pass ansible extra args properly to ansible

Drive-by: allow for environment override of the installer image to
demonstate a working install in CI, in the future the build process
can build inline for for CI purposes and add that image to the full
installer as well.

Drive-by: update assets to 1.1.7 by default

Signed-off-by: Chris Plock <chrisplo@cisco.com>

Makefile

@@ -5,7 +5,7 @@ export CONTIV_INSTALLER_VERSION ?= $(BUILD_VERSION)
 # downloaded and built assets intended to go in installer by build.sh
 export CONTIV_ARTIFACT_STAGING := $(PWD)/artifact_staging
 # some assets are retrieved from GitHub, this is the default version to fetch
-export DEFAULT_DOWNLOAD_CONTIV_VERSION := 1.1.5
+export DEFAULT_DOWNLOAD_CONTIV_VERSION := 1.1.7
 export CONTIV_ACI_GW_VERSION ?= latest
 export NETPLUGIN_OWNER ?= contiv
 # setting NETPLUGIN_BRANCH compiles that commit on demand,
@@ -19,6 +19,9 @@ export CONTIV_V2PLUGIN_VERSION ?= $(DEFAULT_DOWNLOAD_CONTIV_VERSION)
 export CONTIV_NETPLUGIN_TARBALL_NAME := netplugin-$(CONTIV_NETPLUGIN_VERSION).tar.bz2
 export CONTIV_ANSIBLE_COMMIT ?= 8e20f56d541af8bc7a3ecbde0d9c64fa943812ed
 export CONTIV_ANSIBLE_OWNER ?= contiv
+# TODO(chrisplo): restore the normal default after 1.1.8 has been pushed
+#export CONTIV_ANSIBLE_IMAGE ?= contiv/install:$(DEFAULT_DOWNLOAD_CONTIV_VERSION)
+export CONTIV_ANSIBLE_IMAGE ?= contiv/install:contiv/install:1.1.7-bash-netcat
 
 # this is the classic first makefile target, and it's also the default target
 # run when `make` is invoked with no specific target.

README.md

@@ -39,7 +39,7 @@ Note: The full image contains only Contiv components.
 * To install Contiv v2plugin:<br> `./install/ansible/install_swarm.sh -f cfg.yml -e <ssh key> -u <username> -p`
 
 * Example host config files are available at install/ansible/cfg.yml and install/ansible/aci_cfg.yml
-* To see additional install options and examples, run <br>`./install/ansible/install_swarm.sh -h`.
+* To see additional install options and examples, such as adding arguments to ansible for verbose output and proxy settings, run <br>`./install/ansible/install_swarm.sh -h`.
 
 ### Removing Contiv
 
@@ -53,6 +53,7 @@ If you need to remove Contiv from Docker Swarm and return to your original state
 * To uninstall Contiv v2plugin:<br>
 `./install/ansible/uninstall_swarm.sh -f cfg.yml -e <ssh key> -u <username> -p`
 * Note: Adding the `-r` flag, will cleanup any Contiv state.
+* To see additional install options and examples, such as adding arguments to ansible for verbose output and proxy settings, run <br>`./install/ansible/uninstall_swarm.sh -h`.
 
 ## Kubernetes Installation
 

install/ansible/Dockerfile

@@ -1,7 +1,7 @@
 FROM alpine:3.6
 
 RUN DEV_PACKAGES="python-dev gcc make musl-dev openssl-dev libffi-dev" \
- && apk add --no-cache python openssl libffi nmap-ncat py-pip $DEV_PACKAGES \
+ && apk add --no-cache bash python openssl libffi netcat-openbsd py-pip $DEV_PACKAGES \
  && pip install --upgrade pip \
  && pip install cffi \
  && pip install ansible==2.3.1.0 \

install/ansible/install.sh

@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 
 set -xeuo pipefail
 
@@ -43,7 +43,14 @@ while getopts ":n:a:im:d:v:ps:" opt; do
  netmaster=$OPTARG
  ;;
  a)
- ans_opts=$OPTARG
+ # make a bash array from the ansible argument
+ # it interprets single and double quotes from CLI as you might expect
+ # creating proper bash "words" for eventually passing to ansible
+ # by letting the array declaration do all the interpreting
+ # note: ans_opts=($OPTARG) and ans_opts("$OPTARG") do not work
+ # Example:
+ # "-v --ssh-common-args=\"-o ProxyCommand='nc -x 192.168.2.1 %h %p'\"
+ declare -a 'ans_opts=('"$OPTARG"')'
  ;;
  i)
  install_scheduler=true
@@ -103,7 +110,7 @@ env_file=install/ansible/env.json
 # Verify ansible can reach all hosts
 
