Files
jumpserver/apps/ops/ansible/docker.py
2026-06-16 16:34:40 +08:00

77 lines
2.4 KiB
Python

import os
import shutil
from django.conf import settings
from django.utils.translation import gettext_lazy as _
from common.utils.safe import safe_run_cmd
from .exception import AnsibleDockerImageNotFound
ANSIBLE_EE_IMAGE = 'jumpserver/ansible-executor:latest'
ANSIBLE_EE_PYTHON_INTERPRETER = '/usr/bin/python3.11'
__all__ = [
'ANSIBLE_EE_IMAGE',
'ANSIBLE_EE_PYTHON_INTERPRETER',
'use_ansible_docker_isolation',
'docker_extravars',
'docker_isolation_kwargs',
'prepare_isolated_ansible_cfg',
'stage_inventory_for_docker',
'ensure_ansible_docker_image',
]
def use_ansible_docker_isolation():
return settings.ANSIBLE_DOCKER_ENABLED
def docker_extravars(extra_vars):
extravars = dict(extra_vars or {})
if use_ansible_docker_isolation():
extravars.setdefault('local_python_interpreter', ANSIBLE_EE_PYTHON_INTERPRETER)
return extravars
def docker_isolation_kwargs():
return {
'process_isolation': True,
'process_isolation_executable': 'docker',
'container_image': ANSIBLE_EE_IMAGE,
'container_options': ['--network=jms_net'],
}
def prepare_isolated_ansible_cfg(project_dir):
if not use_ansible_docker_isolation():
return
src = os.path.join(settings.APPS_DIR, 'libs', 'ansible', 'ansible.cfg')
dst = os.path.join(project_dir, 'ansible.cfg')
shutil.copyfile(src, dst)
def stage_inventory_for_docker(project_dir, inventory_path):
if not use_ansible_docker_isolation():
return inventory_path
standard_dir = os.path.join(project_dir, 'inventory')
standard_path = os.path.join(standard_dir, 'hosts')
if os.path.realpath(inventory_path) == os.path.realpath(standard_path):
return standard_path
os.makedirs(standard_dir, mode=0o700, exist_ok=True)
shutil.copy2(inventory_path, standard_path)
return standard_path
def ensure_ansible_docker_image():
if not use_ansible_docker_isolation():
return
result = safe_run_cmd(['docker', 'image', 'inspect', ANSIBLE_EE_IMAGE])
if not result or result.returncode != 0:
raise AnsibleDockerImageNotFound(
_('Ansible Docker image "%(image)s" not found. '
'You can disable this option in System Settings - Feature Settings - Job Center - '
'Ansible Docker isolation to run locally. '
'Please run: docker pull %(image)s')
% {'image': ANSIBLE_EE_IMAGE}
)