def test_generate_ansible_command_with_dict_extravars():
rc = RunnerConfig(private_data_dir='/',
playbook='main.yaml',
extravars={"foo": "test \n hello"})
with patch('os.path.exists') as path_exists:
path_exists.return_value = True
rc.prepare_inventory()
cmd = rc.generate_ansible_command()
assert cmd == [
'ansible-playbook', '-i', '/inventory', '-e',
'{"foo":"test \\n hello"}', 'main.yaml'
]
def rc(request, tmpdir):
rc = RunnerConfig(str(tmpdir))
rc.suppress_ansible_output = True
rc.expect_passwords = {pexpect.TIMEOUT: None, pexpect.EOF: None}
rc.cwd = str(tmpdir)
rc.env = {}
rc.job_timeout = .1
rc.idle_timeout = 0
rc.pexpect_timeout = .1
return rc
def test_process_isolation_defaults():
rc = RunnerConfig('/')
rc.artifact_dir = '/tmp/artifacts'
rc.playbook = 'main.yaml'
rc.command = 'ansible-playbook'
rc.process_isolation = True
with patch('os.path.exists') as path_exists:
path_exists.return_value = True
rc.prepare()
assert rc.command == [
'bwrap',
'--die-with-parent',
'--unshare-pid',
'--dev-bind',
'/',
'/',
'--proc',
'/proc',
'--bind',
'/',
'/',
'--chdir',
'/project',
'ansible-playbook',
'-i',
'/inventory',
'main.yaml',
]
def test_prepare_environment_vars_only_strings():
rc = RunnerConfig(private_data_dir="/")
value = dict(A=1, B=True, C="foo")
envvar_side_effect = partial(load_file_side_effect, 'env/envvars', value)
with patch.object(rc.loader, 'load_file', side_effect=envvar_side_effect):
rc.prepare_env()
assert 'A' in rc.env
assert isinstance(rc.env['A'], string_types)
assert 'B' in rc.env
assert isinstance(rc.env['B'], string_types)
assert 'C' in rc.env
assert isinstance(rc.env['C'], string_types)
def test_prepare_command_defaults():
rc = RunnerConfig('/')
cmd_side_effect = partial(load_file_side_effect, 'args')
def generate_side_effect():
return 'test string'
with patch.object(rc.loader, 'load_file', side_effect=cmd_side_effect):
with patch.object(rc,
'generate_ansible_command',
side_effect=generate_side_effect):
rc.prepare_command()
rc.command == 'test string'
def test_process_isolation_defaults():
rc = RunnerConfig('/')
rc.artifact_dir = '/tmp/artifacts'
rc.playbook = 'main.yaml'
rc.command = 'ansible-playbook'
rc.process_isolation = True
rc.prepare()
assert rc.command == [
'bwrap',
'--unshare-pid',
'--dev-bind',
'/',
'/',
'--proc',
'/proc',
'--bind',
'/',
'/',
'--chdir',
'/project',
'ansible-playbook',
'-i',
'/inventory',
'main.yaml',
]
def test_profiling_plugin_settings(mock_mkdir):
rc = RunnerConfig('/')
rc.playbook = 'main.yaml'
rc.command = 'ansible-playbook'
rc.resource_profiling = True
rc.resource_profiling_base_cgroup = 'ansible-runner'
rc.prepare()
expected_command_start = [
'cgexec', '--sticky', '-g',
'cpuacct,memory,pids:ansible-runner/{}'.format(rc.ident),
'ansible-playbook'
]
for index, element in enumerate(expected_command_start):
assert rc.command[index] == element
assert 'main.yaml' in rc.command
assert rc.env['ANSIBLE_CALLBACK_WHITELIST'] == 'cgroup_perf_recap'
assert rc.env['CGROUP_CONTROL_GROUP'] == 'ansible-runner/{}'.format(
rc.ident)
assert rc.env['CGROUP_OUTPUT_DIR'] == os.path.normpath(
os.path.join(rc.private_data_dir, 'profiling_data'))
assert rc.env['CGROUP_OUTPUT_FORMAT'] == 'json'
assert rc.env['CGROUP_CPU_POLL_INTERVAL'] == '0.25'
assert rc.env['CGROUP_MEMORY_POLL_INTERVAL'] == '0.25'
assert rc.env['CGROUP_PID_POLL_INTERVAL'] == '0.25'
assert rc.env['CGROUP_FILE_PER_TASK'] == 'True'
