Since the changes in #5, which automated the retrieval of checksum info from the OSSEC website, it's necessary to run rake
to generate ansible_vars.json
. If you do not do this, there's a thoroughly unhelpful error message:
$ vagrant up build
Bringing machine 'build' up with 'virtualbox' provider...
There are errors in the configuration of this machine. Please fix
the following errors and try again:
ansible provisioner:
* `extra_vars` for the Ansible provisioner must be a hash or a path to an
existing file. Received: ansible_vars.json (as String)
This is because the Vagrantfile now includes ansible.extra_vars = "ansible_vars.json"
, and vagrant can't find that file, so it yells at you.
Solutions
Add checks for file existence to Vagrantfile before the ansible provisioner runs
Advantage here is that we can have a custom error message, instructing the user to run the rake
command, or at least refer to the README. This is worth implementing as a stopgap measure because it's a trivial change.
Move vars include into playbook
Doing so results in a marginally more useful error message:
# snip...
==> build: Running provisioner: ansible...
PYTHONUNBUFFERED=1 ANSIBLE_HOST_KEY_CHECKING=false ANSIBLE_FORCE_COLOR=true
ANSIBLE_SSH_ARGS='-o UserKnownHostsFile=/dev/null -o IdentitiesOnly=yes -o
ControlMaster=auto -o ControlPersist=60s' ansible-playbook --user=vagrant
--connection=ssh --timeout=30 --limit='build'
--inventory-file=/path/to/this/repo/ossec/.vagrant/provisioners/ansible/inventor
y -v ansible/build-deb-pkgs.yml
ERROR: file could not read: /path/to/this/repo/ossec/ansible_vars.json
Ansible failed to complete successfully. Any error output should be
visible above. Please fix these errors and try again.
However, it still doesn't tell you what you need to fix it. It's cleaner practice, and so worth implementing, but only as a supplementary stopgap measure, on top of file existence checking.
Use ansible to fetch the vars dynamically
The rake
dependency provided by #5 introduced complexity I was loathe to accept, but the additions were a great step forward in automating tedium. In fact, the rake
approach is what gave me the idea to leverage ansible module for fetching vars in the grsecurity repo. A long-term solution should bundle a library with the ossec building role and ditch the Ruby dependencies for bundler
and rake
.