2012-03-03 02:08:48 +00:00
|
|
|
# (c) 2012, Michael DeHaan <michael.dehaan@gmail.com>
|
|
|
|
|
#
|
|
|
|
|
# This file is part of Ansible
|
|
|
|
|
#
|
|
|
|
|
# Ansible is free software: you can redistribute it and/or modify
|
|
|
|
|
# it under the terms of the GNU General Public License as published by
|
|
|
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
|
|
|
# (at your option) any later version.
|
|
|
|
|
#
|
|
|
|
|
# Ansible is distributed in the hope that it will be useful,
|
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
# GNU General Public License for more details.
|
|
|
|
|
#
|
|
|
|
|
# You should have received a copy of the GNU General Public License
|
|
|
|
|
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
|
|
|
|
|
import sys
|
2013-04-10 21:52:35 +00:00
|
|
|
import re
|
2012-03-03 03:10:51 +00:00
|
|
|
import os
|
2012-03-15 01:16:15 +00:00
|
|
|
import shlex
|
2012-03-20 02:42:31 +00:00
|
|
|
import yaml
|
2013-01-23 20:39:34 +00:00
|
|
|
import copy
|
2012-04-06 14:59:15 +00:00
|
|
|
import optparse
|
2012-07-15 12:46:58 +00:00
|
|
|
import operator
|
|
|
|
|
from ansible import errors
|
2012-07-30 00:28:11 +00:00
|
|
|
from ansible import __version__
|
2012-11-01 23:41:50 +00:00
|
|
|
from ansible.utils.plugins import *
|
2013-04-16 22:50:00 +00:00
|
|
|
from ansible.utils import template
|
2012-07-15 12:46:58 +00:00
|
|
|
import ansible.constants as C
|
2012-08-09 01:05:58 +00:00
|
|
|
import time
|
2012-08-11 15:59:14 +00:00
|
|
|
import StringIO
|
2012-09-24 18:47:59 +00:00
|
|
|
import stat
|
2013-08-07 15:54:53 +00:00
|
|
|
import string
|
2012-09-22 06:07:49 +00:00
|
|
|
import termios
|
|
|
|
|
import tty
|
2013-01-10 05:50:56 +00:00
|
|
|
import pipes
|
|
|
|
|
import random
|
2013-02-08 03:51:33 +00:00
|
|
|
import difflib
|
2013-02-18 00:32:28 +00:00
|
|
|
import warnings
|
2013-04-10 21:52:35 +00:00
|
|
|
import traceback
|
2013-04-23 03:57:20 +00:00
|
|
|
import getpass
|
2012-07-09 07:52:00 +00:00
|
|
|
|
2013-08-07 15:54:53 +00:00
|
|
|
import hmac
|
2013-08-07 13:12:25 +00:00
|
|
|
from Crypto.Cipher import
|
|
|
|
|
from Crypto import Random
|
|
|
|
|
from Crypto.Random.random import StrongRandom
|
|
|
|
|
|
2012-08-09 01:09:14 +00:00
|
|
|
VERBOSITY=0
|
|
|
|
|
|
2013-02-25 22:32:52 +00:00
|
|
|
MAX_FILE_SIZE_FOR_DIFF=1*1024*1024
|
|
|
|
|
|
2012-03-03 02:08:48 +00:00
|
|
|
try:
|
|
|
|
|
import json
|
|
|
|
|
except ImportError:
|
|
|
|
|
import simplejson as json
|
|
|
|
|
|
2012-07-09 07:52:00 +00:00
|
|
|
try:
|
2012-07-09 17:27:47 +00:00
|
|
|
from hashlib import md5 as _md5
|
2013-08-07 15:54:53 +00:00
|
|
|
from hashlib import sha1 as _sha1
|
2012-08-07 00:07:02 +00:00
|
|
|
except ImportError:
|
2012-07-09 17:27:47 +00:00
|
|
|
from md5 import md5 as _md5
|
2013-08-07 15:54:53 +00:00
|
|
|
from sha1 import sha1 as _sha1
|
2012-07-09 07:52:00 +00:00
|
|
|
|
2012-08-09 14:56:40 +00:00
|
|
|
PASSLIB_AVAILABLE = False
|
|
|
|
|
try:
|
|
|
|
|
import passlib.hash
|
|
|
|
|
PASSLIB_AVAILABLE = True
|
|
|
|
|
except:
|
|
|
|
|
pass
|
|
|
|
|
|
2012-09-27 03:50:54 +00:00
|
|
|
###############################################################
|
2013-08-07 13:12:25 +00:00
|
|
|
# Abstractions around PyCrypto
|
|
|
|
|
###############################################################
|
|
|
|
|
|
|
|
|
|
class AES256Cipher(object):
|
|
|
|
|
"""
|
|
|
|
|
Class abstraction of an AES 256 cipher. This class
|
|
|
|
|
also keeps track of the time since the key was last
|
|
|
|
|
generated, so you know when to rekey. Rekeying would
|
|
|
|
|
be done as follows:
|
|
|
|
|
|
|
|
|
|
k = AES256Cipher.gen_key()
|
|
|
|
|
<exchange new key with client securely>
|
|
|
|
|
AES26Cipher.set_key(k)
|
|
|
|
|
|
|
|
|
|
From this point on the new key would be used until
|
|
|
|
|
the lifetime is exceeded.
|
|
|
|
|
"""
|
|
|
|
|
def __init__(self, lifetime=60*30, mode=AES.MODE_CFB):
|
|
|
|
|
self.lifetime = lifetime
|
|
|
|
|
self.mode = mode
|
|
|
|
|
self.set_key(self.gen_key())
|
|
|
|
|
|
|
|
|
|
def gen_key(self):
|
|
|
|
|
"""
|
|
|
|
|
Generates a 256-bit (32 byte) key to be used for the
|
|
|
|
|
AES block encryption.
|
|
|
|
|
"""
|
|
|
|
|
return b"".join(StrongRandom().sample(string.letters+string.digits+string.punctuation,32))
|
|
|
|
|
|
|
|
|
|
def set_key(self,key):
|
|
|
|
|
"""
|
|
|
|
|
Sets the internal key to the one provided and resets the
|
|
|
|
|
internal time to now. This key should ONLY be set to one
|
|
|
|
|
generated by gen_key()
|
|
|
|
|
"""
|
|
|
|
|
self.init_time = time.time()
|
|
|
|
|
self.key = key
|
|
|
|
|
|
|
|
|
|
def should_rekey(self):
|
|
|
|
|
"""
|
|
|
|
|
Returns true if the lifetime of the current key has
|
|
|
|
|
exceeded the set lifetime.
|
|
|
|
|
"""
|
2013-08-07 15:54:53 +00:00
|
|
|
if (time.time() - self.init_time) > self.lifetime:
|
2013-08-07 13:12:25 +00:00
|
|
|
return True
|
|
|
|
|
else:
|
|
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
def _pad(self, msg):
|
|
|
|
|
"""
|
|
|
|
|
Adds padding to the message so that it is a full
|
|
|
|
|
AES block size. Used during encryption of the message.
|
|
|
|
|
"""
|
|
|
|
|
pad = AES.block_size - len(msg) % AES.block_size
|
|
|
|
|
return msg + pad * chr(pad)
|
|
|
|
|
|
|
|
|
|
def _unpad(self, msg):
|
|
|
|
|
"""
|
|
|
|
|
Strips out the padding that _pad added. Used during
|
|
|
|
|
the decryption of the message.
|
|
|
|
|
"""
|
|
|
|
|
pad = ord(msg[-1])
|
|
|
|
|
return msg[:-pad]
|
|
|
|
|
|
|
|
|
|
def gen_sig(self, msg):
|
|
|
|
|
"""
|
|
|
|
|
Generates an HMAC-SHA1 signature for the message
|
|
|
|
|
"""
|
2013-08-07 15:54:53 +00:00
|
|
|
return hmac.new(self.key, msg, _sha1).digest()
|
2013-08-07 13:12:25 +00:00
|
|
|
|
|
|
|
|
def validate_sig(self, msg, sig):
|
|
|
|
|
"""
|
|
|
|
|
Verifies the generated signature of the message matches
|
|
|
|
|
the signature provided.
|
|
|
|
|
"""
|
|
|
|
|
new_sig = self.gen_sig(msg)
|
|
|
|
|
return (new_sig == sig)
|
|
|
|
|
|
|
|
|
|
def encrypt(self, msg):
|
|
|
|
|
"""
|
|
|
|
|
Encrypt the message using AES. The signature
|
|
|
|
|
is appended to the end of the message and is
|
|
|
|
|
used to verify the integrity of the IV and data.
|
|
|
|
|
|
|
|
|
|
Returns a base64-encoded version of the following:
|
|
|
|
|
|
|
|
|
|
rval[0:16] = initialization vector
|
|
|
|
|
rval[16:-20] = cipher text
|
|
|
|
|
rval[-20:] = signature
|
|
|
|
|
"""
|
|
|
|
|
msg = self._pad(msg)
|
|
|
|
|
iv = Random.new().read(AES.block_size)
|
|
|
|
|
cipher = AES.new(self.key, self.mode, iv)
|
|
|
|
|
data = iv + cipher.encrypt(msg)
|
|
|
|
|
sig = self.gen_sig(data)
|
|
|
|
|
return (data + sig).encode('base64')
|
|
|
|
|
|
|
|
|
|
def decrypt(self, msg):
|
|
|
|
|
"""
|
|
|
|
|
Decrypt the message using AES. The signature is
|
|
|
|
|
used to verify the IV and data before decoding to
|
|
|
|
|
ensure the integrity of the message. This is an
|
|
|
|
|
HMAC-SHA1 hash, so it is always 20 characters
|
|
|
|
|
|
|
|
|
|
The incoming message format (after base64 decoding)
|
|
|
|
|
is as follows:
|
|
|
|
|
|
|
|
|
|
msg[0:16] = initialization vector
|
|
|
|
|
msg[16:-20] = cipher text
|
|
|
|
|
msg[-20:] = signature (HMAC-SHA1)
|
|
|
|
|
|
|
|
|
|
Returns the plain-text of the cipher.
|
|
|
|
|
"""
|
|
|
|
|
msg = msg.decode('base64')
|
|
|
|
|
data = msg[0:-20] # iv + cipher text
|
|
|
|
|
msig = msg[-20:] # hmac-sha1 hash
|
|
|
|
|
if not self.validate_sig(data,msig):
|
|
|
|
|
raise Exception("Failed to validate the message signature")
|
|
|
|
|
iv = msg[:AES.block_size]
|
|
|
|
|
cipher = AES.new(self.key, self.mode, iv)
|
|
|
|
|
return self._unpad(cipher.decrypt(msg)[AES.block_size:])
|
2012-09-27 03:50:54 +00:00
|
|
|
|
2012-03-03 02:16:29 +00:00
|
|
|
###############################################################
|
|
|
|
|
# UTILITY FUNCTIONS FOR COMMAND LINE TOOLS
|
|
|
|
|
###############################################################
|
|
|
|
|
|
2012-03-03 02:08:48 +00:00
|
|
|
def err(msg):
|
2012-03-03 02:16:29 +00:00
|
|
|
''' print an error message to stderr '''
|
2012-07-15 16:29:53 +00:00
|
|
|
|
2012-03-03 02:08:48 +00:00
|
|
|
print >> sys.stderr, msg
|
|
|
|
|
|
|
|
|
|
def exit(msg, rc=1):
|
2012-03-03 02:16:29 +00:00
|
|
|
''' quit with an error to stdout and a failure code '''
|
2012-07-15 16:29:53 +00:00
|
|
|
|
2012-03-03 02:08:48 +00:00
|
|
|
err(msg)
|
|
|
|
|
sys.exit(rc)
|
|
|
|
|
|
2012-07-15 14:12:49 +00:00
|
|
|
def jsonify(result, format=False):
|
|
|
|
|
''' format JSON output (uncompressed or uncompressed) '''
|
2012-07-15 16:29:53 +00:00
|
|
|
|
2013-02-17 20:01:49 +00:00
|
|
|
if result is None:
|
2013-02-27 18:46:31 +00:00
|
|
|
return "{}"
|
2012-03-21 02:29:21 +00:00
|
|
|
result2 = result.copy()
|
2013-05-19 15:57:08 +00:00
|
|
|
for key, value in result2.items():
|
2013-05-19 16:25:19 +00:00
|
|
|
if type(value) is str:
|
|
|
|
|
result2[key] = value.decode('utf-8', 'ignore')
|
2012-07-15 14:12:49 +00:00
|
|
|
if format:
|
|
|
|
|
return json.dumps(result2, sort_keys=True, indent=4)
|
2012-03-03 02:08:48 +00:00
|
|
|
else:
|
2012-07-15 14:12:49 +00:00
|
|
|
return json.dumps(result2, sort_keys=True)
|
2012-03-03 02:08:48 +00:00
|
|
|
|
2012-03-03 03:10:51 +00:00
|
|
|
def write_tree_file(tree, hostname, buf):
|
2012-03-03 02:16:29 +00:00
|
|
|
''' write something into treedir/hostname '''
|
2012-07-15 16:29:53 +00:00
|
|
|
|
2012-03-03 02:16:29 +00:00
|
|
|
# TODO: might be nice to append playbook runs per host in a similar way
|
|
|
|
|
# in which case, we'd want append mode.
|
2012-03-03 03:10:51 +00:00
|
|
|
path = os.path.join(tree, hostname)
|
2012-03-03 02:08:48 +00:00
|
|
|
fd = open(path, "w+")
|
|
|
|
|
fd.write(buf)
|
|
|
|
|
fd.close()
|
|
|
|
|
|
|
|
|
|
def is_failed(result):
|
2012-03-03 02:16:29 +00:00
|
|
|
''' is a given JSON result a failed result? '''
|
2012-07-15 16:29:53 +00:00
|
|
|
|
2012-07-15 15:09:15 +00:00
|
|
|
return ((result.get('rc', 0) != 0) or (result.get('failed', False) in [ True, 'True', 'true']))
|
2012-03-03 02:08:48 +00:00
|
|
|
|
2013-01-01 01:27:16 +00:00
|
|
|
def is_changed(result):
|
|
|
|
|
''' is a given JSON result a changed result? '''
|
|
|
|
|
|
|
|
|
|
return (result.get('changed', False) in [ True, 'True', 'true'])
|
|
|
|
|
|
2013-08-20 21:09:44 +00:00
|
|
|
def check_conditional(conditional, basedir, inject, fail_on_undefined=False, jinja2=False):
|
|
|
|
|
|
|
|
|
|
if jinja2:
|
|
|
|
|
conditional = "jinja2_compare %s" % conditional
|
2013-07-21 12:52:00 +00:00
|
|
|
|
|
|
|
|
if conditional.startswith("jinja2_compare"):
|
|
|
|
|
conditional = conditional.replace("jinja2_compare ","")
|
|
|
|
|
# allow variable names
|
|
|
|
|
if conditional in inject:
|
|
|
|
|
conditional = inject[conditional]
|
2013-07-21 14:34:47 +00:00
|
|
|
conditional = template.template(basedir, conditional, inject, fail_on_undefined=fail_on_undefined)
|
2013-07-21 12:52:00 +00:00
|
|
|
# a Jinja2 evaluation that results in something Python can eval!
|
2013-07-23 20:24:53 +00:00
|
|
|
presented = "{%% if %s %%} True {%% else %%} False {%% endif %%}" % conditional
|
2013-07-21 14:37:02 +00:00
|
|
|
conditional = template.template(basedir, presented, inject)
|
|
|
|
|
val = conditional.lstrip().rstrip()
|
|
|
|
|
if val == "True":
|
|
|
|
|
return True
|
|
|
|
|
elif val == "False":
|
|
|
|
|
return False
|
|
|
|
|
else:
|
|
|
|
|
raise errors.AnsibleError("unable to evaluate conditional: %s" % conditional)
|
2012-10-31 00:42:07 +00:00
|
|
|
|
2013-02-04 19:11:25 +00:00
|
|
|
if not isinstance(conditional, basestring):
|
|
|
|
|
return conditional
|
|
|
|
|
|
2012-12-14 07:02:30 +00:00
|
|
|
try:
|
2013-04-05 23:10:32 +00:00
|
|
|
conditional = conditional.replace("\n", "\\n")
|
2013-04-10 20:17:24 +00:00
|
|
|
result = safe_eval(conditional)
|
2013-04-05 23:10:32 +00:00
|
|
|
if result not in [ True, False ]:
|
|
|
|
|
raise errors.AnsibleError("Conditional expression must evaluate to True or False: %s" % conditional)
|
|
|
|
|
return result
|
|
|
|
|
|
2013-02-07 10:56:29 +00:00
|
|
|
except (NameError, SyntaxError):
|
2013-04-10 21:52:35 +00:00
|
|
|
raise errors.AnsibleError("Could not evaluate the expression: (%s)" % conditional)
|
2012-09-24 19:06:34 +00:00
|
|
|
|
2012-09-24 18:47:59 +00:00
|
|
|
def is_executable(path):
|
|
|
|
|
'''is the given path executable?'''
