Merge pull request #11865 from AlanCoding/galaxy_task_env

Add user-defined environment variables to ansible-galaxy commands
2026-01-14 03:10:42 -03:30 · 2022-04-01 15:24:54 -04:00 · 2022-04-01 15:24:54 -04:00 · 7822da03fb
commit 7822da03fb
parent a3c97a51be 58cb3d5bdc
8 changed files with 90 additions and 18 deletions
--- a/awx/main/conf.py
+++ b/awx/main/conf.py
@ -282,6 +282,19 @@ register(
    placeholder={'HTTP_PROXY': 'myproxy.local:8080'},
 )

+register(
+    'GALAXY_TASK_ENV',
+    field_class=fields.KeyValueField,
+    label=_('Environment Variables for Galaxy Commands'),
+    help_text=_(
+        'Additional environment variables set for invocations of ansible-galaxy within project updates. '
+        'Useful if you must use a proxy server for ansible-galaxy but not git.'
+    ),
+    category=_('Jobs'),
+    category_slug='jobs',
+    placeholder={'HTTP_PROXY': 'myproxy.local:8080'},
+)
+
 register(
    'INSIGHTS_TRACKING_STATE',
    field_class=fields.BooleanField,
--- a/awx/main/tasks/jobs.py
+++ b/awx/main/tasks/jobs.py
@ -1161,6 +1161,7 @@ class RunProjectUpdate(BaseTask):
                'scm_track_submodules': project_update.scm_track_submodules,
                'roles_enabled': galaxy_creds_are_defined and settings.AWX_ROLES_ENABLED,
                'collections_enabled': galaxy_creds_are_defined and settings.AWX_COLLECTIONS_ENABLED,
+                'galaxy_task_env': settings.GALAXY_TASK_ENV,
            }
        )
        # apply custom refspec from user for PR refs and the like
--- a/awx/playbooks/project_update.yml
+++ b/awx/playbooks/project_update.yml
@ -15,6 +15,7 @@
 # scm_track_submodules: true/false
 # roles_enabled: Value of the global setting to enable roles downloading
 # collections_enabled: Value of the global setting to enable collections downloading
+# galaxy_task_env: environment variables to use specifically for ansible-galaxy commands
 # awx_version: Current running version of the awx or tower as a string
 # awx_license_type: "open" for AWX; else presume Tower

@ -154,18 +155,26 @@
  gather_facts: false
  connection: local
  name: Install content with ansible-galaxy command if necessary
+  vars:
+    galaxy_task_env:  # configure in settings
+    additional_collections_env:
+      # These environment variables are used for installing collections, in addition to galaxy_task_env
+      # setting the collections paths silences warnings
+      ANSIBLE_COLLECTIONS_PATHS: "{{projects_root}}/.__awx_cache/{{local_path}}/stage/requirements_collections"
+      # Put the local tmp directory in same volume as collection destination
+      # otherwise, files cannot be moved accross volumes and will cause error
+      ANSIBLE_LOCAL_TEMP: "{{projects_root}}/.__awx_cache/{{local_path}}/stage/tmp"
  tasks:

    - name: Check content sync settings
-      debug:
-        msg: "Collection and role syncing disabled. Check the AWX_ROLES_ENABLED and AWX_COLLECTIONS_ENABLED settings and Galaxy credentials on the project's organization."
-      when: not roles_enabled|bool and not collections_enabled|bool
-      tags:
-        - install_roles
-        - install_collections
+      block:
+        - debug:
+            msg: >
+              Collection and role syncing disabled. Check the AWX_ROLES_ENABLED and
+              AWX_COLLECTIONS_ENABLED settings and Galaxy credentials on the project's organization.
+
+        - meta: end_play

-    - name:
-      meta: end_play
      when: not roles_enabled|bool and not collections_enabled|bool
      tags:
        - install_roles
@ -184,9 +193,7 @@
            - "{{project_path|quote}}/roles/requirements.yaml"
            - "{{project_path|quote}}/roles/requirements.yml"
          changed_when: "'was installed successfully' in galaxy_result.stdout"
-          environment:
-            ANSIBLE_FORCE_COLOR: false
-            GIT_SSH_COMMAND: "ssh -o StrictHostKeyChecking=no"
+          environment: "{{ galaxy_task_env }}"

      when: roles_enabled|bool
      tags:
@ -207,13 +214,7 @@
            - "{{project_path|quote}}/requirements.yaml"
            - "{{project_path|quote}}/requirements.yml"
          changed_when: "'Installing ' in galaxy_collection_result.stdout"
-          environment:
-            ANSIBLE_FORCE_COLOR: false
-            ANSIBLE_COLLECTIONS_PATHS: "{{projects_root}}/.__awx_cache/{{local_path}}/stage/requirements_collections"
-            GIT_SSH_COMMAND: "ssh -o StrictHostKeyChecking=no"
-            # Put the local tmp directory in same volume as collection destination
-            # otherwise, files cannot be moved accross volumes and will cause error
-            ANSIBLE_LOCAL_TEMP: "{{projects_root}}/.__awx_cache/{{local_path}}/stage/tmp"
+          environment: "{{ additional_collections_env | combine(galaxy_task_env) }}"

      when:
        - "ansible_version.full is version_compare('2.9', '>=')"
--- a/awx/settings/defaults.py
+++ b/awx/settings/defaults.py
@ -561,6 +561,10 @@ ANSIBLE_INVENTORY_UNPARSED_FAILED = True
 # Additional environment variables to be passed to the ansible subprocesses
 AWX_TASK_ENV = {}

+# Additional environment variables to apply when running ansible-galaxy commands
+# to fetch Ansible content - roles and collections
+GALAXY_TASK_ENV = {'ANSIBLE_FORCE_COLOR': 'false', 'GIT_SSH_COMMAND': "ssh -o StrictHostKeyChecking=no"}
+
 # Rebuild Host Smart Inventory memberships.
 AWX_REBUILD_SMART_MEMBERSHIP = False

--- a/awx/ui/src/screens/Setting/Jobs/JobsEdit/JobsEdit.js
+++ b/awx/ui/src/screens/Setting/Jobs/JobsEdit/JobsEdit.js
@ -85,6 +85,7 @@ function JobsEdit() {
        form.AWX_ANSIBLE_CALLBACK_PLUGINS
      ),
      AWX_TASK_ENV: formatJson(form.AWX_TASK_ENV),
+      GALAXY_TASK_ENV: formatJson(form.GALAXY_TASK_ENV),
    });
  };

@ -217,6 +218,10 @@ function JobsEdit() {
                  config={jobs.AWX_ISOLATION_SHOW_PATHS}
                />
                <ObjectField name="AWX_TASK_ENV" config={jobs.AWX_TASK_ENV} />
+                <ObjectField
+                  name="GALAXY_TASK_ENV"
+                  config={jobs.GALAXY_TASK_ENV}
+                />
                {submitError && <FormSubmitError error={submitError} />}
                {revertError && <FormSubmitError error={revertError} />}
              </FormColumnLayout>
--- a/awx/ui/src/screens/Setting/shared/data.allSettingOptions.json
+++ b/awx/ui/src/screens/Setting/shared/data.allSettingOptions.json
@ -231,6 +231,26 @@
          "read_only": false
        }
      },
+      "GALAXY_TASK_ENV": {
+        "type": "nested object",
+         "required": true,
+        "label": "Environment Variables for Galaxy Commands",
+         "help_text": "Additional environment variables set for invocations of ansible-galaxy within project updates. Useful if you must use a proxy server for ansible-galaxy but not git.",
+         "category": "Jobs",
+         "category_slug": "jobs",
+         "placeholder": {
+              "HTTP_PROXY": "myproxy.local:8080"
+          },
+         "default": {
+             "ANSIBLE_FORCE_COLOR": "false",
+              "GIT_SSH_COMMAND": "ssh -o StrictHostKeyChecking=no"
+        },
+          "child": {
+            "type": "string",
+              "required": true,
+            "read_only": false
+        }
+       },
      "INSIGHTS_TRACKING_STATE": {
        "type": "boolean",
        "required": false,
@ -3942,6 +3962,26 @@
          "type": "string"
        }
      },
+      "GALAXY_TASK_ENV": {
+        "type": "nested object",
+         "required": true,
+        "label": "Environment Variables for Galaxy Commands",
+         "help_text": "Additional environment variables set for invocations of ansible-galaxy within project updates. Useful if you must use a proxy server for ansible-galaxy but not git.",
+         "category": "Jobs",
+         "category_slug": "jobs",
+         "placeholder": {
+              "HTTP_PROXY": "myproxy.local:8080"
+          },
+         "default": {
+             "ANSIBLE_FORCE_COLOR": "false",
+              "GIT_SSH_COMMAND": "ssh -o StrictHostKeyChecking=no"
+        },
+          "child": {
+            "type": "string",
+              "required": true,
+            "read_only": false
+        }
+       },
      "INSIGHTS_TRACKING_STATE": {
        "type": "boolean",
        "label": "Gather data for Insights for Ansible Automation Platform",
--- a/awx/ui/src/screens/Setting/shared/data.allSettings.json
+++ b/awx/ui/src/screens/Setting/shared/data.allSettings.json
@ -38,6 +38,10 @@
  "AWX_ISOLATION_BASE_PATH":"/tmp",
  "AWX_ISOLATION_SHOW_PATHS":[],
  "AWX_TASK_ENV":{},
+  "GALAXY_TASK_ENV": {
+    "ANSIBLE_FORCE_COLOR": "false",
+    "GIT_SSH_COMMAND": "ssh -o StrictHostKeyChecking=no"
+   },
  "INSIGHTS_TRACKING_STATE":false,
  "PROJECT_UPDATE_VVV":false,
  "AWX_ROLES_ENABLED":true,
--- a/awx/ui/src/screens/Setting/shared/data.jobSettings.json
+++ b/awx/ui/src/screens/Setting/shared/data.jobSettings.json
@ -7,6 +7,10 @@
  "AWX_ISOLATION_BASE_PATH": "/tmp",
  "AWX_ISOLATION_SHOW_PATHS": [],
  "AWX_TASK_ENV": {},
+  "GALAXY_TASK_ENV": {
+      "ANSIBLE_FORCE_COLOR": "false",
+      "GIT_SSH_COMMAND": "ssh -o StrictHostKeyChecking=no"
+  },
  "PROJECT_UPDATE_VVV": false,
  "AWX_ROLES_ENABLED": true,
  "AWX_COLLECTIONS_ENABLED": true,