Ansible Plugin - Permission Error

Problem:
Tried the following…

  • Installed and successfully tested Ansible stand alone with sample playbooks and roles.
  • Installed and successfully tested the Foreman remote execution plugin (including installing and testing foreman-proxy certificates)
  • Installed the Ansible and Ansible proxy plugins using the foreman-installer

However when attempting to deploy the same Ansible role using the plugin it fails with the error message included below. I guess it relates to some file permissions or something similarly obvious, but I’ve yet to trace the cause. Anyone got any suggestions?

Foreman and Proxy versions:
Foreman 1.17
Ansible Plugin 2.0.2
Ansible 2.5.3

Other relevant data:

 1:  [WARNING]: Unable to set correct type for configuration entry:
 2:  DEFAULT_LOCAL_TMP
 3:  PLAY [h2.mydomain.com] *******************************************************
 4:
 5:  TASK [Gathering Facts] *********************************************************
 6:  An exception occurred during task execution. To see the full traceback, use -vvv. The error was: OSError: [Errno 13] Permission denied: '~'
 7:  fatal: [h2.mydomain.com]: FAILED! => {"msg": "Unexpected failure during module execution.", "stdout": ""}
 8:  to retry, use: --limit @/tmp/foreman-playbook-74027ca9-200b-49cd-8536-d2ed8ffba717.retry
 9:
10:  PLAY RECAP *********************************************************************
11:  h2.mydomain.com : ok=0 changed=0 unreachable=0 failed=1
12:  Exit status: 2
13:

Foreman-proxy user doesn’t have permission to create .ansible directory
in /usr/share/foreman-proxy. Create it and give foreman-proxy rights to
it. Depending on versions you might hit ssh-key problems next.

Regards,

Joop

This is fixed on the latest version of smart_proxy_ansible available in 1.18 and nightly, for the record

Thank you @Joop1 and @dLobatog. So after…

chown -R foreman-proxy:foreman-proxy /usr/share/foreman-proxy

The original error message has gone, but has been replaced by another one. I guess this is the ssh-key issue alluded to by @Joop1…? BTW… the remote shell plug-in continues to work just fine to the same host so is it safe to assume that keys and known_hosts are correctly configured? Any suggestions?

@dLobatog - quick feature request while I’m at it… I can log it elsewhere if needed… let me know.

Feature Request
Puppet is correctly updated after a host rebuild but remote execution (and likely Ansible) fail due to outdated known_hosts. Is it possible to fix this? The last line on the provisioning scripts is the following foreman ping…

wget -q -O /dev/null --no-check-certificate http://foreman.url/unattended/built ) 2>&1 | tee /root/install.post.log

I guess this is used to update the associated records on the foreman post installation and maybe sign puppet keys? Could we take care of remote execution/Ansible at the same time? Maybe something as simple as… ssh-keygen -R <myhost> -f ~foreman-proxy/.ssh/known_hosts

Error Message


   1: PLAY [h2.mydomain.com] *******************************************************
   2:
   3: TASK [Gathering Facts] *********************************************************
   4: fatal: [h2.mydomain.com]: UNREACHABLE! => {"changed": false, "msg": "Authentication failure.", "unreachable": true}
   5: to retry, use: --limit @/tmp/foreman-playbook-2fedd1ba-7bc1-4450-8941-82d5bb8ff68f.retry
   6:
   7: PLAY RECAP *********************************************************************
   8: h2.mydomain.com : ok=0 changed=0 unreachable=1 failed=0
   9: Exit status: 4

Looks like it might be the ssh-key problem.
Two ways to solve this I think. One in Settings you can add the path of
the desired key. There was a thread about it recently.
Second, make a link from id_rsa_foreman_proxy to id_rsa and also for the
pubkey part.

Joop

1 Like

That’s definitely a top priority already :smile: https://github.com/theforeman/foreman_ansible/pull/176

1 Like

… and success! Many thanks @Joop1 and @dLobatog for your generous assistance. Looking forward to the forthcoming versions… lots of potential… :wink: