This commit does a few things:
1. Make the hostname update idempotent with `grep -w`
2. Add the given hostname to `/etc/hosts` as recommended by the docs
3. Add missing tests
This commit updates the procedure for configuring arch networks to occur
in a single command. Previously, each network was configured
independently. If, for some reason, one of the networks destroyed the
SSH connection, the box would be irrecoverable. This commit does not
alleviate that behavior, but attempts to mitigate it by running all
network-related configuration commands in a single communicator (SSH)
session.
The new procedure looks like this:
1. Upload a temp file to /tmp/vagrant-network-id... for each interface
on the guest.
2. Compile a commands array (of bash) to execute after all network
configurations have been uploaded.
3. Concatenate all the commands together in a single communicator
session.
This was tested against `terrywant/archlinux` using the following Vagrantfile:
```ruby
Vagrant.configure(2) do |config|
config.vm.box = "terrywang/archlinux"
config.vm.hostname = "banana-ramama.example.com"
config.vm.network "private_network", type: "dhcp"
config.vm.network "private_network", ip: "33.33.33.10"
config.vm.provision "file", source: "Vagrantfile", destination: "/tmp/vf"
config.vm.provision "shell", inline: "echo hi"
end
```
This commit updates the procedure for changing the hostname on arch
guests to occur in a single command. Previously, setting the hostname
and adding the value of the hostname to the /etc/hosts file was done in
two different uploads. This reduces the cycle to a single upload, making
provisioning a bit faster.
Additionally, this changes the behavior of the /etc/hosts file to:
1. Not remove localhost as an alias of 127.0.0.1
2. Prepend our custom hostname before localhost
The resulting /etc/hosts file will look something like:
127.0.0.1 my-host.example.com my-host
127.0.0.1 localhost.mydomain localhost
Tested against `terrywang/archlinux` using the following Vagrantfile:
```ruby
Vagrant.configure(2) do |config|
config.vm.box = "terrywang/archlinux"
config.vm.hostname = "banana-ramama.example.com"
config.vm.network "private_network", type: "dhcp"
config.vm.network "private_network", ip: "33.33.33.10"
config.vm.provision "file", source: "Vagrantfile", destination: "/tmp/vf"
config.vm.provision "shell", inline: "echo hi"
end
```
With this change, the presence of Ansible configuration files (like
playbook file, inventory path, galaxy role file, etc.) is no longer
performed by the `config` classes, but by the `provisioner` classes
(at the beginning of the provision command).
This change fixes several issues:
- Resolve#6984 as `provision` method are only executed when remote
(ssh) communication with the guest machine is possible.
- Resolve#6763 in a better way than 4e451c6 initially did.
- Improve the general provisioner speed since the `config` checks are
actually triggered by many vagrant actions (e.g. `destroy`,...), and
can also be triggered multiple times during a vagrant run (e.g. on
callback request made by the machine provider).
Unlike the former `config`-based checks, the provision action won't
collect all the invalid options, but only report the first invalid
option found and abort the execution.
Some unit tests were not implemented yet to save my scarce "open source
contribution time" for other important issues, but they should be done
at last via GH-6633.
Vagrant's environment (which includes the known list of boxes and
versions) is established at the start of the Vagrant run. This means
that box downloads which occur during the run are not contained in the
set until the next run. This causes duplicate box downloads to raise an
error in multi-machine Vagrantfiles.
This commit fixes that issue by pre-processing the machines by provider
and version, creating a unique set of boxes to update.
Fixes GH-6042
This adds a new core command, `docker-exec`, which allows the user to
exec into an already-running container.
- Fixes#6566
- Fixes#5193
- Fixes#4904
- Fixes#4057
- Fixes#4179
- Fixes#4903
We know that the vm does not exist if we get VBOX_E_OBJECT_NOT_FOUND.
For any other error, this may well be VirtualBox getting confused and it is probably
worth retrying...
This commit changes the way ports are aggregated in the Docker provider.
Previously ports were aggregated by their "number", but that is not a
truly unique representation. Instead, the protocol is now taken into
account when generating the port map.
Fixes GH-5527
This adds two new SSH configuration options:
- `keys_only`
- `paranoid`
These values were previously hard-coded, but can now be user-specified.
