ahelal / kitchen-ansiblepush Goto Github PK

View Code? Open in Web Editor NEW

41.0 8.0 22.0 144 KB

test-kitchen plugin to use ansible in push mode

Ruby 83.99% Python 11.10% Shell 4.91%

testing ansible kitchen idempotency-test infrastructure-testing infrastructure-as-code

kitchen-ansiblepush's Introduction

kitchen-ansiblepush

A test-kitchen plugin that adds the support for ansible in push mode i.e. normal mode :)

Intro

This kitchen plugin adds ansible as a provisioner in push mode. Ansible will run from your host rather than run from guest instance(s). That also means your code will not be copied to guest.

It is designed to just simply work with minimum configuration. Just run as you would normaly do.

How to install

(1) Use Bundler

My preferred method is use Gemfile

source "https://rubygems.org"
group :development do
  gem 'test-kitchen'
  gem 'kitchen-vagrant' # for example
  gem 'kitchen-ansiblepush'
end

(2) Ruby gem

gem install kitchen-ansiblepush

(3) Install from code

git clone [email protected]:ahelal/kitchen-ansiblepush.git
cd kitchen-ansiblepush
gem build kitchen-ansiblepush.gemspec
gem install kitchen-ansiblepush-<version>.gem

kitchen.yml Options

provisioner         :
    ## required options
    name                : ansible_push
    playbook            : "../../plays/web.yml"     # Path to Play yaml
    ##
    ## Optional  argument
    ansible_config      : "/path/to/ansible/ansible.cfg" # path to ansible config file
    verbose             : "vvvv" # verbose level v, vv, vvv, vvvv
    diff                : true  # print file diff
    mygroup             : "web" # ansible group, or list of groups
    raw_arguments       : "--timeout=200"
    extra_vars          : "@vars.yml"
    tags                : [ "that", "this" ]
    skip_tags           : [ "notme", "orme" ]
    start_at_task       : [ "five" ]
    # Hash of other groups
    groups              :
         db             :
            - db01
    sudo                : true
    sudo_user           : root
    remote_user         : ubuntu
    private_key         : "/path..../id_rsa"
    ask_vault_pass      : true
    vault_password_file : "/..../file"
    host_key_checking   : false
    generate_inv        : true
    use_instance_name   : false  # use short (platform) instead of instance name by default
    idempotency_test    : false

    ## When running on EC2 with Windows and using get-password pass the password as ansible_password variable
    pass_transport_password: false
    ## (optional), if you want to set specific environment variables when running ansible
    environment_vars:
    	PROXMOX_URL: https://example.com:8006

Idempotency test

If you want to check your code is idempotent you can use the idempotency_test. Essentially, this will run Ansible twice and check nothing changed in the second run. If something changed it will list the tasks. Note: If your using Ansible callback in your config this might conflict.

    idempotency_test: true
    fail_non_idempotent: true

If your running ansible V2 you need to white list the callback callback_whitelist = changes in ansible.cfg You can also choose to not to fail if idempotency test fails.

Ansible version

Since ansiblepush uses the host to run Ansible. you can simply specify the path of your ansible-playbook executable in your .kitchen.yml

ansible_playbook_bin : /path/to/ansible-playbook

If you want any easy way to manage ansible version AVM For further example you can check a matrix test ansible-usermanage

Disable chef installation

By default chef is installed and serverspec stuff. if you don't want to install

chef_bootstrap_url: nil

Instance name

Ansible push generates inventory dynamically you have multiple options to name your instance

use_instance_name = false (default):
use_instance_name = true: <instance_name>-
custom_instance_name: <custom_instance_name>

Windows support

Kitchen ansiblepush has experimental support. to enable windows support you need to add the following to your .kitchen.yml

...
transport:
     name: winrm
     winrm_transport: negotiate
provisioner:
    name                  : ansible_push
    chef_bootstrap_url    : nil
    ansible_port          : 5586
    ansible_connection    : "winrm"
...

