provisioners/ansible: use quotes for the IdentityFile OpenSSH command line arguments
Surprisingly (to me at least), a simple quote enclosure was not enough to fix the problem. Caveat: the stringified ansible-playbook command logged in verbose mode is wrongly formatted (no quotes are escaped). Fix #6671
This commit is contained in:
parent
ac3b24d93e
commit
cd93721f8f
|
@ -129,6 +129,8 @@ BUG FIXES:
|
||||||
[GH-6586, GH-6552]
|
[GH-6586, GH-6552]
|
||||||
- provisioners/ansible: use quotes for the `ansible_ssh_private_key_file`
|
- provisioners/ansible: use quotes for the `ansible_ssh_private_key_file`
|
||||||
value in the generated inventory [GH-6209]
|
value in the generated inventory [GH-6209]
|
||||||
|
- provisioners/ansible: use quotes for the IdentityFile OpenSSH command line
|
||||||
|
arguments [GH-6671]
|
||||||
- provisioners/ansible: don't show the `ansible-playbook` command when verbose
|
- provisioners/ansible: don't show the `ansible-playbook` command when verbose
|
||||||
option is an empty string
|
option is an empty string
|
||||||
- provisioners/chef: fix `nodes_path` for Chef Zero [GH-6025, GH-6049]
|
- provisioners/chef: fix `nodes_path` for Chef Zero [GH-6025, GH-6049]
|
||||||
|
|
|
@ -229,7 +229,9 @@ module VagrantPlugins
|
||||||
# Multiple Private Keys
|
# Multiple Private Keys
|
||||||
unless !config.inventory_path && @ssh_info[:private_key_path].size == 1
|
unless !config.inventory_path && @ssh_info[:private_key_path].size == 1
|
||||||
@ssh_info[:private_key_path].each do |key|
|
@ssh_info[:private_key_path].each do |key|
|
||||||
ssh_options << "-o IdentityFile=#{key}"
|
# The outer single quotes are required to protect the inner
|
||||||
|
# double quotes to be stripped by the ssh/shell execution.
|
||||||
|
ssh_options << "-o IdentityFile='\"#{key}\"'"
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -604,8 +604,8 @@ VF
|
||||||
it "passes additional Identity Files via ANSIBLE_SSH_ARGS" do
|
it "passes additional Identity Files via ANSIBLE_SSH_ARGS" do
|
||||||
expect(Vagrant::Util::Subprocess).to receive(:execute).with { |*args|
|
expect(Vagrant::Util::Subprocess).to receive(:execute).with { |*args|
|
||||||
cmd_opts = args.last
|
cmd_opts = args.last
|
||||||
expect(cmd_opts[:env]['ANSIBLE_SSH_ARGS']).to include("-o IdentityFile=/an/other/identity")
|
expect(cmd_opts[:env]['ANSIBLE_SSH_ARGS']).to include("-o IdentityFile='\"/an/other/identity\"'")
|
||||||
expect(cmd_opts[:env]['ANSIBLE_SSH_ARGS']).to include("-o IdentityFile=/yet/an/other/key")
|
expect(cmd_opts[:env]['ANSIBLE_SSH_ARGS']).to include("-o IdentityFile='\"/yet/an/other/key\"'")
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -786,7 +786,7 @@ VF
|
||||||
|
|
||||||
it "shows the ansible-playbook command, with additional quotes when required" do
|
it "shows the ansible-playbook command, with additional quotes when required" do
|
||||||
expect(machine.env.ui).to receive(:detail).with { |full_command|
|
expect(machine.env.ui).to receive(:detail).with { |full_command|
|
||||||
expect(full_command).to eq("PYTHONUNBUFFERED=1 ANSIBLE_FORCE_COLOR=true ANSIBLE_HOST_KEY_CHECKING=true ANSIBLE_SSH_ARGS='-o IdentitiesOnly=yes -o IdentityFile=/my/key1 -o IdentityFile=/my/key2 -o ForwardAgent=yes -o ControlMaster=no -o ControlMaster=auto -o ControlPersist=60s' ansible-playbook --connection=ssh --timeout=30 --ask-sudo-pass --ask-vault-pass --limit='machine*:&vagrant:!that_one' --inventory-file=#{generated_inventory_dir} --extra-vars=@#{File.expand_path(__FILE__)} --sudo --sudo-user=deployer -vvv --vault-password-file=#{File.expand_path(__FILE__)} --tags=db,www --skip-tags=foo,bar --start-at-task='an awesome task' --why-not --su-user=foot --ask-su-pass --limit='all' --private-key=./myself.key playbook.yml")
|
expect(full_command).to eq("PYTHONUNBUFFERED=1 ANSIBLE_FORCE_COLOR=true ANSIBLE_HOST_KEY_CHECKING=true ANSIBLE_SSH_ARGS='-o IdentitiesOnly=yes -o IdentityFile='\"/my/key1\"' -o IdentityFile='\"/my/key2\"' -o ForwardAgent=yes -o ControlMaster=no -o ControlMaster=auto -o ControlPersist=60s' ansible-playbook --connection=ssh --timeout=30 --ask-sudo-pass --ask-vault-pass --limit='machine*:&vagrant:!that_one' --inventory-file=#{generated_inventory_dir} --extra-vars=@#{File.expand_path(__FILE__)} --sudo --sudo-user=deployer -vvv --vault-password-file=#{File.expand_path(__FILE__)} --tags=db,www --skip-tags=foo,bar --start-at-task='an awesome task' --why-not --su-user=foot --ask-su-pass --limit='all' --private-key=./myself.key playbook.yml")
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue