Foreman 1.18 and Ansible plugin 2.x

kraba · September 4, 2018, 2:33pm

Problem:

Ansible callback don’t work properly

Expected outcome:

Callback from hosts

Foreman and Proxy versions:

Foreman 1.18.1

Foreman and Proxy plugin versions:

bastion 6.1.10
foreman-tasks 0.13.4
foreman_ansible 2.2.5
foreman_docker 4.1.0
foreman_remote_execution 1.5.5
katello 3.7.0

Other relevant data:

RHEL 7.5
ansible 2.6.3 or 2.6.2

Info about our foreman:
Fully working box with >100vm/hypervisor, only one have puppet working (the foreman host) to send facts.

Hi all,
we’re trying to use ansible as callback to foreman and we followed the guide 2.x for ansible >2.5:

https://theforeman.org/plugins/foreman_ansible/2.x/index.html

Our callback is installed with Ansible itself, change /etc/ansible/ansible.cfg to contain

[defaults]
callback_whitelist = foreman

and the callback will be enabled after that.

Of course, the callback cannot know automatically where is Foreman located and which certificates to use in its requests.

To configure it, add a section [callback_foreman] at the end of /etc/ansible/ansible.cfg like this:

[callback_foreman]
url = 'https://foreman.example.com'
ssl_cert = /etc/foreman-proxy/ssl_cert.pem
ssl_key = /etc/foreman-proxy/ssl_key.pem
verify_certs = /etc/foreman-proxy/ssl_ca.pem

On foreman server and on an external host we changed the ansible.cfg as requested.
We installed and enabled on foreman the plugin:

tfm-rubygem-foreman_ansible.noarch    2.2.5-1.fm1_18.el7     @foreman-plugins
tfm-rubygem-foreman_ansible_core.noarch
tfm-rubygem-hammer_cli_foreman_ansible.noarch
tfm-rubygem-hammer_cli_foreman_ansible-doc.noarch

After that we needed to configure the plugin:

If you want to use Ansible and submit facts/reports to Foreman, through the callback, you should add whatever hosts (again, except Smart Proxies) you want to submit facts from to the setting trusted_puppetmaster_hosts . Change it at Administer > Settings, Auth tab. e.g: If you’re running Ansible from host ‘A’, which SSHs into host ‘B’, you need to add host ‘A’

Well, go to Administer -> Settings -> Authentication and search for trusted_puppetmaster_hosts. No match, only one match with trusted_hosts name.
Do we have to insert all our hosts into this array?

Next item is the usage. We tried to lunch the ansible setup as:

ansible -m setup localhost

on several VMs and all the fact appeared but nothing is present on log/web GUI.
Is it the correct way?
According to first point we don’t have to install the callback, just to configure ansible on each host to be able to send facts to foreman server.

And last but not least…no roles appear into Roles section, is it correct?
Thanks a lot

bastilian · September 7, 2018, 8:20am

Does this happen on the host that is running the playbook as well? If it is and it happens within the run that should also report to Foreman, this might not work, as Ansible will have already loaded all configuration and won’t reload it.

It should only be necessary to add the hostname of hosts that are running playbooks and configure other hosts.

The recommended way of running roles on hosts (and hostgroups) is to import them, associate them and a “Play Roles” button should appear, which will execute ansible. To import roles Foreman needs a Smart Proxy, with the smart-proxy-ansible plugin configured (see https://github.com/theforeman/smart_proxy_ansible). Once Foreman has a smart proxy with Ansible available it’ll allow import roles installed on the smart proxy host from the Roles page in the UI.

kraba · September 10, 2018, 9:28am

I think I’m beating around the bush…

Yes. I tried to run a simple “ansible -m setup localhost” on the same host who have foreman/katello installed and on a different test host. No facts appeared updated on foreman or actions on logs.

My steps:
-Foreman + Katello up &running, VM are presents, compute resources OK, virt-who OK etc etc.

-Smartproxy have Templates, Pulp, TFTP, Puppet, Puppet CA, Logs, Dynflow, SSH, and Ansible features available. Foreman Ansible 2.2.5 and Foreman Remote Execution 1.5.5 are present as plugins. Only one node now is managed by smartproxy (foreman itself).

-ansible 2.6.3 is installed on both server (foreman and test host)

-Configure the callback on ansible (plugin 2.x):

[defaults]
callback_whitelist = foreman
[callback_foreman]
url = 'https://my.foreman.host'
ssl_cert = /etc/foreman-proxy/ssl_cert.pem
ssl_key = /etc/foreman-proxy/ssl_key.pem
verify_certs = /etc/foreman-proxy/ssl_ca.pem

-Administer -> Settings -> Authentication -> trusted_hosts (Trusted hosts) -> [my.foreman.host] (trusted_puppetmaster_hosts is not present)

-run ansible setup for facts, no actions on logs and no ansible facts. No “run ansible” button is present. on hosts

What is wrong?
Thanks

aruzicka · September 10, 2018, 10:38am

IIRC from some version of ansible (2.6 and above?) just running it like this does not trigger the callback, you have to run a playbook.

# playbook.yml
---
- hosts: all
  tasks:
    - debug:
        msg: "I'm a dummy playbook"

save it as playbook.yml and try to run it with ansible-playbook playbook.yml.

kraba · September 10, 2018, 3:18pm

I was beating around the bush.