Windows AWS EC2 support

When running EC2 instance without password set via get_password password can be passed from transport to Ansible command line as varaible:

provisioner:
    name:                       ansible_push
    pass_transport_password:    true

Pattern of usage

You can use ansible push with different pattern. I will list some of the ways that I use it, But by no means they are the only patterns.

Roles

I define my Gemfile in the role. I then run bundle install and commit my Gemfile.lock I also ignore .kitchen

A typical structure of an ansible role

defaults
handlers
meta
tasks
templates
vars
Gemfile
Gemfile.lock
.gitingore
test
    \_ ansible.cfg
    \_ integration
            \_ server
                \_ server.yml   # my play that will test something
                \_ serverspec
            \_ worker
                \_ worker.yml # my play that will test something
                \_ serverspec

Real example usages

TODO

Enable environment var ANSIBLE_CALLBACK_WHITELIST="changes" before call
Tests (PRs for tests is highlight appreciated)

kitchen-ansiblepush's People

Contributors

Stargazers

Watchers

kitchen-ansiblepush's Issues

Example of using pass_transport_password?

Hi,
I'd like to use the pass_transport_password feature to prevent the ansible controller to expose the password in the yml file.
I think the documentation is not stating exactly how to use it.
Can you provide an example?
Thanks!

reference to uninitialized @machine_name ?

As I was going through the code, this struck me as odd.

In this snippet, we refer to @machine_name if config[:limit] is false

        # By default we limit by the current machine,
        if config[:limit]
          options << "--limit=#{as_list_argument(config[:limit])}"
        else
          options << "--limit=#{@machine_name}"
        end

@machine_name is initialized in prepare_inventory if config[:generate_inv]

so it seems like there may be an issue if config[:generate_inv] is false and config[:limit] is also false since the code would refer to @machine_name but it wouldn't have been initialized?

Provisioner fails if machine was rebooted during tests

When running kitchen test on a playbook that includes a reboot, the playbook completes successfully, but kitchen throws an error:

PLAY RECAP ******************************************************************** 
ubuntu-trusty64            : ok=5    changed=1    unreachable=0    failed=0   

       *************** AnsiblePush end run *******************
>>>>>> Converge failed on instance <default-ubuntu-trusty64>.
>>>>>> Please see .kitchen/logs/default-ubuntu-trusty64.log for more details
>>>>>> ------Exception-------
>>>>>> Class: Kitchen::ActionFailed
>>>>>> Message: SSH command failed (connection closed by remote host)
>>>>>> ----------------------
zlib(finalizer): the stream was freed prematurely.

Example playbook:


---
- name: Reboot server
  hosts: all
  tasks:
    - name: Reboot server
      command: shutdown -r now
      async: 0
      poll: 0
      sudo: yes

    - name: Wait for server to come back.
      local_action:
        module: wait_for
        host: "{{ ansible_ssh_host }}"
        port: "{{ ansible_ssh_port | default(22) }}"
        delay: 15
      sudo: false

    - name: Refresh host facts.
      action: setup

    - name: Print nonsense debugging task.
      debug:
        msg: Green is my favorite color.

Some of the roles I'm testing require a reboot (e.g. installing kernel updates) before running Serverspec. Can you suggest a workaround here?

TypeError: argument of type 'NoneType' is not iterable

I suspect this might be related to the 0.5.0 version that appears to have just gone online:

