jenkinsci / ansible-plugin Goto Github PK
View Code? Open in Web Editor NEWJenkins Ansible plugin
Home Page: https://plugins.jenkins.io/ansible/
License: MIT License
Jenkins Ansible plugin
Home Page: https://plugins.jenkins.io/ansible/
License: MIT License
Jenkins: 2.410
OS: Linux - 5.15.0-1037-aws
Java: 11.0.19 - Ubuntu (OpenJDK 64-Bit Server VM)
---
ansible:231.va_d0cb_802c621
Linux (controller and agents)
To reproduce, invoke plugin in a pipeline script giving a number for a value of an extra var. E.g.:
ansiblePlaybook(
playbook: 'playbook.yml',
extraVars: [serial_override: 8],
)
The command-line generated by the plugin will be
ansible-playbook playbook.yml -e serial_override=8
A NullPointerException
is triggered.
No response
OS: Linux - 4.18.0-513.18.2.el8_9.x86_64
Java: 11.0.22 - Eclipse Adoptium (OpenJDK 64-Bit Server VM)
Ansible plugin version 307.va_1f3ef06575a_
Runing on Debian Bullseye nodes, with Ansible 2.10.8
With a Jenkinsfile like:
withCredentials([file(credentialsId: 'ansible-vault-dev-password', variable: 'ansibleVaultKeyFile')]) {
ansibleVault(
action: "decrypt",
input: "./secret_file/ansible_ecdsa",
output: "./secret_file/ansible_ecdsa",
vaultCredentialsId: ansibleVaultKeyFile
)
}
No error.
[Pipeline] ansibleVault
[XXX] $ ansible-vault decrypt ./secret_file/ansible_ecdsa ./secret_file/ansible_ecdsa
/usr/lib/python3.11/getpass.py:91: GetPassWarning: Can not control echo on the terminal.
passwd = fallback_getpass(prompt, stream)
Warning: Password input may be echoed.
Vault password: [WARNING]: Error in vault password prompt (default): EOFError (ctrl-d) on
prompt for (default)
ERROR! EOFError (ctrl-d) on prompt for (default)
FATAL: command execution failed
hudson.AbortException: Ansible vault execution failed
at org.jenkinsci.plugins.ansible.AnsibleVaultBuilder.perform(AnsibleVaultBuilder.java:155)
at org.jenkinsci.plugins.ansible.workflow.AnsibleVaultStep$AnsibleVaultExecution.run(AnsibleVaultStep.java:230)
at org.jenkinsci.plugins.ansible.workflow.AnsibleVaultStep$AnsibleVaultExecution.run(AnsibleVaultStep.java:190)
at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1$1.call(AbstractSynchronousNonBlockingStepExecution.java:47)
at hudson.security.ACL.impersonate2(ACL.java:451)
at hudson.security.ACL.impersonate(ACL.java:463)
at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1.run(AbstractSynchronousNonBlockingStepExecution.java:44)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.base/java.util.concurrent.FutureTask.run(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.base/java.lang.Thread.run(Unknown Source)
No response
No response
Please add support for running the Job in check_mode aka. --check.
see: https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_checkmode.html
I'd like to use a Jenkins Boolean Parameter / Environment Variable like ANSIBLE_CHECK_MODE to set it
The problem is afaik I cat just simply do the following, because --check
can not be assigned and can not be set via environment variables.
--check="${ANSIBLE_CHECK_MODE}"
# or
-e ansible_check_mode="${ANSIBLE_CHECK_MODE}"
I'll try to, but I haven't touched JAVA code in a long time and never done any Jenkins Plugin Development, so I don't know If I can do this.
Jenkins: 2.401.2
OS: Linux - 5.15.0-76-generic
Java: 17.0.7 - Private Build (OpenJDK 64-Bit Server VM)
---
adoptopenjdk:1.5
analysis-model-api:11.3.0
ansible:240.vc26740a_625c0
ansicolor:1.0.2
ant:497.v94e7d9fffa_b_9
antisamy-markup-formatter:159.v25b_c67cd35fb_
apache-httpcomponents-client-4-api:4.5.14-150.v7a_b_9d17134a_5
apache-httpcomponents-client-5-api:5.2.1-1.0
authentication-tokens:1.53.v1c90fd9191a_b_
authorize-project:1.7.0
bootstrap4-api:4.6.0-6
bootstrap5-api:5.3.0-1
bouncycastle-api:2.28
branch-api:2.1122.v09cb_8ea_8a_724
build-timeout:1.31
caffeine-api:3.1.6-115.vb_8b_b_328e59d8
checks-api:2.0.0
cloud-stats:267.v577e3742c282
cloudbees-folder:6.815.v0dd5a_cb_40e0e
command-launcher:100.v2f6722292ee8
commons-httpclient3-api:3.1-3
commons-lang3-api:3.12.0-36.vd97de6465d5b_
commons-text-api:1.10.0-36.vc008c8fcda_7b_
conditional-buildstep:1.4.2
config-file-provider:938.ve2b_8a_591c596
credentials:1254.vb_96f366e7b_a_d
credentials-binding:604.vb_64480b_c56ca_
cvs:2.19.1
data-tables-api:1.13.4-3
display-url-api:2.3.7
docker-commons:422.v9d1a_89cede51
docker-java-api:3.3.1-79.v20b_53427e041
docker-plugin:1.4
docker-workflow:563.vd5d2e5c4007f
durable-task:507.v050055d0cb_dd
echarts-api:5.4.0-5
email-ext:2.99
external-monitor-job:206.v9a_94ff0b_4a_10
font-awesome-api:6.4.0-1
forensics-api:2.3.0
git:5.1.0
git-changelog:3.30
git-client:4.4.0
git-parameter:0.9.18
git-server:99.va_0826a_b_cdfa_d
github:1.37.1
github-api:1.314-431.v78d72a_3fe4c3
github-branch-source:1728.v859147241f49
gitlab-api:5.3.0-91.v1f9a_fda_d654f
gitlab-branch-source:664.v877fdc293c89
gitlab-plugin:1.7.14
gradle:2.8.1
greenballs:1.15.1
handy-uri-templates-2-api:2.1.8-22.v77d5b_75e6953
instance-identity:173.va_37c494ec4e5
ionicons-api:56.v1b_1c8c49374e
jackson2-api:2.15.2-350.v0c2f3f8fc595
jakarta-activation-api:2.0.1-3
jakarta-mail-api:2.0.1-3
javadoc:233.vdc1a_ec702cff
javax-activation-api:1.2.0-6
javax-mail-api:1.6.2-9
jaxb:2.3.8-1
jdk-tool:66.vd8fa_64ee91b_d
jersey2-api:2.40-1
jjwt-api:0.11.5-77.v646c772fddb_0
jquery:1.12.4-1
jquery3-api:3.7.0-1
jsch:0.2.8-65.v052c39de79b_2
junit:1214.va_2f9db_3e6de0
ldap:682.v7b_544c9d1512
lockable-resources:1172.v4b_8fc8eed570
mailer:457.v3f72cb_e015e5
mapdb-api:1.0.9-28.vf251ce40855d
matrix-auth:3.1.8
matrix-project:789.v57a_725b_63c79
maven-plugin:3.22
mina-sshd-api-common:2.10.0-69.v28e3e36d18eb_
mina-sshd-api-core:2.10.0-69.v28e3e36d18eb_
multibranch-scan-webhook-trigger:1.0.9
nexus-artifact-uploader:2.14
nexus-jenkins-plugin:3.16.501.ve3d6b_58f1d37
nodejs:1.6.0
okhttp-api:4.11.0-145.vcb_8de402ef81
pam-auth:1.10
parameterized-trigger:2.46
pipeline-build-step:496.v2449a_9a_221f2
pipeline-github-lib:42.v0739460cda_c4
pipeline-graph-analysis:202.va_d268e64deb_3
pipeline-groovy-lib:656.va_a_ceeb_6ffb_f7
pipeline-input-step:468.va_5db_051498a_4
pipeline-milestone-step:111.v449306f708b_7
pipeline-model-api:2.2141.v5402e818a_779
pipeline-model-definition:2.2141.v5402e818a_779
pipeline-model-extensions:2.2141.v5402e818a_779
pipeline-rest-api:2.33
pipeline-stage-step:305.ve96d0205c1c6
pipeline-stage-tags-metadata:2.2141.v5402e818a_779
pipeline-stage-view:2.33
plain-credentials:143.v1b_df8b_d3b_e48
plugin-util-api:3.3.0
popper-api:1.16.1-3
popper2-api:2.11.6-2
prism-api:1.29.0-7
resource-disposer:0.22
role-strategy:633.v836e5b_3e80a_5
run-condition:1.6
scm-api:676.v886669a_199a_a_
script-security:1251.vfe552ed55f8d
snakeyaml-api:1.33-95.va_b_a_e3e47b_fa_4
ssh-credentials:305.v8f4381501156
ssh-slaves:2.877.v365f5eb_a_b_eec
sshd:3.303.vefc7119b_ec23
structs:324.va_f5d6774f3a_d
subversion:2.17.2
thinBackup:1.17
timestamper:1.25
token-macro:359.vb_cde11682e0c
translation:1.16
trilead-api:2.84.v72119de229b_7
variant:59.vf075fe829ccb
warnings-ng:10.2.0
workflow-aggregator:596.v8c21c963d92d
workflow-api:1219.v05cd837ea_249
workflow-basic-steps:1017.vb_45b_302f0cea_
workflow-cps:3697.vb_470e454c232
workflow-durable-task-step:1247.v7f9dfea_b_4fd0
workflow-job:1316.vd2290d3341a_f
workflow-multibranch:756.v891d88f2cd46
workflow-scm-step:415.v434365564324
workflow-step-api:639.v6eca_cd8c04a_a_
workflow-support:839.v35e2736cfd5c
ws-cleanup:0.45
Ubuntu, not sure what Version but it should be latest LTS
stage ('Fancy Ansible') {
steps {
wrap([$class: 'AnsiColorBuildWrapper', colorMapName: "xterm"]) {
step([$class: 'AnsiblePlaybookBuilder',
credentialsId: 'cd-docker-compose',
playbook: 'deploy-docker-compose.yml',
inventory: [$class: 'InventoryContent',
content: '''[project_devel]
${DEPLOY_HOST_ADDRESS}''',
dynamic: false],
limit: 'project_devel',
extraVars: [[$class: 'ExtraVar', key: 'ansible_port', value: "${DEPLOY_HOST_PORT}"],
[$class: 'ExtraVar', key: 'image_tag', value: "${IMAGE_TAG}"],
[$class: 'ExtraVar', key: 'restore_from_dump', value: "${RESTORE_FROM_DUMP}"],
[$class: 'ExtraVar', key: 'exclude_immutable_collections', value: "${EXCLUDE_IMMUTABLE_COLLECTIONS}"]],
disableHostKeyChecking: true,
colorizedOutput: true,
additionalParameters: '-v'])
}
}
}
The script running utilizing the defined extraVars.
WARNING: Unknown parameter(s) found for class type 'org.jenkinsci.plugins.ansible.ExtraVar': value
WARNING: Unknown parameter(s) found for class type 'org.jenkinsci.plugins.ansible.ExtraVar': value
WARNING: Unknown parameter(s) found for class type 'org.jenkinsci.plugins.ansible.ExtraVar': value
WARNING: Unknown parameter(s) found for class type 'org.jenkinsci.plugins.ansible.ExtraVar': value
[WARN] Omitting extra var ansible_port: check value is a supported type.
[WARN] Omitting extra var image_tag: check value is a supported type.
[WARN] Omitting extra var restore_from_dump: check value is a supported type.
[WARN] Omitting extra var exclude_immutable_collections: check value is a supported type.
I don't know enough about how jenkins plugins work, but looking at the Code of the plugin I found 4cbc486#diff-63e2588a63bc0ffffd5eb82b66dd8ab4c588b277b7abbda76be684c2e0ef94a0
Here value
in ExtraVars
has been declared transient and all setters have been replaced by secretValue
. I have no clue though how I should use this now.
The job is running rarely, so I'm not 1005 sure, but I believe we did an update round of jenkins and all its plugins between the last time it ran successfully in June and now.
Please see: #127 Recent security requirements has made the plugin difficult to use. We do not use any variables that need to be concealed. Our variables are filenames and paths. Re-configuration of jobs is difficult now as we cannot see what a concealed variable is set to so that we can edit a variable. A possible solution might be to add a new type of key variable that is not concealed. Or add an option to not conceal a variable.
Thanks,
Adrien.
No response
Currently inconvenient place:
At present, you need to manually Install ansible to use Ansible-Playbook, and when you use Install automatically, you will encounter permission problems, and you can only use sudo to install it on the machine
No response
No response
Jenkins: 2.414.1
OS: Linux - 6.2.0-1011-gcp
Java: 11.0.20 - Ubuntu (OpenJDK 64-Bit Server VM)
---
ansible:253.v4fe719ffdd8a_
osx
src/test/resources/jobdsl/playbookBuilder.groovy
with:freeStyleJob('ansible') {
steps {
ansiblePlaybookBuilder {
playbook('path/playbook.yml')
inventory {
inventoryDoNotSpecify()
}
unbufferedOutput(true)
extraVars {
extraVar {
key('key')
value('value')
hidden(true)
}
}
}
}
}
src/test/java/org/jenkinsci/plugins/ansible/jobdsl/JobDslIntegrationTest.java
:public static final String ANSIBLE_DSL_GROOVY_PLAYBOOK_BUILDER = "jobdsl/playbookBuilder.groovy";
@Test
@DslJobRule.WithJobDsl(ANSIBLE_DSL_GROOVY_PLAYBOOK_BUILDER)
public void shouldCreateJobWithPlaybookBuilderDsl() throws Exception {
AnsiblePlaybookBuilder step = dsl.getGeneratedJob().getBuildersList().get(AnsiblePlaybookBuilder.class);
assertThat("Should add playbook builder", step, notNullValue());
assertThat("playbook", step.playbook, is("path/playbook.yml"));
assertThat("extraVar.key", step.extraVars.get(0).getKey(), is("key"));
assertThat("extraVar.value", step.extraVars.get(0).getSecretValue().getPlainText(), is("value"));
assertThat("extraVar.hidden", step.extraVars.get(0).isHidden(), is(true));
}
mvn test
BUILD SUCCESS
Processing provided DSL script
ERROR: (script, line 12) No signature of method: value() is applicable for argument types: (java.lang.String) values: [value]
Possible solutions: hidden(), key(), secretValue()
Finished: FAILURE
It is broken since SECURITY-3017.
If I replace value()
by secretValue()
in src/test/resources/jobdsl/playbookBuilder.groovy
, I have the following error:
Processing provided DSL script
ERROR: (script, line 12) No signature of method: javaposse.jobdsl.plugin.structs.DescribableContext.secretValue() is applicable for argument types: (java.lang.String) values: [value]
Finished: FAILURE
From Jenkins dev list (Probably more visibility here)
Hi!
6 month ago I've adopted the Ansible Plugin (https://github.com/jenkinsci/ansible-plugin) that was abandoned many years ago. I was able to refresh it, fix some issue (including security ones) but I overestimated the work to be done on this widely used plugin (~20k) installations.
It has pretty much no tests, no support for durable infrastructure, use deprecated Jenkins core API etc...
Sadly I don't have time to take care of all of this and I'm looking for other maintainers and at least people that want to invest time to stabilize it and avoid regression in the future.
Thanks!
