Initial EE integration

awx/main/tasks.py

@@ -887,6 +887,9 @@ class BaseTask(object):
         '''
         return os.path.abspath(os.path.join(os.path.dirname(__file__), *args))
 
+    def build_execution_environment_params(self, instance):
+        return {}
+
     def build_private_data(self, instance, private_data_dir):
         '''
         Return SSH private key data (only if stored in DB as ssh_key_data).
@@ -1129,12 +1132,13 @@ class BaseTask(object):
             for hostname, hv in script_data.get('_meta', {}).get('hostvars', {}).items()
         }
         json_data = json.dumps(script_data)
-        handle, path = tempfile.mkstemp(dir=private_data_dir)
-        f = os.fdopen(handle, 'w')
-        f.write('#! /usr/bin/env python\n# -*- coding: utf-8 -*-\nprint(%r)\n' % json_data)
-        f.close()
-        os.chmod(path, stat.S_IRUSR | stat.S_IXUSR | stat.S_IWUSR)
-        return path
+        path = os.path.join(private_data_dir, 'inventory')
+        os.makedirs(path, mode=0o700)
+        fn = os.path.join(path, 'hosts')
+        with open(fn, 'w') as f:
+            os.chmod(fn, stat.S_IRUSR | stat.S_IXUSR | stat.S_IWUSR)
+            f.write('#! /usr/bin/env python3\n# -*- coding: utf-8 -*-\nprint(%r)\n' % json_data)
+        return fn
 
     def build_args(self, instance, private_data_dir, passwords):
         raise NotImplementedError
@@ -1429,6 +1433,7 @@ class BaseTask(object):
             process_isolation_params = self.build_params_process_isolation(self.instance,
                                                                            private_data_dir,
                                                                            cwd)
+            execution_environment_params = self.build_execution_environment_params(self.instance)
             env = self.build_env(self.instance, private_data_dir, isolated,
                                  private_data_files=private_data_files)
             self.safe_env = build_safe_env(env)
@@ -1463,7 +1468,8 @@ class BaseTask(object):
                 'settings': {
                     'job_timeout': self.get_instance_timeout(self.instance),
                     'suppress_ansible_output': True,
-                    **process_isolation_params,
+                    #**process_isolation_params,
+                    **execution_environment_params,
                     **resource_profiling_params,
                 },
             }
@@ -2003,6 +2009,14 @@ class RunJob(BaseTask):
             if inventory is not None:
                 update_inventory_computed_fields.delay(inventory.id)
 
+    def build_execution_environment_params(self, instance):
+        execution_environment_params = {
+            "container_image": settings.AWX_EXECUTION_ENVIRONMENT_DEFAULT_IMAGE,
+            "process_isolation": True
+        }
+        return execution_environment_params
+
+
 
 @task(queue=get_local_queuename)
 class RunProjectUpdate(BaseTask):
@@ -2349,7 +2363,7 @@ class RunProjectUpdate(BaseTask):
 
         # the project update playbook is not in a git repo, but uses a vendoring directory
         # to be consistent with the ansible-runner model,
-        # that is moved into the runner projecct folder here
+        # that is moved into the runner project folder here
         awx_playbooks = self.get_path_to('..', 'playbooks')
         copy_tree(awx_playbooks, os.path.join(private_data_dir, 'project'))
 
@@ -2484,6 +2498,18 @@ class RunProjectUpdate(BaseTask):
         '''
         return getattr(settings, 'AWX_PROOT_ENABLED', False)
 
+    def build_execution_environment_params(self, instance):
+        project_path = os.path.dirname(instance.get_project_path(check_if_exists=False))
+        execution_environment_params = {
+            "process_isolation": True,
+            "container_image": settings.AWX_EXECUTION_ENVIRONMENT_DEFAULT_IMAGE,
+            "container_volume_mounts": [
+                f"{project_path}:{project_path}",
+            ]
+
+        }
+        return execution_environment_params
+
 
 @task(queue=get_local_queuename)
 class RunInventoryUpdate(BaseTask):
@@ -2983,6 +3009,13 @@ class RunAdHocCommand(BaseTask):
         if isolated_manager_instance:
             isolated_manager_instance.cleanup()
 
+    def build_execution_environment_params(self, instance):
+        execution_environment_params = {
+            "container_image": settings.AWX_EXECUTION_ENVIRONMENT_DEFAULT_IMAGE,
+            "process_isolation": True
+        }
+        return execution_environment_params
+
 
 @task(queue=get_local_queuename)
 class RunSystemJob(BaseTask):

awx/settings/defaults.py

@@ -65,6 +65,8 @@ AWX_CONTAINER_GROUP_POD_LAUNCH_RETRY_DELAY = 5
 AWX_CONTAINER_GROUP_DEFAULT_NAMESPACE = 'default'
 AWX_CONTAINER_GROUP_DEFAULT_IMAGE = 'ansible/ansible-runner'
 
+AWX_EXECUTION_ENVIRONMENT_DEFAULT_IMAGE = 'quay.io/ansible/ansible-runner:devel'
+
 # Internationalization
 # https://docs.djangoproject.com/en/dev/topics/i18n/
 #