provisioners/ansible: use quotes for the IdentityFile OpenSSH command line arguments

Surprisingly (to me at least), a simple quote enclosure was not enough
to fix the problem.

Caveat: the stringified ansible-playbook command logged in verbose mode
is wrongly formatted (no quotes are escaped).

Fix #6671
This commit is contained in:
Gilles Cornu 2015-12-16 09:54:53 +01:00
parent ac3b24d93e
commit cd93721f8f
3 changed files with 8 additions and 4 deletions

View File

@ -129,6 +129,8 @@ BUG FIXES:
[GH-6586, GH-6552] [GH-6586, GH-6552]
- provisioners/ansible: use quotes for the `ansible_ssh_private_key_file` - provisioners/ansible: use quotes for the `ansible_ssh_private_key_file`
value in the generated inventory [GH-6209] value in the generated inventory [GH-6209]
- provisioners/ansible: use quotes for the IdentityFile OpenSSH command line
arguments [GH-6671]
- provisioners/ansible: don't show the `ansible-playbook` command when verbose - provisioners/ansible: don't show the `ansible-playbook` command when verbose
option is an empty string option is an empty string
- provisioners/chef: fix `nodes_path` for Chef Zero [GH-6025, GH-6049] - provisioners/chef: fix `nodes_path` for Chef Zero [GH-6025, GH-6049]

View File

@ -229,7 +229,9 @@ module VagrantPlugins
# Multiple Private Keys # Multiple Private Keys
unless !config.inventory_path && @ssh_info[:private_key_path].size == 1 unless !config.inventory_path && @ssh_info[:private_key_path].size == 1
@ssh_info[:private_key_path].each do |key| @ssh_info[:private_key_path].each do |key|
ssh_options << "-o IdentityFile=#{key}" # The outer single quotes are required to protect the inner
# double quotes to be stripped by the ssh/shell execution.
ssh_options << "-o IdentityFile='\"#{key}\"'"
end end
end end

View File

@ -604,8 +604,8 @@ VF
it "passes additional Identity Files via ANSIBLE_SSH_ARGS" do it "passes additional Identity Files via ANSIBLE_SSH_ARGS" do
expect(Vagrant::Util::Subprocess).to receive(:execute).with { |*args| expect(Vagrant::Util::Subprocess).to receive(:execute).with { |*args|
cmd_opts = args.last cmd_opts = args.last
expect(cmd_opts[:env]['ANSIBLE_SSH_ARGS']).to include("-o IdentityFile=/an/other/identity") expect(cmd_opts[:env]['ANSIBLE_SSH_ARGS']).to include("-o IdentityFile='\"/an/other/identity\"'")
expect(cmd_opts[:env]['ANSIBLE_SSH_ARGS']).to include("-o IdentityFile=/yet/an/other/key") expect(cmd_opts[:env]['ANSIBLE_SSH_ARGS']).to include("-o IdentityFile='\"/yet/an/other/key\"'")
} }
end end
end end
@ -786,7 +786,7 @@ VF
it "shows the ansible-playbook command, with additional quotes when required" do it "shows the ansible-playbook command, with additional quotes when required" do
expect(machine.env.ui).to receive(:detail).with { |full_command| expect(machine.env.ui).to receive(:detail).with { |full_command|
expect(full_command).to eq("PYTHONUNBUFFERED=1 ANSIBLE_FORCE_COLOR=true ANSIBLE_HOST_KEY_CHECKING=true ANSIBLE_SSH_ARGS='-o IdentitiesOnly=yes -o IdentityFile=/my/key1 -o IdentityFile=/my/key2 -o ForwardAgent=yes -o ControlMaster=no -o ControlMaster=auto -o ControlPersist=60s' ansible-playbook --connection=ssh --timeout=30 --ask-sudo-pass --ask-vault-pass --limit='machine*:&vagrant:!that_one' --inventory-file=#{generated_inventory_dir} --extra-vars=@#{File.expand_path(__FILE__)} --sudo --sudo-user=deployer -vvv --vault-password-file=#{File.expand_path(__FILE__)} --tags=db,www --skip-tags=foo,bar --start-at-task='an awesome task' --why-not --su-user=foot --ask-su-pass --limit='all' --private-key=./myself.key playbook.yml") expect(full_command).to eq("PYTHONUNBUFFERED=1 ANSIBLE_FORCE_COLOR=true ANSIBLE_HOST_KEY_CHECKING=true ANSIBLE_SSH_ARGS='-o IdentitiesOnly=yes -o IdentityFile='\"/my/key1\"' -o IdentityFile='\"/my/key2\"' -o ForwardAgent=yes -o ControlMaster=no -o ControlMaster=auto -o ControlPersist=60s' ansible-playbook --connection=ssh --timeout=30 --ask-sudo-pass --ask-vault-pass --limit='machine*:&vagrant:!that_one' --inventory-file=#{generated_inventory_dir} --extra-vars=@#{File.expand_path(__FILE__)} --sudo --sudo-user=deployer -vvv --vault-password-file=#{File.expand_path(__FILE__)} --tags=db,www --skip-tags=foo,bar --start-at-task='an awesome task' --why-not --su-user=foot --ask-su-pass --limit='all' --private-key=./myself.key playbook.yml")
} }
end end
end end