New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Closes #2262: Allowing users to specify arbitrary CLI arguments for Ansible-based operators #3374
Closes #2262: Allowing users to specify arbitrary CLI arguments for Ansible-based operators #3374
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Very good. One minor nit on the changelog. And I have a questions about the affect an empty env/cmdline
will have on things, if any.
Added a command-line flag that allows users to specify arbitrary CLI arguments for ansible-based operators | ||
that are passed through ansible-runner. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would specify the actual flag you added. Something along the lines of "Added the --ansible-args
command-line flag that ...."
pkg/ansible/runner/runner.go
Outdated
fmt.Sprintf("%v", maxArtifacts), "--role", roleName, "--roles-path", rolePath, | ||
"--hosts", "localhost", "-i", ident, "run", inputDirPath) | ||
} | ||
return exec.Command("ansible-runner", "--rotate-artifacts", | ||
fmt.Sprintf("%v", maxArtifacts), "--role", roleName, "--roles-path", rolePath, "--hosts", | ||
"localhost", "-i", ident, "run", inputDirPath) | ||
fmt.Sprintf("%v", maxArtifacts), "--role", roleName, "--roles-path", rolePath, | ||
"--hosts", "localhost", "-i", ident, "run", inputDirPath) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for wrapping this better.
err = i.addFile("env/cmdline", cmdLineBytes) | ||
if err != nil { | ||
return err | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What if the i.CmdLine
is empty? will having an empty env/cmdline
affect things?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a few nits, otherwise show great 👍
Good work.
@@ -212,12 +212,9 @@ spec: | |||
|
|||
## Passing Arbitrary Arguments to Ansible | |||
|
|||
Users can specify an arbitrary command-line argument to the ```operator-sdk exec-entrypoint``` and ```run --local``` subcommands for Ansible-based Operators via the ```ansible-args``` flag. | |||
You are able to use the flag `--ansible-args` to pass an arbitrary argument to the Ansible-based Operator. With this option we can, for example, allow a playbook to run a specific part of the configuration without running the whole playbook: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A second thought on this ... The so called --ansible-args
are actually the arguments to be passed to ansible-runner
rather than ansible
or ansible-playbook
. This means we can pass anything below using this new flag:
usage: ansible-runner [-h] [--version] [-p PLAYBOOK | -m MODULE | -r ROLE]
[--debug] [--logfile LOGFILE] [-b BINARY] [-i IDENT]
[--rotate-artifacts ROTATE_ARTIFACTS]
[--artifact-dir ARTIFACT_DIR]
[--project-dir PROJECT_DIR] [--inventory INVENTORY] [-j]
[--omit-event-data] [--only-failed-event-data] [-q] [-v]
[--limit LIMIT] [--cmdline CMDLINE] [--hosts HOSTS]
[--forks FORKS] [--roles-path ROLES_PATH]
[--role-vars ROLE_VARS] [--role-skip-facts]
[-a MODULE_ARGS] [--process-isolation]
[--process-isolation-executable PROCESS_ISOLATION_EXECUTABLE]
[--process-isolation-path PROCESS_ISOLATION_PATH]
[--process-isolation-hide-paths [PROCESS_ISOLATION_HIDE_PATHS [PROCESS_ISOLATION_HIDE_PATHS ...]]]
[--process-isolation-show-paths [PROCESS_ISOLATION_SHOW_PATHS [PROCESS_ISOLATION_SHOW_PATHS ...]]]
[--process-isolation-ro-paths [PROCESS_ISOLATION_RO_PATHS [PROCESS_ISOLATION_RO_PATHS ...]]]
[--directory-isolation-base-path DIRECTORY_ISOLATION_BASE_PATH]
[--resource-profiling]
[--resource-profiling-base-cgroup RESOURCE_PROFILING_BASE_CGROUP]
[--resource-profiling-cpu-poll-interval RESOURCE_PROFILING_CPU_POLL_INTERVAL]
[--resource-profiling-memory-poll-interval RESOURCE_PROFILING_MEMORY_POLL_INTERVAL]
[--resource-profiling-pid-poll-interval RESOURCE_PROFILING_PID_POLL_INTERVAL]
[--resource-profiling-results-dir RESOURCE_PROFILING_RESULTS_DIR]
COMMAND private_data_dir
It would be awkward if we later want to pass more arguments to ansible
if we call this flag --ansible-args
. Not quite sure will be exposing the --cmdline CMDLINE
someday or even we do have such use cases. However, just for avoiding confusion, would it be better to call this as --runner-args
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These are actually arguments to ansible, not runner
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
They are written to the env/cmdline
file and then ansible-runner passes them to the ansible
command that it runs
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, didn't read the code carefully. That solves my concern. Thank you, @fabianvf .