|
2013-01-20 14:05:07 +00:00
|
|
|
return (stat.S_IXUSR & os.stat(path)[stat.ST_MODE]
|
|
|
|
|
or stat.S_IXGRP & os.stat(path)[stat.ST_MODE]
|
2012-09-24 18:47:59 +00:00
|
|
|
or stat.S_IXOTH & os.stat(path)[stat.ST_MODE])
|
|
|
|
|
|
2013-08-20 17:03:50 +00:00
|
|
|
def unfrackpath(path):
|
|
|
|
|
'''
|
|
|
|
|
returns a path that is free of symlinks, environment
|
|
|
|
|
variables, relative path traversals and symbols (~)
|
|
|
|
|
example:
|
|
|
|
|
'$HOME/../../var/mail' becomes '/var/spool/mail'
|
|
|
|
|
'''
|
|
|
|
|
return os.path.normpath(os.path.realpath(os.path.expandvars(os.path.expanduser(path))))
|
|
|
|
|
|
|
|
|
|
def prepare_writeable_dir(tree,mode=0777):
|
2012-03-03 02:16:29 +00:00
|
|
|
''' make sure a directory exists and is writeable '''
|
2012-07-15 16:29:53 +00:00
|
|
|
|
2013-08-20 17:03:50 +00:00
|
|
|
# modify the mode to ensure the owner at least
|
|
|
|
|
# has read/write access to this directory
|
|
|
|
|
mode |= 0700
|
|
|
|
|
|
|
|
|
|
# make sure the tree path is always expanded
|
|
|
|
|
# and normalized and free of symlinks
|
|
|
|
|
tree = unfrackpath(tree)
|
|
|
|
|
|
2012-03-03 02:08:48 +00:00
|
|
|
if not os.path.exists(tree):
|
|
|
|
|
try:
|
2013-08-20 17:03:50 +00:00
|
|
|
os.makedirs(tree, mode)
|
2012-03-03 02:08:48 +00:00
|
|
|
except (IOError, OSError), e:
|
2013-08-25 16:46:45 +00:00
|
|
|
raise errors.AnsibleError("Could not make dir %s: %s" % (tree, e))
|
2012-03-03 02:08:48 +00:00
|
|
|
if not os.access(tree, os.W_OK):
|
2013-08-25 16:46:45 +00:00
|
|
|
raise errors.AnsibleError("Cannot write to path %s" % tree)
|
2013-08-20 17:03:50 +00:00
|
|
|
return tree
|
2012-03-03 02:08:48 +00:00
|
|
|
|
2012-03-03 15:53:15 +00:00
|
|
|
def path_dwim(basedir, given):
|
2013-01-03 05:53:00 +00:00
|
|
|
'''
|
|
|
|
|
make relative paths work like folks expect.
|
|
|
|
|
'''
|
2012-07-15 16:29:53 +00:00
|
|
|
|
2012-03-03 15:53:15 +00:00
|
|
|
if given.startswith("/"):
|
2013-04-06 16:13:04 +00:00
|
|
|
return os.path.abspath(given)
|
2013-02-11 22:43:30 +00:00
|
|
|
elif given.startswith("~"):
|
2013-04-06 16:13:04 +00:00
|
|
|
return os.path.abspath(os.path.expanduser(given))
|
2012-03-03 15:53:15 +00:00
|
|
|
else:
|
2013-04-06 16:13:04 +00:00
|
|
|
return os.path.abspath(os.path.join(basedir, given))
|
|
|
|
|
|
|
|
|
|
def path_dwim_relative(original, dirname, source, playbook_base, check=True):
|
|
|
|
|
''' find one file in a directory one level up in a dir named dirname relative to current '''
|
|
|
|
|
# (used by roles code)
|
|
|
|
|
|
|
|
|
|
basedir = os.path.dirname(original)
|
|
|
|
|
template2 = os.path.join(basedir, '..', dirname, source)
|
|
|
|
|
source2 = path_dwim(basedir, template2)
|
|
|
|
|
if os.path.exists(source2):
|
|
|
|
|
return source2
|
|
|
|
|
obvious_local_path = path_dwim(playbook_base, source)
|
|
|
|
|
if os.path.exists(obvious_local_path):
|
|
|
|
|
return obvious_local_path
|
|
|
|
|
if check:
|
|
|
|
|
raise errors.AnsibleError("input file not found at %s or %s" % (source2, obvious_local_path))
|
|
|
|
|
return source2 # which does not exist
|
2012-03-03 02:08:48 +00:00
|
|
|
|
2012-03-18 21:53:58 +00:00
|
|
|
def json_loads(data):
|
2012-07-07 12:18:33 +00:00
|
|
|
''' parse a JSON string and return a data structure '''
|
2012-07-15 16:29:53 +00:00
|
|
|
|
2012-03-18 21:53:58 +00:00
|
|
|
return json.loads(data)
|
|
|
|
|
|
2012-08-11 13:55:14 +00:00
|
|
|
def parse_json(raw_data):
|
2012-03-18 21:53:58 +00:00
|
|
|
''' this version for module return data only '''
|
2013-01-20 14:05:07 +00:00
|
|
|
|
2012-10-20 16:12:07 +00:00
|
|
|
orig_data = raw_data
|
2012-07-15 16:29:53 +00:00
|
|
|
|
2012-08-11 15:59:14 +00:00
|
|
|
# ignore stuff like tcgetattr spewage or other warnings
|
2012-08-11 14:24:16 +00:00
|
|
|
data = filter_leading_non_json_lines(raw_data)
|
2012-08-11 13:55:14 +00:00
|
|
|
|
2012-03-15 01:16:15 +00:00
|
|
|
try:
|
|
|
|
|
return json.loads(data)
|
|
|
|
|
except:
|
|
|
|
|
# not JSON, but try "Baby JSON" which allows many of our modules to not
|
|
|
|
|
# require JSON and makes writing modules in bash much simpler
|
|
|
|
|
results = {}
|
2012-07-15 13:32:47 +00:00
|
|
|
try:
|
2012-06-14 18:17:38 +00:00
|
|
|
tokens = shlex.split(data)
|
2012-08-07 00:07:02 +00:00
|
|
|
except:
|
2012-06-14 18:17:38 +00:00
|
|
|
print "failed to parse json: "+ data
|
2012-08-07 00:07:02 +00:00
|
|
|
raise
|
|
|
|
|
|
2012-03-15 01:16:15 +00:00
|
|
|
for t in tokens:
|
|
|
|
|
if t.find("=") == -1:
|
2012-10-20 16:12:07 +00:00
|
|
|
raise errors.AnsibleError("failed to parse: %s" % orig_data)
|
2012-03-15 01:16:15 +00:00
|
|
|
(key,value) = t.split("=", 1)
|
|
|
|
|
if key == 'changed' or 'failed':
|
2012-03-16 02:32:14 +00:00
|
|
|
if value.lower() in [ 'true', '1' ]:
|
2012-03-15 01:16:15 +00:00
|
|
|
value = True
|
|
|
|
|
elif value.lower() in [ 'false', '0' ]:
|
|
|
|
|
value = False
|
|
|
|
|
if key == 'rc':
|
2012-08-07 00:07:02 +00:00
|
|
|
value = int(value)
|
2012-03-15 01:16:15 +00:00
|
|
|
results[key] = value
|
2012-03-16 01:53:14 +00:00
|
|
|
if len(results.keys()) == 0:
|
2012-10-20 16:12:07 +00:00
|
|
|
return { "failed" : True, "parsed" : False, "msg" : orig_data }
|
2012-03-15 01:16:15 +00:00
|
|
|
return results
|
|
|
|
|
|
2013-04-25 01:59:47 +00:00
|
|
|
def smush_braces(data):
|
|
|
|
|
''' smush Jinaj2 braces so unresolved templates like {{ foo }} don't get parsed weird by key=value code '''
|
|
|
|
|
while data.find('{{ ') != -1:
|
|
|
|
|
data = data.replace('{{ ', '{{')
|
|
|
|
|
while data.find(' }}') != -1:
|
|
|
|
|
data = data.replace(' }}', '}}')
|
|
|
|
|
return data
|
|
