From a5b888c19393ba136a925d1e4ef9e170b037fcc3 Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Tue, 1 Mar 2022 08:55:25 -0500 Subject: [PATCH 1/2] Add default container mounts to AWX_ISOLATION_SHOW_PATHS --- awx/main/tests/functional/api/test_settings.py | 5 ++++- awx/settings/defaults.py | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/awx/main/tests/functional/api/test_settings.py b/awx/main/tests/functional/api/test_settings.py index a1ae7398a5..0e9bf08297 100644 --- a/awx/main/tests/functional/api/test_settings.py +++ b/awx/main/tests/functional/api/test_settings.py @@ -38,7 +38,10 @@ def test_jobs_settings(get, put, patch, delete, admin): data.pop('AWX_ANSIBLE_CALLBACK_PLUGINS') put(url, user=admin, data=data, expect=200) response = get(url, user=admin, expect=200) - assert response.data['AWX_ISOLATION_SHOW_PATHS'] == [] + assert response.data['AWX_ISOLATION_SHOW_PATHS'] == [ + '/etc/pki/ca-trust:/etc/pki/ca-trust:O', + '/usr/share/pki:/usr/share/pki:O', + ] assert response.data['AWX_ANSIBLE_CALLBACK_PLUGINS'] == [] diff --git a/awx/settings/defaults.py b/awx/settings/defaults.py index bc3c2549c3..ef3999a0fd 100644 --- a/awx/settings/defaults.py +++ b/awx/settings/defaults.py @@ -589,7 +589,10 @@ GALAXY_IGNORE_CERTS = False # Additional paths to show for jobs using process isolation. # Note: This setting may be overridden by database settings. -AWX_ISOLATION_SHOW_PATHS = [] +AWX_ISOLATION_SHOW_PATHS = [ + '/etc/pki/ca-trust:/etc/pki/ca-trust:O', + '/usr/share/pki:/usr/share/pki:O', +] # The directory in which the service will create new temporary directories for job # execution and isolation (such as credential files and custom From 9f021b780c48f1bae1a4e4df98b8a0591977d0fb Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Mon, 7 Mar 2022 12:49:11 -0500 Subject: [PATCH 2/2] Move default show paths to production.py This breaks the dev env --- awx/main/tests/functional/api/test_settings.py | 5 +---- awx/settings/defaults.py | 5 +---- awx/settings/production.py | 5 +++++ 3 files changed, 7 insertions(+), 8 deletions(-) diff --git a/awx/main/tests/functional/api/test_settings.py b/awx/main/tests/functional/api/test_settings.py index 0e9bf08297..a1ae7398a5 100644 --- a/awx/main/tests/functional/api/test_settings.py +++ b/awx/main/tests/functional/api/test_settings.py @@ -38,10 +38,7 @@ def test_jobs_settings(get, put, patch, delete, admin): data.pop('AWX_ANSIBLE_CALLBACK_PLUGINS') put(url, user=admin, data=data, expect=200) response = get(url, user=admin, expect=200) - assert response.data['AWX_ISOLATION_SHOW_PATHS'] == [ - '/etc/pki/ca-trust:/etc/pki/ca-trust:O', - '/usr/share/pki:/usr/share/pki:O', - ] + assert response.data['AWX_ISOLATION_SHOW_PATHS'] == [] assert response.data['AWX_ANSIBLE_CALLBACK_PLUGINS'] == [] diff --git a/awx/settings/defaults.py b/awx/settings/defaults.py index ef3999a0fd..bc3c2549c3 100644 --- a/awx/settings/defaults.py +++ b/awx/settings/defaults.py @@ -589,10 +589,7 @@ GALAXY_IGNORE_CERTS = False # Additional paths to show for jobs using process isolation. # Note: This setting may be overridden by database settings. -AWX_ISOLATION_SHOW_PATHS = [ - '/etc/pki/ca-trust:/etc/pki/ca-trust:O', - '/usr/share/pki:/usr/share/pki:O', -] +AWX_ISOLATION_SHOW_PATHS = [] # The directory in which the service will create new temporary directories for job # execution and isolation (such as credential files and custom diff --git a/awx/settings/production.py b/awx/settings/production.py index 75b70f7bfc..9f480a188a 100644 --- a/awx/settings/production.py +++ b/awx/settings/production.py @@ -91,3 +91,8 @@ except IOError: DATABASES.setdefault('default', dict()).setdefault('OPTIONS', dict()).setdefault( 'application_name', f'{CLUSTER_HOST_ID}-{os.getpid()}-{" ".join(sys.argv)}'[:63] ) # noqa + +AWX_ISOLATION_SHOW_PATHS = [ + '/etc/pki/ca-trust:/etc/pki/ca-trust:O', + '/usr/share/pki:/usr/share/pki:O', +]