Commit Graph

170 Commits

Author SHA1 Message Date
Gilles Cornu 8c0df3d046
provisioners/ansible: Move `version` to common options
Before this change, only the ansible_local provisioner supported this
option (for ansible version requirement, and pip installation). Now, the
ansible host-based provisioner can also require a exact ansible version.

Resolve #8914

Note: this has been added as part of #6570 resolution, since the
introduction of the `compatibility_mode` auto-detection made both
provisioners made capable to detect ansible version.

Pending: optimize the code to avoid duplicated executions of "ansible
--version" command.
2017-09-06 17:12:35 +02:00
Gilles Cornu a327e34861
provisioners/ansible: Validate compatibility_mode
- Use `'auto'` instead of `nil` for the auto-detection mode
- Add strict validation and related error message
2017-09-06 17:12:32 +02:00
Gilles Cornu 8834afbd8e
provisioners/ansible(both): Add compatibility mode
With this change, it is now possible to get rid of many deprecation
messages successively introduced in Ansible 1.9, and 2.0. More
interesting, the generated inventory will contain the recommended
variable names (e.g. `ansible_host` instead of `ansible_ssh_host`)
when the compatibility mode is set to '2.0'.

Details:

- Add `compatibility_mode` option to control the Ansible parameters
  format to be used. The value corresponds to the minimal version
  supported. For the moment, possible values are '1.8' (corresponding to
  Vagrant's former behaviour) or '2.0'.
  Note that a dynamic inventory generated in compatibility mode '2.0'
  is not supported by Ansible 1.x. On the other hand, Ansible 2.x so far
  supports inventory format generated by the compatibility mode '1.8'.

- Add compatibility mode auto-detection, based on the available Ansible
  version. This is the default behaviour in order to bring a maximum of
  user friendliness. The drawback of this approach is to let potential
  compatibility breaking risks, for `ansible` provisioner setups that
  already integrate Ansible 2.x **AND** rely on the existence of
  the generated `_ssh` variable names. Thanks to the vagrant warnings
  (and its release notes), I argue that it is worth to offer
  auto-detection by default, which offers a sweet transition to most
  users.

- Add `become`, `become_user` and `ask_become_pass` options and their
  backwards compatible aliases. The legacy options are now deprecated.

Note that we intentionally didn't provide a '1.9' compatibility mode,
as it would add extra-complexity for practically no added-value.
To my knowledge, the Ansible 2.x series haven't introduced yet any major
changes or deprecations that would motivate to introduce a higher
version compatibility mode (to be confirmed/verified).

Resolve GH-6570

Still Pending:

- Optimization: Reduce the number of `ansible` command executions.
  Currently two exec calls will be performed when the compatibility
  mode auto-detection is enabled (i.e. by default). We could make the
  provisioner a little bit smarter to only execute `ansible` only once
  in any situation (by combining "presence" and "version" checks).

- User-friendliness: Add better validator on `compatibility_mode`
  option, and shows a warning or an error instead of the silent
  fallback on the auto-detection modus.

- Test coverage: All the added behaviours are not fully covered yet.
2017-09-06 17:12:22 +02:00
Gilles Cornu e09848ca59
provisioners/ansible_local: Shellescape extra-vars
Fix #7735

Further work for proper shell-escaping of other ansible-playbook and
ansible-galaxy command line arguments will be addressed via #8949.
2017-09-06 16:30:40 +02:00
Gilles Cornu b741ff7999
provisoners/ansible(both): Accept 'all:vars'
The patterns "all" is a special keyword that target all hosts in the
inventory. Therefore it makes sense to accept "all:vars" as a group
variable name. Note that "*:vars" pattern is not valid in an Ansible
inventory.
See http://docs.ansible.com/ansible/latest/intro_patterns.html#patterns