|
|
|
|
|
|
|
|
def smush_ds(data):
|
|
|
|
|
# things like key={{ foo }} are not handled by shlex.split well, so preprocess any YAML we load
|
|
|
|
|
# so we do not have to call smush elsewhere
|
|
|
|
|
if type(data) == list:
|
|
|
|
|
return [ smush_ds(x) for x in data ]
|
|
|
|
|
elif type(data) == dict:
|
|
|
|
|
for (k,v) in data.items():
|
|
|
|
|
data[k] = smush_ds(v)
|
|
|
|
|
return data
|
|
|
|
|
elif isinstance(data, basestring):
|
|
|
|
|
return smush_braces(data)
|
|
|
|
|
else:
|
|
|
|
|
return data
|
|
|
|
|
|
2012-03-20 02:42:31 +00:00
|
|
|
def parse_yaml(data):
|
2012-07-07 12:18:33 +00:00
|
|
|
''' convert a yaml string to a data structure '''
|
2013-04-25 01:59:47 +00:00
|
|
|
return smush_ds(yaml.safe_load(data))
|
2012-08-07 00:07:02 +00:00
|
|
|
|
2013-02-09 19:30:19 +00:00
|
|
|
def process_yaml_error(exc, data, path=None):
|
|
|
|
|
if hasattr(exc, 'problem_mark'):
|
|
|
|
|
mark = exc.problem_mark
|
|
|
|
|
if mark.line -1 >= 0:
|
|
|
|
|
before_probline = data.split("\n")[mark.line-1]
|
|
|
|
|
else:
|
|
|
|
|
before_probline = ''
|
|
|
|
|
probline = data.split("\n")[mark.line]
|
|
|
|
|
arrow = " " * mark.column + "^"
|
|
|
|
|
msg = """Syntax Error while loading YAML script, %s
|
|
|
|
|
Note: The error may actually appear before this position: line %s, column %s
|
|
|
|
|
|
|
|
|
|
%s
|
|
|
|
|
%s
|
|
|
|
|
%s""" % (path, mark.line + 1, mark.column + 1, before_probline, probline, arrow)
|
|
|
|
|
else:
|
|
|
|
|
# No problem markers means we have to throw a generic
|
|
|
|
|
# "stuff messed up" type message. Sry bud.
|
|
|
|
|
if path:
|
|
|
|
|
msg = "Could not parse YAML. Check over %s again." % path
|
|
|
|
|
else:
|
|
|
|
|
msg = "Could not parse YAML."
|
|
|
|
|
raise errors.AnsibleYAMLValidationFailed(msg)
|
|
|
|
|
|
|
|
|
|
|
2012-03-20 02:42:31 +00:00
|
|
|
def parse_yaml_from_file(path):
|
2012-07-07 12:18:33 +00:00
|
|
|
''' convert a yaml file to a data structure '''
|
2012-07-15 16:29:53 +00:00
|
|
|
|
2012-03-21 02:29:21 +00:00
|
|
|
try:
|
|
|
|
|
data = file(path).read()
|
2012-08-07 22:24:22 +00:00
|
|
|
return parse_yaml(data)
|
2012-03-21 02:29:21 +00:00
|
|
|
except IOError:
|
|
|
|
|
raise errors.AnsibleError("file not found: %s" % path)
|
2012-08-07 22:24:22 +00:00
|
|
|
except yaml.YAMLError, exc:
|
2013-02-09 19:30:19 +00:00
|
|
|
process_yaml_error(exc, data, path)
|
2012-03-19 23:23:14 +00:00
|
|
|
|
2012-03-31 02:52:38 +00:00
|
|
|
def parse_kv(args):
|
2012-03-22 03:39:09 +00:00
|
|
|
''' convert a string of key/value items to a dict '''
|
|
|
|
|
options = {}
|
2012-04-27 00:42:20 +00:00
|
|
|
if args is not None:
|
2012-08-03 00:21:59 +00:00
|
|
|
# attempting to split a unicode here does bad things
|
2013-04-03 05:03:30 +00:00
|
|
|
args = args.encode('utf-8')
|
|
|
|
|
vargs = [x.decode('utf-8') for x in shlex.split(args, posix=True)]
|
|
|
|
|
#vargs = shlex.split(str(args), posix=True)
|
2012-04-27 01:25:43 +00:00
|
|
|
for x in vargs:
|
|
|
|
|
if x.find("=") != -1:
|
2012-08-03 00:21:59 +00:00
|
|
|
k, v = x.split("=",1)
|
2012-04-27 01:25:43 +00:00
|
|
|
options[k]=v
|
2012-03-22 03:39:09 +00:00
|
|
|
return options
|
2012-03-31 01:56:10 +00:00
|
|
|
|
2013-01-23 20:39:34 +00:00
|
|
|
def merge_hash(a, b):
|
2013-06-03 22:19:11 +00:00
|
|
|
''' recursively merges hash b into a
|
2013-08-11 04:54:05 +00:00
|
|
|
keys from b take precedence over keys from a '''
|
2013-01-23 20:39:34 +00:00
|
|
|
|
2013-06-03 22:19:11 +00:00
|
|
|
result = copy.deepcopy(a)
|
|
|
|
|
|
|
|
|
|
# next, iterate over b keys and values
|
2013-01-23 20:39:34 +00:00
|
|
|
for k, v in b.iteritems():
|
2013-06-03 22:19:11 +00:00
|
|
|
# if there's already such key in a
|
|
|
|
|
# and that key contains dict
|
|
|
|
|
if k in result and isinstance(result[k], dict):
|
|
|
|
|
# merge those dicts recursively
|
|
|
|
|
result[k] = merge_hash(a[k], v)
|
2013-01-23 20:39:34 +00:00
|
|
|
else:
|
2013-06-03 22:19:11 +00:00
|
|
|
# otherwise, just copy a value from b to a
|
|
|
|
|
result[k] = v
|
|
|
|
|
|
|
|
|
|
return result
|
2013-01-23 20:39:34 +00:00
|
|
|
|
2012-11-18 16:51:01 +00:00
|
|
|
def md5s(data):
|
|
|
|
|
''' Return MD5 hex digest of data. '''
|
|
|
|
|
|
|
|
|
|
digest = _md5()
|
2013-02-05 13:49:59 +00:00
|
|
|
digest.update(data.encode('utf-8'))
|
2012-11-18 16:51:01 +00:00
|
|
|
return digest.hexdigest()
|
|
|
|
|
|
2012-07-09 07:52:00 +00:00
|
|
|
def md5(filename):
|
2012-07-09 17:27:47 +00:00
|
|
|
''' Return MD5 hex digest of local file, or None if file is not present. '''
|
2012-07-15 16:29:53 +00:00
|
|
|
|
2012-07-09 17:27:47 +00:00
|
|
|
if not os.path.exists(filename):
|
|
|
|
|
return None
|
|
|
|
|
digest = _md5()
|
|
|
|
|
blocksize = 64 * 1024
|
|
|
|
|
infile = open(filename, 'rb')
|
|
|
|
|
block = infile.read(blocksize)
|
|
|
|
|
while block:
|
|
|
|
|
digest.update(block)
|
|
|
|
|
block = infile.read(blocksize)
|
|
|
|
|
infile.close()
|
|
|
|
|
return digest.hexdigest()
|
|
|
|
|
|
2012-07-21 20:51:31 +00:00
|
|
|
def default(value, function):
|
|
|
|
|
''' syntactic sugar around lazy evaluation of defaults '''
|
|
|
|
|
if value is None:
|
|
|
|
|
return function()
|
|
|
|
|
return value
|
|
|
|
|
|
2012-08-08 09:18:51 +00:00
|
|
|
def _gitinfo():
|
2012-08-09 01:05:58 +00:00
|
|
|
''' returns a string containing git branch, commit id and commit date '''
|
2012-08-08 09:18:51 +00:00
|
|
|
result = None
|
2012-11-21 22:54:42 +00:00
|
|
|
repo_path = os.path.join(os.path.dirname(__file__), '..', '..', '..', '.git')
|
2012-09-22 06:07:49 +00:00
|
|
|
|
2012-08-08 09:18:51 +00:00
|
|
|
if os.path.exists(repo_path):