 echo "Verifying ansible reachability"
-ansible all -vvv $ans_opts -i $host_inventory -m setup -a 'filter=ansible_distribution*' | tee $inventory_log
+ansible all "${ans_opts[@]}" -i $host_inventory -m setup -a 'filter=ansible_distribution*' | tee $inventory_log
 if egrep -q 'FAIL|UNREACHABLE' $inventory_log; then
  echo "WARNING Some of the hosts are not accessible via passwordless SSH"
  echo " "
@@ -118,7 +125,7 @@ netmaster_control_if=$(grep -A10 $netmaster $contiv_config | grep -m 1 control |
 # Get the ansible node
 node_name=$(grep $netmaster $host_inventory | awk '{print $1}' | xargs)
 # Get the service VIP for netmaster for the control interface
-service_vip=$(ansible $node_name -m setup $ans_opts -i $host_inventory | grep -A 100 ansible_$netmaster_control_if | grep -A 4 ipv4 | grep address | awk -F \" '{print $4}' | xargs)
+service_vip=$(ansible $node_name -m setup "${ans_opts[@]}" -i $host_inventory | grep -A 100 ansible_$netmaster_control_if | grep -A 4 ipv4 | grep address | awk -F \" '{print $4}' | xargs)
 
 if [ "$service_vip" == "" ]; then
  service_vip=$netmaster
@@ -179,7 +186,7 @@ log_file="/var/contiv/$log_file_name"
 echo "Ansible extra vars from env.json:"
 cat "$env_file"
 # run playbook
-ansible-playbook $ans_opts -i "$host_inventory" -e@"$env_file" $ansible_path/install_plays.yml | tee $log_file
+ansible-playbook "${ans_opts[@]}" -i "$host_inventory" -e@"$env_file" $ansible_path/install_plays.yml | tee $log_file
 rm -rf "$env_file.bak"
 
 unreachable=$(grep "PLAY RECAP" -A 9999 $log_file | awk -F "unreachable=" '{print $2}' | awk '{print $1}' | grep -v "0" | xargs)

install/ansible/install_swarm.sh

@@ -42,6 +42,7 @@ Additional Options:
 -d string Forwarding mode (“routing” or “bridge”). Default mode is “bridge”
 -c string
 -k string
+-a string Additonal ansible arguments such as "-v --ssh-common-args=\"-o ProxyCommand='nc -x 192.168.2.1 %h %p'\""
 
 Advanced Options:
 -v string ACI Image (default is contiv/aci-gw:latest). Use this to specify a specific version of the ACI Image.
@@ -79,7 +80,7 @@ while getopts ":f:n:a:e:ipm:d:v:u:c:k:s:" opt; do
  netmaster=$OPTARG
  ;;
  a)
- ans_opts=$OPTARG
+ ans_opts="$OPTARG"
  ;;
  e)
  ans_key=$OPTARG
@@ -145,9 +146,9 @@ if [[ -f $ans_key ]]; then
 fi
 
 if [ "$ans_opts" == "" ]; then
- ans_opts=" --private-key $def_ans_key -u $ans_user"
+ ans_opts="--private-key $def_ans_key -u $ans_user"
 else
- ans_opts=$(printf '%q', $ans_opts)" --private-key $def_ans_key -u $ans_user"
+ ans_opts+=" --private-key $def_ans_key -u $ans_user"
 fi
 
 # Generate SSL certs for auth proxy
@@ -161,7 +162,7 @@ if [[ ! -f "$host_tls_cert" || ! -f "$host_tls_key" ]]; then
 fi
 
 echo "Starting the installer container"
-image_name="contiv/install:__CONTIV_INSTALL_VERSION__"
+image_name="__CONTIV_INSTALL_VERSION__"
 mounts[0]="-v"
 mounts[1]="$(pwd)/install:/install:Z"
 mounts[2]="-v"
@@ -170,4 +171,4 @@ mounts[4]="-v"
 mounts[5]="$src_conf_path:$container_conf_path:Z"
 mounts[6]="-v"
 mounts[7]="$(pwd)/contiv_cache:/var/contiv_cache:Z"
-docker run --rm --net=host "${mounts[@]}" $image_name sh -c "./install/ansible/install.sh $netmaster_param -a \"$ans_opts\" $install_scheduler -m $contiv_network_mode -d $fwd_mode $aci_param $cluster_param $v2plugin_param"
+docker run --rm --net=host "${mounts[@]}" $image_name ./install/ansible/install.sh $netmaster_param -a "$ans_opts" $install_scheduler -m $contiv_network_mode -d $fwd_mode $aci_param $cluster_param $v2plugin_param

install/ansible/uninstall_swarm.sh

@@ -44,6 +44,7 @@ Advanced Options:
 -g Remove docker images
 -s string URL of the cluster store to be used (for example etcd://etcd master or netmaster IP:2379)
 Additional parameters can also be updated in install/ansible/env.json file.
+-a string Additonal ansible arguments such as "-v --ssh-common-args=\"-o ProxyCommand='nc -x 192.168.2.1 %h %p'\""
 
