def get_config(self):
"""
Reads the settings from the gce.ini file.
Populates a ConfigParser object with defaults and
attempts to read an .ini-style configuration from the filename
specified in GCE_INI_PATH. If the environment variable is
not present, the filename defaults to gce.ini in the current
working directory.
"""
gce_ini_default_path = os.path.join(
os.path.dirname(os.path.realpath(__file__)), "gce.ini")
gce_ini_path = os.environ.get('GCE_INI_PATH', gce_ini_default_path)
# Create a ConfigParser.
# This provides empty defaults to each key, so that environment
# variable configuration (as opposed to INI configuration) is able
# to work.
config = configparser.ConfigParser(
defaults={
'gce_service_account_email_address': '',
'gce_service_account_pem_file_path': '',
'gce_project_id': '',
'gce_zone': '',
'libcloud_secrets': '',
'instance_tags': '',
'inventory_ip_type': '',
'cache_path': '~/.ansible/tmp',
'cache_max_age': '300'
})
if 'gce' not in config.sections():
config.add_section('gce')
if 'inventory' not in config.sections():
config.add_section('inventory')
if 'cache' not in config.sections():
config.add_section('cache')
config.read(gce_ini_path)
#########
# Section added for processing ini settings
#########
# Set the instance_states filter based on config file options
self.instance_states = []
if config.has_option('gce', 'instance_states'):
states = config.get('gce', 'instance_states')
# Ignore if instance_states is an empty string.
if states:
self.instance_states = states.split(',')
# Set the instance_tags filter, env var overrides config from file
# and cli param overrides all
if self.args.instance_tags:
self.instance_tags = self.args.instance_tags
else:
self.instance_tags = os.environ.get(
'GCE_INSTANCE_TAGS', config.get('gce', 'instance_tags'))
if self.instance_tags:
self.instance_tags = self.instance_tags.split(',')
# Caching
cache_path = config.get('cache', 'cache_path')
cache_max_age = config.getint('cache', 'cache_max_age')
# TOOD(supertom): support project-specific caches
cache_name = 'ansible-gce.cache'
self.cache = CloudInventoryCache(cache_path=cache_path,
cache_max_age=cache_max_age,
cache_name=cache_name)
return config
def read_settings(self):
''' Reads the settings from the packet_net.ini file '''
if six.PY3:
config = configparser.ConfigParser()
else:
config = configparser.SafeConfigParser()
_ini_path_raw = os.environ.get('PACKET_NET_INI_PATH')
if _ini_path_raw:
packet_ini_path = os.path.expanduser(
os.path.expandvars(_ini_path_raw))
else:
packet_ini_path = os.path.join(
os.path.dirname(os.path.realpath(__file__)), 'packet_net.ini')
config.read(packet_ini_path)
# items per page
self.items_per_page = 999
if config.has_option(ini_section, 'items_per_page'):
config.get(ini_section, 'items_per_page')
# Instance states to be gathered in inventory. Default is all of them.
packet_valid_device_states = [
'active', 'inactive', 'queued', 'provisioning'
]
self.packet_device_states = []
if config.has_option(ini_section, 'device_states'):
for device_state in config.get(ini_section,
'device_states').split(','):
device_state = device_state.strip()
if device_state not in packet_valid_device_states:
continue
self.packet_device_states.append(device_state)
else:
self.packet_device_states = packet_valid_device_states
# Cache related
cache_dir = os.path.expanduser(config.get(ini_section, 'cache_path'))
if not os.path.exists(cache_dir):
os.makedirs(cache_dir)
self.cache_path_cache = cache_dir + "/ansible-packet.cache"
self.cache_path_index = cache_dir + "/ansible-packet.index"
self.cache_max_age = config.getint(ini_section, 'cache_max_age')
# Configure nested groups instead of flat namespace.
if config.has_option(ini_section, 'nested_groups'):
self.nested_groups = config.getboolean(ini_section,
'nested_groups')
else:
self.nested_groups = False
# Replace dash or not in group names
if config.has_option(ini_section, 'replace_dash_in_groups'):
self.replace_dash_in_groups = config.getboolean(
ini_section, 'replace_dash_in_groups')
else:
self.replace_dash_in_groups = True
# Configure which groups should be created.
group_by_options = [
'group_by_device_id',
'group_by_hostname',
'group_by_facility',
'group_by_project',
'group_by_operating_system',
'group_by_plan_type',
'group_by_tags',
'group_by_tag_none',
]
for option in group_by_options:
if config.has_option(ini_section, option):
setattr(self, option, config.getboolean(ini_section, option))
else:
setattr(self, option, True)
# Do we need to just include hosts that match a pattern?
try:
pattern_include = config.get(ini_section, 'pattern_include')
if pattern_include and len(pattern_include) > 0:
self.pattern_include = re.compile(pattern_include)
else:
self.pattern_include = None
except configparser.NoOptionError:
