def run(self, args, unknown_args):
environment = get_environment(args.env_name)
environment.create_generated_yml()
ansible_context = AnsibleContext(args)
def _run_ansible(args, *unknown_args):
return run_ansible_module(environment,
ansible_context,
args.inventory_group,
args.module,
args.module_args,
become=args.become,
become_user=args.become_user,
use_factory_auth=args.use_factory_auth,
extra_args=unknown_args)
def run_check():
with environment.secrets_backend.suppress_datadog_event():
return _run_ansible(args, '--check', *unknown_args)
def run_apply():
return _run_ansible(args, *unknown_args)
return run_action_with_check_mode(run_check, run_apply,
args.skip_check, args.quiet)
def migrate(migration, ansible_context, skip_check, no_stop):
print_allocation(migration)
if not ask("Continue with this plan?"):
puts("Abort")
return 0
if no_stop:
puts(
color_notice(
"Running migrate with --no-stop will result in data loss"))
puts(
color_notice("unless each shard of each db has a pivot location."))
if not ask(
"Have you manually confirmed that for each shard of each db "
"at least one of its new locations is the same as an old location, "
"and do you want to continue without stopping couchdb first?"):
puts("Abort")
return 0
def run_check():
return _run_migration(migration,
ansible_context,
check_mode=True,
no_stop=no_stop)
def run_apply():
return _run_migration(migration,
ansible_context,
check_mode=False,
no_stop=no_stop)
return run_action_with_check_mode(run_check, run_apply, skip_check)
def run(self, args, unknown_args):
environment = get_environment(args.env_name)
environment.create_generated_yml()
plan = read_plan(args.plan_path, environment, args.limit)
working_directory = _get_working_dir(args.plan_path, environment)
ansible_context = AnsibleContext(args)
environment.get_ansible_vault_password()
if plan.source_env != environment and args.action in ('prepare', 'cleanup'):
plan.source_env.get_ansible_vault_password()
if args.action == 'prepare':
for target_host, source_configs in plan.configs.items():
self.log("Creating scripts to copy files.")
prepare_file_copy_scripts(target_host, source_configs, working_directory)
self.log("Moving scripts to target hosts.")
copy_scripts_to_target_host(target_host, working_directory, environment, ansible_context)
self.log("Establishing auth between target and source.")
setup_auth(plan, environment, ansible_context, working_directory)
if args.action == 'copy':
def run_check():
return execute_file_copy_scripts(environment, list(plan.configs), check_mode=True)
def run_apply():
return execute_file_copy_scripts(environment, list(plan.configs), check_mode=False)
return run_action_with_check_mode(run_check, run_apply, args.skip_check)
if args.action == 'cleanup':
teardown_auth(plan, environment, ansible_context, working_directory)
shutil.rmtree(working_directory)
def run(self, args, unknown_args):
environment = get_environment(args.env_name)
environment.create_generated_yml()
plan = read_plan(args.plan_path, environment, args.limit)
working_directory = _get_working_dir(args.plan_path, environment)
ansible_context = AnsibleContext(args)
environment.get_ansible_vault_password()
if plan.source_env != environment and args.action in ('prepare', 'cleanup'):
plan.source_env.get_ansible_vault_password()
if args.action == 'prepare':
for target_host, source_configs in plan.configs.items():
self.log("Creating scripts to copy files.")
prepare_file_copy_scripts(target_host, source_configs, working_directory)
self.log("Moving scripts to target hosts.")
copy_scripts_to_target_host(target_host, working_directory, environment, ansible_context)
self.log("Establishing auth between target and source.")
setup_auth(plan, environment, ansible_context, working_directory)
if args.action == 'copy':
def run_check():
return execute_file_copy_scripts(environment, list(plan.configs), check_mode=True)
def run_apply():
return execute_file_copy_scripts(environment, list(plan.configs), check_mode=False)
return run_action_with_check_mode(run_check, run_apply, args.skip_check)
if args.action == 'cleanup':
teardown_auth(plan, environment, ansible_context, working_directory)
shutil.rmtree(working_directory)
def migrate(migration, ansible_context, skip_check):
def run_check():
return _run_migration(migration, ansible_context, check_mode=True)
def run_apply():
return _run_migration(migration, ansible_context, check_mode=False)
return run_action_with_check_mode(run_check, run_apply, skip_check)
def run(self, args, unknown_args):
environment = get_environment(args.env_name)
environment.create_generated_yml()
ansible_context = AnsibleContext(args)
def _run_ansible(args, *unknown_args):
return run_ansible_module(environment, ansible_context,
args.inventory_group, args.module,
args.module_args, args.become,
args.become_user, args.use_factory_auth,
*unknown_args)
def run_check():
return _run_ansible(args, '--check', *unknown_args)
def run_apply():
return _run_ansible(args, *unknown_args)
return run_action_with_check_mode(run_check, run_apply,
args.skip_check, args.quiet)
def run(self, args, unknown_args):
environment = get_environment(args.env_name)
environment.create_generated_yml()
ansible_context = AnsibleContext(args)
def _run_ansible(args, *unknown_args):
return run_ansible_module(
environment, ansible_context,
args.inventory_group, args.module, args.module_args,
args.become, args.become_user, args.use_factory_auth,
*unknown_args
)
def run_check():
with environment.suppress_vault_loaded_event():
return _run_ansible(args, '--check', *unknown_args)
def run_apply():
return _run_ansible(args, *unknown_args)
return run_action_with_check_mode(run_check, run_apply, args.skip_check, args.quiet)
def migrate(migration, ansible_context, skip_check, no_stop):
print_allocation(migration)
if not ask("Continue with this plan?"):
puts("Abort")
return 0
if no_stop:
puts(colored.yellow("Running migrate with --no-stop will result in data loss"))
puts(colored.yellow("unless each shard of each db has a pivot location."))
if not ask("Have you manually confirmed that for each shard of each db "
"at least one of its new locations is the same as an old location, "
"and do you want to continue without stopping couchdb first?"):
puts("Abort")
return 0
def run_check():
return _run_migration(migration, ansible_context, check_mode=True, no_stop=no_stop)
def run_apply():
return _run_migration(migration, ansible_context, check_mode=False, no_stop=no_stop)
return run_action_with_check_mode(run_check, run_apply, skip_check)
def run_ansible_playbook(
environment,
playbook,
ansible_context,
skip_check=False,
quiet=False,
always_skip_check=False,
limit=None,
use_factory_auth=False,
unknown_args=None,
respect_ansible_skip=True,
):
unknown_args = unknown_args or []
def get_limit():
limit_parts = []
if limit:
limit_parts.append(limit)
if 'ansible_skip' in environment.sshable_hostnames_by_group and respect_ansible_skip:
limit_parts.append('!ansible_skip')
if limit_parts:
return '--limit', ':'.join(limit_parts)
else:
return ()
def ansible_playbook(environment, playbook, *cmd_args):
if os.path.isabs(playbook):
playbook_path = playbook
else:
playbook_path = os.path.join(
ANSIBLE_DIR, '{playbook}'.format(playbook=playbook))
cmd_parts = (
'ansible-playbook',
playbook_path,
'-i',
environment.paths.inventory_source,
'-e',
'@{}'.format(environment.paths.vault_yml),
'-e',
'@{}'.format(environment.paths.public_yml),
'-e',
'@{}'.format(environment.paths.generated_yml),
'--diff',
) + get_limit() + cmd_args
public_vars = environment.public_vars
cmd_parts += get_user_arg(public_vars, unknown_args, use_factory_auth)
if has_arg(unknown_args, '-D', '--diff') or has_arg(
unknown_args, '-C', '--check'):
puts(
color_error("Options --diff and --check not allowed. "
"Please remove -D, --diff, -C, --check."))
puts(
color_error(
"These ansible-playbook options are managed automatically "
"by commcare-cloud and cannot be set manually."))
return 2 # exit code
ask_vault_pass = public_vars.get('commcare_cloud_use_vault', True)
if ask_vault_pass:
cmd_parts += ('--vault-password-file={}/echo_vault_password.sh'.
format(ANSIBLE_DIR), )
cmd_parts_with_common_ssh_args = get_common_ssh_args(
environment, use_factory_auth=use_factory_auth)
cmd_parts += cmd_parts_with_common_ssh_args
cmd = ' '.join(shlex_quote(arg) for arg in cmd_parts)
print_command(cmd)
env_vars = ansible_context.env_vars
if ask_vault_pass:
env_vars[
'ANSIBLE_VAULT_PASSWORD'] = environment.get_ansible_vault_password(
)
return subprocess.call(cmd_parts, env=env_vars)
def run_check():
with environment.suppress_vault_loaded_event():
return ansible_playbook(environment, playbook, '--check',
*unknown_args)
def run_apply():
return ansible_playbook(environment, playbook, *unknown_args)
return run_action_with_check_mode(run_check, run_apply, skip_check, quiet,
always_skip_check)
def run_ansible_playbook(environment,
playbook,
ansible_context,
skip_check=False,
quiet=False,
always_skip_check=False,
limit=None,
use_factory_auth=False,
unknown_args=None):
def get_limit():
limit_parts = []
if limit:
limit_parts.append(limit)
if 'ansible_skip' in environment.sshable_hostnames_by_group:
limit_parts.append('!ansible_skip')
if limit_parts:
return '--limit', ':'.join(limit_parts)
else:
return ()
def ansible_playbook(environment, playbook, *cmd_args):
if os.path.isabs(playbook):
playbook_path = playbook
else:
playbook_path = os.path.join(
ANSIBLE_DIR, '{playbook}'.format(playbook=playbook))
cmd_parts = (
'ansible-playbook',
playbook_path,
'-i',
environment.paths.inventory_ini,
'-e',
'@{}'.format(environment.paths.vault_yml),
'-e',
'@{}'.format(environment.paths.public_yml),
'-e',
'@{}'.format(environment.paths.generated_yml),
'--diff',
) + get_limit() + cmd_args
public_vars = environment.public_vars
cmd_parts += get_user_arg(public_vars, unknown_args)
if not has_arg(unknown_args, '-f', '--forks'):
cmd_parts += ('--forks', '15')
if has_arg(unknown_args, '-D', '--diff') or has_arg(
unknown_args, '-C', '--check'):
puts(
colored.red(
"Options --diff and --check not allowed. Please remove -D, --diff, -C, --check."
))
puts(
"These ansible-playbook options are managed automatically by commcare-cloud and cannot be set manually."
)
return 2 # exit code
ask_vault_pass = public_vars.get('commcare_cloud_use_vault', True)
if ask_vault_pass:
cmd_parts += ('--vault-password-file=/bin/cat', )
cmd_parts_with_common_ssh_args = get_common_ssh_args(
environment, use_factory_auth=use_factory_auth)
cmd_parts += cmd_parts_with_common_ssh_args
cmd = ' '.join(shlex_quote(arg) for arg in cmd_parts)
print_command(cmd)
if ask_vault_pass:
environment.get_ansible_vault_password()
p = subprocess.Popen(cmd,
stdin=subprocess.PIPE,
shell=True,
env=ansible_context.env_vars)
if ask_vault_pass:
p.communicate(
input='{}\n'.format(environment.get_ansible_vault_password()))
else:
p.communicate()
return p.returncode
def run_check():
return ansible_playbook(environment, playbook, '--check',
*unknown_args)
def run_apply():
return ansible_playbook(environment, playbook, *unknown_args)
return run_action_with_check_mode(run_check, run_apply, skip_check, quiet,
always_skip_check)
def run_ansible_playbook(
environment, playbook, ansible_context,
skip_check=False, quiet=False, always_skip_check=False, limit=None,
use_factory_auth=False, unknown_args=None, respect_ansible_skip=True,
):
unknown_args = unknown_args or []
def get_limit():
limit_parts = []
if limit:
limit_parts.append(limit)
if 'ansible_skip' in environment.sshable_hostnames_by_group and respect_ansible_skip:
limit_parts.append('!ansible_skip')
if limit_parts:
return '--limit', ':'.join(limit_parts)
else:
return ()
def ansible_playbook(environment, playbook, *cmd_args):
if os.path.isabs(playbook):
playbook_path = playbook
else:
playbook_path = os.path.join(ANSIBLE_DIR, '{playbook}'.format(playbook=playbook))
cmd_parts = (
'ansible-playbook',
playbook_path,
'-i', environment.paths.inventory_source,
'-e', '@{}'.format(environment.paths.vault_yml),
'-e', '@{}'.format(environment.paths.public_yml),
'-e', '@{}'.format(environment.paths.generated_yml),
'--diff',
) + get_limit() + cmd_args
public_vars = environment.public_vars
cmd_parts += get_user_arg(public_vars, unknown_args, use_factory_auth)
if has_arg(unknown_args, '-D', '--diff') or has_arg(unknown_args, '-C', '--check'):
puts(colored.red("Options --diff and --check not allowed. Please remove -D, --diff, -C, --check."))
puts("These ansible-playbook options are managed automatically by commcare-cloud and cannot be set manually.")
return 2 # exit code
ask_vault_pass = public_vars.get('commcare_cloud_use_vault', True)
if ask_vault_pass:
cmd_parts += ('--vault-password-file={}/echo_vault_password.sh'.format(ANSIBLE_DIR),)
cmd_parts_with_common_ssh_args = get_common_ssh_args(environment, use_factory_auth=use_factory_auth)
cmd_parts += cmd_parts_with_common_ssh_args
cmd = ' '.join(shlex_quote(arg) for arg in cmd_parts)
print_command(cmd)
env_vars = ansible_context.env_vars
if ask_vault_pass:
env_vars['ANSIBLE_VAULT_PASSWORD'] = environment.get_ansible_vault_password()
return subprocess.call(cmd_parts, env=env_vars)
def run_check():
with environment.suppress_vault_loaded_event():
return ansible_playbook(environment, playbook, '--check', *unknown_args)
def run_apply():
return ansible_playbook(environment, playbook, *unknown_args)
return run_action_with_check_mode(run_check, run_apply, skip_check, quiet, always_skip_check)
