Bug 1783948
| Summary: | [ansible-freeipa] Need better error message on the failure of removing members from allowed to create/retrieve a keytab in host module | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Varun Mylaraiah <mvarun> |
| Component: | ansible-freeipa | Assignee: | Thomas Woerner <twoerner> |
| Status: | CLOSED ERRATA | QA Contact: | ipa-qe <ipa-qe> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 8.2 | ||
| Target Milestone: | rc | ||
| Target Release: | 8.0 | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | ansible-freeipa-0.1.8-2.el8 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-04-28 16:01:56 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Here is the upstream PR: https://github.com/freeipa/ansible-freeipa/pull/174 Verified Manual execution console output: ================================ # rpm -q ansible-freeipa ansible-freeipa-0.1.8-3.el8.noarch [root@ansible ~]# cat bz948.yaml --- - name: Playbook to handle hosts hosts: ipaserver become: true tasks: - ipahost: ipaadmin_password: <xxxxxx> name: host1886.ipadomain.test allow_create_keytab_user: testuser2 state: absent [root@ansible ~]# ansible-playbook -vv -i inventory/server.hosts bz948.yaml ansible-playbook 2.9.5 config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.6/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.6.8 (default, Dec 5 2019, 15:45:45) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)] Using /etc/ansible/ansible.cfg as config file PLAYBOOK: 948_nt.yaml ************************************************************************************************ 1 plays in 948_nt.yaml PLAY [Playbook to handle hosts] ************************************************************************************** TASK [Gathering Facts] *********************************************************************************************** task path: /root/948_nt.yaml:2 ok: [master.ipadomain.test] META: ran handlers TASK [ipahost] ******************************************************************************************************* task path: /root/948_nt.yaml:7 fatal: [master.ipadomain.test]: FAILED! => {"changed": false, "msg": "Argument 'allow_create_keytab_user' can only be used with action 'member' for state 'absent'"} PLAY RECAP *********************************************************************************************************** master.ipadomain.test : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0 Automated test console output: =============================== 2020-03-05T09:53:00 ansible_freeipa_tests/host_module.py::Testhost35::test_remove_keytab_member_without_action 2020-03-05T09:53:00 [1m-------------------------------- live log call ---------------------------------[0m 2020-03-05T09:53:00 [pytest_multihost.host.Host.master.ParamikoTransport] [32mINFO[0m RUN ['ipactl', 'status'] 2020-03-05T09:53:03 [pytest_multihost.host.Host.ansible.ParamikoTransport] [32mINFO[0m WRITE inventory/host.hosts 2020-03-05T09:53:03 [pytest_multihost.host.Host.ansible.ParamikoTransport] [32mINFO[0m PUT host_module.yml 2020-03-05T09:53:03 [pytest_multihost.host.Host.ansible.ParamikoTransport] [32mINFO[0m RUN ['ansible-playbook', '--ssh-extra-args="-o StrictHostKeyChecking=no"', '-vv', '-i', 'inventory/host.hosts', 'host_module.yml'] 2020-03-05T09:53:06 [32mPASSED[0m[36m [100%][0m Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:1705 |
Description of problem: Need better error message on the failure of removing members from allowed to create/retrieve a keytab in host module Version-Release number of selected component (if applicable): ansible-freeipa-0.1.7-1.el8.noarch How reproducible: 100% Steps to Reproduce: # cat allowtocreatekeytab1.yaml --- - name: Playbook to handle hosts hosts: ipaserver become: true tasks: - ipahost: ipaadmin_password: <xxxxxx> name: host16.ipadomain.test allow_create_keytab_user: testuser1,testuser2,testuser3,testuser4 state: absent # ansible-playbook -vv -i inventory/server.hosts allowtocreatekeytab1.yaml ansible-playbook 2.9.2 config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.6/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.6.8 (default, Dec 5 2019, 15:45:45) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)] Using /etc/ansible/ansible.cfg as config file PLAYBOOK: allowtocreatekeytab1.yaml ********************************************************************************** 1 plays in allowtocreatekeytab1.yaml PLAY [Playbook to handle hosts] ************************************************************************************** TASK [Gathering Facts] *********************************************************************************************** task path: /root/allowtocreatekeytab1.yaml:2 ok: [master.ipadomain.test] META: ran handlers TASK [ipahost] ******************************************************************************************************* task path: /root/allowtocreatekeytab1.yaml:8 fatal: [master.ipadomain.test]: FAILED! => {"changed": false, "msg": "Argument 'allow_create_keytab_user' can not be used with state 'absent'"} PLAY RECAP *********************************************************************************************************** master.ipadomain.test : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0 Actual results: TASK [ipahost] ******************************************************************************************************* task path: /root/allowtocreatekeytab1.yaml:8 fatal: [master.ipadomain.test]: FAILED! => {"changed": false, "msg": "Argument 'allow_create_keytab_user' can not be used with state 'absent'"} Expected results: It would be better to suggest "action: member" is required for using an absent state. Additional info: