Conversation
| plugin_name: ansible | ||
| hammer: foreman_ansible | ||
| dependencies: | ||
| - dynflow |
There was a problem hiding this comment.
I see remote_execution as dependecy of smart proxy ansible plugin too. https://github.com/theforeman/smart_proxy_ansible/blob/master/smart_proxy_ansible.gemspec#L32C31-L32C63, so by the metadata defination, should we add
remote-execution:
internal: true
foreman_proxy:
plugin_name: remote_execution_ssh
here?
There was a problem hiding this comment.
remote-execution is defined already at line 23 and isn't an internal feature. The question is whether we need those dependencies at this level defined in order to orchestrate the right pieces. Let me add some tests for this first and see what that tells me.
There was a problem hiding this comment.
Sure, i was thinking about the scenario where remote-execution is not enabled(or explictely disabled via --remove-feature remote-execution), so which wil leave /etc/foreman-proxy/settings.d/remote_execution_ssh.yml not deployed(or deployed as enabled: false ) and remote execution being not available, in that case we might have a broker ansible feature
ehelms
force-pushed
the
add-foreman-ansible
branch
from
64e0224 to
e06a7f9
Compare
|
This relies on theforeman/foreman-oci-images#25 first |
| - name: Add optional features - azure-rm, google and remote-execution | ||
| run: | | ||
| ./foremanctl deploy --add-feature azure-rm --add-feature google --add-feature remote-execution | ||
| - name: Add optional feature - foreman-ansible | ||
| run: | | ||
| ./foremanctl deploy --add-feature foreman-ansible |
There was a problem hiding this comment.
Can we combine this 2 steps and enable foreman-ansible feature along with others?
There was a problem hiding this comment.
Yes - I can do that for efficiency.
|
I started adding this to help ensure the IoP use-case could work out of the box by having ansible support for remediation. There is more nuance and testing for this feature that needs to happen to be complete. When I test this locally with the updated containers built locally, I run into the hammer sync failing with no clear reason why. That will need investigation, i.e.: |
| def test_run_ansible_role(ansible_role, foremanapi, server, server_fqdn): | ||
| assign = server.run(f"hammer host ansible-roles assign --name {server_fqdn} --ansible-roles {ansible_role}") | ||
| assert assign.succeeded | ||
| assert 'Ansible roles were assigned to the host' in assign.stdout | ||
|
|
||
| play = server.run(f"hammer host ansible-roles play --name {server_fqdn}") | ||
| assert play.succeeded | ||
| assert 'Ansible roles are being played.' in play.stdout | ||
|
|
||
| tasks = foremanapi.list('foreman_tasks', search='label = Actions::RemoteExecution::RunHostsJob') | ||
| for task in tasks: | ||
| foremanapi.wait_for_task(task) | ||
|
|
||
| report = server.run(f"hammer --output csv --no-headers config-report list --search 'host={server_fqdn} origin=Ansible'") | ||
| assert report.succeeded | ||
| assert server_fqdn in report.stdout | ||
| assert 'Ansible' in report.stdout | ||
|
|
||
|
|
||
| def test_run_command_via_ansible(foremanapi, server_fqdn): | ||
| templates = foremanapi.list('job_templates', search='name = "Run Command - Ansible Default"') | ||
| job = foremanapi.create('job_invocations', { | ||
| 'job_template_id': templates[0]['id'], | ||
| 'inputs': {'command': 'uptime'}, | ||
| 'search_query': f'name = {server_fqdn}', | ||
| 'targeting_type': 'static_query', | ||
| }) | ||
| task = foremanapi.wait_for_task(job['task']) | ||
| assert task['result'] == 'success' |
There was a problem hiding this comment.
these need to go to tests/client_test.py (well, it doesn't have to, but so far all client-related tests are there) and executed on the client, not the server. the server does not exist in Foreman as an entity and even if it would it would not have the ssh keys set up.
see
foremanctl/tests/client_test.py
Lines 12 to 19 in 488b150
|
|
||
|
|
||
| @pytest.fixture(scope="module") | ||
| def ansible_role(server, foremanapi, ansible_proxy_id): |
There was a problem hiding this comment.
this needs to run in a way that the result ends up inside the proxy container, otherwise ansible will never see the roles
4 participants
No description provided.