From 96ef6482c57a5b8e7bba7758f7f8d3e5c6187e16 Mon Sep 17 00:00:00 2001 From: Seth Vidal Date: Mon, 14 May 2012 16:14:38 -0400 Subject: [PATCH 1/3] add --private-key option and related infrastructure to make paramiko work with a private key file - not just an agent or pw --- lib/ansible/connection.py | 2 +- lib/ansible/constants.py | 1 + lib/ansible/runner.py | 9 ++++++--- lib/ansible/utils.py | 2 ++ 4 files changed, 10 insertions(+), 4 deletions(-) diff --git a/lib/ansible/connection.py b/lib/ansible/connection.py index 21c056c092..48b6173089 100644 --- a/lib/ansible/connection.py +++ b/lib/ansible/connection.py @@ -87,8 +87,8 @@ class ParamikoConnection(object): username=user, allow_agent=True, look_for_keys=True, + key_filename=self.runner.private_key_file, password=self.runner.remote_pass, - # key_filename=None, # TODO: allow this to be passed in timeout=self.runner.timeout, port=self.port ) diff --git a/lib/ansible/constants.py b/lib/ansible/constants.py index a4c03420dc..7906b15cbe 100644 --- a/lib/ansible/constants.py +++ b/lib/ansible/constants.py @@ -34,6 +34,7 @@ DEFAULT_TIMEOUT = 10 DEFAULT_POLL_INTERVAL = 15 DEFAULT_REMOTE_USER = 'root' DEFAULT_REMOTE_PASS = None +DEFAULT_PRIVATE_KEY_FILE = None DEFAULT_SUDO_PASS = None DEFAULT_SUDO_USER = 'root' DEFAULT_REMOTE_PORT = 22 diff --git a/lib/ansible/runner.py b/lib/ansible/runner.py index 3ebe089f50..8dc5b784ea 100644 --- a/lib/ansible/runner.py +++ b/lib/ansible/runner.py @@ -76,9 +76,10 @@ class Runner(object): forks=C.DEFAULT_FORKS, timeout=C.DEFAULT_TIMEOUT, pattern=C.DEFAULT_PATTERN, remote_user=C.DEFAULT_REMOTE_USER, remote_pass=C.DEFAULT_REMOTE_PASS, remote_port=C.DEFAULT_REMOTE_PORT, - sudo_pass=C.DEFAULT_SUDO_PASS, background=0, basedir=None, - setup_cache=None, transport=C.DEFAULT_TRANSPORT, conditional='True', - callbacks=None, debug=False, sudo=False, sudo_user=C.DEFAULT_SUDO_USER, + private_key_file=C.DEFAULT_PRIVATE_KEY_FILE, sudo_pass=C.DEFAULT_SUDO_PASS, + background=0, basedir=None, setup_cache=None, + transport=C.DEFAULT_TRANSPORT, conditional='True', callbacks=None, + debug=False, sudo=False, sudo_user=C.DEFAULT_SUDO_USER, module_vars=None, is_playbook=False, inventory=None): """ @@ -92,6 +93,7 @@ class Runner(object): remote_user : connect as this remote username remote_pass : supply this password (if not using keys) remote_port : use this default remote port (if not set by the inventory system) + private_key_file : use this private key as your auth key sudo_user : If you want to sudo to a user other than root. sudo_pass : sudo password if using sudo and sudo requires a password background : run asynchronously with a cap of this many # of seconds (if not 0) @@ -142,6 +144,7 @@ class Runner(object): self.remote_user = remote_user self.remote_pass = remote_pass self.remote_port = remote_port + self.private_key_file = private_key_file self.background = background self.basedir = basedir self.sudo = sudo diff --git a/lib/ansible/utils.py b/lib/ansible/utils.py index c6a7346fce..f10052b0f5 100644 --- a/lib/ansible/utils.py +++ b/lib/ansible/utils.py @@ -318,6 +318,8 @@ def base_parser(constants=C, usage="", output_opts=False, runas_opts=False, asyn default=constants.DEFAULT_HOST_LIST) parser.add_option('-k', '--ask-pass', default=False, dest='ask_pass', action='store_true', help='ask for SSH password') + parser.add_option('--private-key', default=None, dest='private_key_file', + help='use this file to authenticate the connection') parser.add_option('-K', '--ask-sudo-pass', default=False, dest='ask_sudo_pass', action='store_true', help='ask for sudo password') parser.add_option('-M', '--module-path', dest='module_path', From b42628d85830d87d7af5cbc0f97b5a44ff8b0254 Mon Sep 17 00:00:00 2001 From: Seth Vidal Date: Mon, 14 May 2012 16:22:05 -0400 Subject: [PATCH 2/3] hook up --private-key to the runner --- bin/ansible | 1 + bin/ansible-playbook | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/bin/ansible b/bin/ansible index 0f5c668eb8..d4f5744242 100755 --- a/bin/ansible +++ b/bin/ansible @@ -91,6 +91,7 @@ class Cli(object): module_args=options.module_args, remote_user=options.remote_user, remote_pass=sshpass, inventory=inventory_manager, timeout=options.timeout, + private_key_file=options.private_key_file, forks=options.forks, pattern=pattern, callbacks=self.callbacks, sudo=options.sudo, diff --git a/bin/ansible-playbook b/bin/ansible-playbook index da22164c75..31f45d4235 100755 --- a/bin/ansible-playbook +++ b/bin/ansible-playbook @@ -77,7 +77,8 @@ def main(args): sudo=options.sudo, sudo_user=options.sudo_user, sudo_pass=sudopass, - extra_vars=extra_vars + extra_vars=extra_vars, + private_key_file=options.private_key_file ) try: From d80fd74b64735884206f2c76f61532e0b3007484 Mon Sep 17 00:00:00 2001 From: Seth Vidal Date: Mon, 14 May 2012 16:52:48 -0400 Subject: [PATCH 3/3] make sure private_key_file is hooked up in playbooks, too --- lib/ansible/playbook.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/ansible/playbook.py b/lib/ansible/playbook.py index a8fe033df1..e8d83d837a 100644 --- a/lib/ansible/playbook.py +++ b/lib/ansible/playbook.py @@ -56,6 +56,7 @@ class PlayBook(object): sudo_pass = C.DEFAULT_SUDO_PASS, remote_port = C.DEFAULT_REMOTE_PORT, transport = C.DEFAULT_TRANSPORT, + private_key_file = C.DEFAULT_PRIVATE_KEY_FILE, debug = False, callbacks = None, runner_callbacks = None, @@ -103,6 +104,7 @@ class PlayBook(object): self.sudo_user = sudo_user self.extra_vars = extra_vars self.global_vars = {} + self.private_key_file = private_key_file self.inventory = ansible.inventory.Inventory(host_list) @@ -283,6 +285,7 @@ class PlayBook(object): remote_pass=self.remote_pass, module_path=self.module_path, timeout=self.timeout, remote_user=remote_user, remote_port=port, module_vars=vars, + private_key_file=self.private_key_file, setup_cache=SETUP_CACHE, basedir=self.basedir, conditional=only_if, callbacks=self.runner_callbacks, debug=self.debug, sudo=sudo, sudo_user=sudo_user, @@ -474,6 +477,7 @@ class PlayBook(object): forks=self.forks, module_path=self.module_path, timeout=self.timeout, remote_user=user, remote_pass=self.remote_pass, remote_port=port, + private_key_file=self.private_key_file, setup_cache=SETUP_CACHE, callbacks=self.runner_callbacks, sudo=sudo, sudo_user=sudo_user, debug=self.debug, transport=transport,