Commit Graph

65 Commits

Author SHA1 Message Date
Gilles Cornu e09848ca59
provisioners/ansible_local: Shellescape extra-vars
Fix #7735

Further work for proper shell-escaping of other ansible-playbook and
ansible-galaxy command line arguments will be addressed via #8949.
2017-09-06 16:30:40 +02:00
Gilles Cornu b741ff7999
provisoners/ansible(both): Accept 'all:vars'
The patterns "all" is a special keyword that target all hosts in the
inventory. Therefore it makes sense to accept "all:vars" as a group
variable name. Note that "*:vars" pattern is not valid in an Ansible
inventory.
See http://docs.ansible.com/ansible/latest/intro_patterns.html#patterns

Fix #7730
2017-09-03 18:41:06 +02:00
Gilles Cornu f8e9cad680 Ansible: Improve a little bit the unit tests
Take advantage of the RSpec 3.5 update to rewrite some examples and
finally enable the expectation about "ansible-galaxy" verbose output.
2017-08-14 19:04:44 +02:00
Gilles Cornu c2937f13b1 Update Ansible unit tests after RSpec 3.5 ugrade
- The 'ansible-galaxy' + 'ansible-playbook' sequence can now be verified
- The "final true" expectation trick can now be removed
- Fixed some little mistakes in 1a62743 rebase of original e8e248d
2017-08-07 10:27:07 -07:00
Chris Roberts 1a62743bc5 Update rspec to recent version and fix deprecations 2017-08-03 17:54:07 -07:00
Brian Cain 773c4fff13 Fixup util/ssh and ansible/provisioner tests 2017-07-17 10:21:26 -07:00
Tomoyuki Sakurai bf7c34ab9d see if `%` is replaced with `%%` 2017-07-14 10:38:08 -07:00
Tomoyuki Sakurai c9577d5967 update spec 2017-07-14 10:38:06 -07:00
Martin Nowak 1ca247f516 fix `config.ssh.keys_only = false` for ansible
Also see #5017.
2017-04-12 12:31:00 +02:00
Gilles Cornu 9493901e0c
provisioners/ansible: Add example of `host_vars` values that include quotes
Motivated by the support effort on GH-8158 ;-)
2016-12-28 23:23:43 +01:00
Gilles Cornu a842abbc38
provisioners/ansible(both): Add config_file option
With this new option defined, the `ansible-galaxy` and
`ansible-playbook` commands generated by the Ansible provisioners will
be executed with the ANSIBLE_CONFIG environment variable set
accordingly.

Resolve GH-7195

This commit also fix the following open issues:
- Implement the pending RSpec examples about path existence checks
  performed by the ansible (remote) provisioner.
- In verbose mode, the ansible remote provisioner now correctly displays
  the Ansible Galaxy parameters ("role_file" and "roles_path") with
  single quotes (which is safer for potential copy-paste usage).

Additional Notes:
- Test coverage for `ansible_local` provisioner is still not
  implemented. See GH-6633.
- Test coverage for galaxy from host is not implemented yet (due to
  general issue with mocking both command executions, see
  https://github.com/mitchellh/vagrant/pull/6529#r45278451
2016-10-22 01:09:12 +02:00
Daniel Gonzalez 79a3cb8a14 Add unit test and documentation for playbook_command option 2016-10-10 16:56:36 +02:00
Gilles Cornu e8cf9bb168
provisioners/ansible: review pull request #7752
- Honour `ssh.proxy_command` setting (even when the Docker provider is
  used via a proxy host). Silly configurations may lead to silly
  behaviors, but let's apply the settings...
- Remove condition on `provider_config.connect_via_ssh`, which is
  a provider specific parameter (from vagrant-libvirt provider).
- Add a simple unit test
2016-09-21 23:40:20 +02:00
Gilles Cornu a7dfc73b85 provisioners/ansible: honor galaxy_roles_path when running ansible-playbook
This commit include the following changes:
- systematically set ANSIBLE_ROLES_PATH environment variable when
  galaxy_roles_path is defined.
- slightly refactor to introduce the concept of "provisioning working
  directory" (possible usage in the future for resolving GH-7195)
- fix a bug in ansible-galaxy execution by the ansible_local provisioner
  if the paths contains blank characters.

Fix #7269
2016-06-11 07:28:05 +02:00
Gilles Cornu a7ee56459b provisioners/ansible(both): fix ansible config files presence checks
With this change, the presence of Ansible configuration files (like
playbook file, inventory path, galaxy role file, etc.) is no longer
performed by the `config` classes, but by the `provisioner` classes
(at the beginning of the provision command).

This change fixes several issues:

- Resolve #6984 as `provision` method are only executed when remote
  (ssh) communication with the guest machine is possible.
- Resolve #6763 in a better way than 4e451c6 initially did.
- Improve the general provisioner speed since the `config` checks are
  actually triggered by many vagrant actions (e.g. `destroy`,...), and
  can also be triggered multiple times during a vagrant run (e.g. on
  callback request made by the machine provider).

Unlike the former `config`-based checks, the provision action won't
collect all the invalid options, but only report the first invalid
option found and abort the execution.

Some unit tests were not implemented yet to save my scarce "open source
contribution time" for other important issues, but they should be done
at last via GH-6633.
2016-06-01 06:40:23 +02:00
Gilles Cornu ab036ddd0b provisioners/ansible: don't format raw_arguments
With cb80286a4a, the helper function
stringify_ansible_playbook_command was also applied on the
`raw_arguments` content, which is not wanted. Given that users have used
the `raw_arguments` option as a workaround to avoid the bug GH-6726,
this new change ensure that any `--extra-vars` option passed as a raw
argument won't be additonally enquoted by the ansible_local
provisioner.

This change also improves the ansible remote provisioner verbose output,
but has no impact on its behaviour, which was already correct.

Note that this refactoring introduces some code duplications that are not
very elegant (see ansible_playbook_command_for_shell_execution in
host.rb and execute_ansible_playbook_from_host in base.rb). I hope we
can find a better implementation later, but it is good enough for now
since all these parts are covered by corresponding unit tests (the
`ansible_local` stuff being tested via the verbose output of the ansible
remote provisioner).
2016-04-20 23:50:42 +02:00
Gilles Cornu 47c0833277 ansible_local: use double quotes instead of single quotes
Before this minor change, the '--limit' and '--start-at-task'
ansible-playbook command line arguments were enclosed into single
quotes. Using double quotes adds a bit more flexibility, especially
about the task name referred by `start_at_task` option.

It also aligns with the handling of the '--extra-vars' parameter
(see cb80286).
2016-03-05 17:25:54 +01:00
Gilles Cornu cb80286a4a ansible_local: put json extra-vars in double quotes
Without this change, the JSON string generated from the `extra_vars`
Ruby hash is passed without enclosing quotes and is then not parseable
by the ansible-playbook command when exectuted in a usual shell context.

In this changeset, the ansible (remote) unit test coverage is improved
to cover both usage of `extra_vars` (ansible_local unit tests are still
missing).

Additional Notes:

 - Double quotes are favored to single quotes in order to allow usage of
   any character for the variable values. For this reason additional
   escaping is appended to JSON-inner double quotes and backslashes.

 - This problem was not affecting the `ansible` remote provisioner
   (which is running the ansible-playbook command via the childprocess
   Ruby library). But with this change, the `verbose` output will also
   now be correct for a copy-paste reuse.

 - After this change, all the "--extra-vars" arguments (also a var
   file passed with the @-syntax or anything coming via the
   `raw_arguments` option) are "blindly" and systematically enclosed
   in double quoted and double-escaped.
   This is not optimal and can potentially break with peculiar values
   (e.g. a double quote character (") cannot be used in a json value
   when using `raw_arguments`). That said, I think that the current
   solution is a reasonable trade-off, since the official `extra_vars`
   option should now be able to cover a great majority of use cases.

Fix #6726
2016-03-05 17:24:28 +01:00
Gilles Cornu ddbd2a4cfc provisioners/ansible: prefer ssh '-i' argument
In cd93721, I relied on a suprising combination of quotes to protect ssh
execution to strip the quoted path to the private key file.
Since any ssh command line argument can be passed via
`ANSIBLE_SSH_ARGS`, it is quite more readable and easy to rely on the
`-i` argument, which is not affected like `-o IdentityFile=...` and also
supports multiple occurences.

See also http://sourceforge.net/p/fuse/mailman/message/30498048/

Finally fix #6671

Note that I decided to not squash both commits for better
documentation and traceability.
2015-12-16 10:29:13 +01:00
Gilles Cornu cd93721f8f provisioners/ansible: use quotes for the IdentityFile OpenSSH command line arguments
Surprisingly (to me at least), a simple quote enclosure was not enough
to fix the problem.

Caveat: the stringified ansible-playbook command logged in verbose mode
is wrongly formatted (no quotes are escaped).

Fix #6671
2015-12-16 09:54:53 +01:00
Kamjar Gerami b7e9437a77
#3539 - Fixed syntax, language and logic according to comments made by reviewer in PR #6639 2015-12-04 10:05:07 +01:00
Kamjar Gerami f5f568b66b
Added plain Symbol group name for unit test 2015-12-04 02:16:01 +01:00
Kamjar Gerami af6a80472e #3539 - Can't use alphanumeric patterns for box names in ansible.groups: added unit test for host range patterns 2015-12-04 01:26:04 +01:00
Gilles Cornu 8517014a99 provisioners/ansible: update inventory groups tests
With the introduction of inventory variables, group members provided as
String are not splitted (by ' ') into an array (instead of
auto-conversion to a single-item array).
2015-12-03 09:39:12 +01:00
Gilles Cornu 9867281971 provisioners/ansible: allow symbol in `groups` key
After c49a146467, it makes even more sense
to support Symbol datatypes in `groups` option handling.
2015-12-03 09:34:53 +01:00
Gilles Cornu 3dbcf5083c provisioners/ansible(both) add more unit tests
Improve the test coverage of 'get_inventory_host_vars_string' method.
2015-12-02 08:42:44 +01:00
Gilles Cornu c49a146467 provisioners/ansible(both): alias String-to-Symbol
String and Symbol types are different when used as a Hash key. By
default the Vagrant machine names are set in Symbol format, but users
may write their `host_vars` entries with String keys. This is a very
simple way to ensure smooth experience, without having to coerce the
data types during the config validation (e.g. with a library like
Hashie, which is currently not in the Vagrant dependencies)

See also:
- https://bugs.ruby-lang.org/issues/5964#note-17
- https://github.com/intridea/hashie#keyconversion
2015-12-02 08:37:41 +01:00
Christian Henz a5dd61c450 Added test to expect host vars being inserted into inventory. 2015-12-01 18:56:28 +01:00
Christian Henz 3fbbfeb862 Expect group variables to be inserted in the test. 2015-12-01 18:56:28 +01:00
Gilles Cornu e4ff8ee398 provisioners/ansible: fix a typo in rspec example
[ci skip] good morning @gildegoma!!!
2015-11-23 09:12:56 +01:00
Gilles Cornu ef66098472 provisioners/ansible: fix a typo in rspec example
[ci skip]
2015-11-23 09:10:28 +01:00
Gilles Cornu de96b54272 provisioners/ansible: full test coverage of winrm
At the moment, the vagrant ssh username is used as default username when
force_remote_user option is disabled, even for winrm-communiating
machines. This could be improved in the future, but people hitting this
problem can easily work around it by syncing `config.ssh.unsername` and
`config.winrm.username` in their Vagrantfile.

ref #5086
2015-11-23 09:05:36 +01:00
Gilles Cornu e2f0d2ebb7 provisioners/ansible: add a unit test for winrm
ref #5086
2015-11-22 20:48:21 +01:00
Gilles Cornu c1f3d114f5 provisioners/ansible(both): add galaxy support
Close #2718
2015-11-17 22:08:29 +01:00
Gilles Cornu b9738a8c4c provisioners/ansible: add missing unit test
Related to #5292
2015-11-17 22:08:18 +01:00
Gilles Cornu a3c077cbe0 Merge branch 'gildegoma/ansible-force-ssh-user'
Resolved conflicts in
  plugins/provisioners/ansible/config.rb
  plugins/provisioners/ansible/provisioner.rb
  test/unit/plugins/provisioners/ansible/provisioner_test.rb
  website/docs/source/v2/provisioning/ansible.html.md

ref #6348
2015-11-08 14:01:23 +01:00
Gilles Cornu 9bfdaf7e75 provisioners/ansible: introduce ansible_local
With this change, the existing host-based Ansible provisioner is
refactored to share a maximum of code with this new guest-based Ansible
provisioner.

At this stage of development, the existing unit tests are intentionally
modified as little as possible, to keep safe the existing funtionalities.

Other issues resolved by this changeset:
 - Display a warning when running from a Windows host [GH-5292]
 - Do not run `ansible-playbook` in verbose mode when the `verbose` option
   is set to an empty string.
2015-11-08 10:42:48 +01:00
Gilles Cornu dde94a3ce7 provisioners/ansible: add force_remote_user option
The benefits of the following "breaking change" are the following:
- default behaviour naturally fits with most common usage (i.e. always
  connect with Vagrant SSH settings)
- the autogenerated inventory is more consistent by providing both the
  SSH username and private key.
- no longer needed to explain how to override Ansible `remote_user` parameters

Important: With the `force_remote_user` option, people still can fall
back to the former behavior (prior to Vagrant 1.8.0), which means that
Vagrant integration capabilities are still quite open and flexible.
2015-11-02 09:03:15 +01:00
konomae ad9a7324c5 Fix invalid ini entry error when ansible_ssh_private_key_file contains spaces 2015-08-29 18:00:20 +09:00
Gilles Cornu 3842a1f710 provisioners/ansible: provide ssh identities via ANSIBLE_SSH_ARGS (when necessary)
When provisioning multiple machines in sequence (the default vagrant
behaviour), it doesn't make sense to require to provide the private ssh
key(s) via the custom ansible inventory script/file.

To align with the handling of multiple ssh keys per machine, we won't
rely any longer on `--private-key` command line argument, but only pass
the keys via `ANSIBLE_SSH_ARGS` environment variable.

Note that when vagrant generates the ansible inventory and that only one
key is associated to a VM, this step would be redundant, and therefore
won't be applied.

This change fixes the breaking change introduced by 3d62a91.
2015-07-10 08:51:17 +02:00
Luis Pabón 76651a413d provisioners/ansible: Update unit tests
Signed-off-by: Luis Pabón <lpabon@redhat.com>
2015-07-10 08:51:17 +02:00
Gilles Cornu 839a2e6fa6 provisioners/ansible: show ansible-playbook only when the verbose option is enabled
Revert 1c884fa4e5 which introduced the
following bug:

Instead of allowing to dump the `ansible-playbook` command details when
VAGRANT_LOG=debug was defined, it was then impossible to disable this
console output when VAGRANT_LOG was undefined (in such case,
``@logger.debug? systematically returns `true`)

In order to keep things simple and focused, it is preferable to drop the
bad idea to mix Ansible verbosity and Vagrant log level.

Fix #5803
2015-07-07 22:37:06 +02:00
Gilles Cornu 272fb27e05 provisioners/ansible: trim white spaces
[ci skip]
2015-06-01 10:12:22 +02:00
Gilles Cornu f7894d9c8c provisioners/ansible: fix broken colorized output
After #5532 (e745436df3), it was no longer
possible to enable ansible colorized output. Even though
`ANSIBLE_NOCOLOR` has no effect *at the moment* in vagrant+ansible
integration, I agree to keep it for clarity and consistence.

The new `--no-color` behaviour (bug fix #5531) is now covered by a unit
test.

//cc @marsam, @sethvargo
2015-06-01 08:36:09 +02:00
Mario Rodas e745436df3 provisioners/ansible: disable color if Vagrant has no color [GH-5531] 2015-03-28 19:05:54 -05:00
Gilles Cornu 2ecad8bb93 provisioners/ansible: increase connection timeout
This change helps to avoid troubles like reported in #5018 and #4860.

Note that for sake of configuration simplicity, no new `ansible.timeout`
option has been added. The users who want to set a different value can
rely on `ansible.raw_arguments`.
2015-01-12 10:54:01 +01:00
Gilles Cornu 9d74dcdb3d provisioners/ansible: add missing test coverage
Related to Docker provider on a non-linux host, see #4906 and #4071.
2015-01-12 09:37:16 +01:00
Gilles Cornu c3cae3d235 provisioners/ansible: add `IdentitiesOnly=yes`
This SSH option is always set, except when Vagrant is running from an
operating system fo the Solaris-family, as this parameter is not
supported by SunSSH. Logic taken from
bed1f8335f/lib/vagrant/util/ssh.rb (L116-L121)

Fix #5017
2015-01-12 08:58:29 +01:00
Gilles Cornu f96636587a provisioners/ansible: don't read/write known_hosts
Like Vagrant's default SSH behaviors (e.g ssh or ssh-config commands),
the Ansible provisioner should by default not modify or read the user
known host file (e.g. ~/.ssh/known_hosts).

Given that `UserKnownHostsFile=/dev/null` SSH option is usually combined
with `StrictHostKeyChecking=no`, it seems quite reasonable to bind the
activation/disactivation of both options to `host_key_checking`
provisioner attribute.

For the records, a discussion held in Ansible-Development mailing list
clearly confirmed that there is no short-term plan to adapt Ansible to
offer an extra option or change the behavior of
ANSIBLE_HOST_KEY_CHECKING. For this reason, the current implementation
seems reasonable and should be stable on the long run.

Close #3900

Related References:

- https://groups.google.com/forum/#!msg/ansible-devel/iuoZs1oImNs/6xrj5oa1CmoJ
- https://github.com/ansible/ansible/issues/9442
2014-11-30 09:55:48 +01:00
Gilles Cornu 178942cf27 provisioners/ansible: change arguments arrangement
- force `--connection=ssh` (any other modes like paramiko or smart are not
  supported)
- give the highest priority to `raw_arguments` for sake of simplicity (in
  usage, in code and in documentation)
- fix position of the `--limit` argument (the generated inventory could be
  shadowed by `raw_arguments`, while ansible.limit was able to override
  `raw_arguments`

ref #3396
2014-11-30 09:50:50 +01:00