Can't get Foreman/Ansible to work

Hello,

I’m trying to set up foreman to use ansible but I am stuck.
I followed this documentation: https://www.theforeman.org/plugins/foreman_ansible/2.x/index.html
I did a fresh installation on debian buster with foreman-installer:

root@ansible-foreman:/tmp# foreman-installer
–enable-foreman-plugin-ansible --enable-foreman-proxy-plugin-ansible
–enable-foreman-plugin-remote-execution --enable-foreman-proxy-plugin-remote-execution-ssh
–enable-foreman-cli --enable-foreman-cli-ansible

Then I set up the callback in ansible:

[defaults]
callback_whitelist = foreman
local_tmp = /tmp
host_key_checking = False
stdout_callback = yaml
roles_path = /etc/ansible/roles:/usr/share/ansible/roles
inventory = /etc/ansible/hosts

[callback_foreman]
url = https://ansible-foreman
ssl_cert = /etc/puppetlabs/puppet/ssl/certs/ansible-foreman.neos.nsoc-obiane.com.pem
ssl_key = /etc/puppetlabs/puppet/ssl/private_keys/ansible-foreman.neos.nsoc-obiane.com.pem
verify_certs = /etc/puppetlabs/puppet/ssl/certs/ca.pem

[ssh_connection]
ssh_args = -o ProxyCommand=none -C -o ControlMaster=auto -o ControlPersist=60s

[inventory]
enable_plugins = foreman

First problem here: callback kind of works since the host is created in foreman, but only three facts show up (hostname, nodename, fqdn). Where are all the other facts ?

Then I tried to launch ansible from foreman, using a scheduled job.
I did something simple :

• Ansible command
• Run command - SSH default
• touch /tmp/test

Jobs fails, so does every job I try to make in foreman which is using ansible.
I see this error is foreman-proxy log:

2020-12-21T14:09:31 79449323 [W] Error processing request '79449323-bf01-4a12-93a5-311d67f17a24: : uninitialized constant ForemanAnsibleCore
Did you mean? ForemanTasksCore

Did I do something wrong ? Or did I run into some kind of bug ?
Could someone help me in making ansible calls work from Foreman ?
Thank you

Versions info:

• Debian buster
• Foreman 2.2.1
• Proxy features Dynflow, Ansible, SSH, PuppetCA, Puppet and Logs
• Foreman-tasks 3.0.1
• Foreman_ansible 6.0.0
• Foreman_remote_execution 4.1.0
• Ansible 2.9.15

For the callback issue - it may be that some of your role defines custom facts. That overrides facts created during the initial gather_fact task. I think this was never fixed, @ekohl could you please open the patch against the new home for our callback?

For the second error, it means the definition from foreman_ansible is missing on the smart_proxy side for some reason. I know debian packaging handles things differently and I’m not sure how exactly it’s suppoed to work. I just know this plugin had issue in the past if deployed on debian. Perhaps @evgeni could help.

Most people are offline though during Christmas, so you may not get a reply right away. Is this a new installation? If you primarily want to use Foreman with Ansible, would it be an option to deploy it on CentOS instead?

I do not, no, but I can try to repro the issue on a Debian box.

I can reproduce the issue, but not sure about the correct fix here right now. Will need to dig deeper after the break.

Thank you for your replies.

This is a test environment, with very basic configuration.
I haven’t set any custom fact yet, but I’ll need them if I go to production.

CentOS is not an option, my team only knows Debian and they won’t learn centOS, especially since the recent news about switching to stream.

I am not on a rush, so if there’s a solution after the holidays that’s perfectly fine for me.

Merry christmas !

You’re most likely missing some packages. Do you have ruby-foreman-ansible-core installed? IIRC there’s some issue with ruby-foreman-ansible-core and ruby-foreman-ansible providing the same file (same path, same contents, but it upsets apt/dpkg) so you may need to fiddle with apt/dpkg to make it install.

