Bug 1468717 - Template changes required for provisioning callback configuration between Ansible Tower and Satellite should be in place
Template changes required for provisioning callback configuration between Ans...
Status: VERIFIED
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Provisioning Templates (Show other bugs)
6.3.0
Unspecified Unspecified
unspecified Severity high (vote)
: Beta
: --
Assigned To: Daniel Lobato Garcia
Sachin Ghai
: Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-07-07 13:34 EDT by Sachin Ghai
Modified: 2017-10-31 02:20 EDT (History)
6 users (show)

See Also:
Fixed In Version: foreman-1.15.6
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
sat6 CV, hostgroup_org associated to hosts as part of Tower inventory groups (65.53 KB, image/png)
2017-10-31 02:09 EDT, Sachin Ghai
no flags Details

  None (edit)
Description Sachin Ghai 2017-07-07 13:34:30 EDT
Description of problem:
Recently, I was testing Ansible Tower Integration feature w/ Satellite6.3. while testing I found that there are few changes needs to be done in "satellite Kickstart Default" template.

<% if @host.params['ansible_enabled'] == 'true' %> 
cat > /etc/systemd/system/ansible-callback.service << EOF
<%= snippet 'ansible_callback_service' %>EOF

# Runs during first boot, removes itself
/usr/bin/systemctl enable ansible-callback <% end -%>

and we need to add a snippet 'ansible_callback_service' manually. I strongly feel that we should have similar snippet readily available w/ the satellite6.



Version-Release number of selected component (if applicable):
sat6.3 snap5

How reproducible:


Steps to Reproduce:
1. Test provisioning callback w/ Ansible tower and satellite6
2.
3.

Actual results:
templates changes are required

Expected results:
No manual changes needs to be done.

Additional info:
Comment 3 Sachin Ghai 2017-07-07 13:44:01 EDT
Please note that pointed changes bz description is using systemd. so this is only applicable for rhel7 hosts. We need changes for rhel6 too.
Comment 4 Daniel Lobato Garcia 2017-08-10 11:28:05 EDT
This was merged upstream, 

https://github.com/theforeman/community-templates/commit/6a185ddc23fe120b02672426f94a4f8063305ed3, however without changes for RHEL6 yet. 

For 1.15.4 I hope the EL6 changes are in community-templates and can trickle down downstream.
Comment 6 Daniel Lobato Garcia 2017-09-27 12:38:38 EDT
https://github.com/theforeman/community-templates/pull/423 is under review now
Comment 10 Sachin Ghai 2017-10-25 07:25:20 EDT
Thank you for fix Daniel.

I verified w/ sat6.3 snap21 and found that we have added 3 snippet as below:

a) ansible_provisioning_callback
b) ansible_tower_callback_script 
c) ansible_tower_callback_service 


However, I don't see the call to any of these snippets to following templates:

1) Satellite Kickstart default
2) Satellite Kickstart Default Finish


Though, I see "Katello Kickstart Finish" template updated w/ below:

<% if host_param_true?('ansible_tower_provisioning') -%>
<%= save_to_file('/root/ansible_provisioning_call.sh', snippet('ansible_tower_callback_script')) %>
./root/ansible_provisioning_call.sh
<% end -%>


I think we should update "Satellite Kickstart default" and "Satellite Kickstart Default Finish" w/ a call to ansible_callback snippet.
Comment 11 Sachin Ghai 2017-10-25 07:33:52 EDT
To test the changes:

I integrated the Tower w/ satellite6.3 and provisioned some hosts by manually updating the satellite kickstart default template. However, provisioning call_back doesn't work though I can run the playbook on satellite hosts through tower but not through provisioning callback.


on manually running the callback through curl cmd throws error:
==============================================================

---
# /usr/bin/curl  -k -s --data "host_config_key=ebeeb8fe0f0a68db1b64ca0c03bb2acf" https://sat6ansibletower/api/v2/job_templates/8/callback/
{"msg":"Cannot start automatically, user input required!"}

---

On checking status: getting same msg:
=================================

# systemctl status ansible-callback.service
● ansible-callback.service - Provisioning callback to Ansible Tower
   Loaded: loaded (/etc/systemd/system/ansible-callback.service; disabled; vendor preset: disabled)
   Active: inactive (dead)

Oct 25 10:16:28 satellite_host1 systemd[1]: Starting Provisioning callback to Ansible Tower...
Oct 25 10:16:38 satellite_host1 curl[1037]: {"msg":"No matching host could be found!"}
Oct 25 10:16:38 satellite_host1 systemctl[3919]: Removed symlink /etc/systemd/system/multi-user.target.wants/ansible-callback.service.
Oct 25 10:16:38 satellite_host1 systemd[1]: Started Provisioning callback to Ansible Tower.
Oct 25 10:58:36 satellite_host1 systemd[1]: Starting Provisioning callback to Ansible Tower...
Oct 25 10:58:36 satellite_host1 curl[12087]: {"msg":"Cannot start automatically, user input required!"}
Oct 25 10:58:36 satellite_host1 systemd[1]: Started Provisioning callback to Ansible Tower.
Comment 12 Daniel Lobato Garcia 2017-10-26 05:03:49 EDT
It's true the templates are not in the Satellite templates yet, as the templates landed in Foreman but not Katello which has its own set of templates.

About the messages you've got, I think they actually show the callback worked, but your job template requires user input. Can you make a job template in Tower that does NOT require user input?
Comment 13 Sachin Ghai 2017-10-26 07:02:44 EDT
Thank you Daniel for reply.

I updated the job template and now provisioning callback is working fine. Here are the logs:

[root@sghairhel7ansiblehost2 tmp]# systemctl status ansible-callback.service
● ansible-callback.service - Provisioning callback to Ansible Tower
   Loaded: loaded (/etc/systemd/system/ansible-callback.service; disabled; vendor preset: disabled)
   Active: inactive (dead)

Oct 26 10:07:53 satellite_host1 systemd[1]: Starting Provisioning callback to Ansible Tower...
Oct 26 10:07:53 satellite_host1 curl[30512]: {"msg":"Host callback job already pending."}
Oct 26 10:07:53 satellite_host1 systemd[1]: Started Provisioning callback to Ansible Tower.
Oct 26 10:08:52 satellite_host1 systemd[1]: Starting Provisioning callback to Ansible Tower...
Oct 26 10:08:53 satellite_host1 systemd[1]: Started Provisioning callback to Ansible Tower.
Oct 26 10:09:04 satellite_host1 systemd[1]: Starting Provisioning callback to Ansible Tower...
Oct 26 10:09:05 satellite_host1 curl[30844]: {"msg":"Host callback job already pending."}
Oct 26 10:09:05 satellite_host1 systemd[1]: Started Provisioning callback to Ansible Tower.
Oct 26 11:00:34 satellite_host1 systemd[1]: Starting Provisioning callback to Ansible Tower...
Oct 26 11:00:35 satellite_host1 systemd[1]: Started Provisioning callback to Ansible Tower.
Comment 14 Sachin Ghai 2017-10-26 07:08:36 EDT
on rhel6 node:

User will get sh ansible_provisioning_call.sh scripts that actually does provisioning callbacks and works on rhel6 hosts too.

Calling Ansible AWX/Tower provisioning callback...
* About to connect() to Tower_host1 port 443 (#0)
*   Trying 10.8.246.59... connected
* Connected to Tower_host1 (10.8.246.59) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* warning: ignoring value of ssl.verifyhost
* skipping SSL peer certificate verification
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
* 	subject: CN=localhost
* 	start date: Oct 05 10:28:46 2017 GMT
* 	expire date: Jul 20 10:28:46 2291 GMT
* 	common name: localhost
* 	issuer: CN=localhost
> POST /api/v2/job_templates/8/callback/ HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: Tower_host1
> Accept: */*
> Content-Length: 48
> Content-Type: application/x-www-form-urlencoded
> 
< HTTP/1.1 201 CREATED
< Server: nginx/1.10.2
< Date: Thu, 26 Oct 2017 11:05:13 GMT
< Transfer-Encoding: chunked
< Connection: keep-alive
< X-API-Time: 0.225s
< Allow: GET, POST, HEAD, OPTIONS
< Content-Language: en
< Vary: Accept, Accept-Language, Cookie
< Location: https://Tower_host1/api/v2/jobs/43/
< X-API-Node: localhost
< Strict-Transport-Security: max-age=15768000
< X-Frame-Options: DENY
< 
* Connection #0 to host Tower_host1 left intact
* Closing connection #0
DONE
Comment 15 Sachin Ghai 2017-10-26 07:09:50 EDT
Assigning back to have the changes in satellite templates ( Kickstart and finish). thanks for the changes.
Comment 19 Sachin Ghai 2017-10-31 02:04:12 EDT
Verified w/ sat6.3 snap22. Satellite Templates changes are in place. Thank you Daniel, Marek.


QE tested Integration w/ ansible Tower 3.2.0 (Ansible 2.3.2.0). Tower was configured w/ satellite6 provider and a job template was defined in Tower for provisioning callback to run a playbook on satellite hosts during post provisioning phase.

Satellite Kikcstart default and Satellite kickstart default Finish templates are updated w/ required snippets.

Satellite is updated w/ below snippets:

a) ansible_provisioning_callback
b) ansible_tower_callback_script 
c) ansible_tower_callback_service 


User needs to define below 4 parameters at host or hostgroup level:

 ansible_tower_provisioning => true
 ansible_tower_fqdn => TOWER_FQDN
 ansible_job_template_id => TEMPLATE_ID(get it from Tower)
 ansible_host_config_key => CONFIG_KEY(get it from Tower Job template)


Dynamic_Inventory:
===========================

Dynamic inventory of host and hostgroup is working fine. We can see satellite hosts and hostgroups in Tower. Please see attached screenshot
Comment 21 Sachin Ghai 2017-10-31 02:09 EDT
Created attachment 1345721 [details]
sat6 CV, hostgroup_org associated to hosts as part of Tower inventory groups
Comment 23 Sachin Ghai 2017-10-31 02:19:34 EDT
In case of network-based provisioning, satellite kickstart default template is updated w/ a call to ansible_provisioning_callback snippet.

on rhel7 host, systemd service is defined:

[root@sghairhel7ansibletemplatefix tmp]# systemctl start ansible-callback
[root@sghairhel7ansibletemplatefix tmp]# systemctl status ansible-callback
● ansible-callback.service - Provisioning callback to Ansible Tower
   Loaded: loaded (/etc/systemd/system/ansible-callback.service; disabled; vendor preset: disabled)
   Active: inactive (dead)

Oct 30 12:24:18SAT_host systemd[1]: Starting Provisioning callback to Ansible Tower...
Oct 30 12:24:30SAT_host systemctl[4241]: Removed symlink /etc/systemd/system/multi-user.target.wants/ansible-callback.service.
Oct 30 12:24:30SAT_host systemd[1]: Started Provisioning callback to Ansible Tower.
Oct 30 16:16:02SAT_host systemd[1]: Starting Provisioning callback to Ansible Tower...
Oct 30 16:16:03SAT_host systemd[1]: Started Provisioning callback to Ansible Tower.

[root@sghairhel7ansibletemplatefix tmp]# ll
total 0
-rw-------. 1 root root  0 Oct 30 16:16 ansible.epXQrztemp

Note You need to log in before you can comment on or make changes to this bug.