External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-01 00:38:45 -03:30
Code Issues Packages Projects Releases Wiki Activity

Allow work signing for execution node (#12771)

Browse Source 
- work-signing added to the generated receptor config
- During receptor task submission, signwork is True when submitting to
  an execution node
This commit is contained in:
Seth Foster
2022-08-29 16:19:53 -04:00
committed by Jeff Bradberry
parent e1c33935fb
commit 3b024a057f
1 changed files with 13 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
awx/main/tasks/receptor.py
View File

@@ -158,8 +158,7 @@ def run_until_complete(node, timing_data=None, **kwargs):
kwargs.setdefault('payload', '') kwargs.setdefault('payload', '')
transmit_start = time.time() transmit_start = time.time()
sign_work = False if settings.IS_K8S else True result = receptor_ctl.submit_work(worktype='ansible-runner', node=node, signwork=True, **kwargs)
result = receptor_ctl.submit_work(worktype='ansible-runner', node=node, signwork=sign_work, **kwargs)
unit_id = result['unitid'] unit_id = result['unitid']
run_start = time.time() run_start = time.time()
@@ -305,10 +304,6 @@ class AWXReceptorJob:
except Exception: except Exception:
logger.exception(f"Error releasing work unit {self.unit_id}.") logger.exception(f"Error releasing work unit {self.unit_id}.")
@property
def sign_work(self):
return False if settings.IS_K8S else True
def _run_internal(self, receptor_ctl): def _run_internal(self, receptor_ctl):
# Create a socketpair. Where the left side will be used for writing our payload # Create a socketpair. Where the left side will be used for writing our payload
# (private data dir, kwargs). The right side will be passed to Receptor for # (private data dir, kwargs). The right side will be passed to Receptor for
@@ -468,6 +463,10 @@ class AWXReceptorJob:
return receptor_params return receptor_params
@property
def sign_work(self):
return True if self.work_type in ('ansible-runner', 'local') else False
@property @property
def work_type(self): def work_type(self):
if self.task.instance.is_container_group_task: if self.task.instance.is_container_group_task:
@@ -598,10 +597,17 @@ class AWXReceptorJob:
return config return config
# TODO: receptor reload expects ordering within config items to be preserved
# if python dictionary is not preserving order properly, may need to find a
# solution. yaml.dump does not seem to work well with OrderedDict. below line may help
# yaml.add_representer(OrderedDict, lambda dumper, data: dumper.represent_mapping('tag:yaml.org,2002:map', data.items()))
#
RECEPTOR_CONFIG_STARTER = ( RECEPTOR_CONFIG_STARTER = (
{'control-service': {'service': 'control', 'filename': '/var/run/receptor/receptor.sock', 'permissions': '0600'}},
{'local-only': None}, {'local-only': None},
{'log-level': 'debug'},
{'control-service': {'service': 'control', 'filename': '/var/run/receptor/receptor.sock', 'permissions': '0660'}},
{'work-command': {'worktype': 'local', 'command': 'ansible-runner', 'params': 'worker', 'allowruntimeparams': True}}, {'work-command': {'worktype': 'local', 'command': 'ansible-runner', 'params': 'worker', 'allowruntimeparams': True}},
{'work-signing': {'privatekey': '/etc/receptor/signing/work-private-key.pem', 'tokenexpiration': '1m'}},
{ {
'work-kubernetes': { 'work-kubernetes': {
'worktype': 'kubernetes-runtime-auth', 'worktype': 'kubernetes-runtime-auth',