def run(self, args, unknown_args): environment = get_environment(args.env_name) environment.create_generated_yml() ansible_context = AnsibleContext(args) def _run_ansible(args, *unknown_args): return run_ansible_module(environment, ansible_context, args.inventory_group, args.module, args.module_args, become=args.become, become_user=args.become_user, use_factory_auth=args.use_factory_auth, extra_args=unknown_args) def run_check(): with environment.secrets_backend.suppress_datadog_event(): return _run_ansible(args, '--check', *unknown_args) def run_apply(): return _run_ansible(args, *unknown_args) return run_action_with_check_mode(run_check, run_apply, args.skip_check, args.quiet)
def migrate(migration, ansible_context, skip_check, no_stop): print_allocation(migration) if not ask("Continue with this plan?"): puts("Abort") return 0 if no_stop: puts( color_notice( "Running migrate with --no-stop will result in data loss")) puts( color_notice("unless each shard of each db has a pivot location.")) if not ask( "Have you manually confirmed that for each shard of each db " "at least one of its new locations is the same as an old location, " "and do you want to continue without stopping couchdb first?"): puts("Abort") return 0 def run_check(): return _run_migration(migration, ansible_context, check_mode=True, no_stop=no_stop) def run_apply(): return _run_migration(migration, ansible_context, check_mode=False, no_stop=no_stop) return run_action_with_check_mode(run_check, run_apply, skip_check)
def run(self, args, unknown_args): environment = get_environment(args.env_name) environment.create_generated_yml() plan = read_plan(args.plan_path, environment, args.limit) working_directory = _get_working_dir(args.plan_path, environment) ansible_context = AnsibleContext(args) environment.get_ansible_vault_password() if plan.source_env != environment and args.action in ('prepare', 'cleanup'): plan.source_env.get_ansible_vault_password() if args.action == 'prepare': for target_host, source_configs in plan.configs.items(): self.log("Creating scripts to copy files.") prepare_file_copy_scripts(target_host, source_configs, working_directory) self.log("Moving scripts to target hosts.") copy_scripts_to_target_host(target_host, working_directory, environment, ansible_context) self.log("Establishing auth between target and source.") setup_auth(plan, environment, ansible_context, working_directory) if args.action == 'copy': def run_check(): return execute_file_copy_scripts(environment, list(plan.configs), check_mode=True) def run_apply(): return execute_file_copy_scripts(environment, list(plan.configs), check_mode=False) return run_action_with_check_mode(run_check, run_apply, args.skip_check) if args.action == 'cleanup': teardown_auth(plan, environment, ansible_context, working_directory) shutil.rmtree(working_directory)
def migrate(migration, ansible_context, skip_check): def run_check(): return _run_migration(migration, ansible_context, check_mode=True) def run_apply(): return _run_migration(migration, ansible_context, check_mode=False) return run_action_with_check_mode(run_check, run_apply, skip_check)
def run(self, args, unknown_args): environment = get_environment(args.env_name) environment.create_generated_yml() ansible_context = AnsibleContext(args) def _run_ansible(args, *unknown_args): return run_ansible_module(environment, ansible_context, args.inventory_group, args.module, args.module_args, args.become, args.become_user, args.use_factory_auth, *unknown_args) def run_check(): return _run_ansible(args, '--check', *unknown_args) def run_apply(): return _run_ansible(args, *unknown_args) return run_action_with_check_mode(run_check, run_apply, args.skip_check, args.quiet)
def run(self, args, unknown_args): environment = get_environment(args.env_name) environment.create_generated_yml() ansible_context = AnsibleContext(args) def _run_ansible(args, *unknown_args): return run_ansible_module( environment, ansible_context, args.inventory_group, args.module, args.module_args, args.become, args.become_user, args.use_factory_auth, *unknown_args ) def run_check(): with environment.suppress_vault_loaded_event(): return _run_ansible(args, '--check', *unknown_args) def run_apply(): return _run_ansible(args, *unknown_args) return run_action_with_check_mode(run_check, run_apply, args.skip_check, args.quiet)
def migrate(migration, ansible_context, skip_check, no_stop): print_allocation(migration) if not ask("Continue with this plan?"): puts("Abort") return 0 if no_stop: puts(colored.yellow("Running migrate with --no-stop will result in data loss")) puts(colored.yellow("unless each shard of each db has a pivot location.")) if not ask("Have you manually confirmed that for each shard of each db " "at least one of its new locations is the same as an old location, " "and do you want to continue without stopping couchdb first?"): puts("Abort") return 0 def run_check(): return _run_migration(migration, ansible_context, check_mode=True, no_stop=no_stop) def run_apply(): return _run_migration(migration, ansible_context, check_mode=False, no_stop=no_stop) return run_action_with_check_mode(run_check, run_apply, skip_check)
def run_ansible_playbook( environment, playbook, ansible_context, skip_check=False, quiet=False, always_skip_check=False, limit=None, use_factory_auth=False, unknown_args=None, respect_ansible_skip=True, ): unknown_args = unknown_args or [] def get_limit(): limit_parts = [] if limit: limit_parts.append(limit) if 'ansible_skip' in environment.sshable_hostnames_by_group and respect_ansible_skip: limit_parts.append('!ansible_skip') if limit_parts: return '--limit', ':'.join(limit_parts) else: return () def ansible_playbook(environment, playbook, *cmd_args): if os.path.isabs(playbook): playbook_path = playbook else: playbook_path = os.path.join( ANSIBLE_DIR, '{playbook}'.format(playbook=playbook)) cmd_parts = ( 'ansible-playbook', playbook_path, '-i', environment.paths.inventory_source, '-e', '@{}'.format(environment.paths.vault_yml), '-e', '@{}'.format(environment.paths.public_yml), '-e', '@{}'.format(environment.paths.generated_yml), '--diff', ) + get_limit() + cmd_args public_vars = environment.public_vars cmd_parts += get_user_arg(public_vars, unknown_args, use_factory_auth) if has_arg(unknown_args, '-D', '--diff') or has_arg( unknown_args, '-C', '--check'): puts( color_error("Options --diff and --check not allowed. " "Please remove -D, --diff, -C, --check.")) puts( color_error( "These ansible-playbook options are managed automatically " "by commcare-cloud and cannot be set manually.")) return 2 # exit code ask_vault_pass = public_vars.get('commcare_cloud_use_vault', True) if ask_vault_pass: cmd_parts += ('--vault-password-file={}/echo_vault_password.sh'. format(ANSIBLE_DIR), ) cmd_parts_with_common_ssh_args = get_common_ssh_args( environment, use_factory_auth=use_factory_auth) cmd_parts += cmd_parts_with_common_ssh_args cmd = ' '.join(shlex_quote(arg) for arg in cmd_parts) print_command(cmd) env_vars = ansible_context.env_vars if ask_vault_pass: env_vars[ 'ANSIBLE_VAULT_PASSWORD'] = environment.get_ansible_vault_password( ) return subprocess.call(cmd_parts, env=env_vars) def run_check(): with environment.suppress_vault_loaded_event(): return ansible_playbook(environment, playbook, '--check', *unknown_args) def run_apply(): return ansible_playbook(environment, playbook, *unknown_args) return run_action_with_check_mode(run_check, run_apply, skip_check, quiet, always_skip_check)
