2018-02-23 15:37:16 |
Dmitry Tantsur |
description |
The ansible deploy interface was introduced with the goal of enabling higher customization of the deploy process. Thus, allowing operators to modify its playbooks is a cornerstone feature. However, the current approach with modifying them in the local file system has the following potential issues:
1. it assumes that an API user has write access to the local file system,
2. it requires a configuration management tool to be able to change the playbooks across multiple conductors in a sane way,
3. it does not play really well with containerized deployments.
The RFE proposes renaming [ansible]playbooks_dir and node.driver_info[ansible_playbooks_dir] to [ansible]playbooks_location and node.driver_info[ansible_playbooks_location] accordingly and allowing URLs in them.
We will accept 4 schemas initially: file, http, https and swift. Missing schema will designate a local directory for backward compatibility. The new 3 schemas will point at a tarball with the whole playbooks tree in it. This tarball will be fetched on node deploy and unpacked to a temporary location.
The swift URL will have a form of swift://[account@]container/object (account being optional and defaulting to the account of the service tenant, similar to how we treat temporary URLs). |
The ansible deploy interface was introduced with the goal of enabling higher customization of the deploy process. Thus, allowing operators to modify its playbooks is a cornerstone feature. However, the current approach with modifying them in the local file system has the following potential issues:
1. it assumes that an API user has write access to the local file system,
2. it requires a configuration management tool to be able to change the playbooks across multiple conductors in a sane way,
3. it does not play really well with containerized deployments.
The RFE proposes renaming [ansible]playbooks_dir and node.driver_info[ansible_playbooks_dir] to [ansible]playbooks_location and node.driver_info[ansible_playbooks_location] accordingly and allowing URLs in them.
We will accept 4 schemas initially: file, http, https and swift. Missing schema will designate a local directory for backward compatibility. The new 3 schemas will point at a tarball with the whole playbooks tree in it. This tarball will be fetched on node deploy and unpacked to a temporary location.
The swift URL will have a form of swift://[account@]container/object (account being optional and defaulting to the account of the service tenant, similar to how we treat temporary URLs).
Finally, since putting URLs to playbooks in driver_info essentially means remove code execution, it will be off by default. A new option [ansible]playbooks_location_schemas defaulting to ['file'] will regulate which schemas are acceptable in driver_info. |
|