" + i18n._("If checked, additional duplicate host variables will be added to obtain compatibility with the old inventory scripts.") + '
' + + i18n._("When not checked and running as inventory plugins, only modern variable names will be used.") + "
", + dataTitle: i18n._('Compatibility Mode'), + dataContainer: 'body', + dataPlacement: 'right', + ngDisabled: "(!(inventory_source_obj.summary_fields.user_capabilities.edit || canAdd))" }, { name: 'update_on_launch', label: i18n._('Update on Launch'), diff --git a/docs/inventory_plugins.md b/docs/inventory_plugins.md new file mode 100644 index 0000000000..5980c214de --- /dev/null +++ b/docs/inventory_plugins.md @@ -0,0 +1,181 @@ +# Transition to Ansible Inventory Plugins +Inventory updates change from using scripts which are vendored as executable +python scripts in the AWX folder `awx/plugins/inventory` (taken originally from +Ansible folder `contrib/inventory`) to using dynamically-generated +YAML files which conform to the specifications of the `auto` inventory plugin +which are then parsed by their respective inventory plugin. + +The major organizational change is that the inventory plugins are +part of the Ansible core distribution, whereas the same logic used to +be a part of AWX source. + +## Prior Background for Transition + +AWX used to maintain logic that parsed `.ini` inventory file contents, +in addition to interpreting the JSON output of scripts, re-calling with +the `--host` option in the case the `_meta.hostvars` key was not provided. + +### Switch to Ansible Inventory + +The CLI entry point `ansible-inventory` was introduced in Ansible 2.4. +In Tower 3.2, inventory imports began running this command +as an intermediary between the inventory and +the import's logic to save content to database. Using `ansible-inventory` +eliminates the need to maintain source-specific logic, +relying on Ansible's code instead. This also allows us to +count on a consistent data structure outputted from `ansible-inventory`. +There are many valid structures that a script can provide, but the output +from `ansible-inventory` will always be the same, +thus the AWX logic to parse the content is simplified. +This is why even scripts must be ran through the `ansible-inventory` CLI. + +Along with this switchover, a backported version of +`ansible-inventory` was provided that supported Ansible versions 2.2 and 2.3. + +### Removal of Backport + +In AWX 3.0.0 (and Tower 3.5), the backport of `ansible-inventory` +was removed, and support for using custom virtual environments was added. +This set the minimum version of Ansible necessary to run _any_ +inventory update to 2.4. + +## Inventory Plugin Versioning + +Beginning in Ansible 2.5, inventory sources in Ansible started migrating +away from "contrib" scripts (meaning they lived in the contrib folder) +to the inventory plugin model. + +In AWX 4.0.0 (and Tower 3.5) inventory source types start to switchover +to plugins, provided that sufficient compatibility is in place for +the version of Ansible present in the local virtualenv. + +To see what version the plugin transition will happen, see +`awx/main/models/inventory.py` and look for the source name as a +subclass of `PluginFileInjector`, and there should be an `initial_version` +which is the first version that testing deemed to have sufficient parity +in the content its inventory plugin returns. For example, `openstack` will +begin using the inventory plugin in Ansible version 2.8. +If you run an openstack inventory update with Ansible +2.7.x or lower, it will use the script. + +### Sunsetting the scripts + +Eventually, it is intended that all source types will have moved to +plugins. For any given source, after the `initial_version` for plugin use +is higher than the lowest supported Ansible version, the script can be +removed and the logic for script credential injection will also be removed. + +For example, after AWX no longer supports Ansible 2.7, the script +`awx/plugins/openstack_inventory.py` will be removed. + +## Changes to Expect in Imports + +An effort was made to keep imports working in the exact same way after +the switchover. However, the inventory plugins are a fundamental rewrite +and many elements of default behavior has changed. Because of that, +a `compatibility_mode` toggle was added. This defaults to True. + +Turning off compatibility mode will be more future-proof. +Keeping it on, will be more stable and consistent. + +### Changes with Compatibility Mode Off + +The set of `hostvars` will be almost completely different, using new names +for data which is mostly the same content. You can see the jinja2 keyed_groups +construction used in compatibility mode to help get a sense of what +new names replace old names. + +If you turn compatibility mode off or downgrade Ansible, you should +consider turning on `overwrite` and `overwrite_vars` to get rid of stale +variables (and potentially groups) no longer returned by the import. + +In many cases, the host names will change. In all cases, accurate host +tracking will still be maintained via the host `instance_id`. +(after: https://github.com/ansible/awx/pull/3362) + +Group names will be sanitized with compatibility mode turned off. +That means that characters such as "-" will +be replaced by underscores "\_". In some cases, this means that a large +fraction of groups get renamed as you move from scripts to plugins. +This will become the default Ansible behavior on the CLI eventually. + +### Changes with Compatibility Mode On + +Programatically-generated examples of inventory file syntax used in +updates (with dummy data) can be found in `awx/main/tests/data/inventory/scripts`, +these demonstrate the inventory file syntax used to restore old behavior +from the inventory scripts. + +#### hostvar keys and values + +More hostvars will appear if the inventory plugins are used with compatibility +mode on. To maintain backward compatibility, +the old names are added back where they have the same meaning as a +variable returned by the plugin. New names are not removed. + +Some hostvars will be lost, because of general deprecation needs. + + - ec2, see https://github.com/ansible/ansible/issues/52358 + - gce (see https://github.com/ansible/ansible/issues/51884) + - `gce_uuid` this came from libcloud and isn't a true GCP field + inventory plugins have moved away from libcloud + + The syntax of some hostvars, for some values, will change. + + - ec2 + - old: "ec2_block_devices": {"sda1": "vol-xxxxxx"} + - new: "ec2_block_devices": {"/dev/sda1": "vol-xxxxxx"} + +#### Host names + +Host names might change, but tracking host identity via `instance_id` +will still be reliable. + +## How do I write my own Inventory File? + +If you do not want any of this compatibility-related functionality, then +you can add an SCM inventory source that points to your own file. +You can also apply a credential of a `managed_by_tower` type to that inventory +source that matches the credential you are using, as long as that is +not `gce` or `openstack`. + +All other sources provide _secrets_ via environment variables, so this +can be re-used without any problems for SCM-based inventory, and your +inventory file can be used securely to specify non-sensitive configuration +details such as the keyed_groups to provide, or hostvars to construct. + +## Notes on Technical Implementation of Injectors + +For an inventory source with a given value of the `source` field that is +of the built-in sources, a credential of the corresponding +credential type is required in most cases (exception being ec2 IAM roles). +This privileged credential is obtained by the method `get_cloud_credential`. + +The `inputs` for this credential constitute one source of data for running +inventory updates. The following fields from the +`InventoryUpdate` model are also data sources, including: + + - `source_vars` + - `source_regions` + - `instance_filters` + - `group_by` + +The way these data are applied to the environment (including files and +environment vars) is highly dependent on the specific source. + +With plugins, the inventory file may reference files that contain secrets +from the credential. With scripts, typically an environment variable +will reference a filename that contains a ConfigParser format file with +parameters for the update, and possibly including fields from the credential. + +Caution: Please do not put secrets from the credential into the +inventory file for the plugin. Right now there appears to be no need to do +this, and by using environment variables to specify secrets, this keeps +open the possibility of showing the inventory file contents to the user +as a latter enhancement. + +Logic for setup for inventory updates using both plugins and scripts live +inventory injector class, specific to the source type. + +Any credentials which are not source-specific will use the generic +injection logic which is also used in playbook runs. diff --git a/docs/licenses/cachetools.txt b/docs/licenses/cachetools.txt new file mode 100644 index 0000000000..7da84f4c63 --- /dev/null +++ b/docs/licenses/cachetools.txt @@ -0,0 +1,20 @@ +The MIT License (MIT) + +Copyright (c) 2014-2019 Thomas Kemmer + +Permission is hereby granted, free of charge, to any person obtaining a copy of +this software and associated documentation files (the "Software"), to deal in +the Software without restriction, including without limitation the rights to +use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of +the Software, and to permit persons to whom the Software is furnished to do so, +subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS +FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR +COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER +IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/docs/licenses/futures.txt b/docs/licenses/futures.txt new file mode 100644 index 0000000000..a8d65b16b6 --- /dev/null +++ b/docs/licenses/futures.txt @@ -0,0 +1,48 @@ +PYTHON SOFTWARE FOUNDATION LICENSE VERSION 2 +-------------------------------------------- + +1. This LICENSE AGREEMENT is between the Python Software Foundation +("PSF"), and the Individual or Organization ("Licensee") accessing and +otherwise using this software ("Python") in source or binary form and +its associated documentation. + +2. Subject to the terms and conditions of this License Agreement, PSF +hereby grants Licensee a nonexclusive, royalty-free, world-wide +license to reproduce, analyze, test, perform and/or display publicly, +prepare derivative works, distribute, and otherwise use Python +alone or in any derivative version, provided, however, that PSF's +License Agreement and PSF's notice of copyright, i.e., "Copyright (c) +2001, 2002, 2003, 2004, 2005, 2006 Python Software Foundation; All Rights +Reserved" are retained in Python alone or in any derivative version +prepared by Licensee. + +3. In the event Licensee prepares a derivative work that is based on +or incorporates Python or any part thereof, and wants to make +the derivative work available to others as provided herein, then +Licensee hereby agrees to include in any such work a brief summary of +the changes made to Python. + +4. PSF is making Python available to Licensee on an "AS IS" +basis. PSF MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR +IMPLIED. BY WAY OF EXAMPLE, BUT NOT LIMITATION, PSF MAKES NO AND +DISCLAIMS ANY REPRESENTATION OR WARRANTY OF MERCHANTABILITY OR FITNESS +FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF PYTHON WILL NOT +INFRINGE ANY THIRD PARTY RIGHTS. + +5. PSF SHALL NOT BE LIABLE TO LICENSEE OR ANY OTHER USERS OF PYTHON +FOR ANY INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES OR LOSS AS +A RESULT OF MODIFYING, DISTRIBUTING, OR OTHERWISE USING PYTHON, +OR ANY DERIVATIVE THEREOF, EVEN IF ADVISED OF THE POSSIBILITY THEREOF. + +6. This License Agreement will automatically terminate upon a material +breach of its terms and conditions. + +7. Nothing in this License Agreement shall be deemed to create any +relationship of agency, partnership, or joint venture between PSF and +Licensee. This License Agreement does not grant permission to use PSF +trademarks or trade name in a trademark sense to endorse or promote +products or services of Licensee, or any third party. + +8. By copying, installing or otherwise using Python, Licensee +agrees to be bound by the terms and conditions of this License +Agreement. diff --git a/docs/licenses/os-client-config.txt b/docs/licenses/google-auth.txt similarity index 89% rename from docs/licenses/os-client-config.txt rename to docs/licenses/google-auth.txt index 67db858821..261eeb9e9f 100644 --- a/docs/licenses/os-client-config.txt +++ b/docs/licenses/google-auth.txt @@ -1,4 +1,3 @@ - Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ @@ -173,3 +172,30 @@ defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/docs/licenses/rsa.txt b/docs/licenses/rsa.txt new file mode 100644 index 0000000000..67589cbb86 --- /dev/null +++ b/docs/licenses/rsa.txt @@ -0,0 +1,13 @@ +Copyright 2011 Sybren A. Stüvel