Fixes GH-4275
Changes:
- Add "config" unit tests for `ansible_local` (guest)
- Share some "config" examples between both ansible provisioners
- Move `config_host.rb` specific examples to `config/host.rb`
- Add a requirement to "../helpers" in `config/guest.rb` in order to be
able to run the related unit tests
References:
- This is the first part of GH-6633 resolution
- This change is a handy prerequisite for GH-6570
Not addressed yet:
- FIXME (guest.rb): Some test-double stubs are currently not working as
expected, and the related checks are commented out for the moment
(no idea why, but this is not urgent to be fixed because of GH-7335
rejection. See also GH-6984)
- FIXME (shared.rb): The guest-based config should actually NOT return
an error when the extra_vars file cannot be found, but only display a
a warning (similarly to the changes done for GH-6763, see 4e451c6)
This fixes a fairly large tempfile leak. Vagrant uses a template
renderer to write network configuration files locally to disk. Then,
that temporarily file is uploaded to the remote host and moved into
place. Since Vagrant is such a short-lived process, GC never came along
and cleaned up those tempfiles, resulting in many temporary files being
created through regular Vagrant usage.
The Util::Tempfile class uses a block to ensure the temporary file is
deleted when the block finishes. This API required small tweaks to the
usage, but provides more safety to ensure the files are deleted.
This commit basically grepped the code base for all uses of Dir.mktmpdir
and Tempfile.new/open and ensures the value is unique within the
code base and also prefixed with `vagrant-`.
Previously, most invocations of these commands simply used "vagrant",
thus making them indistinguishable when trying to identify leaks.
Previously, there was no one gesture that would start a VM if it was not
running and run the appropriate provisioners regardless of its original
state. `vagrant up` did nothing if the VM was running, while
`vagrant provision` did nothing if the VM was not running.
Change the semantics of `vagrant up`, via the start actions of the providers,
to go through the provisioning logic even if the VM is already running.
The semantics of `run: "once"` vs `run: "always"` are respected.
Tested with the VirtualBox provider but not the others.
Resolves#4421
This commit separates the scratch and output directory creation from the
main package middleware into its own PackageSetupFolders middleware.
Additionally, the validation that ensures an output file does not exist
is moved into a validation function that can be shared across multiple
methods.
This refactor permits a pre-flight check to ensure box packaging would
be successful before actually stopping the VM.
Fixes GH-7351
Vagrant was not behaving correctly in configurations where there was
a static IP on a VirtualBox `intnet` interface and a DHCP `:hostonly`
interface configured.
Since `machine_ip` attempted to get static addresses `||` dynamic
addresses, it would simply use the static machine address and
continue.
This commit corrects this behaviour by collecting all static and
dynamic addresses into the `machine_ip` array instead of just one or
the other.
The result of this is a correctly generated `/etc/exports` on the
host machine, allowing NFS mounts to work correctly in this type of
environment.
Call it with "--no-pager"
Without it, if the user has a pager (more/less/etc.) configured and
call vagrant up with NFS shares, systemctl would use the pager, and
that would probably require an unnecessary key press from the user.
With this change, the `raw_arguments` and `raw_ssh_args` options are:
- STILL automatically converted as an Array when they are set a String
(no behaviour change)
- rejected if they are not of Array data type otherwise
Additional Notes:
- the 'as_array' tiny helper has been removed since it was no longer
used.
- there is for now no deeper validation (i.e. verifying that the Array
elements are only *String* objects)
With cb80286a4a, the helper function
stringify_ansible_playbook_command was also applied on the
`raw_arguments` content, which is not wanted. Given that users have used
the `raw_arguments` option as a workaround to avoid the bug GH-6726,
this new change ensure that any `--extra-vars` option passed as a raw
argument won't be additonally enquoted by the ansible_local
provisioner.
This change also improves the ansible remote provisioner verbose output,
but has no impact on its behaviour, which was already correct.
Note that this refactoring introduces some code duplications that are not
very elegant (see ansible_playbook_command_for_shell_execution in
host.rb and execute_ansible_playbook_from_host in base.rb). I hope we
can find a better implementation later, but it is good enough for now
since all these parts are covered by corresponding unit tests (the
`ansible_local` stuff being tested via the verbose output of the ansible
remote provisioner).
The rationale here is to make it so existing Vagrantfile
configurations remain unchanged.
While benh57's solution worked for me, I had to add a
".to_yaml" to the VagrantFile line that implemented puppet.facter
and this would mean existing Vagrant configurations that use Puppet
would produce an error if that was not present.
Additionally, without this change, the Vagrant file also needed a
"require('yaml')" declaration to make the ".to_yaml" conversion
possible.
When updating the inventory, write to a temp file and replace the
original once writing is complete, to allow for an atomic replacement
of the contents.
Ensures that ansible reading an inventory file will get either the old
or new contents, but never the truncated version of the file that
appears should you open it with 'w' mode set to replace the contents.
Solves the 'provided hosts list is empty' error, which is emitted by
ansible should it manage to be reading the inventory file just as it
was truncated, but before the new contents were flushed to disk.
Partially-Fixes: #6526
Ubuntu versions prior to 16.04 always returned a successful exit status,
even if one tried to down an interface that does not exist. This
behavior changed in Ubuntu 16.04 to return an error. This commit
preserves the old behavior.
Fixes GH-7155
Overcomes exception Net::SFTP::StatusException (2, "no such file") when using: "vagrant push" via sftp and a file parent directory does not exist. Function "upload" does not create the directory before uploading a file ('mkdir: true' seems to have no effect as zero directories are created while files are uploaded normally).
If the master VM is removed, but the master_id file exists, Vagrant
would still attempt to clone using the master_id rather then
importing re-importing first.
Fixes#6742
Before this minor change, the '--limit' and '--start-at-task'
ansible-playbook command line arguments were enclosed into single
quotes. Using double quotes adds a bit more flexibility, especially
about the task name referred by `start_at_task` option.
It also aligns with the handling of the '--extra-vars' parameter
(see cb80286).
Without this change, the JSON string generated from the `extra_vars`
Ruby hash is passed without enclosing quotes and is then not parseable
by the ansible-playbook command when exectuted in a usual shell context.
In this changeset, the ansible (remote) unit test coverage is improved
to cover both usage of `extra_vars` (ansible_local unit tests are still
missing).
Additional Notes:
- Double quotes are favored to single quotes in order to allow usage of
any character for the variable values. For this reason additional
escaping is appended to JSON-inner double quotes and backslashes.
- This problem was not affecting the `ansible` remote provisioner
(which is running the ansible-playbook command via the childprocess
Ruby library). But with this change, the `verbose` output will also
now be correct for a copy-paste reuse.
- After this change, all the "--extra-vars" arguments (also a var
file passed with the @-syntax or anything coming via the
`raw_arguments` option) are "blindly" and systematically enclosed
in double quoted and double-escaped.
This is not optimal and can potentially break with peculiar values
(e.g. a double quote character (") cannot be used in a json value
when using `raw_arguments`). That said, I think that the current
solution is a reasonable trade-off, since the official `extra_vars`
option should now be able to cover a great majority of use cases.
Fix#6726
The sentinal file was always being ignored when running the
resume command. This is fixed along with allowing provision
options to be used with resume. Fixes#6787
Fixed error remains in other versions:
return [] if e.extra_data[:stdout].include?("does not have")
should be
return [] if e.extra_data[:stderr].include?("does not have")
Many methods are the same in different version_X, and should be moved to Base class.
Added support for Port forwarding in an IP aliased environment. The change
makes the following forwarding rule(s) possible.
Ex: eth0 is ip aliased to have a range of IP addresses 10.20.30.0/24.
In the Vagrant file, we can now have an entry like the following and
it will just work! Note the host port 8081 is the same for both .1 and .2.
Vagrant.configure("2") do |config|
config.vm.network "forwarded_port", guest: 80, host: 8080
config.vm.network "forwarded_port", guest: 81, host: 8081, host_ip: 10.20.30.1
config.vm.network "forwarded_port", guest: 82, host: 8081, host_ip: 10.20.30.2
end
Previously the default channel was "current", but after discussion with
@coderanger on GH-6979, it seems like this was a poor design decision.
Instead, we should use the stable channel and allow users to opt-in to
prerelease versions.
Fixes GH-6979
Before this change, the detection of a non-existing path on the guest
machine was considered as an error and lead to interrupt the current vagrant
action. This was actually a mistake to do so, since the config checks
are performed before many other vagrant actions than `provision`.
The config.validate phase is also intended to primarily check the options
sanity, but it cannot be too strict with the guest state (which can easily
get "out of automatic control").
With this change, we still apply these checks (when possible), but only warn
about possible configuration problems. This way, the subsequent
statements will happen anyway (e.g. ansible commands will be
executed, vagrant machine will be destroyed, etc.)
In our test environments, it's good to be able to roll back to the same,
anonymous, snapshot repeatedly. This patch adds a `--no-delete` option
to the `snapshot pop` command allowing this.
This makes the new core snapshot behaviour more consistent with what we
were doing with vagrant-multiprovider-snap
(https://github.com/scalefactory/vagrant-multiprovider-snap)
At least for ansible 2.0.0.1 the command `ansible-galaxy --help` is inappropriate for testing if ansible is installed, as it yields an error:
```
vagrant@vagrant-ubuntu-trusty-64:~$ ansible-galaxy --help && echo "OK"
Usage: ansible-galaxy [delete|import|info|init|install|list|login|remove|search|setup] [--help] [options] ...
Options:
-h, --help show this help message and exit
-v, --verbose verbose mode (-vvv for more, -vvvv to enable connection
debugging)
--version show program's version number and exit
ERROR! Missing required action
```
In cd93721, I relied on a suprising combination of quotes to protect ssh
execution to strip the quoted path to the private key file.
Since any ssh command line argument can be passed via
`ANSIBLE_SSH_ARGS`, it is quite more readable and easy to rely on the
`-i` argument, which is not affected like `-o IdentityFile=...` and also
supports multiple occurences.
See also http://sourceforge.net/p/fuse/mailman/message/30498048/
Finally fix#6671
Note that I decided to not squash both commits for better
documentation and traceability.
Surprisingly (to me at least), a simple quote enclosure was not enough
to fix the problem.
Caveat: the stringified ansible-playbook command logged in verbose mode
is wrongly formatted (no quotes are escaped).
Fix#6671
Set the IPv6 adapter IP to be <prefix>::1. Otherwise, guest to host
communication over IPv6 is not routed correctly. This means that
consumers should not specify <prefix>::1 IP addresses to VirtualBox,
which should be a reasonable restriction.
Fixes#6658
Like in the (remote) `ansible` provisioner, it is preferred to pass the
directory that contains the generated inventory file. This way, advanced
inventory usages can be achieved by adding more inventory files into the
same directory.
Related to #2103 and #6500
[ci skip]
Vagrant should only consider the host-only interfaces used by the
virtual machine in the IPv6 fixup code. There may be other interfaces
present on the system with IPv6 addresses that for various reasons
would fail the routing check (for example, an interface with no
machines attached).
The patch changes the behavior to not scan all of the host-only
interfaces and adds a unit test for the behavior (that the correct IP
is validated).
Lastly, there is a small fix here that may not be an issue for most
people where the IPv6 prefix was asummed to be a multiple of 16 for
the purposes of constructing the UDP probe datagram. This assumption
has been removed.
Fixes#6586
String and Symbol types are different when used as a Hash key. By
default the Vagrant machine names are set in Symbol format, but users
may write their `host_vars` entries with String keys. This is a very
simple way to ensure smooth experience, without having to coerce the
data types during the config validation (e.g. with a library like
Hashie, which is currently not in the Vagrant dependencies)
See also:
- https://bugs.ruby-lang.org/issues/5964#note-17
- https://github.com/intridea/hashie#keyconversion
Refactor and repair regular expression attempting to match present interfaces.
The refactored regular expression will match on enp* ens* eth* variants.
I missed to rename the refactored exceptions as AnsibleCommandFailed in
the guest-based parts. The lack of unit tests for these parts hurts...
on my agenda, I swear!
See c1f3d114f5
This is required because the Chef Server almost always needs a node name to
interact. This will default to the hostname, but that's always going to be
`vagrant.vm`, which will collide easily.
This generates a random hostname with `vagrant-` as the prefix and stores the
result in the machine's data directory.
Starting with PowerShell 5, the progress bar can be observed via the
Write-Progress cmdlet. From WinRM, this appears as a stderr output.
Vagrant assumes that there is error if output appears on stderr.
This terminates various scripts which previously executed successfully
in Vagrant (prior to Windows 10).
This fix injects a variable assignment at various points of the script
execution process to disable display of the progress bar.
This fixes GH-6395 by only appending the access_token once. It also fixes a
bug that was never reported. If a user supplied an access_token for a box URL,
Vagrant would silently overwrite it.
After this commit, Vagrant only appends an access_token to the URL if no
value exists at the key.
This patch introduces a new parameter --all for the remove
command of the box plugin. Setting this parameter will remove
all available versions of a specific box.
Example usage:
```
$ vagrant box list
ubuntu/trusty64 (virtualbox, 20150427.0.0)
ubuntu/trusty64 (virtualbox, 20150430.0.0)
ubuntu/trusty64 (virtualbox, 20150506.0.0)
```
```
$ vagrant box remove ubuntu/trusty64
You requested to remove the box 'ubuntu/trusty64' with provider
'virtualbox'. This box has multiple versions. You must
explicitly specify which version you want to remove with
the `--box-version` flag. The available versions for this
box are:
* 20150427.0.0
* 20150430.0.0
* 20150506.0.0
```
With the --all parameter it is possible to remove all versions at once.
```
$ vagrant box remove --all ubuntu/trusty64
Removing box 'ubuntu/trusty64' (v20150506.0.0) with provider 'virtualbox'...
Removing box 'ubuntu/trusty64' (v20150430.0.0) with provider 'virtualbox'...
Removing box 'ubuntu/trusty64' (v20150427.0.0) with provider 'virtualbox'...
```
With this change, the existing host-based Ansible provisioner is
refactored to share a maximum of code with this new guest-based Ansible
provisioner.
At this stage of development, the existing unit tests are intentionally
modified as little as possible, to keep safe the existing funtionalities.
Other issues resolved by this changeset:
- Display a warning when running from a Windows host [GH-5292]
- Do not run `ansible-playbook` in verbose mode when the `verbose` option
is set to an empty string.
