Provide per-project ssh key to executor
If a job is run in a post-review pipeline, add the per-project ssh key of the triggering project to the executor. This also contains a minor refactor to avoid repeatedly json-parsing the gearman job arguments, and a fix to TestAnsibleJob which was using the wrong kind of 'Job'. Change-Id: I585010366ad87f6d6292e8d4e0855f70e23669f5
This commit is contained in:
parent
56f90923ed
commit
dbe1306b36
|
@ -20,6 +20,7 @@ from unittest import mock
|
||||||
|
|
||||||
import zuul.executor.server
|
import zuul.executor.server
|
||||||
import zuul.model
|
import zuul.model
|
||||||
|
import gear
|
||||||
|
|
||||||
from tests.base import (
|
from tests.base import (
|
||||||
ZuulTestCase,
|
ZuulTestCase,
|
||||||
|
@ -425,8 +426,7 @@ class TestAnsibleJob(ZuulTestCase):
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(TestAnsibleJob, self).setUp()
|
super(TestAnsibleJob, self).setUp()
|
||||||
job = zuul.model.Job('test')
|
job = gear.TextJob('executor:execute', '{}', unique='test')
|
||||||
job.unique = 'test'
|
|
||||||
self.test_job = zuul.executor.server.AnsibleJob(self.executor_server,
|
self.test_job = zuul.executor.server.AnsibleJob(self.executor_server,
|
||||||
job)
|
job)
|
||||||
|
|
||||||
|
|
|
@ -230,6 +230,11 @@ class ExecutorClient(object):
|
||||||
nodes.append(n)
|
nodes.append(n)
|
||||||
params['nodes'] = nodes
|
params['nodes'] = nodes
|
||||||
params['groups'] = [group.toDict() for group in nodeset.getGroups()]
|
params['groups'] = [group.toDict() for group in nodeset.getGroups()]
|
||||||
|
params['ssh_keys'] = []
|
||||||
|
if pipeline.post_review:
|
||||||
|
params['ssh_keys'].append(dict(
|
||||||
|
name='%s project key' % item.change.project.canonical_name,
|
||||||
|
key=item.change.project.private_ssh_key))
|
||||||
params['vars'] = job.variables
|
params['vars'] = job.variables
|
||||||
params['extra_vars'] = job.extra_variables
|
params['extra_vars'] = job.extra_variables
|
||||||
params['host_vars'] = job.host_variables
|
params['host_vars'] = job.host_variables
|
||||||
|
|
|
@ -235,6 +235,20 @@ class SshAgent(object):
|
||||||
raise
|
raise
|
||||||
self.log.info('Added SSH Key {}'.format(key_path))
|
self.log.info('Added SSH Key {}'.format(key_path))
|
||||||
|
|
||||||
|
def addData(self, name, key_data):
|
||||||
|
env = os.environ.copy()
|
||||||
|
env.update(self.env)
|
||||||
|
self.log.debug('Adding SSH Key {}'.format(name))
|
||||||
|
try:
|
||||||
|
subprocess.check_output(['ssh-add', '-'], env=env,
|
||||||
|
input=key_data.encode('utf8'),
|
||||||
|
stderr=subprocess.PIPE)
|
||||||
|
except subprocess.CalledProcessError as e:
|
||||||
|
self.log.exception('ssh-add failed. stdout: %s, stderr: %s',
|
||||||
|
e.output, e.stderr)
|
||||||
|
raise
|
||||||
|
self.log.info('Added SSH Key {}'.format(name))
|
||||||
|
|
||||||
def remove(self, key_path):
|
def remove(self, key_path):
|
||||||
env = os.environ.copy()
|
env = os.environ.copy()
|
||||||
env.update(self.env)
|
env.update(self.env)
|
||||||
|
@ -624,6 +638,7 @@ class AnsibleJob(object):
|
||||||
self.log = AnsibleJobLogAdapter(logger, {'job': job.unique})