self.pattern_include = None
# Do we need to exclude hosts that match a pattern?
try:
pattern_exclude = config.get(ini_section, 'pattern_exclude')
if pattern_exclude and len(pattern_exclude) > 0:
self.pattern_exclude = re.compile(pattern_exclude)
else:
self.pattern_exclude = None
except configparser.NoOptionError:
self.pattern_exclude = None
# Projects
self.projects = []
configProjects = config.get(ini_section, 'projects')
configProjects_exclude = config.get(ini_section, 'projects_exclude')
if (configProjects == 'all'):
for projectInfo in self.get_projects():
if projectInfo.name not in configProjects_exclude:
self.projects.append(projectInfo.name)
else:
self.projects = configProjects.split(",")
def main():
"""This module examines certificates (in various forms) which compose
an OpenShift Container Platform cluster
"""
module = AnsibleModule(
argument_spec=dict(
config_base=dict(
required=False,
default="/etc/origin",
type='str'),
warning_days=dict(
required=False,
default=30,
type='int'),
show_all=dict(
required=False,
default=False,
type='bool')
),
supports_check_mode=True,
)
# Basic scaffolding for OpenShift specific certs
openshift_base_config_path = os.path.realpath(module.params['config_base'])
openshift_master_config_path = os.path.join(openshift_base_config_path,
"master", "master-config.yaml")
openshift_node_config_path = os.path.join(openshift_base_config_path,
"node", "node-config.yaml")
openshift_cert_check_paths = [
openshift_master_config_path,
openshift_node_config_path,
]
# Paths for Kubeconfigs. Additional kubeconfigs are conditionally
# checked later in the code
master_kube_configs = ['admin', 'openshift-master',
'openshift-node', 'openshift-router',
'openshift-registry']
kubeconfig_paths = []
for m_kube_config in master_kube_configs:
kubeconfig_paths.append(
os.path.join(openshift_base_config_path, "master", m_kube_config + ".kubeconfig")
)
# Validate some paths we have the ability to do ahead of time
openshift_cert_check_paths = filter_paths(openshift_cert_check_paths)
kubeconfig_paths = filter_paths(kubeconfig_paths)
# etcd, where do you hide your certs? Used when parsing etcd.conf
etcd_cert_params = [
"ETCD_TRUSTED_CA_FILE",
"ETCD_CERT_FILE",
"ETCD_PEER_TRUSTED_CA_FILE",
"ETCD_PEER_CERT_FILE",
]
# Expiry checking stuff
now = datetime.datetime.now()
# todo, catch exception for invalid input and return a fail_json
warning_days = int(module.params['warning_days'])
expire_window = datetime.timedelta(days=warning_days)
# Module stuff
#
# The results of our cert checking to return from the task call
check_results = {}
check_results['meta'] = {}
check_results['meta']['warning_days'] = warning_days
check_results['meta']['checked_at_time'] = str(now)
check_results['meta']['warn_before_date'] = str(now + expire_window)
check_results['meta']['show_all'] = str(module.params['show_all'])
# All the analyzed certs accumulate here
ocp_certs = []
######################################################################
# Sure, why not? Let's enable check mode.
if module.check_mode:
check_results['ocp_certs'] = []
module.exit_json(
check_results=check_results,
msg="Checked 0 total certificates. Expired/Warning/OK: 0/0/0. Warning window: %s days" % module.params['warning_days'],
rc=0,
changed=False
)
######################################################################
# Check for OpenShift Container Platform specific certs
######################################################################
for os_cert in filter_paths(openshift_cert_check_paths):
# Open up that config file and locate the cert and CA
with io.open(os_cert, 'r', encoding='utf-8') as fp:
cert_meta = {}
cfg = yaml.load(fp)
# cert files are specified in parsed `fp` as relative to the path
# of the original config file. 'master-config.yaml' with certFile
# = 'foo.crt' implies that 'foo.crt' is in the same
# directory. certFile = '../foo.crt' is in the parent directory.
cfg_path = os.path.dirname(fp.name)
cert_meta['certFile'] = os.path.join(cfg_path, cfg['servingInfo']['certFile'])
cert_meta['clientCA'] = os.path.join(cfg_path, cfg['servingInfo']['clientCA'])
######################################################################
# Load the certificate and the CA, parse their expiration dates into
# datetime objects so we can manipulate them later
for v in cert_meta.values():
with io.open(v, 'r', encoding='utf-8') as fp:
cert = fp.read()
(cert_subject,
cert_expiry_date,
time_remaining,
cert_serial) = load_and_handle_cert(cert, now, ans_module=module)
expire_check_result = {
'cert_cn': cert_subject,
'path': fp.name,
'expiry': cert_expiry_date,
'days_remaining': time_remaining.days,
'health': None,
'serial': cert_serial
}
classify_cert(expire_check_result, now, time_remaining, expire_window, ocp_certs)
######################################################################
# /Check for OpenShift Container Platform specific certs
######################################################################
######################################################################
# Check service Kubeconfigs
######################################################################
kubeconfigs = []
# There may be additional kubeconfigs to check, but their naming
# is less predictable than the ones we've already assembled.
try:
# Try to read the standard 'node-config.yaml' file to check if
# this host is a node.
with io.open(openshift_node_config_path, 'r', encoding='utf-8') as fp:
cfg = yaml.load(fp)
# OK, the config file exists, therefore this is a
# node. Nodes have their own kubeconfig files to
# communicate with the master API. Let's read the relative
# path to that file from the node config.
node_masterKubeConfig = cfg['masterKubeConfig']
# As before, the path to the 'masterKubeConfig' file is
# relative to `fp`
cfg_path = os.path.dirname(fp.name)
node_kubeconfig = os.path.join(cfg_path, node_masterKubeConfig)
with io.open(node_kubeconfig, 'r', encoding='utf8') as fp:
# Read in the nodes kubeconfig file and grab the good stuff
cfg = yaml.load(fp)
c = cfg['users'][0]['user']['client-certificate-data']
(cert_subject,
cert_expiry_date,
time_remaining,
cert_serial) = load_and_handle_cert(c, now, base64decode=True, ans_module=module)
expire_check_result = {
'cert_cn': cert_subject,
'path': fp.name,
'expiry': cert_expiry_date,
'days_remaining': time_remaining.days,
'health': None,
'serial': cert_serial
}
classify_cert(expire_check_result, now, time_remaining, expire_window, kubeconfigs)
except IOError:
# This is not a node
pass
for kube in filter_paths(kubeconfig_paths):
with io.open(kube, 'r', encoding='utf-8') as fp:
# TODO: Maybe consider catching exceptions here?
cfg = yaml.load(fp)
# Per conversation, "the kubeconfigs you care about:
# admin, router, registry should all be single
# value". Following that advice we only grab the data for
# the user at index 0 in the 'users' list. There should
# not be more than one user.
c = cfg['users'][0]['user']['client-certificate-data']
(cert_subject,
cert_expiry_date,
time_remaining,
cert_serial) = load_and_handle_cert(c, now, base64decode=True, ans_module=module)
expire_check_result = {
'cert_cn': cert_subject,
'path': fp.name,
'expiry': cert_expiry_date,
'days_remaining': time_remaining.days,
'health': None,
'serial': cert_serial
}
classify_cert(expire_check_result, now, time_remaining, expire_window, kubeconfigs)
######################################################################
# /Check service Kubeconfigs
######################################################################
######################################################################
# Check etcd certs
#
# Two things to check: 'external' etcd, and embedded etcd.
######################################################################
# FIRST: The 'external' etcd
#
# Some values may be duplicated, make this a set for now so we
# unique them all
etcd_certs_to_check = set([])
etcd_certs = []
etcd_cert_params.append('dne')
try:
with io.open('/etc/etcd/etcd.conf', 'r', encoding='utf-8') as fp:
# Add dummy header section.
config = io.StringIO()
config.write(u'[ETCD]\n')
config.write(fp.read().replace('%', '%%'))
config.seek(0, os.SEEK_SET)
etcd_config = configparser.ConfigParser()
etcd_config.readfp(config)
for param in etcd_cert_params:
try:
etcd_certs_to_check.add(etcd_config.get('ETCD', param))
except configparser.NoOptionError:
# That parameter does not exist, oh well...
pass
except IOError:
# No etcd to see here, move along
pass
for etcd_cert in filter_paths(etcd_certs_to_check):
with io.open(etcd_cert, 'r', encoding='utf-8') as fp:
c = fp.read()
(cert_subject,
cert_expiry_date,
time_remaining,
cert_serial) = load_and_handle_cert(c, now, ans_module=module)
expire_check_result = {
'cert_cn': cert_subject,
'path': fp.name,
'expiry': cert_expiry_date,
'days_remaining': time_remaining.days,
'health': None,
'serial': cert_serial
}
classify_cert(expire_check_result, now, time_remaining, expire_window, etcd_certs)
######################################################################
# /Check etcd certs
######################################################################
######################################################################
# Check router/registry certs
#
# These are saved as secrets in etcd. That means that we can not
# simply read a file to grab the data. Instead we're going to
# subprocess out to the 'oc get' command. On non-masters this
# command will fail, that is expected so we catch that exception.
######################################################################
router_certs = []
registry_certs = []
######################################################################
# First the router certs
try:
router_secrets_raw = subprocess.Popen('oc get -n default secret router-certs -o yaml'.split(),
stdout=subprocess.PIPE)
router_ds = yaml.load(router_secrets_raw.communicate()[0])
router_c = router_ds['data']['tls.crt']
router_path = router_ds['metadata']['selfLink']
except TypeError:
# YAML couldn't load the result, this is not a master
pass
except OSError:
# The OC command doesn't exist here. Move along.
pass
else:
(cert_subject,
cert_expiry_date,
time_remaining,
cert_serial) = load_and_handle_cert(router_c, now, base64decode=True, ans_module=module)
expire_check_result = {
'cert_cn': cert_subject,
'path': router_path,
'expiry': cert_expiry_date,
'days_remaining': time_remaining.days,
'health': None,
'serial': cert_serial
}
classify_cert(expire_check_result, now, time_remaining, expire_window, router_certs)
######################################################################
# Now for registry
try:
registry_secrets_raw = subprocess.Popen('oc get -n default secret registry-certificates -o yaml'.split(),
stdout=subprocess.PIPE)
registry_ds = yaml.load(registry_secrets_raw.communicate()[0])
registry_c = registry_ds['data']['registry.crt']
registry_path = registry_ds['metadata']['selfLink']
except TypeError:
# YAML couldn't load the result, this is not a master
pass
except OSError:
# The OC command doesn't exist here. Move along.
pass
else:
(cert_subject,
cert_expiry_date,
time_remaining,
cert_serial) = load_and_handle_cert(registry_c, now, base64decode=True, ans_module=module)
expire_check_result = {
'cert_cn': cert_subject,
'path': registry_path,
'expiry': cert_expiry_date,
'days_remaining': time_remaining.days,
'health': None,
'serial': cert_serial
}
classify_cert(expire_check_result, now, time_remaining, expire_window, registry_certs)
######################################################################
# /Check router/registry certs
######################################################################
res = tabulate_summary(ocp_certs, kubeconfigs, etcd_certs, router_certs, registry_certs)
msg = "Checked {count} total certificates. Expired/Warning/OK: {exp}/{warn}/{ok}. Warning window: {window} days".format(
count=res['total'],
exp=res['expired'],
warn=res['warning'],
ok=res['ok'],
window=int(module.params['warning_days']),
)
# By default we only return detailed information about expired or
# warning certificates. If show_all is true then we will print all
# the certificates examined.
if not module.params['show_all']:
check_results['ocp_certs'] = [crt for crt in ocp_certs if crt['health'] in ['expired', 'warning']]
check_results['kubeconfigs'] = [crt for crt in kubeconfigs if crt['health'] in ['expired', 'warning']]
check_results['etcd'] = [crt for crt in etcd_certs if crt['health'] in ['expired', 'warning']]
check_results['registry'] = [crt for crt in registry_certs if crt['health'] in ['expired', 'warning']]
check_results['router'] = [crt for crt in router_certs if crt['health'] in ['expired', 'warning']]
else:
check_results['ocp_certs'] = ocp_certs
check_results['kubeconfigs'] = kubeconfigs
check_results['etcd'] = etcd_certs
check_results['registry'] = registry_certs
check_results['router'] = router_certs
# Sort the final results to report in order of ascending safety
# time. That is to say, the certificates which will expire sooner
# will be at the front of the list and certificates which will
# expire later are at the end. Router and registry certs should be
# limited to just 1 result, so don't bother sorting those.
def cert_key(item):
''' return the days_remaining key '''
return item['days_remaining']
check_results['ocp_certs'] = sorted(check_results['ocp_certs'], key=cert_key)
check_results['kubeconfigs'] = sorted(check_results['kubeconfigs'], key=cert_key)
check_results['etcd'] = sorted(check_results['etcd'], key=cert_key)
# This module will never change anything, but we might want to
# change the return code parameter if there is some catastrophic
# error we noticed earlier
module.exit_json(
check_results=check_results,
summary=res,
msg=msg,
rc=0,
changed=False
)
def parse_from_mysql_config_file(cnf):
cp = configparser.ConfigParser()
cp.read(cnf)
return cp
def run(self, terms, variables=None, **kwargs):
self.set_options(var_options=variables, direct=kwargs)
paramvals = self.get_options()
self.cp = configparser.ConfigParser()
if paramvals['case_sensitive']:
self.cp.optionxform = to_native
ret = []
for term in terms:
key = term
# parameters specified?
if '=' in term or ' ' in term.strip():
self._deprecate_inline_kv()
params = _parse_params(term, paramvals)
try:
updated_key = False
for param in params:
if '=' in param:
name, value = param.split('=')
if name not in paramvals:
raise AnsibleLookupError(
'%s is not a valid option.' % name)
paramvals[name] = value
elif key == term:
# only take first, this format never supported multiple keys inline
key = param
updated_key = True
except ValueError as e:
# bad params passed
raise AnsibleLookupError(
"Could not use '%s' from '%s': %s" %
(param, params, to_native(e)),
orig_exc=e)
if not updated_key:
raise AnsibleOptionsError(
"No key to lookup was provided as first term with in string inline options: %s"
% term)
# only passed options in inline string
# TODO: look to use cache to avoid redoing this for every term if they use same file
# Retrieve file path
path = self.find_file_in_search_path(variables, 'files',
paramvals['file'])
# Create StringIO later used to parse ini
config = StringIO()
# Special case for java properties
if paramvals['type'] == "properties":
config.write(u'[java_properties]\n')
paramvals['section'] = 'java_properties'
# Open file using encoding
contents, show_data = self._loader._get_file_contents(path)
contents = to_text(contents,
errors='surrogate_or_strict',
encoding=paramvals['encoding'])
config.write(contents)
config.seek(0, os.SEEK_SET)
try:
self.cp.readfp(config)
except configparser.DuplicateOptionError as doe:
raise AnsibleLookupError(
"Duplicate option in '{file}': {error}".format(
file=paramvals['file'], error=to_native(doe)))
try:
var = self.get_value(key, paramvals['section'],
paramvals['default'], paramvals['re'])
except configparser.NoSectionError:
raise AnsibleLookupError(
"No section '{section}' in {file}".format(
section=paramvals['section'], file=paramvals['file']))
if var is not None:
if isinstance(var, MutableSequence):
for v in var:
ret.append(v)
else:
ret.append(var)
return ret
def read_config(cfg_file):
cfg_parser = configparser.ConfigParser(allow_no_value=True)
cfg_parser.optionxform = lambda option: option # preserve as case-sensitive
cfg_parser.read(cfg_file)
return cfg_parser
def run(self, terms, variables=None, **kwargs):
self.cp = configparser.ConfigParser()
ret = []
for term in terms:
params = _parse_params(term)
key = params[0]
paramvals = {
'file': 'ansible.ini',
're': False,
'default': None,
'section': "global",
'type': "ini",
'encoding': 'utf-8',
}
# parameters specified?
try:
for param in params[1:]:
name, value = param.split('=')
if name not in paramvals:
raise AnsibleAssertionError('%s not in paramvals' %
name)
paramvals[name] = value
except (ValueError, AssertionError) as e:
raise AnsibleError(e)
# Retrieve file path
path = self.find_file_in_search_path(variables, 'files',
paramvals['file'])
# Create StringIO later used to parse ini
config = StringIO()
# Special case for java properties
if paramvals['type'] == "properties":
config.write(u'[java_properties]\n')
paramvals['section'] = 'java_properties'
# Open file using encoding
contents, show_data = self._loader._get_file_contents(path)
contents = to_text(contents,
errors='surrogate_or_strict',
encoding=paramvals['encoding'])
config.write(contents)
config.seek(0, os.SEEK_SET)
try:
self.cp.readfp(config)
except configparser.DuplicateOptionError as doe:
raise AnsibleLookupError(
"Duplicate option in '{file}': {error}".format(
file=paramvals['file'], error=to_native(doe)))
try:
var = self.get_value(key, paramvals['section'],
paramvals['default'], paramvals['re'])
except configparser.NoSectionError:
raise AnsibleLookupError(
"No section '{section}' in {file}".format(
section=paramvals['section'], file=paramvals['file']))
if var is not None:
if isinstance(var, MutableSequence):
for v in var:
ret.append(v)
else:
ret.append(var)
return ret
def read_settings(self):
"""Reads the settings from the foreman.ini file"""
config = ConfigParser.ConfigParser()
config.read(self.config_paths)
# Foreman API related
try:
self.foreman_url = config.get('foreman', 'url')
self.foreman_user = config.get('foreman', 'user')
self.foreman_pw = config.get('foreman', 'password', raw=True)
self.foreman_ssl_verify = config.getboolean(
'foreman', 'ssl_verify')
except (ConfigParser.NoOptionError, ConfigParser.NoSectionError) as e:
print("Error parsing configuration: %s" % e, file=sys.stderr)
return False
# Ansible related
try:
group_patterns = config.get('ansible', 'group_patterns')
except (ConfigParser.NoOptionError, ConfigParser.NoSectionError):
group_patterns = "[]"
self.group_patterns = json.loads(group_patterns)
try:
self.group_prefix = config.get('ansible', 'group_prefix')
except (ConfigParser.NoOptionError, ConfigParser.NoSectionError):
self.group_prefix = "foreman_"
try:
self.want_facts = config.getboolean('ansible', 'want_facts')
except (ConfigParser.NoOptionError, ConfigParser.NoSectionError):
self.want_facts = True
try:
self.want_hostcollections = config.getboolean(
'ansible', 'want_hostcollections')
except (ConfigParser.NoOptionError, ConfigParser.NoSectionError):
self.want_hostcollections = False
try:
self.want_ansible_ssh_host = config.getboolean(
'ansible', 'want_ansible_ssh_host')
except (ConfigParser.NoOptionError, ConfigParser.NoSectionError):
self.want_ansible_ssh_host = False
# Do we want parameters to be interpreted if possible as JSON? (no by default)
try:
self.rich_params = config.getboolean('ansible', 'rich_params')
except (ConfigParser.NoOptionError, ConfigParser.NoSectionError):
self.rich_params = False
try:
self.host_filters = config.get('foreman', 'host_filters')
except (ConfigParser.NoOptionError, ConfigParser.NoSectionError):
self.host_filters = None
# Cache related
try:
cache_path = os.path.expanduser(config.get('cache', 'path'))
except (ConfigParser.NoOptionError, ConfigParser.NoSectionError):
cache_path = '.'
(script, ext) = os.path.splitext(os.path.basename(__file__))
self.cache_path_cache = cache_path + "/%s.cache" % script
self.cache_path_inventory = cache_path + "/%s.index" % script
self.cache_path_params = cache_path + "/%s.params" % script
self.cache_path_facts = cache_path + "/%s.facts" % script
self.cache_path_hostcollections = cache_path + "/%s.hostcollections" % script
try:
self.cache_max_age = config.getint('cache', 'max_age')
except (ConfigParser.NoOptionError, ConfigParser.NoSectionError):
self.cache_max_age = 60
try:
self.scan_new_hosts = config.getboolean('cache', 'scan_new_hosts')
except (ConfigParser.NoOptionError, ConfigParser.NoSectionError):
self.scan_new_hosts = False
return True
def read_settings(self):
''' Reads the settings from the vmware_inventory.ini file '''
scriptbasename = __file__
scriptbasename = os.path.basename(scriptbasename)
scriptbasename = scriptbasename.replace('.py', '')
defaults = {
'vmware': {
'server':
'',
'port':
443,
'username':
'',
'password':
'',
'validate_certs':
True,
'ini_path':
os.path.join(os.path.dirname(__file__),
'%s.ini' % scriptbasename),
'cache_name':
'ansible-vmware',
'cache_path':
'~/.ansible/tmp',
'cache_max_age':
3600,
'max_object_level':
1,
'skip_keys':
'declaredalarmstate,'
'disabledmethod,'
'dynamicproperty,'
'dynamictype,'
'environmentbrowser,'
'managedby,'
'parent,'
'childtype,'
'resourceconfig',
'alias_pattern':
'{{ config.name + "_" + config.uuid }}',
'host_pattern':
'{{ guest.ipaddress }}',
'host_filters':
'{{ runtime.powerstate == "poweredOn" }}',
'groupby_patterns':
'{{ guest.guestid }},{{ "templates" if config.template else "guests"}}',
'lower_var_keys':
True,
'custom_field_group_prefix':
'vmware_tag_',
'groupby_custom_field_excludes':
'',
'groupby_custom_field':
False
}
}
if PY3:
config = configparser.ConfigParser()
else:
config = configparser.SafeConfigParser()
# where is the config?
vmware_ini_path = os.environ.get('VMWARE_INI_PATH',
defaults['vmware']['ini_path'])
vmware_ini_path = os.path.expanduser(
os.path.expandvars(vmware_ini_path))
config.read(vmware_ini_path)
if 'vmware' not in config.sections():
config.add_section('vmware')
# apply defaults
for k, v in defaults['vmware'].items():
if not config.has_option('vmware', k):
config.set('vmware', k, str(v))
# where is the cache?
self.cache_dir = os.path.expanduser(config.get('vmware', 'cache_path'))
if self.cache_dir and not os.path.exists(self.cache_dir):
os.makedirs(self.cache_dir)
# set the cache filename and max age
cache_name = config.get('vmware', 'cache_name')
self.cache_path_cache = self.cache_dir + "/%s.cache" % cache_name
self.debugl('cache path is %s' % self.cache_path_cache)
self.cache_max_age = int(config.getint('vmware', 'cache_max_age'))
# mark the connection info
self.server = os.environ.get('VMWARE_SERVER',
config.get('vmware', 'server'))
self.debugl('server is %s' % self.server)
self.port = int(
os.environ.get('VMWARE_PORT', config.get('vmware', 'port')))
self.username = os.environ.get('VMWARE_USERNAME',
config.get('vmware', 'username'))
self.debugl('username is %s' % self.username)
self.password = os.environ.get(
'VMWARE_PASSWORD', config.get('vmware', 'password', raw=True))
self.validate_certs = os.environ.get(
'VMWARE_VALIDATE_CERTS', config.get('vmware', 'validate_certs'))
if self.validate_certs in ['no', 'false', 'False', False]:
self.validate_certs = False
self.debugl('cert validation is %s' % self.validate_certs)
# behavior control
self.maxlevel = int(config.get('vmware', 'max_object_level'))
self.debugl('max object level is %s' % self.maxlevel)
self.lowerkeys = config.get('vmware', 'lower_var_keys')
if type(self.lowerkeys) != bool:
if str(self.lowerkeys).lower() in ['yes', 'true', '1']:
self.lowerkeys = True
else:
self.lowerkeys = False
self.debugl('lower keys is %s' % self.lowerkeys)
self.skip_keys = list(config.get('vmware', 'skip_keys').split(','))
self.debugl('skip keys is %s' % self.skip_keys)
temp_host_filters = list(
config.get('vmware', 'host_filters').split('}},'))
for host_filter in temp_host_filters:
host_filter = host_filter.rstrip()
if host_filter != "":
if not host_filter.endswith("}}"):
host_filter += "}}"
self.host_filters.append(host_filter)
self.debugl('host filters are %s' % self.host_filters)
temp_groupby_patterns = list(
config.get('vmware', 'groupby_patterns').split('}},'))
for groupby_pattern in temp_groupby_patterns:
groupby_pattern = groupby_pattern.rstrip()
if groupby_pattern != "":
if not groupby_pattern.endswith("}}"):
groupby_pattern += "}}"
self.groupby_patterns.append(groupby_pattern)
self.debugl('groupby patterns are %s' % self.groupby_patterns)
temp_groupby_custom_field_excludes = config.get(
'vmware', 'groupby_custom_field_excludes')
self.groupby_custom_field_excludes = [
x.strip('"') for x in [
y.strip("'")
for y in temp_groupby_custom_field_excludes.split(",")
]
]
self.debugl('groupby exclude strings are %s' %
self.groupby_custom_field_excludes)
