def ansible_playbook(environment, playbook, *cmd_args): if os.path.isabs(playbook): playbook_path = playbook else: playbook_path = os.path.join(ANSIBLE_DIR, '{playbook}'.format(playbook=playbook)) cmd_parts = ( 'ansible-playbook', playbook_path, '-i', environment.paths.inventory_source, '-e', '@{}'.format(environment.paths.vault_yml), '-e', '@{}'.format(environment.paths.public_yml), '-e', '@{}'.format(environment.paths.generated_yml), '--diff', ) + get_limit() + cmd_args public_vars = environment.public_vars cmd_parts += get_user_arg(public_vars, unknown_args, use_factory_auth) if has_arg(unknown_args, '-D', '--diff') or has_arg(unknown_args, '-C', '--check'): puts(colored.red("Options --diff and --check not allowed. Please remove -D, --diff, -C, --check.")) puts("These ansible-playbook options are managed automatically by commcare-cloud and cannot be set manually.") return 2 # exit code ask_vault_pass = public_vars.get('commcare_cloud_use_vault', True) if ask_vault_pass: cmd_parts += ('--vault-password-file={}/echo_vault_password.sh'.format(ANSIBLE_DIR),) cmd_parts_with_common_ssh_args = get_common_ssh_args(environment, use_factory_auth=use_factory_auth) cmd_parts += cmd_parts_with_common_ssh_args cmd = ' '.join(shlex_quote(arg) for arg in cmd_parts) print_command(cmd) env_vars = ansible_context.env_vars if ask_vault_pass: env_vars['ANSIBLE_VAULT_PASSWORD'] = environment.get_ansible_vault_password() return subprocess.call(cmd_parts, env=env_vars)
def ansible_playbook(environment, playbook, *cmd_args): if os.path.isabs(playbook): playbook_path = playbook else: playbook_path = os.path.join( ANSIBLE_DIR, '{playbook}'.format(playbook=playbook)) cmd_parts = ( 'ansible-playbook', playbook_path, '-i', environment.paths.inventory_ini, '-e', '@{}'.format(environment.paths.vault_yml), '-e', '@{}'.format(environment.paths.public_yml), '-e', '@{}'.format(environment.paths.generated_yml), '--diff', ) + get_limit() + cmd_args public_vars = environment.public_vars cmd_parts += get_user_arg(public_vars, unknown_args) if not has_arg(unknown_args, '-f', '--forks'): cmd_parts += ('--forks', '15') if has_arg(unknown_args, '-D', '--diff') or has_arg( unknown_args, '-C', '--check'): puts( colored.red( "Options --diff and --check not allowed. Please remove -D, --diff, -C, --check." )) puts( "These ansible-playbook options are managed automatically by commcare-cloud and cannot be set manually." ) return 2 # exit code ask_vault_pass = public_vars.get('commcare_cloud_use_vault', True) if ask_vault_pass: cmd_parts += ('--vault-password-file=/bin/cat', ) cmd_parts_with_common_ssh_args = get_common_ssh_args( environment, use_factory_auth=use_factory_auth) cmd_parts += cmd_parts_with_common_ssh_args cmd = ' '.join(shlex_quote(arg) for arg in cmd_parts) print_command(cmd) if ask_vault_pass: environment.get_ansible_vault_password() p = subprocess.Popen(cmd, stdin=subprocess.PIPE, shell=True, env=ansible_context.env_vars) if ask_vault_pass: p.communicate( input='{}\n'.format(environment.get_ansible_vault_password())) else: p.communicate() return p.returncode
def ansible_playbook(environment, playbook, *cmd_args): cmd_parts = ( 'ansible-playbook', os.path.join(ANSIBLE_DIR, '{playbook}'.format(playbook=playbook)), '-i', environment.paths.inventory_ini, '-e', '@{}'.format(environment.paths.vault_yml), '-e', '@{}'.format(environment.paths.public_yml), '-e', '@{}'.format(environment.paths.generated_yml), '--diff', ) + cmd_args if not has_arg(unknown_args, '-u', '--user'): cmd_parts += ('-u', 'ansible') if not has_arg(unknown_args, '-f', '--forks'): cmd_parts += ('--forks', '15') known_hosts_filepath = environment.paths.known_hosts if os.path.exists(known_hosts_filepath): cmd_parts += ("--ssh-common-args='-o=UserKnownHostsFile=%s'" % (known_hosts_filepath, ), ) if has_arg(unknown_args, '-D', '--diff') or has_arg( unknown_args, '-C', '--check'): puts( colored.red( "Options --diff and --check not allowed. Please remove -D, --diff, -C, --check." )) puts( "These ansible-playbook options are managed automatically by commcare-cloud and cannot be set manually." ) return 2 # exit code if ask_vault_pass: cmd_parts += ('--vault-password-file=/bin/cat', ) cmd_parts += get_common_ssh_args(public_vars) cmd = ' '.join(shlex_quote(arg) for arg in cmd_parts) print_command(cmd) if ask_vault_pass: environment.get_ansible_vault_password() p = subprocess.Popen(cmd, stdin=subprocess.PIPE, shell=True, env=ansible_context.env_vars) if ask_vault_pass: p.communicate(input='{}\n'.format( environment.get_ansible_vault_password())) else: p.communicate() return p.returncode
def ansible_playbook(environment, playbook, *cmd_args): if os.path.isabs(playbook): playbook_path = playbook else: playbook_path = os.path.join( ANSIBLE_DIR, '{playbook}'.format(playbook=playbook)) cmd_parts = ( 'ansible-playbook', playbook_path, '-i', environment.paths.inventory_source, '-e', '@{}'.format(environment.paths.vault_yml), '-e', '@{}'.format(environment.paths.public_yml), '-e', '@{}'.format(environment.paths.generated_yml), '--diff', ) + get_limit() + cmd_args public_vars = environment.public_vars cmd_parts += get_user_arg(public_vars, unknown_args, use_factory_auth) if has_arg(unknown_args, '-D', '--diff') or has_arg( unknown_args, '-C', '--check'): puts( color_error("Options --diff and --check not allowed. " "Please remove -D, --diff, -C, --check.")) puts( color_error( "These ansible-playbook options are managed automatically " "by commcare-cloud and cannot be set manually.")) return 2 # exit code ask_vault_pass = public_vars.get('commcare_cloud_use_vault', True) if ask_vault_pass: cmd_parts += ('--vault-password-file={}/echo_vault_password.sh'. format(ANSIBLE_DIR), ) cmd_parts_with_common_ssh_args = get_common_ssh_args( environment, use_factory_auth=use_factory_auth) cmd_parts += cmd_parts_with_common_ssh_args cmd = ' '.join(shlex_quote(arg) for arg in cmd_parts) print_command(cmd) env_vars = ansible_context.env_vars if ask_vault_pass: env_vars[ 'ANSIBLE_VAULT_PASSWORD'] = environment.get_ansible_vault_password( ) return subprocess.call(cmd_parts, env=env_vars)
def get_user_arg(public_vars, unknown_args, use_factory_auth=False): cmd_parts = tuple() if use_factory_auth: default_user = public_vars.get('commcare_cloud_root_user', 'root') else: default_user = '******' if not has_arg(unknown_args, '-u', '--user'): user = public_vars.get('commcare_cloud_remote_user', default_user) cmd_parts += ('-u', user) return cmd_parts
def ansible_playbook(environment, playbook, *cmd_args): if os.path.isabs(playbook): playbook_path = playbook else: playbook_path = os.path.join( ANSIBLE_DIR, '{playbook}'.format(playbook=playbook)) cmd_parts = ( 'ansible-playbook', playbook_path, '-i', environment.paths.inventory_source, '-e', '@{}'.format(environment.paths.public_yml), '-e', '@{}'.format(environment.paths.generated_yml), '--diff', ) + get_limit() + cmd_args public_vars = environment.public_vars env_vars = ansible_context.env_vars cmd_parts += get_user_arg(public_vars, unknown_args, use_factory_auth) if has_arg(unknown_args, '-D', '--diff') or has_arg( unknown_args, '-C', '--check'): puts( color_error("Options --diff and --check not allowed. " "Please remove -D, --diff, -C, --check.")) puts( color_error( "These ansible-playbook options are managed automatically " "by commcare-cloud and cannot be set manually.")) return 2 # exit code cmd_parts += environment.secrets_backend.get_extra_ansible_args() cmd_parts_with_common_ssh_args = get_common_ssh_args( environment, use_factory_auth=use_factory_auth) cmd_parts += cmd_parts_with_common_ssh_args cmd = ' '.join(shlex_quote(arg) for arg in cmd_parts) print_command(cmd) env_vars.update( environment.secrets_backend.get_extra_ansible_env_vars()) return subprocess.call(cmd_parts, env=env_vars)