Problem: getting ansible callback to work
Hi, I’m Philip and I’m an absolute beginner. I’m trying to come to grips with Foreman/Katello and there’s one thing I would really like to achieve and that’s use of Ansible plugin in Foreman. I have read the documentation at: Foreman :: Plugin Manuals but I haven’t been able to make it work just yet.
I have Katello with Ansible installed and I attached a CentOS 7 node to it. I want to see the results of Ansible commands in my dashboard. I installed Ansible on my centOS host and edited ansible.cfg as per instructions, by adding callback_whitelist = foreman under [defaults] tag and a [callback foreman] section as seen in linked instructions at the end.
I ran a simple hello world ansible playbook and at first I got a warning about python requests module which I solved with yum install python-requests.
Now it says:
[WARNING]: FOREMAN_SSL_CERT /etc/foreman-proxy/ssl_cert.pem not found.
Disabling the Foreman callback plugin.
[WARNING]: FOREMAN_SSL_KEY /etc/foreman-proxy/ssl_key.pem not found. Disabling
the Foreman callback plugin.
and then executes the playbook.
Could you please help me sort this out?
Some additional information:
This is at the end of ansible.cfg on the centos host I would like to report results to Katello from
url = ‘https://192.168.xxx.xxx’ (ip address since I haven’t sorted the DNS)
ssl_cert = /etc/foreman-proxy/ssl_cert.pem
ssl_key = /etc/foreman-proxy/ssl_key.pem
verify_certs = /etc/foreman-proxy/ssl_ca.pem
Hi and welcome
I’ll need to know a few things before I try to guide you through this just so we don’t end up on a wild goose chase
I have Katello with Ansible installed
And by ansible you mean just the cli tool or the foreman_ansible plugin or both? How did you install it?
I installed Ansible on my centOS host
Which machine is the “centOS host”? The one with katello or the client? And here again, what do you mean by ansible?
I ran a simple hello world ansible playbook
How did you run it? From katello itself (the webui)? From cli on the katello machine? From cli on the client machine?
Both, I have Katello with foreman_ansible plugin installed which I installed with foreman installer and I have ansible installed on hosts that are subscribed to the Katello host. (ansible-playbook playbook.yml works)
All three machines are CentOS 7. But to keep things simple I’ll differentiate them as “Katello” and “Centos7”. “Katello” is running Katello with an ansible plugin, “Centos7” is subscribed to it and trying to send him the playbook reports by callbacks.
I ran it from cli on the client machine, the “Centos7”. I simply made a HelloWorld.yml, executed the ansible-playbook HelloWorld.yml command.
Little update on the issue: I changed the url in ansible.cfg on “Centos7” to FQDN “katello.example.com” and put the ip address in the /etc/hosts file. I am not getting “/etc/foreman-proxy/ssl_cert.pem not found.” errors but rather “403 Forbidden”. I have authorized the content host by name in the Settings->Authentification tab in the Foreman dashboard web interface.
The docs don’t state it literally, but they guide you how to set things up for running Ansible from Foreman. By doing that, they make several assumptions, such as where certificates are located. Also note the docs are rather dated and the installer should set this up for you.
If you do the described steps on a different machine, then you have to obtain the needed certificates yourself somehow.
Running ansible from the client machines is not how it is intended to be used so you might end up in uncharted waters if you proceed in your current direction.
Without protocol? This way you might be sending the facts over HTTP so certificates are not in play I guess.
/var/log/foreman/production.log on katello machine should have more details.
I feel that which you wish to accomplish is more in the domain of ARA, which also creates detailed reports of each run.