Bug 1839466
| Summary: | [ansible-freeipa] Default vault type accepting public key in the vault module. | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Varun Mylaraiah <mvarun> |
| Component: | ansible-freeipa | Assignee: | Rafael Jeffman <rjeffman> |
| Status: | CLOSED ERRATA | QA Contact: | ipa-qe <ipa-qe> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 8.3 | CC: | rjeffman, twoerner |
| Target Milestone: | rc | Flags: | pm-rhel:
mirror+
|
| Target Release: | 8.0 | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | ansible-freeipa-0.1.11-1 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-11-04 02:46:35 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
There is an upstream PR with a fix: https://github.com/freeipa/ansible-freeipa/pull/263 Upstream PR was merged. Verified
ansible-freeipa-0.1.12-5.el8.noarch
Automation test result:
ansible-freeipa-tests/ansible_freeipa_tests/vault_module.py::TestMiscellaneousVaultTests::()::test_default_vault_add_with_public_key
------------------------------ Captured log call -------------------------------
channel.py 1212 DEBUG [chan 89] Max packet in: 32768 bytes
channel.py 1212 DEBUG [chan 89] Max packet out: 32768 bytes
transport.py 1819 DEBUG Secsh channel 89 opened.
transport.py 318 INFO RUN ['kinit', 'admin']
transport.py 519 DEBUG RUN ['kinit', 'admin']
channel.py 1212 DEBUG [chan 89] Sesch channel 89 request ok
transport.py 563 DEBUG -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py 563 DEBUG -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
transport.py 563 DEBUG Password for admin:
channel.py 1212 DEBUG [chan 89] EOF received (89)
channel.py 1212 DEBUG [chan 89] EOF sent (89)
transport.py 217 DEBUG Exit code: 0
channel.py 1212 DEBUG [chan 90] Max packet in: 32768 bytes
channel.py 1212 DEBUG [chan 90] Max packet out: 32768 bytes
transport.py 1819 DEBUG Secsh channel 90 opened.
transport.py 318 INFO RUN ['ipa', 'vault-find']
transport.py 519 DEBUG RUN ['ipa', 'vault-find']
channel.py 1212 DEBUG [chan 90] Sesch channel 90 request ok
transport.py 563 DEBUG -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py 563 DEBUG -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
transport.py 563 DEBUG ----------------
transport.py 563 DEBUG 2 vaults matched
transport.py 563 DEBUG ----------------
transport.py 563 DEBUG Vault name: 17stdvault
transport.py 563 DEBUG Type: standard
transport.py 563 DEBUG Vault user: admin
transport.py 563 DEBUG
transport.py 563 DEBUG Vault name: 21stdvault
transport.py 563 DEBUG Type: standard
transport.py 563 DEBUG Vault user: admin
transport.py 563 DEBUG ----------------------------
transport.py 563 DEBUG Number of entries returned 2
transport.py 563 DEBUG ----------------------------
channel.py 1212 DEBUG [chan 90] EOF received (90)
channel.py 1212 DEBUG [chan 90] EOF sent (90)
transport.py 217 DEBUG Exit code: 0
channel.py 1212 DEBUG [chan 91] Max packet in: 32768 bytes
channel.py 1212 DEBUG [chan 91] Max packet out: 32768 bytes
transport.py 1819 DEBUG Secsh channel 91 opened.
transport.py 318 INFO RUN ['kdestroy', '-A']
transport.py 519 DEBUG RUN ['kdestroy', '-A']
channel.py 1212 DEBUG [chan 91] Sesch channel 91 request ok
transport.py 563 DEBUG -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py 563 DEBUG -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
channel.py 1212 DEBUG [chan 91] EOF received (91)
channel.py 1212 DEBUG [chan 91] EOF sent (91)
transport.py 217 DEBUG Exit code: 0
transport.py 293 INFO WRITE inventory/vault.hosts
sftp.py 158 DEBUG [chan 0] open(b'inventory/vault.hosts', 'wb')
sftp.py 158 DEBUG [chan 0] open(b'inventory/vault.hosts', 'wb') -> 00000000
sftp.py 158 DEBUG [chan 0] close(00000000)
transport.py 329 INFO PUT vault_module.yml
sftp.py 158 DEBUG [chan 0] open(b'vault_module.yml', 'wb')
sftp.py 158 DEBUG [chan 0] open(b'vault_module.yml', 'wb') -> 00000000
sftp.py 158 DEBUG [chan 0] close(00000000)
sftp.py 158 DEBUG [chan 0] stat(b'vault_module.yml')
channel.py 1212 DEBUG [chan 19] Max packet in: 32768 bytes
channel.py 1212 DEBUG [chan 19] Max packet out: 32768 bytes
transport.py 1819 DEBUG Secsh channel 19 opened.
