Fixes#8991.
1. When remote executing scripts one should always call powershell with
1a. "-NonInteractive", in order to prevent interactive prompts from leading to an endless waiting time for the script to return
1b. "-NoProfile", in order to prevent the loading of unknown custom profiles before execution of the script which could have unintended side effects
2. During my tests I constantly ran into 408 timeouts when downloading the salt binaries. I've prevented that by adding a simple retry mechanism and an error exit in case of multiple failures. Without this change the bootstrap script never returned (and neither did vagrant up)
Output format of ui.info method (bold text) makes reading long script outputs really heavy on the eyes. ui.detail is a better match for this type of output.
- Keep the Programming Errors with corresponding Exception class and
en.yml message template. Fix the alphabetical order in errors.rb by
the way.
- Fix English wording in the documentation and en.yml messages
- Use StandardError for unknown error rescuing.
Thanks @chrisroberts!
Vagrant will verify that the current Ansible version does support the
requested compatibility mode (only applicable if not "auto", of course).
As mentioned in the documentation, there is no sanity checks between
`version` option and `compatibility_mode` option.
With this change, the host-based provisioner is also improved to
execute only once the "ansible" command (and store the gathered
information for multiple usages like version requirement and
compatibility checks). On the other hand, the guest-based provisioner
can still potentially execute "ansible" twice (once in the
AnsibleInstalled cap, and via "gather_ansible_version" function via
Base::set_compatibility_mode).
Before this change, only the ansible_local provisioner supported this
option (for ansible version requirement, and pip installation). Now, the
ansible host-based provisioner can also require a exact ansible version.
Resolve#8914
Note: this has been added as part of #6570 resolution, since the
introduction of the `compatibility_mode` auto-detection made both
provisioners made capable to detect ansible version.
Pending: optimize the code to avoid duplicated executions of "ansible
--version" command.
With this change, it is now possible to get rid of many deprecation
messages successively introduced in Ansible 1.9, and 2.0. More
interesting, the generated inventory will contain the recommended
variable names (e.g. `ansible_host` instead of `ansible_ssh_host`)
when the compatibility mode is set to '2.0'.
Details:
- Add `compatibility_mode` option to control the Ansible parameters
format to be used. The value corresponds to the minimal version
supported. For the moment, possible values are '1.8' (corresponding to
Vagrant's former behaviour) or '2.0'.
Note that a dynamic inventory generated in compatibility mode '2.0'
is not supported by Ansible 1.x. On the other hand, Ansible 2.x so far
supports inventory format generated by the compatibility mode '1.8'.
- Add compatibility mode auto-detection, based on the available Ansible
version. This is the default behaviour in order to bring a maximum of
user friendliness. The drawback of this approach is to let potential
compatibility breaking risks, for `ansible` provisioner setups that
already integrate Ansible 2.x **AND** rely on the existence of
the generated `_ssh` variable names. Thanks to the vagrant warnings
(and its release notes), I argue that it is worth to offer
auto-detection by default, which offers a sweet transition to most
users.
- Add `become`, `become_user` and `ask_become_pass` options and their
backwards compatible aliases. The legacy options are now deprecated.
Note that we intentionally didn't provide a '1.9' compatibility mode,
as it would add extra-complexity for practically no added-value.
To my knowledge, the Ansible 2.x series haven't introduced yet any major
changes or deprecations that would motivate to introduce a higher
version compatibility mode (to be confirmed/verified).
Resolve GH-6570
Still Pending:
- Optimization: Reduce the number of `ansible` command executions.
Currently two exec calls will be performed when the compatibility
mode auto-detection is enabled (i.e. by default). We could make the
provisioner a little bit smarter to only execute `ansible` only once
in any situation (by combining "presence" and "version" checks).
- User-friendliness: Add better validator on `compatibility_mode`
option, and shows a warning or an error instead of the silent
fallback on the auto-detection modus.
- Test coverage: All the added behaviours are not fully covered yet.
The patterns "all" is a special keyword that target all hosts in the
inventory. Therefore it makes sense to accept "all:vars" as a group
variable name. Note that "*:vars" pattern is not valid in an Ansible
inventory.
See http://docs.ansible.com/ansible/latest/intro_patterns.html#patternsFix#7730
This commit aligns how the file provisioner should work on all host
machines. It ensures that a `/.` is only applied if the user intended
to upload a folder to a destination under a different name. It ensures
that if uploading to a windows guest with a different destination folder
name, it does not nest the source folder under that name so that it
works the same as it does on linux platforms. It also updates the
behavior of the winrm upload communicator by allowing an array of paths
to be uploaded instead of a single file or folder to allow for this new
functionality for windows guests.
This commit introduces the salt_arg option that allows a user to pass
additional command line flags to the `salt` tool when provisioning with
a master setup.
It also adds additional config validation to ensure that both
`salt_args` and `salt_call_args` is an array.
Prior to this commit, if a user passed in a script that was frozen,
the shell provisioner would fail to modify the script to replace line
endings for windows because the string was immutable. This commit fixes
that by dup'ing the string so that it can have its line endings replaced
Prior to this commit, if a user set the `destination` path to include a
space, the `shell_expand_guest_path` function would remove that space
and return a partial path. This commit updates that to quote the path to
be expanded to preserve the entire path.
Prior to this commit, if a file provisioner block was ran twice with a
folder on a remote host, due to how scp works, it would first copy over
that folder, and then on the second action it would copy an identical
folder nested within the first one. While this is 'intended' behavior
with scp, it is unexpected behavior for the file provisioner. This
commit updates the file provisioner to first ensure that the directory
to be copied exists on the remote host prior to copying, and then the
destination dir has been changed to the directory that the destination
will be copied to, rather than the exact directly that includes the
folder from the host to prevent the nested folder behavior.
Prior to this commit, because of how the bootstrap salt shell file
worked, if github could not be resolved, the installer script would fail
silently with an exit code 0 because `sh` would evalute without any
errors and the curl exit code would be ignored. This commit splits out
the installer to first attempt to save the bash installer, and if it
exists, execute it.
Prior to this commit, the puppet provisioner would use the manifest dir
flag when running `puppet apply`. Not only is this flag redundant due to
how puppet apply works, but it is also deprecated in Puppet 4 and
removed in Puppet 5. This commit simply removes the flag when invoking
`puppet apply`.
Prior to this commit, if a user attempted to configure
`/etc/default/docker` through vagrant prior to installation, the package
manager would not override an existing configuration and installing
docker would then fail. This commit fixes this by introducing a
`post_install_provisioner` that allows users to define a provisioner
block that will run after docker has been installed, allowing users to
configure `/etc/default/docker` how they want.
While neither the FreeBSD provisioner nor the SUSE provisioner support
installing Ansible using pip their ansible_install methods still get
called with that fourth argument. The result being these errors when
Vagrant tries to install Ansible.
/opt/vagrant/embedded/gems/gems/vagrant-1.9.5/plugins/provisioners/ansible/cap/guest/freebsd/ansible_install.rb:10:in `ansible_install': wrong number of arguments (4 for 3) (ArgumentError)
/opt/vagrant/embedded/gems/gems/vagrant-1.9.5/plugins/provisioners/ansible/cap/guest/suse/ansible_install.rb:9:in `ansible_install': wrong number of arguments (4 for 3) (ArgumentError)
The Arch provider, it too without pip support, already catches the
pip_args argument this way.
With the introduction of `pip_args` option, you can easily extend the
`:pip` installation mode behaviour. But some interesting/advanced usages
are still not possible because of the auto-generated parts ("ansible"
package, version selection, and the `--upgrade` flag).
By adding this "pip_args_only" install mode, it will be for instance
possible to:
- install unofficial releases, like release candidates published at
https://releases.ansible.com/
- install more pip packages (e.g. via a `requirements.txt` file), with
hash validation, etc.
Note that there is no config validation that requires `pip_args` option
to be defined when the :pip_args_only mode is selected. This would be
more elegant, and user friendly to raise a configuration error, but this
can wait. At least, running with an empty `pip_args` won't lead to any
command crash, since the rather dummy "pip install" shows an helper
notice and terminates with a zero (0) exit code.
This change is thought as a complement to the changes originally
proposed in pull request GH-8170.
With this new option, it is now possible to pass additional arguments to
pip command when the `install_mode` is "pip".
(@gildegoma reworded the original commit message of pull request GH-8170)
Allows checksum validation on downloaded files via Util::Downloader
using MD5 and/or SHA1 checksums. This also integrates checksum validation
support with the shell provisioner for downloaded remote files.
With this new option defined, the `ansible-galaxy` and
`ansible-playbook` commands generated by the Ansible provisioners will
be executed with the ANSIBLE_CONFIG environment variable set
accordingly.
Resolve GH-7195
This commit also fix the following open issues:
- Implement the pending RSpec examples about path existence checks
performed by the ansible (remote) provisioner.
- In verbose mode, the ansible remote provisioner now correctly displays
the Ansible Galaxy parameters ("role_file" and "roles_path") with
single quotes (which is safer for potential copy-paste usage).
Additional Notes:
- Test coverage for `ansible_local` provisioner is still not
implemented. See GH-6633.
- Test coverage for galaxy from host is not implemented yet (due to
general issue with mocking both command executions, see
https://github.com/mitchellh/vagrant/pull/6529#r45278451
- Remove `ansible-galaxy` detection, since this command was introduced
in Ansible 1.4.2 (December 2013). Checking for `ansible-playbook`
presence should therefore be enough for any "modern" Ansible setup.
- Look for the command defined by the new `playbook_command` option.
Related to GH-7881 and GH-7536
Note that error messages were not adapted, and only mention
a generic "Ansible Software" when executed commands are failing.
We assume that people using the `playbook_command` option are
advanced users that will know all the components to be considered.
The ansible-playbook command is currently hardcoded for the ansible and
ansible_local provisioners. This patch adds the config option
playbook_command to allow the user to change the command.
Changes introduced in #7207 removed the logic to handle the
`minion_id` configuration. This commit addresses that regression
by including the `--id #{@config.minion_id}` flag everywhere that
`--local` is used (as it had done before).
I'm not totally in love with the `get_masterless` abstraction here,
so if someone has a better suggestion I'll happily change it.
Fixes#7454
- Honour `ssh.proxy_command` setting (even when the Docker provider is
used via a proxy host). Silly configurations may lead to silly
behaviors, but let's apply the settings...
- Remove condition on `provider_config.connect_via_ssh`, which is
a provider specific parameter (from vagrant-libvirt provider).
- Add a simple unit test
This commit include the following changes:
- systematically set ANSIBLE_ROLES_PATH environment variable when
galaxy_roles_path is defined.
- slightly refactor to introduce the concept of "provisioning working
directory" (possible usage in the future for resolving GH-7195)
- fix a bug in ansible-galaxy execution by the ansible_local provisioner
if the paths contains blank characters.
Fix#7269
These changes have been validated against the following guest systems:
- Debian 7 and 8
- Ubuntu 12.04, 14.04 and 16.04
- Fedora 21 and 23
- CentOS 7
- OracleLinux 7
- Scientific Linux 7
At the moment, the pip setup (via get-pip.py script) is not working for
RHEL6-like systems (CentOS 6.6, OracleLinux 6.5, Scientific Linux 6),
because Python 2.6 has been deprecated and is no longer supported by
Python core team. I consider this limitation with low priority in
Vagrant context.
The `:pip` install_mode is currently not implemented for the following
platforms:
- OpenSUSE
- ArchLinux
- FreeBSD
Known Issue: By using get-pip.py script, any previous pip installation
will be most probably overrided. This could be an issue for Python
developers who would prefer to keep their base box setup untouched. In
future iteration, it could be possible to choose to reinstall/upgrade
pip or not. issue for Python developers who would prefer to keep their
base box setup untouched. In future iteration, it could be possible to
choose to reinstall/upgrade pip or not.
Resolve GH-6654
Resolve GH-7167 as the `version` option is now considered to select the
version of Ansible to be installed.
With this change, the presence of Ansible configuration files (like
playbook file, inventory path, galaxy role file, etc.) is no longer
performed by the `config` classes, but by the `provisioner` classes
(at the beginning of the provision command).
This change fixes several issues:
- Resolve#6984 as `provision` method are only executed when remote
(ssh) communication with the guest machine is possible.
- Resolve#6763 in a better way than 4e451c6 initially did.
- Improve the general provisioner speed since the `config` checks are
actually triggered by many vagrant actions (e.g. `destroy`,...), and
can also be triggered multiple times during a vagrant run (e.g. on
callback request made by the machine provider).
Unlike the former `config`-based checks, the provision action won't
collect all the invalid options, but only report the first invalid
option found and abort the execution.
Some unit tests were not implemented yet to save my scarce "open source
contribution time" for other important issues, but they should be done
at last via GH-6633.