|
self.log = AnsibleJobLogAdapter(logger, {'job': job.unique})
|
||||||
self.executor_server = executor_server
|
self.executor_server = executor_server
|
||||||
self.job = job
|
self.job = job
|
||||||
|
self.arguments = json.loads(job.arguments)
|
||||||
self.jobdir = None
|
self.jobdir = None
|
||||||
self.proc = None
|
self.proc = None
|
||||||
self.proc_lock = threading.Lock()
|
self.proc_lock = threading.Lock()
|
||||||
|
@ -670,12 +685,11 @@ class AnsibleJob(object):
|
||||||
self.abortRunningProc()
|
self.abortRunningProc()
|
||||||
|
|
||||||
def pause(self):
|
def pause(self):
|
||||||
args = json.loads(self.job.arguments)
|
|
||||||
self.log.info(
|
self.log.info(
|
||||||
"Pausing job %s for ref %s (change %s)" % (
|
"Pausing job %s for ref %s (change %s)" % (
|
||||||
args['zuul']['job'],
|
self.arguments['zuul']['job'],
|
||||||
args['zuul']['ref'],
|
self.arguments['zuul']['ref'],
|
||||||
args['zuul']['change_url']))
|
self.arguments['zuul']['change_url']))
|
||||||
with open(self.jobdir.job_output_file, 'a') as job_output:
|
with open(self.jobdir.job_output_file, 'a') as job_output:
|
||||||
job_output.write(
|
job_output.write(
|
||||||
"{now} |\n"
|
"{now} |\n"
|
||||||
|
@ -691,12 +705,11 @@ class AnsibleJob(object):
|
||||||
if not self.paused:
|
if not self.paused:
|
||||||
return
|
return
|
||||||
|
|
||||||
args = json.loads(self.job.arguments)
|
|
||||||
self.log.info(
|
self.log.info(
|
||||||
"Resuming job %s for ref %s (change %s)" % (
|
"Resuming job %s for ref %s (change %s)" % (
|
||||||
args['zuul']['job'],
|
self.arguments['zuul']['job'],
|
||||||
args['zuul']['ref'],
|
self.arguments['zuul']['ref'],
|
||||||
args['zuul']['change_url']))
|
self.arguments['zuul']['change_url']))
|
||||||
with open(self.jobdir.job_output_file, 'a') as job_output:
|
with open(self.jobdir.job_output_file, 'a') as job_output:
|
||||||
job_output.write(
|
job_output.write(
|
||||||
"{now} | Job resumed\n"
|
"{now} | Job resumed\n"
|
||||||
|
@ -713,6 +726,8 @@ class AnsibleJob(object):
|
||||||
try:
|
try:
|
||||||
self.ssh_agent.start()
|
self.ssh_agent.start()
|
||||||
self.ssh_agent.add(self.private_key_file)
|
self.ssh_agent.add(self.private_key_file)
|
||||||
|
for key in self.arguments.get('ssh_keys', []):
|
||||||
|
self.ssh_agent.addData(key['name'], key['key'])
|
||||||
self.jobdir = JobDir(self.executor_server.jobdir_root,
|
self.jobdir = JobDir(self.executor_server.jobdir_root,
|
||||||
self.executor_server.keep_jobdir,
|
self.executor_server.keep_jobdir,
|
||||||
str(self.job.unique))
|
str(self.job.unique))
|
||||||
|
@ -743,7 +758,7 @@ class AnsibleJob(object):
|
||||||
self.log.exception("Error finalizing job thread:")
|
self.log.exception("Error finalizing job thread:")
|
||||||
|
|
||||||
def _execute(self):
|
def _execute(self):
|
||||||
args = json.loads(self.job.arguments)
|
args = self.arguments
|
||||||
self.log.info(
|
self.log.info(
|
||||||
"Beginning job %s for ref %s (change %s)" % (
|
"Beginning job %s for ref %s (change %s)" % (
|
||||||
args['zuul']['job'],
|
args['zuul']['job'],
|
||||||
|
|
Loading…
Reference in New Issue