Fix #7730
2017-09-03 18:41:06 +02:00
Brian Cain 773c4fff13 Fixup util/ssh and ansible/provisioner tests 2017-07-17 10:21:26 -07:00
Tomoyuki Sakurai a76dfc7b37 as `key` is a file path, it must be quoted 2017-07-14 10:38:07 -07:00
Tomoyuki Sakurai fe3674e169 another '-i' was used here 2017-07-14 10:34:57 -07:00
Chris Roberts 6906dbc558 Merge pull request #8467 from MartinNowak/patch-1
fix `config.ssh.keys_only = false` for ansible
2017-06-14 16:54:24 -07:00
Andreas Olsson f6a9dcdd6f Catch pip_args in FreeBSD's and SUSE's ansible_install
While neither the FreeBSD provisioner nor the SUSE provisioner support
installing Ansible using pip their ansible_install methods still get
called with that fourth argument. The result being these errors when
Vagrant tries to install Ansible.

    /opt/vagrant/embedded/gems/gems/vagrant-1.9.5/plugins/provisioners/ansible/cap/guest/freebsd/ansible_install.rb:10:in `ansible_install': wrong number of arguments (4 for 3) (ArgumentError)
    /opt/vagrant/embedded/gems/gems/vagrant-1.9.5/plugins/provisioners/ansible/cap/guest/suse/ansible_install.rb:9:in `ansible_install': wrong number of arguments (4 for 3) (ArgumentError)

The Arch provider, it too without pip support, already catches the
pip_args argument this way.
2017-06-14 21:01:44 +02:00
Martin Nowak 1ca247f516 fix `config.ssh.keys_only = false` for ansible
Also see #5017.
2017-04-12 12:31:00 +02:00
Gilles Cornu 80d105cf8c
ansible_local: Add the :pip_args_only install mode
With the introduction of `pip_args` option, you can easily extend the
`:pip` installation mode behaviour. But some interesting/advanced usages
are still not possible because of the auto-generated parts ("ansible"
package, version selection, and the `--upgrade` flag).

By adding this "pip_args_only" install mode, it will be for instance
possible to:
- install unofficial releases, like release candidates published at
  https://releases.ansible.com/
- install more pip packages (e.g. via a `requirements.txt` file), with
  hash validation, etc.

Note that there is no config validation that requires `pip_args` option
to be defined when the :pip_args_only mode is selected. This would be
more elegant, and user friendly to raise a configuration error, but this
can wait. At least, running with an empty `pip_args` won't lead to any
command crash, since the rather dummy "pip install" shows an helper
notice and terminates with a zero (0) exit code.

This change is thought as a complement to the changes originally
proposed in pull request GH-8170.
2017-03-24 17:35:34 +01:00
Gilles Cornu b40d347944
ansible_local: Polish the new `pip_args` option
Ref GH-8170
2017-03-24 00:01:17 +01:00
James Carr 7e2e5654ed
ansible_local: Add `pip_args` option
With this new option, it is now possible to pass additional arguments to
pip command when the `install_mode` is "pip".

(@gildegoma reworded the original commit message of pull request GH-8170)
2017-03-24 00:01:14 +01:00
Gilles Cornu 8caed8ea16 Merge pull request #7918 from mitchellh/gildegoma/fix-7195
Add `config_file` option to both Ansible provisioners
2016-11-15 08:29:30 +01:00
Gilles Cornu b9174895a5
provisioners/ansible (minor): Fix alphabetical order of base attributes
This point was missed in #6627.
2016-10-23 20:46:30 +02:00
Gilles Cornu a842abbc38
provisioners/ansible(both): Add config_file option
With this new option defined, the `ansible-galaxy` and
`ansible-playbook` commands generated by the Ansible provisioners will
be executed with the ANSIBLE_CONFIG environment variable set
accordingly.

Resolve GH-7195

This commit also fix the following open issues:
- Implement the pending RSpec examples about path existence checks
  performed by the ansible (remote) provisioner.
- In verbose mode, the ansible remote provisioner now correctly displays
  the Ansible Galaxy parameters ("role_file" and "roles_path") with
  single quotes (which is safer for potential copy-paste usage).

Additional Notes:
- Test coverage for `ansible_local` provisioner is still not
  implemented. See GH-6633.
- Test coverage for galaxy from host is not implemented yet (due to
  general issue with mocking both command executions, see
  https://github.com/mitchellh/vagrant/pull/6529#r45278451
2016-10-22 01:09:12 +02:00
Gilles Cornu d56cf55a89
provisioners/ansible_local: Use quotes for path checking
Without this fix, the ansible_local provisioner fails to check the
existence of a filesystem path that contains a blank/space character.
2016-10-21 16:44:18 +02:00
Gilles Cornu 432f79339c
provisioners/ansible(base): Add parenthesis for better readability
Make more evident on what the "if modifiers" (aka trailing conditionals) apply.
2016-10-21 16:43:37 +02:00
Gilles Cornu a55590b84f
provisioners/ansible_local: Change binary detection
- Remove `ansible-galaxy` detection, since this command was introduced
  in Ansible 1.4.2 (December 2013). Checking for `ansible-playbook`
  presence should therefore be enough for any "modern" Ansible setup.
- Look for the command defined by the new `playbook_command` option.

Related to GH-7881 and GH-7536
2016-10-10 23:24:19 +02:00
Gilles Cornu b1ddc98e17
Merge pull request #7881 (Add playbook_command option)
Note that error messages were not adapted, and only mention
a generic "Ansible Software" when executed commands are failing.
We assume that people using the `playbook_command` option are
advanced users that will know all the components to be considered.
2016-10-10 23:18:24 +02:00
Gilles Cornu 26e8bdc1f1
Merge pull request #7536 2016-10-10 23:03:00 +02:00
Daniel Gonzalez 58f2b0c8c7 Make ansible-playbook command configurable
The ansible-playbook command is currently hardcoded for the ansible and
ansible_local provisioners. This patch adds the config option
playbook_command to allow the user to change the command.
2016-10-09 20:48:50 +02:00
Gilles Cornu e8cf9bb168
provisioners/ansible: review pull request #7752
- Honour `ssh.proxy_command` setting (even when the Docker provider is
  used via a proxy host). Silly configurations may lead to silly
  behaviors, but let's apply the settings...
- Remove condition on `provider_config.connect_via_ssh`, which is
  a provider specific parameter (from vagrant-libvirt provider).
- Add a simple unit test
2016-09-21 23:40:20 +02:00
Dmitry Vasilets a1d78edaf8
changes after review 2016-09-21 23:40:15 +02:00
Dmitry Vasilets a943f67da1
support ansible for remote servers and vm 2016-09-21 23:39:43 +02:00
Hanno Heinrichs 10775a3b4a More robust Ansible detection for local Ansible provisioner 2016-06-30 12:58:36 +02:00
Gilles Cornu a7dfc73b85 provisioners/ansible: honor galaxy_roles_path when running ansible-playbook
This commit include the following changes:
- systematically set ANSIBLE_ROLES_PATH environment variable when
  galaxy_roles_path is defined.
- slightly refactor to introduce the concept of "provisioning working
  directory" (possible usage in the future for resolving GH-7195)
- fix a bug in ansible-galaxy execution by the ansible_local provisioner
  if the paths contains blank characters.

Fix #7269
2016-06-11 07:28:05 +02:00
Gilles Cornu 6ee8bb6a84 provisioners/ansible_local: Fix Fedora/RedHat "default" installation mode
With bb9dba56ac, I introduced a pitiful
regression in "rpm-based" Ansible installation (via yum or dnf).

This fix is part of GH-6654
2016-06-09 19:16:47 +02:00
Gilles Cornu 6ee69e3150 Merge pull request #7190 from electrofelix/ansible-parallel-race
Fix a race condition in the concurrent generations of the ansible inventory file, while running `vagrant up --parallel`.

