foreman_ansible 2.1.0 → 2.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 11936ad8fbecb22faf149473256064f197414c8b
-  data.tar.gz: f54a4994feab57e29e2a974d04137be329105b5b
+SHA256:
+  metadata.gz: 7fa908b35593b08f7be264f7a9d23ef2357858ab24faea00711b06084a4f9c4a
+  data.tar.gz: 7d1ae5b38052fd0b620170316ccf295181ff02c7d92712db15a95e2c3ab56bb5
 SHA512:
-  metadata.gz: 6446ec9cb86573ed497ee010b2aa05b1e36b62e3cc9a9cd97afdfc2fd2df6620baed984339fa52f0cffe169b8ba1e38e7b3aff9f42a663e8ce3ed4ac0b89cb34
-  data.tar.gz: 3b188ae9c37bcc7a1921a5ac008263a03c55867b322c5c4bb71bb67bf2347d6feed7b73513ad8cf2ec1b53fd82ea2b397ea8ed1d1afc0e861f0b422bb5491fcf
+  metadata.gz: 0c0fc2260f5762f172b3445567069b48bc7a021129d9aa8ae94ff4eef7d28cadd7f93fa8302e6143561545fc2b327a51e5f1400942ad853bed4262c431f5d751
+  data.tar.gz: d01daf2b7f4559c9e4ec4e819f6d4d99ce4570f59d3e4b99a2e074b3c16046817634846f534a08c46ec0c4aadbd92489897fd02a8c5f6b37e428605fa10daad3

data/app/controllers/api/v2/ansible_roles_controller.rb

@@ -4,33 +4,38 @@ module Api
     class AnsibleRolesController < ::Api::V2::BaseController
       include ::Api::Version2
 
+      resource_description do
+        api_version 'v2'
+        api_base_url '/ansible/api'
+      end
+
       before_action :find_resource, :only => [:show, :destroy]
       before_action :find_proxy, :only => [:import, :obsolete]
       before_action :create_importer, :only => [:import, :obsolete]
 
-      api :GET, '/ansible/ansible_roles/:id', N_('Show role')
+      api :GET, '/ansible_roles/:id', N_('Show role')
       param :id, :identifier, :required => true
       def show; end
 
-      api :GET, '/ansible/ansible_roles', N_('List Ansible roles')
+      api :GET, '/ansible_roles', N_('List Ansible roles')
       param_group :search_and_pagination, ::Api::V2::BaseController
       def index
         @ansible_roles = resource_scope_for_index
       end
 
-      api :DELETE, '/ansible/ansible_roles/:id', N_('Deletes Ansible role')
+      api :DELETE, '/ansible_roles/:id', N_('Deletes Ansible role')
       param :id, :identifier, :required => true
       def destroy
         process_response @ansible_role.destroy
       end
 
-      api :POST, '/ansible/ansible_roles/import', N_('Import Ansible roles')
+      api :POST, '/ansible_roles/import', N_('Import Ansible roles')
       param :proxy, Hash, N_('Smart Proxy to import from')
       def import
         @imported = @importer.import!
       end
 
-      api :POST, '/ansible/ansible_roles/obsolete', N_('Obsolete Ansible roles')
+      api :POST, '/ansible_roles/obsolete', N_('Obsolete Ansible roles')
       param :proxy, Hash, N_('Smart Proxy to import from')
       def obsolete
         @obsoleted = @importer.obsolete!

data/app/controllers/foreman_ansible/api/v2/hostgroups_controller_extensions.rb

@@ -27,7 +27,7 @@ module ForemanAnsible
           def multiple_play_roles
             find_multiple
             composer = job_composer(:ansible_run_host,
-                                    @hostgroups.map(&:hosts).flatten.uniq)
+                                    @hostgroups.map(&:host_ids).flatten.uniq)
             process_response composer.trigger!, composer.job_invocation
           end
         end

data/app/controllers/foreman_ansible/api/v2/hosts_controller_extensions.rb

@@ -21,7 +21,7 @@ module ForemanAnsible
           param :id, Array, :required => true
 
           def multiple_play_roles
-            composer = job_composer(:ansible_run_host, @host)
+            composer = job_composer(:ansible_run_host, @host.pluck(:id))
             process_response composer.trigger!, composer.job_invocation
           end
         end

data/app/models/ansible_role.rb

@@ -1,5 +1,6 @@
 # Simple model to store basic info about the Ansible role
 class AnsibleRole < ApplicationRecord
+  audited
   include Authorizable
 
   self.include_root_in_json = false
@@ -12,6 +13,14 @@ class AnsibleRole < ApplicationRecord
 
   scoped_search :on => :name, :complete_value => true
   scoped_search :on => :updated_at
+  scoped_search :relation => :hosts,
+                :on => :id, :rename => :host_id, :only_explicit => true
+  scoped_search :relation => :hosts,
+                :on => :name, :rename => :host, :only_explicit => true
+  scoped_search :relation => :hostgroups,
+                :on => :id, :rename => :hostgroup_id, :only_explicit => true
+  scoped_search :relation => :hostgroups,
+                :on => :name, :rename => :hostgroup, :only_explicit => true
 
