playbooks/playbook.py

#!/usr/bin/env python
import yaml
import subprocess
import json
from getpass import getpass
import argparse


def parse_arguments():
    parser = argparse.ArgumentParser(
        description="Ansible-playbook wrapper for dynamic password input."
    )
    parser.add_argument("playbook", help="The path to the Ansible playbook.")
    parser.add_argument(
        "-i",
        "--inventory",
        default="inventory.yml",
        help="The path to the inventory file.",
    )
    parser.add_argument(
        "-k",
        "--ask-pass",
        action="store_true",
        help="Use become password as SSH password",
    )
    return parser.parse_args()


def load_playbook_targets(playbook_path):
    # Load the playbook YAML and extract the hosts
    with open(playbook_path, "r") as f:
        playbook_data = yaml.safe_load(f)

    return playbook_data[0].get("hosts", [])


def fetch_inventory(inventory_path):
    inventory_json = subprocess.check_output(
        ["ansible-inventory", "-i", inventory_path, "--list"]
    )
    return json.loads(inventory_json)


def main():
    args = parse_arguments()
    playbook_targets = load_playbook_targets(args.playbook)
    inventory = fetch_inventory(args.inventory)

    # Determine targeted hosts
    targeted_hosts = set()

    if isinstance(playbook_targets, str):
        if playbook_targets in inventory:
            targeted_hosts.update(inventory[playbook_targets]["hosts"])
        elif playbook_targets == "all":
            targeted_hosts.update(inventory["_meta"]["hostvars"].keys())
    elif isinstance(playbook_targets, list):
        targeted_hosts.update(playbook_targets)

    # Validate targeted hosts against inventory
    valid_hosts = set(inventory["_meta"]["hostvars"].keys())
    targeted_hosts.intersection_update(valid_hosts)

    # Process each targeted host
    for host in targeted_hosts:
        print(f"Processing host: {host}")
        become_pass = getpass(f"Enter become password for {host}: ")

        # Use JSON to safely pass the become password as an extra var
        raw_vars = {"ansible_become_pass": become_pass}

        if args.ask_pass:
            raw_vars["ansible_ssh_pass"] = become_pass

        extra_vars = json.dumps(raw_vars)

        # Execute Ansible playbook for each host
        subprocess.run(
            [
                "ansible-playbook",
                "-i",
                args.inventory,
                "--limit",
                host,
                args.playbook,
                "--extra-vars",
                extra_vars,
            ]
        )


if __name__ == "__main__":
    main()
feat: add Ansible support and improve inventory - Added a new Python script to dynamically handle Ansible playbook executions with password prompts. - Enhanced `inventory.yml` by defining explicit `ansible_name` and `ansible_host` for each host to improve manageability. - Introduced `.gitignore` to omit `venv/` and `.vscode/` directories from version control, ensuring a cleaner repository. - Updated `apt.yml` playbook to unify update and upgrade tasks, using `ansible.builtin.apt`. - Created `requirements.txt` to manage Python dependencies, including `ansible`, `ansible-lint`, and `pyyaml`. These changes streamline the management of Ansible hosts and execution of playbooks, aligning with best practices for ongoing development. 2024-10-25 16:50:37 +00:00			`#!/usr/bin/env python`
			`import yaml`
			`import subprocess`
			`import json`
			`from getpass import getpass`
			`import argparse`


			`def parse_arguments():`
			`parser = argparse.ArgumentParser(`
			`description="Ansible-playbook wrapper for dynamic password input."`
			`)`
			`parser.add_argument("playbook", help="The path to the Ansible playbook.")`
			`parser.add_argument(`
			`"-i",`
			`"--inventory",`
			`default="inventory.yml",`
			`help="The path to the inventory file.",`
			`)`
feat(playbook): add support for SSH password prompt Introduced a `--ask-pass` argument to prompt for the SSH password, using the same password as the become password when provided. This allows secure SSH connections without pre-stored credentials, enhancing security and flexibility in multi-user environments. 2024-10-26 13:48:43 +00:00			`parser.add_argument(`
			`"-k",`
			`"--ask-pass",`
			`action="store_true",`
			`help="Use become password as SSH password",`
			`)`
feat: add Ansible support and improve inventory - Added a new Python script to dynamically handle Ansible playbook executions with password prompts. - Enhanced `inventory.yml` by defining explicit `ansible_name` and `ansible_host` for each host to improve manageability. - Introduced `.gitignore` to omit `venv/` and `.vscode/` directories from version control, ensuring a cleaner repository. - Updated `apt.yml` playbook to unify update and upgrade tasks, using `ansible.builtin.apt`. - Created `requirements.txt` to manage Python dependencies, including `ansible`, `ansible-lint`, and `pyyaml`. These changes streamline the management of Ansible hosts and execution of playbooks, aligning with best practices for ongoing development. 2024-10-25 16:50:37 +00:00			`return parser.parse_args()`