pkg/ansible/flags/flag.go
Outdated
"ansible-args", | ||
"", | ||
strings.Join(append(helpTextPrefix, | ||
"Ansible args."), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add a more complete help text here
kind: ConfigMap | ||
metadata: | ||
name: '{{ meta.name }}' | ||
namespace: '{{ meta.namespace }}' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This configmap needs a data
field or it will just be empty
test/ansible/playbooks/args.yml
Outdated
metadata: | ||
name: '{{ meta.name }}' | ||
namespace: '{{ meta.namespace }}' | ||
- name: Get the decrypted message variable |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should happen before the configmap is created
test/ansible/playbooks/args.yml
Outdated
include_vars: | ||
file: /opt/ansible/vars.yml | ||
name: the_secret | ||
- data: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This belongs on the configmap, it's not a valid task by itself
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
if err != nil { | ||
return err | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Regards the addFile
:
- IMO I do not think that we need to add this func. See that we can replace that by:
err := ioutil.WriteFile(filepath.Join(i.Path, "path"), content, 0644)
if err != nil {
log.Error(err, "Unable to write file", "Path", fullPath)
}
- Also, the
log.Error(err, "Unable to write file", "Path", fullPath)
we can replace by:
log.Errorf("Unable to write file (%s) : (%s)", fullPath, err)
- The
0644
needs to be replaced by the const in the projectutils. See: https://github.com/operator-framework/operator-sdk/blob/master/internal/util/projutil/project_util.go#L31
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The reason here is because the addFile just do the above code so has no need for an extra func and then, it makes easier understand that it is about to write a file in the disk.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All the parameters above (Parameters, EnvVars, Settings) all use the addFile while having their bytes written to disk, so I thought we could use that function instead of repeating the code.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @VenkatRamaraju,
Thank you for your reply. Let's see the addFile:
operator-sdk/internal/ansible/runner/internal/inputdir/inputdir.go
Lines 55 to 63 in 8303ef9
// addFile adds a file to the given relative path within the input directory. | |
func (i *InputDir) addFile(path string, content []byte) error { | |
fullPath := filepath.Join(i.Path, path) | |
err := ioutil.WriteFile(fullPath, content, 0644) | |
if err != nil { | |
log.Error(err, "Unable to write file", "Path", fullPath) | |
} | |
return err | |
} |
Is not it the same of call the WriteFile
?. So, why we need that?
err := ioutil.WriteFile(filepath.Join(i.Path, "path"), content, 0644)
if err != nil {
log.Errorf("Unable to write file (%s) : (%s)", fullPath, err)
}
So my suggestion is to replace the addFiles calls to use ioutil.WriteFile
directly.
And then, see that is better we use the FileMode const;
FileMode = 0644 |
Feel free to ping me as well for we spoke about it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@camilamacedo86 since this is just reusing the function the rest of the code is already using I think dropping the addFile
function would make sense to do separately, I don't think it's worth blocking the PR to fix it here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep .. I just saw that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
a few nits for a better maintenance ability.
Changed runner args to just args Testing Changelog file Changes based on review Error checking Changes docs: arbitrary args + ansible-vault support Changes from review Changes Changes Changes
cmd/ansible-operator/main.go
Outdated
<<<<<<< HEAD | ||
root := cobra.Command{ | ||
Use: "ansible-operator", | ||
======= |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
rebase issue :)
|
||
kind: "addition" | ||
|
||
breaking: false |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit space at the end.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
Shows fine 👍
Description of the change:
Added a command-line flag for ansible operators to allow users to specify arbitrary CLI arguments that are passed through ansible-runner.
Motivation for the change:
Allows users to specify arbitrary CLI arguments for ansible-based operators.
Fixes issue #2262
Checklist
If the pull request includes user-facing changes, extra documentation is required:
changelog/fragments
(seechangelog/fragments/00-template.yaml
)website/content/en/docs