Include the EE set on a workflow template in the resolver hierarchy
SUMMARY
This step comes immediately after checking the actual job/template for
an explicitly set EE.
Note that now, because of how jobs are spawned off of workflow nodes,
the call to .resolve_execution_environment() no longer happens in
.create_unified_job(). The job instance within .create_unified_job()
doesn't yet have access to the node that it will be attached to,
making it impossible to use this information in the resolver if called
there.
related #9560
ISSUE TYPE
Feature Pull Request
Bugfix Pull Request
COMPONENT NAME
API
AWX VERSION
Reviewed-by: Shane McDonald <me@shanemcd.com>
Reviewed-by: Christian Adams <rooftopcellist@gmail.com>
* AWX_ISOLATION_SHOW_PATHS will be shared between containers. Strange
file not found error can crop up when concurrently accessing shared
directories between multiple containers that are bind mounted with big
Z. So make sure we use little z.
This step comes immediately after checking the actual job/template for
an explicitly set EE.
Note that now, because of how jobs are spawned off of workflow nodes,
the call to .resolve_execution_environment() no longer happens in
.create_unified_job(). The job instance within .create_unified_job()
doesn't yet have access to the node that it will be attached to,
making it impossible to use this information in the resolver if called
there.
- base64 encode secret values before creating the secret
- Construct valid .dockerconfigjson
- Cancel jobs where it will obviously fail & error handling
- Check if the secret exists first, then attempts to replace it if it does.
--- Passing this parameter in receptor_params in AWXReceptorJob class
--- Removed AWX_CONTAINER_GROUP_POD_LAUNCH_RETRIES from defaults.py as it was not being used anywhere
--- Removed AWX_CONTAINER_GROUP_POD_LAUNCH_RETRY_DELAY from defaults.py as it was not being used anywhere
Use inventory and env private_data_dir subfolders
SUMMARY
This is another part of trying to get AWX to follow ansible-runner best practices.
See docs:
https://ansible-runner.readthedocs.io/en/stable/intro.html#runner-input-directory-hierarchy
So what runner & people expect is:
.
├── env
│ ├── envvars
│ ├── extravars
│ ├── passwords
│ ├── cmdline
│ ├── settings
│ └── ssh_key
├── inventory
│ └── hosts
└── project
├── test.yml
└── roles
└── testrole
├── defaults
├── handlers
├── meta
├── README.md
├── tasks
├── tests
└── vars
What we were producing was something more like
├── cp
├── env
│ ├── cmdline
│ ├── envvars
│ ├── extravars
│ ├── passwords
│ ├── settings
│ └── ssh_key
├── project
│ ├── ansible.cfg
│ ├── ansible_env.yml
│ ├── async_tasks.yml
<snip>
│ └── vault.yml
└── tmp3evnorsu
There was no inventory folder, and inventory was stored in tmp3evnorsu as a top-level file. Any credential files were also saved in that same structure.
With this change, it's more like:
├── cp
├── env
│ ├── cmdline
│ ├── envvars
│ ├── extravars
│ ├── passwords
│ └── settings
├── inventory
│ └── tmp94xjm0d7
└── project
├── ansible.cfg
├── ansible_env.yml
├── async_tasks.yml
<snip>
└── vault.yml
and any credential files (starting with tmp) are dumped into the env folder.
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
API
AWX VERSION
14.1.0
ADDITIONAL INFORMATION
The motivation for this is that ansible-runner may require specific mounts for every file of directory in the private_data_dir. As such, we really don't want randomized filenames in the top level directory. I don't know for sure this is the direction we are going to go, but this seems like a defensible change on its own, to better adhere to the practices someone familiar with ansible-runner would expect.
Reviewed-by: Alan Rominger <arominge@redhat.com>
Reviewed-by: Chris Meyers <None>
close db and cache connection in new threads
It's not safe to share or re-use django db connections nor django cache connections across new threads nor processes.
Reviewed-by: Alan Rominger <arominge@redhat.com>
Reviewed-by: Shane McDonald <me@shanemcd.com>
Update with force option if branch_override
Addresses a reported issue where force-pushing to feature branches did not work.
Connect #9371 (comment)
Reviewed-by: Bill Nottingham <None>
This avoids writing files to the top level
of the ansible-runner private_data_dir
Inventory is moved to be in the standard "inventory" folder
Credential related files are moved inside of the "env" folder
Also pre-create these folders when preparing for a job run
With this, args is the only top-level file still remaining
Isolated removal
SUMMARY
Removal of the isolated nodes feature.
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
API
AWX VERSION
Reviewed-by: Alan Rominger <arominge@redhat.com>
Reviewed-by: Jeff Bradberry <None>
Reviewed-by: Elyézer Rezende <None>
Reviewed-by: Bianca Henderson <beeankha@gmail.com>
- This file shouldnt need the executable bit
- Should have been setting permissions before writing any data
- No need to close the file since we're using open w/ a context manager
Adding the scm_track_submodules option for project
SUMMARY
Adding the scm_track_submodules option which should fix the related #7846
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
API
UI
AWX VERSION
awx: 17.0.1
ADDITIONAL INFORMATION
This option will add the track_submodules option which is described in the ansible git module: https://docs.ansible.com/ansible/latest/collections/ansible/builtin/git_module.html
if yes, submodules will track the latest commit on their master branch (or other branch specified in .gitmodules). If no, submodules will be kept at the revision specified by the main project. This is equivalent to specifying the --remote flag to git submodule update.
Reviewed-by: Shane McDonald <me@shanemcd.com>
Reviewed-by: Alan Rominger <arominge@redhat.com>
Reviewed-by: None <None>
Reviewed-by: Alex Corey <Alex.swansboro@gmail.com>
