search

ansible-collections / community.rabbitmq

Manage RabbitMQ with Ansible
http://galaxy.ansible.com/community/rabbitmq
Other
31 stars 50 forks source link

Add an option to allow rabbitmq_user to use API for managing users #120

Closed rayhihi closed 7 months ago

rayhihi commented 2 years ago
SUMMARY

As discussed in #76, this contains the solution we used in our company to manage rabbitmq users using the API.

Fixes #76

ISSUE TYPE
COMPONENT NAME

rabbitmq_user

ADDITIONAL INFORMATION

With this feature is possible to create, delete and also manage your users. Unfortunately we won't be able to help with much more with the PR in the coming weeks so any help would be appreciated.

Andersson007 commented 2 years ago

@rayhihi please fix the CI tests, if you click Details in the section below in the items marked with red crosses, you'll see the reasons. Also not all the things listed in https://github.com/ansible-collections/community.rabbitmq/pull/120#pullrequestreview-964201504 are done.

rayhihi commented 2 years ago

@rayhihi please fix the CI tests, if you click Details in the section below in the items marked with red crosses, you'll see the reasons. Also not all the things listed in #120 (review) are done. Oh, I'm sorry I clicked before i finished my repairs, but i'm still working the feature.

Andersson007 commented 2 years ago

Oh, I'm sorry I clicked before i finished my repairs, but i'm still working the feature.

No problem:) Ping me again when the things are done. If there are any questions, feel free to ask

nrukavkov commented 2 years ago

When are u gonna merge it? =)

seocam commented 2 years ago

@Andersson007 I've fixed the CI errors and also added the changelog fragment.

Now I'm working on the integration tests but I'm having issues running them locally (I'm following the instructions in the link you have provided).

That's the command I'm running:

ansible-test integration rabbitmq_user --docker -v

That's the output:

Falling back to tests in "tests/integration/targets/" because "roles/test/" was not found.
Assuming Docker is available on localhost.
Run command: docker -v
Detected "docker" container runtime version: Docker version 20.10.12, build 20.10.12-0ubuntu4
Starting new "ansible-test-controller-3stxPaop" container.
Run command: docker image inspect quay.io/ansible/default-test-container:5.9.0
Run command: docker run --volume /sys/fs/cgroup:/sys/fs/cgroup:ro --privileged=false --sec ...
Adding "ansible-test-controller-3stxPaop" to container database.
Run command: docker container inspect d43ce50c06cd8e80c6016ef182e06ae98b8db903de7d8975a859 ...
Stream command with data: docker exec -i ansible-test-controller-3stxPaop /bin/sh
Error response from daemon: Container d43ce50c06cd8e80c6016ef182e06ae98b8db903de7d8975a859d35e7d30eae2 is not running
ERROR: Host <ansible_test._internal.host_profiles.DockerProfile object at 0x7f21ee297850> job failed: Command "docker exec -i ansible-test-controller-3stxPaop /bin/sh" returned exit status 1.
  File "/home/seocam/ansible_collections/community/rabbitmq/venv/lib/python3.10/site-packages/ansible_test/_internal/provisioning.py", line 190, in dispatch_jobs
    thread.wait_for_result()
  File "/home/seocam/ansible_collections/community/rabbitmq/venv/lib/python3.10/site-packages/ansible_test/_internal/thread.py", line 44, in wait_for_result
    raise exception[1].with_traceback(exception[2])
  File "/home/seocam/ansible_collections/community/rabbitmq/venv/lib/python3.10/site-packages/ansible_test/_internal/thread.py", line 31, in run
    self._result.put((self.action(), None))
  File "/home/seocam/ansible_collections/community/rabbitmq/venv/lib/python3.10/site-packages/ansible_test/_internal/provisioning.py", line 131, in provision
    profile.setup()
  File "/home/seocam/ansible_collections/community/rabbitmq/venv/lib/python3.10/site-packages/ansible_test/_internal/host_profiles.py", line 373, in setup
    docker_exec(self.args, self.container_name, [shell], data=setup_sh, capture=False)
  File "/home/seocam/ansible_collections/community/rabbitmq/venv/lib/python3.10/site-packages/ansible_test/_internal/docker_util.py", line 529, in docker_exec
    return docker_command(args, ['exec'] + options + [container_id] + cmd, capture=capture, stdin=stdin, stdout=stdout, interactive=interactive,
  File "/home/seocam/ansible_collections/community/rabbitmq/venv/lib/python3.10/site-packages/ansible_test/_internal/docker_util.py", line 563, in docker_command
    return run_command(args, command + cmd, env=env, capture=capture, stdin=stdin, stdout=stdout, interactive=interactive, always=always,
  File "/home/seocam/ansible_collections/community/rabbitmq/venv/lib/python3.10/site-packages/ansible_test/_internal/util_common.py", line 420, in run_command
    return raw_command(cmd, capture=capture, env=env, data=data, cwd=cwd, explain=explain, stdin=stdin, stdout=stdout, interactive=interactive,
  File "/home/seocam/ansible_collections/community/rabbitmq/venv/lib/python3.10/site-packages/ansible_test/_internal/util.py", line 492, in raw_command
    raise SubprocessError(cmd, status, stdout_text, stderr_text, runtime, error_callback)

FATAL: Host job(s) failed. See previous error(s) for details.
Run command: docker rm -f ansible-test-controller-3stxPaop

I've also tried to look for help in the #ansible channel on Freenode but I got zero responses.

seocam commented 2 years ago

If I try to run the controller container in foreground, just replacing the -d by -ti, that's what I get:

❯ docker run --volume /sys/fs/cgroup:/sys/fs/cgroup:ro --privileged=false --security-opt seccomp=unconfined --volume /var/run/docker.sock:/var/run/docker.sock --name ansible-test-controller-lI0sqAAl -ti --ulimit nofile=10240 quay.io/ansible/default-test-container:5.9.0
systemd 245.4-4ubuntu3.15 running in system mode. (+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=hybrid)
Detected virtualization docker.
Detected architecture x86-64.

