@dLobatog - do you have any updates or any thoughts on what we could check?
I’m working on reproducing this locally to give you some solution, if needed in the form of a new package.
@sarfarosh @dLobatog - just an update there seems to be something stopping the install of tfm-rubygem-smart_proxy_dynflow_core.noarch
when I did a gem list -a the dynflow_core wasn’t listed but a couple of the other gems were. so this is what I did to get the ansible smart proxy working.
gem install foreman_ansible_core
gem install rack -v 1.6.8
gem install smart_proxy_dynflow_core -v 0.1.7 -this may need a force but I forced version 0.1.10 before realizing I should try version 0.1.7.
In case that doesn’t fix your issue (which it did for me) I added the ** lines to the file below. Admittedly after resolving the gem issue I didn’t need these file mod anymore.
inside this file /usr/share/gems/gems/smart_proxy_ansible-1.1.1/lib/smart_proxy_ansible/api.rb
module Proxy
module Ansible
class Api < Sinatra::Base
get '/roles' do
**require 'smart_proxy_dynflow_core'**
**require 'foreman_ansible_core'**
::ForemanAnsibleCore::RolesReader.list_roles.to_json
end
get '/roles/:role_name/variables' do |role_name|
# not anything matching item, }}, {{, ansible_hostname or 'if'
ansible_config = '/etc/ansible/ansible.cfg'
roles_path = ::ForemanAnsibleCore::RolesReader.roles_path(ansible_config)
role_files = Dir.glob("#{roles_path}/#{role_name}/**/*.yml")
variables = role_files.map do |role_file|
File.read(role_file).scan(/{{(.*?)}}/).select do |param|
param.first.scan(/item/) == [] && param.first.scan(/if/) == []
end.first
end.compact
variables.uniq!
variables = variables.map(&:first).map(&:strip).to_json
end
end
end
end
Is this on a debian based system? I’m currently a bit confused about how could this work on RPM systems:
- ‘smart_proxy_ansible’ seems to require ‘foreman_ansible_core’ and ‘smart_proxy_dynflow_core’.
- If I decide to add the 2 ‘requires’, the application fails to load because it can’t find any of the 2.
- The reason it can’t find neither ‘foreman_ansible_core’ nor ‘smart_proxy_dynflow_core’ is because they belong in the SCL. Only ‘tfm-rubygem-foreman_ansible_core’ and ‘tfm-rubygem-smart_proxy_dynflow_core’. The smart proxy is NOT in the SCL so that these dependencies are not accessible to it.
It’s on a red hat system - OEL.
Inside /usr/share/gems/gems/smart_proxy_ansible-1.1.1/lib/smart_proxy_ansible/plugin.rb is the requires - it shouldn’t be needed in the api.rb but I can’t answer why - I can just tell you what worked when I tested.
module Proxy::Ansible
class Plugin < Proxy::Plugin
http_rackup_path File.expand_path("http_config.ru", File.expand_path("../", __FILE__))
https_rackup_path File.expand_path("http_config.ru", File.expand_path("../", __FILE__))
settings_file "ansible.yml"
plugin :ansible, Proxy::Ansible::VERSION
after_activation do
begin
require 'smart_proxy_dynflow_core'
require 'foreman_ansible_core'
ForemanAnsibleCore.initialize_settings(Proxy::Ansible::Plugin.settings.to_h)
rescue LoadError => _
# Dynflow core is not available in the proxy, will be handled
# by standalone Dynflow core
end
end
end
end
Thanks for the feedback. I’ve been doing some testing and came up with this solution:
https://github.com/theforeman/smart_proxy_ansible/pull/6/files
which works for fetching files. A workaround for the moment is to import roles directly “from Foreman”.
I also ran into some permissions issues when running roles on 1.16. The key to fix these is to ensure that
/usr/share/foreman-proxy/.ssh/id_rsa
exists and is readable by the foreman-proxy user. Similarly the foreman-proxy user should be able to create /usr/share/foreman-proxy/.ansible
.
If you’re using Foreman directly to run roles, it’s the same process for /usr/share/foreman
.
https://github.com/theforeman/foreman-packaging/pull/2241
https://github.com/theforeman/foreman-packaging/pull/2242
RPMs and DEBs fixing this on the way.
These should also fix the problem with having to force the ‘roles_path’ field on /etc/ansible/ansible.cfg to be just 1 folder. With this fix in, you should be able to put as many paths as you need.
Remember you can import roles from Foreman directly to work around the problem - this means your roles need to be in the Foreman host directly, in /etc/ansible/roles or wherever the roles_path dictates. The process for importing the roles runs as ‘foreman’, in case there are any permission issues.