Bug 1693607
| Summary: | Ensure that the role can be run against a remote host as a regular user with become: true on the whole role | ||
|---|---|---|---|
| Product: | [oVirt] ovirt-ansible-collection | Reporter: | Simone Tiraboschi <stirabos> |
| Component: | hosted-engine-setup | Assignee: | Simone Tiraboschi <stirabos> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Liran Rotenberg <lrotenbe> |
| Severity: | medium | Docs Contact: | Tahlia Richardson <trichard> |
| Priority: | medium | ||
| Version: | unspecified | CC: | bugs, dfediuck |
| Target Milestone: | ovirt-4.3.3 | Flags: | dfediuck:
ovirt-4.3+
|
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | ovirt-ansible-hosted-engine-setup-1.0.15-1 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-04-16 13:58:15 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | Integration | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Verified on: ovirt-ansible-hosted-engine-setup-1.0.15-1.el7ev.noarch Steps of verfication: 1. Create a user both on the machine and on the remote host # adduser username # passwd username 2. Connect as the user, add ssh connection to the remote host # ssh-keygen # ssh-copy-id remotehost 3. Add the user to sudoers in the remote host # vi /etc/sudoers Add in the bottom: username ALL=(ALL) NOPASSWD: ALL It can be checked with the user, Connect to the remote host as the user and run: # sudo su A password shouldn't be required. 4. Run the deployment on the remote host as usual when connected to the machine as the new user. # ansible-playbook -i remote_host, hosted_engine_deploy.yml --extra-vars='@deployment.json' --extra-vars='@passwords.yml' --ask-vault-pass Note: hosted_engine_deploy.yml should be made as mentioned in comment #0. --- - name: Deploy oVirt hosted engine hosts: c76he20190321h1.localdomain become: true become_user: root roles: - role: ovirt.hosted_engine_setup 5. Check that the deployment succeed. Results: The deployment succeed when running the deployment on a remote host without using root user. This bugzilla is included in oVirt 4.3.3 release, published on April 16th 2019. Since the problem described in this bug report should be resolved in oVirt 4.3.3 release, it has been closed with a resolution of CURRENT RELEASE. If the solution does not work for you, please open a new bug report. |
Description of problem: Ensure that the role can be run against a remote host as a regular user with become: true on the whole role and not just as root user. Version-Release number of selected component (if applicable): How reproducible: 100% Steps to Reproduce: 1. use one machine as the ansible controler to deploy over a remote host 2. the unprivileged user should have key based access to the the remote host 3. the unprivileged user should be able to run password less sudo on the remote host 4. prepare a playbook with something like: --- - name: Deploy oVirt hosted engine hosts: c76he20190321h1.localdomain become: true become_user: root roles: - role: ovirt.hosted_engine_setup 5. ansible-playbook should run as unprivileged user on the ansible controller machine Actual results: The setup fails with: fatal: [foo.example.com -> localhost]: FAILED! => changed=false module_stderr: |- sudo: a password is required module_stdout: '' msg: |- MODULE FAILURE See stdout/stderr for the exact error rc: 1 Expected results: successful deployment over the remote host Additional info: workaround: run the playbook as root