Пример #1
0
def get_vault_password(password_file=None):
    if password_file is None:
        try:
            password_file = config.get('vault', 'password_file')
        except ConfigParser.NoSectionError:
            return None
    return read_vault_file(password_file)
Пример #2
0
def get_vault_password(password_file=None):
    if password_file is None:
        try:
            password_file = config.get('vault', 'password_file')
        except ConfigParser.NoSectionError:
            return None
    return read_vault_file(password_file)
Пример #3
0
    def parse_args(self, *args, **kwargs):
        args = Script.parse_args(self, *args, **kwargs)

        if args.version:
            self.show_version()
            self.exit(0)

        if args.inventory is None:
            self.exit(1, 'Could not detect default inventory path')

        if 'pattern' in args and not Inventory(args.inventory).list_hosts(args.pattern):
            self.exit(1, 'No hosts matched')

        if args.ask_pass:
            args.remote_pass = getpass.getpass('Enter remote user password: '******'Enter become password: '******'become %s ' % args.become_user
        elif args.su:
            self.mode = 'su %s ' % args.su_user

        if args.vault_password_file:
            args.vault_pass = utils.read_vault_file(args.vault_password_file)
        else:
            args.vault_pass = False

        return args
    def __init__(self, inventory, ask_vault_pass, vault_password_files, vault_ids):
        if vault_ids or len(vault_password_files) > 1:
            raise NotImplementedError
        from ansible import utils
        super(Inventory19, self).__init__()
        if ask_vault_pass:
            self.vault_pass = utils.ask_passwords(ask_vault_pass=True)[2]
        elif vault_password_files:
            self.vault_pass = utils.read_vault_file(vault_password_files[0])
        try:
            self.inventory = ansible.inventory.Inventory(inventory, vault_password=self.vault_pass)
        except ansible.errors.AnsibleError:
            raise NoVaultSecretFound

        self.variable_manager = None
Пример #5
0
    def __init__(self, inventory, ask_vault_pass, vault_password_files,
                 vault_ids):
        if vault_ids or len(vault_password_files) > 1:
            raise NotImplementedError
        from ansible import utils
        super(Inventory19, self).__init__()
        if ask_vault_pass:
            self.vault_pass = utils.ask_passwords(ask_vault_pass=True)[2]
        elif vault_password_files:
            self.vault_pass = utils.read_vault_file(vault_password_files[0])
        try:
            self.inventory = ansible.inventory.Inventory(
                inventory, vault_password=self.vault_pass)
        except ansible.errors.AnsibleError:
            raise NoVaultSecretFound

        self.variable_manager = None
Пример #6
0
 def read_vault_file(self, vault_password_file):
     from ansible.utils import read_vault_file
     return read_vault_file(vault_password_file)
Пример #7
0
def main(args):
    ''' run ansible-playbook operations '''

    # create parser for CLI options
    parser = utils.base_parser(
        constants=C,
        usage = "%prog playbook.yml",
        connect_opts=True,
        runas_opts=True,
        subset_opts=True,
        check_opts=True,
        diff_opts=True
    )
    #parser.add_option('--vault-password', dest="vault_password",
    #    help="password for vault encrypted files")
    parser.add_option('-t', '--tags', dest='tags', default='all',
        help="only run plays and tasks tagged with these values")
    parser.add_option('--skip-tags', dest='skip_tags',
        help="only run plays and tasks whose tags do not match these values")
    parser.add_option('--syntax-check', dest='syntax', action='store_true',
        help="perform a syntax check on the playbook, but do not execute it")
    parser.add_option('--list-tasks', dest='listtasks', action='store_true',
        help="list all tasks that would be executed")
    parser.add_option('--list-tags', dest='listtags', action='store_true',
        help="list all available tags")
    parser.add_option('--step', dest='step', action='store_true',
        help="one-step-at-a-time: confirm each task before running")
    parser.add_option('--start-at-task', dest='start_at',
        help="start the playbook at the task matching this name")
    parser.add_option('--force-handlers', dest='force_handlers',
        default=C.DEFAULT_FORCE_HANDLERS, action='store_true',
        help="run handlers even if a task fails")
    parser.add_option('--flush-cache', dest='flush_cache', action='store_true',
        help="clear the fact cache")

    options, args = parser.parse_args(args)

    if len(args) == 0:
        parser.print_help(file=sys.stderr)
        return 1

    # privlege escalation command line arguments need to be mutually exclusive
    utils.check_mutually_exclusive_privilege(options, parser)

    if (options.ask_vault_pass and options.vault_password_file):
            parser.error("--ask-vault-pass and --vault-password-file are mutually exclusive")

    sshpass = None
    becomepass = None
    vault_pass = None

    options.ask_vault_pass = options.ask_vault_pass or C.DEFAULT_ASK_VAULT_PASS

    if options.listhosts or options.syntax or options.listtasks or options.listtags:
        (_, _, vault_pass) = utils.ask_passwords(ask_vault_pass=options.ask_vault_pass)
    else:
        options.ask_pass = options.ask_pass or C.DEFAULT_ASK_PASS
        # Never ask for an SSH password when we run with local connection
        if options.connection == "local":
            options.ask_pass = False

        # set pe options
        utils.normalize_become_options(options)
        prompt_method = utils.choose_pass_prompt(options)
        (sshpass, becomepass, vault_pass) = utils.ask_passwords(ask_pass=options.ask_pass,
                                                    become_ask_pass=options.become_ask_pass,
                                                    ask_vault_pass=options.ask_vault_pass,
                                                    become_method=prompt_method)

    # read vault_pass from a file
    if not options.ask_vault_pass and options.vault_password_file:
        vault_pass = utils.read_vault_file(options.vault_password_file)

    extra_vars = utils.parse_extra_vars(options.extra_vars, vault_pass)

    only_tags = options.tags.split(",")
    skip_tags = options.skip_tags
    if options.skip_tags is not None:
        skip_tags = options.skip_tags.split(",")

    for playbook in args:
        if not os.path.exists(playbook):
            raise errors.AnsibleError("the playbook: %s could not be found" % playbook)
        if not (os.path.isfile(playbook) or stat.S_ISFIFO(os.stat(playbook).st_mode)):
            raise errors.AnsibleError("the playbook: %s does not appear to be a file" % playbook)

    inventory = ansible.inventory.Inventory(options.inventory, vault_password=vault_pass)

    # Note: slightly wrong, this is written so that implicit localhost
    # (which is not returned in list_hosts()) is taken into account for
    # warning if inventory is empty.  But it can't be taken into account for
    # checking if limit doesn't match any hosts.  Instead we don't worry about
    # limit if only implicit localhost was in inventory to start with.
    #
    # Fix this in v2
    no_hosts = False
    if len(inventory.list_hosts()) == 0:
        # Empty inventory
        utils.warning("provided hosts list is empty, only localhost is available")
        no_hosts = True
    inventory.subset(options.subset)
    if len(inventory.list_hosts()) == 0 and no_hosts is False:
        # Invalid limit
        raise errors.AnsibleError("Specified --limit does not match any hosts")

    # run all playbooks specified on the command line
    for playbook in args:

        stats = callbacks.AggregateStats()
        playbook_cb = callbacks.PlaybookCallbacks(verbose=utils.VERBOSITY)
        if options.step:
            playbook_cb.step = options.step
        if options.start_at:
            playbook_cb.start_at = options.start_at
        runner_cb = callbacks.PlaybookRunnerCallbacks(stats, verbose=utils.VERBOSITY)

        pb = ansible.playbook.PlayBook(
            playbook=playbook,
            module_path=options.module_path,
            inventory=inventory,
            forks=options.forks,
            remote_user=options.remote_user,
            remote_pass=sshpass,
            callbacks=playbook_cb,
            runner_callbacks=runner_cb,
            stats=stats,
            timeout=options.timeout,
            transport=options.connection,
            become=options.become,
            become_method=options.become_method,
            become_user=options.become_user,
            become_pass=becomepass,
            extra_vars=extra_vars,
            private_key_file=options.private_key_file,
            only_tags=only_tags,
            skip_tags=skip_tags,
            check=options.check,
            diff=options.diff,
            vault_password=vault_pass,
            force_handlers=options.force_handlers,
        )

        if options.flush_cache:
            display(callbacks.banner("FLUSHING FACT CACHE"))
            pb.SETUP_CACHE.flush()

        if options.listhosts or options.listtasks or options.syntax or options.listtags:
            print ''
            print 'playbook: %s' % playbook
            print ''
            playnum = 0
            for (play_ds, play_basedir) in zip(pb.playbook, pb.play_basedirs):
                playnum += 1
                play = ansible.playbook.Play(pb, play_ds, play_basedir,
                                              vault_password=pb.vault_password)
                label = play.name
                hosts = pb.inventory.list_hosts(play.hosts)

                if options.listhosts:
                    print '  play #%d (%s): host count=%d' % (playnum, label, len(hosts))
                    for host in hosts:
                        print '    %s' % host

                if options.listtags or options.listtasks:
                    print '  play #%d (%s):\tTAGS: [%s]' % (playnum, label,','.join(sorted(set(play.tags))))

                    if options.listtags:
                        tags = []
                        for task in pb.tasks_to_run_in_play(play):
                            tags.extend(task.tags)
                        print '    TASK TAGS: [%s]' % (', '.join(sorted(set(tags).difference(['untagged']))))

                    if options.listtasks:

                        for task in pb.tasks_to_run_in_play(play):
                            if getattr(task, 'name', None) is not None:
                                # meta tasks have no names
                                print '    %s\tTAGS: [%s]' % (task.name, ', '.join(sorted(set(task.tags).difference(['untagged']))))

                if options.listhosts or options.listtasks or options.listtags:
                    print ''
            continue

        if options.syntax:
            # if we've not exited by now then we are fine..
            print 'Playbook Syntax is fine'
            return 0

        failed_hosts = []
        unreachable_hosts = []

        try:

            pb.run()

            hosts = sorted(pb.stats.processed.keys())
            display(callbacks.banner("PLAY RECAP"))
            playbook_cb.on_stats(pb.stats)

            for h in hosts:
                t = pb.stats.summarize(h)
                if t['failures'] > 0:
                    failed_hosts.append(h)
                if t['unreachable'] > 0:
                    unreachable_hosts.append(h)

            retries = failed_hosts + unreachable_hosts

            if C.RETRY_FILES_ENABLED and len(retries) > 0:
                filename = pb.generate_retry_inventory(retries)
                if filename:
                    display("           to retry, use: --limit @%s\n" % filename)
            
            for runner_results in pb.stats.output():              
                for (host, value) in runner_results.get('dark', {}).iteritems():
                    print 'dark' 
                    print host
                    print value
                    
                for (host, value) in runner_results.get('contacted', {}).iteritems():
                    print 'contacted' 
                    print host
                    print value                    
                # for msg in pb.stats.output():               
                # print msg
            for h in hosts:
                t = pb.stats.summarize(h)
        
                display("%s : %s %s %s %s" % (
                    hostcolor(h, t),
                    colorize('ok', t['ok'], 'green'),
                    colorize('changed', t['changed'], 'yellow'),
                    colorize('unreachable', t['unreachable'], 'red'),
                    colorize('failed', t['failures'], 'red')),
                    screen_only=True
                )

                display("%s : %s %s %s %s" % (
                    hostcolor(h, t, False),
                    colorize('ok', t['ok'], None),
                    colorize('changed', t['changed'], None),
                    colorize('unreachable', t['unreachable'], None),
                    colorize('failed', t['failures'], None)),
                    log_only=True
                )


            print ""
            if len(failed_hosts) > 0:
                return 2
            if len(unreachable_hosts) > 0:
                return 3

        except errors.AnsibleError, e:
            display(u"ERROR: %s" % utils.unicode.to_unicode(e, nonstring='simplerepr'), color='red')
            return 1
Пример #8
0
    def run(self, options, args):
        ''' use Runner lib to do SSH things '''

        pattern = args[0]

        sshpass = becomepass = vault_pass = become_method = None

        # Never ask for an SSH password when we run with local connection
        if options.connection == "local":
            options.ask_pass = False
        else:
            options.ask_pass = options.ask_pass or C.DEFAULT_ASK_PASS

        options.ask_vault_pass = options.ask_vault_pass or C.DEFAULT_ASK_VAULT_PASS

        # become
        utils.normalize_become_options(options)
        prompt_method = utils.choose_pass_prompt(options)
        (sshpass, becomepass, vault_pass) = utils.ask_passwords(ask_pass=options.ask_pass, become_ask_pass=options.become_ask_pass, ask_vault_pass=options.ask_vault_pass, become_method=prompt_method)

        # read vault_pass from a file
        if not options.ask_vault_pass and options.vault_password_file:
            vault_pass = utils.read_vault_file(options.vault_password_file)

        extra_vars = utils.parse_extra_vars(options.extra_vars, vault_pass)

        inventory_manager = inventory.Inventory(options.inventory, vault_password=vault_pass)
        if options.subset:
            inventory_manager.subset(options.subset)
        hosts = inventory_manager.list_hosts(pattern)

        if len(hosts) == 0:
            callbacks.display("No hosts matched", stderr=True)
            sys.exit(0)

        if options.listhosts:
            for host in hosts:
                callbacks.display('    %s' % host)
            sys.exit(0)

        if options.module_name in ['command','shell'] and not options.module_args:
            callbacks.display("No argument passed to %s module" % options.module_name, color='red', stderr=True)
            sys.exit(1)

        if options.tree:
            utils.prepare_writeable_dir(options.tree)



        runner = Runner(
            module_name=options.module_name,
            module_path=options.module_path,
            module_args=options.module_args,
            remote_user=options.remote_user,
            remote_pass=sshpass,
            inventory=inventory_manager,
            timeout=options.timeout,
            private_key_file=options.private_key_file,
            forks=options.forks,
            pattern=pattern,
            callbacks=self.callbacks,
            transport=options.connection,
            subset=options.subset,
            check=options.check,
            diff=options.check,
            vault_pass=vault_pass,
            become=options.become,
            become_method=options.become_method,
            become_pass=becomepass,
            become_user=options.become_user,
            extra_vars=extra_vars,
        )

        import pdb
        pdb.set_trace() 
        if options.seconds:
            callbacks.display("background launch...\n\n", color='cyan')
            results, poller = runner.run_async(options.seconds)
            results = self.poll_while_needed(poller, options)
        else:
            results = runner.run()

        return (runner, results)
Пример #9
0
 def read_vault_file(self, vault_password_file):
     from ansible.utils import read_vault_file
     return read_vault_file(vault_password_file)