Server IP : 85.214.239.14 / Your IP : 3.139.235.99 Web Server : Apache/2.4.62 (Debian) System : Linux h2886529.stratoserver.net 4.9.0 #1 SMP Tue Jan 9 19:45:01 MSK 2024 x86_64 User : www-data ( 33) PHP Version : 7.4.18 Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, MySQL : OFF | cURL : OFF | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : OFF Directory : /lib/python3/dist-packages/ansible_collections/community/vmware/plugins/connection/ |
Upload File : |
# Copyright: (c) 2018, Deric Crago <deric.crago@gmail.com> # Copyright: (c) 2018, Ansible Project # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) # SPDX-License-Identifier: GPL-3.0-or-later from __future__ import absolute_import, division, print_function __metaclass__ = type DOCUMENTATION = r''' author: - Deric Crago (@dericcrago) <deric.crago@gmail.com> name: vmware_tools short_description: Execute tasks inside a VM via VMware Tools description: - Use VMware tools to run tasks in, or put/fetch files to guest operating systems running in VMware infrastructure. - In case of Windows VMs, set C(ansible_shell_type) to C(powershell). - Does not work with 'become'. requirements: - requests (Python library) options: vmware_host: description: - FQDN or IP Address for the connection (vCenter or ESXi Host). env: - name: VI_SERVER - name: VMWARE_HOST vars: - name: ansible_host - name: ansible_vmware_host required: true vmware_user: description: - Username for the connection. - "Requires the following permissions on the VM: - VirtualMachine.GuestOperations.Execute - VirtualMachine.GuestOperations.Modify - VirtualMachine.GuestOperations.Query" env: - name: VI_USERNAME - name: VMWARE_USER vars: - name: ansible_vmware_user required: true vmware_password: description: - Password for the connection. env: - name: VI_PASSWORD - name: VMWARE_PASSWORD vars: - name: ansible_vmware_password required: true vmware_port: description: - Port for the connection. env: - name: VI_PORTNUMBER - name: VMWARE_PORT vars: - name: ansible_port - name: ansible_vmware_port required: false default: 443 validate_certs: description: - Verify SSL for the connection. - "Note: This will validate certs for both C(vmware_host) and the ESXi host running the VM." env: - name: VMWARE_VALIDATE_CERTS vars: - name: ansible_vmware_validate_certs default: true type: bool vm_path: description: - Mutually exclusive with vm_uuid - VM path absolute to the connection. - "vCenter Example: C(Datacenter/vm/Discovered virtual machine/testVM)." - "ESXi Host Example: C(ha-datacenter/vm/testVM)." - Must include VM name, appended to 'folder' as would be passed to M(community.vmware.vmware_guest). - Needs to include I(vm) between the Datacenter and the rest of the VM path. - Datacenter default value for ESXi server is C(ha-datacenter). - Folder I(vm) is not visible in the vSphere Web Client but necessary for VMware API to work. vars: - name: ansible_vmware_guest_path required: false vm_uuid: description: - Mutually exclusive with vm_path - VM UUID to the connection. - UUID of the virtual machine from property config.uuid of vmware_vm_inventory plugin vars: - name: ansible_vmware_guest_uuid required: false vm_user: description: - VM username. - C(ansible_vmware_tools_user) is used for connecting to the VM. - C(ansible_user) is used by Ansible on the VM. vars: - name: ansible_user - name: ansible_vmware_tools_user required: true vm_password: description: - Password for the user in guest operating system. vars: - name: ansible_password - name: ansible_vmware_tools_password required: true exec_command_sleep_interval: description: - Time in seconds to sleep between execution of command. vars: - name: ansible_vmware_tools_exec_command_sleep_interval default: 0.5 type: float file_chunk_size: description: - File chunk size. - "(Applicable when writing a file to disk, example: using the C(fetch) module.)" vars: - name: ansible_vmware_tools_file_chunk_size default: 128 type: integer executable: description: - shell to use for execution inside container default: /bin/sh ini: - section: defaults key: executable env: - name: ANSIBLE_EXECUTABLE vars: - name: ansible_executable - name: ansible_vmware_tools_executable ''' example = r''' # example vars.yml --- ansible_connection: vmware_tools ansible_user: "{{ ansible_vmware_tools_user }}" ansible_vmware_host: vcenter.example.com ansible_vmware_user: administrator@vsphere.local ansible_vmware_password: Secr3tP4ssw0rd!12 ansible_vmware_validate_certs: false # default is true # vCenter Connection VM Path Example ansible_vmware_guest_path: DATACENTER/vm/FOLDER/{{ inventory_hostname }} # ESXi Connection VM Path Example ansible_vmware_guest_path: ha-datacenter/vm/{{ inventory_hostname }} ansible_vmware_tools_user: root ansible_vmware_tools_password: MyR00tPassw0rD # if the target VM guest is Windows set the 'ansible_shell_type' to 'powershell' ansible_shell_type: powershell # example playbook_linux.yml --- - name: Test VMware Tools Connection Plugin for Linux hosts: linux tasks: - command: whoami - ping: - copy: src: foo dest: /home/user/foo - fetch: src: /home/user/foo dest: linux-foo flat: true - file: path: /home/user/foo state: absent # example playbook_windows.yml --- - name: Test VMware Tools Connection Plugin for Windows hosts: windows tasks: - win_command: whoami - win_ping: - win_copy: src: foo dest: C:\Users\user\foo - fetch: src: C:\Users\user\foo dest: windows-foo flat: true - win_file: path: C:\Users\user\foo state: absent ''' import re from os.path import exists, getsize from socket import gaierror from ssl import SSLError from time import sleep import traceback REQUESTS_IMP_ERR = None PYVMOMI_IMP_ERR = None try: import requests HAS_REQUESTS = True except ImportError: REQUESTS_IMP_ERR = traceback.format_exc() HAS_REQUESTS = False try: from requests.packages import urllib3 HAS_URLLIB3 = True except ImportError: try: import urllib3 HAS_URLLIB3 = True except ImportError: HAS_URLLIB3 = False from ansible.errors import AnsibleError, AnsibleFileNotFound, AnsibleConnectionFailure from ansible.module_utils._text import to_bytes, to_native from ansible.plugins.connection import ConnectionBase from ansible.module_utils.basic import missing_required_lib try: from pyVim.connect import Disconnect, SmartConnect from pyVmomi import vim, vmodl HAS_PYVMOMI = True except ImportError: HAS_PYVMOMI = False PYVMOMI_IMP_ERR = traceback.format_exc() class Connection(ConnectionBase): """VMware Tools Connection.""" transport = 'community.vmware.vmware_tools' @property def vmware_host(self): """Read-only property holding the connection address.""" return self.get_option("vmware_host") @property def validate_certs(self): """Read-only property holding whether the connection should validate certs.""" return self.get_option("validate_certs") @property def authManager(self): """Guest Authentication Manager.""" return self._si.content.guestOperationsManager.authManager @property def fileManager(self): """Guest File Manager.""" return self._si.content.guestOperationsManager.fileManager @property def processManager(self): """Guest Process Manager.""" return self._si.content.guestOperationsManager.processManager @property def windowsGuest(self): """Return if VM guest family is windows.""" return self.vm.guest.guestFamily == "windowsGuest" def __init__(self, *args, **kwargs): """init.""" super(Connection, self).__init__(*args, **kwargs) if hasattr(self, "_shell") and self._shell.SHELL_FAMILY == "powershell": self.module_implementation_preferences = (".ps1", ".exe", "") self.become_methods = ["runas"] self.allow_executable = False self.has_pipelining = False self.allow_extras = True self._si = None def _establish_connection(self): connection_kwargs = { "host": self.vmware_host, "user": self.get_option("vmware_user"), "pwd": self.get_option("vmware_password"), "port": self.get_option("vmware_port"), } if not self.validate_certs: if HAS_URLLIB3: urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) connection_kwargs['disableSslCertValidation'] = True try: self._si = SmartConnect(**connection_kwargs) except SSLError: raise AnsibleError("SSL Error: Certificate verification failed.") except (gaierror): raise AnsibleError("Connection Error: Unable to connect to '%s'." % to_native(connection_kwargs["host"])) except vim.fault.InvalidLogin as e: raise AnsibleError("Connection Login Error: %s" % to_native(e.msg)) def _establish_vm(self, check_vm_credentials=True): searchIndex = self._si.content.searchIndex self.vm = None if self.get_option("vm_path") is not None: self.vm = searchIndex.FindByInventoryPath(self.get_option("vm_path")) if self.vm is None: raise AnsibleError("Unable to find VM by path '%s'" % to_native(self.get_option("vm_path"))) elif self.get_option("vm_uuid") is not None: self.vm = searchIndex.FindByUuid(None, self.get_option("vm_uuid"), True) if self.vm is None: raise AnsibleError("Unable to find VM by uuid '%s'" % to_native(self.get_option("vm_uuid"))) self.vm_auth = vim.NamePasswordAuthentication( username=self.get_option("vm_user"), password=self.get_option("vm_password"), interactiveSession=False ) try: if check_vm_credentials: self.authManager.ValidateCredentialsInGuest(vm=self.vm, auth=self.vm_auth) except vim.fault.InvalidPowerState as e: raise AnsibleError("VM Power State Error: %s" % to_native(e.msg)) except vim.fault.RestrictedVersion as e: raise AnsibleError("Restricted Version Error: %s" % to_native(e.msg)) except vim.fault.GuestOperationsUnavailable as e: raise AnsibleError("VM Guest Operations (VMware Tools) Error: %s" % to_native(e.msg)) except vim.fault.InvalidGuestLogin as e: raise AnsibleError("VM Login Error: %s" % to_native(e.msg)) except vim.fault.NoPermission as e: raise AnsibleConnectionFailure("No Permission Error: %s %s" % (to_native(e.msg), to_native(e.privilegeId))) except vmodl.fault.SystemError as e: if e.reason == 'vix error codes = (3016, 0).\n': raise AnsibleConnectionFailure( "Connection failed, is the vm currently rebooting? Reason: %s" % ( to_native(e.reason) ) ) else: raise AnsibleConnectionFailure("Connection failed. Reason %s" % (to_native(e.reason))) except vim.fault.GuestOperationsUnavailable: raise AnsibleConnectionFailure("Cannot connect to guest. Native error: GuestOperationsUnavailable") def _connect(self, check_vm_credentials=True): if not HAS_REQUESTS: raise AnsibleError("%s : %s" % (missing_required_lib('requests'), REQUESTS_IMP_ERR)) if not HAS_PYVMOMI: raise AnsibleError("%s : %s" % (missing_required_lib('PyVmomi'), PYVMOMI_IMP_ERR)) super(Connection, self)._connect() if not self.connected: self._establish_connection() self._establish_vm(check_vm_credentials=check_vm_credentials) self._connected = True def close(self): """Close connection.""" super(Connection, self).close() Disconnect(self._si) self._connected = False def reset(self): """Reset the connection to vcenter.""" # TODO: Fix persistent connection implementation currently ansible creates new connections to vcenter for each task # therefore we're currently closing a non existing connection here and establish a connection just for being thrown away # right afterwards. self.close() self._connect(check_vm_credentials=False) def create_temporary_file_in_guest(self, prefix="", suffix=""): """Create a temporary file in the VM.""" try: return self.fileManager.CreateTemporaryFileInGuest(vm=self.vm, auth=self.vm_auth, prefix=prefix, suffix=suffix) except vim.fault.NoPermission as e: raise AnsibleError("No Permission Error: %s %s" % (to_native(e.msg), to_native(e.privilegeId))) except vmodl.fault.SystemError as e: if e.reason == 'vix error codes = (3016, 0).