Bug 2171876

Summary: Add steps in the Ansible doc, on how to use Ansible Vault with Red Hat Satellite 6.
Product: Red Hat Satellite Reporter: Satyajit Das <sadas>
Component: DocumentationAssignee: Zuzana Lena Ansorgova <zuansorg>
Documentation sub component: default QA Contact:
Status: CLOSED CURRENTRELEASE Docs Contact:
Severity: unspecified    
Priority: medium CC: zuansorg
Version: 6.13.0Keywords: Triaged
Target Milestone: Unspecified   
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-05-15 15:30:35 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Satyajit Das 2023-02-20 17:05:32 UTC 
Document URL: 

https://dxp-docp-prod.apps.ext-waf.spoke.prod.us-west-2.aws.paas.redhat.com/documentation/en-us/red_hat_satellite/6.13/html-single/managing_configurations_using_ansible_integration_in_red_hat_satellite/index?lb_target=preview&check_logged_in=1

Section Number and Name: 

1.2. Configuring your Deployment to Run Ansible Roles


Describe the issue: 

Execution of the Ansible role fails, if variables are encrypted with Ansible Vault

Exception:- If the permission is not set correctly the execution will fail as below:-
~~~~~~~~~~
 196:
TASK [Apply roles] *************************************************************
 197:
ERROR! an error occurred while trying to read the file '/etc/ansible/roles/motd/vars/main.yml': [Errno 13] Permission denied: b'/etc/ansible/roles/motd/vars/main.yml'. [Errno 13] Permission denied: b'/etc/ansible/roles/motd.1/vars/main.yml'
 198:
Exit status: 4
 199:
StandardError: Job execution failed
~~~~~~~~~~

To fix the issue, I updated the permission of the Ansible role by executing the below command:-

# cd  /etc/ansible/roles/
# chown -R foreman-proxy:foreman-proxy motd


After updating the permission the Ansible role executed without any issues.

Suggestions for improvement: 


Update section (1.2. Configuring your Deployment to Run Ansible Roles) in the doc, on how to import Ansible role with encrypted variable + what permissions are required, where, and how to reference vault_password_file with the required permission.


Additional information:
Comment 2 Zuzana Lena Ansorgova 2023-03-07 12:12:03 UTC 
@sadas Hi! We have a KCS article about Ansible Vault: https://access.redhat.com/solutions/4088231
Would it be sufficient to link to this article instead of moving the procedure into the docs?
I have created an update of the article for 6.13 that should be published with 6.13.
Comment 3 Zuzana Lena Ansorgova 2023-03-13 17:47:09 UTC 
Agreed with a SME to add it to the docs.
Comment 4 Zuzana Lena Ansorgova 2023-03-14 14:11:31 UTC 
https://github.com/theforeman/foreman-documentation/pull/2058
Comment 7 Zuzana Lena Ansorgova 2023-05-15 15:30:35 UTC 
Published: https://access.redhat.com/documentation/en-us/red_hat_satellite/6.13/html/managing_configurations_using_ansible_integration_in_red_hat_satellite/getting_started_with_ansible_in_satellite_ansible#using-ansible-vault-with-satellite_ansible