smart_proxy_ansible 3.1.0 → 3.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 723f4dc74c428f9eb0d34bda1f492e8b5e49eb2103f16ccb36b279db8dfb3045
-  data.tar.gz: 553c1a6918b5f345d7017fe9ce691bffed6903c7d1e5fdbcbe5905a863e70542
+  metadata.gz: 4a1934350dedb103c779cdf61196cff80a43751d260fd5f550d26289dc63f388
+  data.tar.gz: cee72032c8d95fde92021ef8c312e9c4f0408b9ac1d88b5a0ebf9cdd97bc906c
 SHA512:
-  metadata.gz: 2bde47200bda54b10495128b81a19f3f6471f1c9142e034537df43e6d8b6badfcf7685a59923d5bc008263231a64d414ab5c6aecb4f0adf3342f3dfb300a35d1
-  data.tar.gz: 6793a645db2e1e1ac75d1136cfa5e10285a2fb6b100d97b7a67613e7e4cac504f0154b398ed066f9ea17cb8f65589a8b76df60fece50764a9bb658c9181d145a
+  metadata.gz: a473838108c4b9cbcef9da311410a2fda5bc39047a2cd4c623533ef718918583de1c830105b92a52303bfc41e1eeb933f1d4a898380a0cf9b01c32d7fb07cb76
+  data.tar.gz: cf1aa8ca722850fd39d312cefcbf178e193fcf391ca8058638dd26db01c288f7350ea6c80e5fb004e87cdda664f5200f24b83b61a2dc3226d88006d0efff7cb3

data/bin/json_inventory.sh

@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+# An inventory script to load the inventory from JSON file.
+#
+
+if [ -z "$JSON_INVENTORY_FILE" ]; then
+   echo "JSON_INVENTORY_FILE not specified"
+   exit 1
+fi
+
+cat $JSON_INVENTORY_FILE

data/lib/smart_proxy_ansible/actions.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+require 'smart_proxy_dynflow/action/runner'
+
+module Proxy::Ansible
+  module Actions
+    # Action that can be run both on Foreman or Foreman proxy side
+    # to execute the playbook run
+    class RunPlaybook < Proxy::Dynflow::Action::Runner
+      def initiate_runner
+        Proxy::Ansible::Runner::Playbook.new(
+          input[:inventory],
+          input[:playbook],
+          input[:options]
+        )
+      end
+    end
+  end
+end

data/lib/smart_proxy_ansible/api.rb

@@ -28,15 +28,23 @@ module Proxy
         {}.to_json
       end
 
+      get '/playbooks_names' do
+        PlaybooksReader.playbooks_names.to_json
+      end
+
+      get '/playbooks/:playbooks_names?' do
+        PlaybooksReader.playbooks(params[:playbooks_names]).to_json
+      end
+
       private
 
       def extract_variables(role_name)
         variables = {}
         role_name_parts = role_name.split('.')
         if role_name_parts.count == 3
-          RolesReader.collections_paths.split(':').each do |path|
-            variables[role_name] ||= VariablesExtractor
-                                   .extract_variables("#{path}/ansible_collections/#{role_name_parts[0]}/#{role_name_parts[1]}/roles/#{role_name_parts[2]}")
+          ReaderHelper.collections_paths.split(':').each do |path|
+            variables[role_name] = VariablesExtractor
+                                   .extract_variables("#{path}/ansible_collections/#{role_name_parts[0]}/#{role_name_parts[1]}/roles/#{role_name_parts[2]}") if variables[role_name].nil? || variables[role_name].empty?
           end
         else
           RolesReader.roles_path.split(':').each do |path|

data/lib/smart_proxy_ansible/configuration_loader.rb

@@ -0,0 +1,20 @@
+module Proxy::Ansible
+  class ConfigurationLoader
+    def load_classes
+      require 'smart_proxy_dynflow'
+      require 'smart_proxy_dynflow/continuous_output'
+      require 'smart_proxy_ansible/task_launcher/ansible_runner'
+      require 'smart_proxy_ansible/task_launcher/playbook'
+      require 'smart_proxy_ansible/actions'
+      require 'smart_proxy_ansible/remote_execution_core/ansible_runner'
+      require 'smart_proxy_ansible/runner/ansible_runner'
+      require 'smart_proxy_ansible/runner/command_creator'
+      require 'smart_proxy_ansible/runner/playbook'
+
+      Proxy::Dynflow::TaskLauncherRegistry.register('ansible-runner',
+                                                    TaskLauncher::AnsibleRunner)
+      Proxy::Dynflow::TaskLauncherRegistry.register('ansible-playbook',
+                                                    TaskLauncher::Playbook)
+    end
+  end
+end