The current docker installer attempt to install the linux-image-extra-`uname -r` DEB package on Debian systems.
This package may not exist, for example on custom kernels (e.g., Linode servers).
If this happens, Vagrant halts the provisioning. However, this package is not really needed in newer Debian releases (such as Ubuntu 14.04).
This small patch checks if the linux-image-extra-`uname -r` package exists, and it will install it if it does. In either case, it will continue provisioning.
This changes the ssh ready? method to treat ENETUNREACH the same way as
EHOSTUNREACH errors.
When attempting to SSH into a box, it tries up to 5 times to connect to
the box, ignoring various errors. Later it will catch and gracefully
handle most of those errors so that callers don't have to know the
details.
However, the Errno::ENETUNREACH error is not caught, which means that
callers that expect a clean boolean return from ready? don't get that,
and instead get an exception they probably aren't expecting.
Changed the name of the error LinuxRDesktopNotFound to
LinuxRDPClientNotFound and re-worded error text in
templates/locales/en.yml to include `xfreerdp` when listing supported
RDP clients.
The benefits of the following "breaking change" are the following:
- default behaviour naturally fits with most common usage (i.e. always
connect with Vagrant SSH settings)
- the autogenerated inventory is more consistent by providing both the
SSH username and private key.
- no longer needed to explain how to override Ansible `remote_user` parameters
Important: With the `force_remote_user` option, people still can fall
back to the former behavior (prior to Vagrant 1.8.0), which means that
Vagrant integration capabilities are still quite open and flexible.
Starting with vagrant 1.7.3
(commit 1152b4e1df) we don't
save the command to be executed in the file anymore, but we send
it as a parameter, thus the back tick makes things worse.
Previously, configuring and enabling network interfaces failed with:
"The following SSH command responded with a non-zero exit status.
Vagrant assumes that this means the command failed!
/usr/sbin/biosdevname --policy=all_ethN -i bash: /usr/sbin/biosdevname:
No such file or directory
Stdout from the command:
bash: /usr/sbin/biosdevname: No such file or directory"
The previous attempt to fix this (ccc4162) doesn't work since it doesn't
properly parse the 'bash: /usr/sbin/biosdevname: No such file or
directory' error message.
This patch works around that problem and adds a comment explaining the
meaning of the return codes.
puppet_server provisioner fails with Puppet Collection 1 with the
following error:
```bash
==> default: Running provisioner: puppet_server...
The `puppet` binary appears not to be in the PATH of the guest. This
could be because the PATH is not properly setup or perhaps Puppet is not
installed on this guest. Puppet provisioning can not continue without
Puppet properly installed.
```
Currently `configure_networks` guest cap configures NICs following the device order and fails
when the device order is mixed. We should detect the appropriate NIC by its MAC address.
Slackware's version file is /etc/slackware-version not
/etc/slackware-release.
pidof is not on PATH by default (not running as root) so call it using
full path
VirtualBox has a bug where the IPv6 route is lost on every other
configuration of a host-only network. This is also triggered when a VM
is booted.
To fix this, we test the route-ability of all IPv6 networks, and
reconfigure if necessary. This is very fast but we still only do this if
we have any IPv6 networks.
The problem demonstrated in #6065 is that a string has incorrectly been
encoded with US-ASCII even though it contains invalid US-ASCII byte
sequences (any byte with the most significant bit on is invalid in the
US-ASCII encoding).
The thing about doing newline normalization is that it is not actually
sensitive to the presence of US-ASCII byte sequenzes. Additionally, it
is very unlikely that a user will ever be using an encoding where \r\n
is not encoded the same as it would be in ASCII.
This patch first tries the existing method of normalizing the newlines
in the provided script file, if that fails for any reason it force
encodes the string to ASCII-8BIT (which allows the most significant bit
to be on in any individual byte) and then performs the substitution in
that byte space.
We gained a ton of improvemnts to WinRM error handling in
https://github.com/mitchellh/vagrant/pull/4943, but we also got one bug.
The new code raises an exception when `winrm_info` does not return right
away. This was preventing us from catching the retry/timout logic that's
meant to wait until boot_timeout for the WinRM communicator to be ready.
This restores the proper behavior by rescuing the WinRMNotReady
exception and continuing to retry until the surrounding timeout fires.
Adds a configurable value for WinRm and the elevated permission shell ExecutionTimeLimit.
