foreman_ansible 6.4.0 → 7.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 05c975cb77fe5add41b7281dfa1c2451bb22a09ab5dc6251ab06fd4d00b834e2
-  data.tar.gz: 86613f4be767b5af80a06f83b9e13f8f030cd80bc362d866323111b61a0b23a9
+  metadata.gz: 299049c29764a0920259664c06288f37ea56d4b920e049243baeab9ad7f2e608
+  data.tar.gz: 779264101df1f9fa6e0188c8673a435b98eb4dbd9fd814e754f991247b5bb250
 SHA512:
-  metadata.gz: dc27695cef374e8b709ddc3c3882056587cbf975ac7d497c1fec5aaa1885f85bcb3677c2c7fd3f2602f529cba0a6736017703f6d7ca413eb5f2ed7a6de112a94
-  data.tar.gz: ba0c5f9b94a51b7328cc0df73bfcc0f47831b1004b275be935fa73a83ae9c6f12b81086071ebe69292c8aa5ad436c5389a6a6f1ac457720bcefe034b456c0ec8
+  metadata.gz: '08a1b935eb0c033ff08674e4922ee597d39ed602ef351b82d9ac763af9d850e5a32ff9ea482af7f74a641552ebaf62094b6fa59170cba317b5bba67949d31a8d'
+  data.tar.gz: 3f814381b2167e370757f761a0b5d3e1217e3c3ba4293d7f1ecf1e77599c232ef8c62beae293c8593d81ab4e305ae1cced983527bc6d29e248bbda3a3f4e731e

data/app/controllers/api/v2/ansible_inventories_controller.rb

@@ -90,7 +90,7 @@ module Api
       private
 
       def schedule_params
-        template_name = Setting::Ansible.find_by(:name => 'ansible_inventory_template').value
+        template_name = Setting['ansible_inventory_template']
         @report_template = ReportTemplate.find_by!(:name => template_name)
         params[:id] = @report_template.id
         params[:report_format] = 'json' if params[:report_format].blank?

data/app/graphql/mutations/ansible_variable_overrides/create.rb

@@ -0,0 +1,26 @@
+module Mutations
+  module AnsibleVariableOverrides
+    class Create < ::Mutations::CreateMutation
+      graphql_name 'CreateAnsibleVariableOverrideMutation'
+      description 'Creates Ansible Variable Override'
+
+      resource_class LookupValue
+
+      argument :host_id, Int, required: true
+      argument :lookup_key_id, Int, required: true
+      argument :value, ::Types::RawJson, required: true
+      argument :match, String, required: true
+      argument :omit, Boolean
+
+      field :overriden_ansible_variable, ::Types::OverridenAnsibleVariable, :null => true
+
+      def resolve(host_id:, **kwargs)
+        result = super kwargs
+        host = Host.find host_id
+        vars = AnsibleVariable.where :id => kwargs[:lookup_key_id]
+        resolver = ::ForemanAnsible::OverrideResolver.new(host, vars)
+        result.merge :overriden_ansible_variable => ::Presenters::OverridenAnsibleVariablePresenter.new(vars.first, resolver)
+      end
+    end
+  end
+end

data/app/graphql/mutations/ansible_variable_overrides/delete.rb

@@ -0,0 +1,38 @@
+module Mutations
+  module AnsibleVariableOverrides
+    class Delete < ::Mutations::DeleteMutation
+      graphql_name 'DeleteAnsibleVariableOverride'
+      description 'Deletes Ansible Variable Override'
+
+      resource_class LookupValue
+
+      argument :host_id, Int, required: true
+      argument :variable_id, Int, required: true
+
+      field :overriden_ansible_variable, ::Types::OverridenAnsibleVariable, :null => true
+
+      def resolve(id:, host_id:, variable_id:)
+        host = Host.find_by :id => host_id
+        variable = AnsibleVariable.find_by :id => variable_id
+        return resource_not_found(_('Host not found by id: %s'), host_id) unless host
+        return resource_not_found(_('Ansible Variable not found by id: %s'), variable_id) unless variable
+        authorize!(host, :view)
+        authorize!(variable, :edit)
+
+        result = super id: id
+        resolver = ::ForemanAnsible::OverrideResolver.new(host, [variable.id])
+        result.merge :overriden_ansible_variable => ::Presenters::OverridenAnsibleVariablePresenter.new(variable, resolver)
+      end
+
+      def resource_not_found(message)
+        {
+          :overriden_ansible_variable => nil,
+          :errros => [{
+            :path => ['base'],
+            :message => message
+          }]
+        }
+      end
+    end
+  end
+end

data/app/graphql/mutations/ansible_variable_overrides/update.rb

@@ -0,0 +1,26 @@
+module Mutations
+  module AnsibleVariableOverrides
+    class Update < ::Mutations::UpdateMutation
+      graphql_name 'UpdateAnsibleVariableOverrideMutation'
+      description 'Updates Ansible Variable Override'
+
+      resource_class LookupValue
+
+      argument :value, ::Types::RawJson, required: true
+      argument :match, String, required: false
+      argument :omit, Boolean, required: false
+      argument :host_id, Int, required: true
+      argument :ansible_variable_id, Int, required: true
+
+      field :overriden_ansible_variable, ::Types::OverridenAnsibleVariable, :null => true
+
+      def resolve(host_id:, ansible_variable_id:, **kwargs)
+        result = super kwargs
+        host = Host.find host_id
+        vars = AnsibleVariable.where :id => ansible_variable_id
+        resolver = ::ForemanAnsible::OverrideResolver.new(host, vars.pluck(:id))
+        result.merge :overriden_ansible_variable => ::Presenters::OverridenAnsibleVariablePresenter.new(vars.first, resolver)
+      end
+    end
+  end
+end

data/app/graphql/mutations/hosts/assign_ansible_roles.rb

@@ -0,0 +1,37 @@
+module Mutations
+  module Hosts
+    class AssignAnsibleRoles < ::Mutations::UpdateMutation
+      resource_class Host::Managed
+
+      argument :ansible_role_ids, [Integer], required: true
+
+      field :host, Types::Host, 'The updated host.', null: false
+
+      def resolve(id:, ansible_role_ids:)
+        host = load_object_by(id: id)
+        authorize!(host, :edit)
+
+        existing = host.host_ansible_roles
+        updated_ids = []
+        attrs = []
+
+        ansible_role_ids.each do |role_id|
+          current = existing.find_by :ansible_role_id => role_id
+          attrs << { :id => current&.id, :position => attrs.count + 1, :ansible_role_id => role_id }
+          updated_ids << current.id if current
+        end
+
+        existing.where.not(:id => updated_ids).each do |item|
+          attrs << { :id => item.id, :position => attrs.count + 1, :_destroy => true }
+        end
+
+        host.host_ansible_roles_attributes = attrs
+        save_object(host)
+      end
+
+      def result_key
+        :host
+      end
+    end
+  end
+end

data/app/graphql/presenters/ansible_role_presenter.rb

@@ -0,0 +1,12 @@
+module Presenters
+  class AnsibleRolePresenter
+    attr_reader :ansible_role, :inherited
+
+    delegate :id, :name, :association, :to => :ansible_role
+
+    def initialize(ansible_role, inherited)
+      @ansible_role = ansible_role
+      @inherited = inherited
+    end
+  end
+end

data/app/graphql/presenters/overriden_ansible_variable_presenter.rb

@@ -0,0 +1,19 @@
+module Presenters
+  class OverridenAnsibleVariablePresenter
+    attr_reader :ansible_variable
+
+    delegate :id, :key, :description, :override?,
+             :parameter_type, :hidden_value?, :omit, :required,
+             :validator_type, :validator_rule, :default_value,
+             :ansible_role, :current_value, :to => :ansible_variable
+
+    def initialize(ansible_variable, override_resolver)
+      @ansible_variable = ansible_variable
+      @override_resolver = override_resolver
+    end
+
+    def current_value
+      @override_resolver.resolve @ansible_variable
+    end
+  end
+end

data/app/graphql/resolvers/ansible_role/path.rb

@@ -0,0 +1,11 @@
+module Resolvers
+  module AnsibleRole
+    class Path < Resolvers::BaseResolver
+      type String, null: false
+
+      def resolve
+        Rails.application.routes.url_helpers.ansible_roles_path(search: "name = #{object.name}")
+      end
+    end
+  end
+end

data/app/graphql/resolvers/ansible_variable/path.rb

@@ -0,0 +1,11 @@
+module Resolvers
+  module AnsibleVariable
+    class Path < Resolvers::BaseResolver
+      type String, null: false
+
+      def resolve
+        Rails.application.routes.url_helpers.edit_ansible_variable_path(object.ansible_variable)
+      end
+    end
+  end
+end

data/app/graphql/types/ansible_role.rb

@@ -0,0 +1,10 @@
+module Types
+  class AnsibleRole < BaseObject
+    description 'Ansible role'
+
+    global_id_field :id
+
+    field :name, String, :null => false
+    field :path, resolver: Resolvers::AnsibleRole::Path
+  end
+end

data/app/graphql/types/ansible_variable.rb

@@ -0,0 +1,24 @@
+module Types
+  class AnsibleVariable < BaseObject
+    description 'Ansible Variable'
+
+    global_id_field :id
+
+    field :key, String
+    field :path, resolver: Resolvers::AnsibleVariable::Path
+    field :override, Boolean
+    field :description, String
+    field :hidden_value, Boolean
+    field :parameter_type, String
+    field :omit, Boolean
+    field :required, Boolean
+    field :validator_type, String
+    field :validator_rule, String
+    field :default_value, ::Types::RawJson
+    field :ansible_role_name, String
+
+    def ansible_role_name
+      object.ansible_role.name
+    end
+  end
+end

data/app/graphql/types/ansible_variable_override.rb

@@ -0,0 +1,9 @@
+module Types
+  class AnsibleVariableOverride < GraphQL::Types::Relay::BaseObject
+    description 'Override value for Ansible Variable'
+
+    field :value, ::Types::RawJson, :null => false
+    field :element, ::Types::RawJson, :null => false
+    field :element_name, ::Types::RawJson, :null => false
+  end
+end

data/app/graphql/types/inherited_ansible_role.rb

@@ -0,0 +1,13 @@
+module Types
+  class InheritedAnsibleRole < ::Types::AnsibleRole
+    field :inherited, Boolean, :null => false
+
+    def object_class
+      object.ansible_role.class
+    end
+
+    def load_object
+      object.ansible_role
+    end
+  end
+end

data/app/graphql/types/overriden_ansible_variable.rb

@@ -0,0 +1,27 @@
+module Types
+  class OverridenAnsibleVariable < ::Types::AnsibleVariable
+    description 'Ansible Variable with an override value for a host'
+    model_class ::AnsibleVariable
+
+    field :current_value, ::Types::AnsibleVariableOverride, :null => true
+    field :lookup_values, ::Types::LookupValue.connection_type do
+      argument :match, String, required: false
+    end
+
+    field :meta, ::Types::Meta, resolve: (proc do |object|
+      {
+        :can_edit => ::User.current.can?(object.ansible_variable.permission_name(:edit), object.ansible_variable),
+        :can_destroy => ::User.current.can?(object.ansible_variable.permission_name(:destroy), object.ansible_variable)
+      }
+    end)
+
+    def lookup_values(match: nil)
+      return CollectionLoader.for(object.ansible_variable.class, :lookup_values).load(object.ansible_variable) unless match
+
+      scope = lambda do |sc|
+        sc.where(:match => match)
+      end
+      CollectionLoader.for(object.ansible_variable.class, :lookup_values, scope).load(object.ansible_variable)
+    end
+  end
+end