data/lib/smart_proxy_ansible/exception.rb

@@ -37,5 +37,8 @@ module Proxy
     class ReadConfigFileException < Proxy::Ansible::Exception; end
     class ReadRolesException < Proxy::Ansible::Exception; end
     class ReadVariablesException < Proxy::Ansible::Exception; end
+    class NotExistingWorkingDirException < Proxy::Ansible::Exception; end
+    class ReadPlaybooksNamesException < Proxy::Ansible::Exception; end
+    class ReadPlaybooksException < Proxy::Ansible::Exception; end
   end
 end

data/lib/smart_proxy_ansible/playbooks_reader.rb

@@ -0,0 +1,37 @@
+module Proxy
+  module Ansible
+    # Implements the logic needed to read the playbooks and associated information
+    class PlaybooksReader
+      class << self
+        def playbooks_names
+          ReaderHelper.collections_paths.split(':').flat_map { |path| get_playbooks_names(path) }
+        end
+
+        def playbooks(playbooks_to_import)
+          ReaderHelper.collections_paths.split(':').reduce([]) do |playbooks, path|
+            playbooks.concat(read_collection_playbooks(path, playbooks_to_import))
+          end
+        end
+
+        def get_playbooks_names(collections_path)
+          Dir.glob("#{collections_path}/ansible_collections/*/*/playbooks/*").map do |path|
+            ReaderHelper.playbook_or_role_full_name(path)
+          end
+        end
+
+        def read_collection_playbooks(collections_path, playbooks_to_import = nil)
+          Dir.glob("#{collections_path}/ansible_collections/*/*/playbooks/*").map do |path|
+            name = ReaderHelper.playbook_or_role_full_name(path)
+            {
+              name: name,
+              playbooks_content: File.readlines(path)
+            } if playbooks_to_import.nil? || playbooks_to_import.include?(name)
+          end.compact
+        rescue Errno::ENOENT, Errno::EACCES => e
+          message = "Could not read Ansible playbooks #{collections_path} - #{e.message}"
+          raise ReadPlaybooksException, message
+        end
+      end
+    end
+  end
+end

data/lib/smart_proxy_ansible/plugin.rb

@@ -5,17 +5,12 @@ module Proxy
       rackup_path File.expand_path('http_config.ru', __dir__)
       settings_file 'ansible.yml'
       plugin :ansible, Proxy::Ansible::VERSION
+      default_settings :ansible_dir => Dir.home
+                       # :working_dir => nil
 
-      after_activation do
-        begin
-          require 'smart_proxy_dynflow_core'
-          require 'foreman_ansible_core'
-          ForemanAnsibleCore.initialize_settings(Proxy::Ansible::Plugin.settings.to_h)
-        rescue LoadError => _
-          # Dynflow core is not available in the proxy, will be handled
-          # by standalone Dynflow core
-        end
-      end
+      load_classes ::Proxy::Ansible::ConfigurationLoader
+      load_validators :validate_settings => ::Proxy::Ansible::ValidateSettings
+      validate :validate!, :validate_settings => nil
     end
   end
 end

data/lib/smart_proxy_ansible/reader_helper.rb

@@ -0,0 +1,44 @@
+module Proxy
+  module Ansible
+    # Helper for Playbooks Reader
+    class ReaderHelper
+      class << self
+        DEFAULT_COLLECTIONS_PATHS = '/etc/ansible/collections:/usr/share/ansible/collections'.freeze
+        DEFAULT_CONFIG_FILE = '/etc/ansible/ansible.cfg'.freeze
+
+        def collections_paths
+          config_path(path_from_config('collections_paths'), DEFAULT_COLLECTIONS_PATHS)
+        end
+
+        def config_path(config_line, default)
+          return default if config_line.empty?
+
+          config_line_key = config_line.first.split('=').first.strip
+          # In case of commented roles_path key "#roles_path" or #collections_paths, return default
+          return default if ['#roles_path', '#collections_paths'].include?(config_line_key)
+
+          config_line.first.split('=').last.strip
+        end
+
+        def path_from_config(config_key)
+          File.readlines(DEFAULT_CONFIG_FILE).select do |line|
+            line =~ /^\s*#{config_key}/
+          end
+        rescue Errno::ENOENT, Errno::EACCES => e
+          RolesReader.logger.debug(e.backtrace)
+          message = "Could not read Ansible config file #{DEFAULT_CONFIG_FILE} - #{e.message}"
+          raise ReadConfigFileException.new(message), message
+        end
+
+        def playbook_or_role_full_name(path)
+          parts = path.split('/')
+          playbook = parts.pop
+          parts.pop
+          collection = parts.pop
+          author = parts.pop
+          "#{author}.#{collection}.#{playbook}"
+        end
+      end
+    end
+  end
+end

data/lib/smart_proxy_ansible/remote_execution_core/ansible_runner.rb

@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+
+require 'smart_proxy_dynflow/runner/command_runner'
+
+module Proxy::Ansible
+  module RemoteExecutionCore
+    # Takes an inventory and runs it through REXCore CommandRunner
+    class AnsibleRunner < ::Proxy::Dynflow::Runner::CommandRunner
+      DEFAULT_REFRESH_INTERVAL = 1
+      CONNECTION_PROMPT = 'Are you sure you want to continue connecting (yes/no)? '
+
+      def initialize(options, suspended_action:)
+        super(options, :suspended_action => suspended_action)
+        @playbook_runner = Proxy::Ansible::Runner::Playbook.new(
+          options['ansible_inventory'],
+          options['script'],
+          options,
+          :suspended_action => suspended_action
+        )
+      end
+
+      def start
+        @playbook_runner.logger = logger
+        @playbook_runner.start
+      rescue StandardError => e
+        logger.error(
+          'error while initalizing command'\
+          " #{e.class} #{e.message}:\n #{e.backtrace.join("\n")}"
+        )
+        publish_exception('Error initializing command', e)
+      end
+
+      def fill_continuous_output(continuous_output)
+        delegated_output.fetch('result', []).each do |raw_output|
+          continuous_output.add_raw_output(raw_output)
+        end
+      rescue StandardError => e
+        continuous_output.add_exception(_('Error loading data from proxy'), e)
+      end
+
+      def refresh
+        @command_out = @playbook_runner.command_out
+        @command_in = @playbook_runner.command_in
+        @command_pid = @playbook_runner.command_pid
+        super
+        kill if unknown_host_key_fingerprint?
+      end
+
+      def kill
+        publish_exit_status(1)
+        ::Process.kill('SIGTERM', @command_pid)
+        close
+      end
+
+      private
+
+      def unknown_host_key_fingerprint?
+        last_output = @continuous_output.raw_outputs.last
+        return if last_output.nil?
+        last_output['output']&.lines&.last == CONNECTION_PROMPT
+      end
+    end
+  end
+end

data/lib/smart_proxy_ansible/roles_reader.rb

@@ -5,33 +5,16 @@ module Proxy
     # Implements the logic needed to read the roles and associated information
     class RolesReader
       class << self
-        DEFAULT_CONFIG_FILE = '/etc/ansible/ansible.cfg'.freeze
         DEFAULT_ROLES_PATH = '/etc/ansible/roles:/usr/share/ansible/roles'.freeze
-        DEFAULT_COLLECTIONS_PATHS = '/etc/ansible/collections:/usr/share/ansible/collections'.freeze
 
         def list_roles
           roles = roles_path.split(':').map { |path| read_roles(path) }.flatten
-          collection_roles = collections_paths.split(':').map { |path| read_collection_roles(path) }.flatten
+          collection_roles = ReaderHelper.collections_paths.split(':').map { |path| read_collection_roles(path) }.flatten
           roles + collection_roles
         end
 
         def roles_path
-          config_path(path_from_config('roles_path'), DEFAULT_ROLES_PATH)
-        end
-
-        def collections_paths
-          config_path(path_from_config('collections_paths'), DEFAULT_COLLECTIONS_PATHS)
-        end
-
-        def config_path(config_line, default)
-          # Default to /etc/ansible/roles if config_line is empty
-          return default if config_line.empty?
-
-          config_line_key = config_line.first.split('=').first.strip
-          # In case of commented roles_path key "#roles_path" or #collections_paths, return default
-          return default if ['#roles_path', '#collections_paths'].include?(config_line_key)
-
-          config_line.first.split('=').last.strip
+          ReaderHelper.config_path(ReaderHelper.path_from_config('roles_path'), DEFAULT_ROLES_PATH)
         end
 
         def logger
@@ -58,33 +41,17 @@ module Proxy
 
         def glob_path(path)
           Dir.glob path
-
         end
 
         def read_collection_roles(collections_path)
           Dir.glob("#{collections_path}/ansible_collections/*/*/roles/*").map do |path|
-            parts = path.split('/')
-            role = parts.pop
-            parts.pop
-            collection = parts.pop
-            author = parts.pop
-            "#{author}.#{collection}.#{role}"
+            ReaderHelper.playbook_or_role_full_name(path)
           end
         rescue Errno::ENOENT, Errno::EACCES => e
           logger.debug(e.backtrace)
           message = "Could not read Ansible roles #{collections_path} - #{e.message}"
           raise ReadRolesException.new(message), message
         end
-
-        def path_from_config(config_key)
-          File.readlines(DEFAULT_CONFIG_FILE).select do |line|
-            line =~ /^\s*#{config_key}/
-          end
-        rescue Errno::ENOENT, Errno::EACCES => e
-          logger.debug(e.backtrace)
-          message = "Could not read Ansible config file #{DEFAULT_CONFIG_FILE} - #{e.message}"
-          raise ReadConfigFileException.new(message), message
-        end
       end
     end
   end

data/lib/smart_proxy_ansible/runner/ansible_runner.rb

@@ -0,0 +1,253 @@
+require 'shellwords'
+require 'yaml'
+
+require 'smart_proxy_dynflow/runner/command'
+require 'smart_proxy_dynflow/runner/base'
+require 'smart_proxy_dynflow/runner/parent'
+module Proxy::Ansible
+  module Runner
+    class AnsibleRunner < ::Proxy::Dynflow::Runner::Parent
+      include ::Proxy::Dynflow::Runner::Command
+      attr_reader :execution_timeout_interval, :command_pid
+
+      def initialize(input, suspended_action:)
+        super input, :suspended_action => suspended_action
+        @inventory = rebuild_secrets(rebuild_inventory(input), input)
+        action_input = input.values.first[:input][:action_input]
+        @playbook = action_input[:script]
+        @root = working_dir
+        @verbosity_level = action_input[:verbosity_level]
+        @rex_command = action_input[:remote_execution_command]
+        @check_mode = action_input[:check_mode]
+        @tags = action_input[:tags]
+        @tags_flag = action_input[:tags_flag]
+        @passphrase = action_input['secrets']['key_passphrase']
+        @execution_timeout_interval = action_input[:execution_timeout_interval]
+        @cleanup_working_dirs = action_input.fetch(:cleanup_working_dirs, true)
+      end
+
+      def start
+        prepare_directory_structure
+        write_inventory
+        write_playbook
+        write_ssh_key if !@passphrase.nil? && !@passphrase.empty?
+        start_ansible_runner
+      end
+
+      def refresh
+        return unless super
+        @counter ||= 1
+        @uuid ||= File.basename(Dir["#{@root}/artifacts/*"].first)
+        job_event_dir = File.join(@root, 'artifacts', @uuid, 'job_events')
+        loop do
+          files = Dir["#{job_event_dir}/*.json"].map do |file|
+            num = File.basename(file)[/\A\d+/].to_i unless file.include?('partial')
+            [file, num]
+          end
+          files_with_nums = files.select { |(_, num)| num && num >= @counter }.sort_by(&:last)
+          break if files_with_nums.empty?
+          logger.debug("[foreman_ansible] - processing event files: #{files_with_nums.map(&:first).inspect}}")
+          files_with_nums.map(&:first).each { |event_file| handle_event_file(event_file) }
+          @counter = files_with_nums.last.last + 1
+        end
+      end
+
+      def timeout
+        logger.debug('job timed out')
+        super
+      end
+
+      def timeout_interval
+        execution_timeout_interval
+      end
+
+      def kill
+        ::Process.kill('SIGTERM', @command_pid)
+        publish_exit_status(2)
+        @inventory['all']['hosts'].each { |hostname| @exit_statuses[hostname] = 2 }
+        broadcast_data('Timeout for execution passed, stopping the job', 'stderr')
+        close
+      end
+
+      def close
+        super
+        FileUtils.remove_entry(@root) if @tmp_working_dir && Dir.exist?(@root) && @cleanup_working_dirs
+      end
+
+      private
+
+      def handle_event_file(event_file)
+        logger.debug("[foreman_ansible] - parsing event file #{event_file}")
+        begin
+          event = JSON.parse(File.read(event_file))
+          if (hostname = event.dig('event_data', 'host'))
+            handle_host_event(hostname, event)
+          else
+            handle_broadcast_data(event)
+          end
+          true
+        rescue JSON::ParserError => e
+          logger.error("[foreman_ansible] - Error parsing runner event at #{event_file}: #{e.class}: #{e.message}")
+          logger.debug(e.backtrace.join("\n"))
+        end
+      end
+
+      def handle_host_event(hostname, event)
+        log_event("for host: #{hostname.inspect}", event)
+        publish_data_for(hostname, event['stdout'] + "\n", 'stdout') if event['stdout']
+        case event['event']
+        when 'runner_on_ok'
+          publish_exit_status_for(hostname, 0) if @exit_statuses[hostname].nil?
+        when 'runner_on_unreachable'
+          publish_exit_status_for(hostname, 1)
+        when 'runner_on_failed'
+          publish_exit_status_for(hostname, 2) if event.dig('event_data', 'ignore_errors').nil?
+        end
+      end
+
+      def handle_broadcast_data(event)
+        log_event("broadcast", event)
+        if event['event'] == 'playbook_on_stats'
+          failures = event.dig('event_data', 'failures') || {}
+          unreachable = event.dig('event_data', 'dark') || {}
+          header, *rows = event['stdout'].strip.lines.map(&:chomp)
+          @outputs.keys.select { |key| key.is_a? String }.each do |host|
+            line = rows.find { |row| row =~ /#{host}/ }
+            publish_data_for(host, [header, line].join("\n"), 'stdout')
+
+            # If the task has been rescued, it won't consider a failure
+            if @exit_statuses[host].to_i != 0 && failures[host].to_i <= 0 && unreachable[host].to_i <= 0
+              publish_exit_status_for(host, 0)
+            end
