Unable to import ansible roles

_js · February 26, 2018, 4:53pm

@dLobatog - do you have any updates or any thoughts on what we could check?

dLobatog · February 27, 2018, 1:01pm

I’m working on reproducing this locally to give you some solution, if needed in the form of a new package.

_js · February 27, 2018, 1:03pm

@sarfarosh @dLobatog - just an update there seems to be something stopping the install of tfm-rubygem-smart_proxy_dynflow_core.noarch

when I did a gem list -a the dynflow_core wasn’t listed but a couple of the other gems were. so this is what I did to get the ansible smart proxy working.

gem install foreman_ansible_core
gem install rack -v 1.6.8
gem install smart_proxy_dynflow_core -v 0.1.7 -this may need a force but I forced version 0.1.10 before realizing I should try version 0.1.7.

In case that doesn’t fix your issue (which it did for me) I added the ** lines to the file below. Admittedly after resolving the gem issue I didn’t need these file mod anymore.

inside this file /usr/share/gems/gems/smart_proxy_ansible-1.1.1/lib/smart_proxy_ansible/api.rb

module Proxy
  module Ansible
    class Api < Sinatra::Base
      get '/roles' do
        **require 'smart_proxy_dynflow_core'**
        **require 'foreman_ansible_core'**
        ::ForemanAnsibleCore::RolesReader.list_roles.to_json
      end

      get '/roles/:role_name/variables' do |role_name|
        # not anything matching item, }}, {{, ansible_hostname or 'if'
        ansible_config = '/etc/ansible/ansible.cfg'
        roles_path = ::ForemanAnsibleCore::RolesReader.roles_path(ansible_config)
        role_files = Dir.glob("#{roles_path}/#{role_name}/**/*.yml")
        variables = role_files.map do |role_file|
          File.read(role_file).scan(/{{(.*?)}}/).select do |param|
            param.first.scan(/item/) == [] && param.first.scan(/if/) == []
          end.first
        end.compact
        variables.uniq!
        variables = variables.map(&:first).map(&:strip).to_json
      end
    end
  end
end

dLobatog · February 27, 2018, 1:52pm

Is this on a debian based system? I’m currently a bit confused about how could this work on RPM systems:

‘smart_proxy_ansible’ seems to require ‘foreman_ansible_core’ and ‘smart_proxy_dynflow_core’.
If I decide to add the 2 ‘requires’, the application fails to load because it can’t find any of the 2.
The reason it can’t find neither ‘foreman_ansible_core’ nor ‘smart_proxy_dynflow_core’ is because they belong in the SCL. Only ‘tfm-rubygem-foreman_ansible_core’ and ‘tfm-rubygem-smart_proxy_dynflow_core’. The smart proxy is NOT in the SCL so that these dependencies are not accessible to it.

_js · February 27, 2018, 2:34pm

It’s on a red hat system - OEL.

Inside /usr/share/gems/gems/smart_proxy_ansible-1.1.1/lib/smart_proxy_ansible/plugin.rb is the requires - it shouldn’t be needed in the api.rb but I can’t answer why - I can just tell you what worked when I tested.

module Proxy::Ansible
  class Plugin < Proxy::Plugin
    http_rackup_path File.expand_path("http_config.ru", File.expand_path("../", __FILE__))
    https_rackup_path File.expand_path("http_config.ru", File.expand_path("../", __FILE__))

    settings_file "ansible.yml"
    plugin :ansible, Proxy::Ansible::VERSION

    after_activation do
      begin
        require 'smart_proxy_dynflow_core'
        require 'foreman_ansible_core'
        ForemanAnsibleCore.initialize_settings(Proxy::Ansible::Plugin.settings.to_h)
      rescue LoadError => _
        # Dynflow core is not available in the proxy, will be handled
        # by standalone Dynflow core
      end
    end
  end
end

dLobatog · March 1, 2018, 6:44am

Thanks for the feedback. I’ve been doing some testing and came up with this solution:

https://github.com/theforeman/smart_proxy_ansible/pull/6/files

which works for fetching files. A workaround for the moment is to import roles directly “from Foreman”.

I also ran into some permissions issues when running roles on 1.16. The key to fix these is to ensure that
/usr/share/foreman-proxy/.ssh/id_rsa exists and is readable by the foreman-proxy user. Similarly the foreman-proxy user should be able to create /usr/share/foreman-proxy/.ansible.

If you’re using Foreman directly to run roles, it’s the same process for /usr/share/foreman.

dLobatog · March 1, 2018, 9:30am

https://github.com/theforeman/foreman-packaging/pull/2241
https://github.com/theforeman/foreman-packaging/pull/2242

RPMs and DEBs fixing this on the way.

These should also fix the problem with having to force the ‘roles_path’ field on /etc/ansible/ansible.cfg to be just 1 folder. With this fix in, you should be able to put as many paths as you need.

Remember you can import roles from Foreman directly to work around the problem - this means your roles need to be in the Foreman host directly, in /etc/ansible/roles or wherever the roles_path dictates. The process for importing the roles runs as ‘foreman’, in case there are any permission issues.