Merge pull request #1472 from grycap/ansible_roles

Ansible roles - Implements #1473

Author: micafer

IM/ConfManager.py

@@ -1411,8 +1411,12 @@ def configure_ansible(self, ssh, tmp_dir, ansible_version=None):
             for s in self.inf.radl.systems:
                 for req_app in s.getApplications():
                     if req_app.getValue("name").startswith("ansible.modules."):
+                        # Mantain it for compatibility
                         # Get the modules specified by the user in the RADL
                         modules.append(req_app.getValue("name")[16:])
+                    elif req_app.getValue("name").startswith("ansible.roles."):
+                        # Get the roles specified by the user in the RADL
+                        modules.append(req_app.getValue("name")[14:])
                     elif req_app.getValue("name").startswith("ansible.collections."):
                         # Get the modules specified by the user in the RADL
                         collections.append(req_app.getValue("name")[20:])
@@ -1504,11 +1508,18 @@ def create_general_conf_file(self, conf_file, vm_list):
         for s in self.inf.radl.systems:
             for req_app in s.getApplications():
                 if req_app.getValue("name").startswith("ansible.modules."):
+                    # Mantain it for compatibility
                     # Get the modules specified by the user in the RADL
                     app_name = req_app.getValue("name")[16:]
                     if req_app.getValue("version"):
                         app_name += ",%s" % req_app.getValue("version")
                     modules.append(app_name)
+                elif req_app.getValue("name").startswith("ansible.roles."):
+                    # Get the roles specified by the user in the RADL
+                    app_name = req_app.getValue("name")[14:]
+                    if req_app.getValue("version"):
+                        app_name += ",%s" % req_app.getValue("version")
+                    modules.append(app_name)
                 elif req_app.getValue("name").startswith("ansible.collections."):
                     # Get the modules specified by the user in the RADL
                     app_name = req_app.getValue("name")[20:]

IM/InfrastructureManager.py

@@ -1423,16 +1423,19 @@ def get_auth_from_vault(auth):
                 vault_host = None
                 vault_path = None
                 vault_role = None
+                vault_mount_point = None
                 if "host" in vault_auth[0]:
                     vault_host = vault_auth[0]["host"]
                 else:
                     InfrastructureManager.logger.warning("Vault credentials without host.")
                     return auth
                 if "path" in vault_auth[0]:
                     vault_path = vault_auth[0]["path"]
+                if "mount_point" in vault_auth[0]:
+                    vault_mount_point = vault_auth[0]["mount_point"]
                 if "role" in vault_auth[0]:
                     vault_role = vault_auth[0]["role"]
-                vault = VaultCredentials(vault_host, vault_path, vault_role, Config.VERIFI_SSL)
+                vault = VaultCredentials(vault_host, vault_mount_point, vault_path, vault_role, Config.VERIFI_SSL)
                 creds = vault.get_creds(vault_auth[0]["token"])
                 creds.extend(auth.auth_list)
                 creds.remove(vault_auth[0])

IM/tosca/Tosca.py

@@ -1639,7 +1639,7 @@ def _get_node_artifacts(node):
     def _add_ansible_roles(self, node, nodetemplates, system):
         """
         Find all the roles and collections to be applied to this node and
-        add them to the system as ansible.modules.* or ansible.collections.*
+        add them to the system as ansible.roles.* or ansible.collections.*
         in 'disk.0.applications'
         """
         collections = []
@@ -1654,7 +1654,7 @@ def _add_ansible_roles(self, node, nodetemplates, system):
 
             if compute and compute.name == node.name:
                 # Get the artifacts to see if there is a ansible galaxy role
-                # and add it as an "ansible.modules" app requirement in RADL
+                # and add it as an "ansible.roles" app requirement in RADL
                 artifacts = self._get_node_artifacts(other_node)
                 for _, artifact in artifacts.items():
                     if ('type' in artifact and artifact['type'] == 'tosca.artifacts.AnsibleGalaxy.role' and
@@ -1674,7 +1674,7 @@ def _add_ansible_roles(self, node, nodetemplates, system):
 
         for role in roles:
             app_features = Features()
-            app_features.addFeature(Feature('name', '=', 'ansible.modules.' + role))
+            app_features.addFeature(Feature('name', '=', 'ansible.roles.' + role))
             feature = Feature('disk.0.applications', 'contains', app_features)
             system.addFeature(feature)
 

IM/vault.py

@@ -26,10 +26,11 @@
 
 class VaultCredentials():
 
-    def __init__(self, vault_url, vault_path=None, role=None, ssl_verify=False):
-        self.vault_path = "credentials/"
-        if vault_path:
-            self.vault_path = vault_path
+    def __init__(self, vault_url, vault_mount_point=None, vault_path=None, role=None, ssl_verify=False):
+        self.mount_point = "credentials/"
+        if vault_mount_point:
+            self.mount_point = vault_mount_point
+        self.path = vault_path
         self.role = role
         self.client = None
         self.ssl_verify = ssl_verify
@@ -62,9 +63,12 @@ def _login(self, token):
     def get_creds(self, token):
         vault_entity_id = self._login(token)
         data = []
+        path = self.path
+        if not path:
+            path = vault_entity_id
 
         try:
-            creds = self.client.secrets.kv.v1.read_secret(path=vault_entity_id, mount_point=self.vault_path)
+            creds = self.client.secrets.kv.v1.read_secret(path=path, mount_point=self.mount_point)
             for cred_json in creds["data"].values():
                 new_item = json.loads(cred_json)
                 if 'enabled' not in new_item or new_item['enabled']:

doc/source/radl.rst

@@ -410,7 +410,8 @@ machine.  The supported features are:
    can be installed during the contextualization of the virtual machine if it
    is not installed.
 
-   There are some **special** type of application that starts with ``ansible.modules.`` or ``ansible.collections.``.
+   There are some **special** type of application that starts with ``ansible.roles.``
+   (``ansible.modules.`` in < IM 1.14 ) or ``ansible.collections.``.
    These applications installs `ansible roles <https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_reuse_roles.html>`_ or 
    `ansible collections <https://docs.ansible.com/ansible/latest/collections_guide/index.html>`_
    that can be used in the ``configure`` sections of the RADL.
@@ -420,14 +421,14 @@ machine.  The supported features are:
 
    There are three type of ansible modules/roles:
 
-   * `Ansible Galaxy <https://galaxy.ansible.com/>`_ roles: ``ansible.modules.micafer.hadoop``: The user
-     specifies the name of the galaxy role afther the string ``ansible.modules.``
-   * HTTP URL: ``ansible.modules.https://github.com/micafer/ansible-role-hadoop/archive/master.tar.gz|hadoop``: The user 
-     specifies an HTTP URL afther the string ``ansible.modules.``. The file must be compressed. 
+   * `Ansible Galaxy <https://galaxy.ansible.com/>`_ roles: ``ansible.roles.micafer.hadoop``: The user
+     specifies the name of the galaxy role afther the string ``ansible.roles.``
+   * HTTP URL: ``ansible.roles.https://github.com/micafer/ansible-role-hadoop/archive/master.tar.gz|hadoop``: The user 
+     specifies an HTTP URL afther the string ``ansible.roles.``. The file must be compressed. 
      It must contain the ansible role content. Furthermore the user can specify the rolename using 
      a ``|`` afther the url, as shown in the example.
-   * Git Repo: ``ansible.modules.git+https://github.com/micafer/ansible-role-hadoop|hadoop``: The user specifies a Git repo
-     (using the git scheme in the URL) afther the string ``ansible.modules.``. Furthermore the 
+   * Git Repo: ``ansible.roles.git+https://github.com/micafer/ansible-role-hadoop|hadoop``: The user specifies a Git repo
+     (using the git scheme in the URL) afther the string ``ansible.roles.``. Furthermore the 
      user can specify the rolename using a ``|`` afther the url, as shown in the example.
 
 ``nat_instance = yes|no``
@@ -592,7 +593,7 @@ Including roles or collections of Ansible Galaxy
 -------------------------------------------------
 
 To include a role available in Ansible Galaxy a special application requirement
-must be added: it must start with: "ansible.modules" as shown in the following
+must be added: it must start with: "ansible.roles" as shown in the following
 example. In this case the Ansible Galaxy role called "micafer.hadoop" will be installed::
 
    network net (outbound = 'yes')
@@ -603,7 +604,7 @@ example. In this case the Ansible Galaxy role called "micafer.hadoop" will be in
       net_interface.0.connection = "net" and
       disk.0.os.name = "linux" and
       disk.0.os.flavour = "ubuntu" and
-      disk.0.applications contains (name="ansible.modules.micafer.hadoop")
+      disk.0.applications contains (name="ansible.roles.micafer.hadoop")
    )
 
