309 lines
12 KiB
Ruby
309 lines
12 KiB
Ruby
require "thread"
|
|
|
|
require_relative "base"
|
|
|
|
module VagrantPlugins
|
|
module Ansible
|
|
module Provisioner
|
|
class Host < Base
|
|
|
|
@@lock = Mutex.new
|
|
|
|
def initialize(machine, config)
|
|
super
|
|
@logger = Log4r::Logger.new("vagrant::provisioners::ansible_host")
|
|
end
|
|
|
|
def provision
|
|
# At this stage, the SSH access is guaranteed to be ready
|
|
@ssh_info = @machine.ssh_info
|
|
|
|
check_files_existence
|
|
warn_for_unsupported_platform
|
|
|
|
execute_ansible_galaxy_from_host if config.galaxy_role_file
|
|
execute_ansible_playbook_from_host
|
|
end
|
|
|
|
protected
|
|
|
|
VAGRANT_ARG_SEPARATOR = 'VAGRANT_ARG_SEP'
|
|
|
|
def warn_for_unsupported_platform
|
|
if Vagrant::Util::Platform.windows?
|
|
@machine.env.ui.warn(I18n.t("vagrant.provisioners.ansible.windows_not_supported_for_control_machine"))
|
|
end
|
|
end
|
|
|
|
def prepare_command_arguments
|
|
# Connect with native OpenSSH client
|
|
# Other modes (e.g. paramiko) are not officially supported,
|
|
# but can be enabled via raw_arguments option.
|
|
@command_arguments << "--connection=ssh"
|
|
|
|
# Increase the SSH connection timeout, as the Ansible default value (10 seconds)
|
|
# is a bit demanding for some overloaded developer boxes. This is particularly
|
|
# helpful when additional virtual networks are configured, as their availability
|
|
# is not controlled during vagrant boot process.
|
|
@command_arguments << "--timeout=30"
|
|
|
|
if !config.force_remote_user
|
|
# Pass the vagrant ssh username as Ansible default remote user, because
|
|
# the ansible_ssh_user parameter won't be added to the auto-generated inventory.
|
|
@command_arguments << "--user=#{@ssh_info[:username]}"
|
|
elsif config.inventory_path
|
|
# Using an extra variable is the only way to ensure that the Ansible remote user
|
|
# is overridden (as the ansible inventory is not under vagrant control)
|
|
@command_arguments << "--extra-vars=ansible_ssh_user='#{@ssh_info[:username]}'"
|
|
end
|
|
|
|
@command_arguments << "--ask-sudo-pass" if config.ask_sudo_pass
|
|
@command_arguments << "--ask-vault-pass" if config.ask_vault_pass
|
|
|
|
prepare_common_command_arguments
|
|
end
|
|
|
|
|
|
def prepare_environment_variables
|
|
prepare_common_environment_variables
|
|
|
|
# Some Ansible options must be passed as environment variables,
|
|
# as there is no equivalent command line arguments
|
|
@environment_variables["ANSIBLE_HOST_KEY_CHECKING"] = "#{config.host_key_checking}"
|
|
|
|
# ANSIBLE_SSH_ARGS is required for Multiple SSH keys, SSH forwarding and custom SSH settings
|
|
@environment_variables["ANSIBLE_SSH_ARGS"] = ansible_ssh_args unless ansible_ssh_args.empty?