Jenkins: 2.414.1
OS: Linux - 4.18.0-477.15.1.el8_8.x86_64
Java: 17.0.4.1 - Oracle Corporation (Java HotSpot(TM) 64-Bit Server VM)
---
ace-editor:1.1
active-directory:2.33
ansible:204.v8191fd551eb_f
ant:497.v94e7d9fffa_b_9
antisamy-markup-formatter:162.v0e6ec0fcfcf6
apache-httpcomponents-client-4-api:4.5.14-208.v438351942757
artifact-promotion:0.5.2
artifactdeployer:1.3
audit-trail:333.vb_e1b_b_0f1238c
authentication-tokens:1.53.v1c90fd9191a_b_
badge:1.9.1
bootstrap4-api:4.6.0-6
bootstrap5-api:5.3.0-1
bouncycastle-api:2.29
branch-api:2.1122.v09cb_8ea_8a_724
build-keeper-plugin:19.va_df8a_2c65123
build-name-setter:2.3.0
build-pipeline-plugin:1.5.8
build-user-vars-plugin:1.9
caffeine-api:3.1.8-133.v17b_1ff2e0599
checks-api:2.0.0
clone-workspace-scm:84.v147686859e1c
cloudbees-folder:6.848.ve3b_fd7839a_81
command-launcher:107.v773860566e2e
commons-lang3-api:3.13.0-62.v7d18e55f51e2
commons-text-api:1.10.0-68.v0d0b_c439292b_
conditional-buildstep:1.4.3
config-file-provider:953.v0432a_802e4d2
copy-data-to-workspace-plugin:1.0
copy-to-slave:1.4.4
copyartifact:722.v0662a_9b_e22a_c
credentials:1271.v54b_1c2c6388a_
credentials-binding:631.v861c06d062b_4
custom-tools-plugin:0.8
cvs:2.19.1
data-tables-api:1.13.5-1
date-parameter:0.0.4
delivery-pipeline-plugin:1.4.2
deploy:1.16
description-setter:1.10
display-url-api:2.3.9
docker-commons:439.va_3cb_0a_6a_fb_29
docker-workflow:572.v950f58993843
dtkit-api:3.0.2
durable-task:523.va_a_22cf15d5e0
dynamic_extended_choice_parameter:1.0.1
dynamicparameter:0.2.0
echarts-api:5.4.0-5
elastic-axis:464.va_7ed499b_9d75
email-ext:2.100
envinject:2.908.v66a_774b_31d93
envinject-api:1.199.v3ce31253ed13
extended-choice-parameter:376.v2e02857547b_a_
extended-read-permission:53.v6499940139e5
external-monitor-job:207.v98a_a_37a_85525
filesystem_scm:2.1
font-awesome-api:6.4.0-2
git:5.2.0
git-client:4.4.0
git-server:99.va_0826a_b_cdfa_d
global-post-script:1.1.4
gradle:2.8.2
groovy:453.vcdb_a_c5c99890
groovy-postbuild:2.5
handlebars:3.0.8
http_request:1.18
icon-shim:3.0.0
instance-identity:173.va_37c494ec4e5
ionicons-api:56.v1b_1c8c49374e
jackson2-api:2.15.2-350.v0c2f3f8fc595
jakarta-activation-api:2.0.1-3
jakarta-mail-api:2.0.1-3
javadoc:243.vb_b_503b_b_45537
javax-activation-api:1.2.0-6
javax-mail-api:1.6.2-9
jaxb:2.3.8-1
jdk-tool:73.vddf737284550
jersey2-api:2.40-1
jira:3.10
jnr-posix-api:3.1.17-1
jobConfigHistory:1227.v7a_79fc4dc01f
jquery:1.12.4-1
jquery-detached:1.2.1
jquery-ui:1.0.2
jquery3-api:3.7.0-1
jsch:0.2.8-65.v052c39de79b_2
junit:1217.v4297208a_a_b_ce
ldap:694.vc02a_69c9787f
lockable-resources:1185.v0c528656ce04
mailer:463.vedf8358e006b_
mapdb-api:1.0.9-28.vf251ce40855d
matrix-auth:3.2
matrix-project:808.v5a_b_5f56d6966
maven-plugin:3.23
maven-repo-cleaner:1.3
mina-sshd-api-common:2.10.0-69.v28e3e36d18eb_
mina-sshd-api-core:2.10.0-69.v28e3e36d18eb_
momentjs:1.1.1
msbuild:1.30
multiple-scms:0.8
next-build-number:1.8
nodejs:1.6.1
nodelabelparameter:1.12.0
pam-auth:1.10
parameterized-trigger:2.46
pipeline-build-step:505.v5f0844d8d126
pipeline-graph-analysis:202.va_d268e64deb_3
pipeline-groovy-lib:685.v8ee9ed91d574
pipeline-input-step:477.v339683a_8d55e
pipeline-milestone-step:111.v449306f708b_7
pipeline-model-api:2.2144.v077a_d1928a_40
pipeline-model-declarative-agent:1.1.1
pipeline-model-definition:2.2144.v077a_d1928a_40
pipeline-model-extensions:2.2144.v077a_d1928a_40
pipeline-rest-api:2.33
pipeline-stage-step:305.ve96d0205c1c6
pipeline-stage-tags-metadata:2.2144.v077a_d1928a_40
pipeline-stage-view:2.33
pipeline-utility-steps:2.16.0
plain-credentials:143.v1b_df8b_d3b_e48
plugin-util-api:3.3.0
popper-api:1.16.1-3
popper2-api:2.11.6-2
postbuildscript:3.2.0-550.v88192b_d3e922
powershell:2.0
promoted-builds:892.vd6219fc0a_efb
publish-over:0.22
publish-over-ssh:1.25
repository:1.10
resource-disposer:0.23
reverse-proxy-auth-plugin:1.7.7
role-strategy:689.v731678c3e0eb_
run-condition:1.7
saml:4.429.v9a_781a_61f1da_
scm-api:676.v886669a_199a_a_
script-security:1274.v2b_33362a_f2f5
scriptler:321.v74a_851a_e7ed6
snakeyaml-api:1.33-95.va_b_a_e3e47b_fa_4
ssh-credentials:308.ve4497b_ccd8f4
ssh-slaves:2.916.vd17b_43357ce4
sshd:3.312.v1c601b_c83b_0e
started-by-envvar:1.0
structs:325.vcb_307d2a_2782
subversion:2.17.3
tap:2.3
token-macro:384.vf35b_f26814ec
translation:1.16
trilead-api:2.84.v72119de229b_7
uno-choice:2.7.2
variant:59.vf075fe829ccb
windows-slaves:1.8.1
workflow-aggregator:596.v8c21c963d92d
workflow-api:1267.vd9b_a_ddd9eb_47
workflow-basic-steps:1042.ve7b_140c4a_e0c
workflow-cps:3774.v4a_d648d409ce
workflow-cps-global-lib:609.vd95673f149b_b
workflow-durable-task-step:1289.v4d3e7b_01546b_
workflow-job:1342.v046651d5b_dfe
workflow-multibranch:756.v891d88f2cd46
workflow-scm-step:415.v434365564324
workflow-step-api:639.v6eca_cd8c04a_a_
workflow-support:848.v5a_383b_d14921
ws-cleanup:0.45
xunit:3.1.3
Red Hat Enterprise Linux release 8.8
If we update Ansible Plugin to next version after: https://updates.jenkins.io/download/plugins/ansible/204.v8191fd551eb_f/ansible.hpi
For build step Invoke Ansible Playbook, we used to see Extra Variables values when editing configuration Advanced, Key Value. Now we see Value Concealed and button Change Password.