The setup written on plugin howto is not correct for me.
I changed from:

ssl_cert = /etc/foreman-proxy/ssl_cert.pem
ssl_key = /etc/foreman-proxy/ssl_key.pem
verify_certs = /etc/foreman-proxy/ssl_ca.pem

to

ssl_cert = /etc/foreman-proxy/foreman_ssl_cert.pem
ssl_key = /etc/foreman-proxy/foreman_ssl_key.pem
verify_certs = /etc/foreman-proxy/foreman_ssl_ca.pem

I have both the kind of certificates but works only with foreman_* certificates, I found it when I was running the playbook and it was terminated properly but with SSL: SSLV3 ALERT UNSUPPORTED_CERTIFICATE.
Now ansible facts appear after a manual launch on both servers, the foreman one and the test one.
the production.log is writing:

2018-09-10T16:13:03 [I|app|] Started POST "/api/v2/hosts/facts" for 10.140.16.230 at 2018-09-10 16:13:03 +0100
2018-09-10T16:13:03 [I|app|45ee4] Processing by Api::V2::HostsController#facts as JSON
2018-09-10T16:13:03 [I|app|45ee4]   Parameters: {"facts"=>"[FILTERED]", "name"=>"test-one", "apiv"=>"v2", "host"=>{"name"=>"test-one"}}
2018-09-10T16:13:03 [I|app|45ee4] Current user: foreman_api_admin (administrator)
2018-09-10T16:13:04 [I|app|45ee4] Import facts for 'test-one' completed. Added: 0, Updated: 14, Deleted 0 facts
2018-09-10T16:13:04 [W|app|45ee4] DefaultHostgroupMatch: Could not load :default_hostgroup map from Settings.
2018-09-10T16:13:04 [I|app|45ee4] Completed 201 Created in 1212ms (Views: 8.0ms | ActiveRecord: 211.3ms)
2018-09-10T16:13:05 [I|app|] Started POST "/api/v2/hosts/facts" for 10.140.16.230 at 2018-09-10 16:13:05 +0100
2018-09-10T16:13:05 [I|app|64386] Processing by Api::V2::HostsController#facts as JSON
2018-09-10T16:13:05 [I|app|64386]   Parameters: {"facts"=>"[FILTERED]", "name"=>"foreman-server", "apiv"=>"v2", "host"=>{"name"=>"foreman-server"}}
2018-09-10T16:13:05 [I|app|64386] Current user: foreman_api_admin (administrator)
2018-09-10T16:13:09 [I|app|64386] Import facts for 'foreman-server' completed. Added: 0, Updated: 35, Deleted 0 facts
2018-09-10T16:13:09 [I|aud|64386] update event for Nic::Managed with id 1
2018-09-10T16:13:09 [I|aud|64386] update event for Nic::Managed with id 88
2018-09-10T16:13:09 [W|app|64386] DefaultHostgroupMatch: Could not load :default_hostgroup map from Settings.
2018-09-10T16:13:09 [I|app|64386] Completed 201 Created in 4166ms (Views: 7.5ms | ActiveRecord: 719.5ms)
2018-09-10T16:13:10 [I|app|] Started POST "/api/v2/reports" for 10.140.16.230 at 2018-09-10 16:13:10 +0100
2018-09-10T16:13:10 [I|app|1e3d3] Processing by Api::V2::ReportsController#create as JSON
2018-09-10T16:13:10 [I|app|1e3d3]   Parameters: {"report"=>"[FILTERED]", "apiv"=>"v2"}
2018-09-10T16:13:10 [I|app|1e3d3] Current user: foreman_api_admin (administrator)
2018-09-10T16:13:10 [I|app|1e3d3] Scanning report with: Foreman::PuppetReportScanner, ForemanAnsible::AnsibleReportScanner
2018-09-10T16:13:10 [I|app|1e3d3] Imported report for foreman-server in 0.11 seconds, status refreshed in 0.05 seconds
2018-09-10T16:13:10 [I|app|1e3d3]   Rendering api/v2/reports/create.json.rabl
2018-09-10T16:13:10 [I|app|1e3d3]   Rendered api/v2/reports/create.json.rabl (25.7ms)
2018-09-10T16:13:10 [I|app|1e3d3] Completed 201 Created in 238ms (Views: 36.1ms | ActiveRecord: 42.6ms)
2018-09-10T16:13:10 [I|app|] Started POST "/api/v2/reports" for 10.140.16.230 at 2018-09-10 16:13:10 +0100
2018-09-10T16:13:10 [I|app|ad24d] Processing by Api::V2::ReportsController#create as JSON
2018-09-10T16:13:10 [I|app|ad24d]   Parameters: {"report"=>"[FILTERED]", "apiv"=>"v2"}
2018-09-10T16:13:10 [I|app|ad24d] Current user: foreman_api_admin (administrator)
2018-09-10T16:13:10 [I|app|ad24d] Scanning report with: Foreman::PuppetReportScanner, ForemanAnsible::AnsibleReportScanner
2018-09-10T16:13:10 [I|app|ad24d] Imported report for test-one in 0.11 seconds, status refreshed in 0.06 seconds
2018-09-10T16:13:10 [I|app|ad24d]   Rendering api/v2/reports/create.json.rabl
2018-09-10T16:13:10 [I|app|ad24d]   Rendered api/v2/reports/create.json.rabl (21.7ms)
2018-09-10T16:13:10 [I|app|ad24d] Completed 201 Created in 222ms (Views: 21.8ms | ActiveRecord: 42.1ms)