kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-12-12 20:24:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Refine deploy CLI, test-deploy workflow and Ansible output

Browse Source 
Changes:
- Update GitHub Actions test-deploy workflow to run three staged deploys (normal+debug, reset+debug, async) using inventory-generated vault password files.
- Switch Ansible stdout_callback to ansible.builtin.default and enable YAML-style result_format via callback_default.
- Refactor cli/deploy.py: typed run_ansible_playbook(), structured MODE_* handling, better error reporting, and preserved vault/interactive behaviour.
- Add unit tests for deploy CLI (bool parsing, MODE_* loading, dynamic args, validation, and ansible-playbook command construction) under tests/unit/cli/test_deploy.py.

Context: see ChatGPT conversation on 2025-12-02: https://chatgpt.com/share/692f1035-6bc4-800f-91a9-342db54e1a75
This commit is contained in:
Kevin Veen-Birkenbach
2025-12-02 20:25:26 +01:00
parent 8a453be4b9
commit 46174125bc
4 changed files with 502 additions and 126 deletions
Download Patch File Download Diff File Expand all files Collapse all files

181
cli/deploy.py
View File

@@ -1,4 +1,13 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
"""
Infinito.Nexus deploy CLI
This script is the main entrypoint for running the Ansible playbook with
dynamic MODE_* flags, automatic inventory validation, and optional build/test
steps.
"""
import argparse
import subprocess
@@ -10,40 +19,43 @@ from typing import Optional, Dict, Any, List
def run_ansible_playbook(
inventory,
modes,
limit=None,
allowed_applications=None,
password_file=None,
verbose=0,
skip_build=False,
skip_tests=False,
logs=False,
diff=False,
):
inventory: str,
modes: Dict[str, Any],
limit: Optional[str] = None,
allowed_applications: Optional[List[str]] = None,
password_file: Optional[str] = None,
verbose: int = 0,
skip_build: bool = False,
skip_tests: bool = False,
logs: bool = False,
diff: bool = False,
) -> None:
"""Run ansible-playbook with the given parameters and modes."""
start_time = datetime.datetime.now()
print(f"\n▶️ Script started at: {start_time.isoformat()}\n")
# Cleanup is now handled via MODE_CLEANUP
# 1) Cleanup phase (MODE_CLEANUP)
if modes.get("MODE_CLEANUP", False):
cleanup_command = ["make", "clean-keep-logs"] if logs else ["make", "clean"]
print("\n🧹 Cleaning up project (" + " ".join(cleanup_command) + ")...\n")
print(f"\n🧹 Cleaning up project ({' '.join(cleanup_command)})...\n")
subprocess.run(cleanup_command, check=True)
else:
print("\n⚠️ Skipping cleanup as requested.\n")
print("\n🧹 Cleanup skipped (MODE_CLEANUP=false or not set)\n")
# 2) Build phase
if not skip_build:
print("\n🛠️ Building project (make messy-build)...\n")
subprocess.run(["make", "messy-build"], check=True)
else:
print("\n Skipping build as requested.\n")
print("\n🛠 Build skipped (--skip-build)\n")
script_dir = os.path.dirname(os.path.realpath(__file__))
playbook = os.path.join(os.path.dirname(script_dir), "playbook.yml")
repo_root = os.path.dirname(script_dir)
playbook = os.path.join(repo_root, "playbook.yml")
# Inventory validation is controlled via MODE_ASSERT
# 3) Inventory validation phase (MODE_ASSERT)
if modes.get("MODE_ASSERT", None) is False:
print("\n⚠️ Skipping inventory validation as requested.\n")
print("\n🔍 Inventory assertion explicitly disabled (MODE_ASSERT=false)\n")
elif "MODE_ASSERT" not in modes or modes["MODE_ASSERT"] is True:
print("\n🔍 Validating inventory before deployment...\n")
try:
@@ -56,40 +68,71 @@ def run_ansible_playbook(
check=True,
)
except subprocess.CalledProcessError:
print("\n❌ Inventory validation failed. Deployment aborted.\n", file=sys.stderr)
print(
"\n[ERROR] Inventory validation failed. Aborting deploy.\n",
file=sys.stderr,
)
sys.exit(1)
# 4) Test phase
if not skip_tests:
print("\n🧪 Running tests (make messy-test)...\n")
subprocess.run(["make", "messy-test"], check=True)
else:
print("\n🧪 Tests skipped (--skip-tests)\n")
# Build ansible-playbook command
cmd = ["ansible-playbook", "-i", inventory, playbook]
# 5) Build ansible-playbook command
cmd: List[str] = ["ansible-playbook", "-i", inventory, playbook]
# --limit / -l
if limit:
cmd.extend(["--limit", limit])
cmd.extend(["-l", limit])
# extra var: allowed_applications
if allowed_applications:
joined = ",".join(allowed_applications)
cmd.extend(["-e", f"allowed_applications={joined}"])
# inject MODE_* variables as extra vars
for key, value in modes.items():
val = str(value).lower() if isinstance(value, bool) else str(value)
cmd.extend(["-e", f"{key}={val}"])
# vault password handling
if password_file:
# If a file is explicitly provided, pass it through
cmd.extend(["--vault-password-file", password_file])
else:
cmd.extend(["--ask-vault-pass"])
# else:
# No explicit vault option → ansible will prompt if it needs a password.
# This keeps the old behaviour and the CLI help text correct.
# diff mode
if diff:
cmd.append("--diff")
cmd.append("--diff")
# MODE_DEBUG=true → always at least -vvv
if modes.get("MODE_DEBUG", False):
verbose = max(verbose, 3)
# verbosity flags
if verbose:
cmd.append("-" + "v" * verbose)
print("\n🚀 Launching Ansible Playbook...\n")
subprocess.run(cmd, check=True)
# Capture output so the real Ansible error is visible before exit
result = subprocess.run(cmd, text=True, capture_output=True)
if result.stdout:
print(result.stdout, end="")
if result.stderr:
print(result.stderr, file=sys.stderr, end="")
if result.returncode != 0:
print(
f"\n[ERROR] ansible-playbook exited with status {result.returncode}\n",
file=sys.stderr,
)
sys.exit(result.returncode)
end_time = datetime.datetime.now()
print(f"\n✅ Script ended at: {end_time.isoformat()}\n")
@@ -98,22 +141,23 @@ def run_ansible_playbook(
print(f"⏱️ Total execution time: {duration}\n")
def validate_application_ids(inventory, app_ids):
"""
Abort the script if any application IDs are invalid, with detailed reasons.
"""
def validate_application_ids(inventory: str, app_ids: List[str]) -> None:
"""Use ValidDeployId helper to ensure all requested IDs are valid."""
if not app_ids:
return
from module_utils.valid_deploy_id import ValidDeployId
validator = ValidDeployId()
invalid = validator.validate(inventory, app_ids)
if invalid:
print("\n❌ Detected invalid application_id(s):\n")
print("\n[ERROR] Some application_ids are invalid for this inventory:\n")
for app_id, status in invalid.items():
reasons = []
if not status["in_roles"]:
reasons.append("not defined in roles (infinito)")
if not status["in_inventory"]:
reasons.append("not found in inventory file")
reasons: List[str] = []
if not status.get("allowed", True):
reasons.append("not allowed by configuration")
if not status.get("in_inventory", True):
reasons.append("not present in inventory")
print(f" - {app_id}: " + ", ".join(reasons))
sys.exit(1)
@@ -124,6 +168,7 @@ MODE_LINE_RE = re.compile(
def _parse_bool_literal(text: str) -> Optional[bool]:
"""Parse a simple true/false/yes/no/on/off into bool or None."""
t = text.strip().lower()
if t in ("true", "yes", "on"):
return True
@@ -134,12 +179,11 @@ def _parse_bool_literal(text: str) -> Optional[bool]:
def load_modes_from_yaml(modes_yaml_path: str) -> List[Dict[str, Any]]:
"""
Parse group_vars/all/01_modes.yml line-by-line to recover:
- name (e.g., MODE_TEST)
- default (True/False/None if templated/unknown)
- help (from trailing # comment, if present)
Load MODE_* metadata from a simple key: value file.
Each non-comment, non-empty line is parsed via MODE_LINE_RE.
"""
modes = []
modes: List[Dict[str, Any]] = []
if not os.path.exists(modes_yaml_path):
raise FileNotFoundError(f"Modes file not found: {modes_yaml_path}")
@@ -173,8 +217,11 @@ def add_dynamic_mode_args(
parser: argparse.ArgumentParser, modes_meta: List[Dict[str, Any]]
) -> Dict[str, Dict[str, Any]]:
"""
Add argparse options based on modes metadata.
Returns a dict mapping mode name -> { 'dest': <argparse_dest>, 'default': <bool/None>, 'kind': 'bool_true'|'bool_false'|'explicit' }.
Add dynamic CLI flags based on MODE_* metadata.
- MODE_FOO: true -> --skip-foo (default enabled, flag disables it)
- MODE_BAR: false -> --bar (default disabled, flag enables it)
- MODE_BAZ: null -> --baz {true,false} (explicit)
"""
spec: Dict[str, Dict[str, Any]] = {}
for m in modes_meta:
@@ -198,7 +245,10 @@ def add_dynamic_mode_args(
else:
opt = f"--{short}"
dest = short
help_txt = desc or f"Set {short} explicitly (true/false). If omitted, keep inventory default."
help_txt = (
desc
or f"Set {short} explicitly (true/false). If omitted, keep inventory default."
)
parser.add_argument(opt, choices=["true", "false"], help=help_txt, dest=dest)
spec[name] = {"dest": dest, "default": None, "kind": "explicit"}
@@ -209,7 +259,7 @@ def build_modes_from_args(
spec: Dict[str, Dict[str, Any]], args_namespace: argparse.Namespace
) -> Dict[str, Any]:
"""
Using the argparse results and the spec, compute the `modes` dict to pass to Ansible.
Build a MODE_* dict from parsed CLI args and the dynamic spec.
"""
modes: Dict[str, Any] = {}
for mode_name, info in spec.items():
@@ -218,18 +268,20 @@ def build_modes_from_args(
val = getattr(args_namespace, dest, None)
if kind == "bool_true":
# default True, flag means "skip" → False
modes[mode_name] = False if val else True
elif kind == "bool_false":
# default False, flag enables → True
modes[mode_name] = True if val else False
else:
else: # explicit
if val is not None:
modes[mode_name] = True if val == "true" else False
return modes
def main():
def main() -> None:
parser = argparse.ArgumentParser(
description="Run the central Ansible deployment script to manage infrastructure, updates, and tests."
description="Deploy the Infinito.Nexus stack via ansible-playbook."
)
parser.add_argument(
@@ -246,24 +298,30 @@ def main():
"--host-type",
choices=["server", "desktop"],
default="server",
help="Specify whether the target is a server or a personal computer. Affects role selection and variables.",
help=(
"Specify whether the target is a server or a personal computer. "
"Affects role selection and variables."
),
)
parser.add_argument(
"-p",
"--password-file",
help="Path to the file containing the Vault password. If not provided, prompts for the password interactively.",
help=(
"Path to the file containing the Vault password. "
"If not provided, ansible-vault will prompt interactively."
),
)
parser.add_argument(
"-B",
"--skip-build",
action="store_true",
help="Skip running 'make build' before deployment.",
help="Skip running 'make messy-build' before deployment.",
)
parser.add_argument(
"-t",
"--skip-tests",
action="store_true",
help="Skip running 'make messy-tests' before deployment.",
help="Skip running 'make messy-test' before deployment.",
)
parser.add_argument(
"-i",
@@ -271,28 +329,32 @@ def main():
nargs="+",
default=[],
dest="id",
help="List of application_id's for partial deploy. If not set, all application IDs defined in the inventory will be executed.",
help=(
"List of application_id's for partial deploy. "
"If not set, all application IDs defined in the inventory will be executed."
),
)
parser.add_argument(
"-v",
"--verbose",
action="count",
default=0,
help="Increase verbosity level. Multiple -v flags increase detail (e.g., -vvv for maximum log output).",
help=(
"Increase verbosity level. Multiple -v flags increase detail "
"(e.g., -vvv for maximum log output)."
),
)
parser.add_argument(
"--logs",
action="store_true",
help="Keep the CLI logs during cleanup command",
help="Keep the CLI logs during cleanup command.",
)
parser.add_argument(
"--diff",
action="store_true",
help="Pass --diff to ansible-playbook to show configuration changes.",
)
# ---- Dynamically add mode flags from group_vars/all/01_modes.yml ----
script_dir = os.path.dirname(os.path.realpath(__file__))
repo_root = os.path.dirname(script_dir)
modes_yaml_path = os.path.join(repo_root, "group_vars", "all", "01_modes.yml")
@@ -302,10 +364,7 @@ def main():
args = parser.parse_args()
validate_application_ids(args.inventory, args.id)
# Build modes from dynamic args
modes = build_modes_from_args(modes_spec, args)
# Additional non-dynamic flags
modes["MODE_LOGS"] = args.logs
modes["host_type"] = args.host_type