Foreman Job Template ins especial way

Hi,

I have created a Ansible role that always runs on localhost instead of target node and then delegate to some other different hosts given by --extra-vars to run few other tasks. It is kind of special Ansible role to achieve my purpose of the job (normal ansible roles runs on the targeted hosts).

This role runs in smart proxy of our Foreman setup as it is expected.

I want to create a Foreman Job Template for this.

This job templates, when it runs, in Job invocation no need to ask the ‘Search Query’ question as it is always runs on the localhost on smart proxy and only should ask the other values for --extra-vars.

I found the way to ask value for --extra-vars as other input in the Job invocation screen.

How could I achieve this?

  1. Can this be done, 1st of all (I mean would foreman allowed to have such job template)

  2. How can disabled the ‘Search Query’ question when do Job invocation since it is hard coded to run on localhost always

If someone has an idea, please help me

Best Regards

Sarath

I only have experience with “regular” SSH job templates, not with Ansible ones, but I doubt it makes a difference in regards to your question.

  1. Yes, this in general does work. We do have some sort of “special” job template, too, that does work somewhat like what you are trying to achieve.
  2. To my knowledge, no, you can not disable the “search query” field for a certain job template.

Regards

Thanks for the reply.
What are the templates that can disable that field

I don’t think there are any templates that can. We solved that by “organisatorical” measures, everyone “just knows” this template does not work on different hosts.

I am almost there, except this second requirement that I asked in my original post. Has not given up. Trying to overcome that in any manner. If anyone already invented the weel, please let me know.

Thanks in advance

Even though I said I am almost there. I am getting this error when run Foreman template which called an ansible role:
This is the error I am getting:
FAILED! => {“changed”: false, “module_stderr”: “sudo: a password is required\n”, “module_stdout”: “”, “msg”: “MODULE FAILURE\nSee stdout/stderr for the exact error”, “rc”: 1}

This error happening when the templated job run via smart proxy where all the ansible roles are stored.
The job run the 1st part on the target server where job should be running and when try to delegate to a different server, I am getting this error.

Basically, this is the full error message:
fatal: [<target node>.aaaa.com.au → <delegated node>.bbs.aaaa.com.au]: FAILED! => {“changed”: false, “module_stderr”: “sudo: a password is required\n”, “module_stdout”: “”, “msg”: “MODULE FAILURE\nSee stdout/stderr for the exact error”, “rc”: 1}

Can anyone help me please?

The reason for your new problem is right there in the error you posted:

Something (probably some role in your ansible playbook) is trying to sudo to execute some command with root privileges but cannot do that since sudo asks for a password. I don’t know exactly how ansible works with Foreman REX, but whatever user you are using should have NOPASSWD set in the sudo config.

Thanks for your support. It is highly appriciated.
.
I will check the sudoers file. I was trying different options and was not occurred to check the sudoers file.
The problem is when run via Foreman I was unable to find the user who was. Our Foreman environment was set by some other guy, and he has left the company. He has documented all his works and I will check his notes.
However, I have a debug task setup to run ‘whoami’ command in the ansible playbook/role and it shows ‘root’. That was my confusion since root can do what I am trying to do from normal command line.

This problem is sorted.
Smart proxy has no login user that is the user runs the Foreman job template for ansible roles.
This user should be added to smart proxy /etc/sudoers files.
Now I am not getting any PASSWORD related errors when run Foreman template as a job

However, the tasks delegate_to different hosts still running on the smart proxy itself