   # Methods to be allowed in any template with safemode enabled
   class Jail < Safemode::Jail

data/app/models/concerns/foreman_ansible/host_managed_extensions.rb

@@ -13,6 +13,7 @@ module ForemanAnsible
 
       before_provision :play_ansible_roles
       include ForemanAnsible::HasManyAnsibleRoles
+      audit_associations :ansible_roles
 
       def inherited_ansible_roles
         return [] unless hostgroup

data/app/models/concerns/foreman_ansible/hostgroup_extensions.rb

@@ -8,6 +8,7 @@ module ForemanAnsible
       has_many :ansible_roles, :through => :hostgroup_ansible_roles,
                                :dependent => :destroy
       include ForemanAnsible::HasManyAnsibleRoles
+      audit_associations :ansible_roles
 
       def inherited_ansible_roles
         ancestors.reduce([]) do |roles, hostgroup|

data/app/models/host_ansible_role.rb

@@ -1,6 +1,5 @@
 # Join model that hosts the connection between hosts and ansible_roles
 class HostAnsibleRole < ApplicationRecord
-  audited :associated_with => :host, :allow_mass_assignment => true
   belongs_to_host
   belongs_to :ansible_role
 

data/app/models/setting/ansible.rb

@@ -73,6 +73,21 @@ class Setting
                  'foreman_params["host_parameter"] in the playbooks.'),
               true,
               N_('Top level Ansible variables')
+            ),
+            set(
+              'ansible_interval',
+              N_('Timeout (in minutes) when hosts should have reported.'),
+              '30',
+              N_('Ansible report timeout')
+            ),
+            set(
+              'ansible_out_of_sync_disabled',
+              format(N_('Disable host configuration status turning to out of'\
+                 ' sync for %{cfgmgmt} after report does not arrive within'\
+                 ' configured interval'), :cfgmgmt => 'Ansible'),
+              false,
+              format(N_('%{cfgmgmt} out of sync disabled'),
+                     :cfgmgmt => 'Ansible')
             )
           ].compact.each do |s|
             create(s.update(:category => 'Setting::Ansible'))

data/app/services/foreman_ansible/insights_notification_builder.rb

@@ -0,0 +1,64 @@
+module ForemanAnsible
+  # A class that builds custom notificaton for REX job if it's insights
+  # remediation feature
+  # rubocop:disable LineLength
+  class InsightsNotificationBuilder < ::UINotifications::RemoteExecutionJobs::BaseJobFinish
+    # rubocop:enable LineLength
+    def deliver!
+      ::Notification.create!(
+        :audience => Notification::AUDIENCE_USER,
+        :notification_blueprint => blueprint,
+        :initiator => initiator,
+        :message => message,
+        :subject => subject,
+        :actions => {
+          :links => links
+        }
+      )
+    end
+
+    def blueprint
+      name = 'insights_remediation_successful'
+      @blueprint ||= NotificationBlueprint.unscoped.find_by(:name => name)
+    end
+
+    def hosts_count
+      @hosts_count ||= subject.template_invocations_hosts.size
+    end
+
+    def message
+      UINotifications::StringParser.new(blueprint.message,
+                                        :hosts_count => hosts_count)
+    end
+
+    def links
+      job_links + insights_links
+    end
+
+    def insights_links
+      pattern_template = subject.pattern_template_invocations.first
+      plan_id = pattern_template.input_values.
+                joins(:template_input).
+                where('template_inputs.name' => 'plan_id').
+                first.try(:value)
+      return [] if plan_id.nil?
+
+      [
+        {
+          :href => "/redhat_access/insights/planner/#{plan_id}",
+          :title => _('Remediation Plan')
+        }
+      ]
+    end
+
+    def job_links
+      UINotifications::URLResolver.new(
+        subject,
+        :links => [{
+          :path_method => :job_invocation_path,
+          :title => _('Job Details')
+        }]
+      ).actions[:links]
+    end
+  end
+end

data/app/services/foreman_ansible/insights_plan_runner.rb

@@ -32,8 +32,23 @@ if defined?(RedhatAccess)
           "v3/maintenance/#{@plan_id}/playbook",
           get_ssl_options_for_org(@organization, nil)
         )
-        response = resource.get
-        YAML.safe_load(response.body)
+        @raw_playbook = resource.get.body
+        YAML.safe_load(@raw_playbook)
+      end
+
+      # To parse the disclaimer we iterate over the first lines of the
+      # playbook (all comments) until we get to a line that looks like
+      # "Generated by Red Hat Insights on..."
+      def parse_disclaimer(playbook = @raw_playbook)
+        return '' if playbook.blank?
+        disclaimer = []
+        playbook.split("\n").each do |line|
+          next if line == '---'
+          break unless line[0] == '#'
+          disclaimer << line
+          break if /Generated by Red Hat Insights on/ =~ line
+        end
+        disclaimer.join("\n")
       end
 
