feat: Add Ansible component for playbooks and ad-hoc commands#5092
Open
dkozlov wants to merge 2 commits into
Open
feat: Add Ansible component for playbooks and ad-hoc commands#5092dkozlov wants to merge 2 commits into
dkozlov wants to merge 2 commits into
Conversation
Add a built-in `ansible` action component that runs Ansible playbooks and ad-hoc commands from a Canvas. The SuperPlane container acts as the Ansible control node and reaches managed hosts via the provided inventory (SSH, or ansible_connection=local for a self-contained run). - One component, two modes (playbook / ad-hoc) via conditional config fields, modeled on the existing ssh component. - Inline playbook + inventory written to a per-execution temp dir; playbook runs use the JSON stdout callback so the per-host recap is captured. - Routes success / failed by Ansible exit status; inability to run Ansible (missing binary, timeout) surfaces as the error state. - Security: argv is built as a slice (no shell), module/var names and argv values are validated, and no secrets are logged or emitted. - Adds ansible to the dev-base image as a dedicated layer (DEBIAN_FRONTEND noninteractive) so it does not invalidate the cached toolchain layers. Unit tests cover validation, argv construction, recap parsing, and channel routing. Signed-off-by: Dmitry Kozlov <dmitry.f.kozlov@gmail.com>
|
👋 Commands for maintainers:
|
Regenerated docs/components (scripts/generate_components_docs.go) so the built-in Ansible component is documented in Core.mdx, matching how the other core components (ssh, runner, http) are documented. Keeps the check.components.docs CI gate green. Signed-off-by: Dmitry Kozlov <dmitry.f.kozlov@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Adds a built-in
ansibleaction component that runs Ansible playbooks and ad-hoc commands from a Canvas.Why
SuperPlane ships execution components (
ssh,runner,http) but nothing for configuration management / infrastructure automation. Ansible is a natural fit: a node that, given a playbook (or an ad-hoc module + host pattern) and an inventory, runs Ansible and routes the workflow onsuccess/failed, surfacing the play recap (ok/changed/unreachable/failed) and stdout/stderr.How
Playbook/Ad-hoc) via conditional config fields, modeled on the existingsshcomponent.ansible_connection=localfor a self-contained run).success(exit 0) /failed(non-zero). If Ansible can't run at all (missing binary, timeout), the run finishes in the error state.sh -c), module/var names and argv values are validated, and no secrets are logged or emitted.ansibleto thedev-baseimage as a dedicated layer (DEBIAN_FRONTEND=noninteractive).success/failedchannel routing.Verified
Built and run end-to-end against a local dev instance: a
Start → Ansible (playbook) → Smoke test (ad-hoc) → Displaycanvas executes, the playbook performs real file operations onlocalhost, the recap is captured (ok/changed/...), and routing followssuccess/failed.Notes
os/execon the node running the executor — appropriate for self-hosted/dev; flagged for reviewers.Files
pkg/components/ansible/—ansible.go,runner.go,example.go,example_output.json,ansible_test.gopkg/registryimports/registryimports.go— register the componentDockerfile— installansiblein the dev image🤖 Generated with Claude Code