Bug 1940438

Summary: Revoking a token using ovirt_auth module fails hosted_engine_setup ansible role
Product: [oVirt] ovirt-ansible-collection Reporter: Katharina Kuhnert <katharina.kuhnert>
Component: hosted-engine-setupAssignee: Martin Necas <mnecas>
Status: CLOSED CURRENTRELEASE QA Contact: Guilherme Santos <gdeolive>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 1.4.0CC: aoconnor, bugs, gdeolive, mnecas, mperina, stirabos
Target Milestone: ovirt-4.4.5-1Flags: pm-rhel: ovirt-4.4+
aoconnor: blocker+
Target Release: 1.4.1   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: ovirt-ansible-collection-1.4.1 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-04-15 07:39:14 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
ovirt-hosted-engine-setup.log
none
ovirt-hosted-engine-setup-ansible-bootstrap_local_vm.log
none
ovirt-hosted-engine-setup-ansible-initial_clean.log
none
ovirt-hosted-engine-setup-ansible-final_clean.log
none
ovirt-hosted-engine-setup-ansible-get_network_interfaces.log none

Description Katharina Kuhnert 2021-03-18 12:14:51 UTC 
Created attachment 1764370 [details]
ovirt-hosted-engine-setup.log

Description of problem:

Running the hosted-engine deployment fails at task "TASK [ovirt.ovirt.hosted_engine_setup : Wait for the host to be up]".

Version-Release number of selected component (if applicable):

ovirt-hosted-engine-setup-2.4.9-1.el8.src.rpm
ovirt-ansible-hosted-engine-setup-1.1.8-1.el8.src.rpm

How reproducible:
I have this problem on 2 separate machines, RHEL8 and CentOS-Stream, in different networks failing both with the same error by 100%.

Steps to Reproduce:

1. run "sudo hosted-engine --deploy"
2. wait for the ansible task to fail

Actual results:

The ansible task "TASK: ovirt.ovirt.hosted_engine_setup : Always revoke the SSO token" fails with an error message: 

"msg": "You must specify either 'url' or 'hostname'."


Expected results:
The ansible task succeeds and the hosted engine VM starts.


Additional info:

By looking at the logs, an ansible task fails with an error:

2021-03-18 11:12:14,501+0100 ERROR ansible failed {
    "ansible_host": "localhost",
    "ansible_playbook": "/usr/share/ovirt-hosted-engine-setup/ansible/trigger_role.yml",
    "ansible_result": {
        "_ansible_no_log": false,
        "changed": false,
        "invocation": {
            "module_args": {
                "ca_file": null,
                "compress": true,
                "headers": null,
                "hostname": null,
                "insecure": null,
                "kerberos": false,
                "ovirt_auth": {
                    "ansible_facts": {
                        "ovirt_auth": {
                            "ca_file": null,
                            "compress": true,
                            "headers": null,
                            "insecure": true,
                            "kerberos": false,
                            "timeout": 0,
                            "token": "RoDLm6EkLh6c3sBZfajI5AEf4xsg-I3epR5celbKrjuGwtKoNz4PrYxzCNu3T9ioqkXuB-wsZ_2_QW0v6IeOIw",
                            "url": "https://ovirtv.thab.th-ab.de/ovirt-engine/api"
                        }
                    },
                    "attempts": 1,
                    "changed": false,
                    "failed": false
                },
                "password": null,
                "state": "absent",
                "timeout": 0,
                "token": null,
                "url": null,
                "username": null
            }
        },
        "msg": "You must specify either 'url' or 'hostname'."
    },
    "ansible_task": "Always revoke the SSO token",
    "ansible_type": "task",
    "status": "FAILED",
    "task_duration": 1
}
Comment 1 Katharina Kuhnert 2021-03-18 12:15:35 UTC 
Created attachment 1764371 [details]
ovirt-hosted-engine-setup-ansible-bootstrap_local_vm.log
Comment 2 RHEL Program Management 2021-03-19 10:40:17 UTC 
The documentation text flag should only be set after 'doc text' field is provided. Please provide the documentation text and set the flag to '?' again.
Comment 3 Martin Perina 2021-03-19 11:23:22 UTC 
Could you please attach complete logs? There is not enough information in the signle log you have attached. Thanks
Comment 4 Katharina Kuhnert 2021-03-19 11:56:24 UTC 
Created attachment 1764663 [details]
ovirt-hosted-engine-setup-ansible-initial_clean.log
Comment 5 Katharina Kuhnert 2021-03-19 11:56:54 UTC 
Created attachment 1764664 [details]
ovirt-hosted-engine-setup-ansible-final_clean.log
Comment 6 Katharina Kuhnert 2021-03-19 11:57:22 UTC 
Created attachment 1764665 [details]
ovirt-hosted-engine-setup-ansible-get_network_interfaces.log
Comment 7 Katharina Kuhnert 2021-03-19 11:59:23 UTC 
I have uploaded the missing logs from ovirt. Let me know if you need more information.
Comment 8 Katharina Kuhnert 2021-03-19 12:03:30 UTC 
(In reply to Martin Perina from comment #3)
> Could you please attach complete logs? There is not enough information in
> the signle log you have attached. Thanks

The content of the logfiles contains all data from one complete "hosted-engine --deploy" run. I had to redact the ip addresses due to legal restrictions. But otherwise, they contain everything I can provide. Is there any more specific information you require?
Comment 9 Martin Perina 2021-03-19 13:10:19 UTC 
Hmm, so it looks like that https://github.com/oVirt/ovirt-ansible-collection/pull/223 broke revoking of a token in ovirt_auth module. The problem seems to be in parameter fetching https://github.com/oVirt/ovirt-ansible-collection/blob/master/plugins/modules/ovirt_auth.py#L250 which passes below module parameters

  "ovirt_auth": {
    "ansible_facts": {
        "ovirt_auth": {
            "ca_file": null,
            "compress": true,
            "headers": null,
            "insecure": true,
            "kerberos": false,
            "timeout": 0,
            "token": "RoDL...",
            "url": "https://engine.example.com/ovirt-engine/api"
         }
    },
    "attempts": 1,
    "changed": false,
    "failed": false
  },

because actual parameters are in ovirt_auth.ansible_facts.ovirt_auth but method get_required_parameter searches for them only in ovirt_auth
Comment 10 Guilherme Santos 2021-04-12 17:04:31 UTC 
Verified on:
ovirt-ansible-collection-1.4.1-1.el8ev.noarch
ovirt-engine-4.4.5.11-0.1.el8ev.noarch

HE deployed successfully