       # This method creates a hash like this:

data/app/services/foreman_ansible/inventory_creator.rb

@@ -94,6 +94,7 @@ module ForemanAnsible
         'ansible_become' => @template_invocation.effective_user,
         'ansible_user' => host_setting(host, 'remote_execution_ssh_user'),
         'ansible_ssh_pass' => rex_ssh_password(host),
+        'ansible_ssh_private_key_file' => ansible_or_rex_ssh_private_key(host),
         'ansible_port' => host_setting(host, 'remote_execution_ssh_port')
       }
       # Backward compatibility for Ansible 1.x
@@ -115,6 +116,15 @@ module ForemanAnsible
         host_setting(host, 'remote_execution_ssh_password')
     end
 
+    def ansible_or_rex_ssh_private_key(host)
+      ansible_private_file = host_setting(host, 'ansible_ssh_private_key_file')
+      if !ansible_private_file.empty?
+        ansible_private_file
+      else
+        ForemanRemoteExecutionCore.settings[:ssh_identity_key_file]
+      end
+    end
+
     private
 
     def render_rabl(host, template)

data/app/services/foreman_ansible/renderer_methods.rb

@@ -9,13 +9,20 @@ module ForemanAnsible
         plan_id
       )
       rules = insights_plan.playbook
+      disclaimer = insights_plan.parse_disclaimer
       hostname_rules_relation = insights_plan.hostname_rules(rules)
       global_rules = insights_plan.rules_to_hash(rules)
-      host_playbooks = hostname_rules_relation[@host.name].
-                       reduce([]) do |acc, cur|
+      host_playbooks = individual_host_playbooks(hostname_rules_relation,
+                                                 global_rules)
+      "#{disclaimer}\n#{host_playbooks.to_yaml}"
+    end
+
+    private
+
+    def individual_host_playbooks(hostname_rules_relation, global_rules)
+      hostname_rules_relation[@host.name].reduce([]) do |acc, cur|
         acc << global_rules[cur]
       end
-      host_playbooks.to_yaml
     end
   end
 end

data/app/services/foreman_ansible/ui_roles_importer.rb

@@ -11,7 +11,6 @@ module ForemanAnsible
       delete_old_roles changes['obsolete'] if changes['obsolete']
     end
 
-    # rubocop:disable Performance/HashEachMethods
     def create_new_roles(changes)
       changes.values.each do |new_role|
         ::AnsibleRole.create(JSON.parse(new_role))
@@ -23,6 +22,5 @@ module ForemanAnsible
         ::AnsibleRole.find(JSON.parse(old_role)['id']).destroy
       end
     end
-    # rubocop:enable Performance/HashEachMethods
   end
 end

data/app/views/api/v2/ansible_roles/show.json.rabl

@@ -1,3 +1,3 @@
 object @ansible_role
 
-attributes :name, :created_at, :updated_at
+attributes :id, :name, :created_at, :updated_at

data/app/views/foreman_ansible/job_templates/package_action_-_ansible_default.erb

@@ -35,11 +35,15 @@ model: JobTemplate
 # For Windows targets use the win_package module instead.
 ---
 - hosts: all
+  <%- if input('pre_script').present? -%>
   pre_tasks:
     - shell: "<%= input('pre_script') %>"
+  <%- end -%>
   tasks:
     - package:
         name: <%= input('name') %>
         state: <%= input('state') %>
+  <%- if input('post_script').present? -%>
   post_tasks:
     - shell: "<%= input('post_script') %>"
+  <%- end -%>

data/app/views/foreman_ansible/job_templates/power_action_-_ansible_default.erb

@@ -1,6 +1,6 @@
 <%#
 name: Power Action - Ansible Default
-job_category: Power
+job_category: Ansible Power
 description_format: "%{action} host"
 snippet: false
 template_inputs:
@@ -22,7 +22,7 @@ model: JobTemplate
         echo <%= input('action') %> host && sleep 3
         <%= case input('action')
           when 'restart'
-            'reboot'
+            'shutdown -r +1'
           else
             'shutdown -h now'
           end %>

data/app/views/foreman_ansible/job_templates/puppet_run_once_-_ansible_default.erb

