Thank you for your quick answer… Well these are the versions. And yes the callback is shipped by Ansible once it finishes the execution of the playbook.
And EnviromentFile for the “foreman-proxy” (under /etc/sysconfig/foreman-proxy) user contains this variable definition.
FOREMAN_SSL_VERIFY is set to False because I though that If I set it in that way I could by bypass the error… but I getting the same error than when it’s set to True.
Regarding the “connection refused” error, can you share your ‘/var/log/foreman/production.log’?
This error usually happens when you try to run ansible or ansible-playbook with the callback from any computer that is NOT the Foreman host itself, or a foreman-proxy.
Foreman authenticates hosts w/o API credentials only when they’re smart-proxies, or when they are part of the trusted_puppetmaster_hosts (yeah, confusing name, we have to rename it so it makes sense for Ansible).
You have a bit of info about this in the section 3. Configuration in the manual -> Foreman :: Plugin Manuals
tl;dr = Have you added the host you’re trying to run Ansible from to Administer > Settings" trusted puppetmaster hosts" (authentication tab)?
Well the truth is that Ansible server, from where the Ansible command is being executed, is as well the Foreman Server, the Foreman Smart Proxy and Puppet Master and CA, it is my tiny lab.
I tried with that variable (I mean truested_puppetmaster_hosts) empty as the logic made me think according to the documentation,but after testing and not getting any result It was set with an array with the name of server in all the posible ways (centospoc00, centospoc00.poc,192.168.0.1, localhost and 127.0.0.0) but nothing, same error.
I think the problem it could be, at least in first stage, in that FOREMAN_URL is said to be set as
@pjbarbero That port has nothing to do with Foreman other than being the default development port. Change your FOREMAN_URL to point to http://centospoc00.poc (or https rather, as I see you have certs)
The callback defaults to localhost:3000 to make development of the callback easier - but in production port 443 or 80 if you only have http are the equivalent.
@pjbarbero Could you share your logs in /var/log/foreman/production.log when you run ansible-playbook? I wonder if the connection refused is at an SELinux level, firewall, or actually Foreman dropping the connection because of some wrong credentials
I have been checking what you mentioned in your last post, and I saw how SELinux was activated. So that I disabled it and try, but as before absolutely nothing is logged in “/var/log/foreman/production.log”.
By the way the “firewalld” (firewall service in my CentOS OS) was stopped and desactivated.
So that I think the problem points out at the last supposition you made, Foreman must be dropping the connection for some wrong credentials (I think you wanted to mean SSL Certificates verification).
Now I am working on that, but any help from your side is very appreciated.
Any way, there is something I dont understand well about the kind of SSL Certificate verification that is taking place between Foreman Server => and Foreman Smart Proxy, and between Foreman Smart Proxy => Foreman Server . Could you please confirm me this verification is “Certificate based mutual authentication”?
If absolutely nothing is logged on /var/log/foreman/production.log when you
try to contact the Foreman host at 80 or 443, it’s most certainly not
Foreman the one returning “connection refused”.
Maybe you can see what’s going on with ‘journalctl -lf’ or even in
/var/log/httpd
I found which one were my problems. I restored a backup of my VM and I started the installation and configuration of the Ansible plugin again from a scratch.
And here my findings…
First I had an Ansible version higher than 2.2, so I started using the callback module proied by default.
And the second one when configuring it, instead of using the “foreman” user I used the “foreman-proxy” user.
Sorry, I don’t quite follow. In the previous messages I saw, you were running ansible-playbook directly through the CLI yourself, as the root user. But on your previous message I see you mention the environment variables were configured for the ‘foreman-proxy’ user, and now you configured the callback variables for the ‘foreman’ user.
And the second one when configuring it, instead of using the “foreman” user I used the “foreman-proxy” user.
…
After this, I don’t get any error when invoking any Ansible Playbook or Module.
How are you invoking these playbooks? Through Foreman/Foreman-proxy itself (via Job templates) or in the CLI?
If it’s on the CLI, ansible-playbook will execute the callback if you’ve set it up the way you said, callback_whitelist = foreman. When the callback runs, it will check the environment variables FOREMAN_HOST, FOREMAN_SSL_CERT, FOREMAN_SSL_KEY. You have to make sure these variables are set for whichever user runs ansible or ansible-playbook.
If you’re running ansible-playbook as root, in bash, you need to make sure the root user has all these environment variables set. FOREMAN_URL, FOREMAN_SSL_CERT, FOREMAN_SSL_KEY. If you’re not sure how to set these variables, there are many options.
To print the variables, you can run echo $FOREMAN_URL, etc… Ensure these variables are set before even running ansible-playbook if you want to get the callback report.
Set them on /etc/environment (log out and log in so that they are available).
Set them on ~/.bashrc , ~/.bash_profile or similar
If you’re running ansible through Foreman Remote Execution, either foreman or foreman-proxy will run the ansible-playbook command in the end. That’s why you need to set up the environment variables for these users. We’re working on making the installer automatically do that as it seems to be a tricky step.