Bug 1661483

Summary: Ansible Job Templates fails because sudo password is not provided even though it is
Product: Red Hat Satellite Reporter: Suraj Patil <supatil>
Component: Ansible - Configuration ManagementAssignee: Adam Ruzicka <aruzicka>
Status: CLOSED ERRATA QA Contact: Lukas Pramuk <lpramuk>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.4CC: egolov, hmore, nshaik, zhunting
Target Milestone: 6.5.0Keywords: Triaged
Target Release: Unused   
Hardware: All   
OS: Linux   
URL: https://projects.theforeman.org/issues/25764
Whiteboard:
Fixed In Version: tfm-rubygem-foreman_ansible-2.2.13 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-05-14 12:39:37 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Suraj Patil 2018-12-21 10:49:18 UTC 
Description of problem:

Ansible job template shows fatal: [client.example.com]: FAILED! => {"changed": false, "module_stderr": "Shared connection to client.example.com closed.\r\n", "module_stdout": "sudo: a password is required\r\n", "msg": "MODULE FAILURE", "rc": 1}

even though Sudo password is defined in Administer > settings > Remote Execution 

This works if we use any other template except ansible (eg - Run command - SSH template) 

Version-Release number of selected component (if applicable):
satellite 6.4

Steps to Reproduce:
1. Create user demo on the client system and add it in the sudoers file
2. On satellite in Administer > settings > Remote Execution.

SSH User = demo
Sudo password = password of Demo
Effective User = test

3. Run job from satellite to client using any ansible template. 

Actual results:
Fails with error 

[client.example.com]: FAILED! => {"changed": false, "module_stderr": "Shared connection to client.example.com closed.\r\n", "module_stdout": "sudo: a password is required\r\n", "msg": "MODULE FAILURE", "rc": 1}

Expected results:
Should successfully execute.
Comment 3 Bryan Kearney 2019-01-15 09:09:51 UTC 
Upstream bug assigned to aruzicka
Comment 4 Bryan Kearney 2019-01-15 09:09:52 UTC 
Upstream bug assigned to aruzicka
Comment 5 Bryan Kearney 2019-01-15 09:10:37 UTC 
Upstream bug assigned to aruzicka
Comment 6 Bryan Kearney 2019-01-15 09:10:39 UTC 
Upstream bug assigned to aruzicka
Comment 7 Bryan Kearney 2019-01-15 09:11:44 UTC 
Upstream bug assigned to aruzicka
Comment 8 Bryan Kearney 2019-01-15 09:12:41 UTC 
Upstream bug assigned to aruzicka
Comment 9 Bryan Kearney 2019-01-15 09:12:43 UTC 
Upstream bug assigned to aruzicka
Comment 10 Bryan Kearney 2019-01-15 09:13:37 UTC 
Upstream bug assigned to aruzicka
Comment 11 Bryan Kearney 2019-01-15 09:13:38 UTC 
Upstream bug assigned to aruzicka
Comment 12 Bryan Kearney 2019-01-15 09:14:47 UTC 
Upstream bug assigned to aruzicka
Comment 13 Bryan Kearney 2019-01-15 09:14:48 UTC 
Upstream bug assigned to aruzicka
Comment 15 Bryan Kearney 2019-01-15 09:15:45 UTC 
Upstream bug assigned to aruzicka
Comment 16 Bryan Kearney 2019-01-15 09:15:46 UTC 
Upstream bug assigned to aruzicka
Comment 17 Bryan Kearney 2019-01-15 09:16:52 UTC 
Upstream bug assigned to aruzicka
Comment 18 Bryan Kearney 2019-01-15 09:16:53 UTC 
Upstream bug assigned to aruzicka
Comment 19 Bryan Kearney 2019-01-15 09:18:01 UTC 
Upstream bug assigned to aruzicka
Comment 20 Bryan Kearney 2019-01-15 09:18:02 UTC 
Upstream bug assigned to aruzicka
Comment 21 Bryan Kearney 2019-01-15 09:18:49 UTC 
Upstream bug assigned to aruzicka
Comment 22 Bryan Kearney 2019-01-15 09:18:50 UTC 
Upstream bug assigned to aruzicka
Comment 23 Bryan Kearney 2019-01-25 21:09:30 UTC 
Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/25764 has been resolved.
Comment 24 Lukas Pramuk 2019-04-23 17:11:41 UTC 
VERIFIED.