# Special feature to disable the brute force serialization of the
# virtual machine objects. The key name for these properties does not
# matter because the values are just items for a larger list.
if config.has_section('properties'):
self.guest_props = []
for prop in config.items('properties'):
self.guest_props.append(prop[1])
# save the config
self.config = config
def main():
module = AnsibleModule(
argument_spec=dict(
name=dict(required=False),
repo=dict(required=False),
state=dict(choices=['present', 'absent'], default='present'),
runrefresh=dict(required=False, default=False, type='bool'),
description=dict(required=False),
disable_gpg_check=dict(required=False, default=False, type='bool'),
autorefresh=dict(required=False,
default=True,
type='bool',
aliases=['refresh']),
priority=dict(required=False, type='int'),
enabled=dict(required=False, default=True, type='bool'),
overwrite_multiple=dict(required=False, default=False,
type='bool'),
auto_import_keys=dict(required=False, default=False, type='bool'),
),
supports_check_mode=False,
required_one_of=[['state', 'runrefresh']],
)
repo = module.params['repo']
alias = module.params['name']
state = module.params['state']
overwrite_multiple = module.params['overwrite_multiple']
auto_import_keys = module.params['auto_import_keys']
runrefresh = module.params['runrefresh']
zypper_version = get_zypper_version(module)
warnings = [] # collect warning messages for final output
repodata = {
'url': repo,
'alias': alias,
'name': module.params['description'],
'priority': module.params['priority'],
}
# rewrite bools in the language that zypper lr -x provides for easier comparison
if module.params['enabled']:
repodata['enabled'] = '1'
else:
repodata['enabled'] = '0'
if module.params['disable_gpg_check']:
repodata['gpgcheck'] = '0'
else:
repodata['gpgcheck'] = '1'
if module.params['autorefresh']:
repodata['autorefresh'] = '1'
else:
repodata['autorefresh'] = '0'
def exit_unchanged():
module.exit_json(changed=False, repodata=repodata, state=state)
# Check run-time module parameters
if repo == '*' or alias == '*':
if runrefresh:
runrefreshrepo(module, auto_import_keys)
module.exit_json(changed=False, runrefresh=True)
else:
module.fail_json(
msg='repo=* can only be used with the runrefresh option.')
if state == 'present' and not repo:
module.fail_json(msg='Module option state=present requires repo')
if state == 'absent' and not repo and not alias:
module.fail_json(
msg='Alias or repo parameter required when state=absent')
if repo and repo.endswith('.repo'):
if alias:
module.fail_json(
msg=
'Incompatible option: \'name\'. Do not use name when adding .repo files'
)
else:
if not alias and state == "present":
module.fail_json(msg='Name required when adding non-repo files.')
# Download / Open and parse .repo file to ensure idempotency
if repo and repo.endswith('.repo'):
if repo.startswith(('http://', 'https://')):
response, info = fetch_url(module=module, url=repo, force=True)
if not response or info['status'] != 200:
module.fail_json(
msg='Error downloading .repo file from provided URL')
repofile_text = to_text(response.read(),
errors='surrogate_or_strict')
else:
try:
with open(repo, encoding='utf-8') as file:
repofile_text = file.read()
except IOError:
module.fail_json(
msg='Error opening .repo file from provided path')
repofile = configparser.ConfigParser()
try:
repofile.readfp(StringIO(repofile_text))
except configparser.Error:
module.fail_json(
msg='Invalid format, .repo file could not be parsed')
# No support for .repo file with zero or more than one repository
if len(repofile.sections()) != 1:
err = "Invalid format, .repo file contains %s repositories, expected 1" % len(
repofile.sections())
module.fail_json(msg=err)
section = repofile.sections()[0]
repofile_items = dict(repofile.items(section))
# Only proceed if at least baseurl is available
if 'baseurl' not in repofile_items:
module.fail_json(msg='No baseurl found in .repo file')
# Set alias (name) and url based on values from .repo file
alias = section
repodata['alias'] = section
repodata['url'] = repofile_items['baseurl']
# If gpgkey is part of the .repo file, auto import key
if 'gpgkey' in repofile_items:
auto_import_keys = True
# Map additional values, if available
if 'name' in repofile_items:
repodata['name'] = repofile_items['name']
if 'enabled' in repofile_items:
repodata['enabled'] = repofile_items['enabled']
if 'autorefresh' in repofile_items:
repodata['autorefresh'] = repofile_items['autorefresh']
if 'gpgcheck' in repofile_items:
repodata['gpgcheck'] = repofile_items['gpgcheck']
exists, mod, old_repos = repo_exists(module, repodata, overwrite_multiple)
if alias:
shortname = alias
else:
shortname = repo
if state == 'present':
if exists and not mod:
if runrefresh:
runrefreshrepo(module, auto_import_keys, shortname)
exit_unchanged()
rc, stdout, stderr = addmodify_repo(module, repodata, old_repos,
zypper_version, warnings)
if rc == 0 and (runrefresh or auto_import_keys):
runrefreshrepo(module, auto_import_keys, shortname)
elif state == 'absent':
if not exists:
exit_unchanged()
rc, stdout, stderr = remove_repo(module, shortname)
if rc == 0:
module.exit_json(changed=True,
repodata=repodata,
state=state,
warnings=warnings)
else:
module.fail_json(msg="Zypper failed with rc %s" % rc,
rc=rc,
stdout=stdout,
stderr=stderr,
repodata=repodata,
state=state,
warnings=warnings)
def __init__(self):
super(CallbackModule, self).__init__()
if not HAS_SSL:
self._display.warning(
"Unable to import ssl module. Will send over port 80.")
if not HAS_CERTIFI:
self.disabled = True
self._display.warning(
'The `certifi` python module is not installed. '
'Disabling the Logentries callback plugin.')
if not HAS_FLATDICT:
self.disabled = True
self._display.warning(
'The `flatdict` python module is not installed. '
'Disabling the Logentries callback plugin.')
config_path = os.path.abspath(os.path.dirname(__file__))
config = configparser.ConfigParser()
try:
config.readfp(open(os.path.join(config_path, 'logentries.ini')))
if config.has_option('logentries', 'api'):
self.api_uri = config.get('logentries', 'api')
if config.has_option('logentries', 'port'):
self.api_port = config.getint('logentries', 'port')
if config.has_option('logentries', 'tls_port'):
self.api_tls_port = config.getint('logentries', 'tls_port')
if config.has_option('logentries', 'use_tls'):
self.use_tls = config.getboolean('logentries', 'use_tls')
if config.has_option('logentries', 'token'):
self.token = config.get('logentries', 'token')
if config.has_option('logentries', 'flatten'):
self.flatten = config.getboolean('logentries', 'flatten')
except:
self.api_uri = os.getenv('LOGENTRIES_API')
if self.api_uri is None:
self.api_uri = 'data.logentries.com'
try:
self.api_port = int(os.getenv('LOGENTRIES_PORT'))
if self.api_port is None:
self.api_port = 80
except TypeError:
self.api_port = 80
try:
self.api_tls_port = int(os.getenv('LOGENTRIES_TLS_PORT'))
if self.api_tls_port is None:
self.api_tls_port = 443
except TypeError:
self.api_tls_port = 443
# this just needs to be set to use TLS
self.use_tls = os.getenv('LOGENTRIES_USE_TLS')
if self.use_tls is None:
self.use_tls = False
elif self.use_tls.lower() in ['yes', 'true']:
self.use_tls = True
self.token = os.getenv('LOGENTRIES_ANSIBLE_TOKEN')
if self.token is None:
self.disabled = True
self._display.warning(
'Logentries token could not be loaded. The logentries token can be provided using the `LOGENTRIES_TOKEN` environment '
'variable')
self.flatten = os.getenv('LOGENTRIES_FLATTEN')
if self.flatten is None:
self.flatten = False
elif self.flatten.lower() in ['yes', 'true']:
self.flatten = True
self.verbose = False
self.timeout = 10
self.le_jobid = str(uuid.uuid4())
if self.use_tls:
self._appender = TLSSocketAppender(verbose=self.verbose,
LE_API=self.api_uri,
LE_TLS_PORT=self.api_tls_port)
else:
self._appender = PlainTextSocketAppender(verbose=self.verbose,
LE_API=self.api_uri,
LE_PORT=self.api_port)
self._appender.reopen_connection()
if cache_available(config):
inv = get_cache('scaleway_ansible_inventory.json', config)
else:
inv = generate_inv_from_api(config)
save_cache(inv, config)
return json.dumps(inv)
if __name__ == '__main__':
inventory = {}
# Read config
if six.PY3:
config = configparser.ConfigParser()
else:
config = configparser.SafeConfigParser()
for configfilename in [
os.path.abspath(sys.argv[0]).rsplit('.py')[0] + '.ini',
'scaleway.ini'
]:
if os.path.exists(configfilename):
config.read(configfilename)
break
if cache_available(config):
inventory = get_cache('scaleway_ansible_inventory.json', config)
else:
inventory = get_inventory(config)
def collect(self, module=None, collected_facts=None):
local_facts = {}
local_facts['local'] = {}
if not module:
return local_facts
fact_path = module.params.get('fact_path', None)
if not fact_path or not os.path.exists(fact_path):
return local_facts
local = {}
# go over .fact files, run executables, read rest, skip bad with warning and note
for fn in sorted(glob.glob(fact_path + '/*.fact')):
# use filename for key where it will sit under local facts
fact_base = os.path.basename(fn).replace('.fact', '')
if stat.S_IXUSR & os.stat(fn)[stat.ST_MODE]:
failed = None
try:
# run it
rc, out, err = module.run_command(fn)
if rc != 0:
failed = 'Failure executing fact script (%s), rc: %s, err: %s' % (
fn, rc, err)
except (IOError, OSError) as e:
failed = 'Could not execute fact script (%s): %s' % (
fn, to_text(e))
if failed is not None:
local[fact_base] = failed
module.warn(failed)
continue
else:
# ignores exceptions and returns empty
out = get_file_content(fn, default='')
try:
# ensure we have unicode
out = to_text(out, errors='surrogate_or_strict')
except UnicodeError:
fact = 'error loading fact - output of running "%s" was not utf-8' % fn
local[fact_base] = fact
module.warn(fact)
continue
# try to read it as json first
try:
fact = json.loads(out)
except ValueError:
# if that fails read it with ConfigParser
cp = configparser.ConfigParser()
try:
cp.readfp(StringIO(out))
except configparser.Error:
fact = "error loading facts as JSON or ini - please check content: %s" % fn
module.warn(fact)
else:
fact = {}
for sect in cp.sections():
if sect not in fact:
fact[sect] = {}
for opt in cp.options(sect):
val = cp.get(sect, opt)
fact[sect][opt] = val
except Exception as e:
fact = "Failed to convert (%s) to JSON: %s" % (fn, to_text(e))
module.warn(fact)
local[fact_base] = fact
local_facts['local'] = local
return local_facts