|
|
end
|
|
|
|
def execute_command_from_host(command)
|
|
begin
|
|
result = Vagrant::Util::Subprocess.execute(*command) do |type, data|
|
|
if type == :stdout || type == :stderr
|
|
@machine.env.ui.detail(data, new_line: false, prefix: false)
|
|
end
|
|
end
|
|
raise Ansible::Errors::AnsibleCommandFailed if result.exit_code != 0
|
|
rescue Vagrant::Errors::CommandUnavailable
|
|
raise Ansible::Errors::AnsibleNotFoundOnHost
|
|
end
|
|
end
|
|
|
|
def execute_ansible_galaxy_from_host
|
|
prepare_ansible_config_environment_variable
|
|
|
|
command_values = {
|
|
role_file: get_galaxy_role_file,
|
|
roles_path: get_galaxy_roles_path
|
|
}
|
|
command_template = config.galaxy_command.gsub(' ', VAGRANT_ARG_SEPARATOR)
|
|
str_command = command_template % command_values
|
|
|
|
command = str_command.split(VAGRANT_ARG_SEPARATOR)
|
|
command << {
|
|
env: @environment_variables,
|
|
# Write stdout and stderr data, since it's the regular Ansible output
|
|
notify: [:stdout, :stderr],
|
|
workdir: @machine.env.root_path.to_s
|
|
}
|
|
|
|
ui_running_ansible_command "galaxy", ansible_galaxy_command_for_shell_execution
|
|
|
|
execute_command_from_host command
|
|
end
|
|
|
|
def execute_ansible_playbook_from_host
|
|
prepare_environment_variables
|
|
prepare_command_arguments
|
|
|
|
# Assemble the full ansible-playbook command
|
|
command = [config.playbook_command] << @command_arguments
|
|
|
|
# Add the raw arguments at the end, to give them the highest precedence
|
|
command << config.raw_arguments if config.raw_arguments
|
|
|
|
command << config.playbook
|
|
command = command.flatten
|
|
|
|
command << {
|
|
env: @environment_variables,
|
|
# Write stdout and stderr data, since it's the regular Ansible output
|
|
notify: [:stdout, :stderr],
|
|
workdir: @machine.env.root_path.to_s
|
|
}
|
|
|
|
ui_running_ansible_command "playbook", ansible_playbook_command_for_shell_execution
|
|
|
|
execute_command_from_host command
|
|
end
|
|
|
|
def ship_generated_inventory(inventory_content)
|
|
inventory_path = Pathname.new(File.join(@machine.env.local_data_path.join, %w(provisioners ansible inventory)))
|
|
FileUtils.mkdir_p(inventory_path) unless File.directory?(inventory_path)
|
|
|
|
inventory_file = Pathname.new(File.join(inventory_path, 'vagrant_ansible_inventory'))
|
|
@@lock.synchronize do
|
|
if !File.exists?(inventory_file) or inventory_content != File.read(inventory_file)
|
|
begin
|
|
# ansible dir inventory will ignore files starting with '.'
|
|
inventory_tmpfile = Tempfile.new('.vagrant_ansible_inventory', inventory_path)
|
|
inventory_tmpfile.write(inventory_content)
|
|
inventory_tmpfile.close
|
|
File.rename(inventory_tmpfile.path, inventory_file)
|
|
ensure
|
|
inventory_tmpfile.close
|
|
inventory_tmpfile.unlink
|
|
end
|
|
end
|
|
end
|
|
|
|
return inventory_path
|
|
end
|
|
|
|
def generate_inventory_machines
|
|
machines = ""
|
|
|
|
@machine.env.active_machines.each do |am|
|
|
begin
|
|
m = @machine.env.machine(*am)
|
|
|
|
# Call only once the SSH and WinRM info computation
|
|
# Note that machines configured with WinRM communicator, also have a "partial" ssh_info.
|
|
m_ssh_info = m.ssh_info
|
|
host_vars = get_inventory_host_vars_string(m.name)
|
|
if m.config.vm.communicator == :winrm
|
|
m_winrm_net_info = CommunicatorWinRM::Helper.winrm_info(m) # can raise a WinRMNotReady exception...
|
|
machines += get_inventory_winrm_machine(m, m_winrm_net_info)
|
|
machines.sub!(/\n$/, " #{host_vars}\n") if host_vars
|
|
@inventory_machines[m.name] = m
|
|
elsif !m_ssh_info.nil?
|
|
machines += get_inventory_ssh_machine(m, m_ssh_info)
|
|
machines.sub!(/\n$/, " #{host_vars}\n") if host_vars
|
|
@inventory_machines[m.name] = m
|
|
else
|
|
@logger.error("Auto-generated inventory: Impossible to get SSH information for machine '#{m.name} (#{m.provider_name})'. This machine should be recreated.")
|
|
# Let a note about this missing machine
|
|
machines += "# MISSING: '#{m.name}' machine was probably removed without using Vagrant. This machine should be recreated.\n"
|
|
end
|
|
rescue Vagrant::Errors::MachineNotFound, CommunicatorWinRM::Errors::WinRMNotReady => e
|
|
@logger.info("Auto-generated inventory: Skip machine '#{am[0]} (#{am[1]})', which is not configured for this Vagrant environment.")
|
|
end
|
|
end
|
|
|
|
return machines
|
|
end
|
|
|
|
def get_provisioning_working_directory
|
|
machine.env.root_path
|
|
end
|
|
|
|
def get_inventory_ssh_machine(machine, ssh_info)
|
|
forced_remote_user = ""
|
|
if config.force_remote_user
|
|
forced_remote_user = "ansible_ssh_user='#{ssh_info[:username]}' "
|
|
end
|
|
|
|
"#{machine.name} ansible_ssh_host=#{ssh_info[:host]} ansible_ssh_port=#{ssh_info[:port]} #{forced_remote_user}ansible_ssh_private_key_file='#{ssh_info[:private_key_path][0]}'\n"
|
|
end
|
|
|
|
def get_inventory_winrm_machine(machine, winrm_net_info)
|
|
forced_remote_user = ""
|
|
if config.force_remote_user
|
|
forced_remote_user = "ansible_ssh_user='#{machine.config.winrm.username}' "
|
|
end
|
|
|
|
"#{machine.name} ansible_connection=winrm ansible_ssh_host=#{winrm_net_info[:host]} ansible_ssh_port=#{winrm_net_info[:port]} #{forced_remote_user}ansible_ssh_pass='#{machine.config.winrm.password}'\n"
|
|
end
|
|
|
|
def ansible_ssh_args
|
|
@ansible_ssh_args ||= prepare_ansible_ssh_args
|
|
end
|
|
|
|
def prepare_ansible_ssh_args
|
|
ssh_options = []
|
|
|
|
# Use an SSH ProxyCommand when using the Docker provider with the intermediate host
|
|
if @machine.provider_name == :docker && machine.provider.host_vm?
