Description of problem: Ansible roles can not be imported when 'roles_path' is defined in /etc/ansible/ansible.cfg Version-Release number of selected component (if applicable): I have tested on 6.7 and 6.8 How reproducible: 100% Steps to Reproduce: 1. Edit /etc/ansible/ansible.cfg by defining the 'roles_path' variable. Eg.: roles_path = /root/git/ansible/roles 2. Try to import ansible roles by going to Satellite webUI -> Configure -> Roles(under Ansible section) Actual results: we get a message saying "No changes in roles detected on <sat/capsule>" Expected results: The Ansible roles should be found under /etc/ansible/roles and listed in the WebUI to be imported. Additional info: It seems the /etc/ansible/ansible.cfg takes precedence over /etc/foreman-proxy/ansible.cfg in '/opt/theforeman/tfm/root/usr/share/gems/gems/smart_proxy_ansible-3.0.1/lib/smart_proxy_ansible/roles_reader.rb'
Created redmine issue https://projects.theforeman.org/issues/31489 from this bug
This bug is resolved and therefor closing.
Failed QA on Satellite 6.10, snap 14. Steps to Test: 1. Set the roles_path in /etc/ansible/ansible.cfg: # grep roles_path /etc/ansible/ansible.cfg roles_path = /root/ansible/roles 2. In the Satellite webUI, navigate to Configure > Roles. 3. Click the "Import from satellite.example.com" button and observe the number of roles available for import. 4. Unset the roles_path in /etc/ansible/ansible.cfg: # sed -i 's/roles_path/# roles_path/g' /etc/ansible/ansible.cfg 5. In the Satellite webUI, navigate to Configure > Roles. 6. Click the "Import from satellite.example.com" button and observe the number of roles available for import. Expected Results: The same number of roles are available for import regardless of whether the roles_path is set in /etc/ansible/ansible.cfg. Actual Results: With the roles_path set, 11 roles are available for import on an otherwise freshly-installed Satellite 6.10. Without the roles_path set, 14 roles are available for import. The difference is the three roles installed by default in /usr/share/ansible/roles. These are roles are available for import when the roles_path is not defined in /etc/ansible/ansible.cfg, but they are not available for import when the roles_path is defined in /etc/ansible/ansible.cfg. Additional Notes: It's unclear to me whether, after setting the roles_path in /etc/ansible/ansible.cfg and installing or creating roles in the roles_path directory, those roles should be available for import into Satellite. However, I found this not to be the case. For example: ~~~ # grep roles_path /etc/ansible/ansible.cfg roles_path = /root/ansible/roles # ansible-galaxy install redhatinsights.insights-client - downloading role 'insights-client', owned by redhatinsights - downloading role from https://github.com/RedHatInsights/insights-client-role/archive/v1.7.2.tar.gz - extracting redhatinsights.insights-client to /root/ansible/roles/redhatinsights.insights-client - redhatinsights.insights-client (v1.7.2) was installed successfully ~~~ The role was installed to the roles_path directory as expected, but it was not subsequently available for import into Satellite.
The current behavior for roles import is as follows: * capsule reads content of /etc/ansible/ansible.cfg * if no 'roles_path' entry in config is found, it uses default paths /etc/ansible/roles:/usr/share/ansible/roles * if 'roles_path' entry is found, capsule imports from paths specified Roles import is restricted by permissions/SELinux context, so having 'roles_path = /root/git/ansible/roles' is expected not to import any roles as capsule process is not allowed to access /root It is possible to import roles from a custom folder with correct permissions: * mkdir -p /tmp/ansible/roles * chown -R foreman-proxy:foreman-proxy /tmp/ansible * add 'roles_path = /tmp/ansible/roles' to /etc/ansible/ansible.cfg * ansible-galaxy install -p /tmp/ansible/roles some.role * import However when a role from a custom location is assigned to a host and 'play ansible roles' action triggered, then job execution is complaining about the role not being found. That is caused by job execution using /usr/share/foreman-proxy/.ansible.cfg with its own roles_path. This behavior has been present for a long time and we would like to change it in the future, but it will not be for 6.10.
*** Bug 1825268 has been marked as a duplicate of this bug. ***
Upstream bug assigned to dmatoule