Yeah, the packages are severly broken right now

Here is the list of my ruby packages:
root@ansible-foreman:~# dpkg -l | grep ruby
ii libruby2.5:amd64 2.5.5-3+deb10u3 amd64 Libraries necessary to run Ruby 2.5
ii puppet-agent 6.19.1-1buster amd64 The Puppet Agent package contains all of the elements needed to run puppet, including ruby, facter, and hiera.
ii rake 12.3.1-3+deb10u1 all ruby make-like utility
ii ruby 1:2.5.1 amd64 Interpreter of object-oriented scripting language Ruby (default version)
ii ruby-algebrick 0.7.4-1 all Algebraic types and pattern matching for Ruby
ii ruby-amazing-print 1.1.0-1 all Pretty print Ruby objects with proper indentation and colors
ii ruby-ansi 1.5.0-1 all ANSI escape codes at your fingertips
ii ruby-apipie-bindings 0.4.0-1 all Ruby bindings for Apipie documented APIs
ii ruby-apipie-params 0.0.5-1 all DSL for describing data structures
ii ruby-augeas 1:0.5.0-3+b6 amd64 Augeas bindings for the Ruby language
ii ruby-bcrypt-pbkdf 1.0.0-2 amd64 Ruby library for OpenBSD’s bcrypt_pdkfd
ii ruby-bundler 1.17.3-3+deb10u1 all Manage Ruby application dependencies (runtime)
ii ruby-bundler-ext 0.4.1-1 all Load system gems via Bundler DSL
ii ruby-clamp 1.1.1-1 all minimal framework for Ruby command-line utilities
ii ruby-concurrent 1.1.6+dfsg-2 all modern concurrency tools for Ruby
ii ruby-dev:amd64 1:2.5.1 amd64 Header files for compiling extension modules for Ruby (default version)
ii ruby-did-you-mean 1.2.1-1 all smart error messages for Ruby > 2.3
ii ruby-domain-name 0.5.20160216-2 all Domain Name manipulation library for Ruby
ii ruby-dynflow 1.4.7-1 all DYNamic workFLOW orchestration engine
ii ruby-ed25519 1.2.4-1 amd64 efficient digital signature library providing the Ed25519 algorithm
ii ruby-fast-gettext 2.0.0-1 all Fast GetText implementation for Ruby
ii ruby-ffi 1.9.10debian-1+b4 amd64 load dynamic libraries, bind functions from within ruby code
ii ruby-foreman-ansible 6.0.0-1 all Foreman Ansible plugin
ii ruby-foreman-deface 1.5.3-1 all Foreman Deface Plugin Dependency
ii ruby-foreman-remote-execution 4.1.0-1 all Foreman Remote Execution Plugin
ii ruby-foreman-remote-execution-core 1.3.1-1 all Foreman remote execution - core bits
ii ruby-foreman-tasks 3.0.1-1 all Tasks management engine for Foreman.
ii ruby-foreman-tasks-core 0.3.4-1 all Foreman tasks - core bits
ii ruby-gssapi 1.2.0-1 all FFI wrapper around the system GSSAPI library
ii ruby-hammer-cli 2.2.1-1 all Universal command-line interface
ii ruby-hammer-cli-foreman 2.1.1-1 all Foreman commands for Hammer
ii ruby-hammer-cli-foreman-ansible 0.3.0-1 all foreman_ansible commands for Hammer CLI
ii ruby-hashie 3.5.5-2 all small collection of tools that make hashes more powerful
ii ruby-highline 1.7.8-1 all high-level interactive IO Ruby library
ii ruby-http-cookie 1.0.3-1 all Ruby library to handle HTTP Cookies based on RFC 6265
ii ruby-json 2.1.0+dfsg-2+deb10u1 amd64 JSON library for Ruby
ii ruby-jwt 2.2.1-1 all JSON Web Token implementation in Ruby
ii ruby-kafo 4.1.0-1 all Ruby gem for making installations based on puppet user friendly
ii ruby-kafo-parsers 1.1.0-1 all Puppet module parsers
ii ruby-kafo-wizards 0.0.1-1 all Wizard like interfaces in terminal
ii ruby-libvirt 0.7.1-1 amd64 Ruby bindings for libvirt
ii ruby-little-plugger 1.1.4-1 all module that provides Gem based plugin management
ii ruby-locale 2.1.2-1 all Locale library for Ruby
ii ruby-logging 2.2.2-1 all flexible and extendable logging library for Ruby
ii ruby-mime-types 3.2.2-1 all guess MIME type of files
ii ruby-mime-types-data 3.2015.1120-1 all registry for information about MIME media type definitions
ii ruby-minitest 5.11.3-1 all Ruby test tools supporting TDD, BDD, mocking, and benchmarking
ii ruby-molinillo 0.6.4-1 all generic dependency resolution algorithm
ii ruby-multi-json 1.12.1-1 all Ruby library to provide easy switching between different JSON backends
ii ruby-mustermann 1.0.0-4 all use patterns like regular expressions
ii ruby-net-http-persistent 2.9.4-2 all Manages persistent connections using Net::HTTP
ii ruby-net-scp 1.2.1-5 all pure ruby implementation of the SCP protocol
ii ruby-net-ssh 1:5.1.0-1 all Ruby implementation of the SSH protocol
ii ruby-net-telnet 0.1.1-2 all telnet client library
ii ruby-netrc 0.11.0-3 all Ruby library to read and write netrc files
ii ruby-oauth 0.5.4-1 all Ruby library for OAuth core
ii ruby-oj:amd64 3.7.6-1 amd64 fast JSON parser and serializer for Ruby
ii ruby-power-assert 1.1.1-1 all library showing values of variables and method calls in an expression
ii ruby-powerbar 1.0.18-1 all progressbar library for Ruby
ii ruby-rack 2.0.6-3 all modular Ruby webserver interface
ii ruby-rack-protection 2.0.5-4 all Protects against typical web attacks for Rack apps
ii ruby-rb-inotify 0.9.10-1 all Ruby wrapper for Linux’s inotify, using FFI
ii ruby-rest-client 2.0.2-3.1 all simple REST client for Ruby
ii ruby-rkerberos 0.1.3-3 amd64 Kerberos binding for Ruby
ii ruby-rsec 0.4.2-1 all Parser / Regexp Combinator For Ruby
ii ruby-rubyipmi 0.10.0-1 all A ruby wrapper for ipmi command line tools that supports ipmitool and freeipmi
ii ruby-sequel 5.15.0-1 all Simple, flexible, and powerful SQL database access toolkit for Ruby
ii ruby-sinatra 2.0.5-4 all Ruby web-development dressed in a DSL
ii ruby-smart-proxy-ansible 3.0.0-2 all Ansible support for Foreman smart proxy
ii ruby-smart-proxy-dynflow 0.2.4-1 all Dynflow runtime for Foreman smart proxy
ii ruby-smart-proxy-dynflow-core 0.2.6-1 all Dynflow runtime for Foreman smart proxy
ii ruby-smart-proxy-remote-execution-ssh 0.3.0-1 all SSH remote execution provider for Foreman smart proxy
ii ruby-sqlite3 1.3.13-1+b2 amd64 SQLite3 interface for Ruby
ii ruby-test-unit 3.2.8-1 all unit testing framework for Ruby
ii ruby-thor 0.19.4-1 all Ruby scripting framework
ii ruby-tilt 2.0.9-1 all Generic interface to multiple Ruby template engines
ii ruby-unf 0.1.4-2 all Wrapper library to bring Unicode Normalization Form support to Ruby
ii ruby-unf-ext 0.0.7.5-1 amd64 Unicode Normalization Form support library for CRuby
ii ruby-unicode 0.4.4-2+b9 amd64 Unicode string manipulation library for Ruby
ii ruby-unicode-display-width 1.1.3-1 all Determines the monospace display width of a string in Ruby
ii ruby-xmlrpc 0.3.0-2 all XMLRPC library for Ruby
ii ruby2.5 2.5.5-3+deb10u3 amd64 Interpreter of object-oriented scripting language Ruby
ii ruby2.5-dev:amd64 2.5.5-3+deb10u3 amd64 Header files for compiling extension modules for the Ruby 2.5
ii ruby2.5-doc 2.5.5-3+deb10u3 all Documentation for Ruby 2.5
ii rubygems-integration 1.11+deb10u1 all integration of Debian Ruby packages with Rubygems

