def ansible_playbook(environment, playbook, *cmd_args):
if os.path.isabs(playbook):
playbook_path = playbook
else:
playbook_path = os.path.join(ANSIBLE_DIR, '{playbook}'.format(playbook=playbook))
cmd_parts = (
'ansible-playbook',
playbook_path,
'-i', environment.paths.inventory_source,
'-e', '@{}'.format(environment.paths.vault_yml),
'-e', '@{}'.format(environment.paths.public_yml),
'-e', '@{}'.format(environment.paths.generated_yml),
'--diff',
) + get_limit() + cmd_args
public_vars = environment.public_vars
cmd_parts += get_user_arg(public_vars, unknown_args, use_factory_auth)
if has_arg(unknown_args, '-D', '--diff') or has_arg(unknown_args, '-C', '--check'):
puts(colored.red("Options --diff and --check not allowed. Please remove -D, --diff, -C, --check."))
puts("These ansible-playbook options are managed automatically by commcare-cloud and cannot be set manually.")
return 2 # exit code
ask_vault_pass = public_vars.get('commcare_cloud_use_vault', True)
if ask_vault_pass:
cmd_parts += ('--vault-password-file={}/echo_vault_password.sh'.format(ANSIBLE_DIR),)
cmd_parts_with_common_ssh_args = get_common_ssh_args(environment, use_factory_auth=use_factory_auth)
cmd_parts += cmd_parts_with_common_ssh_args
cmd = ' '.join(shlex_quote(arg) for arg in cmd_parts)
print_command(cmd)
env_vars = ansible_context.env_vars
if ask_vault_pass:
env_vars['ANSIBLE_VAULT_PASSWORD'] = environment.get_ansible_vault_password()
return subprocess.call(cmd_parts, env=env_vars)
def ansible_playbook(environment, playbook, *cmd_args):
if os.path.isabs(playbook):
playbook_path = playbook
else:
playbook_path = os.path.join(
ANSIBLE_DIR, '{playbook}'.format(playbook=playbook))
cmd_parts = (
'ansible-playbook',
playbook_path,
'-i',
environment.paths.inventory_ini,
'-e',
'@{}'.format(environment.paths.vault_yml),
'-e',
'@{}'.format(environment.paths.public_yml),
'-e',
'@{}'.format(environment.paths.generated_yml),
'--diff',
) + get_limit() + cmd_args
public_vars = environment.public_vars
cmd_parts += get_user_arg(public_vars, unknown_args)
if not has_arg(unknown_args, '-f', '--forks'):
cmd_parts += ('--forks', '15')
if has_arg(unknown_args, '-D', '--diff') or has_arg(
unknown_args, '-C', '--check'):
puts(
colored.red(
"Options --diff and --check not allowed. Please remove -D, --diff, -C, --check."
))
puts(
"These ansible-playbook options are managed automatically by commcare-cloud and cannot be set manually."
)
return 2 # exit code
ask_vault_pass = public_vars.get('commcare_cloud_use_vault', True)
if ask_vault_pass:
cmd_parts += ('--vault-password-file=/bin/cat', )
cmd_parts_with_common_ssh_args = get_common_ssh_args(
environment, use_factory_auth=use_factory_auth)
cmd_parts += cmd_parts_with_common_ssh_args
cmd = ' '.join(shlex_quote(arg) for arg in cmd_parts)
print_command(cmd)
if ask_vault_pass:
environment.get_ansible_vault_password()
p = subprocess.Popen(cmd,
stdin=subprocess.PIPE,
shell=True,
env=ansible_context.env_vars)
if ask_vault_pass:
p.communicate(
input='{}\n'.format(environment.get_ansible_vault_password()))
else:
p.communicate()
return p.returncode
def run(self, args, unknown_args):
environment = get_environment(args.env_name)
args.playbook = 'deploy_stack.yml'
args.use_factory_auth = True
public_vars = environment.public_vars
unknown_args += ('--tags=bootstrap-users',) + get_user_arg(public_vars, unknown_args, use_factory_auth=True)
if not public_vars.get('commcare_cloud_pem'):
unknown_args += ('--ask-pass',)
return AnsiblePlaybook(self.parser).run(args, unknown_args, always_skip_check=True)
def run_ansible_module(environment, ansible_context, inventory_group, module,
module_args, become, become_user, factory_auth,
*extra_args):
cmd_parts = (
'ansible',
inventory_group,
'-m',
module,
'-i',
environment.paths.inventory_source,
'-a',
module_args,
'--diff',
) + tuple(extra_args)
environment.create_generated_yml()
public_vars = environment.public_vars
cmd_parts += get_user_arg(public_vars,
extra_args,
use_factory_auth=factory_auth)
become = become or bool(become_user)
become_user = become_user
include_vars = False
if become:
cmd_parts += ('--become', )
include_vars = True
if become_user:
cmd_parts += ('--become-user', become_user)
if include_vars:
cmd_parts += (
'-e',
'@{}'.format(environment.paths.vault_yml),
'-e',
'@{}'.format(environment.paths.public_yml),
'-e',
'@{}'.format(environment.paths.generated_yml),
)
ask_vault_pass = include_vars and public_vars.get(
'commcare_cloud_use_vault', True)
if ask_vault_pass:
cmd_parts += ('--vault-password-file={}/echo_vault_password.sh'.format(
ANSIBLE_DIR), )
cmd_parts_with_common_ssh_args = get_common_ssh_args(
environment, use_factory_auth=factory_auth)
cmd_parts += cmd_parts_with_common_ssh_args
cmd = ' '.join(shlex_quote(arg) for arg in cmd_parts)
print_command(cmd)
env_vars = ansible_context.env_vars
if ask_vault_pass:
env_vars[
'ANSIBLE_VAULT_PASSWORD'] = environment.get_ansible_vault_password(
)
return subprocess.call(cmd_parts, env=env_vars)
def run(self, args, unknown_args):
environment = get_environment(args.env_name)
args.playbook = 'deploy_stack.yml'
args.use_factory_auth = True
public_vars = environment.public_vars
unknown_args += ('--tags=bootstrap-users', ) + get_user_arg(
public_vars, unknown_args, use_factory_auth=True)
if not public_vars.get('commcare_cloud_pem'):
unknown_args += ('--ask-pass', )
return AnsiblePlaybook(self.parser).run(args,
unknown_args,
always_skip_check=True)
def ansible_playbook(environment, playbook, *cmd_args):
if os.path.isabs(playbook):
playbook_path = playbook
else:
playbook_path = os.path.join(
ANSIBLE_DIR, '{playbook}'.format(playbook=playbook))
cmd_parts = (
'ansible-playbook',
playbook_path,
'-i',
environment.paths.inventory_source,
'-e',
'@{}'.format(environment.paths.vault_yml),
'-e',
'@{}'.format(environment.paths.public_yml),
'-e',
'@{}'.format(environment.paths.generated_yml),
'--diff',
) + get_limit() + cmd_args
public_vars = environment.public_vars
cmd_parts += get_user_arg(public_vars, unknown_args, use_factory_auth)
if has_arg(unknown_args, '-D', '--diff') or has_arg(
unknown_args, '-C', '--check'):
puts(
color_error("Options --diff and --check not allowed. "
"Please remove -D, --diff, -C, --check."))
puts(
color_error(
"These ansible-playbook options are managed automatically "
"by commcare-cloud and cannot be set manually."))
return 2 # exit code
ask_vault_pass = public_vars.get('commcare_cloud_use_vault', True)
if ask_vault_pass:
cmd_parts += ('--vault-password-file={}/echo_vault_password.sh'.
format(ANSIBLE_DIR), )
cmd_parts_with_common_ssh_args = get_common_ssh_args(
environment, use_factory_auth=use_factory_auth)
cmd_parts += cmd_parts_with_common_ssh_args
cmd = ' '.join(shlex_quote(arg) for arg in cmd_parts)
print_command(cmd)
env_vars = ansible_context.env_vars
if ask_vault_pass:
env_vars[
'ANSIBLE_VAULT_PASSWORD'] = environment.get_ansible_vault_password(
)
return subprocess.call(cmd_parts, env=env_vars)
def run_ansible_module(environment, ansible_context, inventory_group, module, module_args,
become, become_user, factory_auth, *extra_args):
cmd_parts = (
'ANSIBLE_CONFIG={}'.format(os.path.join(ANSIBLE_DIR, 'ansible.cfg')),
'ansible', inventory_group,
'-m', module,
'-i', environment.paths.inventory_ini,
'-a', module_args,
'--diff',
) + tuple(extra_args)
environment.create_generated_yml()
public_vars = environment.public_vars
cmd_parts += get_user_arg(public_vars, extra_args, use_factory_auth=factory_auth)
become = become or bool(become_user)
become_user = become_user
include_vars = False
if become:
cmd_parts += ('--become',)
if become_user not in ('cchq',):