Please see mitchellh/vagrant#5506
Ex: config.winrm.execution_time_limit = "P1D"
Windows offers no out-of-the-box rsync utility. By far, the most
commonly used external utilities for Windows rsync are built with the
GNU Cygwin libraries. The cost for this convenience is that rsync on
Windows has to be provided paths that begin “/cygdrive/c” rather than
“c:/“ like other Windows-API utilities. Compounding the situation,
rsync doesn’t create paths/to/sub/targets and so the vagrant plugin
code, when performing an rsync, is responsible for creating
intermediate directories in guest paths if there are any. Furthermore,
the mkdir utility in Windows is not another Cygwin utility like rsync
but the routine mkdir of Windows command.com. Therefore, while rsync
needs the /cygwin paths, mkdir uses the Windows paths. Later, the
chef_solo.rp provisioner running within the guest will expect to find
Windows-style paths in its solo.rb configuration file. Due to all this,
vagrant has to keep track of both the original, possibly dirty Windows
guest path and the cygwin-scrubbed guest path.
When the network's type is :dhcp, the :ip option is used to derive the DHCP server configuration, and it doesn't actually indicate the IP that will be received by the VM(s).
This fixes error for Win 10 Enterprise:
An error occurred while executing a PowerShell script. This error
is shown below. Please read the error message and see if this is
a configuration error with your system. If it is not, then please
report a bug.
Script: get_vm_status.ps1
Error:
C:\HashiCorp\Vagrant\embedded\gems\gems\vagrant-1.7.4\plugins\providers\hyperv\scripts\get_vm_status.ps1 : Unable to
find type [Microsoft.HyperV.PowerShell.VirtualizationOperationFailedException].
At line:1 char:1
+ &('C:\HashiCorp\Vagrant\embedded\gems\gems\vagrant-1.7.4\plugins\prov ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (Microsoft.Hyper...FailedException:TypeName) [get_vm_status.ps1], Ru
ntimeException
+ FullyQualifiedErrorId : TypeNotFound,get_vm_status.ps1
This allows Vagrant to calculate if a container's arguments (such as the run
arguments) have changed in the Vagrantfile since the original run.
Fixes GH-3055
When provisioning multiple machines in sequence (the default vagrant
behaviour), it doesn't make sense to require to provide the private ssh
key(s) via the custom ansible inventory script/file.
To align with the handling of multiple ssh keys per machine, we won't
rely any longer on `--private-key` command line argument, but only pass
the keys via `ANSIBLE_SSH_ARGS` environment variable.
Note that when vagrant generates the ansible inventory and that only one
key is associated to a VM, this step would be redundant, and therefore
won't be applied.
This change fixes the breaking change introduced by 3d62a91.
Vagrant 1.7.1 creates and injects new ssh keys for each virtual machine.
When it started ansible with the "parallel provisioning trick",
it would only send the ssh key of the targeted virtual machine.
With this change, vagrant now stores the ssh key for each virtual
machines directly in the generated ansible inventory, and thus allow
ansible parallelism.
Note that this change is not sufficient, as it would break vagrant
configuration based on a custom inventory (file or script). This issue
will be addressed in a next commit.
Signed-off-by: Luis Pabón <lpabon@redhat.com>
The Ansible Vagrant provisioner has a race where the inventory file is
updated every time the provisioner runs unless a file is provided.
Therefore if Ansible attempts to provision two nodes in parallel, you
may see the following race:
* System A writes the inventory file and calls Ansible.
* System B starts to provision and truncates the file before
creating a new one.
* Ansible on system A now attempts to read the inventory
file, which is blank. Ansible bombs out with "ERROR: provided
hosts list is empty".
To fix this, we only allow Vagrant to update the inventory file if
it needs to.
Revert 1c884fa4e5 which introduced the
following bug:
Instead of allowing to dump the `ansible-playbook` command details when
VAGRANT_LOG=debug was defined, it was then impossible to disable this
console output when VAGRANT_LOG was undefined (in such case,
``@logger.debug? systematically returns `true`)
In order to keep things simple and focused, it is preferable to drop the
bad idea to mix Ansible verbosity and Vagrant log level.
Fix#5803
Configuring by :interface doesn't work very well because Vagrant has
no idea about what interfaces are present in the VM, for example if
the image has 'docker' installed but not biosdevname, then
interface_names[0] = "docker0" which is usually not what you want
mapped to the first network from the Vagrantfile.
So if the plugins (like vagrant-libvirt) or the Vagrantfile has
given us a network with a MAC address, use that to find the interface
name for the network. Otherwise use slot numbers as before.
Leaving around plaintext username and passwords in a script on a box isn't the best from a security standpoint. This change ensures the scheduled task wrapper script for WinRM doesn't leave these around on the box, and instead passes them to the script as arguments.
Interactive `sed` needs write permission on the file itself. However, it
may create a backup file, which leads to the fact that the directory
where the file is located must be writable as well. That is a side
effect because this directory does not need to be writable.
This patch fixes this side effect by editing the file in `/tmp`, and
replaces it right after.
After #5532 (e745436df3), it was no longer
possible to enable ansible colorized output. Even though
`ANSIBLE_NOCOLOR` has no effect *at the moment* in vagrant+ansible
integration, I agree to keep it for clarity and consistence.
The new `--no-color` behaviour (bug fix#5531) is now covered by a unit
test.
//cc @marsam, @sethvargo
If the Vagrantfile has some kind of error, display not only
its path and the exception message, but also the originating
line number and exception class.
Also log the full backtrace when the error is in a provider
block, just as it is done when it's outside a provider block.
If biosdevname isn't installed it doesn't make sense to try using it
for persistent device names. Just treat lack of biosdevname as
virtual networking.
This change allows you to specify multiple network interfaces to bridge
to, picking the first found.
```ruby
config.vm.network "public_network",
bridge: ["en4: Thunderbolt Ethernet",
"en6: Broadcom NetXtreme Gigabit Ethernet Controller",
"en0: Wi-Fi (AirPort)"]
```
Fixes issue #5377.
Check that Upstart is not just installed but currently actively running
before attempting to emit an event after mounting shared folders.
Only requires the binary be named upstart, not that it lives in /sbin.
This allows the display of friendly output to the user when we think an
important action should be labeled a certain way. This makes vagrant
output a lot more useful when many inline shell provisioners are
present.
Sed on freebsd seems to be mores strict than on other
platforms about use of -i: the extension is not optional.
Signed-off-by: Michael Adam <obnox@samba.org>
When upping a Win XP box, vagrant found a lot of "virtual" network
connections that did not have DHCP enabled, and tried to configure them
for DHCP. This did not work because their :net_connection_id is nil.
Ignoring these network connections enabled the XP box to be upped.
StopOnIdleEnd was set in the task definition for elevated/privileged
windows guest scripts. This setting:
> specifies that the task stops when the idle condition ceases to be true [1]
The "idle condition" is something that Windows periodically checks for,
and it's defined by a bunch of criteria like user presence/absence, CPU
/ IO idle time, etc. [2]
Telling our provisioner to stop the task if the "idle condition" ceases
to be true is a recipe for some sporadically stopped tasks, which seems
like precisely the behavior being reported in #5362.
I'm pretty sure this fixes#5362
[1] https://msdn.microsoft.com/en-us/library/cc248332.aspx
[2] https://msdn.microsoft.com/en-us/library/windows/desktop/aa383561%28v=vs.85%29.aspx
When a vagrant box has two private network ips /etc/network/interfaces
will duplicate eth2 and bigger. sed matches greedy, so the first
#VAGRANT-END matches. This will result in:
/etc/network/interfaces:29: interface eth2 declared allow-auto twice
/sbin/ifup: couldn't read interfaces file "/etc/network/interfaces"
This should fix the cleaning up of the default VirtualBox dhcpserver,
which we've been fighting with for ages over in #3083. We were checking
for a structure _including_ a netmask, but the driver was not populating
netmask.
This change helps to avoid troubles like reported in #5018 and #4860.
Note that for sake of configuration simplicity, no new `ansible.timeout`
option has been added. The users who want to set a different value can
rely on `ansible.raw_arguments`.
This SSH option is always set, except when Vagrant is running from an
operating system fo the Solaris-family, as this parameter is not
supported by SunSSH. Logic taken from
bed1f8335f/lib/vagrant/util/ssh.rb (L116-L121)Fix#5017
Vagrant >1.7 is unable to login to the default boot2docker host if it has
been halted and brought back up again.
This is because the insecure SSH keypair is replaced but boot2docker doesn't
persist filesystem changes between reboots. So when next brought up Vagrant
tries to use the new keypair which is no longer valid and subsequently isn't
able to login.
Prevent this from happening by disabling the `ssh.insert_key` option on
versions where it is available.
/cc @sethvargo - Some weirdness here but overall should work fine. I'm
not sure if there was a GH issue this should be attached to or close. To
explain:
We just use the first machine with the default provider. A
Vagrant::Environment guarantees there is at least one machine, so
`env.machine_names.first` will always work. And we can just use the
default provider because we don't really care. Finally, it can be any
old machine we pass in because we just want the "global" config to
validate and there is no way to say "don't validate machine-specific
configs", so we might as well just pick the first machine to validate.
@mitchellh this is a partial revert of 84ae22e. It took me a little bit
to figure out why this broke everything, but then I finally realized it.
84ae22e changes the finalize! function to lookup pushes by strategy
type, but pushes are keyed by push strategy name. In other words, given:
config.push.define("foo", strategy: "bar")
the `push_configs` has will look like:
{ :foo => [:bar, #<PushConfig>] }
This is important, because if we key by strategy, the user cannot
specify the same push strategy more than once:
config.push.define("foo", strategy: "bar")
config.push.define("zip", strategy: "bar")
If we keyed off of the strategy, this would be impossible.
When using the salt provisioner with verbose=true, most lines read with an extra newline:
```
[INFO ] Syncing modules for environment 'base'
[INFO ] Loading cache from salt://_modules, for base)
```
because the line read has a newline, and emitting the log entry again includes an additional newline.
fixes#3083
Detect the presence of the default DHCP server that comes in a fresh
VirtualBox install and clean it up to prevent it from colliding with
Vagrant-managed network config.
In order to accomplish this, we:
- add a `remove_dhcp_server` call to the virtualbox driver
- fix dhcp options parsing to allow `:dhcp_{ip,lower,upper}`
configuration options to make it through (so a user can override the
removal behavior with some explicit configuration)
- add the full `:network_name` to the details returned from
`:read_dhcp_servers`, so we can have a durable value to pass to
`:remove_dhcp_server`
Note that we do have to eat one more `VBoxManage list dhcpservers` for
each network interface to support this, but this seemed like a nominal
cost
This is just a refactor, no behavior change.
Instead of stitching together dhcpserver info in the structure returned
from `read_host_only_interfaces`, sprout a new driver method called
`read_dhcp_servers` to return that information separately.
This means that driver clients (well there's really only _one_ client in
`ProviderVirtualBox::Action::Network`) have to do a bit more work to get
interface and DHCP server information.
But this gives us (a) a cleaner and more consistent driver interface and
(b) groundwork for a fix for #3083, which will require interacting with
DHCP servers outside of the context of host-only interfaces.
Like Vagrant's default SSH behaviors (e.g ssh or ssh-config commands),
the Ansible provisioner should by default not modify or read the user
known host file (e.g. ~/.ssh/known_hosts).
Given that `UserKnownHostsFile=/dev/null` SSH option is usually combined
with `StrictHostKeyChecking=no`, it seems quite reasonable to bind the
activation/disactivation of both options to `host_key_checking`
provisioner attribute.
For the records, a discussion held in Ansible-Development mailing list
clearly confirmed that there is no short-term plan to adapt Ansible to
offer an extra option or change the behavior of
ANSIBLE_HOST_KEY_CHECKING. For this reason, the current implementation
seems reasonable and should be stable on the long run.
Close#3900
Related References:
- https://groups.google.com/forum/#!msg/ansible-devel/iuoZs1oImNs/6xrj5oa1CmoJ
- https://github.com/ansible/ansible/issues/9442
- force `--connection=ssh` (any other modes like paramiko or smart are not
supported)
- give the highest priority to `raw_arguments` for sake of simplicity (in
usage, in code and in documentation)
- fix position of the `--limit` argument (the generated inventory could be
shadowed by `raw_arguments`, while ansible.limit was able to override
`raw_arguments`
ref #3396
When `--connection` argument is not specified, Ansible will use the
'smart' mode, which can either use `ssh` or `paramiko` transports,
depending of the version of OpenSSH available. If OpenSSH version is new
enough to support ControlPersist technology, `ssh` will be used.
See also http://docs.ansible.com/intro_configuration.html#transport.
In order to support some advanced features of Vagrant (e.g. multiple ssh
private key identities or ssh forwarding), the Ansible provisioner
already must force `ssh` connection mode.
Having to deal with the possible fallback to `paramiko` increase the
burden of special cases that Ansible provisioner must handle, without
any added value, as Vagrant is based on OpenSSH and its users are
usually using modern operating systems.
With this change, the Ansible provisioner will officially only support
`ssh`. It will still be possible to switch to another connection mode
via `raw_arguments`, but it will breach the "contract", and no
(community) support can be expected in such use case.
ref #3900, #3396
This separates the truly basic pieces of Chef (like install url and
log_level) from the runner pieces of Chef (like provisioning_path). This
is necessary because the Chef Apply provisioner does not actually need
most of the Chef configuration options.
Any specific reason the password was omitted from the rdp_info hash?
Without the password in the rdp_info hash I see no way of figuring out the password in the rdp_client capability.
Eliminate warnings like this:
vagrant/plugins/hosts/linux/cap/nfs.rb:74: warning: character class has '-' without escape: /^# VAGRANT-BEGIN:( 1000)? ([\.\/A-Za-z0-9-_]+?)$/
As a result of #4670 and the safe decision to not memoize
machine.ssh_info (see 89a4a29d65 and
5036d16461), it is preferable to store the
ssh_info hashes and avoid multiple function calls when generating the
ansible inventory.
In the situation where the SSH key has invalid permissions/owner, the reconnect-loop keeps failing repeatedly yet stays silent about the reasons. A message must be reported from the default exception handler (added). In addition, the situations where the SSH key owner or permissions are wrong must lead to a proper failure (added). Ideally, though, the owner/permissions check must happen before launching the VM, hence this is not a perfect fix.