to include a `sudo ansible-galaxy ...`. + - `groups` (hash) - Set of inventory groups to be included in the [auto-generated inventory file](/docs/provisioning/ansible_intro.html). Example: From f9f0a9ac0d3970eec0c5c9e56e6f6225db6d062e Mon Sep 17 00:00:00 2001 From: Gilles Cornu Date: Fri, 25 May 2018 08:29:12 +0200 Subject: [PATCH 3/3] Ansible Docs: Review and Adapt PR #9864 - Remove undesired blank characters - The examples attached to a specific option must be concise - The original example is a tip for a non-standard use case --- .../docs/provisioning/ansible_common.html.md | 22 ++++-------------- .../docs/provisioning/ansible_local.html.md | 23 +++++++++++++++++++ 2 files changed, 28 insertions(+), 17 deletions(-) diff --git a/website/source/docs/provisioning/ansible_common.html.md b/website/source/docs/provisioning/ansible_common.html.md index 0f283035a..dd95e3b56 100644 --- a/website/source/docs/provisioning/ansible_common.html.md +++ b/website/source/docs/provisioning/ansible_common.html.md @@ -80,32 +80,20 @@ Some of these options are for advanced usage only and should not be used unless `ansible-galaxy install --role-file=%{role_file} --roles-path=%{roles_path} --force` - Example: - - ```ruby - Vagrant.configure(2) do |config| - config.vm.box = "centos/7" - config.vm.provision "ansible_local" do |ansible| - ansible.playbook = "/vagrant/playbook.yml" - ansible.galaxy_role_file = "/vagrant/requirements.yml" - ansible.galaxy_role_path = "/etc/ansible/roles" - ansible.galaxy_command = "sudo ansible-galaxy install --force --ignore-certs --role-file=%{role_file} --roles-path=%{roles_path}" - end - end - ``` - - `galaxy_role_file` (string) - The path to the Ansible Galaxy role file. By default, this option is set to `nil` and Galaxy support is then disabled. Note: if an absolute path is given, the `ansible_local` provisioner will assume that it corresponds to the exact location on the guest system. - + + ```ruby + ansible.galaxy_role_file = "requirements.yml" + ``` + - `galaxy_roles_path` (string) - The path to the directory where Ansible Galaxy roles must be installed By default, this option is set to `nil`, which means that the Galaxy roles will be installed in a `roles` subdirectory located in the parent directory of the `playbook` file. - Be careful that `ansible-galaxy` command is by default run as vagrant user. Setting `galaxy_roles_path` to a folder like `/etc/ansible/roles` will fail silently : unable to write there, `ansible-galaxy` will extract the role a second time in a `/home/vagrant/.ansible/roles/`. Then if your playbook uses become: true user: root, it will fail with a "role was not found". To work around that, use `ansible.galaxy_command` to include a `sudo ansible-galaxy ...`. - - `groups` (hash) - Set of inventory groups to be included in the [auto-generated inventory file](/docs/provisioning/ansible_intro.html). Example: diff --git a/website/source/docs/provisioning/ansible_local.html.md b/website/source/docs/provisioning/ansible_local.html.md index b94b66379..d25318b93 100644 --- a/website/source/docs/provisioning/ansible_local.html.md +++ b/website/source/docs/provisioning/ansible_local.html.md @@ -143,6 +143,29 @@ This section lists the _specific_ options for the Ansible Local provisioner. In ## Tips and Tricks +### Install Galaxy Roles in a path owned by root + +
+ Disclaimer: This tip is not a recommendation to install galaxy roles out of the vagrant user space, especially if you rely on ssh agent forwarding to fetch the roles. +
+ +Be careful that `ansible-galaxy` command is executed by default as vagrant user. Setting `galaxy_roles_path` to a folder like `/etc/ansible/roles` will fail, and `ansible-galaxy` will extract the role a second time in `/home/vagrant/.ansible/roles/`. Then if your playbook uses `become` to run as `root`, it will fail with a _"role was not found"_ error. + +To work around that, you can use `ansible.galaxy_command` to prepend the command with `sudo`, as illustrated in the example below: + +```ruby +Vagrant.configure(2) do |config| + config.vm.box = "centos/7" + config.vm.provision "ansible_local" do |ansible| + ansible.become = true + ansible.playbook = "playbook.yml" + ansible.galaxy_role_file = "requirements.yml" + ansible.galaxy_roles_path = "/etc/ansible/roles" + ansible.galaxy_command = "sudo ansible-galaxy install --role-file=%{role_file} --roles-path=%{roles_path} --force" + end +end +``` + ### Ansible Parallel Execution from a Guest With the following configuration pattern, you can install and execute Ansible only on a single guest machine (the `"controller"`) to provision all your machines.