# ansible user can do things as cchq without a password,
# but needs the ansible user password in order to do things as other users.
# In that case, we need to pull in the vault variable containing this password
include_vars = True
if become_user:
cmd_parts += ('--become-user', become_user)
if include_vars:
cmd_parts += (
'-e', '@{}'.format(environment.paths.vault_yml),
'-e', '@{}'.format(environment.paths.public_yml),
'-e', '@{}'.format(environment.paths.generated_yml),
)
ask_vault_pass = include_vars and public_vars.get('commcare_cloud_use_vault', True)
if ask_vault_pass:
cmd_parts += ('--vault-password-file=/bin/cat',)
cmd_parts_with_common_ssh_args = get_common_ssh_args(environment, use_factory_auth=factory_auth)
cmd_parts += cmd_parts_with_common_ssh_args
cmd = ' '.join(shlex_quote(arg) for arg in cmd_parts)
print_command(cmd)
p = subprocess.Popen(cmd, stdin=subprocess.PIPE, shell=True, env=ansible_context.env_vars)
if ask_vault_pass:
p.communicate(input='{}\n'.format(environment.get_ansible_vault_password()))
else:
p.communicate()
return p.returncode
def run_ansible_module(environment, ansible_context, inventory_group, module, module_args,
become=True, become_user=None, use_factory_auth=False, quiet=False, extra_args=()):
extra_args = tuple(extra_args)
if not quiet:
extra_args = ("--diff",) + extra_args
else:
extra_args = ("--one-line",) + extra_args
cmd_parts = (
'ansible', inventory_group,
'-m', module,
'-i', environment.paths.inventory_source,
'-a', module_args,
) + extra_args
environment.create_generated_yml()
public_vars = environment.public_vars
cmd_parts += get_user_arg(public_vars, extra_args, use_factory_auth=use_factory_auth)
become = become or bool(become_user)
become_user = become_user
needs_secrets = False
env_vars = ansible_context.env_vars
if become:
cmd_parts += ('--become',)
needs_secrets = True
if become_user:
cmd_parts += ('--become-user', become_user)
if needs_secrets:
cmd_parts += (
'-e', '@{}'.format(environment.paths.public_yml),
'-e', '@{}'.format(environment.paths.generated_yml),
)
cmd_parts += environment.secrets_backend.get_extra_ansible_args()
env_vars.update(environment.secrets_backend.get_extra_ansible_env_vars())
cmd_parts_with_common_ssh_args = get_common_ssh_args(environment, use_factory_auth=use_factory_auth)
cmd_parts += cmd_parts_with_common_ssh_args
cmd = ' '.join(shlex_quote(arg) for arg in cmd_parts)
if not quiet:
print_command(cmd)
return subprocess.call(cmd_parts, env=env_vars)
def ansible_playbook(environment, playbook, *cmd_args):
if os.path.isabs(playbook):
playbook_path = playbook
else:
playbook_path = os.path.join(
ANSIBLE_DIR, '{playbook}'.format(playbook=playbook))
cmd_parts = (
'ansible-playbook',
playbook_path,
'-i',
environment.paths.inventory_source,
'-e',
'@{}'.format(environment.paths.public_yml),
'-e',
'@{}'.format(environment.paths.generated_yml),
'--diff',
) + get_limit() + cmd_args
public_vars = environment.public_vars
env_vars = ansible_context.env_vars
cmd_parts += get_user_arg(public_vars, unknown_args, use_factory_auth)
if has_arg(unknown_args, '-D', '--diff') or has_arg(
unknown_args, '-C', '--check'):
puts(
color_error("Options --diff and --check not allowed. "
"Please remove -D, --diff, -C, --check."))
puts(
color_error(
"These ansible-playbook options are managed automatically "
"by commcare-cloud and cannot be set manually."))
return 2 # exit code
cmd_parts += environment.secrets_backend.get_extra_ansible_args()
cmd_parts_with_common_ssh_args = get_common_ssh_args(
environment, use_factory_auth=use_factory_auth)
cmd_parts += cmd_parts_with_common_ssh_args
cmd = ' '.join(shlex_quote(arg) for arg in cmd_parts)
print_command(cmd)
env_vars.update(
environment.secrets_backend.get_extra_ansible_env_vars())
return subprocess.call(cmd_parts, env=env_vars)
def run_ansible_module(environment, ansible_context, inventory_group, module, module_args,
become, become_user, factory_auth, *extra_args):
cmd_parts = (
'ansible', inventory_group,
'-m', module,
'-i', environment.paths.inventory_source,
'-a', module_args,
'--diff',
) + tuple(extra_args)
environment.create_generated_yml()
public_vars = environment.public_vars
cmd_parts += get_user_arg(public_vars, extra_args, use_factory_auth=factory_auth)
become = become or bool(become_user)
become_user = become_user
include_vars = False
if become:
cmd_parts += ('--become',)
include_vars = True
if become_user:
cmd_parts += ('--become-user', become_user)
if include_vars:
cmd_parts += (
'-e', '@{}'.format(environment.paths.vault_yml),
'-e', '@{}'.format(environment.paths.public_yml),
'-e', '@{}'.format(environment.paths.generated_yml),
)
ask_vault_pass = include_vars and public_vars.get('commcare_cloud_use_vault', True)
if ask_vault_pass:
cmd_parts += ('--vault-password-file={}/echo_vault_password.sh'.format(ANSIBLE_DIR),)
cmd_parts_with_common_ssh_args = get_common_ssh_args(environment, use_factory_auth=factory_auth)
cmd_parts += cmd_parts_with_common_ssh_args
cmd = ' '.join(shlex_quote(arg) for arg in cmd_parts)
print_command(cmd)
env_vars = ansible_context.env_vars
if ask_vault_pass:
env_vars['ANSIBLE_VAULT_PASSWORD'] = environment.get_ansible_vault_password()
return subprocess.call(cmd_parts, env=env_vars)
