Bug 1468717
| Summary: | Template changes required for provisioning callback configuration between Ansible Tower and Satellite should be in place | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | Sachin Ghai <sghai> | ||||
| Component: | Provisioning Templates | Assignee: | Daniel Lobato Garcia <dlobatog> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Sachin Ghai <sghai> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 6.3.0 | CC: | bbuckingham, dlobatog, egolov, ehelms, fgarciad, mhulan | ||||
| Target Milestone: | Unspecified | Keywords: | Triaged | ||||
| Target Release: | Unused | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | foreman-1.15.6 | Doc Type: | If docs needed, set a value | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2018-02-21 16:59:32 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
|
Description
Sachin Ghai
2017-07-07 17:34:30 UTC
Please note that pointed changes bz description is using systemd. so this is only applicable for rhel7 hosts. We need changes for rhel6 too. This was merged upstream, https://github.com/theforeman/community-templates/commit/6a185ddc23fe120b02672426f94a4f8063305ed3, however without changes for RHEL6 yet. For 1.15.4 I hope the EL6 changes are in community-templates and can trickle down downstream. https://github.com/theforeman/community-templates/pull/423 is under review now Thank you for fix Daniel.
I verified w/ sat6.3 snap21 and found that we have added 3 snippet as below:
a) ansible_provisioning_callback
b) ansible_tower_callback_script
c) ansible_tower_callback_service
However, I don't see the call to any of these snippets to following templates:
1) Satellite Kickstart default
2) Satellite Kickstart Default Finish
Though, I see "Katello Kickstart Finish" template updated w/ below:
<% if host_param_true?('ansible_tower_provisioning') -%>
<%= save_to_file('/root/ansible_provisioning_call.sh', snippet('ansible_tower_callback_script')) %>
./root/ansible_provisioning_call.sh
<% end -%>
I think we should update "Satellite Kickstart default" and "Satellite Kickstart Default Finish" w/ a call to ansible_callback snippet.
To test the changes: I integrated the Tower w/ satellite6.3 and provisioned some hosts by manually updating the satellite kickstart default template. However, provisioning call_back doesn't work though I can run the playbook on satellite hosts through tower but not through provisioning callback. on manually running the callback through curl cmd throws error: ============================================================== --- # /usr/bin/curl -k -s --data "host_config_key=ebeeb8fe0f0a68db1b64ca0c03bb2acf" https://sat6ansibletower/api/v2/job_templates/8/callback/ {"msg":"Cannot start automatically, user input required!"} --- On checking status: getting same msg: ================================= # systemctl status ansible-callback.service ● ansible-callback.service - Provisioning callback to Ansible Tower Loaded: loaded (/etc/systemd/system/ansible-callback.service; disabled; vendor preset: disabled) Active: inactive (dead) Oct 25 10:16:28 satellite_host1 systemd[1]: Starting Provisioning callback to Ansible Tower... Oct 25 10:16:38 satellite_host1 curl[1037]: {"msg":"No matching host could be found!"} Oct 25 10:16:38 satellite_host1 systemctl[3919]: Removed symlink /etc/systemd/system/multi-user.target.wants/ansible-callback.service. Oct 25 10:16:38 satellite_host1 systemd[1]: Started Provisioning callback to Ansible Tower. Oct 25 10:58:36 satellite_host1 systemd[1]: Starting Provisioning callback to Ansible Tower... Oct 25 10:58:36 satellite_host1 curl[12087]: {"msg":"Cannot start automatically, user input required!"} Oct 25 10:58:36 satellite_host1 systemd[1]: Started Provisioning callback to Ansible Tower. It's true the templates are not in the Satellite templates yet, as the templates landed in Foreman but not Katello which has its own set of templates. About the messages you've got, I think they actually show the callback worked, but your job template requires user input. Can you make a job template in Tower that does NOT require user input? Thank you Daniel for reply.
I updated the job template and now provisioning callback is working fine. Here are the logs:
[root@sghairhel7ansiblehost2 tmp]# systemctl status ansible-callback.service
● ansible-callback.service - Provisioning callback to Ansible Tower
Loaded: loaded (/etc/systemd/system/ansible-callback.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Oct 26 10:07:53 satellite_host1 systemd[1]: Starting Provisioning callback to Ansible Tower...
Oct 26 10:07:53 satellite_host1 curl[30512]: {"msg":"Host callback job already pending."}
Oct 26 10:07:53 satellite_host1 systemd[1]: Started Provisioning callback to Ansible Tower.
Oct 26 10:08:52 satellite_host1 systemd[1]: Starting Provisioning callback to Ansible Tower...
Oct 26 10:08:53 satellite_host1 systemd[1]: Started Provisioning callback to Ansible Tower.
Oct 26 10:09:04 satellite_host1 systemd[1]: Starting Provisioning callback to Ansible Tower...
Oct 26 10:09:05 satellite_host1 curl[30844]: {"msg":"Host callback job already pending."}
Oct 26 10:09:05 satellite_host1 systemd[1]: Started Provisioning callback to Ansible Tower.
Oct 26 11:00:34 satellite_host1 systemd[1]: Starting Provisioning callback to Ansible Tower...
Oct 26 11:00:35 satellite_host1 systemd[1]: Started Provisioning callback to Ansible Tower.
on rhel6 node: User will get sh ansible_provisioning_call.sh scripts that actually does provisioning callbacks and works on rhel6 hosts too. Calling Ansible AWX/Tower provisioning callback... * About to connect() to Tower_host1 port 443 (#0) * Trying 10.8.246.59... connected * Connected to Tower_host1 (10.8.246.59) port 443 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * warning: ignoring value of ssl.verifyhost * skipping SSL peer certificate verification * SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 * Server certificate: * subject: CN=localhost * start date: Oct 05 10:28:46 2017 GMT * expire date: Jul 20 10:28:46 2291 GMT * common name: localhost * issuer: CN=localhost > POST /api/v2/job_templates/8/callback/ HTTP/1.1 > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2 > Host: Tower_host1 > Accept: */* > Content-Length: 48 > Content-Type: application/x-www-form-urlencoded > < HTTP/1.1 201 CREATED < Server: nginx/1.10.2 < Date: Thu, 26 Oct 2017 11:05:13 GMT < Transfer-Encoding: chunked < Connection: keep-alive < X-API-Time: 0.225s < Allow: GET, POST, HEAD, OPTIONS < Content-Language: en < Vary: Accept, Accept-Language, Cookie < Location: https://Tower_host1/api/v2/jobs/43/ < X-API-Node: localhost < Strict-Transport-Security: max-age=15768000 < X-Frame-Options: DENY < * Connection #0 to host Tower_host1 left intact * Closing connection #0 DONE Assigning back to have the changes in satellite templates ( Kickstart and finish). thanks for the changes. Verified w/ sat6.3 snap22. Satellite Templates changes are in place. Thank you Daniel, Marek. QE tested Integration w/ ansible Tower 3.2.0 (Ansible 2.3.2.0). Tower was configured w/ satellite6 provider and a job template was defined in Tower for provisioning callback to run a playbook on satellite hosts during post provisioning phase. Satellite Kikcstart default and Satellite kickstart default Finish templates are updated w/ required snippets. Satellite is updated w/ below snippets: a) ansible_provisioning_callback b) ansible_tower_callback_script c) ansible_tower_callback_service User needs to define below 4 parameters at host or hostgroup level: ansible_tower_provisioning => true ansible_tower_fqdn => TOWER_FQDN ansible_job_template_id => TEMPLATE_ID(get it from Tower) ansible_host_config_key => CONFIG_KEY(get it from Tower Job template) Dynamic_Inventory: =========================== Dynamic inventory of host and hostgroup is working fine. We can see satellite hosts and hostgroups in Tower. Please see attached screenshot Created attachment 1345721 [details]
sat6 CV, hostgroup_org associated to hosts as part of Tower inventory groups
In case of network-based provisioning, satellite kickstart default template is updated w/ a call to ansible_provisioning_callback snippet. on rhel7 host, systemd service is defined: [root@sghairhel7ansibletemplatefix tmp]# systemctl start ansible-callback [root@sghairhel7ansibletemplatefix tmp]# systemctl status ansible-callback ● ansible-callback.service - Provisioning callback to Ansible Tower Loaded: loaded (/etc/systemd/system/ansible-callback.service; disabled; vendor preset: disabled) Active: inactive (dead) Oct 30 12:24:18SAT_host systemd[1]: Starting Provisioning callback to Ansible Tower... Oct 30 12:24:30SAT_host systemctl[4241]: Removed symlink /etc/systemd/system/multi-user.target.wants/ansible-callback.service. Oct 30 12:24:30SAT_host systemd[1]: Started Provisioning callback to Ansible Tower. Oct 30 16:16:02SAT_host systemd[1]: Starting Provisioning callback to Ansible Tower... Oct 30 16:16:03SAT_host systemd[1]: Started Provisioning callback to Ansible Tower. [root@sghairhel7ansibletemplatefix tmp]# ll total 0 -rw-------. 1 root root 0 Oct 30 16:16 ansible.epXQrztemp Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:0336 |