https://circleci.com/gh/wtanaka/ansible-role-exfat/7

  File "/home/ubuntu/ansible-role-exfat/role-tester-ansible-master/ansible1.4.4/lib/python2.7/site-packages/ansible/runner/__init__.py", line 394, in _executor
    exec_rc = self._executor_internal(host, new_stdin)
  File "/home/ubuntu/ansible-role-exfat/role-tester-ansible-master/ansible1.4.4/lib/python2.7/site-packages/ansible/runner/__init__.py", line 485, in _executor_internal
    return self._executor_internal_inner(host, self.module_name, self.module_args, inject, port, complex_args=complex_args)
  File "/home/ubuntu/ansible-role-exfat/role-tester-ansible-master/ansible1.4.4/lib/python2.7/site-packages/ansible/runner/__init__.py", line 663, in _executor_internal_inner
    conn = self.connector.connect(actual_host, actual_port, actual_user, actual_pass, actual_transport, actual_private_key_file)
  File "/home/ubuntu/ansible-role-exfat/role-tester-ansible-master/ansible1.4.4/lib/python2.7/site-packages/ansible/runner/connection.py", line 36, in connect
    conn = utils.plugins.connection_loader.get(transport, self.runner, host, port, user=user, password=password, private_key_file=private_key_file)
  File "/home/ubuntu/ansible-role-exfat/role-tester-ansible-master/ansible1.4.4/lib/python2.7/site-packages/ansible/utils/plugins.py", line 177, in get
    return getattr(self._module_cache[path], self.class_name)(*args, **kwargs)
  File "/home/ubuntu/ansible-role-exfat/role-tester-ansible-master/ansible1.4.4/lib/python2.7/site-packages/ansible/runner/connection_plugins/ssh.py", line 42, in __init__
    self.ipv6 = ':' in self.host
TypeError: argument of type 'NoneType' is not iterable

Use of .kitchen/ansiblepush/ansiblepush_*.yml for inventory seems problematic

Potential concurrency issue

Lets assume that i have

one platform ubuntu-1804
multiple suites

The yml file for all these suites' inventory would be something like .kitchen/ansiblepush/ansiblepush_ubuntu1804.yml (so same file)
What happens when we run kitchen with --parallel? seems race-y.
Can we fixed with option use_instance_name: true so that hostnames are unique.

--limit does not isolate

The kitchen-ansible-inventory binary looks like it concatenates all .kitchen/ansiblepush/ansiblepush_*.yml into a single inventory. This means that after multiple suites have run the inventory would contain not only the hosts for the current suite but previous suites as well. The ruby code attempts to workaround this by using --limit. However --limit does not truly isolate the playbook for the other hosts. One example is playbooks that iterate over all hostvars: They will see the hostvars of the other hosts.Therefore suites are not really isolated from each other.
See ansible/ansible#14141 (comment) for how --limit interacts with hostvars.

Sorry if some of the above is wrong. I'm trying to migrate from kitchen-ansible to kitchen-ansiblepush so I did a quick assessment

Use of --limit breaks playbooks that use localhost

Playbooks can contain tasks targeting localhost. This could be a valid usecase

However kitchen-ansiblepush passes --limit to ansible. Tasks targeting localhost are thus skipped because of this ansible/ansible#17105

Dependency on Omnibus_Chef still necessary?

Hi, I'm currently using kitchen-ansible but kitchen-ansiblepush seems more appropriate if it weren't for its dependency on Chef.

I find in kitchen-ansible that they don't have it when using test-kitchen >= 1.4 and made installation optional:

NOTE: With Test-Kitchen 1.4 you no longer need chef install to run the tests. You just need ruby installed version 1.9 or higher and also add to the .kitchen.yml file

provisioner:
name: ansible_playbook
hosts: test-kitchen
require_chef_for_busser: false
require_ruby_for_busser: true

verifier:
ruby_bindir: '/usr/bin'
where /usr/bin is the location of the ruby command.

I wonder if this is also true for kitchen-ansiblepush

Overriding inventory hostname?

Hi.

How do I override the inventory hostname set by the provisioner?

On https://github.com/ahelal/kitchen-ansiblepush/blob/master/lib/kitchen/provisioner/ansible_push.rb#L235 it looks like I should be able to do:

transport:
  connection_options:
    hostname: foo

But that doesn't work.

IdentityFile parameter missing when using kitchen-ansiblepush, kitchen-docker, and test-kitchen 1.11.1

Hey Adham,

I'm not sure if this issue is with this project or with https://github.com/test-kitchen/kitchen-docker or with test-kitchen itself. Thoughts?

With test-kitchen 1.11.1, ansiblepush is sending ssh commands like this:

<localhost> SSH: EXEC ssh -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o Port=32772 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=kitchen -o ConnectTimeout=10 -o ControlPath=/home/wtanaka/.ansible/cp/ansible-ssh-%h-%p-%r -tt localhost '/bin/sh -c '"'"'sudo -H -S -n -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-kxoqncfyjkcmdnfjeprmobdyvbrpmezy; if command -v apt; then
 test -e /usr/bin/python ||
 (command -v apt && apt -y update && apt install -y python-minimal)
 fi;'"'"'"'"'"'"'"'"''"'"''

There is no IdentityFile option identified, and so the ssh connection fails:

% ssh -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o Port=32772 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=kitchen -o ConnectTimeout=10 -o ControlPath=/home/wtanaka/.ansible/cp/ansible-ssh-%h-%p-%r -tt localhost whoami
OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g-fips  1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: auto-mux: Trying existing master
debug1: Control socket "/home/wtanaka/.ansible/cp/ansible-ssh-localhost-32772-kitchen" does not exist
debug2: resolving "localhost" port 32772
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to localhost [127.0.0.1] port 32772.
debug2: fd 3 setting O_NONBLOCK
debug1: fd 3 clearing O_NONBLOCK
debug1: Connection established.
debug3: timeout: 9996 ms remain after connect
debug1: identity file /home/wtanaka/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/wtanaka/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/wtanaka/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/wtanaka/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/wtanaka/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/wtanaka/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/wtanaka/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/wtanaka/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.10
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.10 pat OpenSSH_5* compat 0x0c000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to localhost:32772 as 'kitchen'
debug3: put_host_port: [localhost]:32772
debug3: hostkeys_foreach: reading file "/home/wtanaka/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/wtanaka/.ssh/known_hosts:68
debug3: load_hostkeys: loaded 1 keys from [localhost]:32772
debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: [email protected],zlib,none
debug2: compression stoc: [email protected],zlib,none
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: MACs ctos: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: MACs stoc: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: compression ctos: none,[email protected]
debug2: compression stoc: none,[email protected]
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: aes128-ctr MAC: [email protected] compression: [email protected]
debug1: kex: client->server cipher: aes128-ctr MAC: [email protected] compression: [email protected]
debug3: send packet: type 30
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:1ZRdbirXPta0eVR9GMYXgp3qHPIz1u12B+KOwZ2c7Go
debug3: put_host_port: [127.0.0.1]:32772
debug3: put_host_port: [localhost]:32772
debug3: hostkeys_foreach: reading file "/home/wtanaka/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/wtanaka/.ssh/known_hosts:68
debug3: load_hostkeys: loaded 1 keys from [localhost]:32772
debug1: Host '[localhost]:32772' is known and matches the ECDSA host key.
debug1: Found key in /home/wtanaka/.ssh/known_hosts:68
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug2: set_newkeys: mode 0
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS received
debug2: key: /home/wtanaka/.ssh/id_rsa (0x55c281869020), agent
debug2: key: /home/wtanaka/.ssh/id_dsa ((nil))
debug2: key: /home/wtanaka/.ssh/id_ecdsa ((nil))
debug2: key: /home/wtanaka/.ssh/id_ed25519 ((nil))
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-with-mic,gssapi-keyex,hostbased,publickey
debug3: authmethod_lookup publickey
debug3: remaining preferred: ,gssapi-keyex,hostbased,publickey
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/wtanaka/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/wtanaka/.ssh/id_dsa
debug3: no such identity: /home/wtanaka/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/wtanaka/.ssh/id_ecdsa
debug3: no such identity: /home/wtanaka/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/wtanaka/.ssh/id_ed25519
debug3: no such identity: /home/wtanaka/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey,password).

If I downgrade to test-kitchen 1.10.2, then the IdentityFile parameter reappears, and the ssh connections and the ansible playbook both work:

<localhost> SSH: found only ControlPersist; added ControlPath: (-o)(ControlPath=/home/wtanaka/.ansible/cp/ansible-ssh-%h-%p-%r)
<localhost> SSH: EXEC ssh -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o Port=32772 -o 'IdentityFile="/home/wtanaka/Dropbox/role-tester-ansible/fake-role-no-tests/role-tester/.kitchen/docker_id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=kitchen -o ConnectTimeout=10 -o ControlPath=/home/wtanaka/.ansible/cp/ansible-ssh-%h-%p-%r -tt localhost '/bin/sh -c '"'"'sudo -H -S -n -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-mvjhzcmknyewsipenangnjlbvznohbex; if command -v apt-get; then
 python -c "import apt" ||
 (command -v apt-get && apt-get install -y python-apt);
 fi'"'"'"'"'"'"'"'"''"'"''

[wrong number of arguments (3 for 2)]

@ahelal

With: Installing kitchen-ansiblepush 0.5.1

https://travis-ci.org/wtanaka/ansible-role-docker/jobs/187749086
https://travis-ci.org/wtanaka/role-tester-ansible/jobs/187840614

With: Installing kitchen-ansiblepush 0.5.2

~~https://travis-ci.org/wtanaka/ansible-role-docker/jobs/187833339~~ (I'm rebuilding this with 0.5.1 pinned)
https://travis-ci.org/wtanaka/role-tester-ansible/builds/187848434 (building, and will presumably fail)

Ansible command output is not logged

When running kitchen the output of the ansible command is displayed on stdout.
However its missing from the kitchen logs.

So in our case .kitchen/logs/jenkins-ubuntu-1804.log contains

, [2023-02-23T17:31:12.888231 #430]  INFO -- jenkins-ubuntu-1804: *************** AnsiblePush run ***************
D, [2023-02-23T17:31:12.888364 #430] DEBUG -- jenkins-ubuntu-1804: env= <snipped blablabla> d --inventory-file=`which kitchen-ansible-inventory` --limit=kitchen test/integration/jenkins/ansible/default.yml
D, [2023-02-23T17:32:28.375982 #430] DEBUG -- jenkins-ubuntu-1804: ansible-playbook exit code = 0
I, [2023-02-23T17:32:28.376133 #430]  INFO -- jenkins-ubuntu-1804: *************** AnsiblePush end run *******************

This makes the plugin not an option for us as we rely on the logs (the standard output is unusable with --parallel)

From a quick look the output of the system call needs to be passed to a logging function.
So hopefully an easy fix

How to add single instance to inventory?

In my hosts inventory, I have a standalone server like this:

example ansible_host=somehost.example.com

it's not in a group -- how would I define this in .kitchen.yml?

Using roles from ansible-galaxy

Hi,

I was wondering if it is possible to use ansible-galaxy with this provisioner? I'd like to automatically package dependencies defined in roles/requirements.yml.

Best regards,
stiller-leser

Issue with kitchen-ansible-inventory

which: no kitchen-ansible-inventory in (/home/ec2-user/.local/bin:/home/ec2-user/bin:/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin)
....
 [WARNING]: No inventory was parsed, only implicit localhost is available
 [WARNING]: Could not match supplied host pattern, ignoring: ****

Because of this issue ansible cannot parse no inventory.

Generated inventory using deprecated ansible_ssh_host

Generated inventory is using deprecated ansible_ssh_host instead of ansible_host

Playbooks that look for ansible_host will fail
workaround

extra_vars:
  ansible_host: "{{ ansible_ssh_host }}"

doesn't support windows

would be nice to have a windows support, we mainly have windows in house.

