search

ansible-community / molecule-plugins

Collection on molecule plugins
MIT License
109 stars 73 forks source link

Support `converge` step for rootfull pods #82

Closed 0b11stan closed 10 months ago

0b11stan commented 3 years ago

Hi, I proposed a fix for the create step (https://github.com/ansible-community/molecule-podman/pull/83) but the converge step is also broken.

Versions

molecule 3.5.0a0 using python 3.9
    ansible:2.11.4
    delegated:3.5.0a0 from molecule
    podman:1.0.0a3.dev6 from molecule_podman requiring collections: containers.podman>=1.7.0 ansible.posix>=1.3.0

How to reproduce

I'm pulling the code from my fork to avoid the issue https://github.com/ansible-community/molecule-podman/issues/77 but i'm up to date with upstream.

python -m venv venv
source venv/bin/activate
pip install 'molecule[lint]'
pip install 'git+https://github.com/0b11stan/molecule-podman.git@fix/wait-rootfull'
molecule init role -d podman poc && cd poc && rm -r meta
cat > molecule/default/molecule.yml <<EOF
---
dependency:
  name: galaxy
driver:
  name: podman
platforms:
  - name: instance
    image: docker.io/pycontribs/centos:8
    pre_build_image: true
    rootless: false
provisioner:
  name: ansible
  inventory:
    host_vars:
      localhost:
        ansible_become_password: ******
verifier:
  name: ansible
EOF
molecule converge

What is happening

PLAY [Converge] ****************************************************************

TASK [Gathering Facts] *********************************************************
fatal: [instance]: UNREACHABLE! => {"changed": false, "msg": "Failed to create temporary directory.In some cases, you may have been able to authenticate and did not have permissions on the target directory. Consider changing the remote tmp path in ansible.cfg to a path rooted in \"/tmp\", for more error information use -vvv. Failed command was: ( umask 77 && mkdir -p \"` echo ~/.ansible/tmp `\"&& mkdir \"` echo ~/.ansible/tmp/ansible-tmp-1631622392.755507-70488-191984696531853 `\" && echo ansible-tmp-1631622392.755507-70488-191984696531853=\"` echo ~/.ansible/tmp/ansible-tmp-1631622392.755507-70488-191984696531853 `\" ), exited with result 125", "unreachable": true}

PLAY RECAP *********************************************************************
instance                   : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0

CRITICAL Ansible return code was 4, command was: ['ansible-playbook', '--inventory', '/home/tristan/.cache/molecule/poc/default/inventory', '--skip-tags', 'molecule-notest,notest', '/tmp/test/poc/molecule/default/converge.yml']

What is expected

PLAY [Converge] ****************************************************************

TASK [Gathering Facts] *********************************************************
ok: [instance]

TASK [Copy something to test use of synchronize module] ************************
changed: [instance]

TASK [Include poc] *************************************************************

PLAY RECAP *********************************************************************
instance                   : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
0b11stan commented 3 years ago

I'm not very familiar with internals of ansible or molecule but it look like ansible is not putting a sudo before the podman command despite my best efforts.

In the molecule/default/molecule.yml file I tried to force the provisioner :

provisioner:
  name: ansible
  ansible_args: [ '--become' ]
  inventory:
    host_vars:
      localhost:
        ansible_become_password: natsirt
        ansible_become: true

But the output of molecule -vvv converge is quite clear, no sudo :

PLAY [Converge] ****************************************************************

TASK [Gathering Facts] *********************************************************
task path: /tmp/test/poc/molecule/default/converge.yml:2
redirecting (type: connection) ansible.builtin.podman to containers.podman.podman
<instance> RUN [b'/usr/bin/podman', b'mount', b'instance']
<instance> RUN [b'/usr/bin/podman', b'exec', b'instance', b'/bin/sh', b'-c', b'echo ~ && sleep 0']
<instance> RUN [b'/usr/bin/podman', b'exec', b'instance', b'/bin/sh', b'-c', b'echo "`pwd`" && sleep 0']
<instance> RUN [b'/usr/bin/podman', b'exec', b'instance', b'/bin/sh', b'-c', b'( umask 77 && mkdir -p "` echo ~/.ansible/tmp `"&& mkdir "` echo ~/.ansible/tmp/ansible-tmp-1631627125.3743653-58864-212520581875777 `" && echo ansible-tmp-1631627125.3743653-58864-212520581875777="` echo ~/.ansible/tmp/ansible-tmp-1631627125.3743653-58864-212520581875777 `" ) && sleep 0']
fatal: [instance]: UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to create temporary directory.In some cases, you may have been able to authenticate and did not have permissions on the target directory. Consider changing the remote tmp path in ansible.cfg to a path rooted in \"/tmp\", for more error information use -vvv. Failed command was: ( umask 77 && mkdir -p \"` echo ~/.ansible/tmp `\"&& mkdir \"` echo ~/.ansible/tmp/ansible-tmp-1631627125.3743653-58864-212520581875777 `\" && echo ansible-tmp-1631627125.3743653-58864-212520581875777=\"` echo ~/.ansible/tmp/ansible-tmp-1631627125.3743653-58864-212520581875777 `\" ), exited with result 125",
    "unreachable": true
}

PLAY RECAP *********************************************************************
instance                   : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0

The connection should be modified to make ansible play commands with 'sudo podman' but I don't know how to do that.