foreman_ansible 5.1.3 → 6.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/models/ansible_role.rb +6 -0
- data/app/models/concerns/foreman_ansible/host_managed_extensions.rb +5 -0
- data/app/models/foreman_ansible/ansible_provider.rb +7 -3
- data/app/services/foreman_ansible/ansible_report_importer.rb +1 -1
- data/app/services/foreman_ansible/ansible_report_scanner.rb +9 -6
- data/app/services/foreman_ansible/renderer_methods.rb +11 -0
- data/app/views/foreman_ansible/job_templates/capsule_upgrade_-_ansible_default.erb +1 -1
- data/app/views/foreman_ansible/job_templates/configure_cloud_connector_-_ansible_default.erb +1 -1
- data/lib/foreman_ansible/register.rb +5 -1
- data/lib/foreman_ansible/version.rb +1 -1
- data/test/fixtures/report.json +2 -1
- data/test/unit/ansible_provider_test.rb +2 -2
- data/test/unit/lib/foreman_ansible_core/ansible_runner_test.rb +4 -4
- data/test/unit/lib/foreman_ansible_core/playbook_runner_test.rb +4 -4
- data/test/unit/services/inventory_creator_test.rb +2 -2
- data/webpack/components/ReportJsonViewer.js +1 -1
- metadata +4 -19
- data/app/views/foreman_ansible/job_templates/service_action_-_enable_web_console.erb +0 -16
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 3ee1b4acb26925c919a3d2b3c8b9efe6bd355dc603d896d642a0150d9364f86b
|
4
|
+
data.tar.gz: b5fb045a0cfddf957c238f311b29f97a56b0b5fc91999b56ca25ee3f4c0eeda4
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 529107a643fb300fc1755a3efe8bbb1bb94b726c822c93f568e3001d2acc71658499343952bce1191ca2e142d1abc3548525a3fdfbde2c8fe1a2f645923b366c
|
7
|
+
data.tar.gz: 2874526de96c18b4aafd6fcaa29006c1d910ccb0e87b1f3326d64312c510cc496fc4e49fd176fafb3f465bded12a2b9c26768dfc0833b628c1538659279cd6a6
|
data/app/models/ansible_role.rb
CHANGED
@@ -28,6 +28,12 @@ class AnsibleRole < ApplicationRecord
|
|
28
28
|
scoped_search :relation => :hostgroups,
|
29
29
|
:on => :name, :rename => :hostgroup, :only_explicit => true
|
30
30
|
|
31
|
+
apipie :class, "A class representing #{model_name.human} object" do
|
32
|
+
name 'Ansible role'
|
33
|
+
refs 'AnsibleRole'
|
34
|
+
sections only: %w[all additional]
|
35
|
+
property :name, String, desc: 'Returns name of the ansible role'
|
36
|
+
end
|
31
37
|
# Methods to be allowed in any template with safemode enabled
|
32
38
|
class Jail < Safemode::Jail
|
33
39
|
allow :name
|
@@ -67,6 +67,11 @@ end
|
|
67
67
|
|
68
68
|
module Host
|
69
69
|
class Managed
|
70
|
+
apipie :class do
|
71
|
+
property :all_ansible_roles, array_of: 'AnsibleRole', desc: 'Returns all ansible roles assigned to the host, both its own and inherited'
|
72
|
+
property :ansible_roles, array_of: 'AnsibleRole', desc: 'Returns ansible roles assigned to the host'
|
73
|
+
property :inherited_ansible_roles, array_of: 'AnsibleRole', desc: 'Returns inherited ansible roles assigned to the host'
|
74
|
+
end
|
70
75
|
# Methods to be allowed in any template with safemode enabled
|
71
76
|
class Jail < Safemode::Jail
|
72
77
|
allow :all_ansible_roles, :ansible_roles, :inherited_ansible_roles
|
