From 7db9b48e9cfc9e3f9b9623250af58f344b05f6bd Mon Sep 17 00:00:00 2001
From: Ryan Petrello <rpetrell@redhat.com>
Date: Thu, 3 Aug 2017 17:16:28 -0400
Subject: [PATCH] add a configurable for disabling the auto-generated isolated
 RSA key

some users won't want to utilize the RSA key we auto-generate for
isolated node SSH access, but will instead want to manage SSH
authentication by hand outside of Tower

see: https://github.com/ansible/ansible-tower/issues/7380
---
 awx/main/conf.py                      | 12 ++++++++++++
 awx/main/isolated/isolated_manager.py |  6 +++++-
 awx/settings/development.py           |  1 +
 3 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/awx/main/conf.py b/awx/main/conf.py
index c8aab83860..c4f4bcf9b0 100644
--- a/awx/main/conf.py
+++ b/awx/main/conf.py
@@ -205,6 +205,18 @@ register(
     category_slug='jobs',
 )
 
+register(
+    'AWX_ISOLATED_KEY_GENERATION',
+    field_class=fields.BooleanField,
+    default=True,
+    label=_('Generate RSA keys for isolated instances'),
+    help_text=_('If set, a random RSA key will be generated and distributed to '
+                'isolated instances.  To disable this behavior and manage authentication '
+                'for isolated instances outside of Tower, disable this setting.'),  # noqa
+    category=_('Jobs'),
+    category_slug='jobs',
+)
+
 register(
     'AWX_ISOLATED_PRIVATE_KEY',
     field_class=fields.CharField,
diff --git a/awx/main/isolated/isolated_manager.py b/awx/main/isolated/isolated_manager.py
index 5e46230731..94c003eace 100644
--- a/awx/main/isolated/isolated_manager.py
+++ b/awx/main/isolated/isolated_manager.py
@@ -192,7 +192,10 @@ class IsolatedManager(object):
     def run_pexpect(cls, pexpect_args, *args, **kw):
         isolated_ssh_path = None
         try:
-            if getattr(settings, 'AWX_ISOLATED_PRIVATE_KEY', None):
+            if all([
+                getattr(settings, 'AWX_ISOLATED_KEY_GENERATION', False) is True,
+                getattr(settings, 'AWX_ISOLATED_PRIVATE_KEY', None)
+            ]):
                 isolated_ssh_path = tempfile.mkdtemp(prefix='awx_isolated', dir=settings.AWX_PROOT_BASE_PATH)
                 os.chmod(isolated_ssh_path, stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR)
                 isolated_key = os.path.join(isolated_ssh_path, '.isolated')
@@ -277,6 +280,7 @@ class IsolatedManager(object):
             args.append('-%s' % ('v' * min(5, self.instance.verbosity)))
 
         status = 'failed'
+        output = ''
         rc = None
         buff = cStringIO.StringIO()
         last_check = time.time()
diff --git a/awx/settings/development.py b/awx/settings/development.py
index cb6834ee2d..1da1882a27 100644
--- a/awx/settings/development.py
+++ b/awx/settings/development.py
@@ -59,6 +59,7 @@ AWX_PROOT_ENABLED = True
 
 AWX_ISOLATED_USERNAME = 'root'
 AWX_ISOLATED_CHECK_INTERVAL = 1
+AWX_ISOLATED_LAUNCH_TIMEOUT = 30
 
 # Disable Pendo on the UI for development/test.
 # Note: This setting may be overridden by database settings.