assert rc.env['CGROUP_WRITE_FILES'] == 'True'
assert rc.env['CGROUP_DISPLAY_RECAP'] == 'False'
def test_prepare_with_defaults():
rc = RunnerConfig('/')
rc.prepare_inventory = Mock()
rc.prepare_env = Mock()
rc.prepare_command = Mock()
rc.ssh_key_data = None
rc.artifact_dir = '/'
rc.env = {}
with raises(ConfigurationError) as exc:
rc.prepare()
assert str(exc) == 'Runner playbook is not defined'
def test_prepare_env_passwords():
rc = RunnerConfig(private_data_dir='/')
value = {'^SSH [pP]assword.*$': 'secret'}
password_side_effect = partial(load_file_side_effect, 'env/passwords',
value)
with patch.object(rc.loader, 'load_file',
side_effect=password_side_effect):
rc.prepare_env()
rc.expect_passwords.pop(TIMEOUT)
rc.expect_passwords.pop(EOF)
assert len(rc.expect_passwords) == 1
assert isinstance(list(rc.expect_passwords.keys())[0], Pattern)
assert 'secret' in rc.expect_passwords.values()
def test_prepare_with_defaults():
rc = RunnerConfig('/')
rc.prepare_inventory = Mock()
rc.prepare_env = Mock()
rc.prepare_command = Mock()
rc.ssh_key_data = None
rc.artifact_dir = '/'
rc.env = {}
with pytest.raises(ConfigurationError) as exc:
rc.prepare()
assert str(exc.value) == 'No executable for runner to run'
def test_prepare_inventory():
rc = RunnerConfig(private_data_dir='/')
rc.prepare_inventory()
assert rc.inventory == '/inventory'
rc.inventory = '/tmp/inventory'
rc.prepare_inventory()
assert rc.inventory == '/tmp/inventory'
def test_runner_config_init_with_ident():
rc = RunnerConfig('/', ident='test')
assert rc.private_data_dir == '/'
assert rc.ident == 'test'
assert rc.playbook is None
assert rc.inventory is None
assert rc.limit is None
assert rc.module is None
assert rc.module_args is None
assert rc.artifact_dir == os.path.join('/artifacts/test')
assert isinstance(rc.loader, ArtifactLoader)
def test_runner_config_init_defaults():
rc = RunnerConfig('/')
assert rc.private_data_dir == '/'
assert rc.ident is not None
assert rc.playbook is None
assert rc.inventory is None
assert rc.limit is None
assert rc.module is None
assert rc.module_args is None
assert rc.artifact_dir == os.path.join('/artifacts/%s' % rc.ident)
assert isinstance(rc.loader, ArtifactLoader)
def init_runner(**kwargs):
'''
Initialize the Runner() instance
This function will properly initialize both run() and run_async()
functions in the same way and return a value instance of Runner.
'''
dump_artifacts(kwargs)
debug = kwargs.pop('debug', None)
logfile = None
if debug:
logfile = os.path.join(kwargs['private_data_dir'], 'debug.log')
configure_logging(filename=logfile, debug=debug)
rc = RunnerConfig(**kwargs)
rc.prepare()
return Runner(rc)
def test_process_isolation_and_directory_isolation(mock_makedirs, mock_copytree, mock_mkdtemp, mock_chmod):
rc = RunnerConfig('/')
rc.artifact_dir = '/tmp/artifacts'
rc.directory_isolation_path = '/tmp/dirisolation'
rc.playbook = 'main.yaml'
rc.command = 'ansible-playbook'
rc.process_isolation = True
rc.prepare()
assert rc.command == [
'bwrap',
'--unshare-pid',
'--dev-bind', '/', '/',
'--proc', '/proc',
'--bind', '/', '/',
'--chdir', '/tmp/dirisolation/foo',
'ansible-playbook', '-i', '/inventory', 'main.yaml',
]
def init_runner(**kwargs):
'''
Initialize the Runner() instance
This function will properly initialize both run() and run_async()
functions in the same way and return a value instance of Runner.