@@ -1,6 +1,6 @@
 <%#
 name: Puppet Run Once - Ansible Default
-job_category: Puppet
+job_category: Ansible Puppet
 description_format: 'Run Puppet once with "%{puppet_options}"'
 snippet: false
 template_inputs:

data/app/views/foreman_ansible/job_templates/run_command_-_ansible_default.erb

@@ -17,6 +17,7 @@ model: JobTemplate
 ---
 - hosts: all
   tasks:
-    - command: <%= input('command') %>
+    - shell: |
+<%=     indent(8) { input('command') } %>
       register: out
     - debug: var=out

data/app/views/foreman_ansible/job_templates/service_action_-_ansible_default.erb

@@ -1,6 +1,6 @@
 <%#
 name: Service Action - Ansible Default
-job_category: Ansible Service
+job_category: Ansible Services
 description_format: "%{state} service %{name}"
 snippet: false
 template_inputs:

data/db/migrate/20180410125416_rename_ansible_job_categories.rb

@@ -0,0 +1,30 @@
+class RenameAnsibleJobCategories < ActiveRecord::Migration[5.1]
+  def up
+    unless User.unscoped.find_by_login(User::ANONYMOUS_ADMIN)
+      puts "No ANONYMOUS_ADMIN found. Skipping renaming Ansible jobs"
+      return
+    end
+    User.as_anonymous_admin do
+      updated_templates = ['Power Action - Ansible Default',
+                           'Puppet Run Once - Ansible Default']
+      JobTemplate.without_auditing do
+        job_templates = JobTemplate.where(
+          :name => updated_templates
+        ).all
+        job_templates.each do |job_template|
+          next if job_template.job_category =~ /^Ansible/
+          job_template.job_category = "Ansible #{job_template.job_category}"
+          job_template.save_without_auditing
+        end
+  
+        service_template = JobTemplate.where(
+          :name => 'Service Action - Ansible Default'
+        ).first
+        if service_template.present?
+          service_template.job_category = 'Ansible Services'
+          service_template.save_without_auditing
+        end
+      end
+    end
+  end
+end

data/db/seeds.d/75_job_templates.rb

@@ -1,20 +1,22 @@
 User.as_anonymous_admin do
-  if Rails.env.test? || File.basename($0) == 'rake'
-    # If this file tries to import a template with a REX feature in a SeedsTest,
-    # it will fail - the REX feature isn't registered on SeedsTest because
-    # DatabaseCleaner truncates the db before every test.
-    # During db:seed, we also want to know the feature is registered before
-    # seeding the template
-    ForemanAnsible::Engine.register_rex_feature
-  end
-  JobTemplate.without_auditing do
-    Dir[File.join("#{ForemanAnsible::Engine.root}/app/views/foreman_ansible/"\
-                  'job_templates/**/*.erb')].each do |template|
-      sync = !Rails.env.test? && Setting[:remote_execution_sync_templates]
-      JobTemplate.import_raw!(File.read(template),
-                              :default => true,
-                              :locked => true,
-                              :update => sync)
+  RemoteExecutionFeature.without_auditing do
+    if Rails.env.test? || File.basename($PROGRAM_NAME) == 'rake'
+      # If this file tries to import a template with a REX feature in a SeedsTest,
+      # it will fail - the REX feature isn't registered on SeedsTest because
+      # DatabaseCleaner truncates the db before every test.
+      # During db:seed, we also want to know the feature is registered before
+      # seeding the template
+      ForemanAnsible::Engine.register_rex_feature
+    end
+    JobTemplate.without_auditing do
+      Dir[File.join("#{ForemanAnsible::Engine.root}/app/views/foreman_ansible/"\
+                    'job_templates/**/*.erb')].each do |template|
+        sync = !Rails.env.test? && Setting[:remote_execution_sync_templates]
+        JobTemplate.import_raw!(File.read(template),
+                                :default => true,
+                                :locked => true,
+                                :update => sync)
+      end
     end
   end
 end

data/db/seeds.d/90_notification_blueprints.rb

@@ -0,0 +1,17 @@
+blueprints = [
+  {
+    :group => N_('Jobs'),
+    :name => 'insights_remediation_successful',
+    :message => N_('Insights remediation on %{hosts_count}' \
+                   ' host(s) has finished successfully'),
+    :level => 'success',
+    :actions =>           {
+      :links => [
+        :path_method => :job_invocation_path,
+        :title => N_('Job Details')
+      ]
+    }
+  }
+]
+
+blueprints.each { |blueprint| UINotifications::Seed.new(blueprint).configure }