def ansible_playbook(environment, playbook, *cmd_args): if os.path.isabs(playbook): playbook_path = playbook else: playbook_path = os.path.join(ANSIBLE_DIR, '{playbook}'.format(playbook=playbook)) cmd_parts = ( 'ansible-playbook', playbook_path, '-i', environment.paths.inventory_source, '-e', '@{}'.format(environment.paths.vault_yml), '-e', '@{}'.format(environment.paths.public_yml), '-e', '@{}'.format(environment.paths.generated_yml), '--diff', ) + get_limit() + cmd_args public_vars = environment.public_vars cmd_parts += get_user_arg(public_vars, unknown_args, use_factory_auth) if has_arg(unknown_args, '-D', '--diff') or has_arg(unknown_args, '-C', '--check'): puts(colored.red("Options --diff and --check not allowed. Please remove -D, --diff, -C, --check.")) puts("These ansible-playbook options are managed automatically by commcare-cloud and cannot be set manually.") return 2 # exit code ask_vault_pass = public_vars.get('commcare_cloud_use_vault', True) if ask_vault_pass: cmd_parts += ('--vault-password-file={}/echo_vault_password.sh'.format(ANSIBLE_DIR),) cmd_parts_with_common_ssh_args = get_common_ssh_args(environment, use_factory_auth=use_factory_auth) cmd_parts += cmd_parts_with_common_ssh_args cmd = ' '.join(shlex_quote(arg) for arg in cmd_parts) print_command(cmd) env_vars = ansible_context.env_vars if ask_vault_pass: env_vars['ANSIBLE_VAULT_PASSWORD'] = environment.get_ansible_vault_password() return subprocess.call(cmd_parts, env=env_vars)
def ansible_playbook(environment, playbook, *cmd_args): if os.path.isabs(playbook): playbook_path = playbook else: playbook_path = os.path.join( ANSIBLE_DIR, '{playbook}'.format(playbook=playbook)) cmd_parts = ( 'ansible-playbook', playbook_path, '-i', environment.paths.inventory_ini, '-e', '@{}'.format(environment.paths.vault_yml), '-e', '@{}'.format(environment.paths.public_yml), '-e', '@{}'.format(environment.paths.generated_yml), '--diff', ) + get_limit() + cmd_args public_vars = environment.public_vars cmd_parts += get_user_arg(public_vars, unknown_args) if not has_arg(unknown_args, '-f', '--forks'): cmd_parts += ('--forks', '15') if has_arg(unknown_args, '-D', '--diff') or has_arg( unknown_args, '-C', '--check'): puts( colored.red( "Options --diff and --check not allowed. Please remove -D, --diff, -C, --check." )) puts( "These ansible-playbook options are managed automatically by commcare-cloud and cannot be set manually." ) return 2 # exit code ask_vault_pass = public_vars.get('commcare_cloud_use_vault', True) if ask_vault_pass: cmd_parts += ('--vault-password-file=/bin/cat', ) cmd_parts_with_common_ssh_args = get_common_ssh_args( environment, use_factory_auth=use_factory_auth) cmd_parts += cmd_parts_with_common_ssh_args cmd = ' '.join(shlex_quote(arg) for arg in cmd_parts) print_command(cmd) if ask_vault_pass: environment.get_ansible_vault_password() p = subprocess.Popen(cmd, stdin=subprocess.PIPE, shell=True, env=ansible_context.env_vars) if ask_vault_pass: p.communicate( input='{}\n'.format(environment.get_ansible_vault_password())) else: p.communicate() return p.returncode
def run(self, args, unknown_args): environment = get_environment(args.env_name) args.playbook = 'deploy_stack.yml' args.use_factory_auth = True public_vars = environment.public_vars unknown_args += ('--tags=bootstrap-users',) + get_user_arg(public_vars, unknown_args, use_factory_auth=True) if not public_vars.get('commcare_cloud_pem'): unknown_args += ('--ask-pass',) return AnsiblePlaybook(self.parser).run(args, unknown_args, always_skip_check=True)
def run_ansible_module(environment, ansible_context, inventory_group, module, module_args, become, become_user, factory_auth, *extra_args): cmd_parts = ( 'ansible', inventory_group, '-m', module, '-i', environment.paths.inventory_source, '-a', module_args, '--diff', ) + tuple(extra_args) environment.create_generated_yml() public_vars = environment.public_vars cmd_parts += get_user_arg(public_vars, extra_args, use_factory_auth=factory_auth) become = become or bool(become_user) become_user = become_user include_vars = False if become: cmd_parts += ('--become', ) include_vars = True if become_user: cmd_parts += ('--become-user', become_user) if include_vars: cmd_parts += ( '-e', '@{}'.format(environment.paths.vault_yml), '-e', '@{}'.format(environment.paths.public_yml), '-e', '@{}'.format(environment.paths.generated_yml), ) ask_vault_pass = include_vars and public_vars.get( 'commcare_cloud_use_vault', True) if ask_vault_pass: cmd_parts += ('--vault-password-file={}/echo_vault_password.sh'.format( ANSIBLE_DIR), ) cmd_parts_with_common_ssh_args = get_common_ssh_args( environment, use_factory_auth=factory_auth) cmd_parts += cmd_parts_with_common_ssh_args cmd = ' '.join(shlex_quote(arg) for arg in cmd_parts) print_command(cmd) env_vars = ansible_context.env_vars if ask_vault_pass: env_vars[ 'ANSIBLE_VAULT_PASSWORD'] = environment.get_ansible_vault_password( ) return subprocess.call(cmd_parts, env=env_vars)
def run(self, args, unknown_args): environment = get_environment(args.env_name) args.playbook = 'deploy_stack.yml' args.use_factory_auth = True public_vars = environment.public_vars unknown_args += ('--tags=bootstrap-users', ) + get_user_arg( public_vars, unknown_args, use_factory_auth=True) if not public_vars.get('commcare_cloud_pem'): unknown_args += ('--ask-pass', ) return AnsiblePlaybook(self.parser).run(args, unknown_args, always_skip_check=True)
def ansible_playbook(environment, playbook, *cmd_args): if os.path.isabs(playbook): playbook_path = playbook else: playbook_path = os.path.join( ANSIBLE_DIR, '{playbook}'.format(playbook=playbook)) cmd_parts = ( 'ansible-playbook', playbook_path, '-i', environment.paths.inventory_source, '-e', '@{}'.format(environment.paths.vault_yml), '-e', '@{}'.format(environment.paths.public_yml), '-e', '@{}'.format(environment.paths.generated_yml), '--diff', ) + get_limit() + cmd_args public_vars = environment.public_vars cmd_parts += get_user_arg(public_vars, unknown_args, use_factory_auth) if has_arg(unknown_args, '-D', '--diff') or has_arg( unknown_args, '-C', '--check'): puts( color_error("Options --diff and --check not allowed. " "Please remove -D, --diff, -C, --check.")) puts( color_error( "These ansible-playbook options are managed automatically " "by commcare-cloud and cannot be set manually.")) return 2 # exit code ask_vault_pass = public_vars.get('commcare_cloud_use_vault', True) if ask_vault_pass: cmd_parts += ('--vault-password-file={}/echo_vault_password.sh'. format(ANSIBLE_DIR), ) cmd_parts_with_common_ssh_args = get_common_ssh_args( environment, use_factory_auth=use_factory_auth) cmd_parts += cmd_parts_with_common_ssh_args cmd = ' '.join(shlex_quote(arg) for arg in cmd_parts) print_command(cmd) env_vars = ansible_context.env_vars if ask_vault_pass: env_vars[ 'ANSIBLE_VAULT_PASSWORD'] = environment.get_ansible_vault_password( ) return subprocess.call(cmd_parts, env=env_vars)
def run_ansible_module(environment, ansible_context, inventory_group, module, module_args, become, become_user, factory_auth, *extra_args): cmd_parts = ( 'ANSIBLE_CONFIG={}'.format(os.path.join(ANSIBLE_DIR, 'ansible.cfg')), 'ansible', inventory_group, '-m', module, '-i', environment.paths.inventory_ini, '-a', module_args, '--diff', ) + tuple(extra_args) environment.create_generated_yml() public_vars = environment.public_vars cmd_parts += get_user_arg(public_vars, extra_args, use_factory_auth=factory_auth) become = become or bool(become_user) become_user = become_user include_vars = False if become: cmd_parts += ('--become',) if become_user not in ('cchq',): # ansible user can do things as cchq without a password, # but needs the ansible user password in order to do things as other users. # In that case, we need to pull in the vault variable containing this password include_vars = True if become_user: cmd_parts += ('--become-user', become_user) if include_vars: cmd_parts += ( '-e', '@{}'.format(environment.paths.vault_yml), '-e', '@{}'.format(environment.paths.public_yml), '-e', '@{}'.format(environment.paths.generated_yml), ) ask_vault_pass = include_vars and public_vars.get('commcare_cloud_use_vault', True) if ask_vault_pass: cmd_parts += ('--vault-password-file=/bin/cat',) cmd_parts_with_common_ssh_args = get_common_ssh_args(environment, use_factory_auth=factory_auth) cmd_parts += cmd_parts_with_common_ssh_args cmd = ' '.join(shlex_quote(arg) for arg in cmd_parts) print_command(cmd) p = subprocess.Popen(cmd, stdin=subprocess.PIPE, shell=True, env=ansible_context.env_vars) if ask_vault_pass: p.communicate(input='{}\n'.format(environment.get_ansible_vault_password())) else: p.communicate() return p.returncode
def run_ansible_module(environment, ansible_context, inventory_group, module, module_args, become=True, become_user=None, use_factory_auth=False, quiet=False, extra_args=()): extra_args = tuple(extra_args) if not quiet: extra_args = ("--diff",) + extra_args else: extra_args = ("--one-line",) + extra_args cmd_parts = ( 'ansible', inventory_group, '-m', module, '-i', environment.paths.inventory_source, '-a', module_args, ) + extra_args environment.create_generated_yml() public_vars = environment.public_vars cmd_parts += get_user_arg(public_vars, extra_args, use_factory_auth=use_factory_auth) become = become or bool(become_user) become_user = become_user needs_secrets = False env_vars = ansible_context.env_vars if become: cmd_parts += ('--become',) needs_secrets = True if become_user: cmd_parts += ('--become-user', become_user) if needs_secrets: cmd_parts += ( '-e', '@{}'.format(environment.paths.public_yml), '-e', '@{}'.format(environment.paths.generated_yml), ) cmd_parts += environment.secrets_backend.get_extra_ansible_args() env_vars.update(environment.secrets_backend.get_extra_ansible_env_vars()) cmd_parts_with_common_ssh_args = get_common_ssh_args(environment, use_factory_auth=use_factory_auth) cmd_parts += cmd_parts_with_common_ssh_args cmd = ' '.join(shlex_quote(arg) for arg in cmd_parts) if not quiet: print_command(cmd) return subprocess.call(cmd_parts, env=env_vars)
def ansible_playbook(environment, playbook, *cmd_args): if os.path.isabs(playbook): playbook_path = playbook else: playbook_path = os.path.join( ANSIBLE_DIR, '{playbook}'.format(playbook=playbook)) cmd_parts = ( 'ansible-playbook', playbook_path, '-i', environment.paths.inventory_source, '-e', '@{}'.format(environment.paths.public_yml), '-e', '@{}'.format(environment.paths.generated_yml), '--diff', ) + get_limit() + cmd_args public_vars = environment.public_vars env_vars = ansible_context.env_vars cmd_parts += get_user_arg(public_vars, unknown_args, use_factory_auth) if has_arg(unknown_args, '-D', '--diff') or has_arg( unknown_args, '-C', '--check'): puts( color_error("Options --diff and --check not allowed. " "Please remove -D, --diff, -C, --check.")) puts( color_error( "These ansible-playbook options are managed automatically " "by commcare-cloud and cannot be set manually.")) return 2 # exit code cmd_parts += environment.secrets_backend.get_extra_ansible_args() cmd_parts_with_common_ssh_args = get_common_ssh_args( environment, use_factory_auth=use_factory_auth) cmd_parts += cmd_parts_with_common_ssh_args cmd = ' '.join(shlex_quote(arg) for arg in cmd_parts) print_command(cmd) env_vars.update( environment.secrets_backend.get_extra_ansible_env_vars()) return subprocess.call(cmd_parts, env=env_vars)
def run_ansible_module(environment, ansible_context, inventory_group, module, module_args, become, become_user, factory_auth, *extra_args): cmd_parts = ( 'ansible', inventory_group, '-m', module, '-i', environment.paths.inventory_source, '-a', module_args, '--diff', ) + tuple(extra_args) environment.create_generated_yml() public_vars = environment.public_vars cmd_parts += get_user_arg(public_vars, extra_args, use_factory_auth=factory_auth) become = become or bool(become_user) become_user = become_user include_vars = False if become: cmd_parts += ('--become',) include_vars = True if become_user: cmd_parts += ('--become-user', become_user) if include_vars: cmd_parts += ( '-e', '@{}'.format(environment.paths.vault_yml), '-e', '@{}'.format(environment.paths.public_yml), '-e', '@{}'.format(environment.paths.generated_yml), ) ask_vault_pass = include_vars and public_vars.get('commcare_cloud_use_vault', True) if ask_vault_pass: cmd_parts += ('--vault-password-file={}/echo_vault_password.sh'.format(ANSIBLE_DIR),) cmd_parts_with_common_ssh_args = get_common_ssh_args(environment, use_factory_auth=factory_auth) cmd_parts += cmd_parts_with_common_ssh_args cmd = ' '.join(shlex_quote(arg) for arg in cmd_parts) print_command(cmd) env_vars = ansible_context.env_vars if ask_vault_pass: env_vars['ANSIBLE_VAULT_PASSWORD'] = environment.get_ansible_vault_password() return subprocess.call(cmd_parts, env=env_vars)