ansible-pull

#!/usr/bin/env python

# (c) 2012, Stephen Fromm <sfromm@gmail.com>
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
#
# ansible-pull is a script that runs ansible in local mode
# after checking out a playbooks directory from source repo.  There is an
# example playbook to bootstrap this script in the examples/ dir which
# installs ansible and sets it up to run on cron.

# usage:
#   ansible-pull -d /var/lib/ansible \
#                -U http://example.net/content.git [-C production] \
#                [path/playbook.yml]
#
# the -d and -U arguments are required; the -C argument is optional.
#
# ansible-pull accepts an optional argument to specify a playbook
# location underneath the workdir and then searches the source repo
# for playbooks in the following order, stopping at the first match:
#
# 1. $workdir/path/playbook.yml, if specified
# 2. $workdir/$fqdn.yml
# 3. $workdir/$hostname.yml
# 4. $workdir/local.yml
#
# the source repo must contain at least one of these playbooks.

import os
import shutil
import subprocess
import sys
import datetime
import socket
import random
import time
from ansible import utils
from ansible.utils import cmd_functions
from ansible import errors

DEFAULT_REPO_TYPE = 'git'
DEFAULT_PLAYBOOK = 'local.yml'
PLAYBOOK_ERRORS = {1: 'File does not exist',
                    2: 'File is not readable'}

VERBOSITY=0

def increment_debug(option, opt, value, parser):
    global VERBOSITY
    VERBOSITY += 1

def try_playbook(path):
    if not os.path.exists(path):
        return 1
    if not os.access(path, os.R_OK):
        return 2
    return 0


def select_playbook(path, args):
    playbook = None
    if len(args) > 0 and args[0] is not None:
        playbook = "%s/%s" % (path, args[0])
        rc = try_playbook(playbook)
        if rc != 0:
            print >>sys.stderr, "%s: %s" % (playbook, PLAYBOOK_ERRORS[rc])
            return None
        return playbook
    else:
        fqdn = socket.getfqdn()
        hostpb = "%s/%s.yml" % (path, fqdn)
        shorthostpb = "%s/%s.yml" % (path, fqdn.split('.')[0])
        localpb = "%s/%s" % (path, DEFAULT_PLAYBOOK)
        errors = []
        for pb in [hostpb, shorthostpb, localpb]:
            rc = try_playbook(pb)
            if rc == 0:
                playbook = pb
                break
            else:
                errors.append("%s: %s" % (pb, PLAYBOOK_ERRORS[rc]))
        if playbook is None:
            print >>sys.stderr, "\n".join(errors)
        return playbook


def main(args):
    """ Set up and run a local playbook """
    usage = "%prog [options] [playbook.yml]"
    parser = utils.SortedOptParser(usage=usage)
    parser.add_option('--purge', default=False, action='store_true',
                      help='purge checkout after playbook run')
    parser.add_option('-o', '--only-if-changed', dest='ifchanged', default=False, action='store_true',
                      help='only run the playbook if the repository has been updated')
    parser.add_option('-s', '--sleep', dest='sleep', default=None,
                      help='sleep for random interval (between 0 and n number of seconds) before starting. this is a useful way to disperse git requests')
    parser.add_option('-f', '--force', dest='force', default=False,
                      action='store_true',
                      help='run the playbook even if the repository could '
                           'not be updated')
    parser.add_option('-d', '--directory', dest='dest', default=None,
                      help='directory to checkout repository to')
    #parser.add_option('-l', '--live', default=True, action='store_live',
    #                  help='Print the ansible-playbook output while running')
    parser.add_option('-U', '--url', dest='url', default=None,
                      help='URL of the playbook repository')
    parser.add_option('-C', '--checkout', dest='checkout',
                      help='branch/tag/commit to checkout.  '
                      'Defaults to behavior of repository module.')
    parser.add_option('-i', '--inventory-file', dest='inventory',
                      help="location of the inventory host file")
    parser.add_option('-e', '--extra-vars', dest="extra_vars", action="append",
                      help="set additional variables as key=value or YAML/JSON", default=[])
    parser.add_option('-v', '--verbose', default=False, action="callback",
                      callback=increment_debug,
                      help='Pass -vvvv to ansible-playbook')
    parser.add_option('-m', '--module-name', dest='module_name',
                      default=DEFAULT_REPO_TYPE,
                      help='Module name used to check out repository.  '
                      'Default is %s.' % DEFAULT_REPO_TYPE)
    parser.add_option('--vault-password-file', dest='vault_password_file',
                    help="vault password file")
    parser.add_option('-K', '--ask-sudo-pass', default=False, dest='ask_sudo_pass', action='store_true',
                      help='ask for sudo password')
    options, args = parser.parse_args(args)

    hostname = socket.getfqdn()
    if not options.dest:
        # use a hostname dependent directory, in case of $HOME on nfs
        options.dest = utils.prepare_writeable_dir('~/.ansible/pull/%s' % hostname)

    options.dest = os.path.abspath(options.dest)

    if not options.url:
        parser.error("URL for repository not specified, use -h for help")
        return 1

    now = datetime.datetime.now()
    print >>sys.stderr, now.strftime("Starting ansible-pull at %F %T")

    if not options.inventory:
        inv_opts = 'localhost,'
    else:
        inv_opts = options.inventory
    limit_opts = 'localhost:%s:127.0.0.1' % hostname
    repo_opts = "name=%s dest=%s" % (options.url, options.dest)

    if VERBOSITY == 0:
        base_opts = '-c local --limit "%s"' % limit_opts
    elif VERBOSITY > 0:
        debug_level = ''.join([ "v" for x in range(0, VERBOSITY) ])
        base_opts = '-%s -c local --limit "%s"' % (debug_level, limit_opts)

    if options.checkout:
        repo_opts += ' version=%s' % options.checkout
    path = utils.plugins.module_finder.find_plugin(options.module_name)
    if path is None:
        sys.stderr.write("module '%s' not found.\n" % options.module_name)
        return 1
    cmd = 'ansible all -i "%s" %s -m %s -a "%s"' % (
            inv_opts, base_opts, options.module_name, repo_opts
            )

    if options.sleep:
        try:
            secs = random.randint(0,int(options.sleep));
        except ValueError:
            parser.error("%s is not a number." % options.sleep)
            return 1

        print >>sys.stderr, "Sleeping for %d seconds..." % secs
        time.sleep(secs);


    # RUN THe CHECKOUT COMMAND
    rc, out, err = cmd_functions.run_cmd(cmd, live=True)

    if rc != 0:
        if options.force:
            print "Unable to update repository. Continuing with (forced) run of playbook."
        else:
            return rc
    elif options.ifchanged and '"changed": true' not in out:
        print "Repository has not changed, quitting."
        return 0

    playbook = select_playbook(options.dest, args)

    if playbook is None:
        print >>sys.stderr, "Could not find a playbook to run."
        return 1

    cmd = 'ansible-playbook %s %s' % (base_opts, playbook)
    if options.vault_password_file:
        cmd += " --vault-password-file=%s" % options.vault_password_file
    if options.inventory:
        cmd += ' -i "%s"' % options.inventory
    for ev in options.extra_vars:
        cmd += ' -e "%s"' % ev
    if options.ask_sudo_pass:
        cmd += ' -K'
    os.chdir(options.dest)

    # RUN THE PLAYBOOK COMMAND
    rc, out, err = cmd_functions.run_cmd(cmd, live=True)

    if options.purge:
        os.chdir('/')
        try:
            shutil.rmtree(options.dest)
        except Exception, e:
            print >>sys.stderr, "Failed to remove %s: %s" % (options.dest, str(e))

    return rc

if __name__ == '__main__':
    try:
        sys.exit(main(sys.argv[1:]))
    except KeyboardInterrupt, e:
        print >>sys.stderr, "Exit on user request.\n"
        sys.exit(1)