@@ -36,7 +36,7 @@ if defined? ForemanRemoteExecution
|
|
36
36
|
'per-host' => {
|
37
37
|
host.name => {
|
38
38
|
'ansible_ssh_pass' => rex_ssh_password(host),
|
39
|
-
'
|
39
|
+
'ansible_become_password' => rex_effective_user_password(host)
|
40
40
|
}
|
41
41
|
}
|
42
42
|
}
|
@@ -46,8 +46,8 @@ if defined? ForemanRemoteExecution
|
|
46
46
|
host_setting(host, 'remote_execution_ssh_password')
|
47
47
|
end
|
48
48
|
|
49
|
-
def
|
50
|
-
host_setting(host, '
|
49
|
+
def rex_effective_user_password(host)
|
50
|
+
host_setting(host, 'remote_execution_effective_user_password')
|
51
51
|
end
|
52
52
|
|
53
53
|
def host_setting(host, setting)
|
@@ -62,6 +62,10 @@ if defined? ForemanRemoteExecution
|
|
62
62
|
'ansible-runner'
|
63
63
|
end
|
64
64
|
|
65
|
+
def proxy_action_class
|
66
|
+
'ForemanAnsibleCore::TaskLauncher::Playbook::PlaybookRunnerAction'
|
67
|
+
end
|
68
|
+
|
65
69
|
def required_proxy_selector_for(template)
|
66
70
|
if template.remote_execution_features.where(:label => 'ansible_run_capsule_upgrade').any?
|
67
71
|
::DefaultProxyProxySelector.new
|
@@ -9,7 +9,7 @@ module ForemanAnsible
|
|
9
9
|
included do
|
10
10
|
def host
|
11
11
|
hostname = name.downcase
|
12
|
-
if AnsibleReportScanner.ansible_report?(raw
|
12
|
+
if AnsibleReportScanner.ansible_report?(raw) &&
|
13
13
|
IPAddress.valid?(hostname) &&
|
14
14
|
Nic::Interface.find_by(:ip => hostname)
|
15
15
|
@host = Nic::Interface.find_by(:ip => hostname).host
|
@@ -5,14 +5,17 @@ module ForemanAnsible
|
|
5
5
|
# sets the origin of the report to 'Ansible'
|
6
6
|
class AnsibleReportScanner
|
7
7
|
class << self
|
8
|
-
def
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
8
|
+
def add_reporter_data(report, raw); end
|
9
|
+
|
10
|
+
def identify_origin(raw)
|
11
|
+
'Ansible' if ansible_report?(raw)
|
12
|
+
end
|
13
|
+
|
14
|
+
def ansible_report?(raw)
|
15
|
+
raw['reporter'] == 'ansible' || ansible_legacy_report?(raw['logs'])
|
13
16
|
end
|
14
17
|
|
15
|
-
def
|
18
|
+
def ansible_legacy_report?(logs)
|
16
19
|
return false if logs.blank?
|
17
20
|
logs.any? do |log|
|
18
21
|
log['log'].fetch('messages', {}).
|
@@ -4,7 +4,18 @@ module ForemanAnsible
|
|
4
4
|
# Macro to fetch RH Insights plan playbook
|
5
5
|
module RendererMethods
|
6
6
|
extend ActiveSupport::Concern
|
7
|
+
extend ApipieDSL::Module
|
7
8
|
|
9
|
+
apipie :class, 'Macros related to Ansible playbooks' do
|
10
|
+
name 'Ansible'
|
11
|
+
sections only: %w[all jobs]
|
12
|
+
end
|
13
|
+
|
14
|
+
apipie :method, 'Returns Insights maintenance plan for host' do
|
15
|
+
required :plan_id, String, desc: 'The playbook for the rule coming from insights'
|
16
|
+
optional :organization_id, Integer, desc: 'The Foreman organization associated with the Insights account', default: 'Current organization ID'
|
17
|
+
returns String, desc: 'Insights maintenance plan for host'
|
18
|
+
end
|
8
19
|
def insights_remediation(plan_id, organization_id = Organization.current.id)
|
9
20
|
return "$INSIGHTS_REMEDIATION[#{plan_id}, #{organization_id}]" if preview?
|
10
21
|
|
data/app/views/foreman_ansible/job_templates/configure_cloud_connector_-_ansible_default.erb
CHANGED
@@ -22,7 +22,7 @@ template_inputs:
|
|
22
22
|
hidden_value: false
|
23
23
|
description: You can specify a HTTP proxy address that should be used for Cloud Connector connection to the cloud.redhat.com. Note that it must be HTTP proxy, not HTTPS. The tunelling of SSL (secured web socket connection) in SSL (HTTPS proxy) is currently unsupported.
|
24
24
|
model: JobTemplate
|
25
|
-
job_category:
|
25
|
+
job_category: Maintenance Operations
|
26
26
|
description_format: "%{template_name}"
|
27
27
|
provider_type: Ansible
|
28
28
|
kind: job_template
|
@@ -1,7 +1,7 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
Foreman::Plugin.register :foreman_ansible do
|
4
|
-
requires_foreman '>= 2.
|
4
|
+
requires_foreman '>= 2.2'
|
5
5
|
|
6
6
|
security_block :foreman_ansible do
|
7
7
|
permission :play_roles_on_host,
|
@@ -109,6 +109,10 @@ Foreman::Plugin.register :foreman_ansible do
|
|
109
109
|
apipie_documented_controllers [
|
110
110
|
"#{ForemanAnsible::Engine.root}/app/controllers/api/v2/*.rb"
|
111
111
|
]
|
112
|
+
ApipieDSL.configuration.dsl_classes_matchers += [
|
113
|
+
"#{ForemanAnsible::Engine.root}/app/models/*.rb",
|
114
|
+
"#{ForemanAnsible::Engine.root}/app/services/foreman_ansible/*.rb"
|
115
|
+
]
|
112
116
|
|
113
117
|
register_info_provider ForemanAnsible::AnsibleInfo
|
114
118
|
|
data/test/fixtures/report.json
CHANGED
@@ -1,4 +1,5 @@
|
|
1
1
|
{
|
2
|
+
"reporter": "ansible",
|
2
3
|
"reported_at":"2018-01-15 17:31:36 521275",
|
3
4
|
"metrics": {
|
4
5
|
"time":
|
@@ -17,7 +18,7 @@
|
|
17
18
|
"source": "common : Install Common packages"
|
18
19
|
},
|
19
20
|
"messages": {
|
20
|
-
"message": "{\"msg\": \"All items completed\", \"changed\": false, \"results\": [{\"
|
21
|
+
"message": "{\"msg\": \"All items completed\", \"changed\": false, \"results\": [{\"changed\": false, \"_ansible_no_log\": false, \"cache_updated\": false, \"_ansible_item_result\": true, \"failed\": false, \"item\": \"git\", \"invocation\": {\"module_args\": {\"dpkg_options\": \"force-confdef,force-confold\", \"upgrade\": null, \"force\": false, \"force_apt_get\": false, \"package\": [\"git\"], \"autoclean\": false, \"name\": \"git\", \"purge\": false, \"allow_unauthenticated\": false, \"state\": \"present\", \"autoremove\": false, \"update_cache\": null, \"default_release\": null, \"only_upgrade\": false, \"cache_valid_time\": 0, \"deb\": null, \"install_recommends\": null}}, \"_ansible_ignore_errors\": null, \"cache_update_time\": 1515797094}, {\"_ansible_parsed\": true, \"changed\": false, \"_ansible_no_log\": false, \"cache_updated\": false, \"_ansible_item_result\": true, \"failed\": false, \"item\": \"htop\", \"invocation\": {\"module_args\": {\"dpkg_options\": \"force-confdef,force-confold\", \"upgrade\": null, \"force\": false, \"force_apt_get\": false, \"package\": [\"htop\"], \"autoclean\": false, \"name\": \"htop\", \"purge\": false, \"allow_unauthenticated\": false, \"state\": \"present\", \"autoremove\": false, \"update_cache\": null, \"default_release\": null, \"only_upgrade\": false, \"cache_valid_time\": 0, \"deb\": null, \"install_recommends\": null}}, \"_ansible_ignore_errors\": null, \"cache_update_time\": 1515797094}, {\"_ansible_parsed\": true, \"changed\": false, \"_ansible_no_log\": false, \"cache_updated\": false, \"_ansible_item_result\": true, \"failed\": false, \"item\": \"zsh\", \"invocation\": {\"module_args\": {\"dpkg_options\": \"force-confdef,force-confold\", \"upgrade\": null, \"force\": false, \"force_apt_get\": false, \"package\": [\"zsh\"], \"autoclean\": false, \"name\": \"zsh\", \"purge\": false, \"allow_unauthenticated\": false, \"state\": \"present\", \"autoremove\": false, \"update_cache\": null, \"default_release\": null, \"only_upgrade\": false, \"cache_valid_time\": 0, \"deb\": null, \"install_recommends\": null}}, \"_ansible_ignore_errors\": null, \"cache_update_time\": 1515797094}]}"},"level":"info"}},{"log":{"sources":{"source":"common : Copy default motd"},"messages":{"message":"{\"_ansible_parsed\": true, \"group\": \"root\", \"uid\": 0, \"checksum\": \"0a381ff6a86081af6dc957a77c7e2017a3244c4c\", \"changed\": false, \"owner\": \"root\", \"state\": \"file\", \"gid\": 0, \"mode\": \"0644\", \"diff\": {\"after\": {\"path\": \"/etc/motd\"}, \"before\": {\"path\": \"/etc/motd\"}}, \"invocation\": {\"module_args\": {\"directory_mode\": null, \"force\": false, \"remote_src\": null, \"path\": \"/etc/motd\", \"owner\": \"root\", \"follow\": false, \"group\": \"root\", \"unsafe_writes\": null, \"state\": \"file\", \"content\": null, \"serole\": null, \"diff_peek\": null, \"setype\": null, \"dest\": \"/etc/motd\", \"selevel\": null, \"original_basename\": \"motd.txt\", \"regexp\": null, \"validate\": null, \"src\": \"motd.txt\", \"seuser\": null, \"recurse\": false, \"delimiter\": null, \"mode\": null, \"attributes\": null, \"backup\": null}}, \"path\": \"/etc/motd\", \"size\": 1090, \"_ansible_no_log\": false}"
|
21
22
|
},
|
22
23
|
"level": "info"
|
23
24
|
}
|
@@ -35,13 +35,13 @@ class AnsibleProviderTest < ActiveSupport::TestCase
|
|
35
35
|
it 'generates secrets properly' do
|
36
36
|
params = {
|
37
37
|
'remote_execution_ssh_password' => 'password',
|
38
|
-
'
|
38
|
+
'remote_execution_effective_user_password' => 'letmein'
|
39
39
|
}
|
40
40
|
host.expects(:params).twice.returns(params)
|
41
41
|
secrets = ForemanAnsible::AnsibleProvider.secrets(host)
|
42
42
|
host_secrets = secrets['per-host'][host.name]
|
43
43
|
assert_equal host_secrets['ansible_ssh_pass'], 'password'
|
44
|
-
assert_equal host_secrets['
|
44
|
+
assert_equal host_secrets['ansible_become_password'], 'letmein'
|
45
45
|
end
|
46
46
|
end
|
47
47
|
|
@@ -24,7 +24,7 @@ module ForemanAnsibleCore
|
|
24
24
|
'_meta' => { 'hostvars' => { 'foreman.example.com' => {} } } }
|
25
25
|
end
|
26
26
|
let(:input) do
|
27
|
-
host_secrets = { 'ansible_ssh_pass' => 'letmein', '
|
27
|
+
host_secrets = { 'ansible_ssh_pass' => 'letmein', 'ansible_become_password' => 'iamroot' }
|
28
28
|
secrets = { 'per-host' => { 'foreman.example.com' => host_secrets } }
|
29
29
|
host_input = { 'input' => { 'action_input' => { 'secrets' => secrets } } }
|
30
30
|
{ 'foreman.example.com' => host_input }
|
@@ -32,18 +32,18 @@ module ForemanAnsibleCore
|
|
32
32
|
let(:runner) { ForemanAnsibleCore::Runner::AnsibleRunner.allocate }
|
33
33
|
|
34
34
|
test 'uses secrets from inventory' do
|
35
|
-
test_inventory = inventory.merge('ssh_password' => 'sshpass', '
|
35
|
+
test_inventory = inventory.merge('ssh_password' => 'sshpass', 'effective_user_password' => 'mypass')
|
36
36
|
rebuilt = runner.send(:rebuild_secrets, test_inventory, input)
|
37
37
|
host_vars = rebuilt.dig('_meta', 'hostvars', 'foreman.example.com')
|
38
38
|
assert_equal 'sshpass', host_vars['ansible_ssh_pass']
|
39
|
-
assert_equal '
|
39
|
+
assert_equal 'mypass', host_vars['ansible_become_password']
|
40
40
|
end
|
41
41
|
|
42
42
|
test 'host secrets are used when not overriden by inventory secrest' do
|
43
43
|
rebuilt = runner.send(:rebuild_secrets, inventory, input)
|
44
44
|
host_vars = rebuilt.dig('_meta', 'hostvars', 'foreman.example.com')
|
45
45
|
assert_equal 'letmein', host_vars['ansible_ssh_pass']
|
46
|
-
assert_equal 'iamroot', host_vars['
|
46
|
+
assert_equal 'iamroot', host_vars['ansible_become_password']
|
47
47
|
end
|
48
48
|
end
|
49
49
|
end
|
@@ -87,24 +87,24 @@ class PlaybookRunnerTest < ActiveSupport::TestCase
|
|
87
87
|
'_meta' => { 'hostvars' => { 'foreman.example.com' => {} } } }
|
88
88
|
end
|
89
89
|
let(:secrets) do
|
90
|
-
host_secrets = { 'ansible_ssh_pass' => 'letmein', '
|
90
|
+
host_secrets = { 'ansible_ssh_pass' => 'letmein', 'ansible_become_password' => 'iamroot' }
|
91
91
|
{ 'per-host' => { 'foreman.example.com' => host_secrets } }
|
92
92
|
end
|
93
93
|
let(:runner) { ForemanAnsibleCore::Runner::Playbook.allocate }
|
94
94
|
|
95
95
|
test 'uses secrets from inventory' do
|
96
|
-
test_inventory = inventory.merge('ssh_password' => 'sshpass', '
|
96
|
+
test_inventory = inventory.merge('ssh_password' => 'sshpass', 'effective_user_password' => 'mypass')
|
97
97
|
rebuilt = runner.send(:rebuild_secrets, test_inventory, secrets)
|
98
98
|
host_vars = rebuilt.dig('_meta', 'hostvars', 'foreman.example.com')
|
99
99
|
assert_equal 'sshpass', host_vars['ansible_ssh_pass']
|
100
|
-
assert_equal '
|
100
|
+
assert_equal 'mypass', host_vars['ansible_become_password']
|
101
101
|
end
|
102
102
|
|
103
103
|
test 'host secrets are used when not overriden by inventory secrest' do
|
104
104
|
rebuilt = runner.send(:rebuild_secrets, inventory, secrets)
|
105
105
|
host_vars = rebuilt.dig('_meta', 'hostvars', 'foreman.example.com')
|
106
106
|
assert_equal 'letmein', host_vars['ansible_ssh_pass']
|
107
|
-
assert_equal 'iamroot', host_vars['
|
107
|
+
assert_equal 'iamroot', host_vars['ansible_become_password']
|
108
108
|
end
|
109
109
|
end
|
110
110
|
end
|
@@ -10,7 +10,7 @@ module ForemanAnsible
|
|
10
10
|
@host = FactoryBot.build(:host)
|
11
11
|
@template_invocation = OpenStruct.new(
|
12
12
|
:job_invocation => OpenStruct.new(:password => 'foobar',
|
13
|
-
:
|
13
|
+
:effective_user_password => 'foobar'),
|
14
14
|
:effective_user => 'foobar'
|
15
15
|
)
|
16
16
|
end
|
@@ -70,7 +70,7 @@ module ForemanAnsible
|
|
70
70
|
assert_equal Setting['remote_execution_effective_user_method'],
|
71
71
|
connection_params['ansible_become_method']
|
72
72
|
refute connection_params.key?('ansible_ssh_pass')
|
73
|
-
refute connection_params.key?('
|
73
|
+
refute connection_params.key?('ansible_become_password')
|
74
74
|
end
|
75
75
|
|
76
76
|
test 'ssh private key is passed when available' do
|
metadata
CHANGED
@@ -1,29 +1,15 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: foreman_ansible
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 6.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Daniel Lobato Garcia
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-09-
|
11
|
+
date: 2020-09-01 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
|
-
- !ruby/object:Gem::Dependency
|
14
|
-
name: rubocop
|
15
|
-
requirement: !ruby/object:Gem::Requirement
|
16
|
-
requirements:
|
17
|
-
- - "~>"
|
18
|
-
- !ruby/object:Gem::Version
|
19
|
-
version: 0.80.0
|
20
|
-
type: :development
|
21
|
-
prerelease: false
|
22
|
-
version_requirements: !ruby/object:Gem::Requirement
|
23
|
-
requirements:
|
24
|
-
- - "~>"
|
25
|
-
- !ruby/object:Gem::Version
|
26
|
-
version: 0.80.0
|
27
13
|
- !ruby/object:Gem::Dependency
|
28
14
|
name: foreman_ansible_core
|
29
15
|
requirement: !ruby/object:Gem::Requirement
|
@@ -58,14 +44,14 @@ dependencies:
|
|
58
44
|
requirements:
|
59
45
|
- - ">="
|
60
46
|
- !ruby/object:Gem::Version
|
61
|
-
version:
|
47
|
+
version: 4.0.0
|
62
48
|
type: :runtime
|
63
49
|
prerelease: false
|
64
50
|
version_requirements: !ruby/object:Gem::Requirement
|
65
51
|
requirements:
|
66
52
|
- - ">="
|
67
53
|
- !ruby/object:Gem::Version
|
68
|
-
version:
|
54
|
+
version: 4.0.0
|
69
55
|
- !ruby/object:Gem::Dependency
|
70
56
|
name: ipaddress
|
71
57
|
requirement: !ruby/object:Gem::Requirement
|
@@ -196,7 +182,6 @@ files:
|
|
196
182
|
- app/views/foreman_ansible/job_templates/run_command_-_ansible_default.erb
|
197
183
|
- app/views/foreman_ansible/job_templates/run_playbook-ansible_default.erb
|
198
184
|
- app/views/foreman_ansible/job_templates/service_action_-_ansible_default.erb
|
199
|
-
- app/views/foreman_ansible/job_templates/service_action_-_enable_web_console.erb
|
200
185
|
- app/views/ui_ansible_roles/index.json.rabl
|
201
186
|
- app/views/ui_ansible_roles/main.json.rabl
|
202
187
|
- app/views/ui_ansible_roles/show.json.rabl
|
@@ -1,16 +0,0 @@
|
|
1
|
-
<%#
|
2
|
-
name: Service Action - Enable Web Console
|
3
|
-
job_category: Ansible Services
|
4
|
-
snippet: false
|
5
|
-
provider_type: Ansible
|
6
|
-
kind: job_template
|
7
|
-
model: JobTemplate
|
8
|
-
feature: ansible_enable_web_console
|
9
|
-
%>
|
10
|
-
---
|
11
|
-
- hosts: all
|
12
|
-
tasks:
|
13
|
-
- name: ensure cockpit is installed
|
14
|
-
package:
|
15
|
-
name: "cockpit-system"
|
16
|
-
state: present
|