Ansible Roles not running when host is created

mdiorio · February 17, 2021, 8:20pm

Hi Everyone - pretty new to Foreman/Katello/Ansible. Switching from Spacewalk.

I have a bunch of servers we’re moving to Foreman from Spacewalk. We’re using the Katello bootstrap python script to add the host to Foreman, assign it repositories and add it to a host group. This host group has a bunch of Ansible Roles assigned to it.

The client shows up in Foreman, I can see it in the host group, but after it gets added, the Ansible roles are never run on the host.

If a deploy a new VM directly from Foreman, everything works fine, including the Ansible roles.

As far as I know, the Ansible callback is enabled, but I’m a bit stumped on troubleshooting this issue. Any help is appreciated. Thanks!

aruzicka · February 18, 2021, 12:22pm

Hi,
never applied on their own or never applied even if you explicitly run the job to apply them?

I’m afraid roles currently do not get automatically applied to hosts upon registration, if that’s what you’re after. They should get applied as part of the provisioning or when you explicitly run a job to apply them. If you’d like the roles to be applied upon registration, feel free to open an RFE at our issue tracker.

Since best practice is to have idempotent roles, would it be an option for you to have a recurring job which would apply the roles periodically to all hosts in the hostgroup? Or at least as a workaround for the time being

mdiorio · February 18, 2021, 1:23pm

Well that’s not what I was hoping for. Our developers manage and clone machines from running VM’s and templates in VMware. Also, it appears Foreman is incapable of cloning a VM that was not created by Foreman itself. So all the existing VM’s, they would need to clone from within VMWare and go back to foreman to run roles.

I’m trying to reduce the complexity for them and reduce IT involvement.

Is it possible to call a Foreman API from the client that will kick off the Role deployment?

mdiorio · February 22, 2021, 6:54pm

I found the API call to run all the assigned rolls. I can add that to the end of the bootstrap script, which will work well.

Marek_Hulan · February 22, 2021, 6:54pm

This is definitely a nice feature request for the new registration. We should fire an event that webhooks can be triggered upon, whenever the host is built. And/or define the callback, so we could trigger the ansible run, like with provisioning foreman_ansible/host_managed_extensions.rb at 7d78261db06babe7ae8a0ade170c6a844ea815b9 · theforeman/foreman_ansible · GitHub

CC @lstejskal, @ofedoren, @lzap for visibility

ofedoren · February 23, 2021, 4:09pm

Well, after Bug #31948: Request should be called against rendered URL - Webhooks - Foreman fix is merged it will be possible to configure a webhook that will be called after a certain event (such as build_exited) to hit /api/hosts/:id/play_roles API endpoint. The Target URL then should be something like https://foreman.example.com/api/hosts/<%= @object.id %>/play_roles.

I’ve just tested it and it seems to be working (with the fix of course). I guess it’s obvious, but with webhooks for such task you don’t need to search for host ids by its names as you would do via API or hammer, which could save you a few API calls. Also in such manner you can trigger any Foreman API endpoint based on any event (one should be extra careful, it might flood the server)

Although it sounds useful in case of one host creation once in a while (you don’t forget anything, since playing roles will be automated), but in case if you want to create a bunch of host at first, then probably it might be better to use bulk play roles endpoint, so you cover all the hosts at once instead of each.

lzap · February 24, 2021, 6:57am

Although I am not fond of this approach, I merged the PR because it was a bug and that should indeed work. Feel free to create an example webhook template to do this.