|
2012-09-05 09:40:14 +00:00
|
|
|
# Check if the .git is a file. If it is a file, it means that we are in a submodule structure.
|
2012-09-04 13:12:39 +00:00
|
|
|
if os.path.isfile(repo_path):
|
2012-09-04 14:05:00 +00:00
|
|
|
try:
|
2013-02-23 18:30:10 +00:00
|
|
|
gitdir = yaml.safe_load(open(repo_path)).get('gitdir')
|
2012-09-05 09:40:14 +00:00
|
|
|
# There is a posibility the .git file to have an absolute path.
|
2012-09-06 12:18:29 +00:00
|
|
|
if os.path.isabs(gitdir):
|
|
|
|
|
repo_path = gitdir
|
|
|
|
|
else:
|
|
|
|
|
repo_path = os.path.join(repo_path.split('.git')[0], gitdir)
|
2012-09-05 09:40:14 +00:00
|
|
|
except (IOError, AttributeError):
|
2012-09-05 01:07:29 +00:00
|
|
|
return ''
|
2012-08-17 15:35:17 +00:00
|
|
|
f = open(os.path.join(repo_path, "HEAD"))
|
|
|
|
|
branch = f.readline().split('/')[-1].rstrip("\n")
|
|
|
|
|
f.close()
|
2012-08-09 01:05:58 +00:00
|
|
|
branch_path = os.path.join(repo_path, "refs", "heads", branch)
|
2012-08-23 16:30:34 +00:00
|
|
|
if os.path.exists(branch_path):
|
|
|
|
|
f = open(branch_path)
|
|
|
|
|
commit = f.readline()[:10]
|
|
|
|
|
f.close()
|
|
|
|
|
date = time.localtime(os.stat(branch_path).st_mtime)
|
2012-09-22 06:07:49 +00:00
|
|
|
if time.daylight == 0:
|
2012-08-23 16:30:34 +00:00
|
|
|
offset = time.timezone
|
|
|
|
|
else:
|
|
|
|
|
offset = time.altzone
|
|
|
|
|
result = "({0} {1}) last updated {2} (GMT {3:+04d})".format(branch, commit,
|
|
|
|
|
time.strftime("%Y/%m/%d %H:%M:%S", date), offset / -36)
|
2012-08-22 18:54:25 +00:00
|
|
|
else:
|
2012-09-05 01:07:29 +00:00
|
|
|
result = ''
|
2012-08-08 09:18:51 +00:00
|
|
|
return result
|
|
|
|
|
|
|
|
|
|
def version(prog):
|
|
|
|
|
result = "{0} {1}".format(prog, __version__)
|
|
|
|
|
gitinfo = _gitinfo()
|
|
|
|
|
if gitinfo:
|
|
|
|
|
result = result + " {0}".format(gitinfo)
|
|
|
|
|
return result
|
|
|
|
|
|
2012-09-22 06:07:49 +00:00
|
|
|
def getch():
|
|
|
|
|
''' read in a single character '''
|
|
|
|
|
fd = sys.stdin.fileno()
|
|
|
|
|
old_settings = termios.tcgetattr(fd)
|
|
|
|
|
try:
|
|
|
|
|
tty.setraw(sys.stdin.fileno())
|
|
|
|
|
ch = sys.stdin.read(1)
|
|
|
|
|
finally:
|
|
|
|
|
termios.tcsetattr(fd, termios.TCSADRAIN, old_settings)
|
|
|
|
|
return ch
|
|
|
|
|
|
2012-07-07 12:45:06 +00:00
|
|
|
####################################################################
|
2012-08-07 00:07:02 +00:00
|
|
|
# option handling code for /usr/bin/ansible and ansible-playbook
|
2012-07-07 12:45:06 +00:00
|
|
|
# below this line
|
|
|
|
|
|
2012-04-10 17:51:58 +00:00
|
|
|
class SortedOptParser(optparse.OptionParser):
|
|
|
|
|
'''Optparser which sorts the options by opt before outputting --help'''
|
2012-07-15 16:29:53 +00:00
|
|
|
|
2012-04-10 17:51:58 +00:00
|
|
|
def format_help(self, formatter=None):
|
2012-07-15 12:46:58 +00:00
|
|
|
self.option_list.sort(key=operator.methodcaller('get_opt_string'))
|
2012-04-10 17:51:58 +00:00
|
|
|
return optparse.OptionParser.format_help(self, formatter=None)
|
|
|
|
|
|
2012-08-09 01:09:14 +00:00
|
|
|
def increment_debug(option, opt, value, parser):
|
|
|
|
|
global VERBOSITY
|
|
|
|
|
VERBOSITY += 1
|
|
|
|
|
|
2012-09-22 06:07:49 +00:00
|
|
|
def base_parser(constants=C, usage="", output_opts=False, runas_opts=False,
|
2013-02-08 03:51:33 +00:00
|
|
|
async_opts=False, connect_opts=False, subset_opts=False, check_opts=False, diff_opts=False):
|
2012-04-10 17:51:58 +00:00
|
|
|
''' create an options parser for any ansible script '''
|
|
|
|
|
|
2012-08-08 09:18:51 +00:00
|
|
|
parser = SortedOptParser(usage, version=version("%prog"))
|
2012-08-09 01:09:14 +00:00
|
|
|
parser.add_option('-v','--verbose', default=False, action="callback",
|
|
|
|
|
callback=increment_debug, help="verbose mode (-vvv for more)")
|
|
|
|
|
|
2012-04-10 17:51:58 +00:00
|
|
|
parser.add_option('-f','--forks', dest='forks', default=constants.DEFAULT_FORKS, type='int',
|
2012-04-13 01:30:49 +00:00
|
|
|
help="specify number of parallel processes to use (default=%s)" % constants.DEFAULT_FORKS)
|
2012-04-10 17:51:58 +00:00
|
|
|
parser.add_option('-i', '--inventory-file', dest='inventory',
|
2012-08-07 00:07:02 +00:00
|
|
|
help="specify inventory host file (default=%s)" % constants.DEFAULT_HOST_LIST,
|
2012-04-13 01:30:49 +00:00
|
|
|
default=constants.DEFAULT_HOST_LIST)
|
2012-04-13 23:06:11 +00:00
|
|
|
parser.add_option('-k', '--ask-pass', default=False, dest='ask_pass', action='store_true',
|
2012-04-10 17:51:58 +00:00
|
|
|
help='ask for SSH password')
|
2012-09-07 18:37:32 +00:00
|
|
|
parser.add_option('--private-key', default=C.DEFAULT_PRIVATE_KEY_FILE, dest='private_key_file',
|
2012-05-14 20:14:38 +00:00
|
|
|
help='use this file to authenticate the connection')
|
2012-04-13 23:06:11 +00:00
|
|
|
parser.add_option('-K', '--ask-sudo-pass', default=False, dest='ask_sudo_pass', action='store_true',
|
|
|
|
|
help='ask for sudo password')
|
2013-06-27 01:57:31 +00:00
|
|
|
parser.add_option('--list-hosts', dest='listhosts', action='store_true',
|
|
|
|
|
help='outputs a list of matching hosts; does not execute anything else')
|
2012-04-10 17:51:58 +00:00
|
|
|
parser.add_option('-M', '--module-path', dest='module_path',
|
2012-06-06 20:42:29 +00:00
|
|
|
help="specify path(s) to module library (default=%s)" % constants.DEFAULT_MODULE_PATH,
|
2013-01-22 14:42:49 +00:00
|
|
|
default=None)
|
2012-08-10 06:45:29 +00:00
|
|
|
|
|
|
|
|
if subset_opts:
|
|
|
|
|
parser.add_option('-l', '--limit', default=constants.DEFAULT_SUBSET, dest='subset',
|
|
|
|
|
help='further limit selected hosts to an additional pattern')
|
|
|
|
|
|
2012-04-10 17:51:58 +00:00
|
|
|
parser.add_option('-T', '--timeout', default=constants.DEFAULT_TIMEOUT, type='int',
|
2012-08-07 00:07:02 +00:00
|
|
|
dest='timeout',
|
2012-04-13 01:30:49 +00:00
|
|
|
help="override the SSH timeout in seconds (default=%s)" % constants.DEFAULT_TIMEOUT)
|
2012-04-13 23:33:19 +00:00
|
|
|
|
2012-04-05 21:06:23 +00:00
|
|
|
if output_opts:
|
2012-04-10 17:51:58 +00:00
|
|
|
parser.add_option('-o', '--one-line', dest='one_line', action='store_true',
|
|
|
|
|
help='condense output')
|
|
|
|
|
parser.add_option('-t', '--tree', dest='tree', default=None,
|
|
|
|
|
help='log output to this directory')
|
2012-04-05 21:06:23 +00:00
|
|
|
|
|
|
|
|
if runas_opts:
|
2013-07-05 17:10:36 +00:00
|
|
|
parser.add_option("-s", "--sudo", default=constants.DEFAULT_SUDO, action="store_true",
|
2012-04-10 17:51:58 +00:00
|
|
|
dest='sudo', help="run operations with sudo (nopasswd)")
|
2012-05-07 15:37:50 +00:00
|
|
|
parser.add_option('-U', '--sudo-user', dest='sudo_user', help='desired sudo user (default=root)',
|
|
|
|
|
default=None) # Can't default to root because we need to detect when this option was given
|
2012-04-10 17:51:58 +00:00
|
|
|
parser.add_option('-u', '--user', default=constants.DEFAULT_REMOTE_USER,
|
2012-08-07 00:07:02 +00:00
|
|
|
dest='remote_user',
|
2012-04-13 01:30:49 +00:00
|
|
|
help='connect as this user (default=%s)' % constants.DEFAULT_REMOTE_USER)
|
2012-08-07 00:07:02 +00:00
|
|
|
|
2012-04-10 23:13:18 +00:00
|
|
|
if connect_opts:
|
2012-04-12 18:18:35 +00:00
|
|
|
parser.add_option('-c', '--connection', dest='connection',
|
|
|
|
|
default=C.DEFAULT_TRANSPORT,
|
2012-04-13 01:20:37 +00:00
|
|
|
help="connection type to use (default=%s)" % C.DEFAULT_TRANSPORT)
|
2012-04-10 23:13:18 +00:00
|
|
|
|
2012-04-05 21:06:23 +00:00
|
|
|
if async_opts:
|
2012-04-10 17:51:58 +00:00
|
|
|
parser.add_option('-P', '--poll', default=constants.DEFAULT_POLL_INTERVAL, type='int',
|
2012-08-07 00:07:02 +00:00
|
|
|
dest='poll_interval',
|
2012-04-13 01:30:49 +00:00
|
|
|
help="set the poll interval if using -B (default=%s)" % constants.DEFAULT_POLL_INTERVAL)
|
2012-04-10 17:51:58 +00:00
|
|
|
parser.add_option('-B', '--background', dest='seconds', type='int', default=0,
|
2012-04-13 01:30:49 +00:00
|
|
|
help='run asynchronously, failing after X seconds (default=N/A)')
|
2012-04-06 14:59:15 +00:00
|
|
|
|
2013-02-04 00:46:25 +00:00
|
|
|
if check_opts:
|
|
|
|
|
parser.add_option("-C", "--check", default=False, dest='check', action='store_true',
|
2013-06-27 01:57:31 +00:00
|
|
|
help="don't make any changes; instead, try to predict some of the changes that may occur"
|
2013-02-04 00:46:25 +00:00
|
|
|
)
|
|
|
|
|
|
2013-02-08 03:51:33 +00:00
|
|
|
if diff_opts:
|
|
|
|
|
parser.add_option("-D", "--diff", default=False, dest='diff', action='store_true',
|
2013-06-27 01:57:31 +00:00
|
|
|
help="when changing (small) files and templates, show the differences in those files; works great with --check"
|
2013-02-08 03:51:33 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
2012-04-10 17:51:58 +00:00
|
|
|
return parser
|
2012-04-06 14:59:15 +00:00
|
|
|
|
2013-04-23 03:57:20 +00:00
|
|
|
def ask_passwords(ask_pass=False, ask_sudo_pass=False):
|
|
|
|
|
sshpass = None
|
|
|
|
|
sudopass = None
|
|
|
|
|
sudo_prompt = "sudo password: "
|
|
|
|
|
|
|
|
|
|
if ask_pass:
|
|
|
|
|
sshpass = getpass.getpass(prompt="SSH password: ")
|
|
|
|
|
sudo_prompt = "sudo password [defaults to SSH password]: "
|
|
|
|
|
|
|
|
|
|
if ask_sudo_pass:
|
|
|
|
|
sudopass = getpass.getpass(prompt=sudo_prompt)
|
|
|
|
|
if ask_pass and sudopass == '':
|
|
|
|
|
sudopass = sshpass
|
|
|
|
|
|
|
|
|
|
return (sshpass, sudopass)
|
|
|
|
|
|
2012-08-09 14:56:40 +00:00
|
|
|
def do_encrypt(result, encrypt, salt_size=None, salt=None):
|
|
|
|
|
if PASSLIB_AVAILABLE:
|
|
|
|
|
try:
|
|
|
|
|
crypt = getattr(passlib.hash, encrypt)
|
|
|
|
|
except:
|
|
|
|
|
raise errors.AnsibleError("passlib does not support '%s' algorithm" % encrypt)
|
2012-07-24 23:30:02 +00:00
|
|
|
|
2012-08-09 14:56:40 +00:00
|
|
|
if salt_size:
|
|
|
|
|
result = crypt.encrypt(result, salt_size=salt_size)
|
|
|
|
|
elif salt:
|
|
|
|
|
result = crypt.encrypt(result, salt=salt)
|
|
|
|
|
else:
|
|
|
|
|
result = crypt.encrypt(result)
|
|
|
|
|
else:
|
|
|
|
|
raise errors.AnsibleError("passlib must be installed to encrypt vars_prompt values")
|
|
|
|
|
|
|
|
|
|
return result
|
2012-07-24 23:30:02 +00:00
|
|
|
|
2012-08-11 15:59:14 +00:00
|
|
|
def last_non_blank_line(buf):
|
|
|
|
|
|
|
|
|
|
all_lines = buf.splitlines()
|
2012-08-11 14:14:19 +00:00
|
|
|
all_lines.reverse()
|
|
|
|
|
for line in all_lines:
|
|
|
|
|
if (len(line) > 0):
|
|
|
|
|
return line
|
2012-08-11 15:59:14 +00:00
|
|
|
# shouldn't occur unless there's no output
|
2012-09-22 06:07:49 +00:00
|
|
|
return ""
|
2012-08-11 15:59:14 +00:00
|
|
|
|
|
|
|
|
def filter_leading_non_json_lines(buf):
|
2012-09-22 06:07:49 +00:00
|
|
|
'''
|
2012-08-11 15:59:14 +00:00
|
|
|
used to avoid random output from SSH at the top of JSON output, like messages from
|
|
|
|
|
tcagetattr, or where dropbear spews MOTD on every single command (which is nuts).
|
2012-09-22 06:07:49 +00:00
|
|
|
|
2012-08-11 15:59:14 +00:00
|
|
|
need to filter anything which starts not with '{', '[', ', '=' or is an empty line.
|
2012-09-22 06:07:49 +00:00
|
|
|
filter only leading lines since multiline JSON is valid.
|
2012-08-11 15:59:14 +00:00
|
|
|
'''
|
|
|
|
|
|
|
|
|
|
filtered_lines = StringIO.StringIO()
|
|
|
|
|
stop_filtering = False
|
|
|
|
|
for line in buf.splitlines():
|
|
|
|
|
if stop_filtering or "=" in line or line.startswith('{') or line.startswith('['):
|
|
|
|
|
stop_filtering = True
|
|
|
|
|
filtered_lines.write(line + '\n')
|
|
|
|
|
return filtered_lines.getvalue()
|
2012-08-11 13:55:14 +00:00
|
|
|
|
2012-10-27 20:46:33 +00:00
|
|
|
def boolean(value):
|
|
|
|
|
val = str(value)
|
|
|
|
|
if val.lower() in [ "true", "t", "y", "1", "yes" ]:
|
|
|
|
|
return True
|
|
|
|
|
else:
|
|
|
|
|
return False
|
|
|
|
|
|
2013-01-03 23:15:13 +00:00
|
|
|
def compile_when_to_only_if(expression):
|
2013-01-20 14:05:07 +00:00
|
|
|
'''
|
2013-01-03 23:15:13 +00:00
|
|
|
when is a shorthand for writing only_if conditionals. It requires less quoting
|
|
|
|
|
magic. only_if is retained for backwards compatibility.
|
|
|
|
|
'''
|
|
|
|
|
|
|
|
|
|
# when: set $variable
|
|
|
|
|
# when: unset $variable
|
2013-01-01 01:27:16 +00:00
|
|
|
# when: failed $json_result
|
|
|
|
|
# when: changed $json_result
|
2013-01-03 23:15:13 +00:00
|
|
|
# when: int $x >= $z and $y < 3
|
|
|
|
|
# when: int $x in $alist
|
|
|
|
|
# when: float $x > 2 and $y <= $z
|
|
|
|
|
# when: str $x != $y
|
2013-06-03 22:19:11 +00:00
|
|
|
# when: jinja2_compare asdf # implies {{ asdf }}
|
2013-01-03 23:15:13 +00:00
|
|
|
|
|
|
|
|
if type(expression) not in [ str, unicode ]:
|
|
|
|
|
raise errors.AnsibleError("invalid usage of when_ operator: %s" % expression)
|
|
|
|
|
tokens = expression.split()
|
|
|
|
|
if len(tokens) < 2:
|
|
|
|
|
raise errors.AnsibleError("invalid usage of when_ operator: %s" % expression)
|
|
|
|
|
|
|
|
|
|
# when_set / when_unset
|
|
|
|
|
if tokens[0] in [ 'set', 'unset' ]:
|
2013-01-01 01:27:16 +00:00
|
|
|
tcopy = tokens[1:]
|
|
|
|
|
for (i,t) in enumerate(tokens[1:]):
|
|
|
|
|
if t.find("$") != -1:
|
|
|
|
|
tcopy[i] = "is_%s('''%s''')" % (tokens[0], t)
|
|
|
|
|
else:
|
|
|
|
|
tcopy[i] = t
|
|
|
|
|
return " ".join(tcopy)
|
|
|
|
|
|
|
|
|
|
# when_failed / when_changed
|
|
|
|
|
elif tokens[0] in [ 'failed', 'changed' ]:
|
|
|
|
|
tcopy = tokens[1:]
|
|
|
|
|
for (i,t) in enumerate(tokens[1:]):
|
|
|
|
|
if t.find("$") != -1:
|
|
|
|
|
tcopy[i] = "is_%s(%s)" % (tokens[0], t)
|
|
|
|
|
else:
|
|
|
|
|
tcopy[i] = t
|
|
|
|
|
return " ".join(tcopy)
|
|
|
|
|
|
2013-01-03 23:15:13 +00:00
|
|
|
# when_integer / when_float / when_string
|
|
|
|
|
elif tokens[0] in [ 'integer', 'float', 'string' ]:
|
|
|
|
|
cast = None
|
|
|
|
|
if tokens[0] == 'integer':
|
|
|
|
|
cast = 'int'
|
|
|
|
|
elif tokens[0] == 'string':
|
|
|
|
|
cast = 'str'
|
|
|
|
|
elif tokens[0] == 'float':
|
|
|
|
|
cast = 'float'
|
|
|
|
|
tcopy = tokens[1:]
|
|
|
|
|
for (i,t) in enumerate(tokens[1:]):
|
2013-04-11 21:19:53 +00:00
|
|
|
#if re.search(t, r"^\w"):
|
|
|
|
|
# bare word will turn into Jinja2 so all the above
|
|
|
|
|
# casting is really not needed
|
|
|
|
|
#tcopy[i] = "%s('''%s''')" % (cast, t)
|
|
|
|
|
t2 = t.strip()
|
2013-04-12 17:29:10 +00:00
|
|
|
if (t2[0].isalpha() or t2[0] == '$') and cast == 'str' and t2 != 'in':
|
2013-05-11 21:23:45 +00:00
|
|
|
tcopy[i] = "'%s'" % (t)
|
2013-01-03 23:15:13 +00:00
|
|
|
else:
|
2013-05-11 21:23:45 +00:00
|
|
|
tcopy[i] = t
|
2013-04-11 21:19:53 +00:00
|
|
|
result = " ".join(tcopy)
|
|
|
|
|
return result
|
|
|
|
|
|
2013-01-03 23:15:13 +00:00
|
|
|
|
|
|
|
|
# when_boolean
|
|
|
|
|
elif tokens[0] in [ 'bool', 'boolean' ]:
|
|
|
|
|
tcopy = tokens[1:]
|
|
|
|
|
for (i, t) in enumerate(tcopy):
|
|
|
|
|
if t.find("$") != -1:
|
|
|
|
|
tcopy[i] = "(is_set('''%s''') and '''%s'''.lower() not in ('false', 'no', 'n', 'none', '0', ''))" % (t, t)
|
|
|
|
|
return " ".join(tcopy)
|
|
|
|
|
|
2013-04-05 23:10:32 +00:00
|
|
|
# the stock 'when' without qualification (new in 1.2), assumes Jinja2 terms
|
|
|
|
|
elif tokens[0] == 'jinja2_compare':
|
2013-07-21 12:52:00 +00:00
|
|
|
return " ".join(tokens)
|
2013-01-03 23:15:13 +00:00
|
|
|
else:
|
|
|
|
|
raise errors.AnsibleError("invalid usage of when_ operator: %s" % expression)
|
2012-10-27 20:46:33 +00:00
|
|
|
|
2013-01-10 05:50:56 +00:00
|
|
|
def make_sudo_cmd(sudo_user, executable, cmd):
|
|
|
|
|
"""
|
|
|
|
|
helper function for connection plugins to create sudo commands
|
|
|
|
|
"""
|
|
|
|
|
# Rather than detect if sudo wants a password this time, -k makes
|
|
|
|
|
# sudo always ask for a password if one is required.
|
|
|
|
|
# Passing a quoted compound command to sudo (or sudo -s)
|
|
|
|
|
# directly doesn't work, so we shellquote it with pipes.quote()
|
|
|
|
|
# and pass the quoted string to the user's shell. We loop reading
|
|
|
|
|
# output until we see the randomly-generated sudo prompt set with
|
|
|
|
|
# the -p option.
|
|
|
|
|
randbits = ''.join(chr(random.randint(ord('a'), ord('z'))) for x in xrange(32))
|
|
|
|
|
prompt = '[sudo via ansible, key=%s] password: ' % randbits
|
2013-01-28 16:41:43 +00:00
|
|
|
sudocmd = '%s -k && %s %s -S -p "%s" -u %s %s -c %s' % (
|
|
|
|
|
C.DEFAULT_SUDO_EXE, C.DEFAULT_SUDO_EXE, C.DEFAULT_SUDO_FLAGS,
|
|
|
|
|
prompt, sudo_user, executable or '$SHELL', pipes.quote(cmd))
|
2013-01-10 05:50:56 +00:00
|
|
|
return ('/bin/sh -c ' + pipes.quote(sudocmd), prompt)
|
2013-02-08 03:51:33 +00:00
|
|
|
|
2013-07-31 11:58:32 +00:00
|
|
|
_TO_UNICODE_TYPES = (unicode, type(None))
|
|
|
|
|
|
|
|
|
|
def to_unicode(value):
|
|
|
|
|
if isinstance(value, _TO_UNICODE_TYPES):
|
|
|
|
|
return value
|
|
|
|
|
return value.decode("utf-8")
|
|
|
|
|
|
2013-02-25 22:32:52 +00:00
|
|
|
def get_diff(diff):
|
2013-02-08 03:51:33 +00:00
|
|
|
# called by --diff usage in playbook and runner via callbacks
|
|
|
|
|
# include names in diffs 'before' and 'after' and do diff -U 10
|
2013-02-18 00:32:28 +00:00
|
|
|
|
|
|
|
|
try:
|
|
|
|
|
with warnings.catch_warnings():
|
|
|
|
|
warnings.simplefilter('ignore')
|
2013-02-25 22:32:52 +00:00
|
|
|
ret = []
|
|
|
|
|
if 'dst_binary' in diff:
|
|
|
|
|
ret.append("diff skipped: destination file appears to be binary\n")
|
|
|
|
|
if 'src_binary' in diff:
|
|
|
|
|
ret.append("diff skipped: source file appears to be binary\n")
|
|
|
|
|
if 'dst_larger' in diff:
|
|
|
|
|
ret.append("diff skipped: destination file size is greater than %d\n" % diff['dst_larger'])
|
|
|
|
|
if 'src_larger' in diff:
|
|
|
|
|
ret.append("diff skipped: source file size is greater than %d\n" % diff['src_larger'])
|
|
|
|
|
if 'before' in diff and 'after' in diff:
|
2013-02-26 15:53:59 +00:00
|
|
|
if 'before_header' in diff:
|
|
|
|
|
before_header = "before: %s" % diff['before_header']
|
|
|
|
|
else:
|
|
|
|
|
before_header = 'before'
|
|
|
|
|
if 'after_header' in diff:
|
|
|
|
|
after_header = "after: %s" % diff['after_header']
|
|
|
|
|
else:
|
|
|
|
|
after_header = 'after'
|
2013-07-31 11:58:32 +00:00
|
|
|
differ = difflib.unified_diff(to_unicode(diff['before']).splitlines(True), to_unicode(diff['after']).splitlines(True), before_header, after_header, '', '', 10)
|
2013-02-25 22:32:52 +00:00
|
|
|
for line in list(differ):
|
|
|
|
|
ret.append(line)
|
2013-07-31 11:58:32 +00:00
|
|
|
return u"".join(ret)
|
2013-02-18 00:32:28 +00:00
|
|
|
except UnicodeDecodeError:
|
|
|
|
|
return ">> the files are different, but the diff library cannot compare unicode strings"
|
|
|
|
|
|
2013-03-01 23:32:32 +00:00
|
|
|
def is_list_of_strings(items):
|
2013-06-03 22:19:11 +00:00
|
|
|
for x in items:
|
2013-04-10 20:37:49 +00:00
|
|
|
if not isinstance(x, basestring):
|
|
|
|
|
return False
|
|
|
|
|
return True
|
2013-03-01 23:32:32 +00:00
|
|
|
|
2013-04-10 20:17:24 +00:00
|
|
|
def safe_eval(str):
|
2013-06-03 22:19:11 +00:00
|
|
|
'''
|
2013-04-10 20:37:49 +00:00
|
|
|
this is intended for allowing things like:
|
|
|
|
|
with_items: {{ a_list_variable }}
|
|
|
|
|
where Jinja2 would return a string
|
|
|
|
|
but we do not want to allow it to call functions (outside of Jinja2, where
|
|
|
|
|
the env is constrained)
|
|
|
|
|
'''
|
|
|
|
|
# FIXME: is there a more native way to do this?
|
2013-06-03 22:19:11 +00:00
|
|
|
|
2013-04-10 20:37:49 +00:00
|
|
|
def is_set(var):
|
|
|
|
|
return not var.startswith("$") and not '{{' in var
|
2013-04-10 23:12:10 +00:00
|
|
|
|
2013-04-10 20:37:49 +00:00
|
|
|
def is_unset(var):
|
|
|
|
|
return var.startswith("$") or '{{' in var
|
|
|
|
|
|
|
|
|
|
# do not allow method calls to modules
|
2013-04-23 02:17:55 +00:00
|
|
|
if not isinstance(str, basestring):
|
|
|
|
|
# already templated to a datastructure, perhaps?
|
|
|
|
|
return str
|
2013-04-10 20:37:49 +00:00
|
|
|
if re.search(r'\w\.\w+\(', str):
|
|
|
|
|
return str
|
|
|
|
|
# do not allow imports
|
|
|
|
|
if re.search(r'import \w+', str):
|
|
|
|
|
return str
|
2013-04-10 22:42:54 +00:00
|
|
|
try:
|
|
|
|
|
return eval(str)
|
|
|
|
|
except Exception, e:
|
|
|
|
|
return str
|
|
|
|
|
|
|
|
|
|
|
2013-04-16 22:50:00 +00:00
|
|
|
def listify_lookup_plugin_terms(terms, basedir, inject):
|
|
|
|
|
|
|
|
|
|
if isinstance(terms, basestring):
|
2013-08-11 04:54:05 +00:00
|
|
|
# someone did:
|
2013-04-16 22:50:00 +00:00
|
|
|
# with_items: alist
|
|
|
|
|
# OR
|
|
|
|
|
# with_items: {{ alist }}
|
|
|
|
|
|
2013-05-14 01:31:45 +00:00
|
|
|
stripped = terms.strip()
|
|
|
|
|
if not (stripped.startswith('{') or stripped.startswith('[')) and not stripped.startswith("/"):
|
|
|
|
|
# if not already a list, get ready to evaluate with Jinja2
|
|
|
|
|
# not sure why the "/" is in above code :)
|
2013-04-16 22:50:00 +00:00
|
|
|
try:
|
2013-04-16 23:07:19 +00:00
|
|
|
new_terms = template.template(basedir, "{{ %s }}" % terms, inject)
|
|
|
|
|
if isinstance(new_terms, basestring) and new_terms.find("{{") != -1:
|
|
|
|
|
pass
|
|
|
|
|
else:
|
2013-06-03 22:19:11 +00:00
|
|
|
terms = new_terms
|
2013-04-16 22:50:00 +00:00
|
|
|
except:
|
|
|
|
|
pass
|
|
|
|
|
|
2013-04-17 17:40:06 +00:00
|
|
|
if '{' in terms or '[' in terms:
|
2013-04-16 22:50:00 +00:00
|
|
|
# Jinja2 already evaluated a variable to a list.
|
|
|
|
|
# Jinja2-ified list needs to be converted back to a real type
|
|
|
|
|
# TODO: something a bit less heavy than eval
|
|
|
|
|
return safe_eval(terms)
|
|
|
|
|
|
|
|
|
|
if isinstance(terms, basestring):
|
|
|
|
|
terms = [ terms ]
|
|
|
|
|
|
|
|
|
|
return terms
|
2013-04-10 20:17:24 +00:00
|
|
|
|
2013-03-09 23:30:18 +00:00
|
|
|
def combine_vars(a, b):
|
|
|
|
|
if C.DEFAULT_HASH_BEHAVIOUR == "merge":
|
|
|
|
|
return merge_hash(a, b)
|
|
|
|
|
else:
|
|
|
|
|
return dict(a.items() + b.items())
|
2013-04-10 20:17:24 +00:00
|
|
|
|
|
|
|
|
|