Welcome to Ubuntu 20.04.3 LTS!

Set hostname to <e7dde5d863b6>.
Failed to create /init.scope control group: Read-only file system
Failed to allocate manager object: Read-only file system
[!!!!!!] Failed to allocate manager object.
Exiting PID 1...
csmart commented 2 years ago

If I try to run the controller container in foreground, just replacing the -d by -ti, that's what I get:

❯ docker run --volume /sys/fs/cgroup:/sys/fs/cgroup:ro --privileged=false --security-opt seccomp=unconfined --volume /var/run/docker.sock:/var/run/docker.sock --name ansible-test-controller-lI0sqAAl -ti --ulimit nofile=10240 quay.io/ansible/default-test-container:5.9.0
systemd 245.4-4ubuntu3.15 running in system mode. (+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=hybrid)
Detected virtualization docker.
Detected architecture x86-64.

Welcome to Ubuntu 20.04.3 LTS!

Set hostname to <e7dde5d863b6>.
Failed to create /init.scope control group: Read-only file system
Failed to allocate manager object: Read-only file system
[!!!!!!] Failed to allocate manager object.
Exiting PID 1...

Hi @seocam! I think the problem might be that the host you're running on is configured to use cgroupsv2 while the way we're running it expects cgroupsv1.

I did a test and I can reproduce what you're seeing with docker on Fedora 36 with cgroupsv2:

$ docker --debug run -it --volume /sys/fs/cgroup:/sys/fs/cgroup:ro --privileged=false --security-opt seccomp=unconfined quay.io/ansible/default-test-container:5.9.0
systemd 245.4-4ubuntu3.15 running in system mode. (+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=hybrid)
Detected virtualization docker.
Detected architecture x86-64.

Welcome to Ubuntu 20.04.3 LTS!

Set hostname to <cd78a59bdc7e>.
Failed to create /init.scope control group: Read-only file system
Failed to allocate manager object: Read-only file system
[!!!!!!] Failed to allocate manager object.
Exiting PID 1...
DEBU[0001] [hijack] End of stdout

However, if I set my machine to use cgroupsv1 instead (https://blog.christophersmart.com/2019/12/15/enabling-docker-in-fedora-31-by-reverting-to-cgroups-v1/) then I can run the container just fine:

$ docker --debug run -it --volume /sys/fs/cgroup:/sys/fs/cgroup:ro --privileged=false --security-opt seccomp=unconfined quay.io/ansible/default-test-container:5.9.0
systemd 245.4-4ubuntu3.15 running in system mode. (+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=hybrid)
Detected virtualization docker.
Detected architecture x86-64.

Welcome to Ubuntu 20.04.3 LTS!

Set hostname to <60187bc8b750>.
[  OK  ] Created slice system-getty.slice.
...
[  OK  ] Finished Update UTMP about System Runlevel Changes.

Ubuntu 20.04.3 LTS 60187bc8b750 console

60187bc8b750 login:

And then I am also able to use docker to run the ansible-test successfully:

$ ansible-test integration rabbitmq_user --docker
Starting new "ansible-test-controller-OF14KbSK" container.
Adding "ansible-test-controller-OF14KbSK" to container database.
Running rabbitmq_user integration test role
[WARNING]: running playbook inside collection community.rabbitmq

PLAY [testhost] ******************************************************************************

TASK [Gathering Facts] ***********************************************************************
ok: [testhost]

TASK [setup_tls : ensure target directory is present] ****************************************
changed: [testhost]

...

PLAY RECAP ***********************************************************************************
testhost                   : ok=55   changed=23   unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

I think it should be safe to try switching your machine over to cgroupsv1, however if not then perhaps you could try with a VM, or switch to podman with the docker shim?

Hope that helps, please let us know how you go!

seocam commented 2 years ago

Moving from cgroupsv2 to cgroupsv1 did the trick! I'm working on the unittests

csmart commented 2 years ago

Moving from cgroupsv2 to cgroupsv1 did the trick! I'm working on the unittests

Great! I'm glad it helped. I have created a docs PR upstream to make this more clear for new contributors, so thanks for letting us know :+1: https://github.com/ansible/ansible/pull/79066

seocam commented 2 years ago

Tests added. I'm considering the new version would be 1.3.0, so I've updated the docs and bumped galaxy.yaml. After doing a rebase with the upstream/main some tests started to fail but they seem to be unrelated with this PR.

nrukavkov commented 1 year ago

Is there any chance to be released?

nrukavkov commented 1 year ago

https://github.com/ansible-collections/community.rabbitmq/pull/155

csmart commented 7 months ago

closed in favour of #155