Bug 1661483 - Ansible Job Templates fails because sudo password is not provided even though it is
Summary: Ansible Job Templates fails because sudo password is not provided even though...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Ansible
Version: 6.4
Hardware: All
OS: Linux
unspecified
medium vote
Target Milestone: Released
Assignee: Adam Ruzicka
QA Contact: Lukas Pramuk
URL: https://projects.theforeman.org/issue...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-12-21 10:49 UTC by Suraj Patil
Modified: 2019-10-07 17:13 UTC (History)
4 users (show)

Fixed In Version: tfm-rubygem-foreman_ansible-2.2.13
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-05-14 12:39:37 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2019:1222 None None None 2019-05-14 12:39:45 UTC
Foreman Issue Tracker 25764 None None None 2019-01-02 09:47:07 UTC
Red Hat Knowledge Base (Solution) 3794731 None None None 2019-01-09 16:46:53 UTC

Description Suraj Patil 2018-12-21 10:49:18 UTC
Description of problem:

Ansible job template shows fatal: [client.example.com]: FAILED! => {"changed": false, "module_stderr": "Shared connection to client.example.com closed.\r\n", "module_stdout": "sudo: a password is required\r\n", "msg": "MODULE FAILURE", "rc": 1}

even though Sudo password is defined in Administer > settings > Remote Execution 

This works if we use any other template except ansible (eg - Run command - SSH template) 

Version-Release number of selected component (if applicable):
satellite 6.4

Steps to Reproduce:
1. Create user demo on the client system and add it in the sudoers file
2. On satellite in Administer > settings > Remote Execution.

SSH User = demo
Sudo password = password of Demo
Effective User = test

3. Run job from satellite to client using any ansible template. 

Actual results:
Fails with error 

[client.example.com]: FAILED! => {"changed": false, "module_stderr": "Shared connection to client.example.com closed.\r\n", "module_stdout": "sudo: a password is required\r\n", "msg": "MODULE FAILURE", "rc": 1}

Expected results:
Should successfully execute.

Comment 3 Bryan Kearney 2019-01-15 09:09:51 UTC
Upstream bug assigned to aruzicka@redhat.com

Comment 4 Bryan Kearney 2019-01-15 09:09:52 UTC
Upstream bug assigned to aruzicka@redhat.com

Comment 5 Bryan Kearney 2019-01-15 09:10:37 UTC
Upstream bug assigned to aruzicka@redhat.com

Comment 6 Bryan Kearney 2019-01-15 09:10:39 UTC
Upstream bug assigned to aruzicka@redhat.com

Comment 7 Bryan Kearney 2019-01-15 09:11:44 UTC
Upstream bug assigned to aruzicka@redhat.com

Comment 8 Bryan Kearney 2019-01-15 09:12:41 UTC
Upstream bug assigned to aruzicka@redhat.com

Comment 9 Bryan Kearney 2019-01-15 09:12:43 UTC
Upstream bug assigned to aruzicka@redhat.com

Comment 10 Bryan Kearney 2019-01-15 09:13:37 UTC
Upstream bug assigned to aruzicka@redhat.com

Comment 11 Bryan Kearney 2019-01-15 09:13:38 UTC
Upstream bug assigned to aruzicka@redhat.com

Comment 12 Bryan Kearney 2019-01-15 09:14:47 UTC
Upstream bug assigned to aruzicka@redhat.com

Comment 13 Bryan Kearney 2019-01-15 09:14:48 UTC
Upstream bug assigned to aruzicka@redhat.com

Comment 15 Bryan Kearney 2019-01-15 09:15:45 UTC
Upstream bug assigned to aruzicka@redhat.com

Comment 16 Bryan Kearney 2019-01-15 09:15:46 UTC
Upstream bug assigned to aruzicka@redhat.com

Comment 17 Bryan Kearney 2019-01-15 09:16:52 UTC
Upstream bug assigned to aruzicka@redhat.com

Comment 18 Bryan Kearney 2019-01-15 09:16:53 UTC
Upstream bug assigned to aruzicka@redhat.com

Comment 19 Bryan Kearney 2019-01-15 09:18:01 UTC
Upstream bug assigned to aruzicka@redhat.com

Comment 20 Bryan Kearney 2019-01-15 09:18:02 UTC
Upstream bug assigned to aruzicka@redhat.com

Comment 21 Bryan Kearney 2019-01-15 09:18:49 UTC
Upstream bug assigned to aruzicka@redhat.com

Comment 22 Bryan Kearney 2019-01-15 09:18:50 UTC
Upstream bug assigned to aruzicka@redhat.com

Comment 23 Bryan Kearney 2019-01-25 21:09:30 UTC
Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/25764 has been resolved.

