Vendor collections for isolated jobs to work in ansible 2.10

kubectl and synchronize are now part of community.kubernetes
and ansible.posix collections, respectively. This change installs
these collections to a local directory to be used in inventory and
isolated management playbooks.

awx issue #6930

awx/main/isolated/manager.py

@@ -58,7 +58,7 @@ class IsolatedManager(object):
                 os.chmod(temp.name, stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR)
             for host in hosts:
                 inventory['all']['hosts'][host] = {
-                    "ansible_connection": "kubectl",
+                    "ansible_connection": "community.kubernetes.kubectl",
                     "ansible_kubectl_config": path,
                 }
         else:
@@ -74,6 +74,7 @@ class IsolatedManager(object):
         env['ANSIBLE_RETRY_FILES_ENABLED'] = 'False'
         env['ANSIBLE_HOST_KEY_CHECKING'] = str(settings.AWX_ISOLATED_HOST_KEY_CHECKING)
         env['ANSIBLE_LIBRARY'] = os.path.join(os.path.dirname(awx.__file__), 'plugins', 'isolated')
+        env['ANSIBLE_COLLECTIONS_PATHS'] = settings.AWX_ANSIBLE_COLLECTIONS_PATHS
         set_pythonpath(os.path.join(settings.ANSIBLE_VENV_PATH, 'lib'), env)
 
         def finished_callback(runner_obj):

awx/main/management/commands/inventory_import.py

@@ -169,7 +169,7 @@ class AnsibleInventoryLoader(object):
             self.tmp_private_dir = build_proot_temp_dir()
             logger.debug("Using fresh temporary directory '{}' for isolation.".format(self.tmp_private_dir))
             kwargs['proot_temp_dir'] = self.tmp_private_dir
-            kwargs['proot_show_paths'] = [functioning_dir(self.source), settings.INVENTORY_COLLECTIONS_ROOT]
+            kwargs['proot_show_paths'] = [functioning_dir(self.source), settings.AWX_ANSIBLE_COLLECTIONS_PATHS]
         logger.debug("Running from `{}` working directory.".format(cwd))
 
         if self.venv_path != settings.ANSIBLE_VENV_PATH:
@@ -1078,7 +1078,7 @@ class Command(BaseCommand):
                             if settings.SQL_DEBUG:
                                 logger.warning('update computed fields took %d queries',
                                                len(connection.queries) - queries_before2)
-                        # Check if the license is valid. 
+                        # Check if the license is valid.
                         # If the license is not valid, a CommandError will be thrown,
                         # and inventory update will be marked as invalid.
                         # with transaction.atomic() will roll back the changes.

awx/main/models/inventory.py

@@ -1705,7 +1705,7 @@ class PluginFileInjector(object):
     def get_plugin_env(self, inventory_update, private_data_dir, private_data_files):
         env = self._get_shared_env(inventory_update, private_data_dir, private_data_files)
         if self.initial_version is None or Version(self.ansible_version) >= Version(self.collection_migration):
-            env['ANSIBLE_COLLECTIONS_PATHS'] = settings.INVENTORY_COLLECTIONS_ROOT
+            env['ANSIBLE_COLLECTIONS_PATHS'] = settings.AWX_ANSIBLE_COLLECTIONS_PATHS
         return env
 
     def get_script_env(self, inventory_update, private_data_dir, private_data_files):

awx/main/tasks.py

@@ -141,7 +141,7 @@ def dispatch_startup():
     # and Tower fall out of use/support, we can probably just _assume_ that
     # everybody has moved to bigint, and remove this code entirely
     enforce_bigint_pk_migration()
-    
+
     # Update Tower's rsyslog.conf file based on loggins settings in the db
     reconfigure_rsyslog()
 
@@ -2408,7 +2408,7 @@ class RunInventoryUpdate(BaseTask):
 
     @property
     def proot_show_paths(self):
-        return [self.get_path_to('..', 'plugins', 'inventory'), settings.INVENTORY_COLLECTIONS_ROOT]
+        return [self.get_path_to('..', 'plugins', 'inventory'), settings.AWX_ANSIBLE_COLLECTIONS_PATHS]
 
     def build_private_data(self, inventory_update, private_data_dir):
         """

awx/playbooks/check_isolated.yml

@@ -5,6 +5,8 @@
 - name: Poll for status of active job.
   hosts: all
   gather_facts: false
+  collections:
+    - ansible.posix
 
   tasks:
 

awx/playbooks/run_isolated.yml

@@ -9,6 +9,8 @@
   gather_facts: false
   vars:
     secret: "{{ lookup('pipe', 'cat ' + src + '/env/ssh_key') }}"
+  collections:
+    - ansible.posix
 
   tasks:
     - name: synchronize job environment with isolated host

awx/settings/defaults.py

@@ -121,8 +121,8 @@ LOGIN_URL = '/api/login/'
 PROJECTS_ROOT = os.path.join(BASE_DIR, 'projects')
 
 # Absolute filesystem path to the directory to host collections for
-# running inventory imports
+# running inventory imports, isolated playbooks
-INVENTORY_COLLECTIONS_ROOT = os.path.join(BASE_DIR, 'vendor', 'inventory_collections')
+AWX_ANSIBLE_COLLECTIONS_PATHS = os.path.join(BASE_DIR, 'vendor', 'awx_ansible_collections')
 
 # Absolute filesystem path to the directory for job status stdout (default for
 # development and tests, default for production defined in production.py). This

awx/settings/development.py

@@ -149,7 +149,7 @@ include(optional('/etc/tower/settings.py'), scope=locals())
 include(optional('/etc/tower/conf.d/*.py'), scope=locals())
 
 # Installed differently in Dockerfile compared to production versions
-INVENTORY_COLLECTIONS_ROOT = '/vendor/inventory_collections'
+AWX_ANSIBLE_COLLECTIONS_PATHS = '/vendor/awx_ansible_collections'
 
 BASE_VENV_PATH = "/venv/"
 ANSIBLE_VENV_PATH = os.path.join(BASE_VENV_PATH, "ansible")

awx/settings/local_settings.py.docker_compose

@@ -53,7 +53,7 @@ if "pytest" in sys.modules:
 PROJECTS_ROOT = '/var/lib/awx/projects/'
 
 # Location for cross-development of inventory plugins
-INVENTORY_COLLECTIONS_ROOT = '/vendor/inventory_collections'
+AWX_ANSIBLE_COLLECTIONS_PATHS = '/vendor/awx_ansible_collections'
 
 # Absolute filesystem path to the directory for job status stdout
 # This directory should not be web-accessible

docs/inventory/inventory_plugins.md

@@ -41,12 +41,12 @@ At some point, scripts will be removed and the script-related (for credentials a
 Collections are used for inventory imports starting in Ansible 2.9, and each collection has its own versioning independently from Ansible.
 Versions for those collections are set in the requirements file `requirements/collections_requirements.yml`.
 
-The location of vendored collections is set by the file-only setting `INVENTORY_COLLECTIONS_ROOT`.
+The location of vendored collections is set by the file-only setting `AWX_ANSIBLE_COLLECTIONS_PATHS`.
 For development purposes, this can be changed so that you can test against development versions of those collections.
 Instructions for doing this are in `tools/collections`.
 
 If, for some reason, you need to change the version of a particular collection used in inventory imports,
-you can use the `ansible-galaxy` tool to update the collection inside of the `INVENTORY_COLLECTIONS_ROOT`.
+you can use the `ansible-galaxy` tool to update the collection inside of the `AWX_ANSIBLE_COLLECTIONS_PATHS`.
 Note that the logic for building the inventory file is written and tested only for the version pinned in the requirements file.
 
 

installer/roles/image_build/files/settings.py

@@ -14,7 +14,7 @@ STATIC_ROOT = '/var/lib/awx/public/static'
 
 PROJECTS_ROOT = '/var/lib/awx/projects'
 
-INVENTORY_COLLECTIONS_ROOT = '/var/lib/awx/vendor/inventory_collections'
+AWX_ANSIBLE_COLLECTIONS_PATHS = '/var/lib/awx/vendor/awx_ansible_collections'
 
 JOBOUTPUT_ROOT = '/var/lib/awx/job_status'
 

installer/roles/image_build/templates/Dockerfile.j2

@@ -77,7 +77,7 @@ ADD requirements/requirements_ansible.txt \
     requirements/collections_requirements.yml \
     /tmp/requirements/
 RUN cd /tmp && VENV_BASE="/var/lib/awx/venv" make requirements_awx requirements_ansible_py3
-RUN cd /tmp && COLLECTION_BASE="/var/lib/awx/vendor/inventory_collections" make requirements_collections
+RUN cd /tmp && COLLECTION_BASE="/var/lib/awx/vendor/awx_ansible_collections" make requirements_collections
 
 COPY {{ awx_sdist_file }} /tmp/{{ awx_sdist_file }}
 RUN echo "{{ awx_version }}" > /var/lib/awx/.tower_version && \

installer/roles/kubernetes/templates/configmap.yml.j2

@@ -153,7 +153,7 @@ data:
 
     STATIC_ROOT = '/var/lib/awx/public/static'
     PROJECTS_ROOT = '/var/lib/awx/projects'
-    INVENTORY_COLLECTIONS_ROOT = '/var/lib/awx/vendor/inventory_collections'
+    AWX_ANSIBLE_COLLECTIONS_PATHS = '/var/lib/awx/vendor/awx_ansible_collections'
     JOBOUTPUT_ROOT = '/var/lib/awx/job_status'
     SECRET_KEY = open('/etc/tower/SECRET_KEY', 'rb').read().strip()
     ALLOWED_HOSTS = ['*']

requirements/collections_requirements.yml

@@ -16,3 +16,7 @@ collections:
     version: 0.4.0  # first to contain necessary grouping and filtering features
   - name: ovirt.ovirt
     version: 1.0.0  # contains naming fix, was originally named ovirt.ovirt_collection
+  - name: community.kubernetes  # required for isolated management playbooks
+    version: 0.11.0
+  - name: ansible.posix  # required for isolated management playbooks
+    version: 0.1.1

tools/collections/README.md

@@ -17,7 +17,7 @@ for the vendored inventory collections.
 Add this line to your local settings:
 
 ```
-INVENTORY_COLLECTIONS_ROOT = '/awx_devel/awx/plugins/collections'
+AWX_ANSIBLE_COLLECTIONS_PATHS = '/awx_devel/awx/plugins/collections'
 ```
 
 Then when you run an inventory update of a particular type, it should

tools/docker-compose/Dockerfile

@@ -96,8 +96,8 @@ ADD requirements/requirements.txt \
     /tmp/requirements/
 RUN mkdir -p /venv && chmod g+w /venv
 RUN cd /tmp && VENV_BASE="/venv" make requirements_dev
-RUN mkdir -p /vendor/inventory_collections && chmod g+w /vendor/inventory_collections
+RUN mkdir -p /vendor/awx_ansible_collections && chmod g+w /vendor/awx_ansible_collections
-RUN cd /tmp && COLLECTION_BASE="/vendor/inventory_collections" make requirements_collections
+RUN cd /tmp && COLLECTION_BASE="/vendor/awx_ansible_collections" make requirements_collections
 
 # Use the distro provided npm to bootstrap our required version of node
 RUN npm install -g n && n 10.15.0 && dnf remove -y nodejs