pkg/ansible/runner: Add ability to specify ANSIBLE_INVENTORY env variable (#1023)

**Description of the change:**
If the `ANSIBLE_INVENTORY` environment variable is set, the Ansible Operator will copy it into the runner artifacts directory. This is a placeholder until the `--inventory` option to runner supports directories, or until it respects the `ansible.cfg`.

**Motivation for the change:**
Allows users to specify more complex inventories, should at least partially unblock #954

Author: fabianvf

hack/tests/e2e-ansible-molecule.sh

@@ -50,9 +50,16 @@ DEST_IMAGE="quay.io/example/memcached-operator:v0.0.2-test"
 operator-sdk build --enable-tests "$DEST_IMAGE"
 trap_add 'remove_prereqs' EXIT
 deploy_prereqs
-TEST_CLUSTER_PORT=25443 operator-sdk test cluster --image-pull-policy Never --namespace default --service-account memcached-operator ${DEST_IMAGE}
+operator-sdk test cluster --image-pull-policy Never --namespace default --service-account memcached-operator ${DEST_IMAGE}
 
 remove_prereqs
 
 popd
 popd
+
+pushd "${ROOTDIR}/test/ansible-inventory"
+
+sed -i 's|\(FROM quay.io/operator-framework/ansible-operator\)\(:.*\)\?|\1:dev|g' build/Dockerfile
+TEST_CLUSTER_PORT=24443 operator-sdk test local --namespace default
+
+popd

pkg/ansible/runner/internal/inputdir/inputdir.go

@@ -20,8 +20,10 @@ import (
 	"io/ioutil"
 	"os"
 	"path/filepath"
+	"strings"
 
 	"github.com/operator-framework/operator-sdk/internal/util/fileutil"
+	"github.com/spf13/afero"
 
 	logf "sigs.k8s.io/controller-runtime/pkg/runtime/log"
 )
@@ -60,6 +62,35 @@ func (i *InputDir) addFile(path string, content []byte) error {
 	return err
 }
 
+// copyInventory copies a file or directory from src to dst
+func (i *InputDir) copyInventory(src string, dst string) error {
+	fs := afero.NewOsFs()
+	return afero.Walk(fs, src,
+		func(path string, info os.FileInfo, err error) error {
+			if err != nil {
+				return err
+			}
+			fullDst := strings.Replace(path, src, dst, 1)
+			if info.IsDir() {
+				if err = fs.MkdirAll(fullDst, info.Mode()); err != nil {
+					return err
+				}
+			} else {
+				f, err := fs.Open(path)
+				if err != nil {
+					return err
+				}
+				if err = afero.WriteReader(fs, fullDst, f); err != nil {
+					return err
+				}
+				if err = fs.Chmod(fullDst, info.Mode()); err != nil {
+					return err
+				}
+			}
+			return nil
+		})
+}
+
 // Stdout reads the stdout from the ansible artifact that corresponds to the
 // given ident and returns it as a string.
 func (i *InputDir) Stdout(ident string) (string, error) {
@@ -101,16 +132,39 @@ func (i *InputDir) Write() error {
 		return err
 	}
 
-	// If ansible-runner is running in a python virtual environment, propagate
-	// that to ansible.
-	venv := os.Getenv("VIRTUAL_ENV")
-	hosts := "localhost ansible_connection=local"
-	if venv != "" {
-		hosts = fmt.Sprintf("%s ansible_python_interpreter=%s", hosts, filepath.Join(venv, "bin/python"))
-	}
-	err = i.addFile("inventory/hosts", []byte(hosts))
-	if err != nil {
-		return err
+	// ANSIBLE_INVENTORY takes precendence over our generated hosts file
+	// so if the envvar is set we don't bother making it, we just copy
+	// the inventory into our runner directory
+	ansible_inventory := os.Getenv("ANSIBLE_INVENTORY")
+	if ansible_inventory == "" {
+		// If ansible-runner is running in a python virtual environment, propagate
+		// that to ansible.
+		venv := os.Getenv("VIRTUAL_ENV")
+		hosts := "localhost ansible_connection=local"
+		if venv != "" {
+			hosts = fmt.Sprintf("%s ansible_python_interpreter=%s", hosts, filepath.Join(venv, "bin/python"))
+		}
+		err = i.addFile("inventory/hosts", []byte(hosts))
+		if err != nil {
+			return err
+		}
+	} else {
+		fi, err := os.Stat(ansible_inventory)
+		if err != nil {
+			return err
+		}
+		switch mode := fi.Mode(); {
+		case mode.IsDir():
+			err = i.copyInventory(ansible_inventory, filepath.Join(i.Path, "inventory"))
+			if err != nil {
+				return err
+			}
+		case mode.IsRegular():
+			err = i.copyInventory(ansible_inventory, filepath.Join(i.Path, "inventory/hosts"))
+			if err != nil {
+				return err
+			}
+		}
 	}
 
 	if i.PlaybookPath != "" {

test/ansible-inventory/ansible.cfg

@@ -0,0 +1,10 @@
+[defaults]
+inventory_plugins = /opt/ansible/plugins/inventory
+stdout_callback = yaml
+callback_whitelist = profile_tasks,timer
+module_utils = /opt/ansible/module_utils
+roles_path = /opt/ansible/roles
+library = /opt/ansible/library
+inventory = /opt/ansible/inventory
+filter_plugins = /opt/ansible/plugins/filter
+remote_tmp = /tmp/ansible

test/ansible-inventory/build/Dockerfile

@@ -0,0 +1,4 @@
+FROM quay.io/operator-framework/ansible-operator:dev
+
+COPY ansible.cfg /etc/ansible/ansible.cfg
+COPY . ${HOME}/

test/ansible-inventory/deploy/crds/inventory_v1alpha1_inventory_cr.yaml

@@ -0,0 +1,7 @@
+apiVersion: inventory.apps.fabianism.us/v1alpha1
+kind: Inventory
+metadata:
+  name: example-inventory
+spec:
+  # Add fields here
+  size: 3

test/ansible-inventory/deploy/crds/inventory_v1alpha1_inventory_crd.yaml

@@ -0,0 +1,15 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: inventorys.inventory.apps.fabianism.us
+spec:
+  group: inventory.apps.fabianism.us
+  names:
+    kind: Inventory
+    listKind: InventoryList
+    plural: inventorys
+    singular: inventory
+  scope: Namespaced
+  version: v1alpha1
+  subresources:
+    status: {}

test/ansible-inventory/deploy/operator.yaml

@@ -0,0 +1,36 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: inventory
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      name: inventory
+  template:
+    metadata:
+      labels:
+        name: inventory
+    spec:
+      serviceAccountName: inventory
+      containers:
+        - name: inventory
+          # Replace this with the built image name
+          image: "{{ REPLACE_IMAGE }}"
+          ports:
+          - containerPort: 60000
+            name: metrics
+          imagePullPolicy: "{{ pull_policy|default('Always') }}"
+          env:
+            - name: WATCH_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: OPERATOR_NAME
+              value: "inventory"
+            - name: ANSIBLE_INVENTORY
+              value: /opt/ansible/inventory

test/ansible-inventory/deploy/role.yaml

@@ -0,0 +1,46 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  creationTimestamp: null
+  name: inventory
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - services
+  - endpoints
+  - persistentvolumeclaims
+  - events
+  - configmaps
+  - secrets
+  verbs:
+  - '*'
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  verbs:
+  - get
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  - daemonsets
+  - replicasets
+  - statefulsets
+  verbs:
+  - '*'
+- apiGroups:
+  - monitoring.coreos.com
+  resources:
+  - servicemonitors
+  verbs:
+  - get
+  - create
+- apiGroups:
+  - inventory.apps.fabianism.us
+  resources:
+  - '*'
+  verbs:
+  - '*'

test/ansible-inventory/deploy/role_binding.yaml

@@ -0,0 +1,11 @@
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: inventory
+subjects:
+- kind: ServiceAccount
+  name: inventory
+roleRef:
+  kind: Role
+  name: inventory
+  apiGroup: rbac.authorization.k8s.io

test/ansible-inventory/deploy/service_account.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: inventory