Implement ansible-galaxy install for local and remote provisioner. Cl…

…oses #133.

.gitignore

@@ -3,6 +3,7 @@
 **/**/.terraform
 **/**/crash.log
 **/**/terraform.*
+**/**/ansible-data/roles/**/
 /terraform-provisioner-ansible*
 /bin/.build_output
 .coverage/

README.md

@@ -133,6 +133,22 @@ resource "aws_instance" "test_box" {
       # enabled = ...
       # ...
     }
+    plays {
+      galaxy_install {
+        force = false
+        server = "https://optional.api.server"
+        ignore_certs = false
+        ignore_errors = false
+        keep_scm_meta = false
+        no_deps = false
+        role_file = "/path/to/role/file"
+        roles_path = "/optional/path/to/the/directory/containing/your/roles"
+        verbose = false
+      }
+      # shared attributes other than:
+      # enabled = ...
+      # are NOT taken into consideration for galaxy_install
+    }
     defaults {
       hosts = ["eu-central-1"]
       groups = ["platform"]
@@ -223,9 +239,21 @@ Each `plays` must contain exactly one `playbook` or `module`. Define multiple `p
 - `plays.module.one_line`: `ansible --one-line`, boolean , default `false` (not applied)
 - `plays.module.poll`: `ansible --poll`, int, default `15` (applied only when `background > 0`)
 
+#### Galaxy Install attributes
+
+- `play.galaxy_install.force`: `ansible-galaxy install --force`, bool, force overwriting an existing role, default `false`
+- `play.galaxy_install.ignore_certs`: `ansible-galaxy --ignore-certs`, bool, ignore SSL certificate validation errors, default `false`
+- `play.galaxy_install.ignore_errors`: `ansible-galaxy install --ignore-errors`, bool, ignore errors and continue with the next specified role, default `false`
+- `play.galaxy_install.keep_scm_meta`: `ansible-galaxy install --keep-scm-meta`, bool, use tar instead of the scm archive option when packaging the role, default `false`
+- `play.galaxy_install.no_deps`: `ansible-galaxy install --no-deps`, bool, don't download roles listed as dependencies, default `false`
+- `play.galaxy_install.role_file`: `ansible-galaxy install --role-file`, string, required full path to the requirements file
+- `play.galaxy_install.roles_path`: `ansible-galaxy install --roles-path`, string, the path to the directory containing your roles, the default is the roles_path configured in your `ansible.cfgfile` (`/etc/ansible/roles` if not configured); **for the remote provisioner:** if the path starts with `filesystem path separator`, the bootstrap directory will not be prepended, if the path does not start with `filesystem path separator`, the path will appended to the bootstrap directory, if the value is empty, the default value of `galaxy-roles` is used
+- `play.galaxy_install.server`: `ansible-galaxy install --server`, string, optional API server
+- `play.galaxy_install.verbose`: `ansible-galaxy --verbose`, bool, verbose mode, default `false`
+
 #### Plays attributes
 
-- `plays.hosts`: list of hosts to include in auto-generated inventory file when `inventory_file` not given, string list, default `empty list`; When used with nulll_resource this can be an interpolated list of host IP address public or private; more details below
+- `plays.hosts`: list of hosts to include in auto-generated inventory file when `inventory_file` not given, string list, default `empty list`; When used with null_resource this can be an interpolated list of host IP address public or private; more details below
 - `plays.groups`: list of groups to include in auto-generated inventory file when `inventory_file` not given, string list, default `empty list`; more details below
 - `plays.enabled`: boolean, default `true`; set to `false` to skip execution
 - `plays.become`: `ansible[-playbook] --become`, boolean, default `false` (not applied)

examples/README.md

@@ -72,7 +72,25 @@ All examples execute a great task of installing `tree` on the bootstrapped host.
 
 After testing each of the examples, you will need to destroy the infrastructure. Examples share names but they don't share state.
 
