pass ansible extra args properly to ansible

Drive-by: allow for environment override of the installer image to
demonstate a working install in CI, in the future the build process
can build inline for for CI purposes and add that image to the full
installer as well.

Drive-by: update assets to 1.1.7 by default

Signed-off-by: Chris Plock <chrisplo@cisco.com>

Makefile

@@ -5,7 +5,7 @@ export CONTIV_INSTALLER_VERSION ?= $(BUILD_VERSION)
 # downloaded and built assets intended to go in installer by build.sh
 export CONTIV_ARTIFACT_STAGING := $(PWD)/artifact_staging
 # some assets are retrieved from GitHub, this is the default version to fetch
-export DEFAULT_DOWNLOAD_CONTIV_VERSION := 1.1.5
+export DEFAULT_DOWNLOAD_CONTIV_VERSION := 1.1.7
 export CONTIV_ACI_GW_VERSION ?= latest
 export NETPLUGIN_OWNER ?= contiv
 # setting NETPLUGIN_BRANCH compiles that commit on demand,
@@ -19,6 +19,7 @@ export CONTIV_V2PLUGIN_VERSION ?= $(DEFAULT_DOWNLOAD_CONTIV_VERSION)
 export CONTIV_NETPLUGIN_TARBALL_NAME := netplugin-$(CONTIV_NETPLUGIN_VERSION).tar.bz2
 export CONTIV_ANSIBLE_COMMIT ?= 8e20f56d541af8bc7a3ecbde0d9c64fa943812ed
 export CONTIV_ANSIBLE_OWNER ?= contiv
+export CONTIV_ANSIBLE_IMAGE ?= plockc/contiv-install:1.1.7.1
 
 # this is the classic first makefile target, and it's also the default target
 # run when `make` is invoked with no specific target.

install/ansible/Dockerfile

@@ -1,7 +1,7 @@
 FROM alpine:3.6
 
 RUN DEV_PACKAGES="python-dev gcc make musl-dev openssl-dev libffi-dev" \
- && apk add --no-cache python openssl libffi nmap-ncat py-pip $DEV_PACKAGES \
+ && apk add --no-cache bash python openssl libffi nmap-ncat py-pip $DEV_PACKAGES \
  && pip install --upgrade pip \
  && pip install cffi \
  && pip install ansible==2.3.1.0 \

install/ansible/install.sh

@@ -43,7 +43,7 @@ while getopts ":n:a:im:d:v:ps:" opt; do
  netmaster=$OPTARG
  ;;
  a)
- ans_opts=$OPTARG
+ declare -a 'ans_opts=('"$OPTARG"')'
  ;;
  i)
  install_scheduler=true
@@ -103,7 +103,7 @@ env_file=install/ansible/env.json
 # Verify ansible can reach all hosts
 
 echo "Verifying ansible reachability"
-ansible all -vvv $ans_opts -i $host_inventory -m setup -a 'filter=ansible_distribution*' | tee $inventory_log
+ansible all "${ans_opts[@]}" -i $host_inventory -m setup -a 'filter=ansible_distribution*' | tee $inventory_log
 if egrep -q 'FAIL|UNREACHABLE' $inventory_log; then
  echo "WARNING Some of the hosts are not accessible via passwordless SSH"
  echo " "
@@ -118,7 +118,7 @@ netmaster_control_if=$(grep -A10 $netmaster $contiv_config | grep -m 1 control |
 # Get the ansible node
 node_name=$(grep $netmaster $host_inventory | awk '{print $1}' | xargs)
 # Get the service VIP for netmaster for the control interface
-service_vip=$(ansible $node_name -m setup $ans_opts -i $host_inventory | grep -A 100 ansible_$netmaster_control_if | grep -A 4 ipv4 | grep address | awk -F \" '{print $4}' | xargs)
+service_vip=$(ansible $node_name -m setup "${ans_opts[@]}" -i $host_inventory | grep -A 100 ansible_$netmaster_control_if | grep -A 4 ipv4 | grep address | awk -F \" '{print $4}' | xargs)
 
 if [ "$service_vip" == "" ]; then
  service_vip=$netmaster
@@ -179,7 +179,7 @@ log_file="/var/contiv/$log_file_name"
 echo "Ansible extra vars from env.json:"
 cat "$env_file"
 # run playbook
-ansible-playbook $ans_opts -i "$host_inventory" -e@"$env_file" $ansible_path/install_plays.yml | tee $log_file
+ansible-playbook "${ans_opts[@]}" -i "$host_inventory" -e@"$env_file" $ansible_path/install_plays.yml | tee $log_file
 rm -rf "$env_file.bak"
 
 unreachable=$(grep "PLAY RECAP" -A 9999 $log_file | awk -F "unreachable=" '{print $2}' | awk '{print $1}' | grep -v "0" | xargs)

install/ansible/install_swarm.sh

@@ -42,6 +42,7 @@ Additional Options:
 -d string Forwarding mode (“routing” or “bridge”). Default mode is “bridge”
 -c string
 -k string
+-a string Additonal ansible arguments such as "--ssh-common-args=-o ProxyCommand='ncat --proxy-type socks4 --proxy 1.3.2.10:1234 %h %p'"
 