transport.py 318 INFO RUN ['ansible-playbook', '--ssh-extra-args="-o StrictHostKeyChecking=no"', '-vv', '-i', 'inventory/vault.hosts', 'vault_module.yml']
transport.py 519 DEBUG RUN ['ansible-playbook', '--ssh-extra-args="-o StrictHostKeyChecking=no"', '-vv', '-i', 'inventory/vault.hosts', 'vault_module.yml']
channel.py 1212 DEBUG [chan 19] Sesch channel 19 request ok
transport.py 563 DEBUG -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py 563 DEBUG -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
transport.py 563 DEBUG ansible-playbook 2.9.11
transport.py 563 DEBUG config file = /root/ansible.cfg
transport.py 563 DEBUG configured module search path = ['/root/ansible-freeipa/plugins/modules', '/usr/share/ansible/plugins/modules']
transport.py 563 DEBUG ansible python module location = /usr/lib/python3.6/site-packages/ansible
transport.py 563 DEBUG executable location = /usr/bin/ansible-playbook
transport.py 563 DEBUG python version = 3.6.8 (default, Jun 26 2020, 12:10:09) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]
transport.py 563 DEBUG Using /root/ansible.cfg as config file
transport.py 563 DEBUG
transport.py 563 DEBUG PLAYBOOK: vault_module.yml *****************************************************
transport.py 563 DEBUG 1 plays in vault_module.yml
transport.py 563 DEBUG
transport.py 563 DEBUG PLAY [Playbook to ensure the error message is correctly displayed while adding default vault with public key.] ***
transport.py 563 DEBUG
transport.py 563 DEBUG TASK [Gathering Facts] *********************************************************
transport.py 563 DEBUG task path: /root/vault_module.yml:2
transport.py 563 DEBUG ok: [master.ipadomain.test]
transport.py 563 DEBUG META: ran handlers
transport.py 563 DEBUG
transport.py 563 DEBUG TASK [ipavault] ****************************************************************
transport.py 563 DEBUG task path: /root/vault_module.yml:6
transport.py 563 DEBUG fatal: [master.ipadomain.test]: FAILED! => {"changed": false, "msg": "Symmetric vault requires password or password_file to store data or change `salt`."}
transport.py 563 DEBUG
transport.py 563 DEBUG PLAY RECAP *********************************************************************
transport.py 563 DEBUG master.ipadomain.test : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
transport.py 563 DEBUG
channel.py 1212 DEBUG [chan 19] EOF received (19)
channel.py 1212 DEBUG [chan 19] EOF sent (19)
transport.py 217 DEBUG Exit code: 2
channel.py 1212 DEBUG [chan 92] Max packet in: 32768 bytes
channel.py 1212 DEBUG [chan 92] Max packet out: 32768 bytes
transport.py 1819 DEBUG Secsh channel 92 opened.
transport.py 318 INFO RUN ['kinit', 'admin']
transport.py 519 DEBUG RUN ['kinit', 'admin']
channel.py 1212 DEBUG [chan 92] Sesch channel 92 request ok
transport.py 563 DEBUG -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py 563 DEBUG -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
transport.py 563 DEBUG Password for admin:
channel.py 1212 DEBUG [chan 92] EOF received (92)
channel.py 1212 DEBUG [chan 92] EOF sent (92)
transport.py 217 DEBUG Exit code: 0
channel.py 1212 DEBUG [chan 93] Max packet in: 32768 bytes
channel.py 1212 DEBUG [chan 93] Max packet out: 32768 bytes
transport.py 1819 DEBUG Secsh channel 93 opened.
