add a configurable for disabling the auto-generated isolated RSA key

some users won't want to utilize the RSA key we auto-generate for isolated node SSH access, but will instead want to manage SSH authentication by hand outside of Tower see: https://github.com/ansible/ansible-tower/issues/7380
2026-05-19 14:57:39 -02:30 · 2017-08-03 17:16:28 -04:00
parent b34adcb10d
commit 7db9b48e9c
3 changed files with 18 additions and 1 deletions
--- a/awx/main/isolated/isolated_manager.py
+++ b/awx/main/isolated/isolated_manager.py
@@ -192,7 +192,10 @@ class IsolatedManager(object):
    def run_pexpect(cls, pexpect_args, *args, **kw):
        isolated_ssh_path = None
        try:
-            if getattr(settings, 'AWX_ISOLATED_PRIVATE_KEY', None):
+            if all([
+                getattr(settings, 'AWX_ISOLATED_KEY_GENERATION', False) is True,
+                getattr(settings, 'AWX_ISOLATED_PRIVATE_KEY', None)
+            ]):
                isolated_ssh_path = tempfile.mkdtemp(prefix='awx_isolated', dir=settings.AWX_PROOT_BASE_PATH)
                os.chmod(isolated_ssh_path, stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR)
                isolated_key = os.path.join(isolated_ssh_path, '.isolated')
@@ -277,6 +280,7 @@ class IsolatedManager(object):
            args.append('-%s' % ('v' * min(5, self.instance.verbosity)))

        status = 'failed'
+        output = ''
        rc = None
        buff = cStringIO.StringIO()
        last_check = time.time()