Commit graph

257 commits

Author SHA1 Message Date
Brian Coca
04a2b221b9 removed conflicting short options 2015-10-03 10:05:23 -04:00
Abhijit Menon-Sen
3ad9b4cba6 Rework additional ssh argument handling
Now we have the following ways to set additional arguments:

1. [ssh_connection]ssh_args in ansible.cfg: global setting, prepended to
   every command line for ssh/scp/sftp. Overrides default ControlPersist
   settings.
2. ansible_ssh_common_args inventory variable. Appended to every command
   line for ssh/scp/sftp. Used in addition to ssh_args, if set above, or
   the default settings.
3. ansible_{sftp,scp,ssh}_extra_args inventory variables. Appended to
   every command line for the relevant binary only. Used in addition to
   #1 and #2, if set above, or the default settings.
3. Using the --ssh-common-args or --{sftp,scp,ssh}-extra-args command
   line options (which are overriden by #2 and #3 above).

This preserves backwards compatibility (for ssh_args in ansible.cfg),
but also permits global settings (e.g. ProxyCommand via _common_args) or
ssh-specific options (e.g. -R via ssh_extra_args).

Fixes #12576
2015-10-02 21:26:25 +05:30
Brian Coca
6ec5abf1c3 fixed some pyflakes 2015-10-01 14:14:20 -04:00
Brian Coca
6c190aa8a4 updated ansible-doc to ignore more stuff that has been added to the module repos 2015-10-01 10:17:41 -04:00
chouseknecht
f4690e3bfe Changing tag to galaxy_tag. 2015-09-30 13:36:23 -04:00
chouseknecht
8360a1b3f2 Replace categories with tags.
Also added --ignore-certs option for use with install and search commands. Helpful when
overriding server and server has self signed cert.
2015-09-30 13:36:17 -04:00
Abhijit Menon-Sen
0bb34fd076 Make «ansible-vault view» not write plaintext to a tempfile
CLI already provides a pager() method that feeds $PAGER on stdin, so we
just feed that the plaintext from the vault file. We can also eliminate
the redundant and now-unused shell_pager_command method in VaultEditor.
2015-09-30 22:13:36 +05:30
Konstantin Manna
1ccfeafa76 bugfix: use correct close calls 2015-09-28 23:33:32 -04:00
James Cammarata
c860775b5d Another fix for --limit in adhoc 2015-09-28 10:39:33 -04:00
James Cammarata
babf47decb Clean up some bugs related to --limit on adhoc commands 2015-09-28 09:02:24 -04:00
James Cammarata
e8e1d9f6fb Apply --limit to inventory in adhoc commands
Fixes #12473
2015-09-23 08:28:38 -04:00
Marius Gedminas
339790adc4 Fix option descriptions in ansible-doc output
Fixes #12462.
2015-09-22 10:00:33 +03:00
James Cammarata
2a50957ad8 Fix galaxy install dep failure
Also fixes issue where force does not force reinstall of deps

Fixes #10425
2015-09-15 17:31:47 -04:00
Brian Coca
91c9df2154 added verbosity to ansible-doc to make it easier to trace down issues 2015-09-10 16:50:14 -04:00
Blake Atkinson
6062519986 Vault missing DataLoader for pwd file #12293 2015-09-09 15:33:52 -05:00
James Cammarata
ff9f5d7dc8 Starting to add additional unit tests for VariableManager
Required some rewiring in inventory code to make sure we're using
the DataLoader class for some data file operations, which makes mocking
them much easier.

Also identified two corner cases not currently handled by the code, related
to inventory variable sources and which one "wins". Also noticed we weren't
properly merging variables from multiple group/host_var file locations
(inventory directory vs. playbook directory locations) so fixed as well.
2015-09-04 16:41:38 -04:00
James Cammarata
6650ba7654 Squashed commit of the following:
commit 9921bb9d20
Author: Abhijit Menon-Sen <ams@2ndQuadrant.com>
Date:   Mon Aug 10 20:19:44 2015 +0530

    Document --ssh-extra-args command-line option

commit 8b25595e7b
Author: Abhijit Menon-Sen <ams@2ndQuadrant.com>
Date:   Thu Aug 13 13:24:57 2015 +0530

    Don't disable GSSAPI/Pubkey authentication when using --ask-pass

    This commit is based on a bug report and PR by kolbyjack (#6846) which
    was subsequently closed and rebased as #11690. The original problem was:

        «The password on the delegated host is different from the one I
        provided on the command line, so it had to use the pubkey, and the
        main host doesn't have a pubkey on it yet, so it had to use the
        password.»

    (This commit is revised and included here because #11690 would conflict
    with the changes in #11908 otherwise.)

    Closes #11690

commit 119d032389
Author: Abhijit Menon-Sen <ams@2ndQuadrant.com>
Date:   Thu Aug 13 11:16:42 2015 +0530

    Be more explicit about why SSH arguments are added

    This adds vvvvv log messages that spell out in detail where each SSH
    command-line argument is obtained from.

    Unfortunately, we can't be sure if, say, self._play_context.remote_user
    is obtained from ANSIBLE_REMOTE_USER in the environment, remote_user in
    ansible.cfg, -u on the command line, or an ansible_ssh_user setting in
    the inventory or on a task or play. In some cases, e.g. timeout, we
    can't even be sure if it was set by the user or just a default.

    Nevertheless, on the theory that at five v's you can use all the hints
    available, I've mentioned the possible sources in the log messages.

    Note that this caveat applies only to the arguments that ssh.py adds by
    itself. In the case of ssh_args and ssh_extra_args, we know where they
    are from, and say so, though we can't say WHERE in the inventory they
    may be set (e.g. in host_vars or group_vars etc.).

commit b605c285ba
Author: Abhijit Menon-Sen <ams@2ndQuadrant.com>
Date:   Tue Aug 11 15:19:43 2015 +0530

    Add a FAQ entry about ansible_ssh_extra_args

commit 49f8edd035
Author: Abhijit Menon-Sen <ams@2ndQuadrant.com>
Date:   Mon Aug 10 20:48:50 2015 +0530

    Allow ansible_ssh_args to be set as an inventory variable

    Before this change, ssh_args could be set only in the [ssh_connection]
    section of ansible.cfg, and was applied to all hosts. Now it's possible
    to set ansible_ssh_args as an inventory variable (directly, or through
    group_vars or host_vars) to selectively override the global setting.

    Note that the default ControlPath settings are applied only if ssh_args
    is not set, and this is true of ansible_ssh_args as well. So if you want
    to override ssh_args but continue to set ControlPath, you'll need to
    repeat the appropriate options when setting ansible_ssh_args.

    (If you only need to add options to the default ssh_args, you may be
    able to use the ansible_ssh_extra_args inventory variable instead.)

commit 37c1a5b679
Author: Abhijit Menon-Sen <ams@2ndQuadrant.com>
Date:   Mon Aug 10 19:42:30 2015 +0530

    Allow overriding ansible_ssh_extra_args on the command-line

    This patch makes it possible to do:

        ansible somehost -m setup \
            --ssh-extra-args '-o ProxyCommand="ssh -W %h:%p -q user@bouncer.example.com"'

    This overrides the inventory setting, if any, of ansible_ssh_extra_args.

    Based on a patch originally by @Richard2ndQuadrant.

commit b023ace8a8
Author: Abhijit Menon-Sen <ams@2ndQuadrant.com>
Date:   Mon Aug 10 19:06:19 2015 +0530

    Add an ansible_ssh_extra_args inventory variable

    This can be used to configure a per-host or per-group ProxyCommand to
    connect to hosts through a jumphost, e.g.:

        inventory:
            [gatewayed]
            foo ansible_ssh_host=192.0.2.1

        group_vars/gatewayed.yml:
            ansible_ssh_extra_args: '-o ProxyCommand="ssh -W %h:%p -q bounceuser@gateway.example.com"'

    Note that this variable is used in addition to any ssh_args configured
    in the [ssh_connection] section of ansible.cfg (so you don't need to
    repeat the ControlPath settings in ansible_ssh_extra_args).
2015-09-03 11:26:56 -04:00
Marius Gedminas
823677b490 Replace .iteritems() with six.iteritems()
Replace .iteritems() with six.iteritems() everywhere except in
module_utils (because there's no 'six' on the remote host).  And except
in lib/ansible/galaxy/data/metadata_template.j2, because I'm not sure
six is available there.
2015-09-03 09:23:27 +03:00
Brian Coca
514fa73fcd galaxy fixes 2015-08-28 12:32:50 -04:00
Brian Coca
48aa0dd1c7 now acknowledges ask_pass setting from ansible.cfg
fixes #12111
2015-08-27 18:22:36 -04:00
Marius Gedminas
0c6ce31f76 Use 'except ... as' syntax
This syntax works on Python 2.6 through 3.x.  lib/ansible/module_utils
(and lib/ansible/modules) need to support Python 2.4, so I didn't touch
those.
2015-08-27 22:15:04 +03:00
Brian Coca
2b28cdc0dd be more tolerant with non list descriptions 2015-08-27 14:57:50 -04:00
Abhijit Menon-Sen
090cfc9e03 More helpful prompts from ansible-vault encrypt/decrypt
Now we issue a "Reading … from stdin" prompt if our input isatty(), as
gpg does. We also suppress the "x successful" confirmation message at
the end if we're part of a pipeline.

(The latter requires that we not close sys.stdout in VaultEditor, and
for symmetry we do the same for sys.stdin, though it doesn't matter in
that case.)
2015-08-27 22:04:18 +05:30
Abhijit Menon-Sen
b6de6e69a6 Also support output to stdout with no arguments
This allows "cat plaintext|ansible-vault encrypt > ciphertext".
2015-08-27 22:04:18 +05:30
Abhijit Menon-Sen
e7eebb6954 Implement cat-like filtering behaviour for encrypt/decrypt
This allows the following invocations:

    # Interactive use, like gpg
    ansible-vault encrypt --output x

    # Non-interactive, for scripting
    echo plaintext|ansible-vault encrypt --output x

    # Separate input and output files
    ansible-vault encrypt input.yml --output output.yml

    # Existing usage (in-place encryption) unchanged
    ansible-vault encrypt inout.yml

…and the analogous cases for ansible-vault decrypt as well.

In all cases, the input and output files can be '-' to read from stdin
or write to stdout. This permits sensitive data to be encrypted and
decrypted without ever hitting disk.
2015-08-27 22:04:18 +05:30
Abhijit Menon-Sen
32b38d4e29 Fix add_option indentation for consistency before adding another option 2015-08-27 22:04:18 +05:30
Abhijit Menon-Sen
b84053019a Make the filename the first argument to rekey_file 2015-08-26 19:54:59 +05:30
Abhijit Menon-Sen
20fd9224bb Pass the filename to the individual VaultEditor methods, not __init__
Now we don't have to recreate VaultEditor objects for each file, and so
on. It also paves the way towards specifying separate input and output
files later.
2015-08-26 19:17:37 +05:30
Abhijit Menon-Sen
f91ad3dabe Don't pass the cipher around so much
It's unused and unnecessary; VaultLib can decide for itself what cipher
to use when encrypting. There's no need (and no provision) for the user
to override the cipher via options, so there's no need for code to see
if that has been done either.
2015-08-26 18:31:45 +05:30
Brian Coca
154754ae50 pushed module_loader to task_queue_manager so all cli's can benefit from it
also normalized -M option across all cli
fixes #12016
2015-08-25 18:14:03 -04:00
Richard Poole
3090a45891 add option to ansible-vault to read new password from file for rekey
The --new-vault-password-file option works the same as
--vault-password-file but applies only to rekeying (when
--vault-password-file sets the old password). Also update the manpage
to document these options more fully.
2015-08-25 21:14:49 +05:30
Brian Coca
16f3f8e244 now does not error out when notes are not included in module 2015-08-24 13:24:58 -04:00
Abhijit Menon-Sen
3aedc0bca9 Don't insist on ansible-vault taking only one filename parameter
Apart from ansible-vault create, every vault subcommand is happy to deal
with multiple filenames, so we can check that there's at least one, and
make create check separately that there aren't any extra.
2015-08-23 17:52:51 -04:00
Brian Coca
e8157eab19 now output works for both search and info 2015-08-22 02:42:21 -04:00
Brian Coca
a6c0661d21 made src more prominent 2015-08-22 02:33:17 -04:00
Brian Coca
6ffd9c3025 draft galaxy cli search
TODO: paging results
2015-08-22 02:28:27 -04:00
Brian Coca
26ed50ecdf fixed indent 2015-08-18 09:58:25 -04:00
Brian Coca
17b4b1f85c added ability to limit in ansilbe pull
refactored the options a bit, new inventory_opts made sense to always group
fixes #7917
2015-08-18 03:17:58 -04:00
Brian Coca
6058eaa92f removed unused poller 2015-08-16 20:12:06 -04:00
Brian Coca
9b61cf5840 implemented async tasks in adhoc v2 2015-08-16 20:05:10 -04:00
Brian Coca
92e2f54228 fixed issues with utf-8 encoding in docs, moved pager to use display class instad of bare prints 2015-08-14 22:00:48 -04:00
Brian Coca
39f81a8fa5 removed unused imports 2015-08-12 10:35:49 -04:00
Brian Coca
c27978fa93 minor fixes to pull 2015-08-12 10:35:49 -04:00
Brian Coca
9f29e39dea give more matching options for ansible-pull 2015-08-12 10:35:49 -04:00
Brian Coca
4d853a5d3c implemented for v2, missing --tree option for adhoc 2015-08-11 19:18:10 -04:00
Brian Coca
15a20e814b added tags back to ansible-pull 2015-08-06 17:37:05 -04:00
Abhijit Menon-Sen
8de70fa657 Disallow --forks 0
Without at least one worker process, things break:

Traceback (most recent call last):
  File "/home/ams/extern/ansible/ansible/lib/ansible/executor/process/result.py", line 103, in run
    result = self._read_worker_result()
  File "/home/ams/extern/ansible/ansible/lib/ansible/executor/process/result.py", line 69, in _read_worker_result
    (worker_prc, main_q, rslt_q) = self._workers[self._cur_worker]
IndexError: list index out of range
2015-08-02 14:10:45 +05:30
Abhijit Menon-Sen
1f2adb5e14 Show a better message when ansible.cfg is not found
Earlier we would say «Using  as config file» if we didn't find one.
2015-08-01 19:44:20 +05:30
Abhijit Menon-Sen
694d2103b1 Remove outdated FIXME code
This is already handled in PlayContext.set_options.
2015-07-30 23:12:06 +05:30
Brian Coca
17f659a143 added some debug to galaxy 2015-07-30 12:35:27 -04:00