+          end
+        else
+          broadcast_data(event['stdout'] + "\n", 'stdout')
+        end
+      end
+
+      def write_inventory
+        path = File.join(@root, 'inventory', 'hosts')
+        data_path = File.join(@root, 'data')
+        inventory_script = <<~INVENTORY_SCRIPT
+          #!/bin/sh
+          cat #{::Shellwords.escape data_path}
+        INVENTORY_SCRIPT
+        File.write(path, inventory_script)
+        File.write(data_path, JSON.dump(@inventory))
+        File.chmod(0o0755, path)
+      end
+
+      def write_playbook
+        File.write(File.join(@root, 'project', 'playbook.yml'), @playbook)
+      end
+
+      def write_ssh_key
+        key_path = File.join(@root, 'env', 'ssh_key')
+        File.symlink(File.expand_path(Proxy::RemoteExecution::Ssh::Plugin.settings[:ssh_identity_key_file]), key_path)
+
+        passwords_path = File.join(@root, 'env', 'passwords')
+        # here we create a secrets file for ansible-runner, which uses the key as regexp
+        # to match line asking for password, given the limitation to match only first 100 chars
+        # and the fact the line contains dynamically created temp directory, the regexp
+        # mentions only things that are always there, such as artifacts directory and the key name
+        secrets = YAML.dump({ "for.*/artifacts/.*/ssh_key_data:" => @passphrase })
+        File.write(passwords_path, secrets, perm: 0o600)
+      end
+
+      def start_ansible_runner
+        env = {}
+        env['FOREMAN_CALLBACK_DISABLE'] = '1' if @rex_command
+        command = [env, 'ansible-runner', 'run', @root, '-p', 'playbook.yml']
+        command << '--cmdline' << cmdline unless cmdline.nil?
+        command << verbosity if verbose?
+        initialize_command(*command)
+        logger.debug("[foreman_ansible] - Running command '#{command.join(' ')}'")
+      end
+
+      def cmdline
+        cmd_args = [tags_cmd, check_cmd].reject(&:empty?)
+        return nil unless cmd_args.any?
+        cmd_args.join(' ')
+      end
+
+      def tags_cmd
+        flag = @tags_flag == 'include' ? '--tags' : '--skip-tags'
+        @tags.empty? ? '' : "#{flag} '#{Array(@tags).join(',')}'"
+      end
+
+      def check_cmd
+        check_mode? ? '"--check"' : ''
+      end
+
+      def verbosity
+        '-' + 'v' * @verbosity_level.to_i
+      end
+
+      def verbose?
+        @verbosity_level.to_i.positive?
+      end
+
+      def check_mode?
+        @check_mode == true && @rex_command == false
+      end
+
+      def prepare_directory_structure
+        inner = %w[inventory project env].map { |part| File.join(@root, part) }
+        ([@root] + inner).each do |path|
+          FileUtils.mkdir_p path
+        end
+      end
+
+      def log_event(description, event)
+        # TODO: replace this ugly code with block variant once https://github.com/Dynflow/dynflow/pull/323
+        # arrives in production
+        logger.debug("[foreman_ansible] - handling event #{description}: #{JSON.pretty_generate(event)}") if logger.level <= ::Logger::DEBUG
+      end
+
+      # Each per-host task has inventory only for itself, we must
+      # collect all the partial inventories into one large inventory
+      # containing all the hosts.
+      def rebuild_inventory(input)
+        action_inputs = input.values.map { |hash| hash[:input][:action_input] }
+        hostnames = action_inputs.map { |hash| hash[:name] }
+        inventories = action_inputs.map { |hash| hash[:ansible_inventory] }
+        host_vars = inventories.map { |i| i['_meta']['hostvars'] }.reduce({}) do |acc, hosts|
+          hosts.reduce(acc) do |inner_acc, (hostname, vars)|
+            vars[:ansible_ssh_private_key_file] ||= Proxy::RemoteExecution::Ssh::Plugin.settings[:ssh_identity_key_file]
+            inner_acc.merge(hostname => vars)
+          end
+        end
+
+        { '_meta' => { 'hostvars' => host_vars },
+          'all' => { 'hosts' => hostnames,
+                     'vars' => inventories.first['all']['vars'] } }
+      end
+
+      def working_dir
+        return @root if @root
+        dir = Proxy::Ansible::Plugin.settings[:working_dir]
+        @tmp_working_dir = true
+        if dir.nil?
+          Dir.mktmpdir
+        else
+          Dir.mktmpdir(nil, File.expand_path(dir))
+        end
+      end
+
+      def rebuild_secrets(inventory, input)
+        input.each do |host, host_input|
+          secrets = host_input['input']['action_input']['secrets']
+          per_host = secrets['per-host'][host]
+
+          new_secrets = {
+            'ansible_password' => inventory['ssh_password'] || per_host['ansible_password'],
+            'ansible_become_password' => inventory['effective_user_password'] || per_host['ansible_become_password']
+          }
+          inventory['_meta']['hostvars'][host].update(new_secrets)
+        end
+
+        inventory
+      end
+    end
+  end
+end

data/lib/smart_proxy_ansible/runner/command_creator.rb

@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+
+module Proxy::Ansible
+  # Creates the actual command to be passed to smart_proxy_dynflow to run
+  class CommandCreator
+    def initialize(inventory_file, playbook_file, options = {})
+      @options = options
+      @playbook_file = playbook_file
+      @inventory_file = inventory_file
+      command
+    end
+
+    def command
+      parts = [environment_variables]
+      parts << 'ansible-playbook'
+      parts.concat(command_options)
+      parts << @playbook_file
+      parts
+    end
+
+    private
+
+    def environment_variables
+      defaults = { 'JSON_INVENTORY_FILE' => @inventory_file }
+      defaults['ANSIBLE_CALLBACK_WHITELIST'] = '' if rex_command?
+      defaults
+    end
+
+    def command_options
+      opts = ['-i', json_inventory_script]
+      opts.concat([setup_verbosity]) if verbose?
+      opts.concat(['-T', @options[:timeout]]) unless @options[:timeout].nil?
+      opts
+    end
+
+    def json_inventory_script
+      File.expand_path('../../../bin/json_inventory.sh', File.dirname(__FILE__))
+    end
+
+    def setup_verbosity
+      verbosity_level = @options[:verbosity_level].to_i
+      verbosity = '-'
+      verbosity_level.times do
+        verbosity += 'v'
+      end
+      verbosity
+    end
+
+    def verbose?
+      verbosity_level = @options[:verbosity_level]
+      # rubocop:disable Rails/Present
+      !verbosity_level.nil? && !verbosity_level.empty? &&
+        verbosity_level.to_i.positive?
+      # rubocop:enable Rails/Present
+    end
+
+    def rex_command?
+      @options[:remote_execution_command]
+    end
+  end
+end