\n': raise AnsibleConnectionFailure( "Connection failed, is the vm currently rebooting? Reason: %s" % ( to_native(e.reason) ) ) else: raise AnsibleConnectionFailure("Connection failed. Reason %s" % (to_native(e.reason))) except vim.fault.GuestOperationsUnavailable: raise AnsibleConnectionFailure("Cannot connect to guest. Native error: GuestOperationsUnavailable") def _get_program_spec_program_path_and_arguments(self, cmd): if self.windowsGuest: ''' we need to warp the execution of powershell into a cmd /c because the call otherwise fails with "Authentication or permission failure" #FIXME: Fix the unecessary invocation of cmd and run the command directly ''' program_path = "cmd.exe" arguments = "/c %s" % cmd else: program_path = self.get_option("executable") arguments = re.sub(r"^%s\s*" % program_path, "", cmd) return program_path, arguments def _get_guest_program_spec(self, cmd, stdout, stderr): guest_program_spec = vim.GuestProgramSpec() program_path, arguments = self._get_program_spec_program_path_and_arguments(cmd) arguments += " 1> %s 2> %s" % (stdout, stderr) guest_program_spec.programPath = program_path guest_program_spec.arguments = arguments return guest_program_spec def _get_pid_info(self, pid): try: processes = self.processManager.ListProcessesInGuest(vm=self.vm, auth=self.vm_auth, pids=[pid]) except vim.fault.NoPermission as e: raise AnsibleError("No Permission Error: %s %s" % (to_native(e.msg), to_native(e.privilegeId))) except vmodl.fault.SystemError as e: # https://pubs.vmware.com/vsphere-6-5/index.jsp?topic=%2Fcom.vmware.wssdk.smssdk.doc%2Fvmodl.fault.SystemError.html # https://github.com/ansible/ansible/issues/57607 if e.reason == 'vix error codes = (1, 0).\n': raise AnsibleConnectionFailure( "Connection failed, Netlogon service stopped or dcpromo in progress. Reason: %s" % ( to_native(e.reason) ) ) else: raise AnsibleConnectionFailure("Connection plugin failed. Reason: %s" % (to_native(e.reason))) except vim.fault.GuestOperationsUnavailable: raise AnsibleConnectionFailure("Cannot connect to guest. Native error: GuestOperationsUnavailable") except vim.fault.InvalidGuestLogin: raise AnsibleConnectionFailure("Guest login failed. Native error: InvalidGuestLogin") return processes[0] def _fix_url_for_hosts(self, url): """ Fix url if connection is a host. The host part of the URL is returned as '*' if the hostname to be used is the name of the server to which the call was made. For example, if the call is made to esx-svr-1.domain1.com, and the file is available for download from http://esx-svr-1.domain1.com/guestFile?id=1&token=1234, the URL returned may be http://*/guestFile?id=1&token=1234. The client replaces the asterisk with the server name on which it invoked the call. https://code.vmware.com/apis/358/vsphere#/doc/vim.vm.guest.FileManager.FileTransferInformation.html """ return url.replace("*", self.vmware_host) def _fetch_file_from_vm(self, guestFilePath): try: fileTransferInformation = self.fileManager.InitiateFileTransferFromGuest(vm=self.vm, auth=self.vm_auth, guestFilePath=guestFilePath) except vim.fault.NoPermission as e: raise AnsibleError("No Permission Error: %s %s" % (to_native(e.msg), to_native(e.privilegeId))) except vmodl.fault.SystemError as e: if e.reason == 'vix error codes = (3016, 0).\n': raise AnsibleConnectionFailure( "Connection failed, is the vm currently rebooting? Reason: %s" % ( to_native(e.reason) ) ) else: raise AnsibleConnectionFailure("Connection failed. Reason %s" % (to_native(e.reason))) except vim.fault.GuestOperationsUnavailable: raise AnsibleConnectionFailure("Cannot connect to guest. Native error: GuestOperationsUnavailable") url = self._fix_url_for_hosts(fileTransferInformation.url) response = requests.get(url, verify=self.validate_certs, stream=True) if response.status_code != 200: raise AnsibleError("Failed to fetch file") return response def delete_file_in_guest(self, filePath): """Delete file from VM.""" try: self.fileManager.DeleteFileInGuest(vm=self.vm, auth=self.vm_auth, filePath=filePath) except vim.fault.NoPermission as e: raise AnsibleError("No Permission Error: %s %s" % (to_native(e.msg), to_native(e.privilegeId))) except vmodl.fault.SystemError as e: if e.reason == 'vix error codes = (3016, 0).\n': raise AnsibleConnectionFailure( "Connection failed, is the vm currently rebooting? Reason: %s" % ( to_native(e.reason) ) ) else: raise AnsibleConnectionFailure("Connection failed. Reason %s" % (to_native(e.reason))) except vim.fault.GuestOperationsUnavailable: raise AnsibleConnectionFailure("Cannot connect to guest. Native error: GuestOperationsUnavailable") def exec_command(self, cmd, in_data=None, sudoable=True): """Execute command.""" super(Connection, self).exec_command(cmd, in_data=in_data, sudoable=sudoable) stdout = self.create_temporary_file_in_guest(suffix=".stdout") stderr = self.create_temporary_file_in_guest(suffix=".stderr") guest_program_spec = self._get_guest_program_spec(cmd, stdout, stderr) try: pid = self.processManager.StartProgramInGuest(vm=self.vm, auth=self.vm_auth, spec=guest_program_spec) except vim.fault.NoPermission as e: raise AnsibleError("No Permission Error: %s %s" % (to_native(e.msg), to_native(e.privilegeId))) except vim.fault.FileNotFound as e: raise AnsibleError("StartProgramInGuest Error: %s" % to_native(e.msg)) except vmodl.fault.SystemError as e: if e.reason == 'vix error codes = (3016, 0).\n': raise AnsibleConnectionFailure( "Connection failed, is the vm currently rebooting? Reason: %s" % ( to_native(e.reason) ) ) else: raise AnsibleConnectionFailure("Connection failed. Reason %s" % (to_native(e.reason))) except vim.fault.GuestOperationsUnavailable: raise AnsibleConnectionFailure("Cannot connect to guest. Native error: GuestOperationsUnavailable") pid_info = self._get_pid_info(pid) while pid_info.endTime is None: sleep(self.get_option("exec_command_sleep_interval")) pid_info = self._get_pid_info(pid) stdout_response = self._fetch_file_from_vm(stdout) self.delete_file_in_guest(stdout) stderr_response = self._fetch_file_from_vm(stderr) self.delete_file_in_guest(stderr) return pid_info.exitCode, stdout_response.text, stderr_response.text def fetch_file(self, in_path, out_path): """Fetch file.""" super(Connection, self).fetch_file(in_path, out_path) in_path_response = self._fetch_file_from_vm(in_path) with open(out_path, "wb") as fd: for chunk in in_path_response.iter_content(chunk_size=self.get_option("file_chunk_size")): fd.write(chunk) def put_file(self, in_path, out_path): """Put file.""" super(Connection, self).put_file(in_path, out_path) if not exists(to_bytes(in_path, errors="surrogate_or_strict")): raise AnsibleFileNotFound("file or module does not exist: '%s'" % to_native(in_path)) try: put_url = self.fileManager.InitiateFileTransferToGuest( vm=self.vm, auth=self.vm_auth, guestFilePath=out_path, fileAttributes=vim.GuestFileAttributes(), fileSize=getsize(in_path), overwrite=True ) except vim.fault.NoPermission as e: raise AnsibleError("No Permission Error: %s %s" % (to_native(e.msg), to_native(e.privilegeId))) except vmodl.fault.SystemError as e: if e.reason == 'vix error codes = (3016, 0).\n': raise AnsibleConnectionFailure( "Connection failed, is the vm currently rebooting? Reason: %s" % ( to_native(e.reason) ) ) else: raise AnsibleConnectionFailure("Connection failed. Reason %s" % (to_native(e.reason))) except vim.fault.GuestOperationsUnavailable: raise AnsibleConnectionFailure("Cannot connect to guest. Native error: GuestOperationsUnavailable") url = self._fix_url_for_hosts(put_url) # file size of 'in_path' must be greater than 0 with open(in_path, "rb") as fd: response = requests.put(url, verify=self.validate_certs, data=fd) if response.status_code != 200: raise AnsibleError("File transfer failed")