Looking at the config xml we see:
<org.jenkinsci.plugins.ansible.ExtraVar>
file_pattern
{AQAAABAAAAAgefgTpYgLMUqURb+QY+kmRF3RiD1N2a8HuBsBATfv+MuNM6o8X66E1LjNPUTOumzt}
false
</org.jenkinsci.plugins.ansible.ExtraVar>
These variables should not be concealed.
Extra Variable values should be clear text.
Extra Variable values are concealed like secrets are.
No response
Paste the output here
Jenkins: 2.426.3
OS: Linux - 3.10.0-1160.59.1.el7.x86_64
Java: 17.0.10 - Oracle Corporation (Java HotSpot(TM) 64-Bit Server VM)
ansible:307.va_1f3ef06575a_
centOS7
steps { ansiblePlaybook( extraVars:[ var1: 'test', var2: ['test1', 'test2'] ]) }
Should override the variables in inventory at run time.
[Pipeline] ansiblePlaybook [tag1] $ /usr/bin/ansible-playbook myPlaybook.yml -i inventory -l host1 -t tag1 -b --become-user root -e ******** -e ********
Tried degrading jenkins ansible plugin versions, earlier worked with the latest version I'm currently using.
The playbook works just fine when extra vars are passed through command line.
yes
Jenkins: 2.413
OS: Linux - 5.15.0-76-generic
Java: 11.0.19 - Ubuntu (OpenJDK 64-Bit Server VM)
---
ansible:240.vc26740a_625c0
The only way Ansible can detect boolean extra-variables is by passing JSON using the extras
parameter, like shown below.
Otherwise, they are interpreted as Strings.
ansiblePlaybook(
playbook: './src/main.yml',
extras: '''
--extra-vars "{bar: false}"
'''
)
Equivalent when using the terminal:
$ ansible-playbook playbook.yml --extra-vars "{bar: false}"
Alpine Docker container running Ansible.
false
:foo: "{{ bar | default(99, true) }}"
ansiblePlaybook(
playbook: './src/main.yml',
extraVars: [
'bar': false
]
)
foo: 99
foo: "false"
TASK [Gathering Facts] *********************************************************
fatal: [App01-Staging]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: [email protected]: Permission denied (publickey).", "unreachable": true}
PLAY RECAP *********************************************************************
App01-Staging : ok=0 changed=0 unreachable=1 failed=0 skipped=0 rescued=0 ignored=0
FATAL: command execution failed
hudson.AbortException: Ansible playbook execution failed
at org.jenkinsci.plugins.ansible.AnsiblePlaybookBuilder.perform(AnsiblePlaybookBuilder.java:308)
at org.jenkinsci.plugins.ansible.AnsiblePlaybookBuilder.perform(AnsiblePlaybookBuilder.java:256)
at jenkins.tasks.SimpleBuildStep.perform(SimpleBuildStep.java:123)
at hudson.tasks.BuildStepCompatibilityLayer.perform(BuildStepCompatibilityLayer.java:80)
at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20)
at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:818)
at hudson.model.Build$BuildExecution.build(Build.java:199)
at hudson.model.Build$BuildExecution.doRun(Build.java:164)
at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:526)
at hudson.model.Run.execute(Run.java:1895)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:44)
at hudson.model.ResourceController.execute(ResourceController.java:101)
at hudson.model.Executor.run(Executor.java:442)
ERROR: Ansible playbook execution failed
When i execute the playbook on jenkins, via ansible plugin, it giving an error.
Install and Unistall Ansible Plugin, and created an instance several times
Playbook should execute
it will fetch the file and give a sucess
No response
Yes
println("Jenkins: ${Jenkins.instance.getVersion()}")
println("OS: ${System.getProperty('os.name')} - ${System.getProperty('os.version')}")
println("Java: ${System.getProperty('java.version')} - ${System.getProperty('java.vm.vendor')} (${System.getProperty('java.vm.name')})")
println "---"
Jenkins.instance.pluginManager.plugins
.collect()
.sort { it.getShortName() }
.each {
plugin -> println("${plugin.getShortName()}:${plugin.getVersion()}")
}
return
Rocky Linux 8.8
Configure
Build Steps
and click the Advanced
buttonExtra Variables
block, all Value
fields are Concealed
and offer a button that says Change Password
The Value filed should be treated as any other string field to be filled up with text.
The Key/Value variables were never concealed before and if some should be there should be a way to enable or disable the concealment. It is not possible to check what was typed in the Value field as it is all hidden checking for typos or what was used on the last run is not possible.
Nothing else.
Paste the output here
Debian 12
pipeline {
agent any
stages {
stage('test') {
steps {
ansiblePlaybook(playbook: '/ansible/test.yml')
}
}
}
}
Pipeline running
An error complain that workdir folder doesn't exists
'java.io.IOException: Process working directory '/var/jenkins_home/workspace/test' doesn't exist!'
I have fixed the issue in the CLIRunner class adding this.ws.mkdirs()
before the line launcher.launch()
in the execute() method,
Commit message: "Update add_user.yml"
git rev-list --no-walk ca7cf49be7aced9030838e677f08730f18361b8e # timeout=10
[ntp_config] $ /bin/sh -xe /tmp/jenkins7648226585525754489.sh
Description: Ubuntu 23.10
Release: 23.10
Codename: mantic
ansible [core 2.16.2]
python version = 3.11.6
jinja version = 3.1.2
Shell script used to build:
ansible-playbook -i /var/lib/jenkins/workspace/ntp_config/configure-playbooks/inventories/hosts /var/lib/jenkins/workspace/ntp_config/configure-playbooks/ntp_config.yml
Expected playbook to complete
Commit message: "Update add_user.yml"
git rev-list --no-walk ca7cf49be7aced9030838e677f08730f18361b8e # timeout=10
[ntp_config] $ /bin/sh -xe /tmp/jenkins7648226585525754489.sh
No response
No response
Hi,
I try to use Additional parameters
for send the output to a file, by adding > output.log
, but it does not seems to works
Regards
No response
No response
Jenkins: 2.401.1
OS: Linux - 3.10.0-693.11.6.el7.x86_64
Java: 11.0.3 - Amazon.com Inc. (OpenJDK 64-Bit Server VM)
---
ansible:240.vc26740a_625c0
CentOS 7
- name: print foobars
debug:
var: foobars
ansiblePlaybook(
playbook: "playbook.yml",
extraVars: [foobars: ["foo","bar"]]
)
[Pipeline] ansiblePlaybook
[WARN] Omitting extra var foobars: check value is a supported type.
[playbook] $ /app/ansible44/venv/bin/ansible-playbook jenkins/ansible/playbook.yml -i jenkins/ansible/localhost.ini -e ********
PLAY [playbook] **********************************************
TASK [print foobars] ***
ok: [localhost] => {
"foobars": [
"foo",
"bar"
]
}
[Pipeline] ansiblePlaybook
[playbook] $ /app/ansible44/venv/bin/ansible-playbook jenkins/ansible/playbook.yml -i jenkins/ansible/localhost.ini
PLAY [playbook] **********************************************
TASK [print foobars] ***
ok: [localhost] => {
"foobars": "VARIABLE IS NOT DEFINED!"
}
Apparently #88 broke list-related logic, because with LTS 2.387 this was working.
Proposal: pass extra variables as json to Ansible.
Currently we are able to test only jobs and pipelines by doing asserts on logs because of dependencies with ansible binary.
The idea is to implement a on the test suite testcontainer (GenericContainer
) that will connect to the test harness instance and execute the test.
Some plugins are doing something similar for integration tests: https://github.com/search?q=org%3Ajenkinsci+genericContainer&type=code&p=3
This will also ensure execution of ansible command and validity with ansible versions
No response
No response
For the sake of re-usability, I'd like to be able configure freeStyleJobs
that invoke an ansiblePlaybook
via
job('My_Job') {
steps {
ansiblePlaybook('path/to/my/playbook.yml') {
inventoryPath('${inventory_repository}/inventory.yml')
vaultCredentialsId('${vault_credentials_id}')
}
}
parameters {
stringParam('inventory_repository')
stringParam('vault_credentials_id')
}
}
where both inventory_repository
and vault_credentials_id
are provided at build-time only.
While this works fine for inventoryPath
, it does not for vaultCredentialsId
(after processing the provided JobDSL file, the vault credentials
setting in the Drop-Down menu is set to - current -
.
No response
Jenkins 2.401.3
Ansible plugin: 253.v4fe719ffdd8a_
Java: openjdk 11.0.19 2023-04-18 LTS
Ansible: core 2.13.11
RHEL7
node() {
stage('Create Play') {
writeFile file: 'play.yaml', text: """
- hosts: myhost
tasks:
- debug: msg="{{ lookup('env', 'MyVar') }}"
- debug: msg="{{ lookup('env', 'MyAnotherVar') }}"
"""
}
stage('Play') {
env.MyVar = 'WannaSeeThis'
withEnv(['MyAnotherVar=WannaSeeThis']) {
step([
$class: 'AnsiblePlaybookBuilder',
playbook: "play.yaml",
inventory: [
$class: 'InventoryContent',
content: "[myhost]\nlocalhost ansible_connection=local"
],
])
}
}
}
The environment variables I defined within the pipeline are visible inside the play.
The environment variables I defined within the pipeline are not visible inside the play.
The variables are visible in a play if I define variables within the "Prepare an environment for the run" feature in a job configuration.
ace-editor:1.1
ansible:240.vc26740a_625c0
ansicolor:1.0.2
antisamy-markup-formatter:159.v25b_c67cd35fb_
apache-httpcomponents-client-4-api:4.5.14-150.v7a_b_9d17134a_5
bootstrap4-api:4.6.0-6
bootstrap5-api:5.3.0-1
bouncycastle-api:2.29
branch-api:2.1122.v09cb_8ea_8a_724
build-timeout:1.31
caffeine-api:3.1.6-115.vb_8b_b_328e59d8
checks-api:2.0.0
cloudbees-folder:6.815.v0dd5a_cb_40e0e
command-launcher:100.v2f6722292ee8
commons-lang3-api:3.12.0-36.vd97de6465d5b_
commons-text-api:1.10.0-36.vc008c8fcda_7b_
credentials:1271.v54b_1c2c6388a_
credentials-binding:631.v861c06d062b_4
dashboard-view:2.487.vcf0ff9008a_c0
data-tables-api:1.13.5-1
display-url-api:2.3.7
durable-task:513.vc48a_a_075a_d93
echarts-api:5.4.0-5
email-ext:2.100
font-awesome-api:6.4.0-2
git:5.2.0
git-client:4.4.0
git-server:99.va_0826a_b_cdfa_d
github:1.37.1
github-api:1.314-431.v78d72a_3fe4c3
github-branch-source:1728.v859147241f49
handlebars:3.0.8
instance-identity:173.va_37c494ec4e5
ionicons-api:56.v1b_1c8c49374e
jackson2-api:2.15.2-350.v0c2f3f8fc595
jakarta-activation-api:2.0.1-3
jakarta-mail-api:2.0.1-3
javax-activation-api:1.2.0-6
javax-mail-api:1.6.2-9
