shaba/awx
1
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2024-10-27 09:25:10 +03:00
Code Releases Activity
b9ecc775dc
awx/tools/docker-isolated
History
Alan Rominger b9ecc775dc Update developer documentation for isolated jobs
2017-06-20 15:09:45 -04:00
..
Dockerfile isolated ramparts: replace systemd unit with a tower-expect binary 2017-06-16 09:59:21 -04:00
Procfile Support for executing job and adhoc commands on isolated Tower nodes (#6524) 2017-06-14 11:47:30 -04:00
README.md Update developer documentation for isolated jobs 2017-06-20 15:09:45 -04:00
tower-expect Include the Tower venv in the isolated bubblewrapped arguments. 2017-06-19 15:52:54 -04:00

README.md

Instructions on using an isolated node

The building of the isolated node is done in the make docker-compose-build target. Its image uses a different tag from the tools_tower container.

Given that the images are built, you can run the combined docker compose target. This uses the base docker-compose.yml with modifications found in docker-isolated-override.yml. You will still need to give COMPOSE_TAG with whatever your intended base branch is. For example:

make docker-isolated COMPOSE_TAG=devel

This will automatically exchange the keys in order for the tools_tower_1 container to access the tools_isolated_1 container over ssh. After that, it will bring up all the containers like the normal docker-compose workflow.

Running a job on the Isolated Node

Create a job template that runs normally. Add the id of the instance group named thepentagon to the JT's instance groups. To do this, POST the id (probably id=2) to /api/v2/job_templates/N/instance_groups/. After that, run the job template.

The models are automatically created when running the Makefile target, and they are structured as follows:

+-------+     +-------------+
| tower |<----+ thepentagon |
+-------+     +-------------+
    ^                ^
    |                |
    |                |
+---+---+      +-----+----+
| tower |      | isolated |
+-------+      +----------+

The controller for the group "thepentagon" and all hosts therein is determined by a ForeignKey within the instance group.

Development Testing Notes

Test the SSH connection between containers

While the environment is running, you can test the connection like so:

docker exec -i -t tools_tower_1 /bin/bash

Inside the context of that container:

ssh root@isolated

(note: awx user has been deprecated)

This should give a shell to the tools_isolated_1 container, as the tools_tower_1 container sees it.

Run a playbook

In order to run an isolated job, associate the instance group thepentagon with a job template, inventory, or organization, then run a job that derives from that resource. You should be able to confirm success by inspecting the instance_group of the job.

Advanced Manual Testing

If you want to run a job manually inside of the isolated container with this tooling, you need a private data directory. Normal isolated job runs will clean up their private data directory, but you can temporarily disable this by disabling some parts of the cleanup_isolated.yml playbook.

Example location of a private data directory:

/tmp/ansible_tower_29_OM6Mnx/

The following command would run the playbook corresponding to that job.

tower-expect start /tmp/ansible_tower_29_OM6Mnx/

Other tower-expect commands include start, is-alive, and stop.