Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

infra.aap_configuration.eda_credentials Role using aap_hostname, but backend does not evaluate hostname as intended (AAP 2.5) #985

Open
daparm opened this issue Nov 24, 2024 · 0 comments
Open

infra.aap_configuration.eda_credentials Role using aap_hostname, but backend does not evaluate hostname as intended (AAP 2.5) #985

daparm opened this issue Nov 24, 2024 · 0 comments
Labels
blocked - upstream bug Something isn't working module-issue

Comments

@daparm
Copy link

daparm commented Nov 24, 2024

Summary

If using the infra.aap_configuration.eda_credentials role to create an eda credential thorugh the dispatch role, i run into the issue that the passed aap_hostname variable (as used across all other collection roles) does not get correctly evaluated as a hostname, instead it expects to be passed with http / https protocol as a prefix.

This leads to the failure of the infra.aap_configuration.eda_credentials role if running the infra.aap_configuration.dispatch meta role.

Issue Type

  • Bug Report

Ansible, Collection, Controller details

ansible --version
ansible [core 2.16.12]

ansible-galaxy collection list

Collection                       Version    
-------------------------------- -----------
ansible.controller               4.6.2      
ansible.eda                      2.2.0      
ansible.hub                      1.0.0      
ansible.platform                 2.5.3      
ansible.posix                    1.6.2      
awx.awx                          24.6.1     
community.general                7.3.0      
containers.podman                1.16.2     
fedora.linux_system_roles        1.90.1     
infra.aap_configuration          3.1.0      
infra.aap_configuration_extended 1.0.0-devel
infra.aap_utilities              2.5.2      
infra.ah_configuration           2.1.0      
infra.controller_configuration   2.11.0     
infra.eda_configuration          1.1.0      
infra.ee_utilities               3.2.0      
kubernetes.core                  5.0.0      
middleware_automation.common     1.2.2      
middleware_automation.keycloak   2.4.3      

Controller version:
tower_version": "4.6.2"
X-API-Product-Version: 4.6.2
  • ansible installation method: one of source, pip, OS package, EE

OS package

OS / ENVIRONMENT

NAME="Fedora Linux"
VERSION="40 (Workstation Edition)"

Desired Behavior

I want to use the dispatch role against AAP 2.5 and be happy that all 53 roles gets executed flawlessly!

Actual Behavior

I need to disrupt the dispatch role and rerun the EDA part to ensure "aap_hostname" gets overwritten so i can pass it with the desired protocol i.e:

aap_hostname: "https://{{ aap_host | default(groups['automationcontroller'][0]) }}"

Please give some details of what is actually happening.
Include a [minimum complete verifiable example] with:

  • playbook / task
  • configuration file / list
  • error

This happens if i run the playbook:

- name: Playbook to configure ansible controller post installation
  hosts: all

  connection: local
  tasks:

    - name: Call dispatch role
      ansible.builtin.include_role:
        name: infra.aap_configuration.dispatch
failed: [127.0.0.1] (item=Create/Update project eda | Wait for finish the project creation) => {
    "__projects_job_async_result_item": {
        "__project_item": {
            "description": "config as code eda",
            "interval": 10,
            "name": "eda",
            "organization": "config_as_code",
            "sync": true,
            "url": "https://github.com/djdanielsson/eda.git",
            "wait": true
        },
        "ansible_job_id": "j816875086192.50466",
        "ansible_loop_var": "__project_item",
        "changed": false,
        "failed": 0,
        "finished": 0,
        "results_file": "/home/smn/.ansible_async/j816875086192.50466",
        "started": 1
    },
    "ansible_job_id": "j816875086192.50466",
    "ansible_loop_var": "__projects_job_async_result_item",
    "attempts": 1,
    "changed": false,
    "cmd": "/home/smn/.ansible/tmp/ansible-tmp-1732469126.8181164-50454-139847752806313/AnsiballZ_project.py",
    "data": "",
    "finished": 1,
    "invocation": {
        "module_args": {
            "_async_dir": "/home/smn/.ansible_async",
            "jid": "j816875086192.50466",
            "mode": "status"
        }
    },
    "msg": "Traceback (most recent call last):\n  File \"/tmp/ansible_ansible.legacy.async_wrapper_payload_f8ax6ysm/ansible_ansible.legacy.async_wrapper_payload.zip/ansible/modules/async_wrapper.py\", line 180, in _run_module\n  File \"/tmp/ansible_ansible.legacy.async_wrapper_payload_f8ax6ysm/ansible_ansible.legacy.async_wrapper_payload.zip/ansible/modules/async_wrapper.py\", line 98, in _filter_non_json_lines\nValueError: No start of json char found\n",
    "results_file": "/home/smn/.ansible_async/j816875086192.50466",
    "started": 1,
    "stderr": "Traceback (most recent call last):\n  File \"/home/smn/.ansible/tmp/ansible-tmp-1732469126.8181164-50454-139847752806313/AnsiballZ_project.py\", line 107, in <module>\n    _ansiballz_main()\n  File \"/home/smn/.ansible/tmp/ansible-tmp-1732469126.8181164-50454-139847752806313/AnsiballZ_project.py\", line 99, in _ansiballz_main\n    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n  File \"/home/smn/.ansible/tmp/ansible-tmp-1732469126.8181164-50454-139847752806313/AnsiballZ_project.py\", line 47, in invoke_module\n    runpy.run_module(mod_name='ansible_collections.ansible.eda.plugins.modules.project', init_globals=dict(_module_fqn='ansible_collections.ansible.eda.plugins.modules.project', _modlib_path=modlib_path),\n  File \"<frozen runpy>\", line 226, in run_module\n  File \"<frozen runpy>\", line 98, in _run_module_code\n  File \"<frozen runpy>\", line 88, in _run_code\n  File \"/tmp/ansible_ansible.eda.project_payload_7cya05qm/ansible_ansible.eda.project_payload.zip/ansible_collections/ansible/eda/plugins/modules/project.py\", line 250, in <module>\n  File \"/tmp/ansible_ansible.eda.project_payload_7cya05qm/ansible_ansible.eda.project_payload.zip/ansible_collections/ansible/eda/plugins/modules/project.py\", line 136, in main\n  File \"/tmp/ansible_ansible.eda.project_payload_7cya05qm/ansible_ansible.eda.project_payload.zip/ansible_collections/ansible/eda/plugins/module_utils/client.py\", line 54, in __init__\nansible_collections.ansible.eda.plugins.module_utils.errors.EDAHTTPError: Invalid instance host value: 'smn-workstation.dapar.me'. Value must start with 'https://' or 'http://'\n",
    "stderr_lines": [
        "Traceback (most recent call last):",
        "  File \"/home/smn/.ansible/tmp/ansible-tmp-1732469126.8181164-50454-139847752806313/AnsiballZ_project.py\", line 107, in <module>",
        "    _ansiballz_main()",
        "  File \"/home/smn/.ansible/tmp/ansible-tmp-1732469126.8181164-50454-139847752806313/AnsiballZ_project.py\", line 99, in _ansiballz_main",
        "    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)",
        "  File \"/home/smn/.ansible/tmp/ansible-tmp-1732469126.8181164-50454-139847752806313/AnsiballZ_project.py\", line 47, in invoke_module",
        "    runpy.run_module(mod_name='ansible_collections.ansible.eda.plugins.modules.project', init_globals=dict(_module_fqn='ansible_collections.ansible.eda.plugins.modules.project', _modlib_path=modlib_path),",
        "  File \"<frozen runpy>\", line 226, in run_module",
        "  File \"<frozen runpy>\", line 98, in _run_module_code",
        "  File \"<frozen runpy>\", line 88, in _run_code",
        "  File \"/tmp/ansible_ansible.eda.project_payload_7cya05qm/ansible_ansible.eda.project_payload.zip/ansible_collections/ansible/eda/plugins/modules/project.py\", line 250, in <module>",
        "  File \"/tmp/ansible_ansible.eda.project_payload_7cya05qm/ansible_ansible.eda.project_payload.zip/ansible_collections/ansible/eda/plugins/modules/project.py\", line 136, in main",
        "  File \"/tmp/ansible_ansible.eda.project_payload_7cya05qm/ansible_ansible.eda.project_payload.zip/ansible_collections/ansible/eda/plugins/module_utils/client.py\", line 54, in __init__",
        "ansible_collections.ansible.eda.plugins.module_utils.errors.EDAHTTPError: Invalid instance host value: 'smn-workstation.dapar.me'. Value must start with 'https://' or 'http://'"

This happens because of the different evaluation of

STEPS TO REPRODUCE

- name: Playbook to configure ansible controller post installation
  hosts: all

  connection: local
  tasks:

    - name: Call dispatch role
      ansible.builtin.include_role:
        name: infra.aap_configuration.dispatch

ansible-playbook -i inventory_test.yml -l test playbooks/aap_config.yml -e aap_configuration_secure_logging=false -vvvv

You can use this two variable blocks to test out some controller and EDA tasks, where the aap_hostname variable is used as a shared variable, should at least create creds, orgs on the controller and then trys to interact with EDA part:

---
controller_credentials_all:
  - name: aap_admin
    credential_type: Red Hat Ansible Automation Platform
    organization: config_as_code
    description: aap admin account
    inputs:
      host: "{{ aap_hostname }}"
      username: "{{ aap_username }}"
      password: "{{ aap_password }}"
      verify_ssl: false

  - name: ah_admin_user_pass
    credential_type: automation_hub
    organization: config_as_code
    description: automation hub admin account
    inputs:
      hostname: "{{ aap_hostname }}"
      username: "{{ aap_username }}"
      password: "{{ aap_password }}"
      verify_ssl: false

  - name: ah_token_user
    credential_type: automation_hub
    organization: config_as_code
    description: automation hub api account
    inputs:
      hostname: "{{ aap_hostname }}"
      username: "{{ ah_token_username }}"
      token: "{{ ah_token }}"
      verify_ssl: false

  - name: ah_certified
    credential_type: Ansible Galaxy/Automation Hub API Token
    organization: config_as_code
    inputs:
      url: https://{{ aap_hostname }}/api/galaxy/content/rh-certified/
      token: "{{ ah_token }}"

  - name: ah_published
    credential_type: Ansible Galaxy/Automation Hub API Token
    organization: config_as_code
    inputs:
      url: https://{{ aap_hostname }}/api/galaxy/content/published/
      token: "{{ ah_token }}"

  - name: ah_validated
    credential_type: Ansible Galaxy/Automation Hub API Token
    organization: config_as_code
    inputs:
      url: https://{{ aap_hostname }}/api/galaxy/content/validated/
      token: "{{ ah_token }}"

  - name: ah_community
    credential_type: Ansible Galaxy/Automation Hub API Token
    organization: config_as_code
    inputs:
      url: https://{{ aap_hostname }}/api/galaxy/content/community/
      token: "{{ ah_token }}"

  - name: cr_ah
    credential_type: Container Registry
    organization: config_as_code
    inputs:
      host: "{{ aap_hostname }}"
      username: "{{ aap_username }}"
      password: "{{ aap_password }}"
      verify_ssl: false

  - name: root
    credential_type: Machine
    organization: config_as_code
    description: root local password
    inputs:
      username: root
      password: "{{ root_machine_pass }}"

  - name: vault
    credential_type: Vault
    organization: config_as_code
    description: vault password
    inputs:
      vault_password: "{{ vault_pass }}"
...


---
aap_organizations_all:
  - name: config_as_code
    galaxy_credentials:
      - ah_published
      - ah_certified
      - ah_validated
      - ah_community
...

---
eda_credentials:
  - name: "hub"
    description: "private automation hub"
    inputs:
      verify_ssl: false
      username: "{{ aap_username }}"
      password: "{{ aap_password }}"
      host: smn-workstation.dapar.me
    credential_type: "Container Registry"
    credential_type_name: "Container Registry"
    organization: 'Default'
    organization_name: Default
    validate_certs: false
...

To point to the code what exactly is providing the error:

The EDA Codebase can't yet manage the passed aap_hostname properly. In this role we expect it to be passed as a hostname without http/s prefix.

Here is how EDA treats the host:

EDA:
https://github.com/ansible/event-driven-ansible/blob/main/plugins/module_utils/client.py#L44

And this is how Controller and Hub is deal with it without the error:
Controller:
https://github.com/ansible/awx/blob/devel/awx_collection/plugins/module_utils/controller_api.py#L108

Hub/Galaxy:
https://github.com/ansible-collections/ansible_hub/blob/main/plugins/module_utils/ah_module.py#L127

So either we need to patch the EDA codebase, so it can distinct between a hostname and a full URL, or we need to bypass it in the role itself, so the user is able to submit either a different variable for aap_hostname or add the protocol somehow:

https://github.com/redhat-cop/infra.aap_configuration/blob/devel/roles/eda_credentials/tasks/main.yml#L12

Wanted to point out:
I really like the efforts you put in the CaC part of AAP - AWX/EDA/Galaxy! Thank you.
@daparm daparm added bug Something isn't working new New issue, this should be removed once reviewed labels Nov 24, 2024
@daparm daparm mentioned this issue Nov 25, 2024
Open
@djdanielsson djdanielsson added blocked - upstream module-issue and removed new New issue, this should be removed once reviewed labels Dec 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
blocked - upstream bug Something isn't working module-issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@djdanielsson @daparm