@satellite-6.5.0-11.el7sat.noarch
tfm-rubygem-foreman_ansible-2.2.14-2.el7sat.noarch

by extending the manual reproducer described in comment#0:

1. @HOST: Create user demo and add it in the sudoers file

# adduser demo
# passwd demo --stdin <<<demo
# echo 'demo	ALL=(ALL)	ALL' >> /etc/sudoers

2. @SAT: Change Administer > Settings > Remote Execution settingd

SSH User  [ demo ]
Sudo password  [ demo ]
Effective User  [ root ]

3. Run the REX job using any ansible template. 
----
   1:
   2:
PLAY [all] *********************************************************************
   3:
   4:
TASK [Gathering Facts] *********************************************************
   5:
ok: [host1.example.com]
   6:
   7:
TASK [shell] *******************************************************************
   8:
changed: [host1.example.com]
   9:
  10:
TASK [debug] *******************************************************************
  11:
ok: [host1.example.com] => {
  12:
    "out": {
  13:
        "changed": true, 
  14:
        "cmd": "id", 
  15:
        "delta": "0:00:00.005761", 
  16:
        "end": "2019-04-23 12:17:28.547989", 
  17:
        "failed": false, 
  18:
        "rc": 0, 
  19:
        "start": "2019-04-23 12:17:28.542228", 
  20:
        "stderr": "", 
  21:
        "stderr_lines": [], 
  22:
        "stdout": "uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023", 
  23:
        "stdout_lines": [
  24:
            "uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023"
  25:
        ]
  26:
    }
  27:
}
  28:
  29:
PLAY RECAP *********************************************************************
  30:
host1.example.com : ok=3    changed=1    unreachable=0    failed=0   
  31:
  32:
Exit status: 0
----

>>> ansible job run successfully
Comment 25 Lukas Pramuk 2019-04-23 17:18:32 UTC 
4. @SAT: Change Administer > Settings > Remote Execution settings

SSH User  [ demo ]
Sudo password  [ badbadbad ]
Effective User  [ root ]

5. Run the REX job using any ansible template.
----
   1:
   2:
PLAY [all] *********************************************************************
   3:
   4:
TASK [Gathering Facts] *********************************************************
   5:
fatal: [host1.example.com]: FAILED! => {"msg": "Incorrect sudo password"}
   6:
	to retry, use: --limit @/tmp/foreman-playbook-227311a0-64b8-432a-96ac-447985733195.retry
   7:
   8:
PLAY RECAP *********************************************************************
   9:
host1.example.com : ok=0    changed=0    unreachable=0    failed=1   
  10:
  11:
Exit status: 2
----

>>> ansible job fails correctly with reasonable message to the user
Comment 26 Lukas Pramuk 2019-04-23 17:22:57 UTC 
6. @SAT: Change Administer > Settings > Remote Execution settings

SSH User  [ demo ]
Sudo password  [ ] (empty)
Effective User  [ root ]

7. Run the REX job using any ansible template.
----
   1:
   2:
PLAY [all] *********************************************************************
   3:
   4:
TASK [Gathering Facts] *********************************************************
   5:
fatal: [host1.example.com]: FAILED! => {"changed": false, "module_stderr": "Shared connection to host1.example.com closed.\r\n", "module_stdout": "sudo: a password is required\r\n", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}
   6:
	to retry, use: --limit @/tmp/foreman-playbook-2b28a84b-aaa9-49df-b1ea-e0d84dd74e38.retry
   7:
   8:
PLAY RECAP *********************************************************************
   9:
host1.example.com : ok=0    changed=0    unreachable=0    failed=1   
  10:
  11:
Exit status: 2
----

>>> ansible job fails correctly with the same message as described in reproducer
Comment 29 errata-xmlrpc 2019-05-14 12:39:37 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:1222