|
|
docker_host_ssh_info = machine.provider.host_vm.ssh_info
|
|
|
|
proxy_cmd = "ssh #{docker_host_ssh_info[:username]}@#{docker_host_ssh_info[:host]}" +
|
|
" -p #{docker_host_ssh_info[:port]} -i #{docker_host_ssh_info[:private_key_path][0]}"
|
|
|
|
# Use same options than plugins/providers/docker/communicator.rb
|
|
# Note: this could be improved (DRY'ed) by sharing these settings.
|
|
proxy_cmd += " -o Compression=yes -o ConnectTimeout=5 -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
|
|
|
|
proxy_cmd += " -o ForwardAgent=yes" if @ssh_info[:forward_agent]
|
|
|
|
proxy_cmd += " exec nc %h %p 2>/dev/null"
|
|
|
|
ssh_options << "-o ProxyCommand='#{ proxy_cmd }'"
|
|
# TODO ssh_options << "-o ProxyCommand=\"#{ proxy_cmd }\""
|
|
end
|
|
|
|
# Use an SSH ProxyCommand when corresponding Vagrant setting is defined
|
|
if @machine.ssh_info[:proxy_command]
|
|
proxy_cmd = @machine.ssh_info[:proxy_command]
|
|
ssh_options << "-o ProxyCommand='#{ proxy_cmd }'"
|
|
end
|
|
|
|
# Don't access user's known_hosts file, except when host_key_checking is enabled.
|
|
ssh_options << "-o UserKnownHostsFile=/dev/null" unless config.host_key_checking
|
|
|
|
# Set IdentitiesOnly=yes to avoid authentication errors when the host has more than 5 ssh keys.
|
|
# Notes:
|
|
# - Solaris/OpenSolaris/Illumos uses SunSSH which doesn't support the IdentitiesOnly option.
|
|
# - this could be improved by sharing logic with lib/vagrant/util/ssh.rb
|
|
ssh_options << "-o IdentitiesOnly=yes" unless Vagrant::Util::Platform.solaris?
|
|
|
|
# Multiple Private Keys
|
|
unless !config.inventory_path && @ssh_info[:private_key_path].size == 1
|
|
@ssh_info[:private_key_path].each do |key|
|
|
ssh_options << "-i '#{key}'"
|
|
end
|
|
end
|
|
|
|
# SSH Forwarding
|
|
ssh_options << "-o ForwardAgent=yes" if @ssh_info[:forward_agent]
|
|
|
|
# Unchecked SSH Parameters
|
|
ssh_options.concat(config.raw_ssh_args) if config.raw_ssh_args
|
|
|
|
# Re-enable ControlPersist Ansible defaults,
|
|
# which are lost when ANSIBLE_SSH_ARGS is defined.
|
|
unless ssh_options.empty?
|
|
ssh_options << "-o ControlMaster=auto"
|
|
ssh_options << "-o ControlPersist=60s"
|
|
# Intentionally keep ControlPath undefined to let ansible-playbook
|
|
# automatically sets this option to Ansible default value
|
|
end
|
|
|
|
ssh_options.join(' ')
|
|
end
|
|
|
|
def check_path(path, path_test_method, option_name)
|
|
# Checks for the existence of given file (or directory) on the host system,
|
|
# and error if it doesn't exist.
|
|
|
|
expanded_path = Pathname.new(path).expand_path(@machine.env.root_path)
|
|
if !expanded_path.public_send(path_test_method)
|
|
raise Ansible::Errors::AnsibleError,
|
|
_key: :config_file_not_found,
|
|
config_option: option_name,
|
|
path: expanded_path,
|
|
system: "host"
|
|
end
|
|
end
|
|
|
|
def check_path_is_a_file(path, option_name)
|
|
check_path(path, "file?", option_name)
|
|
end
|
|
|
|
def check_path_exists(path, option_name)
|
|
check_path(path, "exist?", option_name)
|
|
end
|
|
|
|
end
|
|
end
|
|
end
|
|
end
|