I have created a Ansible role that always runs on localhost instead of target node and then delegate to some other different hosts given by --extra-vars to run few other tasks. It is kind of special Ansible role to achieve my purpose of the job (normal ansible roles runs on the targeted hosts).
This role runs in smart proxy of our Foreman setup as it is expected.
I want to create a Foreman Job Template for this.
This job templates, when it runs, in Job invocation no need to ask the ‘Search Query’ question as it is always runs on the localhost on smart proxy and only should ask the other values for --extra-vars.
I found the way to ask value for --extra-vars as other input in the Job invocation screen.
How could I achieve this?
Can this be done, 1st of all (I mean would foreman allowed to have such job template)
How can disabled the ‘Search Query’ question when do Job invocation since it is hard coded to run on localhost always
I don’t think there are any templates that can. We solved that by “organisatorical” measures, everyone “just knows” this template does not work on different hosts.
I am almost there, except this second requirement that I asked in my original post. Has not given up. Trying to overcome that in any manner. If anyone already invented the weel, please let me know.
Even though I said I am almost there. I am getting this error when run Foreman template which called an ansible role:
This is the error I am getting:
FAILED! => {“changed”: false, “module_stderr”: “sudo: a password is required\n”, “module_stdout”: “”, “msg”: “MODULE FAILURE\nSee stdout/stderr for the exact error”, “rc”: 1}
This error happening when the templated job run via smart proxy where all the ansible roles are stored.
The job run the 1st part on the target server where job should be running and when try to delegate to a different server, I am getting this error.
Basically, this is the full error message:
fatal: [<target node>.aaaa.com.au → <delegated node>.bbs.aaaa.com.au]: FAILED! => {“changed”: false, “module_stderr”: “sudo: a password is required\n”, “module_stdout”: “”, “msg”: “MODULE FAILURE\nSee stdout/stderr for the exact error”, “rc”: 1}
The reason for your new problem is right there in the error you posted:
Something (probably some role in your ansible playbook) is trying to sudo to execute some command with root privileges but cannot do that since sudo asks for a password. I don’t know exactly how ansible works with Foreman REX, but whatever user you are using should have NOPASSWD set in the sudo config.
Thanks for your support. It is highly appriciated.
.
I will check the sudoers file. I was trying different options and was not occurred to check the sudoers file.
The problem is when run via Foreman I was unable to find the user who was. Our Foreman environment was set by some other guy, and he has left the company. He has documented all his works and I will check his notes.
However, I have a debug task setup to run ‘whoami’ command in the ansible playbook/role and it shows ‘root’. That was my confusion since root can do what I am trying to do from normal command line.
This problem is sorted.
Smart proxy has no login user that is the user runs the Foreman job template for ansible roles.
This user should be added to smart proxy /etc/sudoers files.
Now I am not getting any PASSWORD related errors when run Foreman template as a job
However, the tasks delegate_to different hosts still running on the smart proxy itself