mirror of
https://github.com/jumpserver/jumpserver.git
synced 2026-07-03 07:39:39 +00:00
77 lines
2.4 KiB
Python
77 lines
2.4 KiB
Python
import os
|
|
import shutil
|
|
|
|
from django.conf import settings
|
|
from django.utils.translation import gettext_lazy as _
|
|
|
|
from common.utils.safe import safe_run_cmd
|
|
from .exception import AnsibleDockerImageNotFound
|
|
|
|
ANSIBLE_EE_IMAGE = 'jumpserver/ansible-executor:latest'
|
|
ANSIBLE_EE_PYTHON_INTERPRETER = '/usr/bin/python3.11'
|
|
|
|
__all__ = [
|
|
'ANSIBLE_EE_IMAGE',
|
|
'ANSIBLE_EE_PYTHON_INTERPRETER',
|
|
'use_ansible_docker_isolation',
|
|
'docker_extravars',
|
|
'docker_isolation_kwargs',
|
|
'prepare_isolated_ansible_cfg',
|
|
'stage_inventory_for_docker',
|
|
'ensure_ansible_docker_image',
|
|
]
|
|
|
|
|
|
def use_ansible_docker_isolation():
|
|
return settings.ANSIBLE_DOCKER_ENABLED
|
|
|
|
|
|
def docker_extravars(extra_vars):
|
|
extravars = dict(extra_vars or {})
|
|
if use_ansible_docker_isolation():
|
|
extravars.setdefault('local_python_interpreter', ANSIBLE_EE_PYTHON_INTERPRETER)
|
|
return extravars
|
|
|
|
|
|
def docker_isolation_kwargs():
|
|
return {
|
|
'process_isolation': True,
|
|
'process_isolation_executable': 'docker',
|
|
'container_image': ANSIBLE_EE_IMAGE,
|
|
'container_options': ['--network=jms_net'],
|
|
}
|
|
|
|
|
|
def prepare_isolated_ansible_cfg(project_dir):
|
|
if not use_ansible_docker_isolation():
|
|
return
|
|
src = os.path.join(settings.APPS_DIR, 'libs', 'ansible', 'ansible.cfg')
|
|
dst = os.path.join(project_dir, 'ansible.cfg')
|
|
shutil.copyfile(src, dst)
|
|
|
|
|
|
def stage_inventory_for_docker(project_dir, inventory_path):
|
|
if not use_ansible_docker_isolation():
|
|
return inventory_path
|
|
standard_dir = os.path.join(project_dir, 'inventory')
|
|
standard_path = os.path.join(standard_dir, 'hosts')
|
|
if os.path.realpath(inventory_path) == os.path.realpath(standard_path):
|
|
return standard_path
|
|
os.makedirs(standard_dir, mode=0o700, exist_ok=True)
|
|
shutil.copy2(inventory_path, standard_path)
|
|
return standard_path
|
|
|
|
|
|
def ensure_ansible_docker_image():
|
|
if not use_ansible_docker_isolation():
|
|
return
|
|
result = safe_run_cmd(['docker', 'image', 'inspect', ANSIBLE_EE_IMAGE])
|
|
if not result or result.returncode != 0:
|
|
raise AnsibleDockerImageNotFound(
|
|
_('Ansible Docker image "%(image)s" not found. '
|
|
'You can disable this option in System Settings - Feature Settings - Job Center - '
|
|
'Ansible Docker isolation to run locally. '
|
|
'Please run: docker pull %(image)s')
|
|
% {'image': ANSIBLE_EE_IMAGE}
|
|
)
|