use a named pipe for isolated secret passthrough (not stdin)

it's not unusual for the secret data we pass into the `run_isolated.yml` playbook to be quite long, namely because it can contain RSA key data; by passing this value into the ansible-playbook process using `vars_prompt`, we're limited by pexpect's tty line limit (which looks like it caps out around 4k). Because of this, large payloads are being truncated and causing job run failures. this changes the implementation to use a named pipe instead, which doesn't have the same limitation see: #7183
2026-05-07 17:37:37 -02:30 · 2017-07-20 12:21:42 -04:00
parent 1c5b0f023e
commit d42ea31f75
3 changed files with 14 additions and 10 deletions
--- a/awx/playbooks/run_isolated.yml
+++ b/awx/playbooks/run_isolated.yml
@@ -8,10 +8,8 @@
 - name: Prepare data, dispatch job in isolated environment.
  hosts: all
  gather_facts: false
-  vars_prompt:
-    - prompt: "Secret"
-      name: "secret"
-      private: yes
+  vars:
+      secret: "{{ lookup('pipe', 'cat ' + src + '/env') }}"

  tasks: