Cannot override ansible variables in foreman_acd

bossrika · January 15, 2023, 9:06pm

Problem:

Hi - I am new to foreman_acd and am struggling with the override feature on the ansible variables. I have attempted to change the value of the ansible variables both at the playbook as well as at the app-instance level. When I go to click the check mark nothing happens - I am only able to click X and no changes occur. Is this a bug or is there something wrong with my ansible playbook?

Expected outcome:

Ansible variables are updated when deploying application instance

Foreman and Proxy versions:
Version 3.3.1

Foreman and Proxy plugin versions:
Version 3.3.1

Distribution and version:
Centos 7.9.2009

Other relevant data:

Group Vars

dbservers

---
_mariadb_login_user: root
_mariadb_login_password:
_mariadb_root_user: root
_mariadb_root_password: 
_opencms_app_server: 
_opencms_app_dba: opencmsdba
_opencms_dba_password:

appservers

---
_opencms_database_server: 
_opencms_dba_password: 
_opencms_config_file: /root/opencms.cfg

Ansible Playbook

---
- name: Secure MySQL Database Installation and Add Users
  hosts: dbservers
  become: yes
  
  tasks:
    - name: Add Python MySQL support
      yum: name=MySQL-python state=present

    - name: Set the root password
      mysql_user: 
        login_user: "{{ _mariadb_login_user }}"
        login_password: "{{ _mariadb_login_password }}"
        user: "{{ _mariadb_root_user }}"
        password: "{{ _mariadb_root_password }}"

    - name: Delete anonymous server user
      mysql_user:
        login_user: "{{ _mariadb_login_user }}"
        login_password: "{{_mariadb_root_password }}"
        user: ""
        host_all: yes
        state: absent

    - name: Create database user
      mysql_user:
        login_user: "{{ _mariadb_root_user }}"
        login_password: "{{ _mariadb_root_password }}"
        name: hb19867
        password: boogerbutt
        host: toxicity.tiger.local
        priv: '*.*:ALL,GRANT'
        state: present

    - name: Create Application DBA User
      mysql_user:
        login_user: "{{ _mariadb_root_user }}"
        login_password: "{{ _mariadb_root_password }}"
        name: "{{ _opencms_app_dba }}"
        password: "{{ _opencms_dba_password }}"
        host: "{{ _opencms_app_server }}"
        priv: '*.*:ALL,GRANT'
        state: present

    - name: Remove MySQL test database
      mysql_db:
        login_user: "{{ _mariadb_login_user }}"
        login_password: "{{ _mariadb_root_password }}"
        db: test
        state: absent

- name: Move MySQL Data Directory to a new location
  hosts: dbservers
  become: yes

  tasks:
    - name: Stop MySQL Server & check status
      systemd:
        name: mariadb
        state: stopped
    
    - name: Create new data directory 
      file:
        path: /d0/var/lib/
        state: directory

    - name: Copy contents of mysql directory to new folder
      command: cp -pRf  /var/lib/mysql/ /d0/var/lib/

    - name: Rename existing folder
      command: mv /var/lib/mysql /var/lib/mysql.butt

    - name: Backup my.cnf
      command: cp /etc/my.cnf /root/my.cnf.butt

    - name: Update configuration in my.cnf - 1 of 2 
      lineinfile:
        path: /etc/my.cnf
        insertbefore: '^\!includedir'
        line: '[client]'

    - name: Update configuration in my.cnf - 2 of 2
      lineinfile:
        path: /etc/my.cnf
        insertafter: '^\[client\]'
        line: 'socket=/d0/var/lib/mysql/mysql.sock'

    - name: Backup server.cnf
      command: cp /etc/my.cnf.d/server.cnf /root/server.cnf.butt

    - name: Update configuration in server.cnf - 1 of 2
      lineinfile:
        path: /etc/my.cnf.d/server.cnf
        insertafter: '^\[mysqld\]'
        line: 'datadir=/d0/var/lib/mysql'

    - name: Update configuration in server.cnf - 2 of 2
      lineinfile:
        path: /etc/my.cnf.d/server.cnf
        insertafter: '^\[mysqld\]'
        line: 'socket=/d0/var/lib/mysql/mysql.sock'

    - name: Start MySQL Server & check status
      systemd:
        name: mariadb
        state: started

- name: Secure MySQL Database Installation and Add Users                         
  hosts: appservers
  become: yes

  tasks:
    - name: Backup opencms.cfg
      command: cp /root/opencms.cfg /root/opencms.cfg.butt

    - name: Configure Database URL
      replace:
        path: "{{ _opencms_config_file }}"
        regexp: 'localhost'
        replace: "{{ _opencms_database_server }}"

    - name: Change OpenCMS DBA Password
      replace:
        path: "{{ _opencms_config_file }}"
        regexp: 'password'
        replace: "{{ _opencms_dba_password }}"

    - name: Run Headless OpenCMS Setup
      command: '/bin/java -classpath "/opt/opencms/tomcat/webapps/opencms/WEB-INF/lib/*:/opt/opencms/tomcat/webapps/opencms/WEB-INF/classes:/opt/opencms/tomcat/lib/*" org.opencms.setup.CmsAutoSetup -path /root/opencms.cfg'

    - name: Restart OpenCMS Service
      systemd:
        name: opencms
        state: restarted

bossrika · January 15, 2023, 10:38pm

Foreman ACD version

0.4.0

Bernhard_Suttner · January 16, 2023, 8:26am

I guess, you hit the issue which was fixed in set default allowParametersType · ATIX-AG/foreman_acd@2ce52b7 · GitHub

Just created a new version of foreman_acd: Update rubygem-foreman_acd to 0.9.4 by sbernhard · Pull Request #8933 · theforeman/foreman-packaging · GitHub which is for foreman development version.

bossrika · January 16, 2023, 4:16pm

Thanks Bernhard - Funny I was just watching your video on how to use the foreman_acd. Small world

As for the fix - will I be able to install this on my current version of foreman? If not - any idea when It will be available for the stable release?

bossrika · January 19, 2023, 12:26am

@Bernhard_Suttner

I have another issue I am running into.

To workaround the above issue I have hard-coded the variables to reflect the hostnames and passwords I was attempting to override to move foreward with my testing.

Now I am facing another issue:

When I deploy the instance, I am getting login issues for ansible when it attempts to run the playbook:

It appears that foreman is attempting to run ansible with the root user, even though I have configured remote_execution to use the foreman-proxy user.

Command:

ansible_user: root
ansible_ssh_private_key_file: “/usr/share/foreman-proxy/.ssh/id_rsa_foreman_proxy”

Output:

msg: ‘Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).’
unreachable: true

That said - If I select “Run Playbook - Customize First” and change the ansible_user to foreman-proxy manually it runs fine.

Is there a place t
o program in the ansible_user? I tried to set this as a host parameter but the command remains the same with the ansible_user set as root.

Bernhard_Suttner · January 20, 2023, 12:45pm

Try to set the ansible_user as ansible paramter in our ACD App Definition.

bossrika · January 20, 2023, 2:46pm

Thank you sir! That worked.

I had the ansible parameter set in ALL at first which gave the same result. Specifying ansible_user as foreman-proxy individually in each of the group_vars files did the trick.

Once again - thanks for the assist. Much appreciated.