See parameters given to :py:func:`ansible_runner.interface.run`
'''
dump_artifacts(kwargs)
debug = kwargs.pop('debug', None)
logfile = kwargs.pop('logfile', None)
if not kwargs.pop("ignore_logging", True):
output.configure()
if debug in (True, False):
output.set_debug('enable' if debug is True else 'disable')
if logfile:
output.set_logfile(logfile)
if kwargs.get("process_isolation", False):
check_isolation_executable_installed(
kwargs.get("process_isolation_executable", "bwrap"))
event_callback_handler = kwargs.pop('event_handler', None)
status_callback_handler = kwargs.pop('status_handler', None)
cancel_callback = kwargs.pop('cancel_callback', None)
finished_callback = kwargs.pop('finished_callback', None)
rc = RunnerConfig(**kwargs)
rc.prepare()
return Runner(rc,
event_handler=event_callback_handler,
status_handler=status_callback_handler,
cancel_callback=cancel_callback,
finished_callback=finished_callback)
def test_bwrap_process_isolation_and_directory_isolation(
mock_makedirs, mock_copytree, mock_mkdtemp, mock_chmod, mock_rmtree):
def new_exists(path):
if path == "/project":
return False
return True
rc = RunnerConfig('/')
rc.artifact_dir = '/tmp/artifacts'
rc.directory_isolation_path = '/tmp/dirisolation'
rc.playbook = 'main.yaml'
rc.command = 'ansible-playbook'
rc.process_isolation = True
rc.process_isolation_executable = 'bwrap'
with patch('os.path.exists', new=new_exists):
rc.prepare()
assert rc.command == [
'bwrap',
'--die-with-parent',
'--unshare-pid',
'--dev-bind',
'/',
'/',
'--proc',
'/proc',
'--bind',
'/',
'/',
'--chdir',
os.path.realpath(rc.directory_isolation_path),
'ansible-playbook',
'-i',
'/inventory',
'main.yaml',
]
def test_generate_ansible_command_with_cmdline_args(cmdline):
rc = RunnerConfig(private_data_dir='/', playbook='main.yaml')
rc.prepare_inventory()
rc.extra_vars = {}
cmdline_side_effect = partial(load_file_side_effect, 'env/cmdline', cmdline)
with patch.object(rc.loader, 'load_file', side_effect=cmdline_side_effect):
cmd = rc.generate_ansible_command()
assert cmd == ['ansible-playbook'] + shlex.split(cmdline) + ['-i', '/inventory', 'main.yaml']
def ansible_run(
playbook: Path,
tags: str | None = None,
extra_vars: dict[str, str] | None = None,
) -> None:
"""Run an ansible playbook.
Parameters
----------
playbook : pathlib.Path
The path to the ansible Playbook
tags : str, optional
The tags to use
extra_vars : dict [str, str], optional
The extra_vars to use.
Returns
-------
None
"""
with tempfile.TemporaryDirectory() as temp_dir:
logger.debug(
f'Created temporary directory "{temp_dir}" for the '
"ansible-runner. The temporary directory will be removed after "
"the ansible-runner succeeded or failed.")
runner_config: RunnerConfig = RunnerConfig(
private_data_dir=temp_dir,
playbook=playbook,
tags=tags,
extravars=extra_vars,
)
runner_config.prepare()
runner: Runner = Runner(config=runner_config)
runner.run()
# debug output
logger.debug("Runner status")
logger.debug(f"{runner.status}: {runner.rc}")
for host_event in runner.events:
logger.debug(host_event["event"])
logger.debug(f"Final status: {runner.stats}")
def test_generate_ansible_command_with_cmdline_args(cmdline, tokens):
rc = RunnerConfig(private_data_dir='/', playbook='main.yaml')
with patch('os.path.exists') as path_exists:
path_exists.return_value = True
rc.prepare_inventory()
rc.extra_vars = {}
cmdline_side_effect = partial(load_file_side_effect, 'env/cmdline',
cmdline)
with patch.object(rc.loader, 'load_file', side_effect=cmdline_side_effect):
cmd = rc.generate_ansible_command()
assert cmd == ['ansible-playbook'
] + tokens + ['-i', '/inventory', 'main.yaml']
def test_container_volume_mounting_with_Z(tmpdir):
rc = RunnerConfig(str(tmpdir))
rc.container_volume_mounts = ['project_path:project_path:Z']
rc.container_name = 'foo'
rc.env = {}
new_args = rc.wrap_args_for_containerization(
['ansible-playbook', 'foo.yml'])
assert new_args[0] == 'podman'
for i, entry in enumerate(new_args):
if entry == '-v':
mount = new_args[i + 1]
if mount.endswith(':project_path:Z'):
break
else:
raise Exception(
'Could not find expected mount, args: {}'.format(new_args))
def test_wrap_args_with_ssh_agent_silent():
rc = RunnerConfig('/')
res = rc.wrap_args_with_ssh_agent(['ansible-playbook', 'main.yaml'], '/tmp/sshkey', silence_ssh_add=True)
assert res == ['ssh-agent', 'sh', '-c', 'ssh-add /tmp/sshkey 2>/dev/null && rm -f /tmp/sshkey && ansible-playbook main.yaml']
def test_wrap_args_with_ssh_agent_with_auth():
rc = RunnerConfig('/')
res = rc.wrap_args_with_ssh_agent(['ansible-playbook', 'main.yaml'], '/tmp/sshkey', '/tmp/sshauth')
assert res == ['ssh-agent', '-a', '/tmp/sshauth', 'sh', '-c', 'ssh-add /tmp/sshkey && rm -f /tmp/sshkey && ansible-playbook main.yaml']
def test_prepare_with_ssh_key(open_fifo_write_mock):
rc = RunnerConfig('/')
rc.prepare_inventory = Mock()
rc.prepare_env = Mock()
rc.prepare_command = Mock()
rc.wrap_args_with_ssh_agent = Mock()
rc.ssh_key_data = None
rc.artifact_dir = '/'
rc.env = {}
rc.execution_mode = ExecutionMode.ANSIBLE_PLAYBOOK
rc.playbook = 'main.yaml'
rc.ssh_key_data = '01234567890'
rc.command = 'ansible-playbook'
os.environ['AWX_LIB_DIRECTORY'] = '/'
rc.prepare()
assert rc.ssh_key_path == '/ssh_key_data'
assert rc.wrap_args_with_ssh_agent.called
assert open_fifo_write_mock.called
def test_prepare():
rc = RunnerConfig('/')
rc.prepare_inventory = Mock()
rc.prepare_env = Mock()
rc.prepare_command = Mock()
rc.ssh_key_data = None
rc.artifact_dir = '/'
rc.env = {}
rc.execution_mode = ExecutionMode.ANSIBLE_PLAYBOOK
rc.playbook = 'main.yaml'
os.environ['PYTHONPATH'] = '/python_path_via_environ'
os.environ['AWX_LIB_DIRECTORY'] = '/awx_lib_directory_via_environ'
rc.prepare()
assert rc.prepare_inventory.called
assert rc.prepare_env.called
assert rc.prepare_command.called
assert not hasattr(rc, 'ssh_key_path')
assert not hasattr(rc, 'command')
assert rc.env['ANSIBLE_STDOUT_CALLBACK'] == 'awx_display'
assert rc.env['ANSIBLE_RETRY_FILES_ENABLED'] == 'False'
assert rc.env['ANSIBLE_HOST_KEY_CHECKING'] == 'False'
assert rc.env['AWX_ISOLATED_DATA_DIR'] == '/'
assert rc.env['PYTHONPATH'] == '/python_path_via_environ:/awx_lib_directory_via_environ', \
"PYTHONPATH is the union of the env PYTHONPATH and AWX_LIB_DIRECTORY"
del rc.env['PYTHONPATH']
os.environ['PYTHONPATH'] = "/foo/bar/python_path_via_environ"
rc.prepare()
assert rc.env['PYTHONPATH'] == "/foo/bar/python_path_via_environ:/awx_lib_directory_via_environ", \
"PYTHONPATH is the union of the explicit env['PYTHONPATH'] override and AWX_LIB_DIRECTORY"
def test_process_isolation_settings():
rc = RunnerConfig('/')
rc.artifact_dir = '/tmp/artifacts'
rc.playbook = 'main.yaml'
rc.command = 'ansible-playbook'
rc.process_isolation = True
rc.process_isolation_executable = 'not_bwrap'
rc.process_isolation_hide_paths = ['/home', '/var']
rc.process_isolation_show_paths = ['/usr']
rc.process_isolation_ro_paths = ['/venv']
rc.process_isolation_path = '/tmp'
with patch('os.path.exists') as path_exists:
path_exists.return_value=True
rc.prepare()
assert rc.command[0:7] == [
'not_bwrap',
'--unshare-pid',
'--dev-bind', '/', '/',
'--proc', '/proc',
]
# hide /home
assert rc.command[7] == '--bind'
assert 'ansible_runner_pi' in rc.command[8]
assert rc.command[9] == '/home'
# hide /var
assert rc.command[10] == '--bind'
assert 'ansible_runner_pi' in rc.command[11]
assert rc.command[12] == '/var' or rc.command[12] == '/private/var'
# read-only bind
assert rc.command[13:16] == ['--ro-bind', '/venv', '/venv']
# root bind
assert rc.command[16:19] == ['--bind', '/', '/']
# show /usr
assert rc.command[19:22] == ['--bind', '/usr', '/usr']
# chdir and ansible-playbook command
assert rc.command[22:] == ['--chdir', '/project', 'ansible-playbook', '-i', '/inventory', 'main.yaml']
def test_runner_config_with_artifact_dir():
rc = RunnerConfig('/', artifact_dir='/this-is-some-dir')
assert rc.artifact_dir == os.path.join('/this-is-some-dir', 'artifacts/%s' % rc.ident)
def test_generate_ansible_command():
rc = RunnerConfig(private_data_dir='/', playbook='main.yaml')
rc.prepare_inventory()
rc.extra_vars = None
cmd = rc.generate_ansible_command()
assert cmd == ['ansible-playbook', '-i', '/inventory', 'main.yaml']
rc.extra_vars = dict(test="key")
cmd = rc.generate_ansible_command()
assert cmd == ['ansible-playbook', '-i', '/inventory', '-e', 'test="key"', 'main.yaml']
with patch.object(rc.loader, 'isfile', side_effect=lambda x: True):
cmd = rc.generate_ansible_command()
assert cmd == ['ansible-playbook', '-i', '/inventory', '-e', '@/env/extravars', '-e', 'test="key"', 'main.yaml']
rc.extra_vars = None
cmd = rc.generate_ansible_command()
assert cmd == ['ansible-playbook', '-i', '/inventory', '-e', '@/env/extravars', 'main.yaml']
rc.extra_vars = None
rc.inventory = "localhost,"
cmd = rc.generate_ansible_command()
assert cmd == ['ansible-playbook', '-i', 'localhost,', 'main.yaml']
rc.inventory = ['thing1', 'thing2']
cmd = rc.generate_ansible_command()
assert cmd == ['ansible-playbook', '-i', 'thing1', '-i', 'thing2', 'main.yaml']
rc.inventory = []
cmd = rc.generate_ansible_command()
assert cmd == ['ansible-playbook', 'main.yaml']
rc.inventory = None
rc.verbosity = 3
rc.prepare_inventory()
cmd = rc.generate_ansible_command()
assert cmd == ['ansible-playbook', '-i', '/inventory', '-vvv', 'main.yaml']
rc.verbosity = None
rc.limit = 'hosts'
cmd = rc.generate_ansible_command()
assert cmd == ['ansible-playbook', '-i', '/inventory', '--limit', 'hosts', 'main.yaml']
rc.limit = None
rc.module = 'setup'
cmd = rc.generate_ansible_command()
assert cmd == ['ansible', '-i', '/inventory', '-m', 'setup']
rc.module = None
rc.module = 'setup'
rc.module_args = 'test=string'
cmd = rc.generate_ansible_command()
assert cmd == ['ansible', '-i', '/inventory', '-m', 'setup', '-a', 'test=string']
rc.module_args = None
rc.module = None
rc.forks = 5
cmd = rc.generate_ansible_command()
assert cmd == ['ansible-playbook', '-i', '/inventory', '--forks', '5', 'main.yaml']
def test_runner_config_project_dir():
rc = RunnerConfig('/', project_dir='/another/path')
assert rc.project_dir == '/another/path'
rc = RunnerConfig('/')
assert rc.project_dir == '/project'
def test_generate_ansible_command_with_api_extravars():
rc = RunnerConfig(private_data_dir='/', playbook='main.yaml', extravars={"foo":"bar"})
rc.prepare_inventory()
cmd = rc.generate_ansible_command()
assert cmd == ['ansible-playbook', '-i', '/inventory', '-e', 'foo="bar"', 'main.yaml']