			`def load_playbook_targets(playbook_path):`
			`# Load the playbook YAML and extract the hosts`
			`with open(playbook_path, "r") as f:`
			`playbook_data = yaml.safe_load(f)`

			`return playbook_data[0].get("hosts", [])`


			`def fetch_inventory(inventory_path):`
			`inventory_json = subprocess.check_output(`
			`["ansible-inventory", "-i", inventory_path, "--list"]`
			`)`
			`return json.loads(inventory_json)`


			`def main():`
			`args = parse_arguments()`
			`playbook_targets = load_playbook_targets(args.playbook)`
			`inventory = fetch_inventory(args.inventory)`

			`# Determine targeted hosts`
			`targeted_hosts = set()`

			`if isinstance(playbook_targets, str):`
			`if playbook_targets in inventory:`
			`targeted_hosts.update(inventory[playbook_targets]["hosts"])`
			`elif playbook_targets == "all":`
			`targeted_hosts.update(inventory["_meta"]["hostvars"].keys())`
			`elif isinstance(playbook_targets, list):`
			`targeted_hosts.update(playbook_targets)`

			`# Validate targeted hosts against inventory`
			`valid_hosts = set(inventory["_meta"]["hostvars"].keys())`
			`targeted_hosts.intersection_update(valid_hosts)`

			`# Process each targeted host`
			`for host in targeted_hosts:`
			`print(f"Processing host: {host}")`
			`become_pass = getpass(f"Enter become password for {host}: ")`

refactor(playbook): safely handle password with JSON encoding Switches to using JSON encoding for handling the become password as an extra variable in subprocess calls. This ensures safer and more reliable handling of special characters within passwords, reducing the risk of shell injection vulnerabilities. 2024-10-26 12:58:04 +00:00			`# Use JSON to safely pass the become password as an extra var`
feat(playbook): add support for SSH password prompt Introduced a `--ask-pass` argument to prompt for the SSH password, using the same password as the become password when provided. This allows secure SSH connections without pre-stored credentials, enhancing security and flexibility in multi-user environments. 2024-10-26 13:48:43 +00:00			`raw_vars = {"ansible_become_pass": become_pass}`

			`if args.ask_pass:`
			`raw_vars["ansible_ssh_pass"] = become_pass`

			`extra_vars = json.dumps(raw_vars)`
refactor(playbook): safely handle password with JSON encoding Switches to using JSON encoding for handling the become password as an extra variable in subprocess calls. This ensures safer and more reliable handling of special characters within passwords, reducing the risk of shell injection vulnerabilities. 2024-10-26 12:58:04 +00:00
feat: add Ansible support and improve inventory - Added a new Python script to dynamically handle Ansible playbook executions with password prompts. - Enhanced `inventory.yml` by defining explicit `ansible_name` and `ansible_host` for each host to improve manageability. - Introduced `.gitignore` to omit `venv/` and `.vscode/` directories from version control, ensuring a cleaner repository. - Updated `apt.yml` playbook to unify update and upgrade tasks, using `ansible.builtin.apt`. - Created `requirements.txt` to manage Python dependencies, including `ansible`, `ansible-lint`, and `pyyaml`. These changes streamline the management of Ansible hosts and execution of playbooks, aligning with best practices for ongoing development. 2024-10-25 16:50:37 +00:00			`# Execute Ansible playbook for each host`
			`subprocess.run(`
			`[`
			`"ansible-playbook",`
			`"-i",`
			`args.inventory,`
			`"--limit",`
			`host,`
			`args.playbook,`
			`"--extra-vars",`
refactor(playbook): safely handle password with JSON encoding Switches to using JSON encoding for handling the become password as an extra variable in subprocess calls. This ensures safer and more reliable handling of special characters within passwords, reducing the risk of shell injection vulnerabilities. 2024-10-26 12:58:04 +00:00			`extra_vars,`
feat: add Ansible support and improve inventory - Added a new Python script to dynamically handle Ansible playbook executions with password prompts. - Enhanced `inventory.yml` by defining explicit `ansible_name` and `ansible_host` for each host to improve manageability. - Introduced `.gitignore` to omit `venv/` and `.vscode/` directories from version control, ensuring a cleaner repository. - Updated `apt.yml` playbook to unify update and upgrade tasks, using `ansible.builtin.apt`. - Created `requirements.txt` to manage Python dependencies, including `ansible`, `ansible-lint`, and `pyyaml`. These changes streamline the management of Ansible hosts and execution of playbooks, aligning with best practices for ongoing development. 2024-10-25 16:50:37 +00:00			`]`
			`)`


			`if __name__ == "__main__":`
			`main()`