transport.py 318 INFO RUN ['ipa', 'vault-find']
transport.py 519 DEBUG RUN ['ipa', 'vault-find']
channel.py 1212 DEBUG [chan 93] Sesch channel 93 request ok
transport.py 563 DEBUG -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py 563 DEBUG -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
transport.py 563 DEBUG ----------------
transport.py 563 DEBUG 2 vaults matched
transport.py 563 DEBUG ----------------
transport.py 563 DEBUG Vault name: 17stdvault
transport.py 563 DEBUG Type: standard
transport.py 563 DEBUG Vault user: admin
transport.py 563 DEBUG
transport.py 563 DEBUG Vault name: 21stdvault
transport.py 563 DEBUG Type: standard
transport.py 563 DEBUG Vault user: admin
transport.py 563 DEBUG ----------------------------
transport.py 563 DEBUG Number of entries returned 2
transport.py 563 DEBUG ----------------------------
channel.py 1212 DEBUG [chan 93] EOF received (93)
channel.py 1212 DEBUG [chan 93] EOF sent (93)
transport.py 217 DEBUG Exit code: 0
channel.py 1212 DEBUG [chan 94] Max packet in: 32768 bytes
channel.py 1212 DEBUG [chan 94] Max packet out: 32768 bytes
transport.py 1819 DEBUG Secsh channel 94 opened.
transport.py 318 INFO RUN ['kdestroy', '-A']
transport.py 519 DEBUG RUN ['kdestroy', '-A']
channel.py 1212 DEBUG [chan 94] Sesch channel 94 request ok
transport.py 563 DEBUG -bash: line 1: cd: /root/multihost_tests: No such file or directory
transport.py 563 DEBUG -bash: line 2: /root/multihost_tests/env.sh: No such file or directory
channel.py 1212 DEBUG [chan 94] EOF received (94)
channel.py 1212 DEBUG [chan 94] EOF sent (94)
transport.py 217 DEBUG Exit code: 0
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (ansible-freeipa bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2020:4663 |
Description of problem: Default vault type accepting public key in the ansible-freeipa vault module Version-Release number of selected component (if applicable): ansible-freeipa-0.1.9-1 Steps to Reproduce: [root@ansible ~]# cat sy02_21.yaml --- - name: Test vault hosts: ipaserver tasks: - name: vault module testing ipavault: ipaadmin_password: <xxxxxx> name: syvault221 description: test sy pub_key public_key: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FDdGFudjRkK3ptSTZ0T3ova1RXdGowY3AxRAowUENoYy8vR0pJMTUzTi9CN3UrN0h3SXlRVlZoNUlXZG1UcCtkWXYzd09yeVpPbzYvbHN5eFJaZ2pZRDRwQ3VGCjlxM295VTFEMnFOZERYeGtSaFFETXBiUEVSWWlHbE1jbzdhN0hIVDk1bGNQbmhObVFkb3VGdHlVbFBUVS96V1kKZldYWTBOeU1UbUtoeFRseUV3SURBUUFCCi0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo= [root@master ~]# ipa vault-show syvault221 Vault name: syvault221 Description: test sy pub_key Type: symmetric Public key: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FDdGFudjRkK3ptSTZ0T3ova1RXdGowY3AxRAowUENoYy8vR0pJMTUzTi9CN3UrN0h3SXlRVlZoNUlXZG1UcCtkWXYzd09yeVpPbzYvbHN5eFJaZ2pZRDRwQ3VGCjlxM295VTFEMnFOZERYeGtSaFFETXBiUEVSWWlHbE1jbzdhN0hIVDk1bGNQbmhObVFkb3VGdHlVbFBUVS96V1kKZldYWTBOeU1UbUtoeFRseUV3SURBUUFCCi0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo= Owner users: admin Vault user: admin Actual results: The playbook should fail while adding default vault(Symmetric vault) with the public key Expected results: "Symmetric vault requires password or password_file to store data."