gantsign / ansible-role-visual-studio-code Goto Github PK

While Visual Studio Code is well featured out of the box I usually end up installing a few extensions. It'd be nice if these extensions were installed by the Ansible role.

I am getting an error when trying to install extensions on a RedHat 7.9 Workstation system:

"msg": "Error querying installed extensions [vscjava.vscode-java-pack]: Error: /lib64/libstdc++.so.6: version `CXXABI_1.3.9' not found (required by /usr/share/code/resources/app/node_modules.asar.unpacked/spdlog/build/Release/spdlog.node)\n at process.func [as dlopen] (electron/js2c/asar_bundle.js:5:1812)\n at Object.Module._extensions..node (internal/modules/cjs/loader.js:1250:18)\n at Object.func [as .node] (electron/js2c/asar_bundle.js:5:2039)\n at Module.load (internal/modules/cjs/loader.js:1039:32)\n at Module._load (internal/modules/cjs/loader.js:932:14)\n at Function.f._load (electron/js2c/asar_bundle.js:5:12738)\n at Module.require (internal/modules/cjs/loader.js:1079:19)\n at require (internal/modules/cjs/helpers.js:72:18)\n at bindings (/usr/share/code/resources/app/node_modules.asar/bindings/bindings.js:112:48)\n at Object. (/usr/share/code/resources/app/node_modules.asar/spdlog/index.js:3:35)\n at Module._compile (internal/modules/cjs/loader.js:1199:30)\n at Object.Module._extensions..js (internal/modules/cjs/loader.js:1220:10)\n at Module.load (internal/modules/cjs/loader.js:1039:32)\n at Module._load (internal/modules/cjs/loader.js:932:14)\n at Function.f._load (electron/js2c/asar_bundle.js:5:12738)\n at Module.require (internal/modules/cjs/loader.js:1079:19)\n at require (internal/modules/cjs/helpers.js:72:18)\n at t (/usr/share/code/resources/app/out/vs/loader.js:4:101)\n at r.load (/usr/share/code/resources/app/out/vs/loader.js:3:13249)\n at r.load (/usr/share/code/resources/app/out/vs/loader.js:3:10262)\n at c (/usr/share/code/resources/app/out/vs/loader.js:4:10314)\n at Object.errorback (/usr/share/code/resources/app/out/vs/loader.js:4:10435)\n at r.triggerErrorback (/usr/share/code/resources/app/out/vs/loader.js:3:10626)\n at /usr/share/code/resources/app/out/vs/loader.js:3:10332\n at r.load (/usr/share/code/resources/app/out/vs/loader.js:3:13266)\n at r.load (/usr/share/code/resources/app/out/vs/loader.js:3:10262)\n at c (/usr/share/code/resources/app/out/vs/loader.js:4:10314)\n at r._loadModule (/usr/share/code/resources/app/out/vs/loader.js:4:10444)\n at r._resolve (/usr/share/code/resources/app/out/vs/loader.js:5:452)\n at r.defineModule (/usr/share/code/resources/app/out/vs/loader.js:4:6145)\n at r._relativeRequire (/usr/share/code/resources/app/out/vs/loader.js:4:6831)\n at n (/usr/share/code/resources/app/out/vs/loader.js:4:9420)\n at f (/usr/share/code/resources/app/out/vs/code/node/cliProcessMain.js:13:42562)\n at new Promise ()\n at b (/usr/share/code/resources/app/out/vs/code/node/cliProcessMain.js:13:42542)\n at m._createSpdLogLogger (/usr/share/code/resources/app/out/vs/code/node/cliProcessMain.js:13:43517)\n at new m (/usr/share/code/resources/app/out/vs/code/node/cliProcessMain.js:13:43322)\n at c.initServices (/usr/share/code/resources/app/out/vs/code/node/cliProcessMain.js:16:57027)\n at async c.run (/usr/share/code/resources/app/out/vs/code/node/cliProcessMain.js:16:56421)\n at async Object.h [as main] (/usr/share/code/resources/app/out/vs/code/node/cliProcessMain.js:16:59927)\n at async C (/usr/share/code/resources/app/out/vs/code/node/cli.js:12:13346) {\n phase: 'loading',\n moduleId: 'spdlog',\n neededBy: [ '===anonymous5===' ]\n}\n"
}

When I query the library, it does not have the required version as the error says:

$ nm -D /lib64/libstdc++.so.6 | grep CXXABI
0000000000000000 A CXXABI_1.3
0000000000000000 A CXXABI_1.3.1
0000000000000000 A CXXABI_1.3.2
0000000000000000 A CXXABI_1.3.3
0000000000000000 A CXXABI_1.3.4
0000000000000000 A CXXABI_1.3.5
0000000000000000 A CXXABI_1.3.6
0000000000000000 A CXXABI_1.3.7
0000000000000000 A CXXABI_TM_1

I am pretty sure this worked before though. Any idea what may be wrong?

Hi,

i wanted to use your role, but ran into an issue with custom configurations.

TASK [ansible-role-visual-studio-code : create config directories for users] ************************************************************************************************************************************** failed: [localhost] (item=({u'username': u'domano', u'visual_studio_code_settings': {u'files.autoSave': u'afterDelay', u'files.autoSaveDelay': 1000, u'git.autofetch': True, u'explorer.openEditors.visible': 0}}, u'Ansible')) => {"changed": false, "gid": (removed groupid here), "group": "somegroup", "item": [{"username": "domano", "visual_studio_code_settings": {"explorer.openEditors.visible": 0, "files.autoSave": "afterDelay", "files.autoSaveDelay": 1000, "git.autofetch": true}}, "Ansible"], "mode": "0711", "msg": "chgrp failed: failed to look up group domano", "owner": "domano", "path": "/home/domano/.config", "size": 4096, "state": "directory", "uid": (removed my user id here)}

My playbook looks like this (at least the relevant part):
visual_studio_code_version: '1.21' users: - username: domano visual_studio_code_extensions: - Ansible - ansible-autocomplete - Go - IntelliJ IDEA Keybindings - language-Ansible visual_studio_code_settings: { "explorer.openEditors.visible": 0, "git.autofetch": true, "files.autoSave": "afterDelay", "files.autoSaveDelay": 1000 }

It'd be useful to preconfigure Visual Studio Code, by writing the settings.json for the user, based on configuration supplied in the playbook.

Putting the downloads into the system /tmp directory opens a security hole as other users have a chance to modify them. The default directory should be under the home folder of the user running Ansible (where other users normally won't have write access).

The variable name local_ansible_data_path is potentially confusing as it's actually a path on the remote machine (from the Ansible perspective); also, given this is a visual-studio-code role the variable should be prefixed with visual_studio_code_.

It's still beneficial to support a common variable for where to store downloads so visual_studio_code_download_dir will default to x_ansible_download_dir if set.

Renaming the variable to visual_studio_code_download_dir will be clearer and less misleading.

I use Home-brew Cask to install VS Code on my Mac. I would like to request a feature where you can install VS code beforehand and use the role just of installing the plugins.
The role can be customized for MacOS only as Home-brew cask is built for Mac.

Don't really know why, but until a few days ago your role was working fine and, now, it seems that MS changed something into their repository and I got this error:

TASK [vscode : install VS Code repo (apt)] *************************************
fatal: [default]: FAILED! => {"changed": false, "msg": "Failed to update apt cache: E:Failed to fetch https://packages.microsoft.com/repos/vscode/dists/stable/InRelease  Clearsigned file isn't valid, got 'NOSPLIT' (does the network require authentication?), E:The repository 'https://packages.microsoft.com/repos/vscode stable InRelease' is not signed."}

I've googled around and found this issue that has nearly the same problem and fixed it by updating the URL from https://packages.microsoft.com/repos/vscode ti https://packages.microsoft.com/repos/code

So this is the suggested patch, left here in case you find it useful to integrate and/or any other user of your role encounter the same issue

diff --git a/ansible/roles/vscode/tasks/install-apt.yml b/ansible/roles/vscode/tasks/install-apt.yml
index 70f9ea4..c6ff75c 100644
--- a/ansible/roles/vscode/tasks/install-apt.yml
+++ b/ansible/roles/vscode/tasks/install-apt.yml
@@ -24,7 +24,7 @@
 - name: install VS Code repo (apt)
   become: yes
   apt_repository:
-    repo: 'deb [arch=amd64] {{ visual_studio_code_mirror }}/repos/vscode stable main'
+    repo: 'deb [arch=amd64] {{ visual_studio_code_mirror }}/repos/code stable main'
     filename: vscode
     state: present
 

Hello @gantsign, after latest ansible-lint, now all playbooks that use ansible-role-visual-studio-code will fail until the name on Galaxy is role_name: visual_studio_code on meta/main.yml:
ansible/ansible-lint#3566 (comment)

You can even put role_name as visual-studio-code it gets automatically converted as extensively documented here: https://galaxy.ansible.com/docs/contributing/creating_role.html

Would you mind changing the name?

Thanks for building this role!

The one thing it doesn't have is declarative vs code extensions. By that, I mean if you run it multiple times while changing the list of extensions, it just keeps adding extensions rather than making the extensions match what the user has declared. It would be great for the list of extensions to truly reflect what extensions are installed.

Thanks again!

I'd like to add user specific settigns to settings.json, e.g. update the file with additional settings once it has been written (or even overwrite existing setttings).
Background: We provide a default setup of vscode to all team members, but things like the theme are pretty much down to each users preferences.

Currently the privilege escalation isn't being declared for the tasks that need it; because of this, to use this role you have to declare the privilege escalation for the role in your playbook, or run the whole playbook using sudo.

If the privilege escalation is declared for the tasks of this role, it'll work out of the box with no additional config required by the user.

This role works correctly on Ubuntu Trusty and Xenial but these versions are not declared in the Ansible Galaxy metadata as supported versions.

Since Trusty and Xenial are the current and previous LTS versions of Ubuntu it would be helpful to declare them as supported.

The config directory for insiders edition should be 'Code - Insiders', not Code-Insiders.

On Debian, this role leads to duplicate entries for the microsoft apt repository:

• One is created by the role to install visual studio code (package_microsoft_com_repos_vscode.list)
• The other entry is created by the Debian package of visual studio code (vscode.list)

This creates warnings about duplicate entries:

W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/packages_microsoft_com_repos_vscode.list:1 and /etc/apt/sources.list.d/vscode.list:3

I suggest removing the entry that is created by the role and relying on the one that is created by vs-code during installation.

macOS Catalina
Installed via cask.

While gantsign.visual-studio-code successfully installs VS Code (via cask), it fails to install extensions because macOS pops up this dialog (repeatedly):

If you click "Show in Finder", right click Visual Studio Code and choose "Open" then you get the same dialog but with an extra button to "Open". Once you've opened VS Code once, then you can re-run the role and it will work as expected.

Hello,
currently when adding the APT repository the AMD64 architecture is hardcoded.

deb [arch=amd64...

https://github.com/gantsign/ansible-role-visual-studio-code/blob/master/tasks/install-apt.yml#L37

this doesn't allow the use of the ansible role on arm64 or otherwise non amd64 architectures.

One can likely use the ansible_architecture fact/variable for condition based matching of repo to architecture.

Let me start by saying this role is completely awesome and has saved me a lot of pain! :-)

When running the role with extensions that are already installed I'm getting a lot of interactive vscode windows opening up. I've been able to reproduce the problem manually, and it looks like it has to do with the order of the parameters provided to vscode.

I think the issue is in the install_extension function in visual_studio_code_install_extension.py.

rc, out, err = module.run_command( ['code', '--install-extension', '--force', name])

Should be:

rc, out, err = module.run_command( ['code', '--install-extension', name, '--force'])

Currently running with:

• ubuntu 18.04.1
• ansible 2.5.1
• vscode v1.30.0
• gantsign.visual-studio-code v6.2.0

I see you support 16.04 and 18.04. It would be very nice if this role supports latest LTS.

I am having sometimes 503 erros while installing the defined extensions for multiple machines and multiple users per machine at the same time.

I fixed this by adding the register, until, retries and delay. It would be great if you would add such functionality in install_extensions.yml so that the internal module would be called again in case of those errors.

---
- name: Install extensions
  become: yes
  become_user: "{{ item.0.username }}"
  visual_studio_code_install_extension:
    executable: "{{ visual_studio_code_exe }}"
    name: "{{ item.1 }}"
  with_subelements:
    - "{{ users }}"
    - visual_studio_code_extensions
    - skip_missing: yes
  loop_control:
    label: "{{ item.0.username }}: {{ item.1 }}"
  register: install_extension_result
  until: install_extension_result is successful
  retries: 5
  delay: 10

implement flag visual_studio_code_add_repo with a default of true, which could be used to disable adding the repo

this feature request was discussed here: #200 (comment) as an alternativ

Sometimes it is needed to mark the microsoft ssl certificate as trusted. for example when you are behind a company proxy and this proxy changes the certificate a bit.

in APT you can mark the repo cert as trusted with trusted=yes
example: deb [arch=amd64 trusted=yes] https://packages.microsoft.com//repos/code stable main
source list documentation: https://manpages.debian.org/jessie/apt/sources.list.5.en.html

trusted=yes can be set to indicate that packages from this source are always authenticated even if the Release file is not signed or the signature can't be checked. This disables parts of apt-secure(8) and should therefore only be used in a local and trusted context. trusted=no is the opposite which handles even correctly authenticated sources as not authenticated.

For RPM source files a similar config value is gpgcheck
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/sec-configuring_yum_and_yum_repositories

gpgcheck=value
where value is one of:
0 — Disable GPG signature-checking on packages in all repositories, including local package installation.
1 — Enable GPG signature-checking on all packages in all repositories, including local package installation. gpgcheck=1 is the default, and thus all packages' signatures are checked.

this feature request was proposed here: #200 (comment)

I don't really think this is an issue with this project but I'm hoping you might provide some guidance.

I am Molecule-izing a large playbook to get it to run a full CI inside a GitHub Action workflow. Regardless of whether I run it locally or on the workflow, I need to get the Molecule Docker container running first with privilege and then as a non-root "ansible" user for this extension to work. I do so here and have the username for this role set in requirements.yml here:

- src: gantsign.visual-studio-code
  users:
    - username: "{{ ansible_user }}"
      visual_studio_code_extensions:
        - Shan.code-settings-sync

However, when I run Molecule on my local system or on a GitHub Actions workflow I get an error at:

TASK [gantsign.visual-studio-code : install extensions] ************************
    fatal: [instance]: FAILED! => {"msg": "Failed to set permissions on the temporary files Ansible needs to create when becoming an unprivileged user (rc: 1, err: chown: invalid user: 'artis3n'\n}). For information on working around this, see https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user"}

For the GitHub Workflow I get the same error for the user runner.

I've tried modifying the ansible_user via molecule.yml:

provisioner:
  name: ansible
  lint:
    name: ansible-lint
  options:
    'vault-id': ../../.vault_pass
  inventory:
    host_vars:
      instance:
        ansible_user: ansible

and my playbook.yml:

- name: Converge
  hosts: all
  gather_facts: yes
  vars:
    ansible_user: ansible

But it looks like ansible_user isn't correctly being set when the roles are run. Or, maybe there is something else happening in your role that I am completely missing? This should correspond to this:

- name: install extensions
  become: yes
  become_user: '{{ item.0.username }}'
  visual_studio_code_install_extension:
    executable: '{{ visual_studio_code_exe }}'
    name: '{{ item.1 }}'
  with_subelements:
    - '{{ users }}'
    - visual_studio_code_extensions
    - skip_missing: yes

which suggests it should be accepting my modified ansible_user as ansible.

Do you have any suggestions how I might continue to troubleshoot this?

Testing Ansible roles manually with Docker is a bit of a pain; Molecule (http://molecule.readthedocs.io/) makes it easy. It also provides a way to unify local unit testing with the tests ran by Travis CI.

Configure the project for running Molecule and change the Travis CI build to use Molecule.

When I run the role on an already configured instance of vscode, ansible can hang if a newer version of the extension is available:

% code --install-extension ms-vscode.Go            
> Extension 'ms-vscode.Go' v0.6.91 is already installed, but a newer version 0.6.93 is available in the marketplace. Would you like to update? Yes(0) | No(1)
> 

Adding a "--force" will avoid the hang and update the extension to the latest version.

diff --git a/tasks/install-extensions.yml b/tasks/install-extensions.yml
index 71b030b..7aa763a 100644
--- a/tasks/install-extensions.yml
+++ b/tasks/install-extensions.yml
@@ -44,7 +44,7 @@
 - name: install extensions
   become: yes
   become_user: '{{ item.0.username }}'
-  command: "code --install-extension '{{ item.1 }}'"
+  command: "code --install-extension '{{ item.1 }}' --force"
   with_subelements:
     - '{{ users }}'
     - visual_studio_code_extensions

I am currently setup a development environment on SLES and I can see that vscode is not updated when no version is set:

    - name: Install VS Code (zypper)
      become: yes
      community.general.zypper:
        name: "{{ visual_studio_code_package }}{{ (visual_studio_code_version | length > 0) | ternary('=' + visual_studio_code_version, '') }}"
        state: present

The code should be changed so that it installes the latest when no version is set:

- name: Install VS Code (zypper)
  become: yes
  community.general.zypper:
    name: "{{ visual_studio_code_package }}{{ (visual_studio_code_version | length > 0) | ternary('=' + visual_studio_code_version, '') }}"
    state: "{{ (visual_studio_code_version | length > 0) | ternary('present', 'latest') }}"

When using the role on a recent Kali image you would encounter a error during the dependency installation:

TASK [ansible-role-visual-studio-code : Install dependencies (apt)] ***********************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "No package matching 'gconf2' is available"}

Installing most of the dependencies is not necessary at this step and will be handled by apt at the time of installation. Only ca-certificates and apt-transport-https ar required. I would suggest changing the task to something like this:

- name: Install dependencies (apt)
  become: yes
  ansible.builtin.apt:
    name:
      - ca-certificates
      - apt-transport-https
    state: present