Ansible Vault support

Add the following options to the Ansible provisioner: - ask_vault_pass - vault_password_file
2014-03-27 16:56:55 +09:00 · 2014-03-27 16:56:55 +09:00 · dd06dffe85
parent bad6537e86
commit dd06dffe85
3 changed files with 40 additions and 30 deletions
--- a/plugins/provisioners/ansible/config.rb
+++ b/plugins/provisioners/ansible/config.rb
@ -5,6 +5,8 @@ module VagrantPlugins
      attr_accessor :extra_vars
      attr_accessor :inventory_path
      attr_accessor :ask_sudo_pass
+      attr_accessor :ask_vault_pass
+      attr_accessor :vault_password_file
      attr_accessor :limit
      attr_accessor :sudo
      attr_accessor :sudo_user
@ -25,6 +27,8 @@ module VagrantPlugins
        @extra_vars          = UNSET_VALUE
        @inventory_path      = UNSET_VALUE
        @ask_sudo_pass       = UNSET_VALUE
+        @ask_vault_pass      = UNSET_VALUE
+        @vault_password_file = UNSET_VALUE
        @limit               = UNSET_VALUE
        @sudo                = UNSET_VALUE
        @sudo_user           = UNSET_VALUE
@ -43,6 +47,8 @@ module VagrantPlugins
        @extra_vars          = nil if @extra_vars == UNSET_VALUE
        @inventory_path      = nil if @inventory_path == UNSET_VALUE
        @ask_sudo_pass       = false unless @ask_sudo_pass == true
+        @ask_vault_pass      = false unless @ask_sudo_pass == true
+        @vault_password_file = nil if @vault_password_file == UNSET_VALUE
        @limit               = nil if @limit == UNSET_VALUE
        @sudo                = false unless @sudo == true
        @sudo_user           = nil if @sudo_user == UNSET_VALUE
--- a/plugins/provisioners/ansible/provisioner.rb
+++ b/plugins/provisioners/ansible/provisioner.rb
@ -44,6 +44,8 @@ module VagrantPlugins
        options << "--sudo-user=#{config.sudo_user}" if config.sudo_user
        options << "#{self.get_verbosity_argument}" if config.verbose
        options << "--ask-sudo-pass" if config.ask_sudo_pass
+        options << "--ask-vault-pass" if config.ask_vault_pass
+        options << "--vault-password-file=#{config.vault_password_file}" if config.vault_password_file
        options << "--tags=#{as_list_argument(config.tags)}" if config.tags
        options << "--skip-tags=#{as_list_argument(config.skip_tags)}" if config.skip_tags
        options << "--limit=#{as_list_argument(config.limit)}" if config.limit
--- a/website/docs/source/v2/provisioning/ansible.html.md
+++ b/website/docs/source/v2/provisioning/ansible.html.md
@ -178,6 +178,8 @@ all of which get passed to the `ansible-playbook` command that ships with Ansibl
 * `ansible.sudo_user` can be set to a string containing a username on the guest who should be used
 by the sudo command.
 * `ansible.ask_sudo_pass` can be set to `true` to require Ansible to prompt for a sudo password.
+* `ansible.ask_vault_pass` can be set to `true` to require Ansible to prompt for a vault password.
+* `ansible.vault_password_file` can be set to a string containing the path of a file containing the password used by Ansible Vault.
 * `ansible.limit` can be set to a string or an array of machines or groups from the inventory file to further control which hosts are affected. Note that:
  * As of Vagrant 1.5, the machine name (taken from Vagrantfile) is set as **default limit** to ensure that `vagrant provision` steps only affect the expected machine. Setting `ansible.limit` will override this default.
  * Setting `ansible.limit = 'all'` can be used to make Ansible connect to all machines from the inventory file.