As a first step towards supporting multiple ansible versions we need
tooling to manage ansible installations. This moves the installation
of ansible from the requirements.txt into zuul. This is called as a
setup hook to install the ansible versions into
<prefix>/lib/zuul/ansible. Further this tooling abstracts knowledge
that the executor must know in order to actually run the correct
version of ansible.
The actual usage of multiple ansible versions will be done in
follow-ups.
For better maintainability the ansible plugins live in
zuul/ansible/base where plugins can be kept in different versions if
necessary. For each supported ansible version there is a specific
folder that symlinks the according plugins.
Change-Id: I5ce1385245c76818777aa34230786a9dbaf723e5
Depends-On: https://review.openstack.org/623927
There are a few missing commas in our sage_args, this fixes them.
Otherwise we get the following error from zuul:
Adding hosts ssh with ansible_password ansible_user to the inventory is prohibited
Change-Id: I6162bc6a223da54af26bedd2e950ed21a64908b0
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Since commit d07bc25fc2, it is possible
for an untrusted playbook to execute commands on the executor host.
This change restores the add_host restriction and white-lists the
intended use case.
Change-Id: I36cc604c62a50c95260d076a63a53f28b197792d
There's actually not anything unsafe about add_host. Doing CD from Zuul
requires being able to add hosts, so relax the restriction.
Change-Id: I7a5992808773722f3b81890fb4193da202cfea68
We want to override the base action plugins. We can't do that if we try
to import non-existent locations in the zuul tree.
Change-Id: I6242d973d4ce3b42bcec2812ba261ac6f968fcf4
There are actions undertaken by action plugins in normal ansible that
allow for executing code on the host that ansible is executing on. We do
not want to allow that for untrusted code, so add a set of action
plugins that override the upstream ones and simply return errors.
Additionally, we can trap for attempts to execute local commands in the
normal action plugin by looking at remote_addr, connection and
delegate_to.
Change-Id: I57dbe5648a9dc6ec9147c8698ad46c4fa1326e5a
Tobias Henkel