jaxb:2.3.8-1
jdk-tool:66.vd8fa_64ee91b_d
jjwt-api:0.11.5-77.v646c772fddb_0
jquery3-api:3.7.0-1
jsch:0.2.8-65.v052c39de79b_2
junit:1217.v4297208a_a_b_ce
lockable-resources:1172.v4b_8fc8eed570
mailer:457.v3f72cb_e015e5
matrix-auth:3.1.10
matrix-project:789.v57a_725b_63c79
mina-sshd-api-common:2.10.0-69.v28e3e36d18eb_
mina-sshd-api-core:2.10.0-69.v28e3e36d18eb_
momentjs:1.1.1
okhttp-api:4.11.0-145.vcb_8de402ef81
pam-auth:1.10
pipeline-build-step:505.v5f0844d8d126
pipeline-github-lib:42.v0739460cda_c4
pipeline-graph-analysis:202.va_d268e64deb_3
pipeline-groovy-lib:656.va_a_ceeb_6ffb_f7
pipeline-input-step:468.va_5db_051498a_4
pipeline-milestone-step:111.v449306f708b_7
pipeline-model-api:2.2144.v077a_d1928a_40
pipeline-model-definition:2.2144.v077a_d1928a_40
pipeline-model-extensions:2.2144.v077a_d1928a_40
pipeline-rest-api:2.33
pipeline-stage-step:305.ve96d0205c1c6
pipeline-stage-tags-metadata:2.2144.v077a_d1928a_40
pipeline-stage-view:2.33
plain-credentials:143.v1b_df8b_d3b_e48
plugin-util-api:3.3.0
popper-api:1.16.1-3
popper2-api:2.11.6-2
python:1.3
resource-disposer:0.22
scm-api:676.v886669a_199a_a_
script-security:1251.vfe552ed55f8d
snakeyaml-api:1.33-95.va_b_a_e3e47b_fa_4
ssh-credentials:305.v8f4381501156
sshd:3.303.vefc7119b_ec23
structs:324.va_f5d6774f3a_d
timestamper:1.25
token-macro:359.vb_cde11682e0c
trilead-api:2.84.v72119de229b_7
variant:59.vf075fe829ccb
workflow-aggregator:596.v8c21c963d92d
workflow-api:1248.v4b_91043341d2
workflow-basic-steps:1017.vb_45b_302f0cea_
workflow-cps:3726.v83f8cff396c9
workflow-cps-global-lib:609.vd95673f149b_b
workflow-durable-task-step:1247.v7f9dfea_b_4fd0
workflow-job:1316.vd2290d3341a_f
workflow-multibranch:756.v891d88f2cd46
workflow-scm-step:415.v434365564324
workflow-step-api:639.v6eca_cd8c04a_a_
workflow-support:848.v5a_383b_d14921
ws-cleanup:0.45
</details>
### What Operating System are you using (both controller, and any agents involved in the problem)?
Jenkins: Rocky Linux 8
### Reproduction steps
1. Create an Ansible playbook to show passwords:
```yaml
- hosts: all
tasks:
- name: show the current user
ansible.builtin.debug:
msg: "Current user is {{ ansible_user }}"
- name: show the current user password
ansible.builtin.debug:
msg: "Current user is {{ ansible_ssh_passowrd }}"
Create a username/password credential in Jenkins with the details: ansible4/pa$$word
Create a Jenkins pipeline to the ansible plugin:
pipeline{
agent any
stages{
stage("Check Creds"){
steps{
withCredentials([usernamePassword(credentialsId: 'ansible4', passwordVariable: 'PASS', usernameVariable: 'USER')]){
sh "echo $USER"
sh "sshpass -p '${PASS}' ansible-playbook display_ssh_pass.yml -i hosts -u ansible4 -k"
}
}
}
stage("Execute Ansible"){
steps{
ansiblePlaybook colorized: true, credentialsId: 'ansible4', disableHostKeyChecking: true, inventory: 'hosts', playbook: 'display_ssh_pass.yml'
}
}
}
}
To show password is: pa$$word
[ansible4] $ sshpass -p 'pa$$word' ansible-playbook display_ssh_pass.yml -i hosts -u ansible4 -k
PLAY [all] *********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [all]
TASK [show the current user] ***************************************************
ok: [all] => {
"msg": "Current user is:[ansible4]"
}
TASK [show the current user password] ******************************************
ok: [all] => {
"msg": "Current user password is:['pa$word']"
}
PLAY RECAP *********************************************************************
all : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
Finished: SUCCESS
The issue reported in: #83 is the same issue I have described above.
However the fix in PR: https://github.com/jenkinsci/ansible-plugin/pull/85/files breaks passing passwords to sshpass. This is because $$ is escaped by Groovy. The PR is incorrectly escaping all special characters. The original issue was with passwords that contain $$ and has nothing to do with escaping any other special character. The PR should be reverted so passwords container special character combinations other than $$ continue to work.
I have found no way to parse $$ correctly, it would be better to document this as there are two issues:
In a situation outside of this plugin if I had a Jenkins username/password credential with a password containing $$ e.g. abc$$123 I would enter it as abc$$$$123 so I could get the correct value passed to the shell.
Jenkins: 2.414
OS: Linux - 4.18.0-477.13.1.el8_8.x86_64
Java: 11.0.19 - Red Hat, Inc. (OpenJDK 64-Bit Server VM)
---
ansible:240.vc26740a_625c0
Rocky Linux 8.8
Invoke Ansible Ad-Hoc Command
steptarget_host
)[target_host]
10.6.6.6
ping
under Module
(any command would fail, this is just for simplified testing).Credentials
drop-down list (that you've previously set in Jenkins).$ sshpass ******** ansible target_host -i temp_inventory.ini -m ping -f 5 -u ansiblesvc -k
10.6.6.6 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
$ sshpass ******** ansible target_host -i temp_inventory.ini -m ping -f 5 -u ansiblesvc -k
10.6.6.6 | UNREACHABLE! => {
"changed": false,
"msg": "Invalid/incorrect password: Permission denied, please try again.",
"unreachable": true
}
This worked fine in our existing jobs when they were using version ansible:217.v1696cee03265
The issues started as we upgraded the plugin to version ansible:240.vc26740a_625c0
.
After rolling back to version ansible:217.v1696cee03265
- ssh creds seem to be working fine,
so something must have broken between ansible:217.v1696cee03265
and ansible:240.vc26740a_625c0
.
Invoke Ansible-Playbook
(which is how we've discovered this issue originally).Invoke Ansible Ad-Hoc Command
is outlined in the "Reproduction steps" section as a quicker, easier way to replicate the issue.Jenkins: 2.401.3
OS: Linux - 5.15.0-79-generic
Java: 11.0.19 - Eclipse Adoptium (OpenJDK 64-Bit Server VM)
---
ansible:253.v4fe719ffdd8a_
ant:497.v94e7d9fffa_b_9
antisamy-markup-formatter:162.v0e6ec0fcfcf6
apache-httpcomponents-client-4-api:4.5.14-150.v7a_b_9d17134a_5
bootstrap5-api:5.3.0-1
bouncycastle-api:2.29
branch-api:2.1122.v09cb_8ea_8a_724
build-timeout:1.31
caffeine-api:3.1.8-133.v17b_1ff2e0599
checks-api:2.0.0
cloudbees-folder:6.848.ve3b_fd7839a_81
commons-lang3-api:3.13.0-62.v7d18e55f51e2
commons-text-api:1.10.0-68.v0d0b_c439292b_
credentials:1271.v54b_1c2c6388a_
credentials-binding:631.v861c06d062b_4
display-url-api:2.3.9
durable-task:523.va_a_22cf15d5e0
echarts-api:5.4.0-5
email-ext:2.100
font-awesome-api:6.4.0-2
git:5.2.0
git-client:4.4.0
github:1.37.3
github-api:1.314-431.v78d72a_3fe4c3
github-branch-source:1732.v3f1889a_c475b_
gradle:2.8.2
instance-identity:173.va_37c494ec4e5
ionicons-api:56.v1b_1c8c49374e
jackson2-api:2.15.2-350.v0c2f3f8fc595
jakarta-activation-api:2.0.1-3
jakarta-mail-api:2.0.1-3
javax-activation-api:1.2.0-6
javax-mail-api:1.6.2-9
jaxb:2.3.8-1
jjwt-api:0.11.5-77.v646c772fddb_0
jquery3-api:3.7.0-1
junit:1217.v4297208a_a_b_ce
ldap:694.vc02a_69c9787f
mailer:463.vedf8358e006b_
matrix-auth:3.1.10
matrix-project:808.v5a_b_5f56d6966
mina-sshd-api-common:2.10.0-69.v28e3e36d18eb_
mina-sshd-api-core:2.10.0-69.v28e3e36d18eb_
okhttp-api:4.11.0-157.v6852a_a_fa_ec11
pam-auth:1.10
pipeline-build-step:505.v5f0844d8d126
pipeline-github-lib:42.v0739460cda_c4
pipeline-graph-analysis:202.va_d268e64deb_3
pipeline-groovy-lib:671.v07c339c842e8
pipeline-input-step:477.v339683a_8d55e
pipeline-milestone-step:111.v449306f708b_7
pipeline-model-api:2.2144.v077a_d1928a_40
pipeline-model-definition:2.2144.v077a_d1928a_40
pipeline-model-extensions:2.2144.v077a_d1928a_40
pipeline-rest-api:2.33
pipeline-stage-step:305.ve96d0205c1c6
pipeline-stage-tags-metadata:2.2144.v077a_d1928a_40
pipeline-stage-view:2.33
plain-credentials:143.v1b_df8b_d3b_e48
plugin-util-api:3.3.0
resource-disposer:0.23
scm-api:676.v886669a_199a_a_
script-security:1271.vdede89739a_81
snakeyaml-api:1.33-95.va_b_a_e3e47b_fa_4
ssh-credentials:308.ve4497b_ccd8f4
ssh-slaves:2.916.vd17b_43357ce4
structs:325.vcb_307d2a_2782
timestamper:1.26
token-macro:384.vf35b_f26814ec
trilead-api:2.84.v72119de229b_7
variant:59.vf075fe829ccb
workflow-aggregator:596.v8c21c963d92d
workflow-api:1259.vb_47f14fffc8a_
workflow-basic-steps:1042.ve7b_140c4a_e0c
workflow-cps:3769.v8b_e595e4d40d
workflow-durable-task-step:1284.v4fcd365b_75b_e
workflow-job:1326.ve643e00e9220
workflow-multibranch:756.v891d88f2cd46
workflow-scm-step:415.v434365564324
workflow-step-api:639.v6eca_cd8c04a_a_
workflow-support:848.v5a_383b_d14921
ws-cleanup:0.45
Ubuntu 22.04
Have a passphrase for an SSH key that contains special chars, like 7D%TgX`EnfgHkfv$H9qhfg84sZSQwT&LjH~ZEfghjkzn@^sYpR
(not actually in use).
Should work as expected
2: Syntax error: EOF in backquote substitution
Jenkins will create a sh script in /tmp, like 'ssh8566695972573467306.sh'. This doesn't escape the user provided SSH passphrase, having it fail like described above. This can be verified when calling it directly:
root@ansible02:~# ./ssh8566695972573467306.sh
./ssh8566695972573467306.sh: 2: Syntax error: EOF in backquote substitution
Option to specify a different temporary path for vault tmp files instead of workspace. I have a shared workspace and while the pipeline is running the generated temporary vault***.password file is visible to anyone has access to the workspace.
I cloned the project and implemented a solution that i want to share, maybe is useful to someone
No response
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.