data/app/helpers/foreman_ansible/ansible_roles_data_preparations.rb

@@ -2,22 +2,22 @@
 
 module ForemanAnsible
   module AnsibleRolesDataPreparations
-    VARIABLE_ACTION_NAMES = { 'new' => N_('Add'), 'obsolete' => N_('Remove'), 'update' => N_('Update') }.freeze
-    ROLE_ACTION_NAMES = { 'new' => N_('Import Role'), 'obsolete' => N_('Remove Role'), 'old' => N_('Update Role Variables') }.freeze
+    VARIABLE_ACTION_NAMES = { 'new' => _('Add'), 'obsolete' => _('Remove'), 'update' => _('Update') }.freeze
+    ROLE_ACTION_NAMES = { 'new' => _('Import Role'), 'obsolete' => _('Remove Role'), 'old' => _('Update Role Variables') }.freeze
 
-    def get_variable_action(kind)
-      _(VARIABLE_ACTION_NAMES[kind])
+    def variable_action_name(kind)
+      VARIABLE_ACTION_NAMES[kind]
     end
 
-    def get_role_action(kind)
-      _(ROLE_ACTION_NAMES[kind])
+    def role_action_name(kind)
+      ROLE_ACTION_NAMES[kind]
     end
 
     def get_old_roles_variables(imported_variables, role)
-      variables = { 'Add' => [], 'Remove' => [], 'Update' => [] }
+      variables = { 'new' => [], 'obsolete' => [], 'update' => [] }
       imported_variables.each do |kind, temp_variables|
         temp_variables.each do |temp_variable|
-          variables[get_variable_action(kind)].append(temp_variable.key) if temp_variable.ansible_role_id == role.id
+          variables[kind].append(temp_variable.key) if temp_variable.ansible_role_id == role.id
         end
       end
       variables
@@ -26,16 +26,16 @@ module ForemanAnsible
     def variables_to_s(variables)
       str = ''
       variables.each do |action, temp_variables|
-        str += "#{action}: #{temp_variables.size}, " unless temp_variables.empty?
+        str += "#{variable_action_name action}: #{temp_variables.size}, " unless temp_variables.empty?
       end
       str[0..-3]
     end
 
     def get_roles_variables(imported_variables, variables_importer, kind, role)
       if kind == 'new'
-        variables = { 'Add' => variables_importer.get_variables_names(role.name) }
+        variables = { 'new' => variables_importer.get_variables_names(role.name) }
       elsif kind == 'obsolete'
-        variables = { 'Remove' => role.ansible_variables.map(&:key) }
+        variables = { 'obsolete' => role.ansible_variables.map(&:key) }
       elsif kind == 'old'
         variables = get_old_roles_variables(imported_variables, role)
       end
@@ -51,24 +51,25 @@ module ForemanAnsible
       match.to_s.empty? ? nil : match
     end
 
-    def prepare_api_row(role, kind, variables, role_action)
+    def prepare_api_row(role, kind, variables)
       {
         name: role.name,
         id: role.id,
-        role_action: role_action,
+        role_action: role_action_name(kind),
         variables: variables,
-        hosts_count: role_action == 'Remove Role' ? role.hosts.count : '',
-        hostgroup_count: role_action == 'Remove Role' ? role.hostgroups.count : '',
+        hosts_count: kind == 'obsolete' ? role.hosts.count : '',
+        hostgroup_count: kind == 'obsolete' ? role.hostgroups.count : '',
         kind: kind
       }
     end
 
