Addresses some cases where
collection requirements do not exist
collection requirements cannot be evaluated
Consolidate logic for roles and collection installs
Add validation around prompted scm_branch requiring
project allow_override field to be true
Updated related process isolation docs
Fix invalid comarision in serializer
from PR review, clarify pre-check logging, minor docs additions
Copy project folder each job run
change cwd to private_data_dir, from proj
do not add cwd to show_paths if it is
a subdirectory of private_data_dir, which
is already shown
Pass the job private_data_dir to the local
project sync, and also add that directory
to the project sync show paths
Add GitPython dep and use for job sync logic
use this to manage shallow clone from desired
commit, and to map branch to commit,
and to assess necessity of project sync
Start on some validation change, but not all
allow arbitrary playbooks with custom branch
The `git_result` variable is incorrectly checked as being `defined` vs. `not skipped`. This causes SVN (or any non-GIT) project update to fail consistently when `doesRequirementsExist.stat.exists` is true
Signed-off-by: DanielDisisto <daniel.disisto@didata.com.au>
this works a limitation in ansible for connection: local and makes it so
that you can run connection: local playbooks with a /usr/bin/python that
is Python3 and an Ansible virtualenv that is Python2
see: https://github.com/ansible/awx/issues/3267
this attempts to surface the underlying runner exception for tracebacks
like this one:
FileNotFoundError: [Errno 2] No such file or directory:
'/tmp/awx_41_93gtgv25/artifacts/41/status'
* We include a special header value in the user agent when tower proxies
requests to get per-host rules.
* This extends that header logic to when we fetch plans (playbooks)
"check" runs check out the version that is saved in the database,
so for git repos, any subsequent "checkout" run on the same node
would always report that we have the proper version, and we would
not properly force a role update when requiremets.yml changes.
Also, don't use `scm_result` for all SCMs, as the skipped tasks will
overwrite earlier `scm_result` variables.
the main goal of this change is to make `make docker-isolated` work out
of the box
- specify the proper version for awx-expect --version
- update some deprecated playbook bits
- change the isolated container to privileged so bwrap will work
- fix awx-manage test_isolated_connection
- expedite the first isolated heartbeat so you don't have to wait 10m;
this is accomplished by _not_ setting Instance.last_isolated_check to
now() at insertion time (which causes the next check not to happen for
10 minutes)
- fix a bug that caused isolated node execution to fail when bwrap was
enabled
see: https://github.com/ansible/tower/issues/2150
This reverts commit 9863fe71dc.
it's not unusual for the secret data we pass into the `run_isolated.yml`
playbook to be quite long, namely because it can contain RSA key
data; by passing this value into the ansible-playbook process using
`vars_prompt`, we're limited by pexpect's tty line limit (which looks
like it caps out around 4k). Because of this, large payloads are
being truncated and causing job run failures.
this changes the implementation to use a named pipe instead, which
doesn't have the same limitation
see: #7183
* Gone are the days of playbook abuse.
* Our project update can now call a single Insight Ansible module to
loop over the set of maintenance plans to download and save playbooks
for use by job templates.
* use tower-expect command to determine job status when running
the isolated heartbeat playbook
* grok JSON output of playbook to obtain result information
* run playbook against multiple isolated hosts at the same time
(addresses scalability concerns)