def run_ansible_playbook(environment, playbook, ansible_context, skip_check=False, quiet=False, always_skip_check=False, limit=None, use_factory_auth=False, unknown_args=None): def get_limit(): limit_parts = [] if limit: limit_parts.append(limit) if 'ansible_skip' in environment.sshable_hostnames_by_group: limit_parts.append('!ansible_skip') if limit_parts: return '--limit', ':'.join(limit_parts) else: return () def ansible_playbook(environment, playbook, *cmd_args): if os.path.isabs(playbook): playbook_path = playbook else: playbook_path = os.path.join( ANSIBLE_DIR, '{playbook}'.format(playbook=playbook)) cmd_parts = ( 'ansible-playbook', playbook_path, '-i', environment.paths.inventory_ini, '-e', '@{}'.format(environment.paths.vault_yml), '-e', '@{}'.format(environment.paths.public_yml), '-e', '@{}'.format(environment.paths.generated_yml), '--diff', ) + get_limit() + cmd_args public_vars = environment.public_vars cmd_parts += get_user_arg(public_vars, unknown_args) if not has_arg(unknown_args, '-f', '--forks'): cmd_parts += ('--forks', '15') if has_arg(unknown_args, '-D', '--diff') or has_arg( unknown_args, '-C', '--check'): puts( colored.red( "Options --diff and --check not allowed. Please remove -D, --diff, -C, --check." )) puts( "These ansible-playbook options are managed automatically by commcare-cloud and cannot be set manually." ) return 2 # exit code ask_vault_pass = public_vars.get('commcare_cloud_use_vault', True) if ask_vault_pass: cmd_parts += ('--vault-password-file=/bin/cat', ) cmd_parts_with_common_ssh_args = get_common_ssh_args( environment, use_factory_auth=use_factory_auth) cmd_parts += cmd_parts_with_common_ssh_args cmd = ' '.join(shlex_quote(arg) for arg in cmd_parts) print_command(cmd) if ask_vault_pass: environment.get_ansible_vault_password() p = subprocess.Popen(cmd, stdin=subprocess.PIPE, shell=True, env=ansible_context.env_vars) if ask_vault_pass: p.communicate( input='{}\n'.format(environment.get_ansible_vault_password())) else: p.communicate() return p.returncode def run_check(): return ansible_playbook(environment, playbook, '--check', *unknown_args) def run_apply(): return ansible_playbook(environment, playbook, *unknown_args) return run_action_with_check_mode(run_check, run_apply, skip_check, quiet, always_skip_check)
def run_ansible_playbook( environment, playbook, ansible_context, skip_check=False, quiet=False, always_skip_check=False, limit=None, use_factory_auth=False, unknown_args=None, respect_ansible_skip=True, ): unknown_args = unknown_args or [] def get_limit(): limit_parts = [] if limit: limit_parts.append(limit) if 'ansible_skip' in environment.sshable_hostnames_by_group and respect_ansible_skip: limit_parts.append('!ansible_skip') if limit_parts: return '--limit', ':'.join(limit_parts) else: return () def ansible_playbook(environment, playbook, *cmd_args): if os.path.isabs(playbook): playbook_path = playbook else: playbook_path = os.path.join(ANSIBLE_DIR, '{playbook}'.format(playbook=playbook)) cmd_parts = ( 'ansible-playbook', playbook_path, '-i', environment.paths.inventory_source, '-e', '@{}'.format(environment.paths.vault_yml), '-e', '@{}'.format(environment.paths.public_yml), '-e', '@{}'.format(environment.paths.generated_yml), '--diff', ) + get_limit() + cmd_args public_vars = environment.public_vars cmd_parts += get_user_arg(public_vars, unknown_args, use_factory_auth) if has_arg(unknown_args, '-D', '--diff') or has_arg(unknown_args, '-C', '--check'): puts(colored.red("Options --diff and --check not allowed. Please remove -D, --diff, -C, --check.")) puts("These ansible-playbook options are managed automatically by commcare-cloud and cannot be set manually.") return 2 # exit code ask_vault_pass = public_vars.get('commcare_cloud_use_vault', True) if ask_vault_pass: cmd_parts += ('--vault-password-file={}/echo_vault_password.sh'.format(ANSIBLE_DIR),) cmd_parts_with_common_ssh_args = get_common_ssh_args(environment, use_factory_auth=use_factory_auth) cmd_parts += cmd_parts_with_common_ssh_args cmd = ' '.join(shlex_quote(arg) for arg in cmd_parts) print_command(cmd) env_vars = ansible_context.env_vars if ask_vault_pass: env_vars['ANSIBLE_VAULT_PASSWORD'] = environment.get_ansible_vault_password() return subprocess.call(cmd_parts, env=env_vars) def run_check(): with environment.suppress_vault_loaded_event(): return ansible_playbook(environment, playbook, '--check', *unknown_args) def run_apply(): return ansible_playbook(environment, playbook, *unknown_args) return run_action_with_check_mode(run_check, run_apply, skip_check, quiet, always_skip_check)