-1. `sshagent-local-no-bastion`: run local provisioning for a host without a bastion
+1. `sshagent-galaxy-local`: run local provisioning for a host using `ansible-galaxy` provided role file:
+
+    ```
+    cd sshagent-galaxy-local
+    terraform apply -var "ami_id=${TERRAFORM_PROVISIONER_ANSIBLE_AMI_ID}"
+    # ...
+    terraform destroy -var "ami_id=${TERRAFORM_PROVISIONER_ANSIBLE_AMI_ID}"
+    ```
+
+2. `sshagent-galaxy-remote`: run remote provisioning for a host using `ansible-galaxy` provided role file:
+
+    ```
+    cd sshagent-galaxy-remote
+    terraform apply -var "ami_id=${TERRAFORM_PROVISIONER_ANSIBLE_AMI_ID}"
+    # ...
+    terraform destroy -var "ami_id=${TERRAFORM_PROVISIONER_ANSIBLE_AMI_ID}"
+    ```
+
+3. `sshagent-local-no-bastion`: run local provisioning for a host without a bastion
     
     ```
     cd sshagent-local-no-bastion
@@ -81,7 +99,7 @@ After testing each of the examples, you will need to destroy the infrastructure.
     terraform destroy -var "ami_id=${TERRAFORM_PROVISIONER_ANSIBLE_AMI_ID}"
     ```
 
-2. `sshagent-remote-no-bastion`: run remote provisioning for a host without a bastion
+4. `sshagent-remote-no-bastion`: run remote provisioning for a host without a bastion
 
     ```
     cd sshagent-remote-no-bastion
@@ -90,7 +108,7 @@ After testing each of the examples, you will need to destroy the infrastructure.
     terraform destroy -var "ami_id=${TERRAFORM_PROVISIONER_ANSIBLE_AMI_ID}"
     ```
 
-3. `sshagent-local-with-bastion`: VPC setup, bastion, provision local over bastion
+5. `sshagent-local-with-bastion`: VPC setup, bastion, provision local over bastion
     
     ```
     cd sshagent-local-with-bastion
@@ -116,7 +134,7 @@ After testing each of the examples, you will need to destroy the infrastructure.
         -var "infrastructure_name=${R_NAME}-local"
     ```
 
-4. `sshagent-remote-with-bastion`: VPC setup, bastion, provision remote over bastion
+6. `sshagent-remote-with-bastion`: VPC setup, bastion, provision remote over bastion
     
     ```
     cd sshagent-remote-with-bastion
@@ -142,7 +160,7 @@ After testing each of the examples, you will need to destroy the infrastructure.
         -var "infrastructure_name=${R_NAME}-remote"
     ```
 
-5. `sshagent-local-no-bastion-null-resource`: run local provisioning using a `null_resource` for a host without a bastion
+7. `sshagent-local-no-bastion-null-resource`: run local provisioning using a `null_resource` for a host without a bastion
     
     ```
     cd sshagent-local-no-bastion-null-resource

examples/sshagent-galaxy-local/ansible-data/playbooks/install-ntp.yml

@@ -0,0 +1,5 @@
+---
+- hosts: all
+  become: yes
+  roles:
+    - geerlingguy.ntp

examples/sshagent-galaxy-local/ansible-data/requirements.yml

@@ -0,0 +1,2 @@
+# from galaxy
+- src: geerlingguy.ntp

examples/sshagent-galaxy-local/main.tf

@@ -0,0 +1,74 @@
+provider "aws" {
+  region  = "eu-central-1"
+  profile = "terraform-provisioner-ansible"
+}
+
+variable "ami_id" {}
+variable "insecure_no_strict_host_key_checking" {
+  default = false
+}
+
+## -- security groups:
+
+resource "aws_security_group" "ssh_box" {
+  name        = "ssh_box"
+  description = "SSH"
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+    self        = true
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+## -- machine:
+
+resource "aws_instance" "test_box" {
+  ami           = "${var.ami_id}"
+  count         = "1"
+  instance_type = "m3.medium"
+
+  security_groups = ["${aws_security_group.ssh_box.name}"]
+
+  connection {
+    host = "${self.public_ip}"
+    user = "centos"
+  }
+
+  provisioner "ansible" {
+    plays {
+      galaxy_install {
+        role_file = "${path.module}/ansible-data/requirements.yml"
+        roles_path = "${path.module}/ansible-data/roles/"
+        verbose = true
+      }
+    }
+    plays {
+      playbook {
+        file_path = "${path.module}/ansible-data/playbooks/install-ntp.yml"
+        roles_path = [
+            "${path.module}/ansible-data/roles/"
+        ]
+      }
+      hosts = ["testBoxToBootstrap"]
+    }
+    ansible_ssh_settings {
+      insecure_no_strict_host_key_checking = "${var.insecure_no_strict_host_key_checking}"
+    }
+  }
+
+  root_block_device {
+    delete_on_termination = true
+    volume_size           = 8
+    volume_type           = "gp2"
+  }
+}