dependency versioning and license

WARNING:  licenses is empty, but is recommended.  Use a license abbreviation from:
http://opensource.org/licenses/alphabetical
WARNING:  open-ended dependency on test-kitchen (>= 0) is not recommended
  if test-kitchen is semantically versioned, use:
    add_runtime_dependency 'test-kitchen', '~> 0'
WARNING:  open-ended dependency on rspec (>= 0, development) is not recommended
  if rspec is semantically versioned, use:
    add_development_dependency 'rspec', '~> 0'
WARNING:  open-ended dependency on pry (>= 0, development) is not recommended
  if pry is semantically versioned, use:
    add_development_dependency 'pry', '~> 0'
WARNING:  See http://guides.rubygems.org/specification-reference/ for help
  Successfully built RubyGem
  Name: kitchen-ansiblepush
  Version: 0.2.0
  File: kitchen-ansiblepush-0.2.0.gem

how to add localhost as inventory file

kitchen-ansible-inventory does not include localhost. So I am unable to run any commands on the controller node. Is there any configuration to add localhost name in the inventory?

$ kitchen-ansible-inventory
{
  "all": [
    "default-bento-centos-74",
    "bento-centos-74"
  ],
  "_meta": {
    "hostvars": {
      "default-bento-centos-74": {
        "ansible_ssh_host": "127.0.0.1",
        "ansible_ssh_port": "2222",
        "ansible_ssh_private_key_file": "/Users/anmanoha/development/cloudtrust/ironhide/.kitchen/kitchen-vagrant/default-bento-centos-74/.vagrant/machines/default/virtualbox/private_key"
      },
      "bento-centos-74": {
        "ansible_ssh_host": "127.0.0.1",
        "ansible_ssh_port": "2222",
        "ansible_ssh_private_key_file": "/Users/anmanoha/development/cloudtrust/ironhide/.kitchen/kitchen-vagrant/default-bento-centos-74/.vagrant/machines/default/virtualbox/private_key"
      }
    }
  }
}

Playbook Path per suite

I have something like this:

provisioner:
  name: ansible_push
  playbook: tests/integration/default/default.yml # <----- I'd like to move this
  ansible_config: tests/ansible.cfg
  chef_bootstrap_url: nil

verifier:
  name: inspec

platforms:
  - name: centos-7.3

suites:
  - name: default
    verifier:
      inspec_tests:
        - tests/integration/default
  # playbook: tests/integration/default/default.yml <----- to here

I'd like to add multiple suites, and point each suite to its own playbook (just like you can set your run_list for chef under suites). Is this supported?

Dropping the first part of the instance name creates issue in the inventory

Hi!

What's the reason behind dropping the first part of the instance name when generating the machine name?

      def machine_name
        return @machine_name if defined? @machine_name
        @machine_name = instance.name.gsub(/[<>]/, '').split("-").drop(1).join("-")
        debug("machine_name=" + @machine_name.to_s)
        @machine_name
      end

I have an issue with the incomplete machine name when I try to use the inventory (it just ignores the test suite)
Plus: the way of dropping the first part fails if the suite itself has a dash in it.

> ./test.sh converge default-debian-7
-----> Starting Kitchen (v1.7.2)
-----> Creating <default-debian-7>...
       Digital Ocean instance <13216593> created.
       Waiting for SSH service on 45.55.201.154:22, retrying in 3 seconds
       Waiting for SSH service on 45.55.201.154:22, retrying in 3 seconds
       [SSH] Established
       (ssh ready)

       Finished creating <default-debian-7> (0m36.71s).
-----> Converging <default-debian-7>...
$$$$$$ Running legacy converge for 'Digitalocean' Driver
       Preparing files for transfer
       *************** AnsiblePush install_command ***************
       Ansible push config validated
       Transferring files to <default-debian-7>
       *************** AnsiblePush run ***************

PLAY ***************************************************************************

TASK [setup] *******************************************************************
ok: [debian-7]

TASK [apt_preferences : Remove APT preferences] ********************************

TASK [apt_preferences : Create APT preferences] ********************************

PLAY RECAP *********************************************************************
debian-7                   : ok=1    changed=0    unreachable=0    failed=0

       *************** idempotency test ***************
Using changes callback for V2

PLAY ***************************************************************************

TASK [setup] *******************************************************************
ok: [debian-7]

TASK [apt_preferences : Remove APT preferences] ********************************

TASK [apt_preferences : Create APT preferences] ********************************

PLAY RECAP *********************************************************************
debian-7                   : ok=1    changed=0    unreachable=0    failed=0

       idempotency test [passed]
       *************** AnsiblePush end run *******************
       Finished converging <default-debian-7> (0m9.29s).
-----> Kitchen is finished. (0m46.30s)

Check out the generated inventory below:

> kitchen-ansible-inventory
{
  "all": [
    "debian-7"
  ],
  "_meta": {
    "hostvars": {
      "debian-7": {
        "ansible_ssh_host": "45.55.201.154",
        "ansible_ssh_port": "22",
        "ansible_ssh_private_key_file": "/Users/asalvo/.ssh/id_rsa"
      }
    }
  }
}

Any reason for not using the complete instance name?
I think just removing .split("-").drop(1).join("-") would be enough.

What do you think?

Regards!
--Ariel

Incompatible with Ansible 2.x

Hi,

I noticed that kitchen-ansiblepush will always state that idempotency tests are passed even when changes take place.
This is because the API for callback plugins has changed and the current plugin no is longer loaded.

I managed to get it working in my fork ([email protected]:arielsalvo/kitchen-ansiblepush.git) branch Concurrency which also includes the changes in the pull request I opened earlier.
Also needs to add "callback_whitelist = changes" to the "[default]" section of ansible.cfg.

I didn't open another PR for this because the solution breaks compatibility with Ansible 1.x.

Please, let me know if you need any help with this one.

Regards!
--Ariel

Work behind http proxy

Hi,
Can this plugin work when communication between ansible and remote host is behind http proxy (windows hosts)?

Does the 'groups' option do anything?

Was looking at the readme and got curious about what the groups setting does different to the mygroup'setting. And as far as I can see from my limited Ruby knowledge I don't think it does anything?

Updated Release

Can the version number be updated?

tags & skip-tags does not work

line 132 & line 133 should be like below
the single quote should be replaced by the double quote.

132 options << "--tags=#{as_list_argument(conf[:tags])}" if conf[:tags]
133 options << "--skip-tags=#{as_list_argument(conf[:skip_tags])}" if conf[:skip_tags]

or the vars will not be referred by the command.
please fix it.

Add config param to allow install_command to be a no-op

Would it be possible to add a config setting that can be used to prevent busser and chef from being installed on the target? I'm using your kitchen plugin in combination with the kitchen-verifier-serverspec which runs the serverspec tests over ssh, so ruby isn't required at all on the server, let alone busser or chef.

Combing your AnsiblePush plugin with @neillturner's kitchen-verifier-serverspec (in a ssh setup) has slashed build/test times compared to kitchen-ansible, and makes the tests much more valid (nothing is installed on the test hosts that won't be there when used against production servers).

'--ssh-extra-args="-o IdentitiesOnly=yes"' should be included by default

Even when you specify a private key, ssh will still try to iterate through the keys in a user's .ssh directory unless the IdentitiesOnly flag is set to yes. As a result, ssh as called by ansible will make several failed connection attempts before it finally hits the key specified as --private-key or in the ENV variable.

While that's fine when sshd is set up to accept multiple attempts, once you have set MaxAuthTries to 1 (in sshd.conf), ansiblepush fails because ansible doesn't get a second bite at the cherry.

This setting is already used for net-ssh for the kitchen login command, so that still works (it's config param :keys_only => true), but of course that isn't used for the ansible run, leading to inconsistent behaviour where kitchen login works but kitchen converge (using ansiblepush) doesn't.

As a workaround I am using raw_arguments: '--ssh-extra-args="-o IdentitiesOnly=yes"' in my .kitchen.yml file.

The proper fix would probably be to include --ssh-extra-args="-o IdentitiesOnly=yes" when you're building the options string (somewhere around line 118 of ansible_push.rb)