 Advanced Options:
 -v string ACI Image (default is contiv/aci-gw:latest). Use this to specify a specific version of the ACI Image.
@@ -79,7 +80,10 @@ while getopts ":f:n:a:e:ipm:d:v:u:c:k:s:" opt; do
  netmaster=$OPTARG
  ;;
  a)
- ans_opts=$OPTARG
+ # make a bash array from the ansible argument
+ # it interprets single and double quotes as you might expect
+ # creating single "words" when quoting
+ declare -a ans_opts=("$OPTARG")
  ;;
  e)
  ans_key=$OPTARG
@@ -147,7 +151,9 @@ fi
 if [ "$ans_opts" == "" ]; then
  ans_opts=" --private-key $def_ans_key -u $ans_user"
 else
- ans_opts=$(printf '%q', $ans_opts)" --private-key $def_ans_key -u $ans_user"
+ # escape each word in the array and put spaces between the words
+ ans_opts="$(printf "%q " "${ans_opts[@]}") --private-key $def_ans_key -u $ans_user"
+ # ans_opts is now a string
 fi
 
 # Generate SSL certs for auth proxy
@@ -161,7 +167,7 @@ if [[ ! -f "$host_tls_cert" || ! -f "$host_tls_key" ]]; then
 fi
 
 echo "Starting the installer container"
-image_name="contiv/install:__CONTIV_INSTALL_VERSION__"
+image_name="__CONTIV_INSTALL_VERSION__"
 mounts[0]="-v"
 mounts[1]="$(pwd)/install:/install:Z"
 mounts[2]="-v"
@@ -170,4 +176,6 @@ mounts[4]="-v"
 mounts[5]="$src_conf_path:$container_conf_path:Z"
 mounts[6]="-v"
 mounts[7]="$(pwd)/contiv_cache:/var/contiv_cache:Z"
-docker run --rm --net=host "${mounts[@]}" $image_name sh -c "./install/ansible/install.sh $netmaster_param -a \"$ans_opts\" $install_scheduler -m $contiv_network_mode -d $fwd_mode $aci_param $cluster_param $v2plugin_param"
+# we quote $ans_opts here again when printig out the docker command to make it a single word
+# install.sh can interpret all the words properly using an array just like above
+docker run --rm --net=host "${mounts[@]}" $image_name sh -c "./install/ansible/install.sh $netmaster_param -a $(printf "%q" "$ans_opts") $install_scheduler -m $contiv_network_mode -d $fwd_mode $aci_param $cluster_param $v2plugin_param"

install/ansible/uninstall_swarm.sh

@@ -146,7 +146,7 @@ else
  ans_opts=$(printf '%q', $ans_opts)" --private-key $def_ans_key -u $ans_user"
 fi
 echo "Starting the uninstaller container"
-image_name="contiv/install:__CONTIV_INSTALL_VERSION__"
+image_name="__CONTIV_INSTALL_VERSION__"
 install_mount="-v $(pwd)/install:/install:Z"
 ansible_mount="-v $(pwd)/ansible:/ansible:Z"
 config_mount="-v $src_conf_path:$container_conf_path:Z"

scripts/build.sh

@@ -18,7 +18,7 @@ fi
 
 pull_images=${CONTIV_CI_HOST:-"false"}
 aci_gw_version=${CONTIV_ACI_GW_VERSION:-"latest"}
-ansible_image_version=${CONTIV_ANSIBLE_IMAGE_VERSION:-$DEFAULT_DOWNLOAD_CONTIV_VERSION}
+ansible_image_version=${CONTIV_ANSIBLE_IMAGE:-contiv/install:$DEFAULT_DOWNLOAD_CONTIV_VERSION}
 auth_proxy_version=${CONTIV_API_PROXY_VERSION:-$DEFAULT_DOWNLOAD_CONTIV_VERSION}
 docker_version=${CONTIV_DOCKER_VERSION:-1.12.6}
 etcd_version=${CONTIV_ETCD_VERSION:-v2.3.8}
@@ -52,7 +52,7 @@ cp -a "${CONTIV_ARTIFACT_STAGING}/ansible" ${output_dir}/
 files=$(find $output_dir -type f -name "*.yaml" -or -name "*.sh" -or -name "*.json")
 sed -i.bak 's/__ACI_GW_VERSION__/'"$aci_gw_version"'/g' $files
 sed -i.bak 's/__API_PROXY_VERSION__/'"$auth_proxy_version"'/g' $files
-sed -i.bak 's/__CONTIV_INSTALL_VERSION__/'"$ansible_image_version"'/g' $files
+sed -i.bak 's#__CONTIV_INSTALL_VERSION__#'"$ansible_image_version"'#g' $files
 sed -i.bak 's/__CONTIV_VERSION__/'"$CONTIV_NETPLUGIN_VERSION"'/g' $files
 sed -i.bak 's/__DOCKER_VERSION__/'"$docker_version"'/g' $files
 sed -i.bak 's/__ETCD_VERSION__/'"$etcd_version"'/g' $files