examples/sshagent-galaxy-remote/ansible-data/playbooks/install-ntp.yml

@@ -0,0 +1,5 @@
+---
+- hosts: all
+  become: yes
+  roles:
+    - geerlingguy.ntp

examples/sshagent-galaxy-remote/ansible-data/requirements.yml

@@ -0,0 +1,2 @@
+# from galaxy
+- src: geerlingguy.ntp

examples/sshagent-galaxy-remote/main.tf

@@ -0,0 +1,70 @@
+provider "aws" {
+  region  = "eu-central-1"
+  profile = "terraform-provisioner-ansible"
+}
+
+variable "ami_id" {}
+
+
+## -- security groups:
+
+resource "aws_security_group" "ssh_box" {
+  name        = "ssh_box"
+  description = "SSH"
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+    self        = true
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+## -- machine:
+
+resource "aws_instance" "test_box" {
+  ami           = "${var.ami_id}"
+  count         = "1"
+  instance_type = "m3.medium"
+
+  security_groups = ["${aws_security_group.ssh_box.name}"]
+
+  connection {
+    host = "${self.public_ip}"
+    user = "centos"
+  }
+
+  provisioner "ansible" {
+    plays {
+      galaxy_install {
+        role_file = "${path.module}/ansible-data/requirements.yml"
+        verbose = true
+      }
+    }
+    plays {
+      playbook {
+        file_path = "${path.module}/ansible-data/playbooks/install-ntp.yml"
+        roles_path = [
+            # our galaxy_install does not deine roles_path, default values are being used:
+            "galaxy_install:/tmp/tf-ansible-bootstrap/galaxy-roles"
+        ]
+      }
+      hosts = ["testBoxToBootstrap"]
+    }
+    remote {}
+  }
+
+  root_block_device {
+    delete_on_termination = true
+    volume_size           = 8
+    volume_type           = "gp2"
+  }
+}

go.sum

@@ -82,6 +82,7 @@ github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3Ee
 github.com/coreos/go-systemd v0.0.0-20181012123002-c6f51f82210d/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
 github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/dimchansky/utfbom v1.0.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8=

mode/mode_local.go

@@ -284,7 +284,7 @@ func (v *LocalMode) writeKnownHosts(knownHosts []string) (string, error) {
 		trimmedKnownHosts = append(trimmedKnownHosts, strings.TrimSpace(entry))
 	}
 	knownHostsFileContents := strings.Join(trimmedKnownHosts, "\n")
-	file, err := ioutil.TempFile(os.TempDir(), uuid.Must(uuid.NewV4(), nil).String())
+	file, err := ioutil.TempFile(os.TempDir(), uuid.NewV4().String())
 	defer file.Close()
 	if err != nil {
 		return "", err
@@ -298,7 +298,7 @@ func (v *LocalMode) writeKnownHosts(knownHosts []string) (string, error) {
 
 func (v *LocalMode) writePem(pk string) (string, error) {
 	if v.connInfo.PrivateKey != "" {
-		file, err := ioutil.TempFile(os.TempDir(), uuid.Must(uuid.NewV4(), nil).String())
+		file, err := ioutil.TempFile(os.TempDir(), uuid.NewV4().String())
 		defer file.Close()
 		if err != nil {
 			return "", err