 Examples:
 1. Uninstall Contiv and Docker Swarm on hosts specified by cfg.yml. 
@@ -71,7 +72,7 @@ while getopts ":f:n:a:e:ipm:d:v:u:rgs:" opt; do
  netmaster=$OPTARG
  ;;
  a)
- ans_opts=$OPTARG
+ ans_opts="$OPTARG"
  ;;
  e)
  ans_key=$OPTARG
@@ -141,15 +142,16 @@ if [[ -f $ans_key ]]; then
 fi
 
 if [ "$ans_opts" == "" ]; then
- ans_opts=" --private-key $def_ans_key -u $ans_user"
+ ans_opts="--private-key $def_ans_key -u $ans_user"
 else
- ans_opts=$(printf '%q', $ans_opts)" --private-key $def_ans_key -u $ans_user"
+ # escape each word in the array and put spaces between the words
+ ans_opts+=" --private-key $def_ans_key -u $ans_user"
 fi
 echo "Starting the uninstaller container"
-image_name="contiv/install:__CONTIV_INSTALL_VERSION__"
+image_name="__CONTIV_INSTALL_VERSION__"
 install_mount="-v $(pwd)/install:/install:Z"
 ansible_mount="-v $(pwd)/ansible:/ansible:Z"
 config_mount="-v $src_conf_path:$container_conf_path:Z"
 cache_mount="-v $(pwd)/contiv_cache:/var/contiv_cache:Z"
 mounts="$install_mount $ansible_mount $cache_mount $config_mount"
-docker run --rm --net=host $mounts $image_name sh -c "./install/ansible/uninstall.sh $netmaster_param -a \"$ans_opts\" $uninstall_scheduler $uninstall_v2plugin -m $contiv_network_mode -d $fwd_mode $aci_param $reset_params $cluster_param"
+docker run --rm --net=host $mounts $image_name ./install/ansible/uninstall.sh $netmaster_param -a "$ans_opts" $uninstall_scheduler $uninstall_v2plugin -m $contiv_network_mode -d $fwd_mode $aci_param $reset_params $cluster_param

scripts/build.sh

@@ -18,7 +18,7 @@ fi
 
 pull_images=${CONTIV_CI_HOST:-"false"}
 aci_gw_version=${CONTIV_ACI_GW_VERSION:-"latest"}
-ansible_image_version=${CONTIV_ANSIBLE_IMAGE_VERSION:-$DEFAULT_DOWNLOAD_CONTIV_VERSION}
+ansible_image_version=${CONTIV_ANSIBLE_IMAGE:-contiv/install:$DEFAULT_DOWNLOAD_CONTIV_VERSION}
 auth_proxy_version=${CONTIV_API_PROXY_VERSION:-$DEFAULT_DOWNLOAD_CONTIV_VERSION}
 docker_version=${CONTIV_DOCKER_VERSION:-1.12.6}
 etcd_version=${CONTIV_ETCD_VERSION:-v2.3.8}
@@ -52,7 +52,7 @@ cp -a "${CONTIV_ARTIFACT_STAGING}/ansible" ${output_dir}/
 files=$(find $output_dir -type f -name "*.yaml" -or -name "*.sh" -or -name "*.json")
 sed -i.bak 's/__ACI_GW_VERSION__/'"$aci_gw_version"'/g' $files
 sed -i.bak 's/__API_PROXY_VERSION__/'"$auth_proxy_version"'/g' $files
-sed -i.bak 's/__CONTIV_INSTALL_VERSION__/'"$ansible_image_version"'/g' $files
+sed -i.bak 's#__CONTIV_INSTALL_VERSION__#'"$ansible_image_version"'#g' $files
 sed -i.bak 's/__CONTIV_VERSION__/'"$CONTIV_NETPLUGIN_VERSION"'/g' $files
 sed -i.bak 's/__DOCKER_VERSION__/'"$docker_version"'/g' $files
 sed -i.bak 's/__ETCD_VERSION__/'"$etcd_version"'/g' $files