-    def prepare_ui_row(role, kind, variables, role_action)
+    def prepare_ui_row(role, kind, variables)
       { cells: [
         role.name,
-        role_action, variables,
-        role_action == 'Remove Role' ? role.hosts.count : '',
-        role_action == 'Remove Role' ? role.hostgroups.count : ''
+        role_action_name(kind),
+        variables,
+        kind == 'obsolete' ? role.hosts.count : '',
+        kind == 'obsolete' ? role.hostgroups.count : ''
       ],
         role: role, kind: kind, id: role.name }
     end
@@ -81,11 +82,10 @@ module ForemanAnsible
           next if role_match_excluded_roles(role.name)
           variables = get_roles_variables(imported_variables, variables_importer, kind, role)
           next if variables.empty? && kind['old']
-          role_action = get_role_action(kind)
           if is_ui
-            rows.append(prepare_ui_row(role, kind, variables, role_action))
+            rows.append(prepare_ui_row(role, kind, variables))
           else
-            rows.append(prepare_api_row(role, kind, variables, role_action))
+            rows.append(prepare_api_row(role, kind, variables))
           end
         end
       end

data/app/models/concerns/foreman_ansible/host_managed_extensions.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require 'ipaddress'
+require 'resolv'
 module ForemanAnsible
   # Relations to make Host::Managed 'have' ansible roles
   module HostManagedExtensions
@@ -16,7 +16,7 @@ module ForemanAnsible
                  :dependent => :destroy
         scoped_search :relation => :ansible_roles, :on => :name,
                       :complete_value => true, :rename => :ansible_role,
-                      :only_explicit => true
+                      :only_explicit => true, ext_method: :search_by_role
 
         before_provision :play_ansible_roles
         audit_associations :ansible_roles
@@ -30,6 +30,14 @@ module ForemanAnsible
       hostgroup.inherited_and_own_ansible_roles
     end
 
+    def own_ansible_roles
+      ansible_roles.where.not(:id => inherited_ansible_roles.pluck(:id))
+    end
+
+    def available_ansible_roles
+      AnsibleRole.where.not(:id => all_ansible_roles.pluck(:id))
+    end
+
     # This one should be fixed, disabled for the moment as we're
     # in a rush to get the release out
     def play_ansible_roles
@@ -39,7 +47,7 @@ module ForemanAnsible
       composer.triggering.mode = :future
       composer.triggering.start_at = (
         Time.zone.now +
-        Setting::Ansible[:ansible_post_provision_timeout].to_i.seconds
+        Setting[:ansible_post_provision_timeout].to_i.seconds
       )
       composer.trigger!
       logger.info("Task for Ansible roles on #{self} before_provision: "\
@@ -58,12 +66,23 @@ module ForemanAnsible
       def import_host(*args)
         host = super(*args)
         hostname = args[0]
-        if IPAddress.valid?(hostname) &&
+        if (Resolv::IPv4::Regex.match?(hostname) || Resolv::IPv6::Regex.match?(hostname)) &&
            (host_nic = Nic::Interface.find_by(:ip => hostname))
           host = host_nic.host
         end
         host
       end
+
+      def search_by_role(_key, operator, value)
+        conditions = sanitize_sql_for_conditions(["ansible_roles.name #{operator} ?", value_to_sql(operator, value)])
+        host_ids = ::Host::Managed.joins(:ansible_roles).where(conditions).distinct.pluck(:id)
+        hostgroup_ids = ::Hostgroup.unscoped.with_taxonomy_scope.joins(:ansible_roles).where(conditions).map(&:subtree_ids).flatten
+
+        conds = []
+        conds << "hosts.id IN(#{host_ids.join(',')})" if host_ids.present?
+        conds << "hosts.hostgroup_id IN(#{hostgroup_ids.uniq.join(',')})" if hostgroup_ids.present?
+        { conditions: conds.join(' OR ').presence || '1 = 0' }
+      end
     end
   end
 end

data/app/models/concerns/foreman_ansible/hostgroup_extensions.rb

@@ -6,13 +6,14 @@ module ForemanAnsible
     extend ActiveSupport::Concern
 
     included do
-      has_many :hostgroup_ansible_roles, :foreign_key => :hostgroup_id
+      has_many :hostgroup_ansible_roles, -> { order('hostgroup_ansible_roles.position ASC') }, :foreign_key => :hostgroup_id
       has_many :ansible_roles,
                -> { order('hostgroup_ansible_roles.position ASC') },
                :through => :hostgroup_ansible_roles,
                :dependent => :destroy
       accepts_nested_attributes_for :hostgroup_ansible_roles, :allow_destroy => true
       audit_associations :ansible_roles
+      include_in_clone :ansible_roles
 
       def inherited_ansible_roles
         ancestors.reduce([]) do |roles, hostgroup|

data/app/models/foreman_ansible/ansible_provider.rb

@@ -32,12 +32,14 @@ if defined? ForemanRemoteExecution
               template_invocation.template
             ),
             :name => host.name,
-            :check_mode => host.host_param('ansible_roles_check_mode')
+            :check_mode => host.host_param('ansible_roles_check_mode'),
+            :cleanup_working_dirs => cleanup_working_dirs?(host)
           )
         end
 
         def secrets(host)
           {
+            :key_passphrase => Setting[:remote_execution_ssh_key_passphrase],
             'per-host' => {
               host.name => {
                 'ansible_password' => rex_ssh_password(host),
@@ -55,10 +57,6 @@ if defined? ForemanRemoteExecution
           host_setting(host, 'remote_execution_effective_user_password')
         end
 
-        def host_setting(host, setting)
-          host.params[setting.to_s] || Setting[setting]
-        end
-
         def supports_effective_user?
           true
         end
@@ -90,7 +88,7 @@ if defined? ForemanRemoteExecution
             :children => [
               {
                 :name => :tags,
-                :type => Array,
+                :type => String,
                 :opts => { :required => false, :desc => N_('A comma separated list of tags to use for Ansible run') }
               },
               {
@@ -116,6 +114,10 @@ if defined? ForemanRemoteExecution
           'Proxy::Ansible::TaskLauncher::Playbook::PlaybookRunnerAction'
         end
 
+        def proxy_batch_size
+          Setting['foreman_ansible_proxy_batch_size']
+        end
+
         private
 
         def ansible_command?(template)

data/app/services/foreman_ansible/ansible_report_importer.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require 'ipaddress'
+require 'resolv'
 module ForemanAnsible
   # Ensures Ansible reports from hosts where the IP was used, are assigned
   # to the right hostname in Foreman
@@ -10,7 +10,7 @@ module ForemanAnsible
       def host
         hostname = name.downcase
         if AnsibleReportScanner.ansible_report?(raw) &&
-           IPAddress.valid?(hostname) &&
+           (Resolv::IPv4::Regex.match?(hostname) || Resolv::IPv6::Regex.match?(hostname)) &&
            Nic::Interface.find_by(:ip => hostname)
           @host = Nic::Interface.find_by(:ip => hostname).host
         end
@@ -18,10 +18,6 @@ module ForemanAnsible
         partial_hostname_match(hostname)
       end
 
-      def self.authorized_smart_proxy_features
-        super + ['Ansible']
-      end
-
       def partial_hostname_match(hostname)
         return @host unless @host.new_record?
         hosts = Host.where(Host.arel_table[:name].matches("#{hostname}.%"))

data/app/services/foreman_ansible/inventory_creator.rb

@@ -103,7 +103,7 @@ module ForemanAnsible
         'ansible_port' => host_setting(host, 'remote_execution_ssh_port'),
         'ansible_host' => AnsibleProvider.find_ip_or_hostname(host)
       }
-      if @template_invocation.effective_user.present?
+      if @template_invocation.effective_user.present? && @template_invocation.effective_user != params['ansible_user']
         params['ansible_become_user'] = @template_invocation.effective_user
         params['ansible_become'] = true
       end

data/app/services/foreman_ansible/override_resolver.rb

@@ -0,0 +1,22 @@
+module ForemanAnsible
+  # Service which resolves override values for hosts
+  class OverrideResolver
+    attr_reader :overrides, :ansible_variables
+
+    def initialize(host, variable_ids = [])
+      raise(Foreman::Exception.new('OverrideResolver needs a host to resolve overrides')) unless host
+      @ansible_variables = if variable_ids.empty?
+                             AnsibleVariable.where(:ansible_role_id => host.all_ansible_roles, :override => true)
+                           else
+                             AnsibleVariable.where(:id => variable_ids, :override => true)
+                           end
+      @overrides = @ansible_variables.values_hash(host).raw
+    end
+
+    def resolve(ansible_variable)
+      override = @overrides[ansible_variable.id]
+      return unless override
+      override[ansible_variable.key]
+    end
+  end
+end

data/app/views/api/v2/ansible_override_values/index.json.rabl

@@ -0,0 +1,3 @@
+collection @override_values
+
+extends 'api/v2/ansible_override_values/show'

data/app/views/api/v2/ansible_variables/show.json.rabl

@@ -10,7 +10,7 @@ attributes :id, :variable, :ansible_role, :ansible_role_id, :description, :overr
 node do |ansible_variable|
   {
     :override_values => partial(
-      'api/v2/override_values/index',
+      'api/v2/ansible_override_values/index',
       :object => ansible_variable.lookup_values
     )
   }

data/app/views/foreman_ansible/ansible_roles/_hostgroup_ansible_roles_button.erb

@@ -5,11 +5,14 @@
     display_link_if_authorized(_('Run all Ansible roles'), hash_for_play_roles_hostgroup_path(id: hostgroup), :'data-no-turbolink' => true, title: _('Run all Ansible roles on hosts belonging to this host group'))
   end
 
+  assign_jobs = link_to(_("Configure Ansible Job"), "/ansible/hostgroups/#{hostgroup.id}", { class: 'la' })
+
   actions = [
     display_link_if_authorized(_('Nest'),    hash_for_nest_hostgroup_path(:id => hostgroup)),
     display_link_if_authorized(_('Clone'),   hash_for_clone_hostgroup_path(:id => hostgroup))
   ]
   actions.push play_roles if User.current.can?(:create_job_invocations)
+  actions.push assign_jobs if User.current.can?(:view_job_invocations) && User.current.can?(:view_recurring_logics)
   actions.push display_delete_if_authorized(hash_for_hostgroup_path(:id => hostgroup).merge(:auth_object => hostgroup, :authorizer => authorizer), :data => { :confirm => warning_message(hostgroup) })
 
   action_buttons(*actions)

data/app/views/foreman_ansible/job_templates/convert_to_rhel.erb

@@ -5,13 +5,17 @@ template_inputs:
 - name: Activation Key
   required: true
   input_type: user
+  description: Set the activation key to assign the desired RHEL subscription and
+    life cycle environment to the converted machine at the registration step.
   advanced: false
-  value_type: plain
+  value_type: resource
   resource_type: Katello::ActivationKey
   hidden_value: false
 - name: Restart
   required: true
   input_type: user
+  description: Restart the system when it is successfully converted to RHEL to boot
+    the new RHEL kernel.
   options: "yes\r\nno"
   advanced: false
   value_type: plain
@@ -34,7 +38,7 @@ kind: job_template
         url: <%= subscription_manager_configuration_url(@host) %>
         dest: /usr/share/convert2rhel/subscription-manager/katello-ca-consumer-latest.noarch.rpm
     - name: Start convert2rhel
-      command: convert2rhel -y --activationkey "<%= input('Activation Key') %>" --org "<%= @host.organization.label %>" > /root/convert2rhel.log
+      command: convert2rhel -y --activationkey "<%= input_resource('Activation Key').name %>" --org "<%= @host.organization.label %>" --keep-rhsm
 <%- if input('Restart') == "yes" -%>
     - name: Reboot the machine
       reboot: