Running playbook role in Foreman 1.17 fails

Jeff_Sparrow · June 4, 2018, 6:55pm

Problem:
Attempting to run a Ansible playbook from Foreman fails with:

 [WARNING]: Unable to set correct type for configuration entry:
DEFAULT_LOCAL_TMP

PLAY [joni-halder.lab.beer.town] ***********************************************

TASK [Gathering Facts] *********************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: OSError: [Errno 13] Permission denied: '~'
fatal: [joni-halder.lab.beer.town]: FAILED! => {"msg": "Unexpected failure during module execution.", "stdout": ""}
	to retry, use: --limit @/tmp/d20180604-14227-etndem/foreman-playbook-6bfa0e37-2659-4c54-a08e-d768bc807be0.retry

PLAY RECAP *********************************************************************
joni-halder.lab.beer.town  : ok=0    changed=0    unreachable=0    failed=1   


Exit status: 2

Expected outcome:
Ansible playbook to work.

Foreman and Proxy versions:
foreman - 1.17
proxy - 1.17

Foreman and Proxy plugin versions:
rubygem-smart_proxy_ansible-2.0.2-1.fm1_17.el7.noarch
tfm-rubygem-smart_proxy_dynflow_core-0.1.10-2.fm1_17.el7.noarch
rubygem-smart_proxy_remote_execution_ssh-0.1.5-1.el7.noarch
tfm-rubygem-foreman_ansible-2.0.1-1.fm1_17.el7.noarch
rubygem-smart_proxy_ansible-2.0.2-1.fm1_17.el7.noarch
ansible-2.5.3-1.el7.noarch
tfm-rubygem-foreman_ansible_core-2.0.2-1.fm1_17.el7.noarch

Other relevant data:
The ansible command works fine from cli. I only get this error when ran from Foreman.

Jeff_Sparrow · June 4, 2018, 6:57pm

tried this - Running playbook role in Foreman 1.15.6 / ansible pluging 1.4.5 / ansible 2.4.1 return an error

to no avail

Jeff_Sparrow · June 4, 2018, 7:23pm

I should note that running the playbook from cli (as root) works. When I run as foreman or foreman-proxy it does not.

Jeff_Sparrow · June 5, 2018, 12:08pm

Here are the commands ran under each user:

foreman user:
ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=root -o ConnectTimeout=10 -o ControlPath=/usr/share/foreman/.ansible/cp/34f9b1ddf2 joni-halder.lab.beer.town '/bin/sh -c '"'"'echo ~root && sleep 0'"'"''

Root user:
ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=root -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/34f9b1ddf2 joni-halder.lab.beer.town '/bin/sh -c '"'"'echo ~root && sleep 0'"'"''

So I see where the ControlPath is different. Could this be causing the problems?

Jeff_Sparrow · June 5, 2018, 1:30pm

Got this to work. Noticed that the ControlPath is set to whomever is running the commands. After turning on ansible logging, and running ansible from the GUI, I could see that foreman was using foreman-proxy to run all the commands. So I changed all the ownerships of the ssh keys to foreman-proxy. I then hit another issue:

2018-06-05 08:05:38,964 p=24747 u=foreman-proxy |  The full traceback is:
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ansible/executor/task_executor.py", line 138, in run
    res = self._execute()
  File "/usr/lib/python2.7/site-packages/ansible/executor/task_executor.py", line 561, in _execute
    result = self._handler.run(task_vars=variables)
  File "/usr/lib/python2.7/site-packages/ansible/plugins/action/normal.py", line 46, in run
    result = merge_hash(result, self._execute_module(task_vars=task_vars, wrap_async=wrap_async))
  File "/usr/lib/python2.7/site-packages/ansible/plugins/action/__init__.py", line 709, in _execute_module
    (module_style, shebang, module_data, module_path) = self._configure_module(module_name=module_name, module_args=module_args, task_vars=task_vars)
  File "/usr/lib/python2.7/site-packages/ansible/plugins/action/__init__.py", line 165, in _configure_module
    environment=final_environment)
  File "/usr/lib/python2.7/site-packages/ansible/executor/module_common.py", line 910, in modify_module
    environment=environment)
  File "/usr/lib/python2.7/site-packages/ansible/executor/module_common.py", line 712, in _find_module_utils
    os.makedirs(lookup_path)
  File "/usr/lib64/python2.7/os.py", line 150, in makedirs
    makedirs(head, mode)
  File "/usr/lib64/python2.7/os.py", line 150, in makedirs
    makedirs(head, mode)
  File "/usr/lib64/python2.7/os.py", line 150, in makedirs
    makedirs(head, mode)
  File "/usr/lib64/python2.7/os.py", line 157, in makedirs
    mkdir(name, mode)
OSError: [Errno 13] Permission denied: '~'

2018-06-05 08:05:38,964 p=24747 u=foreman-proxy |  fatal: [joni-halder.lab.beer.town]: FAILED! => {
    "msg": "Unexpected failure during module execution.",
    "stdout": ""

Not really helpful, so I ran strace against it and noticed:

24747 08:05:37.272306 mkdir("/usr/share/foreman-proxy/.ansible", 0700) = -1 EACCES (Permission denied)

Regardless of what I have the control path set to, it seems to default to the user running ansible.

So I created that directory and gave rights to foreman-proxy, and now its working.