From 9b0ee7436ff467a46ff303355442cd42962ea683 Mon Sep 17 00:00:00 2001 From: alazik Date: Mon, 12 Feb 2024 19:17:17 +0100 Subject: [PATCH] Change working directory for REX in pull mode Also fixed the default working directory, which is now `/run`. (cherry picked from commit 981af6f185ee371927d9c60c9995c1cffd167cf6) (cherry picked from commit 51a93d952f1943c0b50f55773b8c7c48b3777f45) --- ...onfiguring-and-setting-up-remote-jobs.adoc | 6 ++- ...ory-to-execute-remote-jobs-on-clients.adoc | 45 ----------------- ...or-remote-execution-jobs-in-pull-mode.adoc | 34 +++++++++++++ ...or-remote-execution-jobs-in-push-mode.adoc | 50 +++++++++++++++++++ 4 files changed, 89 insertions(+), 46 deletions(-) delete mode 100644 guides/common/modules/proc_configuring-an-alternative-directory-to-execute-remote-jobs-on-clients.adoc create mode 100644 guides/common/modules/proc_setting-an-alternative-directory-for-remote-execution-jobs-in-pull-mode.adoc create mode 100644 guides/common/modules/proc_setting-an-alternative-directory-for-remote-execution-jobs-in-push-mode.adoc diff --git a/guides/common/assembly_configuring-and-setting-up-remote-jobs.adoc b/guides/common/assembly_configuring-and-setting-up-remote-jobs.adoc index 69c9896bebe..e3064939f74 100644 --- a/guides/common/assembly_configuring-and-setting-up-remote-jobs.adoc +++ b/guides/common/assembly_configuring-and-setting-up-remote-jobs.adoc @@ -22,7 +22,11 @@ include::modules/proc_configuring-the-fallback-to-any-smartproxy-remote-executio include::modules/proc_configuring-the-global-smartproxy-remote-execution-setting-in-project.adoc[leveloffset=+1] -include::modules/proc_configuring-an-alternative-directory-to-execute-remote-jobs-on-clients.adoc[leveloffset=+1] +include::modules/proc_setting-an-alternative-directory-for-remote-execution-jobs-in-push-mode.adoc[leveloffset=+1] + +ifeval::["{context}" == "managing-hosts"] +include::modules/proc_setting-an-alternative-directory-for-remote-execution-jobs-in-pull-mode.adoc[leveloffset=+1] +endif::[] include::modules/proc_altering-the-privilege-elevation-method.adoc[leveloffset=+1] diff --git a/guides/common/modules/proc_configuring-an-alternative-directory-to-execute-remote-jobs-on-clients.adoc b/guides/common/modules/proc_configuring-an-alternative-directory-to-execute-remote-jobs-on-clients.adoc deleted file mode 100644 index fc6ef7e3da3..00000000000 --- a/guides/common/modules/proc_configuring-an-alternative-directory-to-execute-remote-jobs-on-clients.adoc +++ /dev/null @@ -1,45 +0,0 @@ -[id="Configuring_{project-context}_to_Use_an_Alternative_Directory_to_Execute_Remote_Jobs_on_Hosts_{context}"] -= Configuring {Project} to Use an Alternative Directory to Execute Remote Jobs on Hosts - -ifeval::["{context}" == "managing-hosts"] -By default, {Project} uses the `/var/tmp` directory on the client system to execute the remote execution jobs. -If the client system has `noexec` set for the `/var/` volume or file system, you must configure {Project} to use an alternative directory because otherwise the remote execution job fails since the script cannot be run. -endif::[] -ifeval::["{context}" == "ansible"] -Ansible puts its own files it requires into the `$HOME/.ansible/tmp` directory, where `$HOME` is the home directory of the remote user. -You have the option to set a different directory if required. -endif::[] - -.Procedure -. Create a new directory: -+ -[options="nowrap", subs="+quotes,verbatim,attributes"] ----- -# mkdir _/My_Remote_Working_Directory_ ----- -ifndef::foreman-deb[] -. Copy the SELinux context from the default `var` directory: -+ -[options="nowrap", subs="+quotes,verbatim,attributes"] ----- -# chcon --reference=/var _/My_Remote_Working_Directory_ ----- -endif::[] -ifeval::["{context}" == "managing-hosts"] -. Configure the system: -+ -[options="nowrap", subs="+quotes,verbatim,attributes"] ----- -# {foreman-installer} \ ---foreman-proxy-plugin-remote-execution-script-remote-working-dir _/My_Remote_Working_Directory_ ----- -endif::[] -ifeval::["{context}" == "ansible"] -. Configure the system: -+ -[options="nowrap", subs="+quotes,verbatim,attributes"] ----- -# {foreman-installer} \ ---foreman-proxy-plugin-ansible-working-dir _/My_Remote_Working_Directory_ ----- -endif::[] diff --git a/guides/common/modules/proc_setting-an-alternative-directory-for-remote-execution-jobs-in-pull-mode.adoc b/guides/common/modules/proc_setting-an-alternative-directory-for-remote-execution-jobs-in-pull-mode.adoc new file mode 100644 index 00000000000..05f681659cd --- /dev/null +++ b/guides/common/modules/proc_setting-an-alternative-directory-for-remote-execution-jobs-in-pull-mode.adoc @@ -0,0 +1,34 @@ +[id="setting-an-alternative-directory-for-remote-execution-jobs-in-pull-mode_{context}"] += Setting an Alternative Directory for Remote Execution Jobs in Pull Mode + +By default, {Project} uses the `/run` directory on hosts for remote execution jobs in pull mode. +If the `/run` directory on your host is mounted with the `noexec` flag, {Project} cannot execute remote execution job scripts in this directory. +You can use the `yggdrasild` service to set an alternative directory for executing remote execution jobs in pull mode. + +.Procedure +On your host, perform these steps: + +. Create a new directory: ++ +[options="nowrap", subs="+quotes,verbatim,attributes"] +---- +# mkdir _/My_Remote_Working_Directory_ +---- +. Access the `yggdrasild` service configuration: ++ +[options="nowrap", subs="+quotes,verbatim,attributes"] +---- +# systemctl edit yggdrasild +---- +. Specify the alternative directory by adding the following line to the configuration: ++ +[options="nowrap", subs="+quotes,verbatim,attributes"] +---- +Environment=FOREMAN_YGG_WORKER_WORKDIR=_/My_Remote_Working_Directory_ +---- +. Restart the `yggdrasild` service: ++ +[options="nowrap", subs="+quotes,verbatim,attributes"] +---- +# systemctl restart yggdrasild +---- diff --git a/guides/common/modules/proc_setting-an-alternative-directory-for-remote-execution-jobs-in-push-mode.adoc b/guides/common/modules/proc_setting-an-alternative-directory-for-remote-execution-jobs-in-push-mode.adoc new file mode 100644 index 00000000000..e83ef3e4b23 --- /dev/null +++ b/guides/common/modules/proc_setting-an-alternative-directory-for-remote-execution-jobs-in-push-mode.adoc @@ -0,0 +1,50 @@ +[id="setting-an-alternative-directory-for-remote-execution-jobs-in-push-mode_{context}"] +ifeval::["{context}" == "managing-hosts"] += Setting an Alternative Directory for Remote Execution Jobs in Push Mode + +By default, {Project} uses the `/var/tmp` directory on hosts for remote execution jobs in push mode. +If the `/var/tmp` directory on your host is mounted with the `noexec` flag, {Project} cannot execute remote execution job scripts in this directory. +You can use `{foreman-installer}` to set an alternative directory for executing remote execution jobs in push mode. + +:rex-default-working-dir: /var/tmp +:installer-change-working-dir-opt: --foreman-proxy-plugin-remote-execution-script-remote-working-dir +:rex-target-machine: host +endif::[] +ifeval::["{context}" == "ansible"] += Configuring {Project} to Use an Alternative Directory to Execute Remote Jobs on Hosts + +Ansible puts its own files it requires on the server side into the `/tmp` directory. +You have the option to set a different directory if required. + +:rex-default-working-dir: /tmp +:installer-change-working-dir-opt: --foreman-proxy-plugin-ansible-working-dir +:rex-target-machine: {ProjectServer} or {SmartProxyServer} +endif::[] + +.Procedure +. On your {rex-target-machine}, create a new directory: ++ +[options="nowrap", subs="+quotes,verbatim,attributes"] +---- +# mkdir _/My_Remote_Working_Directory_ +---- +ifndef::foreman-deb[] ++ +. Copy the SELinux context from the default `{rex-default-working-dir}` directory: ++ +[options="nowrap", subs="+quotes,verbatim,attributes"] +---- +# chcon --reference={rex-default-working-dir} _/My_Remote_Working_Directory_ +---- +endif::[] +. Configure your {ProjectServer} or {SmartProxyServer} to use the new directory: ++ +[options="nowrap", subs="+quotes,verbatim,attributes"] +---- +# {foreman-installer} \ +{installer-change-working-dir-opt} _/My_Remote_Working_Directory_ +---- + +:!rex-default-working-dir: +:!installer-change-working-dir-opt: +:!rex-target-machine: