Add methods for configuring and starting ansible inside #13584
Conversation
carbonin
force-pushed
the
ansible_inside
branch
3 times, most recently
from
9cbd33a to
1146f08
Compare
| @@ -11,13 +17,114 @@ def self.enabled? | |||
| end | |||
|
|
|||
| def self.running? | |||
| # TODO | |||
| false | |||
| services.map { |service| LinuxAdmin::Service.new(service).running? }.inject(:&) | |||
There was a problem hiding this comment.
Yeah, not sure why I did it that way ... all? is probably the better way to go ...
|
|
||
| auth.password = password | ||
| auth.save! | ||
| end |
There was a problem hiding this comment.
Maybe not for this PR, but the repetition of the ansible_ prefix for the methods and the hardcoded authtypes make me think we should have a ansible thing mixed in here or a separate class so we can have constants and less code here. Maybe we can start with making constants out of the hardcoded values?
There was a problem hiding this comment.
Yes, seems weird to have so many "ansible" specific references in MiqDatabase. It may seem like overkill for now, but maybe a new model for "appliance services" or something like that where ansible could be on of them. Just spitballing here...
| rabbitmq_vhost=tower | ||
| rabbitmq_username=tower | ||
| rabbitmq_password='#{rabbitmq_password}' | ||
| rabbitmq_cookie=cookiemonster |
There was a problem hiding this comment.
lol, that's their default, right?
There was a problem hiding this comment.
Yup, pulled this all from the default file 😄
| with_inventory_file do |inventory_file_path| | ||
| setup_params = { | ||
| :e => "minimum_var_space=0", | ||
| :k => "packages,migrations,supervisor", |
There was a problem hiding this comment.
Would it make sense to put this list into a explaining constant/variable/method so it's obvious why one has supervisor in the list and the one below doesn't?
| end | ||
| end | ||
|
|
||
| def self.stop |
There was a problem hiding this comment.
Does it make sense to name this method "disable"? I think we can assume disabling a service should stop it but I don't think you can assume stopping a service should disable it.
There was a problem hiding this comment.
👍 Do you think we should also have a .stop?
| file.close | ||
| yield(file.path) | ||
| ensure | ||
| file.unlink |
There was a problem hiding this comment.
I believe the file.close is done automatically if you use Tempfile.new with a block. Are you trying to avoid having the GC do the unlink through a finalizer?
In other words, why not:
Tempfile.open("miq_inventory") do |file|
file.write(inventory_file_contents)
yield(file.path)
endThere was a problem hiding this comment.
I feel like I ran into an issue where the contents of the tempfile were not synced to the filesystem unless I did the #close. So when we then do a File.read("temp/file/path") we didn't get the proper contents.
May have made that up though.
There was a problem hiding this comment.
I had to do this extra #close to get the .configured? specs to pass, for example.
There was a problem hiding this comment.
Interesting, the link is now dead. I'm ok with doing this if we really need make sure the file is gone. I think the difference is the unlink could be delayed until the Tempfile object is GC'd so the file could stay around longer than expected.
There was a problem hiding this comment.
I think we would want this file gone ASAP as it will contain passwords.
carbonin
force-pushed
the
ansible_inside
branch
3 times, most recently
from
492343c to
b6d6ae8
Compare
carbonin
force-pushed
the
ansible_inside
branch
4 times, most recently
from
303bc69 to
bcfb98e
Compare
carbonin
force-pushed
the
ansible_inside
branch
3 times, most recently
from
54ffac9 to
b96d3f6
Compare
These methods run the setup playbook with particular arguments to accomplish configuration and startup at different times. Also added stop and running? methods to control and monitor the services running on the server
These methods will be used to store authentication information and shared keys that will be used whenever we start the ansible role on a server.
This determines if the service is configured based on the status of the secret key.
This allows us to run nginx alongside apache withou hacking an edit on the configuration file at install time.
The firewall task opens the ports we specify to use for nginx. We want to control the appliance's firewall and we don't want nginx to be able to get through.
This avoids unpleasant quoting and escaping issues within the inventory file.
There's no reason for this to be in the console or elsewhere. We can manage the creation of the database the same way we manage the secret key. Create it if we think we need to. We are using the presence of the database password to determine if the database needs to be created.
The `.stop` method now just stops the services and the `.disable` method will stop then disable each service.
Also fix a brakeman falure by quoting the password for SQL when creating the awx role.
carbonin
force-pushed
the
ansible_inside
branch
from
b96d3f6 to
d277d40
Compare
|
Checked commits carbonin/manageiq@d0873c5~...d277d40 with ruby 2.2.6, rubocop 0.47.1, and haml-lint 0.20.0 |
carbonin
changed the title
| private_class_method :playbook_extra_variables | ||
|
|
||
| def self.run_setup_script(params) | ||
| with_inventory_file do |inventory_file_path| |
There was a problem hiding this comment.
Let's wrap this with a flock or something to avoid the possibility of the worker running more than one of these at once.
There was a problem hiding this comment.
We can do this in a followup PR.
This PR mainly fleshes out the
EmbeddedAnsibleclass created in #13435This adds things like configuring the appliance to run the ansible service and methods for managing that service.
Also added here is a way to share the keys and passwords needed by the embedded ansible service across servers in case of role failover.
This is the general shape of the API that will be used by the worker being created in #13551
https://www.pivotaltracker.com/story/show/137048481