 Then the configuration section of the RADL can use the role as described in the role's
@@ -620,7 +621,7 @@ documentation. In the particular case of the "micafer.hadoop" role is the follow
 
 You can request an specific version/tag/branch of a galaxy role using the following format::
 
-	disk.0.applications contains (name="ansible.modules.micafer.hadoop,v1.0.0")
+	disk.0.applications contains (name="ansible.roles.micafer.hadoop,v1.0.0")
 
 Similarly, to include a collection available in Ansible Galaxy it must start with:
 "ansible.collections" as shown in the following example. In this case the Ansible Galaxy 

examples/galaxy.radl

@@ -9,9 +9,9 @@ net_interface.0.connection = 'privada' and
 net_interface.0.dns_name = 'slurmserver' and
 disk.0.os.name='linux' and
 disk.0.os.flavour='ubuntu' and
-disk.0.applications contains (name='ansible.modules.indigo-dc.slurm') and
-disk.0.applications contains (name='ansible.modules.indigo-dc.nfs') and
-disk.0.applications contains (name='ansible.modules.grycap.galaxy')
+disk.0.applications contains (name='ansible.roles.indigo-dc.slurm') and
+disk.0.applications contains (name='ansible.roles.indigo-dc.nfs') and
+disk.0.applications contains (name='ansible.roles.grycap.galaxy')
 )
 
 system wn (

examples/ganglia.radl

@@ -12,7 +12,7 @@ net_interface.0.dns_name = 'front' and
 disk.0.os.name='linux' and
 disk.0.os.flavour='scientific' and
 disk.0.os.version>='6' and
-disk.0.applications contains (name='ansible.modules.micafer.ganglia')
+disk.0.applications contains (name='ansible.roles.micafer.ganglia')
 )
 
 system wn (

examples/glusterfs.radl

@@ -12,7 +12,7 @@ net_interface.0.dns_name = 'glusterfe' and
 disk.0.os.name='linux' and
 disk.0.os.flavour='ubuntu' and
 disk.0.os.version>='18.04' and
-disk.0.applications contains (name='ansible.modules.geerlingguy.glusterfs')
+disk.0.applications contains (name='ansible.roles.geerlingguy.glusterfs')
 )
 
 system wn (

examples/hadoop.radl

@@ -13,7 +13,7 @@ disk.0.os.flavour='ubuntu' and
 disk.0.os.version='12.04'and
 #disk.0.os.flavour='scientific' and
 #disk.0.os.version>='6' and
-disk.0.applications contains (name='ansible.modules.micafer.hadoop')
+disk.0.applications contains (name='ansible.roles.micafer.hadoop')
 )
 
 system wn (

examples/kubernetes.radl

@@ -12,8 +12,8 @@ net_interface.1.dns_name = 'kubeserverpublic' and
 disk.0.os.name='linux' and
 disk.0.os.flavour='ubuntu' and
 disk.0.os.version>='16.04' and
-disk.0.applications contains (name='ansible.modules.grycap.kubernetes') and
-disk.0.applications contains (name='ansible.modules.grycap.nfs')
+disk.0.applications contains (name='ansible.roles.grycap.kubernetes') and
+disk.0.applications contains (name='ansible.roles.grycap.nfs')
 )
 
 system wn (

examples/slurm.radl

@@ -9,8 +9,8 @@ net_interface.0.connection = 'privada' and
 net_interface.0.dns_name = 'slurmserver' and
 disk.0.os.name='linux' and
 disk.0.os.flavour='ubuntu' and
-disk.0.applications contains (name='ansible.modules.indigo-dc.slurm') and
-disk.0.applications contains (name='ansible.modules.indigo-dc.nfs')
+disk.0.applications contains (name='ansible.roles.indigo-dc.slurm') and
+disk.0.applications contains (name='ansible.roles.indigo-dc.nfs')
 )
 
 system wn (

examples/swarm.radl

@@ -9,7 +9,7 @@ net_interface.1.connection = 'privada' and
 net_interface.0.dns_name = 'swarmmanager' and
 disk.0.os.name='linux' and
 disk.0.os.flavour='ubuntu' and
-disk.0.applications contains (name='ansible.modules.grycap.swarm')
+disk.0.applications contains (name='ansible.roles.grycap.swarm')
 )
 
 system wn (