diff --git a/awx/main/models/credential/__init__.py b/awx/main/models/credential/__init__.py index 3d9ef00a09..9e5e06472b 100644 --- a/awx/main/models/credential/__init__.py +++ b/awx/main/models/credential/__init__.py @@ -493,7 +493,7 @@ class CredentialType(CommonModelNameNotUnique): for file_label, file_tmpl in file_tmpls.items(): data = sandbox_env.from_string(file_tmpl).render(**namespace) - _, path = tempfile.mkstemp(dir=private_data_dir) + _, path = tempfile.mkstemp(dir=os.path.join(private_data_dir, 'env')) with open(path, 'w') as f: f.write(data) os.chmod(path, stat.S_IRUSR | stat.S_IWUSR) @@ -526,7 +526,7 @@ class CredentialType(CommonModelNameNotUnique): extra_vars[var_name] = sandbox_env.from_string(tmpl).render(**namespace) def build_extra_vars_file(vars, private_dir): - handle, path = tempfile.mkstemp(dir=private_dir) + handle, path = tempfile.mkstemp(dir=os.path.join(private_dir, 'env')) f = os.fdopen(handle, 'w') f.write(safe_dump(vars)) f.close() diff --git a/awx/main/models/credential/injectors.py b/awx/main/models/credential/injectors.py index 246ab0d4e4..925df9daa4 100644 --- a/awx/main/models/credential/injectors.py +++ b/awx/main/models/credential/injectors.py @@ -25,7 +25,7 @@ def gce(cred, env, private_data_dir): env['GCE_PROJECT'] = project json_cred['token_uri'] = 'https://oauth2.googleapis.com/token' - handle, path = tempfile.mkstemp(dir=private_data_dir) + handle, path = tempfile.mkstemp(dir=os.path.join(private_data_dir, 'env')) f = os.fdopen(handle, 'w') json.dump(json_cred, f, indent=2) f.close() @@ -96,7 +96,7 @@ def _openstack_data(cred): def openstack(cred, env, private_data_dir): - handle, path = tempfile.mkstemp(dir=private_data_dir) + handle, path = tempfile.mkstemp(dir=os.path.join(private_data_dir, 'env')) f = os.fdopen(handle, 'w') openstack_data = _openstack_data(cred) yaml.safe_dump(openstack_data, f, default_flow_style=False, allow_unicode=True) @@ -111,7 +111,7 @@ def kubernetes_bearer_token(cred, env, private_data_dir): env['K8S_AUTH_API_KEY'] = cred.get_input('bearer_token', default='') if cred.get_input('verify_ssl') and 'ssl_ca_cert' in cred.inputs: env['K8S_AUTH_VERIFY_SSL'] = 'True' - handle, path = tempfile.mkstemp(dir=private_data_dir) + handle, path = tempfile.mkstemp(dir=os.path.join(private_data_dir, 'env')) with os.fdopen(handle, 'w') as f: os.chmod(path, stat.S_IRUSR | stat.S_IWUSR) f.write(cred.get_input('ssl_ca_cert')) diff --git a/awx/main/tasks.py b/awx/main/tasks.py index 994209aaf2..122cf88ec8 100644 --- a/awx/main/tasks.py +++ b/awx/main/tasks.py @@ -873,11 +873,12 @@ class BaseTask(object): path = tempfile.mkdtemp(prefix='awx_%s_' % instance.pk, dir=pdd_wrapper_path) os.chmod(path, stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR) - runner_project_folder = os.path.join(path, 'project') - if not os.path.exists(runner_project_folder): - # Ansible Runner requires that this directory exists. - # Specifically, when using process isolation - os.mkdir(runner_project_folder) + # Ansible runner requires that project exists, + # and we will write files in the other folders without pre-creating the folder + for subfolder in ('project', 'inventory', 'env'): + runner_subfolder = os.path.join(path, subfolder) + if not os.path.exists(runner_subfolder): + os.mkdir(runner_subfolder) return path def build_private_data_files(self, instance, private_data_dir): @@ -921,7 +922,7 @@ class BaseTask(object): # Instead, ssh private key file is explicitly passed via an # env variable. else: - handle, path = tempfile.mkstemp(dir=private_data_dir) + handle, path = tempfile.mkstemp(dir=os.path.join(private_data_dir, 'env')) f = os.fdopen(handle, 'w') f.write(data) f.close() @@ -2460,7 +2461,7 @@ class RunInventoryUpdate(BaseTask): if injector is not None: content = injector.inventory_contents(inventory_update, private_data_dir) # must be a statically named file - inventory_path = os.path.join(private_data_dir, injector.filename) + inventory_path = os.path.join(private_data_dir, 'inventory', injector.filename) with open(inventory_path, 'w') as f: f.write(content) os.chmod(inventory_path, stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR)