Skip to content
Snippets Groups Projects
Commit 58aae5bb authored by ale's avatar ale
Browse files

Add wrapper Python script to replace run-playbook 

The wrapper lets us be more user-friendly, with a nicer syntax and
better checks and error messages. It might eventually evolve to
include other functionality such as admin user management etc.
parent daea4404
Branches
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
Showing
with 123 additions and 0 deletions
float 0 → 100755
+ 123
0
View file @ 58aae5bb
#!/usr/bin/env python
from __future__ import print_function
import argparse
import os
import subprocess
import sys
# Find the root ai3/float source directory.
srcdir = os.path.dirname(__file__)
def support_ansible_vault_gpg_passphrase():
"""Support GPG-encrypted Ansible Vault passphrases.
We do this by rewriting the ANSIBLE_VAULT_PASSWORD_FILE
environment variable and pointing it at a wrapper script.
The function does not return anything but as a side effect it will
modify os.environ (so that the subprocess modulee will pick up the
changes).
"""
pwfile = os.getenv('ANSIBLE_VAULT_PASSWORD_FILE')
if not pwfile:
raise Exception(
'The environment variable ANSIBLE_VAULT_PASSWORD_FILE is not '
'defined. You should point it at the file containing your '
'Ansible Vault passphrase (possibly encrypted with GPG).')
if not os.path.exists(pwfile):
raise Exception(
'The ANSIBLE_VAULT_PASSWORD_FILE (%s) does not exist.' % (
pwfile,))
# Be friendly to the user and resolve tilde (~ and ~user) paths,
# which the shell would not do otherwise in environment variables.
# Then ensure it is an absolute path.
pwfile = os.path.abspath(os.path.expanduser(pwfile))
# If the file has a .gpg extension, wrap it with our decoding
# script: Ansible will execute the script due to its +x
# permissions, which in turn will use gpg to decrypt the
# passphrase (using another environment variable to find the
# original file).
if pwfile.endswith('.gpg'):
os.environ['FLOAT_VAULT_PASSWORD_FILE'] = pwfile
pwfile = os.path.join(scrdir, 'scripts', 'get-vault-password')
os.environ['ANSIBLE_VAULT_PASSWORD_FILE'] = pwfile
def command_run(config, playbooks):
for arg in playbooks:
if not os.path.exists(arg):
# See if we have a stock playbook with that name.
if not arg.endswith('.yml'):
arg += '.yml'
pbk = os.path.join(srcdir, 'playbooks', arg)
if os.path.exists(pbk):
arg = pbk
print('Running playbook %s...' % (arg,))
os.environ['LC_ALL'] = 'C'
support_ansible_vault_gpg_passphrase()
subprocess.check_call(
[os.getenv('ANSIBLE_PLAYBOOK', 'ansible-playbook'),
'-i', config, arg])
def command_init_credentials(config):
command_run(config, ['init-credentials.yml'])
def main():
parser = argparse.ArgumentParser(
description='Container-based cluster management CLI.')
parser.add_argument(
'--config', metavar='file', default='config.yml',
help='Path to the configuration file')
subparsers = parser.add_subparsers(dest='subparser')
help_parser = subparsers.add_parser(
'help', help='print help')
run_parser = subparsers.add_parser(
'run',
help='run Ansible playbooks',
description='Run Ansible playbooks.')
run_parser.add_argument(
'playbooks', metavar='playbook', nargs='*',
default=['site.yml'], help='Playbooks to run')
init_credentials_parser = subparsers.add_parser(
'init-credentials',
help='initialize credentials',
description='Initialize credentials.')
args = parser.parse_args()
kwargs = vars(parser.parse_args())
cmd = kwargs.pop('subparser')
if cmd == 'help' or not cmd:
parser.print_help()
return
if not os.path.exists(args.config):
raise Exception(
'The configuration file %s does not exist!' % (args.config,))
handler = 'command_' + cmd.replace('-', '_')
globals()[handler](**kwargs)
if __name__ == '__main__':
try:
main()
except Exception as e:
print("ERROR: %s" % (str(e),), file=sys.stderr)
sys.exit(1)
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment