Is ansible run on localhost supported?

hartmel · May 9, 2018, 11:33am

Hello,

Is the run of ansible roles on the foreman server itself supported ? (I did not yet tried on another host)

I have a Foreman 1.17/Katello 3.6 install (with the local smart-proxy instance) and I m trying to apply Ansible roles on the server itself.

I made sure that remote SSH execution is working. I have defined the same username in Ansible settings as for remote SSH execution. I m not sure if I forgot to configure something to be able to run ansible.

The task output is “Error initializing command: RuntimeError - can’t get Master/Slave device

Exit status: EXCEPTION”. I only found quote about this in an issue related to SELinux, but SELinux is disabled on my host.

I dont see any SSH connection attempt on localhost.

If running ansible on localhost should work, how could I debug more ?

Thanks in advance.

aruzicka · May 17, 2018, 11:47am

Hello,
running ansible against the foreman server itself shouldn’t be any different to running it against any other host. I’m quite confident you would hit the same issue if you tried to run roles against any other host.

The error probably comes from the place where we try to allocate a PTY, but I’m not sure why that could fail. If the other issue suggested SELinux, it probably might be caused by any other “additional security” mechanism such as AppArmor, tomoyo, grsec and others. Do you use any of those?

Could you try running this simple ruby script? If my intuition is correct you should get the same Master/Slave error with some more details there.

require 'pty'
output, input, _ = PTY.spawn('/usr/bin/echo', 'hello')

hartmel · May 18, 2018, 3:45pm

I fixed it with some tweaks described in a post which have been lost in last week outage It was about :

SHELL env var defined for smart proxy and dynflow daemons
SSH keys in /usr/share/foreman-proxy/.ssh/id_rsa and /etc/foreman-proxy/
/usr/share/foreman-proxy/.ansible missing
reseting ansible_ssh_pass

hartmel · May 18, 2018, 3:45pm

Oh in fact this post is still there : Foreman freeipa and ansible/remote execution

dLobatog · May 25, 2018, 8:55am

Thanks for pointing it out - for the record, /usr/share/foreman-proxy/.ansible are automatically created and/or symlinked on the latest version of the RPM package

You may change the setting ansible_ssh_private_key_file, found under Administer > Settings to point to /usr/share/foreman-proxy/.ssh/id_rsa_foreman_proxy which is created by the REX plugin automatically.

This could be a better default than leaving it empty as now, as it uses ~foreman-proxy/.id_rsa which might not exist.

hartmel · June 21, 2018, 4:35pm

I confirm, less tuning after install is required now on 1.18RC1.
Thanks