Prior to this commit, Vagrant had no way internally to determine if a
provisioner object was unique if the `name` property was not set.
Because of this, when vagrant went to merge configs it would duplicate
an existing unnamed provisioner since it had no way of determining if a
user actually had added the same provisioner twice. This commit fixes
that by introducing an id which will default to `name` if its set, but
if not will be set by `SecureRandom.uuid`.
Prior to this commit, the ssh communicator would use the default cipher
list in Net::SSH to negociate which ciphers it should use between hosts.
Due to a bug in Net::SSH and the position of the `none` cipher in its
default cipher list, if a host supported the none cipher, but also
only supported other ciphers that came after none in the default list,
it would accept none and attempt to use that cipher instead of the other
supported ciphers. This commit fixes that behavior by copying the
default cipher list from Net::SSH and placing none last in the list so
that other ciphers can be used in the negotiation before attempting to
use the unsecure none cipher.
This commit adds some better handling around the snapshot restore and
delete commands for the virtualbox provider. If a user attempts to restore from
a vm that does not exist, instead of exiting 0 it will raise an
exception saying the virtual machine has not been created yet.
Addtionally, if a user attempts to restore from a snapshot id that does
not exist, instead of printing a complicated exception from the
virtualbox cli tool, it prints a more useful error message telling the
user that the snapshot does not exist.
Prior to this commit, if a user ran the `vagrant ssh -c CMD` command, it
would not allow the user to configure pseudo-terminal allocation. This
commit introduces a -t flag for the `vagrant ssh` command which defaults
to true if not specified.
Prior to this commit, if a user set a URL for the name of a box, vagrant
would not warn the user about using box_url instead. This would lead to
some difficult user experiences around the various box commands due to
the box name being a full URL. This commit introduces a warning to the
user and lets them know to instead use box_url.
This commit adds/changes the following for SmartOS guests:
- modifies the "Halt" capability to use /usr/sbin/poweroff in preference
to /usr/sbin/shutdown with parameters, and modifies the associated
test.
- adds an "InsertPublicKey" capability and tests.
- adds a "RemovePublicKey" capability and tests.
With this commit applied, the vast majority of typical Vagrant workflow
is available to SmartOS global zone guests (provided NFS mounts are used
rather than VMWare shared folders).
Prior to this commit, if a user attempted to use the `vagrant snapshot
save` or `vagrant snapshot list` commands on a vm whose provider did not
support snapshots, it would simply print a warning. This commit changes
that behavior by instead raising an error.
Prior to this commit, the vagrant snapshot plugin would save snapshots
with existing names which lead to duplicate snapshot names being saved.
This commit fixes that by checking to see if the given snapshot name
already exists and if so, fails telling the user the given snapshot name
already exists. If a user passes a --force flag, vagrant will first
delete the existing snapshot, and take a new one with the given name.
Reduce the total number of commands run to configure interfaces. If
a service reload/restart is required, only execute it once instead
of once per device. When nm is managing a device, the explicit up
is not required.
Properly detects NetworkManager on guest as well as devices controlled
by NetworkManager. Provides configuration option to enable/disbale
NetworkManager control on devices.
While VirtualBox has commented that they do not support UNC remote
paths (but do for long paths) it seems that remote paths can work.
If user provides UNC path, allow it to be used as-is.
Fixes#7011
Prevent sending empty data strings to defined blocks handling
stderr and stdout output. These can occur when the garbage
marker is identified and collected data pruned, but no remaining
data is left to send.
Fixes#8259
With the introduction of `pip_args` option, you can easily extend the
`:pip` installation mode behaviour. But some interesting/advanced usages
are still not possible because of the auto-generated parts ("ansible"
package, version selection, and the `--upgrade` flag).
By adding this "pip_args_only" install mode, it will be for instance
possible to:
- install unofficial releases, like release candidates published at
https://releases.ansible.com/
- install more pip packages (e.g. via a `requirements.txt` file), with
hash validation, etc.
Note that there is no config validation that requires `pip_args` option
to be defined when the :pip_args_only mode is selected. This would be
more elegant, and user friendly to raise a configuration error, but this
can wait. At least, running with an empty `pip_args` won't lead to any
command crash, since the rather dummy "pip install" shows an helper
notice and terminates with a zero (0) exit code.
This change is thought as a complement to the changes originally
proposed in pull request GH-8170.
With this new option, it is now possible to pass additional arguments to
pip command when the `install_mode` is "pip".
(@gildegoma reworded the original commit message of pull request GH-8170)
This updates the behavior of the provision action to never run a provisioner
that is specified to "never" run unless it has been explicitly requested. Also
adds test coverage to the provision action.
This allows custom paths that include special characters like `~`
to be properly expanded instead of resulting in joined root path
with special characters included.
Allows checksum validation on downloaded files via Util::Downloader
using MD5 and/or SHA1 checksums. This also integrates checksum validation
support with the shell provisioner for downloaded remote files.
The `pkg_add` command will return `0` when a package requested for
installation is not found. This adds a validation check to ensure
the rsync package is actually installed on the guest.
When configuring network devices force NetworkManager to reload new
configuration files as they appear. This prevents NetworkManager from
attempting to continue managing devices on initial start up.
With this new option defined, the `ansible-galaxy` and
`ansible-playbook` commands generated by the Ansible provisioners will
be executed with the ANSIBLE_CONFIG environment variable set
accordingly.
Resolve GH-7195
This commit also fix the following open issues:
- Implement the pending RSpec examples about path existence checks
performed by the ansible (remote) provisioner.
- In verbose mode, the ansible remote provisioner now correctly displays
the Ansible Galaxy parameters ("role_file" and "roles_path") with
single quotes (which is safer for potential copy-paste usage).
Additional Notes:
- Test coverage for `ansible_local` provisioner is still not
implemented. See GH-6633.
- Test coverage for galaxy from host is not implemented yet (due to
general issue with mocking both command executions, see
https://github.com/mitchellh/vagrant/pull/6529#r45278451
Note that error messages were not adapted, and only mention
a generic "Ansible Software" when executed commands are failing.
We assume that people using the `playbook_command` option are
advanced users that will know all the components to be considered.
Add failing networking interface list sorting test with example
provided by #7883. Update sorting logic to properly handle different
types and differing array lengths.
Fixes#7883
The ansible-playbook command is currently hardcoded for the ansible and
ansible_local provisioners. This patch adds the config option
playbook_command to allow the user to change the command.
- Honour `ssh.proxy_command` setting (even when the Docker provider is
used via a proxy host). Silly configurations may lead to silly
behaviors, but let's apply the settings...
- Remove condition on `provider_config.connect_via_ssh`, which is
a provider specific parameter (from vagrant-libvirt provider).
- Add a simple unit test
This commit adds tests for possible future regressions for the bug fixed
in the commit: "Fix Vagrant not prioritizing configured providers
correctly".
Two very similar tests were added because whether the bug manifests
or not depends on the order in which the provider dictionary keys
are iterated, which is specific to the dictionary implementation.
Changes introduced in 982af05 caused the RDP configuration file to be written
with all settings on one line instead of one setting per line. The Microsoft
Remote Desktop client for OS X rejects these configuration files as being
malformed. This patch restores the configuration to one line per setting and
adds tests to guard against regression.
This adds a new environmental variable `VAGRANT_BOX_UPDATE_CHECK_DISABLE`,
which instructs Vagrant to not check for box updates when running
regular Vagrant commands. This behaves the same as the existing
`config.vm.box_update_check` configuration option, but can be set
globally. Vagrantfile-supplied options will take precedence.
Fixes GH-7479
This commit include the following changes:
- systematically set ANSIBLE_ROLES_PATH environment variable when
galaxy_roles_path is defined.
- slightly refactor to introduce the concept of "provisioning working
directory" (possible usage in the future for resolving GH-7195)
- fix a bug in ansible-galaxy execution by the ansible_local provisioner
if the paths contains blank characters.
Fix#7269
These changes have been validated against the following guest systems:
- Debian 7 and 8
- Ubuntu 12.04, 14.04 and 16.04
- Fedora 21 and 23
- CentOS 7
- OracleLinux 7
- Scientific Linux 7
At the moment, the pip setup (via get-pip.py script) is not working for
RHEL6-like systems (CentOS 6.6, OracleLinux 6.5, Scientific Linux 6),
because Python 2.6 has been deprecated and is no longer supported by
Python core team. I consider this limitation with low priority in
Vagrant context.
The `:pip` install_mode is currently not implemented for the following
platforms:
- OpenSUSE
- ArchLinux
- FreeBSD
Known Issue: By using get-pip.py script, any previous pip installation
will be most probably overrided. This could be an issue for Python
developers who would prefer to keep their base box setup untouched. In
future iteration, it could be possible to choose to reinstall/upgrade
pip or not. issue for Python developers who would prefer to keep their
base box setup untouched. In future iteration, it could be possible to
choose to reinstall/upgrade pip or not.
Resolve GH-6654
Resolve GH-7167 as the `version` option is now considered to select the
version of Ansible to be installed.
Previously this was very complicated trying to flip between Ruby and
bash. This commit uses a single bash command that decides between yum
and dnf in the script itself.
This commit refactors the freebsd networking to:
1. Use predictable network naming
2. Properly handle DHCP vs static networks on up and reload [GH-5852]
3. Perform all networking configuration in a single command to prevent
partial configuration.
This updates the guest capabilities to run in as few communicator
commands as possible. Additionally, it fixes a number of issues around
hostname and idempotency.
This patch was tested against:
- puphpet/debian75-x64
- debian/jessie64
- debian/wheezy64
with custom networking, custom hostname, and rsync shared folders.
This commit does a few things:
1. Make the hostname update idempotent with `grep -w`
2. Add the given hostname to `/etc/hosts` as recommended by the docs
3. Add missing tests
This commit updates the procedure for configuring arch networks to occur
in a single command. Previously, each network was configured
independently. If, for some reason, one of the networks destroyed the
SSH connection, the box would be irrecoverable. This commit does not
alleviate that behavior, but attempts to mitigate it by running all
network-related configuration commands in a single communicator (SSH)
session.
The new procedure looks like this:
1. Upload a temp file to /tmp/vagrant-network-id... for each interface
on the guest.
2. Compile a commands array (of bash) to execute after all network
configurations have been uploaded.
3. Concatenate all the commands together in a single communicator
session.
This was tested against `terrywant/archlinux` using the following Vagrantfile:
```ruby
Vagrant.configure(2) do |config|
config.vm.box = "terrywang/archlinux"
config.vm.hostname = "banana-ramama.example.com"
config.vm.network "private_network", type: "dhcp"
config.vm.network "private_network", ip: "33.33.33.10"
config.vm.provision "file", source: "Vagrantfile", destination: "/tmp/vf"
config.vm.provision "shell", inline: "echo hi"
end
```
This commit updates the procedure for changing the hostname on arch
guests to occur in a single command. Previously, setting the hostname
and adding the value of the hostname to the /etc/hosts file was done in
two different uploads. This reduces the cycle to a single upload, making
provisioning a bit faster.
Additionally, this changes the behavior of the /etc/hosts file to:
1. Not remove localhost as an alias of 127.0.0.1
2. Prepend our custom hostname before localhost
The resulting /etc/hosts file will look something like:
127.0.0.1 my-host.example.com my-host
127.0.0.1 localhost.mydomain localhost
Tested against `terrywang/archlinux` using the following Vagrantfile:
```ruby
Vagrant.configure(2) do |config|
config.vm.box = "terrywang/archlinux"
config.vm.hostname = "banana-ramama.example.com"
config.vm.network "private_network", type: "dhcp"
config.vm.network "private_network", ip: "33.33.33.10"
config.vm.provision "file", source: "Vagrantfile", destination: "/tmp/vf"
config.vm.provision "shell", inline: "echo hi"
end
```
With this change, the presence of Ansible configuration files (like
playbook file, inventory path, galaxy role file, etc.) is no longer
performed by the `config` classes, but by the `provisioner` classes
(at the beginning of the provision command).
This change fixes several issues:
- Resolve#6984 as `provision` method are only executed when remote
(ssh) communication with the guest machine is possible.
- Resolve#6763 in a better way than 4e451c6 initially did.
- Improve the general provisioner speed since the `config` checks are
actually triggered by many vagrant actions (e.g. `destroy`,...), and
can also be triggered multiple times during a vagrant run (e.g. on
callback request made by the machine provider).
Unlike the former `config`-based checks, the provision action won't
collect all the invalid options, but only report the first invalid
option found and abort the execution.
Some unit tests were not implemented yet to save my scarce "open source
contribution time" for other important issues, but they should be done
at last via GH-6633.
This adds a new core command, `docker-exec`, which allows the user to
exec into an already-running container.
- Fixes#6566
- Fixes#5193
- Fixes#4904
- Fixes#4057
- Fixes#4179
- Fixes#4903
This commit changes Vagrant::Util::Platform to cache the result of some
common operations. These values are highly unlikely to change over the
course of a single Vagrant run and they are only cached for that run.
This commit changes the way ports are aggregated in the Docker provider.
Previously ports were aggregated by their "number", but that is not a
truly unique representation. Instead, the protocol is now taken into
account when generating the port map.
Fixes GH-5527
Changes:
- Add "config" unit tests for `ansible_local` (guest)
- Share some "config" examples between both ansible provisioners
- Move `config_host.rb` specific examples to `config/host.rb`
- Add a requirement to "../helpers" in `config/guest.rb` in order to be
able to run the related unit tests
References:
- This is the first part of GH-6633 resolution
- This change is a handy prerequisite for GH-6570
Not addressed yet:
- FIXME (guest.rb): Some test-double stubs are currently not working as
expected, and the related checks are commented out for the moment
(no idea why, but this is not urgent to be fixed because of GH-7335
rejection. See also GH-6984)
- FIXME (shared.rb): The guest-based config should actually NOT return
an error when the extra_vars file cannot be found, but only display a
a warning (similarly to the changes done for GH-6763, see 4e451c6)
This fixes a fairly large tempfile leak. Vagrant uses a template
renderer to write network configuration files locally to disk. Then,
that temporarily file is uploaded to the remote host and moved into
place. Since Vagrant is such a short-lived process, GC never came along
and cleaned up those tempfiles, resulting in many temporary files being
created through regular Vagrant usage.
The Util::Tempfile class uses a block to ensure the temporary file is
deleted when the block finishes. This API required small tweaks to the
usage, but provides more safety to ensure the files are deleted.
This commit attempts to uniquely identify the temporary files and
directories that are created during test runs. Where it was a quick
fix, this commit also removes the temporary files and directories.
There are still a ton of temporary files due to calls to
.isolated_environment in the tests without an easy API an easy way
to provide a closer to that function.
With this change, the `raw_arguments` and `raw_ssh_args` options are:
- STILL automatically converted as an Array when they are set a String
(no behaviour change)
- rejected if they are not of Array data type otherwise
Additional Notes:
- the 'as_array' tiny helper has been removed since it was no longer
used.
- there is for now no deeper validation (i.e. verifying that the Array
elements are only *String* objects)
With cb80286a4a, the helper function
stringify_ansible_playbook_command was also applied on the
`raw_arguments` content, which is not wanted. Given that users have used
the `raw_arguments` option as a workaround to avoid the bug GH-6726,
this new change ensure that any `--extra-vars` option passed as a raw
argument won't be additonally enquoted by the ansible_local
provisioner.
This change also improves the ansible remote provisioner verbose output,
but has no impact on its behaviour, which was already correct.
Note that this refactoring introduces some code duplications that are not
very elegant (see ansible_playbook_command_for_shell_execution in
host.rb and execute_ansible_playbook_from_host in base.rb). I hope we
can find a better implementation later, but it is good enough for now
since all these parts are covered by corresponding unit tests (the
`ansible_local` stuff being tested via the verbose output of the ansible
remote provisioner).
Before this minor change, the '--limit' and '--start-at-task'
ansible-playbook command line arguments were enclosed into single
quotes. Using double quotes adds a bit more flexibility, especially
about the task name referred by `start_at_task` option.
It also aligns with the handling of the '--extra-vars' parameter
(see cb80286).
Without this change, the JSON string generated from the `extra_vars`
Ruby hash is passed without enclosing quotes and is then not parseable
by the ansible-playbook command when exectuted in a usual shell context.
In this changeset, the ansible (remote) unit test coverage is improved
to cover both usage of `extra_vars` (ansible_local unit tests are still
missing).
Additional Notes:
- Double quotes are favored to single quotes in order to allow usage of
any character for the variable values. For this reason additional
escaping is appended to JSON-inner double quotes and backslashes.
- This problem was not affecting the `ansible` remote provisioner
(which is running the ansible-playbook command via the childprocess
Ruby library). But with this change, the `verbose` output will also
now be correct for a copy-paste reuse.
- After this change, all the "--extra-vars" arguments (also a var
file passed with the @-syntax or anything coming via the
`raw_arguments` option) are "blindly" and systematically enclosed
in double quoted and double-escaped.
This is not optimal and can potentially break with peculiar values
(e.g. a double quote character (") cannot be used in a json value
when using `raw_arguments`). That said, I think that the current
solution is a reasonable trade-off, since the official `extra_vars`
option should now be able to cover a great majority of use cases.
Fix#6726
Previously the default channel was "current", but after discussion with
@coderanger on GH-6979, it seems like this was a poor design decision.
Instead, we should use the stable channel and allow users to opt-in to
prerelease versions.
Fixes GH-6979
In cd93721, I relied on a suprising combination of quotes to protect ssh
execution to strip the quoted path to the private key file.
Since any ssh command line argument can be passed via
`ANSIBLE_SSH_ARGS`, it is quite more readable and easy to rely on the
`-i` argument, which is not affected like `-o IdentityFile=...` and also
supports multiple occurences.
See also http://sourceforge.net/p/fuse/mailman/message/30498048/
Finally fix#6671
Note that I decided to not squash both commits for better
documentation and traceability.
Surprisingly (to me at least), a simple quote enclosure was not enough
to fix the problem.
Caveat: the stringified ansible-playbook command logged in verbose mode
is wrongly formatted (no quotes are escaped).
Fix#6671
Set the IPv6 adapter IP to be <prefix>::1. Otherwise, guest to host
communication over IPv6 is not routed correctly. This means that
consumers should not specify <prefix>::1 IP addresses to VirtualBox,
which should be a reasonable restriction.
Fixes#6658
Vagrant should only consider the host-only interfaces used by the
virtual machine in the IPv6 fixup code. There may be other interfaces
present on the system with IPv6 addresses that for various reasons
would fail the routing check (for example, an interface with no
machines attached).
The patch changes the behavior to not scan all of the host-only
interfaces and adds a unit test for the behavior (that the correct IP
is validated).
Lastly, there is a small fix here that may not be an issue for most
people where the IPv6 prefix was asummed to be a multiple of 16 for
the purposes of constructing the UDP probe datagram. This assumption
has been removed.
Fixes#6586
With the introduction of inventory variables, group members provided as
String are not splitted (by ' ') into an array (instead of
auto-conversion to a single-item array).
String and Symbol types are different when used as a Hash key. By
default the Vagrant machine names are set in Symbol format, but users
may write their `host_vars` entries with String keys. This is a very
simple way to ensure smooth experience, without having to coerce the
data types during the config validation (e.g. with a library like
Hashie, which is currently not in the Vagrant dependencies)
See also:
- https://bugs.ruby-lang.org/issues/5964#note-17
- https://github.com/intridea/hashie#keyconversion
This helps with some confusion caused in GH-2538, since the output says:
> Running cleanup tasks for 'shell' provisioner...
But that's actually not true. It is running the cleanup tasks iff the
provisioner defined a cleanup task. This commit changes the
provisioner_cleanup middleware to only run cleanup tasks if the subclass
defines a cleanup task.
The reason we can't just check if the provisioner `respond_to?` the
`cleanup` method is because the parent provisioner base class (which
all provisioners inherit from) defines a blank cleanup method. This is
important because it means we never risk calling an unimplemented
cleanup function, and it also helps define the public API for a
provisioner.
At the moment, the vagrant ssh username is used as default username when
force_remote_user option is disabled, even for winrm-communiating
machines. This could be improved in the future, but people hitting this
problem can easily work around it by syncing `config.ssh.unsername` and
`config.winrm.username` in their Vagrantfile.
ref #5086
This is required because the Chef Server almost always needs a node name to
interact. This will default to the hostname, but that's always going to be
`vagrant.vm`, which will collide easily.
This generates a random hostname with `vagrant-` as the prefix and stores the
result in the machine's data directory.
This fixes GH-6395 by only appending the access_token once. It also fixes a
bug that was never reported. If a user supplied an access_token for a box URL,
Vagrant would silently overwrite it.
After this commit, Vagrant only appends an access_token to the URL if no
value exists at the key.