Should I remove ruby-foreman-ansible and install ruby-formean-ansible-core ?

No, you need to have both installed, not just one or the other.

Yeah, but even if you install both of them (and make dpkg happy), it’s not enough.

I managed to convince my team to install a centOS 7 host.
So now most of the things I tested work (callback, role importation, host variable definition in foreman, role assignation, run all ansible roles)
Two things that don’t work:

• custom facts: as you stated before, if I define custom facts, I don’t have the standard facts any more. I un derstood there is a path ongoing, maybe I can apply it by hand ?
• playbook run: I tried to make a job to run an Ansible playbook and it fails. I tried to specify the playbook name only play-test.yml or with full path /etc/ansible/play-test.yml, doesn’t work either. The same playbook runs well with ansible-playbook.

The error in prodution.log:
2021-01-07T10:53:17 [I|app|06555107] Parameters: {"callbacks"=>[{"callback"=>{"task_id"=>"b977cf0c-862b-4a52-a223-c640c27dbdda", "step_id"=>3}, "data"=>{"result"=>[{"output_type"=>"stdout", "output"=>"ERROR! A playbook must be a list of plays, got a <class 'ansible.parsing.yaml.objects.AnsibleUnicode'> instead\n", "timestamp"=>1610013188.8895562}, {"output_type"=>"stdout", "output"=>"\n", "timestamp"=>1610013188.8896286}, {"output_type"=>"stdout", "output"=>"The error appears to be in '/tmp/d20210107-1163-1lutpp/project/playbook.yml': line 1, column 1, but may\n", "timestamp"=>1610013188.8896852}, {"output_type"=>"stdout", "output"=>"be elsewhere in the file depending on the exact syntax problem.\n", "timestamp"=>1610013188.8897371}, {"output_type"=>"stdout", "output"=>"\n", "timestamp"=>1610013188.8897905}, {"output_type"=>"stdout", "output"=>"The offending line appears to be:\n", "timestamp"=>1610013188.8901227}, {"output_type"=>"stdout", "output"=>"\n", "timestamp"=>1610013188.8901908}, {"output_type"=>"stdout", "output"=>"\n", "timestamp"=>1610013188.8902438}, {"output_type"=>"stdout", "output"=>"/etc/ansible/play-test.yml\n", "timestamp"=>1610013188.8903236}, {"output_type"=>"stdout", "output"=>"^ here\n", "timestamp"=>1610013188.8903785}], "exit_status"=>4}}], "task"=>{}}

The playbook (sorry I can’t manage to keep the formatting, even with preformatted text):
[root@ansible-foreman-centos ansible]# cat /etc/ansible/play-test.yml
—
- hosts: target-ansible-foreman
roles:
- test
- custom_facts
vars:
testvar: playbookvar

What template are you using for this?

Job category : Ansible Playbook
Job template : Ansible - Run Playbook

For that template, the “playbook” input is the actual playbook, not a path to a playbook.

OK, I did it wrong.
Indeed copying the playbook in the “playbook” field it works.
Is there a way to run a playbook read from a file ? The documentation about playbooks only tells about running commands…

About the custom facts problem, I tried to use the callback plugin from the theformean.foreman collection with callback_whitelist = theforeman.foreman.foreman, but it doesn’t work either: I still have only the custom facts.

Furthermore, my custom fact is a list of users for the system (list of dicts):
ansible_local.users:

• dir: /root
  gecos: root
  gid: 0
  name: root
  passwd: x
  shell: /bin/bash
  system: true
  uid: 0
• dir: /usr/sbin
  gecos: daemon
  gid: 1
  name: daemon
  passwd: x
  shell: /usr/sbin/nologin
  system: true
  uid: 1

When reported in Foreman, it is converted to something that looks like a ruby syntax
[{"shell"=>"/bin/bash", "name"=>"root", "passwd"=>"x", "system"=>true, "gid"=>0, "gecos"=>"root", "dir"=>"/root", "uid"=>0}, {"shell"=>"/usr/sbin/nologin", "name"=>"daemon", "passwd"=>"x", "system"=>true, "gid"=>1, "gecos"=>"daemon", "dir"=>"/usr/sbin", "uid"=>1}], instead of being displayed in nice way like the other facts with nested items.

As I figured how I can avoid using custom facts, I discovered that if you use set_fact in your role/playbook it also ruins the facts in foreman. This is a no go for me.

I finally found a workaround for the facts : add a setup: post-task at the end of the playbook.
At least that gets the standard ansible facts.

I’m afraid this was lost with Foreman facts uploading correctly merges facts by ares · Pull Request #51546 · ansible/ansible · GitHub

This needs to be opened against foreman-ansible-modules/foreman.py at develop · theforeman/foreman-ansible-modules · GitHub