Closes GH-6526
2016-06-09 14:56:03 +02:00
Gilles Cornu eb1e8f8673 provisioners/ansible(both): apply ruby 2.x style
Use Ruby 2.0 syntax for named parameters and hash entries.
2016-06-08 23:53:58 +02:00
Gilles Cornu d57b7201c4 provisioners/ansible_local: align code style
Remove parenthesis to all "machine.communicate." method calls in the
"cap/guest" files...
2016-06-08 23:53:58 +02:00
Gilles Cornu bb9dba56ac provisioners/ansible_local: add "pip" install_mode
These changes have been validated against the following guest systems:
- Debian 7 and 8
- Ubuntu 12.04, 14.04 and 16.04
- Fedora 21 and 23
- CentOS 7
- OracleLinux 7
- Scientific Linux 7

At the moment, the pip setup (via get-pip.py script) is not working for
RHEL6-like systems (CentOS 6.6, OracleLinux 6.5, Scientific Linux 6),
because Python 2.6 has been deprecated and is no longer supported by
Python core team. I consider this limitation with low priority in
Vagrant context.

The `:pip` install_mode is currently not implemented for the following
platforms:
- OpenSUSE
- ArchLinux
- FreeBSD

Known Issue: By using get-pip.py script, any previous pip installation
will be most probably overrided. This could be an issue for Python
developers who would prefer to keep their base box setup untouched. In
future iteration, it could be possible to choose to reinstall/upgrade
pip or not. issue for Python developers who would prefer to keep their
base box setup untouched. In future iteration, it could be possible to
choose to reinstall/upgrade pip or not.

Resolve GH-6654

Resolve GH-7167 as the `version` option is now considered to select the
version of Ansible to be installed.
2016-06-08 23:53:58 +02:00
Gilles Cornu a7ee56459b provisioners/ansible(both): fix ansible config files presence checks
With this change, the presence of Ansible configuration files (like
playbook file, inventory path, galaxy role file, etc.) is no longer
performed by the `config` classes, but by the `provisioner` classes
(at the beginning of the provision command).

This change fixes several issues:

- Resolve #6984 as `provision` method are only executed when remote
  (ssh) communication with the guest machine is possible.
- Resolve #6763 in a better way than 4e451c6 initially did.
- Improve the general provisioner speed since the `config` checks are
  actually triggered by many vagrant actions (e.g. `destroy`,...), and
  can also be triggered multiple times during a vagrant run (e.g. on
  callback request made by the machine provider).

Unlike the former `config`-based checks, the provision action won't
collect all the invalid options, but only report the first invalid
option found and abort the execution.

Some unit tests were not implemented yet to save my scarce "open source
contribution time" for other important issues, but they should be done
at last via GH-6633.
2016-06-01 06:40:23 +02:00
Seth Vargo 49ce775b53
Prefix tempfiles with vagrant- 2016-05-31 00:18:16 -04:00
Seth Vargo 7014aa3bab
Remove custom tempfile class
This is not actually providing any additional utility and also causes
namespace conflicts with people trying to use the real Tempfile class.
2016-05-30 23:21:47 -04:00
Gilles Cornu 8190fba872 provisoners/ansible: improve config test coverage
Changes:

- Add "config" unit tests for `ansible_local` (guest)
- Share some "config" examples between both ansible provisioners
- Move `config_host.rb` specific examples to `config/host.rb`
- Add a requirement to "../helpers" in `config/guest.rb` in order to be
  able to run the related unit tests

References:

- This is the first part of GH-6633 resolution
- This change is a handy prerequisite for GH-6570

Not addressed yet:

- FIXME (guest.rb): Some test-double stubs are currently not working as
  expected, and the related checks are commented out for the moment
  (no idea why, but this is not urgent to be fixed because of GH-7335
  rejection. See also GH-6984)
- FIXME (shared.rb): The guest-based config should actually NOT return
  an error when the extra_vars file cannot be found, but only display a
  a warning (similarly to the changes done for GH-6763, see 4e451c6)
2016-05-29 17:01:37 +02:00
Seth Vargo 5a4f345363
Use Util::Tempfile when configuring networks
This fixes a fairly large tempfile leak. Vagrant uses a template
renderer to write network configuration files locally to disk. Then,
that temporarily file is uploaded to the remote host and moved into
place. Since Vagrant is such a short-lived process, GC never came along
and cleaned up those tempfiles, resulting in many temporary files being
created through regular Vagrant usage.

The Util::Tempfile class uses a block to ensure the temporary file is
deleted when the block finishes. This API required small tweaks to the
usage, but provides more safety to ensure the files are deleted.
2016-05-28 23:22:34 -04:00
Gilles Cornu cf908d35e0 provisioners/ansible_local: Run galaxy from `provisioning_path` directory
Since it is now possible to specify some Galaxy settings in an
`ansible.cfg` file, it makes sense to run `ansible-galaxy` from the
same working directory as `ansible-playbook` execution does.

See http://docs.ansible.com/ansible/intro_configuration.html#galaxy-settings
2016-04-24 00:26:59 +02:00
Gilles Cornu b2286388f0 provisioners/ansible: add basic config validators
With this change, the `raw_arguments` and `raw_ssh_args` options are:
- STILL automatically converted as an Array when they are set a String
  (no behaviour change)
- rejected if they are not of Array data type otherwise

Additional Notes:
- the 'as_array' tiny helper has been removed since it was no longer
  used.
- there is for now no deeper validation (i.e. verifying that the Array
  elements are only *String* objects)
2016-04-20 23:54:19 +02:00
Gilles Cornu ab036ddd0b provisioners/ansible: don't format raw_arguments
With cb80286a4a, the helper function
stringify_ansible_playbook_command was also applied on the
`raw_arguments` content, which is not wanted. Given that users have used
the `raw_arguments` option as a workaround to avoid the bug GH-6726,
this new change ensure that any `--extra-vars` option passed as a raw
argument won't be additonally enquoted by the ansible_local
provisioner.

This change also improves the ansible remote provisioner verbose output,
but has no impact on its behaviour, which was already correct.

Note that this refactoring introduces some code duplications that are not
very elegant (see ansible_playbook_command_for_shell_execution in
host.rb and execute_ansible_playbook_from_host in base.rb). I hope we
can find a better implementation later, but it is good enough for now
since all these parts are covered by corresponding unit tests (the
`ansible_local` stuff being tested via the verbose output of the ansible
remote provisioner).
2016-04-20 23:50:42 +02:00
Darragh Bailey cae0bfdf9d provisioners/ansible: Replace inventory file instead of modify
When updating the inventory, write to a temp file and replace the
original once writing is complete, to allow for an atomic replacement
of the contents.

Ensures that ansible reading an inventory file will get either the old
or new contents, but never the truncated version of the file that
appears should you open it with 'w' mode set to replace the contents.

Solves the 'provided hosts list is empty' error, which is emitted by
ansible should it manage to be reading the inventory file just as it
was truncated, but before the new contents were flushed to disk.

Partially-Fixes: #6526
2016-03-31 17:44:20 +01:00
Gilles Cornu 47c0833277 ansible_local: use double quotes instead of single quotes
Before this minor change, the '--limit' and '--start-at-task'
ansible-playbook command line arguments were enclosed into single
quotes. Using double quotes adds a bit more flexibility, especially
about the task name referred by `start_at_task` option.

It also aligns with the handling of the '--extra-vars' parameter
(see cb80286).
2016-03-05 17:25:54 +01:00
Gilles Cornu cb80286a4a ansible_local: put json extra-vars in double quotes
Without this change, the JSON string generated from the `extra_vars`
Ruby hash is passed without enclosing quotes and is then not parseable
by the ansible-playbook command when exectuted in a usual shell context.