Comment 24 Lukas Pramuk 2019-04-23 17:11:41 UTC
VERIFIED.

@satellite-6.5.0-11.el7sat.noarch
tfm-rubygem-foreman_ansible-2.2.14-2.el7sat.noarch

by extending the manual reproducer described in comment#0:

1. @HOST: Create user demo and add it in the sudoers file

# adduser demo
# passwd demo --stdin <<<demo
# echo 'demo	ALL=(ALL)	ALL' >> /etc/sudoers

2. @SAT: Change Administer > Settings > Remote Execution settingd

SSH User  [ demo ]
Sudo password  [ demo ]
Effective User  [ root ]

3. Run the REX job using any ansible template. 
----
   1:
   2:
PLAY [all] *********************************************************************
   3:
   4:
TASK [Gathering Facts] *********************************************************
   5:
ok: [host1.example.com]
   6:
   7:
TASK [shell] *******************************************************************
   8:
changed: [host1.example.com]
   9:
  10:
TASK [debug] *******************************************************************
  11:
ok: [host1.example.com] => {
  12:
    "out": {
  13:
        "changed": true, 
  14:
        "cmd": "id", 
  15:
        "delta": "0:00:00.005761", 
  16:
        "end": "2019-04-23 12:17:28.547989", 
  17:
        "failed": false, 
  18:
        "rc": 0, 
  19:
        "start": "2019-04-23 12:17:28.542228", 
  20:
        "stderr": "", 
  21:
        "stderr_lines": [], 
  22:
        "stdout": "uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023", 
  23:
        "stdout_lines": [
  24:
            "uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023"
  25:
        ]
  26:
    }
  27:
}
  28:
  29:
PLAY RECAP *********************************************************************
  30:
host1.example.com : ok=3    changed=1    unreachable=0    failed=0   
  31:
  32:
Exit status: 0
----

>>> ansible job run successfully

Comment 25 Lukas Pramuk 2019-04-23 17:18:32 UTC
4. @SAT: Change Administer > Settings > Remote Execution settings

SSH User  [ demo ]
Sudo password  [ badbadbad ]
Effective User  [ root ]

5. Run the REX job using any ansible template.
----
   1:
   2:
PLAY [all] *********************************************************************
   3:
   4:
TASK [Gathering Facts] *********************************************************
   5:
fatal: [host1.example.com]: FAILED! => {"msg": "Incorrect sudo password"}
   6:
	to retry, use: --limit @/tmp/foreman-playbook-227311a0-64b8-432a-96ac-447985733195.retry
   7:
   8:
PLAY RECAP *********************************************************************
   9:
host1.example.com : ok=0    changed=0    unreachable=0    failed=1   
  10:
  11:
Exit status: 2
----

>>> ansible job fails correctly with reasonable message to the user

Comment 26 Lukas Pramuk 2019-04-23 17:22:57 UTC
6. @SAT: Change Administer > Settings > Remote Execution settings

SSH User  [ demo ]
Sudo password  [ ] (empty)
Effective User  [ root ]

7. Run the REX job using any ansible template.
----
   1:
   2:
PLAY [all] *********************************************************************
   3:
   4:
TASK [Gathering Facts] *********************************************************
   5:
fatal: [host1.example.com]: FAILED! => {"changed": false, "module_stderr": "Shared connection to host1.example.com closed.\r\n", "module_stdout": "sudo: a password is required\r\n", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}
   6:
	to retry, use: --limit @/tmp/foreman-playbook-2b28a84b-aaa9-49df-b1ea-e0d84dd74e38.retry
   7:
   8:
PLAY RECAP *********************************************************************
   9:
host1.example.com : ok=0    changed=0    unreachable=0    failed=1   
  10:
  11:
Exit status: 2
----

>>> ansible job fails correctly with the same message as described in reproducer

Comment 29 errata-xmlrpc 2019-05-14 12:39:37 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:1222


Note You need to log in before you can comment on or make changes to this bug.