Bug 1897707
| Summary: | Ansible roles cannot be imported when roles_path is defined under /etc/ansible/ansible.cfg | ||
|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | Rafael Cavalcanti <rcavalca> |
| Component: | Ansible - Configuration Management | Assignee: | satellite6-bugs <satellite6-bugs> |
| Status: | CLOSED WONTFIX | QA Contact: | Satellite QE Team <sat-qe-bz-list> |
| Severity: | low | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.10.0 | CC: | ahumbe, gardar.arnarsson, hakon.gislason, oezr |
| Target Milestone: | Unspecified | Keywords: | Reopened, Triaged |
| Target Release: | Unused | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2024-02-07 18:16:21 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Rafael Cavalcanti
2020-11-13 20:38:47 UTC
Created redmine issue https://projects.theforeman.org/issues/31489 from this bug This bug is resolved and therefor closing. Failed QA on Satellite 6.10, snap 14. Steps to Test: 1. Set the roles_path in /etc/ansible/ansible.cfg: # grep roles_path /etc/ansible/ansible.cfg roles_path = /root/ansible/roles 2. In the Satellite webUI, navigate to Configure > Roles. 3. Click the "Import from satellite.example.com" button and observe the number of roles available for import. 4. Unset the roles_path in /etc/ansible/ansible.cfg: # sed -i 's/roles_path/# roles_path/g' /etc/ansible/ansible.cfg 5. In the Satellite webUI, navigate to Configure > Roles. 6. Click the "Import from satellite.example.com" button and observe the number of roles available for import. Expected Results: The same number of roles are available for import regardless of whether the roles_path is set in /etc/ansible/ansible.cfg. Actual Results: With the roles_path set, 11 roles are available for import on an otherwise freshly-installed Satellite 6.10. Without the roles_path set, 14 roles are available for import. The difference is the three roles installed by default in /usr/share/ansible/roles. These are roles are available for import when the roles_path is not defined in /etc/ansible/ansible.cfg, but they are not available for import when the roles_path is defined in /etc/ansible/ansible.cfg. Additional Notes: It's unclear to me whether, after setting the roles_path in /etc/ansible/ansible.cfg and installing or creating roles in the roles_path directory, those roles should be available for import into Satellite. However, I found this not to be the case. For example: ~~~ # grep roles_path /etc/ansible/ansible.cfg roles_path = /root/ansible/roles # ansible-galaxy install redhatinsights.insights-client - downloading role 'insights-client', owned by redhatinsights - downloading role from https://github.com/RedHatInsights/insights-client-role/archive/v1.7.2.tar.gz - extracting redhatinsights.insights-client to /root/ansible/roles/redhatinsights.insights-client - redhatinsights.insights-client (v1.7.2) was installed successfully ~~~ The role was installed to the roles_path directory as expected, but it was not subsequently available for import into Satellite. The current behavior for roles import is as follows: * capsule reads content of /etc/ansible/ansible.cfg * if no 'roles_path' entry in config is found, it uses default paths /etc/ansible/roles:/usr/share/ansible/roles * if 'roles_path' entry is found, capsule imports from paths specified Roles import is restricted by permissions/SELinux context, so having 'roles_path = /root/git/ansible/roles' is expected not to import any roles as capsule process is not allowed to access /root It is possible to import roles from a custom folder with correct permissions: * mkdir -p /tmp/ansible/roles * chown -R foreman-proxy:foreman-proxy /tmp/ansible * add 'roles_path = /tmp/ansible/roles' to /etc/ansible/ansible.cfg * ansible-galaxy install -p /tmp/ansible/roles some.role * import However when a role from a custom location is assigned to a host and 'play ansible roles' action triggered, then job execution is complaining about the role not being found. That is caused by job execution using /usr/share/foreman-proxy/.ansible.cfg with its own roles_path. This behavior has been present for a long time and we would like to change it in the future, but it will not be for 6.10. *** Bug 1825268 has been marked as a duplicate of this bug. *** Upstream bug assigned to dmatoule Upon review of our valid but aging backlog the Satellite Team has concluded that this Bugzilla does not meet the criteria for a resolution in the near term, and are planning to close in a month. This message may be a repeat of a previous update and the bug is again being considered to be closed. If you have any concerns about this, please contact your Red Hat Account team. Thank you. Thank you for your interest in Red Hat Satellite. We have evaluated this request, and while we recognize that it is a valid request, we do not expect this to be implemented in the product in the foreseeable future. This is due to other priorities for the product, and not a reflection on the request itself. We are therefore closing this out as WONTFIX. If you have any concerns about this feel free to contact your Red Hat Account Team. Thank you. |