External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-06-22 15:17:44 -02:30
Code Issues Packages Projects Releases Wiki Activity

fix: do not allow exec instances to be added to the control plane (#16477)

Browse Source 
Co-authored-by: Stevenson Michel <iamstevensonmichel@outlook.com>
This commit is contained in:
Peter Braun
2026-06-09 15:04:10 +02:00
committed by GitHub
parent 49e21d7c1c
commit c8cb465fde
2 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
awx/main/tasks/system.py
View File

@@ -240,12 +240,17 @@ def apply_cluster_membership_policies():
# Process policy instance list first, these will represent manually managed memberships # Process policy instance list first, these will represent manually managed memberships
instance_hostnames_map = {inst.hostname: inst for inst in all_instances} instance_hostnames_map = {inst.hostname: inst for inst in all_instances}
for ig in all_groups: for ig in all_groups:
# we don't want to allow execution nodes in the control plane
exclude_type = 'execution' if ig.name == settings.DEFAULT_CONTROL_PLANE_QUEUE_NAME else 'control'
group_actual = Group(obj=ig, instances=[], prior_instances=[instance.pk for instance in ig.instances.all()]) # obtained in prefetch group_actual = Group(obj=ig, instances=[], prior_instances=[instance.pk for instance in ig.instances.all()]) # obtained in prefetch
for hostname in ig.policy_instance_list: for hostname in ig.policy_instance_list:
if hostname not in instance_hostnames_map: if hostname not in instance_hostnames_map:
logger.info("Unknown instance {} in {} policy list".format(hostname, ig.name)) logger.info("Unknown instance {} in {} policy list".format(hostname, ig.name))
continue continue
inst = instance_hostnames_map[hostname] inst = instance_hostnames_map[hostname]
if inst.node_type == exclude_type:
logger.info("Instance {} is excluded in {} policy list".format(hostname, ig.name))
continue
group_actual.instances.append(inst.id) group_actual.instances.append(inst.id)
# NOTE: arguable behavior: policy-list-group is not added to # NOTE: arguable behavior: policy-list-group is not added to
# instance's group count for consideration in minimum-policy rules # instance's group count for consideration in minimum-policy rules

14
awx/main/tests/functional/test_instances.py
View File

@@ -287,6 +287,20 @@ def test_control_plane_policy_exception(controlplane_instance_group):
assert 'foo-1' not in [inst.hostname for inst in controlplane_instance_group.instances.all()] assert 'foo-1' not in [inst.hostname for inst in controlplane_instance_group.instances.all()]
@pytest.mark.django_db
def test_policy_instance_list_controlplane_excludes_execution_node(controlplane_instance_group):
controlplane_instance_group.policy_instance_percentage = 100
controlplane_instance_group.save()
exec_inst = Instance.objects.create(hostname='exec-1', node_type='execution')
control_inst = Instance.objects.create(hostname='control-1', node_type='control')
controlplane_instance_group.policy_instance_list = [exec_inst.hostname]
controlplane_instance_group.save()
apply_cluster_membership_policies()
members = list(controlplane_instance_group.instances.all())
assert exec_inst not in members
assert control_inst in members
@pytest.mark.django_db @pytest.mark.django_db
def test_normal_instance_group_policy_exception(): def test_normal_instance_group_policy_exception():
ig = InstanceGroup.objects.create(name='bar', policy_instance_percentage=100, policy_instance_minimum=2) ig = InstanceGroup.objects.create(name='bar', policy_instance_percentage=100, policy_instance_minimum=2)