feat(harness): add ansible support to harness (#210)

* feat(harness): add support for ansible

* make sure that exec pre start hook runs before step timeout countdown starts

* fix lint

* simplify logic

* add entrypoint to ansible image

* override ansible home during docker build

* create nonroot group in ansible dockerfile

* simplify ansible dockerfile

* ensure ansible home/tmp env vars are set

* fix lint

Author: floreks

Makefile

@@ -94,8 +94,16 @@ docker-build-harness-terraform: docker-build-harness-base ## build terraform doc
     		-f dockerfiles/harness/terraform.Dockerfile \
     		.
 
+.PHONY: docker-build-harness-ansible
+docker-build-harness-ansible: docker-build-harness-base ## build terraform docker harness image
+	docker build \
+		  	--build-arg=HARNESS_IMAGE_TAG="latest" \
+    	  	-t harness \
+    		-f dockerfiles/harness/ansible.Dockerfile \
+    		.
+
 .PHONY: docker-run-harness
-docker-run-harness: docker-build-harness-terraform ## build and run terraform docker harness image
+docker-run-harness: docker-build-harness-terraform docker-build-harness-ansible ## build and run terraform docker harness image
 	docker run \
 			harness:latest \
 			--v=5 \

dockerfiles/harness/ansible.Dockerfile

@@ -10,10 +10,6 @@ FROM ${HARNESS_BASE_IMAGE} as harness
 # Build Ansible from Python Image
 FROM python:${PYTHON_VERSION}-alpine as final
 
-# Create necessary directories and set their ownership to UID/GID 65532
-RUN mkdir /plural && chown -R 65532:65532 /plural
-RUN mkdir /tmp/plural && chown -R 65532:65532 /tmp/plural
-
 # Copy Harness bin from the Harness Image
 COPY --from=harness /harness /usr/local/bin/harness
 
@@ -33,7 +29,11 @@ RUN apk add --no-cache --virtual .build-deps \
     apk add --no-cache openssh-client && \
     apk del .build-deps
 
+RUN addgroup --gid 65532 nonroot
+
 # Switch to the non-root user
 USER 65532:65532
 
 WORKDIR /plural
+
+ENTRYPOINT ["harness", "--working-dir=/plural"]

pkg/harness/controller/controller.go

@@ -4,6 +4,7 @@ import (
 	"cmp"
 	"context"
 	"fmt"
+	"io"
 	"path"
 	"slices"
 	"sync"
@@ -114,21 +115,25 @@ func (in *stackRunController) toExecutable(ctx context.Context, step *gqlclient.
 		)...,
 	)
 
+	var toolWriters []io.WriteCloser
 	modifier := in.tool.Modifier(step.Stage)
 	args := step.Args
+	env := in.stackRun.Env()
 	if modifier != nil {
 		args = modifier.Args(args)
+		env = modifier.Env(env)
+		toolWriters = modifier.WriteCloser()
 	}
 
 	return exec.NewExecutable(
 		step.Cmd,
 		append(
 			in.execOptions,
 			exec.WithDir(in.execWorkDir()),
-			exec.WithEnv(in.stackRun.Env()),
+			exec.WithEnv(env),
 			exec.WithArgs(args),
 			exec.WithID(step.ID),
-			exec.WithLogSink(consoleWriter),
+			exec.WithOutputSinks(append(toolWriters, consoleWriter)...),
 			exec.WithHook(v1.LifecyclePreStart, in.preExecHook(step.Stage, step.ID)),
 			exec.WithHook(v1.LifecyclePostStart, in.postExecHook(step.Stage)),
 		)...,
@@ -192,7 +197,7 @@ func (in *stackRunController) prepare() error {
 		return err
 	}
 
-	in.tool = tool.New(in.stackRun.Type, in.execWorkDir())
+	in.tool = tool.New(in.stackRun.Type, in.dir, in.execWorkDir())
 
 	return nil
 }

pkg/harness/exec/exec.go

@@ -8,6 +8,7 @@ import (
 	"os/exec"
 	"strings"
 
+	"github.com/pluralsh/polly/algorithms"
 	"k8s.io/apimachinery/pkg/util/uuid"
 	"k8s.io/klog/v2"
 
@@ -17,10 +18,14 @@ import (
 )
 
 func (in *executable) Run(ctx context.Context) error {
+	if err := in.runLifecycleFunction(v1.LifecyclePreStart); err != nil {
+		return err
+	}
+
 	ctx = signals.NewCancelableContext(ctx, signals.NewTimeoutSignal(in.timeout))
 	cmd := exec.CommandContext(ctx, in.command, in.args...)
 	w := in.writer()
-	defer in.close(in.logSink)
+	defer in.close(in.outputSinks)
 
 	// Configure additional writers so that we can simultaneously write output
 	// to multiple destinations
@@ -40,10 +45,6 @@ func (in *executable) Run(ctx context.Context) error {
 		cmd.Dir = in.workingDirectory
 	}
 
-	if err := in.runLifecycleFunction(v1.LifecyclePreStart); err != nil {
-		return err
-	}
-
 	klog.V(log.LogLevelExtended).InfoS("executing", "command", in.Command())
 	if err := cmd.Run(); err != nil {
 		if err = context.Cause(ctx); err != nil {
@@ -86,19 +87,28 @@ func (in *executable) ID() string {
 }
 
 func (in *executable) writer() io.Writer {
-	if in.logSink != nil {
-		return io.MultiWriter(os.Stdout, in.logSink)
+	if len(in.outputSinks) == 0 {
+		return os.Stdout
 	}
-	return os.Stdout
+
+	return io.MultiWriter(
+		append(
+			algorithms.Map(in.outputSinks, func(writer io.WriteCloser) io.Writer {
+				return writer
+			}),
+			os.Stdout)...,
+	)
 }
 
-func (in *executable) close(w io.WriteCloser) {
-	if w == nil {
+func (in *executable) close(writers []io.WriteCloser) {
+	if len(writers) == 0 {
 		return
 	}
 
-	if err := w.Close(); err != nil {
-		klog.ErrorS(err, "failed to close writer")
+	for _, w := range writers {
+		if err := w.Close(); err != nil {
+			klog.ErrorS(err, "failed to close writer")
+		}
 	}
 }
 

pkg/harness/exec/exec_options.go

@@ -4,6 +4,8 @@ import (
 	"io"
 	"time"
 
+	"github.com/pluralsh/polly/algorithms"
+
 	v1 "github.com/pluralsh/deployment-operator/pkg/harness/stackrun/v1"
 )
 
@@ -13,9 +15,9 @@ func WithDir(workingDirectory string) Option {
 	}
 }
 
-func WithLogSink(sink io.WriteCloser) Option {
+func WithOutputSinks(sinks ...io.WriteCloser) Option {
 	return func(e *executable) {
-		e.logSink = sink
+		e.outputSinks = algorithms.Filter(sinks, func(sink io.WriteCloser) bool { return sink != nil })
 	}
 }
 

pkg/harness/exec/exec_types.go

@@ -41,13 +41,11 @@ type executable struct {
 
 	// logSink is a custom writer that can be used to forward
 	// executable output. It does not stop output from being forwarded
-	// to the os.Stdout.
-	logSink io.WriteCloser
+	// to the [os.Stdout].
+	outputSinks []io.WriteCloser
 
 	// hookFunctions ...
 	hookFunctions map[v1.Lifecycle]v1.HookFunction
 }
 
 type Option func(*executable)
-
-type ArgsModifier func([]string) []string

pkg/harness/tool/ansible/ansible.go

@@ -1,36 +1,51 @@
 package ansible
 
 import (
+	"os"
+	"path"
+
 	console "github.com/pluralsh/console-client-go"
+	"github.com/samber/lo"
+	"k8s.io/klog/v2"
 
+	"github.com/pluralsh/deployment-operator/internal/helpers"
 	v1 "github.com/pluralsh/deployment-operator/pkg/harness/tool/v1"
+	"github.com/pluralsh/deployment-operator/pkg/log"
 )
 
+// Plan implements [v1.Tool] interface.
 func (in *Ansible) Plan() (*console.StackStateAttributes, error) {
-	// TODO implement me
-	panic("implement me")
+	output, err := os.ReadFile(in.planFilePath)
+	if err != nil {
+		return nil, err
+	}
+
+	klog.V(log.LogLevelTrace).InfoS("ansible plan file read successfully", "file", in.planFilePath, "output", string(output))
+	return &console.StackStateAttributes{
+		Plan: lo.ToPtr(string(output)),
+	}, nil
 }
 
-func (in *Ansible) State() (*console.StackStateAttributes, error) {
-	// TODO implement me
-	panic("implement me")
-}
+// Modifier implements [v1.Tool] interface.
+func (in *Ansible) Modifier(stage console.StepStage) v1.Modifier {
+	globalEnvModifier := NewGlobalEnvModifier(in.workDir)
 
-func (in *Ansible) Output() ([]*console.StackOutputAttributes, error) {
-	// TODO implement me
-	panic("implement me")
-}
+	if stage == console.StepStagePlan {
+		return v1.NewMultiModifier(NewPassthroughModifier(in.planFilePath), globalEnvModifier)
+	}
 
-func (in *Ansible) Modifier(stage console.StepStage) v1.Modifier {
-	// TODO implement me
-	panic("implement me")
+	return globalEnvModifier
 }
 
-func (in *Ansible) ConfigureStateBackend(actor, deployToken string, urls *console.StackRunBaseFragment_StateUrls) error {
-	// TODO implement me
-	panic("implement me")
+func (in *Ansible) init() *Ansible {
+	in.planFileName = "ansible.plan"
+	in.planFilePath = path.Join(in.execDir, in.planFileName)
+	helpers.EnsureFileOrDie(in.planFilePath)
+
+	return in
 }
 
-func New(dir string) *Ansible {
-	return &Ansible{dir: dir}
+// New creates an Ansible structure that implements v1.Tool interface.
+func New(workDir, execDir string) *Ansible {
+	return (&Ansible{workDir: workDir, execDir: execDir}).init()
 }

pkg/harness/tool/ansible/ansible_types.go

@@ -1,11 +1,22 @@
 package ansible
 
+import (
+	v1 "github.com/pluralsh/deployment-operator/pkg/harness/tool/v1"
+)
+
 // Ansible implements tool.Tool interface.
 type Ansible struct {
-	// dir
-	dir string
-}
+	v1.DefaultTool
+
+	// workDir
+	workDir string
+
+	// execDir
+	execDir string
+
+	// planFileName
+	planFileName string
 
-// Modifier implements tool.Modifier interface.
-type Modifier struct {
+	// planFilePath
+	planFilePath string
 }

pkg/harness/tool/ansible/modifier.go

@@ -1,12 +1,39 @@
 package ansible
 
 import (
-	console "github.com/pluralsh/console-client-go"
+	"fmt"
+	"io"
+	"os"
+	"path"
 
-	"github.com/pluralsh/deployment-operator/pkg/harness/exec"
+	"k8s.io/klog/v2"
+
+	v1 "github.com/pluralsh/deployment-operator/pkg/harness/tool/v1"
 )
 
-func (in *Modifier) Args(stage console.StepStage) exec.ArgsModifier {
-	// TODO implement me
-	panic("implement me")
+func (in *PassthroughModifier) WriteCloser() []io.WriteCloser {
+	f, err := os.OpenFile(in.planFile, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
+	if err != nil {
+		klog.Errorf("failed to open ansible plan file: %v", err)
+	}
+
+	return []io.WriteCloser{f}
+}
+
+func NewPassthroughModifier(planFile string) v1.Modifier {
+	return &PassthroughModifier{planFile: planFile}
+}
+
+func (in *GlobalEnvModifier) Env(env []string) []string {
+	ansibleHome := path.Join(in.workDir, ansibleDir)
+	ansibleTmp := path.Join(ansibleHome, ansibleTmpDir)
+
+	return append(env,
+		fmt.Sprintf("ANSIBLE_HOME=%s", ansibleHome),
+		fmt.Sprintf("ANSIBLE_REMOTE_TMP=%s", ansibleTmp),
+	)
+}
+
+func NewGlobalEnvModifier(workDir string) v1.Modifier {
+	return &GlobalEnvModifier{workDir: workDir}
 }

pkg/harness/tool/ansible/modifier_types.go

@@ -0,0 +1,26 @@
+package ansible
+
+import (
+	v1 "github.com/pluralsh/deployment-operator/pkg/harness/tool/v1"
+)
+
+// PassthroughModifier implements [v1.PassthroughModifier] interface.
+type PassthroughModifier struct {
+	v1.DefaultModifier
+
+	// planFile
+	planFile string
+}
+
+// GlobalEnvModifier implements [v1.EnvModifier] interface.
+type GlobalEnvModifier struct {
+	v1.DefaultModifier
+
+	// workDir
+	workDir string
+}
+
+const (
+	ansibleDir    = ".ansible"
+	ansibleTmpDir = "tmp"
+)