In this changeset, the ansible (remote) unit test coverage is improved
to cover both usage of `extra_vars` (ansible_local unit tests are still
missing).

Additional Notes:

 - Double quotes are favored to single quotes in order to allow usage of
   any character for the variable values. For this reason additional
   escaping is appended to JSON-inner double quotes and backslashes.

 - This problem was not affecting the `ansible` remote provisioner
   (which is running the ansible-playbook command via the childprocess
   Ruby library). But with this change, the `verbose` output will also
   now be correct for a copy-paste reuse.

 - After this change, all the "--extra-vars" arguments (also a var
   file passed with the @-syntax or anything coming via the
   `raw_arguments` option) are "blindly" and systematically enclosed
   in double quoted and double-escaped.
   This is not optimal and can potentially break with peculiar values
   (e.g. a double quote character (") cannot be used in a json value
   when using `raw_arguments`). That said, I think that the current
   solution is a reasonable trade-off, since the official `extra_vars`
   option should now be able to cover a great majority of use cases.

Fix #6726
2016-03-05 17:24:28 +01:00
Gilles Cornu 4e451c6e99 provisioners/ansible_local: fix #6763
Before this change, the detection of a non-existing path on the guest
machine was considered as an error and lead to interrupt the current vagrant
action. This was actually a mistake to do so, since the config checks
are performed before many other vagrant actions than `provision`.
The config.validate phase is also intended to primarily check the options
sanity, but it cannot be too strict with the guest state (which can easily
get "out of automatic control").

With this change, we still apply these checks (when possible), but only warn
about possible configuration problems. This way, the subsequent
statements will happen anyway (e.g. ansible commands will be
executed, vagrant machine will be destroyed, etc.)
2016-01-17 11:27:23 +01:00
Gilles Cornu c2c1a443fd Merge commit 'refs/pull/upstream/6869' into gildegoma/ansible-bug-fixes
Fix #6793
2016-01-14 00:05:33 +01:00
Daniel Schreiber 9dbdb9397a fixing incorrect missing ansible error
At least for ansible 2.0.0.1 the command `ansible-galaxy --help` is inappropriate for testing if ansible is installed, as it yields an error:

```
vagrant@vagrant-ubuntu-trusty-64:~$ ansible-galaxy --help && echo "OK"          
Usage: ansible-galaxy [delete|import|info|init|install|list|login|remove|search|setup] [--help] [options] ...

Options:
  -h, --help     show this help message and exit
  -v, --verbose  verbose mode (-vvv for more, -vvvv to enable connection
                 debugging)
  --version      show program's version number and exit
ERROR! Missing required action
```
2016-01-13 23:05:39 +01:00
Gilles Cornu 1e38be237e provisioners/ansible: fix galaxy paths on Windows
Close #6757 and update previous fix for #6740 (#6741).

See also these places where the same regexp is used to address similar
"Windows cases":

 - ec85548bd6/plugins/provisioners/chef/provisioner/chef_solo.rb (L99-L103)
 - ec85548bd6/plugins/guests/windows/cap/rsync.rb (L6-L9)
2016-01-05 08:22:10 +01:00
char16t 07f3d0b00d Fix #6740: Ansible local provisioner: remove windows drive letter from path 2015-12-27 12:01:45 +03:00
Gilles Cornu ddbd2a4cfc provisioners/ansible: prefer ssh '-i' argument
In cd93721, I relied on a suprising combination of quotes to protect ssh
execution to strip the quoted path to the private key file.
Since any ssh command line argument can be passed via
`ANSIBLE_SSH_ARGS`, it is quite more readable and easy to rely on the
`-i` argument, which is not affected like `-o IdentityFile=...` and also
supports multiple occurences.

See also http://sourceforge.net/p/fuse/mailman/message/30498048/

Finally fix #6671

Note that I decided to not squash both commits for better
documentation and traceability.
2015-12-16 10:29:13 +01:00