Is the run of ansible roles on the foreman server itself supported ? (I did not yet tried on another host)
I have a Foreman 1.17/Katello 3.6 install (with the local smart-proxy instance) and I m trying to apply Ansible roles on the server itself.
I made sure that remote SSH execution is working. I have defined the same username in Ansible settings as for remote SSH execution. I m not sure if I forgot to configure something to be able to run ansible.
The task output is “Error initializing command: RuntimeError - can’t get Master/Slave device
Exit status: EXCEPTION”. I only found quote about this in an issue related to SELinux, but SELinux is disabled on my host.
I dont see any SSH connection attempt on localhost.
If running ansible on localhost should work, how could I debug more ?
Thanks in advance.
running ansible against the foreman server itself shouldn’t be any different to running it against any other host. I’m quite confident you would hit the same issue if you tried to run roles against any other host.
The error probably comes from the place where we try to allocate a PTY, but I’m not sure why that could fail. If the other issue suggested SELinux, it probably might be caused by any other “additional security” mechanism such as AppArmor, tomoyo, grsec and others. Do you use any of those?
Could you try running this simple ruby script? If my intuition is correct you should get the same Master/Slave error with some more details there.
output, input, _ = PTY.spawn('/usr/bin/echo', 'hello')
I fixed it with some tweaks described in a post which have been lost in last week outage It was about :
- SHELL env var defined for smart proxy and dynflow daemons
- SSH keys in /usr/share/foreman-proxy/.ssh/id_rsa and /etc/foreman-proxy/
- /usr/share/foreman-proxy/.ansible missing
- reseting ansible_ssh_pass
Thanks for pointing it out - for the record, /usr/share/foreman-proxy/.ansible are automatically created and/or symlinked on the latest version of the RPM package
You may change the setting ansible_ssh_private_key_file, found under Administer > Settings to point to /usr/share/foreman-proxy/.ssh/id_rsa_foreman_proxy which is created by the REX plugin automatically.
This could be a better default than leaving it empty as now, as it uses ~foreman-proxy/.id_rsa which might not exist.
I confirm, less tuning after install is required now on 1.18RC1.