Closes #2262: Allowing users to specify arbitrary CLI arguments for Ansible-based operators #3374
Conversation
openshift-ci-robot
added
needs-rebase
| Added a command-line flag that allows users to specify arbitrary CLI arguments for ansible-based operators | ||
| that are passed through ansible-runner. |
There was a problem hiding this comment.
I would specify the actual flag you added. Something along the lines of "Added the --ansible-args command-line flag that ...."
pkg/ansible/runner/runner.go
Outdated
| fmt.Sprintf("%v", maxArtifacts), "--role", roleName, "--roles-path", rolePath, | ||
| "--hosts", "localhost", "-i", ident, "run", inputDirPath) | ||
| } | ||
| return exec.Command("ansible-runner", "--rotate-artifacts", | ||
| fmt.Sprintf("%v", maxArtifacts), "--role", roleName, "--roles-path", rolePath, "--hosts", | ||
| "localhost", "-i", ident, "run", inputDirPath) | ||
| fmt.Sprintf("%v", maxArtifacts), "--role", roleName, "--roles-path", rolePath, | ||
| "--hosts", "localhost", "-i", ident, "run", inputDirPath) | ||
| } |
There was a problem hiding this comment.
Thank you for wrapping this better.
| err = i.addFile("env/cmdline", cmdLineBytes) | ||
| if err != nil { | ||
| return err | ||
| } | ||
|
|
There was a problem hiding this comment.
What if the i.CmdLine is empty? will having an empty env/cmdline affect things?
| @@ -212,12 +212,9 @@ spec: | |||
|
|
|||
| ## Passing Arbitrary Arguments to Ansible | |||
|
|
|||
| Users can specify an arbitrary command-line argument to the ```operator-sdk exec-entrypoint``` and ```run --local``` subcommands for Ansible-based Operators via the ```ansible-args``` flag. | |||
| You are able to use the flag `--ansible-args` to pass an arbitrary argument to the Ansible-based Operator. With this option we can, for example, allow a playbook to run a specific part of the configuration without running the whole playbook: | |||
There was a problem hiding this comment.
A second thought on this ... The so called --ansible-args are actually the arguments to be passed to ansible-runner rather than ansible or ansible-playbook. This means we can pass anything below using this new flag:
usage: ansible-runner [-h] [--version] [-p PLAYBOOK | -m MODULE | -r ROLE]
[--debug] [--logfile LOGFILE] [-b BINARY] [-i IDENT]
[--rotate-artifacts ROTATE_ARTIFACTS]
[--artifact-dir ARTIFACT_DIR]
[--project-dir PROJECT_DIR] [--inventory INVENTORY] [-j]
[--omit-event-data] [--only-failed-event-data] [-q] [-v]
[--limit LIMIT] [--cmdline CMDLINE] [--hosts HOSTS]
[--forks FORKS] [--roles-path ROLES_PATH]
[--role-vars ROLE_VARS] [--role-skip-facts]
[-a MODULE_ARGS] [--process-isolation]
[--process-isolation-executable PROCESS_ISOLATION_EXECUTABLE]
[--process-isolation-path PROCESS_ISOLATION_PATH]
[--process-isolation-hide-paths [PROCESS_ISOLATION_HIDE_PATHS [PROCESS_ISOLATION_HIDE_PATHS ...]]]
[--process-isolation-show-paths [PROCESS_ISOLATION_SHOW_PATHS [PROCESS_ISOLATION_SHOW_PATHS ...]]]
[--process-isolation-ro-paths [PROCESS_ISOLATION_RO_PATHS [PROCESS_ISOLATION_RO_PATHS ...]]]
[--directory-isolation-base-path DIRECTORY_ISOLATION_BASE_PATH]
[--resource-profiling]
[--resource-profiling-base-cgroup RESOURCE_PROFILING_BASE_CGROUP]
[--resource-profiling-cpu-poll-interval RESOURCE_PROFILING_CPU_POLL_INTERVAL]
[--resource-profiling-memory-poll-interval RESOURCE_PROFILING_MEMORY_POLL_INTERVAL]
[--resource-profiling-pid-poll-interval RESOURCE_PROFILING_PID_POLL_INTERVAL]
[--resource-profiling-results-dir RESOURCE_PROFILING_RESULTS_DIR]
COMMAND private_data_dir
It would be awkward if we later want to pass more arguments to ansible if we call this flag --ansible-args. Not quite sure will be exposing the --cmdline CMDLINE someday or even we do have such use cases. However, just for avoiding confusion, would it be better to call this as --runner-args?
There was a problem hiding this comment.
These are actually arguments to ansible, not runner
There was a problem hiding this comment.
They are written to the env/cmdline file and then ansible-runner passes them to the ansible command that it runs
There was a problem hiding this comment.
Ah, didn't read the code carefully. That solves my concern. Thank you, @fabianvf .
pkg/ansible/flags/flag.go
Outdated
| "ansible-args", | ||
| "", | ||
| strings.Join(append(helpTextPrefix, | ||
| "Ansible args."), |
There was a problem hiding this comment.
Add a more complete help text here
| kind: ConfigMap | ||
| metadata: | ||
| name: '{{ meta.name }}' | ||
| namespace: '{{ meta.namespace }}' |
There was a problem hiding this comment.
This configmap needs a data field or it will just be empty
test/ansible/playbooks/args.yml
Outdated
| metadata: | ||
| name: '{{ meta.name }}' | ||
| namespace: '{{ meta.namespace }}' | ||
| - name: Get the decrypted message variable |
There was a problem hiding this comment.
This should happen before the configmap is created
test/ansible/playbooks/args.yml
Outdated
| include_vars: | ||
| file: /opt/ansible/vars.yml | ||
| name: the_secret | ||
| - data: |
There was a problem hiding this comment.
This belongs on the configmap, it's not a valid task by itself
openshift-ci-robot
added
needs-rebase
openshift-ci-robot
added
needs-rebase
openshift-ci-robot
added
needs-rebase
| if err != nil { | ||
| return err | ||
| } | ||
| } |
There was a problem hiding this comment.
Regards the addFile:
- IMO I do not think that we need to add this func. See that we can replace that by:
err := ioutil.WriteFile(filepath.Join(i.Path, "path"), content, 0644)
if err != nil {
log.Error(err, "Unable to write file", "Path", fullPath)
}- Also, the
log.Error(err, "Unable to write file", "Path", fullPath)we can replace by:
log.Errorf("Unable to write file (%s) : (%s)", fullPath, err)
- The
0644needs to be replaced by the const in the projectutils. See: https://github.com/operator-framework/operator-sdk/blob/master/internal/util/projutil/project_util.go#L31
There was a problem hiding this comment.
The reason here is because the addFile just do the above code so has no need for an extra func and then, it makes easier understand that it is about to write a file in the disk.
There was a problem hiding this comment.
All the parameters above (Parameters, EnvVars, Settings) all use the addFile while having their bytes written to disk, so I thought we could use that function instead of repeating the code.
There was a problem hiding this comment.
Hi @VenkatRamaraju,
Thank you for your reply. Let's see the addFile:
operator-sdk/internal/ansible/runner/internal/inputdir/inputdir.go
Lines 55 to 63 in 8303ef9
Is not it the same of call the WriteFile?. So, why we need that?
err := ioutil.WriteFile(filepath.Join(i.Path, "path"), content, 0644)
if err != nil {
log.Errorf("Unable to write file (%s) : (%s)", fullPath, err)
}So my suggestion is to replace the addFiles calls to use ioutil.WriteFile directly.
And then, see that is better we use the FileMode const;
Feel free to ping me as well for we spoke about it.
There was a problem hiding this comment.
@camilamacedo86 since this is just reusing the function the rest of the code is already using I think dropping the addFile function would make sense to do separately, I don't think it's worth blocking the PR to fix it here
There was a problem hiding this comment.
Yep .. I just saw that.
Changed runner args to just args Testing Changelog file Changes based on review Error checking Changes docs: arbitrary args + ansible-vault support Changes from review Changes Changes Changes
cmd/ansible-operator/main.go
Outdated
| <<<<<<< HEAD | ||
| root := cobra.Command{ | ||
| Use: "ansible-operator", | ||
| ======= |
|
|
||
| kind: "addition" | ||
|
|
||
| breaking: false |
There was a problem hiding this comment.
nit space at the end.
Description of the change:
Added a command-line flag for ansible operators to allow users to specify arbitrary CLI arguments that are passed through ansible-runner.
Motivation for the change:
Allows users to specify arbitrary CLI arguments for ansible-based operators.
Fixes issue #2262
Checklist
If the pull request includes user-facing changes, extra documentation is required:
changelog/fragments(seechangelog/fragments/00-template.yaml)website/content/en/docs