data/lib/smart_proxy_ansible/runner/playbook.rb

@@ -0,0 +1,138 @@
+# frozen_string_literal: true
+
+require 'smart_proxy_dynflow/continuous_output'
+require 'smart_proxy_dynflow/runner/command_runner'
+require_relative 'command_creator'
+require 'tmpdir'
+require 'net/ssh'
+
+module Proxy::Ansible
+  module Runner
+    # Implements Proxy::Dynflow::Runner::Base interface for running
+    # Ansible playbooks, used by the Foreman Ansible plugin and Ansible proxy
+    class Playbook < Proxy::Dynflow::Runner::CommandRunner
+      attr_reader :command_out, :command_in, :command_pid
+
+      def initialize(inventory, playbook, options = {}, suspended_action:)
+        super :suspended_action => suspended_action
+        @inventory = rebuild_secrets(inventory, options[:secrets])
+        unknown_hosts.each do |host|
+          add_to_known_hosts(host)
+        end
+        @playbook  = playbook
+        @options   = options
+        initialize_dirs
+      end
+
+      def start
+        write_inventory
+        write_playbook
+        command = CommandCreator.new(inventory_file,
+                                     playbook_file,
+                                     @options).command
+        logger.debug('[foreman_ansible] - Initializing Ansible Runner')
+        Dir.chdir(@ansible_dir) do
+          initialize_command(*command)
+          logger.debug("[foreman_ansible] - Running command '#{command.join(' ')}'")
+        end
+      end
+
+      def kill
+        publish_data('== TASK ABORTED BY USER ==', 'stdout')
+        publish_exit_status(1)
+        ::Process.kill('SIGTERM', @command_pid)
+        close
+      end
+
+      def close
+        super
+        FileUtils.remove_entry(@working_dir) if @tmp_working_dir
+      end
+
+      private
+
+      def write_inventory
+        ensure_directory(File.dirname(inventory_file))
+        File.write(inventory_file, JSON.dump(@inventory))
+      end
+
+      def write_playbook
+        ensure_directory(File.dirname(playbook_file))
+        File.write(playbook_file, @playbook)
+      end
+
+      def inventory_file
+        File.join(@working_dir, 'foreman-inventories', id)
+      end
+
+      def playbook_file
+        File.join(@working_dir, "foreman-playbook-#{id}.yml")
+      end
+
+      def events_dir
+        File.join(@working_dir, 'events', id.to_s)
+      end
+
+      def ensure_directory(path)
+        if File.exist?(path)
+          raise "#{path} expected to be a directory" unless File.directory?(path)
+        else
+          FileUtils.mkdir_p(path)
+        end
+        path
+      end
+
+      def initialize_dirs
+        settings = Proxy::Ansible::Plugin.settings
+        initialize_working_dir(settings[:working_dir])
+        initialize_ansible_dir(settings[:ansible_dir])
+      end
+
+      def initialize_working_dir(working_dir)
+        if working_dir.nil?
+          @working_dir = Dir.mktmpdir
+          @tmp_working_dir = true
+        else
+          @working_dir = File.expand_path(working_dir)
+        end
+      end
+
+      def initialize_ansible_dir(ansible_dir)
+        raise "Ansible dir #{ansible_dir} does not exist" unless
+          !ansible_dir.nil? && File.exist?(ansible_dir)
+        @ansible_dir = ansible_dir
+      end
+
+      def unknown_hosts
+        @inventory['all']['hosts'].select do |host|
+          Net::SSH::KnownHosts.search_for(host).empty?
+        end
+      end
+
+      def add_to_known_hosts(host)
+        logger.warn("[foreman_ansible] - Host #{host} not found in known_hosts")
+        Net::SSH::Transport::Session.new(host).host_keys.each do |host_key|
+          Net::SSH::KnownHosts.add(host, host_key)
+        end
+        logger.warn("[foreman_ansible] - Added host key #{host} to known_hosts")
+      rescue StandardError => e
+        logger.error('[foreman_ansible] - Failed to save host key for '\
+          "#{host}: #{e}")
+      end
+
+      def rebuild_secrets(inventory, secrets)
+        inventory['all']['hosts'].each do |name|
+          per_host = secrets['per-host'][name]
+
+          new_secrets = {
+            'ansible_password' => inventory['ssh_password'] || per_host['ansible_password'],
+            'ansible_become_password' => inventory['effective_user_password'] || per_host['ansible_become_password']
+          }
+          inventory['_meta']['hostvars'][name].update(new_secrets)
+        end
+
+        inventory
+      end
+    end
+  end
+end

data/lib/smart_proxy_ansible/task_launcher/ansible_runner.rb

@@ -0,0 +1,48 @@
+require 'fileutils'
+require 'smart_proxy_dynflow/task_launcher/abstract'
+require 'smart_proxy_dynflow/task_launcher/batch'
+require 'smart_proxy_dynflow/task_launcher/group'
+require 'smart_proxy_ansible/runner/ansible_runner'
+
+module Proxy::Ansible
+  module TaskLauncher
+    class AnsibleRunner < Proxy::Dynflow::TaskLauncher::AbstractGroup
+      def runner_input(input)
+        super(input).reduce({}) do |acc, (_id, data)|
+          acc.merge(data[:input]['action_input']['name'] => data)
+        end
+      end
+
+      def operation
+        'ansible-runner'
+      end
+
+      def self.runner_class
+        Runner::AnsibleRunner
+      end
+
+      # Discard everything apart from hostname to be able to tell the actions
+      # apart when debugging
+      def transform_input(input)
+        { 'action_input' => super['action_input'].slice('name', :task_id) }
+      end
+
+      # def self.input_format
+      #   {
+      #     $UUID => {
+      #       :execution_plan_id => $EXECUTION_PLAN_UUID,
+      #       :run_step_id => Integer,
+      #       :input => {
+      #         :action_class => Class,
+      #         :action_input => {
+      #           "ansible_inventory"=> String,
+      #           "hostname"=>"127.0.0.1",
+      #           "script"=>"---\n- hosts: all\n  tasks:\n    - shell: |\n        true\n      register: out\n    - debug: var=out"
+      #         }
+      #       }
+      #     }
+      #   }
+      # end
+    end
+  end
+end

data/lib/smart_proxy_ansible/task_launcher/playbook.rb

@@ -0,0 +1,25 @@
+require 'smart_proxy_dynflow/action/runner'
+
+module Proxy::Ansible
+  module TaskLauncher
+    class Playbook < Proxy::Dynflow::TaskLauncher::Batch
+      class PlaybookRunnerAction < Proxy::Dynflow::Action::Runner
+        def initiate_runner
+          additional_options = {
+            :step_id => run_step_id,
+            :uuid => execution_plan_id
+          }
+          ::Proxy::Ansible::RemoteExecutionCore::AnsibleRunner.new(
+            input.merge(additional_options),
+            :suspended_action => suspended_action
+          )
+        end
+      end
+
+      def child_launcher(parent)
+        ::Proxy::Dynflow::TaskLauncher::Single.new(world, callback, :parent => parent,
+                                                                    :action_class_override => PlaybookRunnerAction)
+      end
+    end
+  end
+end

data/lib/smart_proxy_ansible/validate_settings.rb

@@ -0,0 +1,7 @@
+module Proxy::Ansible
+  class ValidateSettings < ::Proxy::PluginValidators::Base
+    def validate!(settings)
+      raise NotExistingWorkingDirException.new("Working directory does not exist") unless settings[:working_dir].nil? || File.directory?(File.expand_path(settings[:working_dir]))
+    end
+  end
+end

data/lib/smart_proxy_ansible/version.rb

@@ -2,6 +2,6 @@ module Proxy
   # Version, this allows the proxy and other plugins know
   # what version of the Ansible plugin is running
   module Ansible
-    VERSION = '3.1.0'
+    VERSION = '3.3.0'
   end
 end

data/lib/smart_proxy_ansible.rb

@@ -4,8 +4,12 @@ module Proxy
   # Basic requires for this plugin
   module Ansible
     require 'smart_proxy_ansible/version'
+    require 'smart_proxy_ansible/configuration_loader'
+    require 'smart_proxy_ansible/validate_settings'
     require 'smart_proxy_ansible/plugin'
     require 'smart_proxy_ansible/roles_reader'
+    require 'smart_proxy_ansible/playbooks_reader'
+    require 'smart_proxy_ansible/reader_helper'
     require 'smart_proxy_ansible/variables_extractor'
   end
 end

data/settings.d/ansible.yml.example

@@ -1,3 +1,3 @@
 ---
 :enabled: true
-:ansible_working_dir: '~/.foreman-ansible'
+:working_dir: '~/.foreman-ansible'

metadata

@@ -1,15 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: smart_proxy_ansible
 version: !ruby/object:Gem::Version
-  version: 3.1.0
+  version: 3.3.0
 platform: ruby
 authors:
 - Ivan Nečas
 - Daniel Lobato
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-05-17 00:00:00.000000000 Z
+date: 2022-01-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -95,20 +95,48 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: net-ssh
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: smart_proxy_dynflow
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.1'
+        version: '0.5'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.5'
+- !ruby/object:Gem::Dependency
+  name: smart_proxy_remote_execution_ssh
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.4'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.1'
+        version: '0.4'
 description: "    Smart-Proxy ansible plugin\n"
 email:
 - inecas@redhat.com
@@ -121,13 +149,25 @@ extra_rdoc_files:
 files:
 - LICENSE
 - README.md
+- bin/json_inventory.sh
 - bundler.d/ansible.rb
 - lib/smart_proxy_ansible.rb
+- lib/smart_proxy_ansible/actions.rb
 - lib/smart_proxy_ansible/api.rb
+- lib/smart_proxy_ansible/configuration_loader.rb
 - lib/smart_proxy_ansible/exception.rb
 - lib/smart_proxy_ansible/http_config.ru
+- lib/smart_proxy_ansible/playbooks_reader.rb
 - lib/smart_proxy_ansible/plugin.rb
+- lib/smart_proxy_ansible/reader_helper.rb
+- lib/smart_proxy_ansible/remote_execution_core/ansible_runner.rb
 - lib/smart_proxy_ansible/roles_reader.rb
+- lib/smart_proxy_ansible/runner/ansible_runner.rb
+- lib/smart_proxy_ansible/runner/command_creator.rb
+- lib/smart_proxy_ansible/runner/playbook.rb
+- lib/smart_proxy_ansible/task_launcher/ansible_runner.rb
+- lib/smart_proxy_ansible/task_launcher/playbook.rb
+- lib/smart_proxy_ansible/validate_settings.rb
 - lib/smart_proxy_ansible/variables_extractor.rb
 - lib/smart_proxy_ansible/version.rb
 - settings.d/ansible.yml.example
@@ -135,7 +175,7 @@ homepage: https://github.com/theforeman/smart_proxy_ansible
 licenses:
 - GPL-3.0
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -150,8 +190,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
-signing_key: 
+rubygems_version: 3.3.4
+signing_key:
 specification_version: 4
 summary: Smart-Proxy Ansible plugin
 test_files: []