Gather facts smartly and cache them
Turn on fact caching and smart gathering but not for localhost! We do not want to leak information about zuul-executors to untrusted playbooks. Change-Id: I40941c0f15d801d91c60ff5af33d047044052154 Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This commit is contained in:
parent
8546a9b235
commit
402f2ed2f2
|
@ -189,6 +189,8 @@ class JobDir(object):
|
||||||
log streaming daemon find job logs.
|
log streaming daemon find job logs.
|
||||||
'''
|
'''
|
||||||
# root
|
# root
|
||||||
|
# .ansible
|
||||||
|
# fact-cache/localhost
|
||||||
# ansible
|
# ansible
|
||||||
# inventory.yaml
|
# inventory.yaml
|
||||||
# playbook_0
|
# playbook_0
|
||||||
|
@ -226,6 +228,18 @@ class JobDir(object):
|
||||||
os.makedirs(self.trusted_root)
|
os.makedirs(self.trusted_root)
|
||||||
ssh_dir = os.path.join(self.work_root, '.ssh')
|
ssh_dir = os.path.join(self.work_root, '.ssh')
|
||||||
os.mkdir(ssh_dir, 0o700)
|
os.mkdir(ssh_dir, 0o700)
|
||||||
|
# Create ansible cache directory
|
||||||
|
ansible_cache = os.path.join(self.root, '.ansible')
|
||||||
|
self.fact_cache = os.path.join(ansible_cache, 'fact-cache')
|
||||||
|
os.makedirs(self.fact_cache)
|
||||||
|
localhost_facts = os.path.join(self.fact_cache, 'localhost')
|
||||||
|
# NOTE(pabelanger): We do not want to leak zuul-executor facts to other
|
||||||
|
# playbooks now that smart fact gathering is enabled by default. We
|
||||||
|
# can have ansible skip populating the cache with information by the
|
||||||
|
# doing the following.
|
||||||
|
with open(localhost_facts, 'w') as f:
|
||||||
|
f.write('{"module_setup": true}')
|
||||||
|
|
||||||
self.result_data_file = os.path.join(self.work_root, 'results.json')
|
self.result_data_file = os.path.join(self.work_root, 'results.json')
|
||||||
with open(self.result_data_file, 'w'):
|
with open(self.result_data_file, 'w'):
|
||||||
pass
|
pass
|
||||||
|
@ -1252,7 +1266,10 @@ class AnsibleJob(object):
|
||||||
config.write('remote_tmp = %s/.ansible/remote_tmp\n' %
|
config.write('remote_tmp = %s/.ansible/remote_tmp\n' %
|
||||||
self.jobdir.root)
|
self.jobdir.root)
|
||||||
config.write('retry_files_enabled = False\n')
|
config.write('retry_files_enabled = False\n')
|
||||||
config.write('gathering = explicit\n')
|
config.write('gathering = smart\n')
|
||||||
|
config.write('fact_caching = jsonfile\n')
|
||||||
|
config.write('fact_caching_connection = %s\n' %
|
||||||
|
self.jobdir.fact_cache)
|
||||||
config.write('library = %s\n'
|
config.write('library = %s\n'
|
||||||
% self.executor_server.library_dir)
|
% self.executor_server.library_dir)
|
||||||
config.write('command_warnings = False\n')
|
config.write('command_warnings = False\n')
|
||||||
|
|
Loading…
Reference in New Issue