External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-17 17:07:33 -02:30
Code Issues Packages Projects Releases Wiki Activity

Use inventory and env private_data_dir subfolders

Browse Source 
This avoids writing files to the top level
  of the ansible-runner private_data_dir

Inventory is moved to be in the standard "inventory" folder

Credential related files are moved inside of the "env" folder

Also pre-create these folders when preparing for a job run

With this, args is the only top-level file still remaining
This commit is contained in:
Alan Rominger
2020-09-16 20:35:27 -04:00
parent 117bb07f0d
commit f59da78328
3 changed files with 13 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
awx/main/models/credential/__init__.py
View File

@@ -493,7 +493,7 @@ class CredentialType(CommonModelNameNotUnique):
for file_label, file_tmpl in file_tmpls.items(): for file_label, file_tmpl in file_tmpls.items():
data = sandbox_env.from_string(file_tmpl).render(**namespace) data = sandbox_env.from_string(file_tmpl).render(**namespace)
_, path = tempfile.mkstemp(dir=private_data_dir) _, path = tempfile.mkstemp(dir=os.path.join(private_data_dir, 'env'))
with open(path, 'w') as f: with open(path, 'w') as f:
f.write(data) f.write(data)
os.chmod(path, stat.S_IRUSR | stat.S_IWUSR) os.chmod(path, stat.S_IRUSR | stat.S_IWUSR)
@@ -526,7 +526,7 @@ class CredentialType(CommonModelNameNotUnique):
extra_vars[var_name] = sandbox_env.from_string(tmpl).render(**namespace) extra_vars[var_name] = sandbox_env.from_string(tmpl).render(**namespace)
def build_extra_vars_file(vars, private_dir): def build_extra_vars_file(vars, private_dir):
handle, path = tempfile.mkstemp(dir=private_dir) handle, path = tempfile.mkstemp(dir=os.path.join(private_dir, 'env'))
f = os.fdopen(handle, 'w') f = os.fdopen(handle, 'w')
f.write(safe_dump(vars)) f.write(safe_dump(vars))
f.close() f.close()

6
awx/main/models/credential/injectors.py
View File

@@ -25,7 +25,7 @@ def gce(cred, env, private_data_dir):
env['GCE_PROJECT'] = project env['GCE_PROJECT'] = project
json_cred['token_uri'] = 'https://oauth2.googleapis.com/token' json_cred['token_uri'] = 'https://oauth2.googleapis.com/token'
handle, path = tempfile.mkstemp(dir=private_data_dir) handle, path = tempfile.mkstemp(dir=os.path.join(private_data_dir, 'env'))
f = os.fdopen(handle, 'w') f = os.fdopen(handle, 'w')
json.dump(json_cred, f, indent=2) json.dump(json_cred, f, indent=2)
f.close() f.close()
@@ -96,7 +96,7 @@ def _openstack_data(cred):
def openstack(cred, env, private_data_dir): def openstack(cred, env, private_data_dir):
handle, path = tempfile.mkstemp(dir=private_data_dir) handle, path = tempfile.mkstemp(dir=os.path.join(private_data_dir, 'env'))
f = os.fdopen(handle, 'w') f = os.fdopen(handle, 'w')
openstack_data = _openstack_data(cred) openstack_data = _openstack_data(cred)
yaml.safe_dump(openstack_data, f, default_flow_style=False, allow_unicode=True) yaml.safe_dump(openstack_data, f, default_flow_style=False, allow_unicode=True)
@@ -111,7 +111,7 @@ def kubernetes_bearer_token(cred, env, private_data_dir):
env['K8S_AUTH_API_KEY'] = cred.get_input('bearer_token', default='') env['K8S_AUTH_API_KEY'] = cred.get_input('bearer_token', default='')
if cred.get_input('verify_ssl') and 'ssl_ca_cert' in cred.inputs: if cred.get_input('verify_ssl') and 'ssl_ca_cert' in cred.inputs:
env['K8S_AUTH_VERIFY_SSL'] = 'True' env['K8S_AUTH_VERIFY_SSL'] = 'True'
handle, path = tempfile.mkstemp(dir=private_data_dir) handle, path = tempfile.mkstemp(dir=os.path.join(private_data_dir, 'env'))
with os.fdopen(handle, 'w') as f: with os.fdopen(handle, 'w') as f:
os.chmod(path, stat.S_IRUSR | stat.S_IWUSR) os.chmod(path, stat.S_IRUSR | stat.S_IWUSR)
f.write(cred.get_input('ssl_ca_cert')) f.write(cred.get_input('ssl_ca_cert'))

15
awx/main/tasks.py
View File

@@ -873,11 +873,12 @@ class BaseTask(object):
path = tempfile.mkdtemp(prefix='awx_%s_' % instance.pk, dir=pdd_wrapper_path) path = tempfile.mkdtemp(prefix='awx_%s_' % instance.pk, dir=pdd_wrapper_path)
os.chmod(path, stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR) os.chmod(path, stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR)
runner_project_folder = os.path.join(path, 'project') # Ansible runner requires that project exists,
if not os.path.exists(runner_project_folder): # and we will write files in the other folders without pre-creating the folder
# Ansible Runner requires that this directory exists. for subfolder in ('project', 'inventory', 'env'):
# Specifically, when using process isolation runner_subfolder = os.path.join(path, subfolder)
os.mkdir(runner_project_folder) if not os.path.exists(runner_subfolder):
os.mkdir(runner_subfolder)
return path return path
def build_private_data_files(self, instance, private_data_dir): def build_private_data_files(self, instance, private_data_dir):
@@ -921,7 +922,7 @@ class BaseTask(object):
# Instead, ssh private key file is explicitly passed via an # Instead, ssh private key file is explicitly passed via an
# env variable. # env variable.
else: else:
handle, path = tempfile.mkstemp(dir=private_data_dir) handle, path = tempfile.mkstemp(dir=os.path.join(private_data_dir, 'env'))
f = os.fdopen(handle, 'w') f = os.fdopen(handle, 'w')
f.write(data) f.write(data)
f.close() f.close()
@@ -2460,7 +2461,7 @@ class RunInventoryUpdate(BaseTask):
if injector is not None: if injector is not None:
content = injector.inventory_contents(inventory_update, private_data_dir) content = injector.inventory_contents(inventory_update, private_data_dir)
# must be a statically named file # must be a statically named file
inventory_path = os.path.join(private_data_dir, injector.filename) inventory_path = os.path.join(private_data_dir, 'inventory', injector.filename)
with open(inventory_path, 'w') as f: with open(inventory_path, 'w') as f:
f.write(content) f.write(content)
os.chmod(inventory_path, stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR) os.chmod(inventory_path, stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR)