Bug 1661483

Summary:	Ansible Job Templates fails because sudo password is not provided even though it is
Product:	Red Hat Satellite	Reporter:	Suraj Patil <supatil>
Component:	Ansible	Assignee:	Adam Ruzicka <aruzicka>
Status:	CLOSED ERRATA	QA Contact:	Lukas Pramuk <lpramuk>
Severity:	medium	Docs Contact:
Priority:	unspecified
Version:	6.4	CC:	egolov, hmore, nshaik, zhunting
Target Milestone:	6.5.0	Keywords:	Triaged
Target Release:	Unused
Hardware:	All
OS:	Linux
URL:	https://projects.theforeman.org/issues/25764
Whiteboard:
Fixed In Version:	tfm-rubygem-foreman_ansible-2.2.13	Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2019-05-14 12:39:37 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Suraj Patil 2018-12-21 10:49:18 UTC

Description of problem:

Ansible job template shows fatal: [client.example.com]: FAILED! => {"changed": false, "module_stderr": "Shared connection to client.example.com closed.\r\n", "module_stdout": "sudo: a password is required\r\n", "msg": "MODULE FAILURE", "rc": 1}

even though Sudo password is defined in Administer > settings > Remote Execution 

This works if we use any other template except ansible (eg - Run command - SSH template) 

Version-Release number of selected component (if applicable):
satellite 6.4

Steps to Reproduce:
1. Create user demo on the client system and add it in the sudoers file
2. On satellite in Administer > settings > Remote Execution.

SSH User = demo
Sudo password = password of Demo
Effective User = test

3. Run job from satellite to client using any ansible template. 

Actual results:
Fails with error 

[client.example.com]: FAILED! => {"changed": false, "module_stderr": "Shared connection to client.example.com closed.\r\n", "module_stdout": "sudo: a password is required\r\n", "msg": "MODULE FAILURE", "rc": 1}

Expected results:
Should successfully execute.

Comment 3 Bryan Kearney 2019-01-15 09:09:51 UTC

Upstream bug assigned to aruzicka

Comment 4 Bryan Kearney 2019-01-15 09:09:52 UTC

Upstream bug assigned to aruzicka

Comment 5 Bryan Kearney 2019-01-15 09:10:37 UTC

Upstream bug assigned to aruzicka

Comment 6 Bryan Kearney 2019-01-15 09:10:39 UTC

Upstream bug assigned to aruzicka

Comment 7 Bryan Kearney 2019-01-15 09:11:44 UTC

Upstream bug assigned to aruzicka

Comment 8 Bryan Kearney 2019-01-15 09:12:41 UTC

Upstream bug assigned to aruzicka

Comment 9 Bryan Kearney 2019-01-15 09:12:43 UTC

Upstream bug assigned to aruzicka

Comment 10 Bryan Kearney 2019-01-15 09:13:37 UTC

Upstream bug assigned to aruzicka

Comment 11 Bryan Kearney 2019-01-15 09:13:38 UTC

Upstream bug assigned to aruzicka

Comment 12 Bryan Kearney 2019-01-15 09:14:47 UTC

Upstream bug assigned to aruzicka

Comment 13 Bryan Kearney 2019-01-15 09:14:48 UTC

Upstream bug assigned to aruzicka

Comment 15 Bryan Kearney 2019-01-15 09:15:45 UTC

Upstream bug assigned to aruzicka

Comment 16 Bryan Kearney 2019-01-15 09:15:46 UTC

Upstream bug assigned to aruzicka

Comment 17 Bryan Kearney 2019-01-15 09:16:52 UTC

Upstream bug assigned to aruzicka

Comment 18 Bryan Kearney 2019-01-15 09:16:53 UTC

Upstream bug assigned to aruzicka

Comment 19 Bryan Kearney 2019-01-15 09:18:01 UTC

Upstream bug assigned to aruzicka

Comment 20 Bryan Kearney 2019-01-15 09:18:02 UTC

Upstream bug assigned to aruzicka

Comment 21 Bryan Kearney 2019-01-15 09:18:49 UTC

Upstream bug assigned to aruzicka

Comment 22 Bryan Kearney 2019-01-15 09:18:50 UTC

Upstream bug assigned to aruzicka

Comment 23 Bryan Kearney 2019-01-25 21:09:30 UTC

Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/25764 has been resolved.

Comment 24 Lukas Pramuk 2019-04-23 17:11:41 UTC

VERIFIED.

@satellite-6.5.0-11.el7sat.noarch
tfm-rubygem-foreman_ansible-2.2.14-2.el7sat.noarch

by extending the manual reproducer described in comment#0:

1. @HOST: Create user demo and add it in the sudoers file

# adduser demo
# passwd demo --stdin <<<demo
# echo 'demo	ALL=(ALL)	ALL' >> /etc/sudoers

2. @SAT: Change Administer > Settings > Remote Execution settingd

SSH User  [ demo ]
Sudo password  [ demo ]
Effective User  [ root ]

3. Run the REX job using any ansible template. 
----
   1:
   2:
PLAY [all] *********************************************************************
   3:
   4:
TASK [Gathering Facts] *********************************************************
   5:
ok: [host1.example.com]
   6:
   7:
TASK [shell] *******************************************************************
   8:
changed: [host1.example.com]
   9:
  10:
TASK [debug] *******************************************************************
  11:
ok: [host1.example.com] => {
  12:
    "out": {
  13:
        "changed": true, 
  14:
        "cmd": "id", 
  15:
        "delta": "0:00:00.005761", 
  16:
        "end": "2019-04-23 12:17:28.547989", 
  17:
        "failed": false, 
  18:
        "rc": 0, 
  19:
        "start": "2019-04-23 12:17:28.542228", 
  20:
        "stderr": "", 
  21:
        "stderr_lines": [], 
  22:
        "stdout": "uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023", 
  23:
        "stdout_lines": [
  24:
            "uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023"
  25:
        ]
  26:
    }
  27:
}
  28:
  29:
PLAY RECAP *********************************************************************
  30:
host1.example.com : ok=3    changed=1    unreachable=0    failed=0   
  31:
  32:
Exit status: 0
----

>>> ansible job run successfully

Comment 25 Lukas Pramuk 2019-04-23 17:18:32 UTC

4. @SAT: Change Administer > Settings > Remote Execution settings

SSH User  [ demo ]
Sudo password  [ badbadbad ]
Effective User  [ root ]

5. Run the REX job using any ansible template.
----
   1:
   2:
PLAY [all] *********************************************************************
   3:
   4:
TASK [Gathering Facts] *********************************************************
   5:
fatal: [host1.example.com]: FAILED! => {"msg": "Incorrect sudo password"}
   6:
	to retry, use: --limit @/tmp/foreman-playbook-227311a0-64b8-432a-96ac-447985733195.retry
   7:
   8:
PLAY RECAP *********************************************************************
   9:
host1.example.com : ok=0    changed=0    unreachable=0    failed=1   
  10:
  11:
Exit status: 2
----

>>> ansible job fails correctly with reasonable message to the user

Comment 26 Lukas Pramuk 2019-04-23 17:22:57 UTC

6. @SAT: Change Administer > Settings > Remote Execution settings

SSH User  [ demo ]
Sudo password  [ ] (empty)
Effective User  [ root ]

7. Run the REX job using any ansible template.
----
   1:
   2:
PLAY [all] *********************************************************************
   3:
   4:
TASK [Gathering Facts] *********************************************************
   5:
fatal: [host1.example.com]: FAILED! => {"changed": false, "module_stderr": "Shared connection to host1.example.com closed.\r\n", "module_stdout": "sudo: a password is required\r\n", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}
   6:
	to retry, use: --limit @/tmp/foreman-playbook-2b28a84b-aaa9-49df-b1ea-e0d84dd74e38.retry
   7:
   8:
PLAY RECAP *********************************************************************
   9:
host1.example.com : ok=0    changed=0    unreachable=0    failed=1   
  10:
  11:
Exit status: 2
----

>>> ansible job fails correctly with the same message as described in reproducer

Comment 29 errata-xmlrpc 2019-05-14 12:39:37 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:1222