playbooks/playbook.py

#!/usr/bin/env python
import yaml
import subprocess
import json
from getpass import getpass
import argparse


def parse_arguments():
    parser = argparse.ArgumentParser(
        description="Ansible-playbook wrapper for dynamic password input."
    )
    parser.add_argument("playbook", help="The path to the Ansible playbook.")
    parser.add_argument(
        "-i",
        "--inventory",
        default="inventory.yml",
        help="The path to the inventory file.",
    )
    parser.add_argument(
        "-k",
        "--ask-pass",
        action="store_true",
        help="Use become password as SSH password",
    )
    return parser.parse_args()


def load_playbook_targets(playbook_path):
    # Load the playbook YAML and extract the hosts
    with open(playbook_path, "r") as f:
        playbook_data = yaml.safe_load(f)

    return playbook_data[0].get("hosts", [])


def fetch_inventory(inventory_path):
    inventory_json = subprocess.check_output(
        ["ansible-inventory", "-i", inventory_path, "--list"]
    )
    return json.loads(inventory_json)


def main():
    args = parse_arguments()
    playbook_targets = load_playbook_targets(args.playbook)
    inventory = fetch_inventory(args.inventory)

    # Determine targeted hosts
    targeted_hosts = set()

    if isinstance(playbook_targets, str):
        if playbook_targets in inventory:
            targeted_hosts.update(inventory[playbook_targets]["hosts"])
        elif playbook_targets == "all":
            targeted_hosts.update(inventory["_meta"]["hostvars"].keys())
    elif isinstance(playbook_targets, list):
        targeted_hosts.update(playbook_targets)

    # Validate targeted hosts against inventory
    valid_hosts = set(inventory["_meta"]["hostvars"].keys())
    targeted_hosts.intersection_update(valid_hosts)

    # Process each targeted host
    for host in targeted_hosts:
        print(f"Processing host: {host}")
        become_pass = getpass(f"Enter become password for {host}: ")

        # Use JSON to safely pass the become password as an extra var
        raw_vars = {"ansible_become_pass": become_pass}

        if args.ask_pass:
            raw_vars["ansible_ssh_pass"] = become_pass

        extra_vars = json.dumps(raw_vars)

        # Execute Ansible playbook for each host
        subprocess.run(
            [
                "ansible-playbook",
                "-i",
                args.inventory,
                "--limit",
                host,
                args.playbook,
                "--extra-vars",
                extra_vars,
            ]
        )


if __name__ == "__main__":
    main()