scm project commit/push best practice

Hi there,

open question if you have time:

  • how do you update an scm project content with awx ?

use case scenario:

  • running a job template, included in an scm project, executing a template module, rendering content in a file stored in the scm project folder on awx_task container
  • need to commit this modification towards my origin (using gitlab)

first coming idea:

  • running a playbook executing shell git stash, branch command set

any other way for achieving same goal using specific ansible modules ?
any other preferred workflow for awx ?
any advice to suggest regarding branch naming convention, steps involved to perform the job safely considering idempotency ?
any experience feedback is appreciated

Cheers
Franck

I’d probably focus on not writing to your project directly from a playbook in AWX itself. We’ve been moving in the direction of protecting this directory and the contents of the project.

If you need to modify the git project I’d check it out as part of your playbook process itself. Then you can use standard ansible modules to do whatever you need to do. What are you trying to achieve?

Hi Matthew,

here is the scenario:

  • using a basic ansible/awx project structure folder stored in git
  • using template module to generate configuration files for hosts
  • i want to centralize those generated files in my git project (being able to store them in my origin)

my playbook contains a few template tasks, nothing else. Do you have any suggestion ?

let me know if it’s unclear
Cheers
Franck

If they are templated and based on inputs like extra vars provided to the AWX launch job then I’m not sure why you’d need to then write them back? Just use the templated files in the rest of your playbook and rely on the stored inputs on the job template.

I’l reiterate that I’d stay away from using the awx project to then commit changes back to the repository. We’re moving in the direction of completely protecting these files during execution of ansible-playbook since it’s an overall security risk to allow a playbook to modify the contents of the project directory itself.

got the point, thanks for the guideline and the time.

Franck