search

StackStorm / ansible-st2

Ansible Roles and Playbooks to deploy StackStorm
https://galaxy.ansible.com/StackStorm/stackstorm/
Apache License 2.0
100 stars 75 forks source link

Installation on EL8 reports failure due to passlib not installed #312

Closed amanda11 closed 2 years ago

amanda11 commented 2 years ago

Since 29th May problems have been seen on installation with ansible and EL8. The ansible version in EPEL has moved to 5.x which installs python38.

Error reported:

       TASK [StackStorm.st2 : auth | Create htpasswd file] ****************************
       task path: /tmp/kitchen/roles/StackStorm.st2/tasks/auth.yml:34
       redirecting (type: modules) ansible.builtin.htpasswd to community.general.htpasswd
       An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ModuleNotFoundError: No module named 'passlib'
       fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed to import the required Python library (passlib) on a4b87b2336f8's Python /bin/python3.8. Please read the module documentation and install it in the appropriate location. If the required library is installed, but Ansible is using the wrong Python interpreter, please consult the documentation on ansible_python_interpreter"}

The problem is that the playbooks install python3-passlib which is a python 3.6 passlib module. But Ansible 5.x uses python3.8. There is no RPM built at moment for python3.8 passlib, see https://bugzilla.redhat.com/show_bug.cgi?id=2087268

amanda11 commented 2 years ago

The following workaround has been used successfully to install StackStorm using ansible 5.4 (from the EPEL repo):

  1. Install python36 on target boxes (e.g. sudo yum install python36)
  2. Create a hosts file and set ansible_python_interpreter to /usr/local/bin/python3.6 for the EL8 machines, e.g. localhost-py3 ansible_host=localhost ansible_connection=local ansible_python_interpreter=/usr/bin/python3.6
  3. Run standard ansible-st2 playbooks with the inventory file

This forces ansible to use python3.6 on the remote boxes, and therefore finds the correct passlib module. No other problems found.

amanda11 commented 2 years ago

Installing ansible via pip3 is not a workaround because:

  1. If insall ansible==2.9 via pip3 then this reports the family of rocky linux as "rocky" instead of redhat. So will not work for Rocky 8 installs. The EPEL release of ansible 2.9 had this patched, but for the pip3 versions it is only fixed in ansible 2.11
  2. Installing ansible-core==2.11 via pip3 doesn't work, as then some modules aren't found. e.g. rabbitmq_plugin is not found (but have to install the community colleciotn and then use community.rabbitmq.rabbitmq_plugin). But then found problems with the authorized_key module. So using this as a workaround was abandoned.
arm4b commented 2 years ago

There are some hints in the kitchen-ansible about how to specify the Ansible inventory, maybe that'll help with the workaround: https://github.com/neillturner/kitchen-ansible/blob/master/provisioner_options.md#ansible-inventory

On the other side, I understand our problem is with passlib dependency: https://github.com/StackStorm/ansible-st2/blob/02b5ffbde1ce35666bf0c106b80659270c9c6000/roles/StackStorm.st2/vars/redhat_8.yml#L3

What if we'll try to install the passlib dependency from pip instead of using the OS package to satisfy htpasswd requirements https://docs.ansible.com/ansible/latest/collections/community/general/htpasswd_module.html#requirements ?