search

ansible-middleware / keycloak

Collection to install and configure Keycloak or Red Hat Single Sign-On / Red Hat Build of Keycloak
Apache License 2.0
94 stars 53 forks source link

Retrieve the current working directory without relying on environment variable #238

Closed idNoRD closed 1 month ago

idNoRD commented 1 month ago
SUMMARY

"Download keycloak archive" task fails because of local_path.stat.path doesn't exists Ensure you are explicitly retrieving the current working directory without relying on environment variables

ISSUE TYPE
ANSIBLE VERSION
2.15
al2023-ami-2023.5.20240916.0-kernel-6.1-x86_64
COLLECTION VERSION
STEPS TO REPRODUCE
sudo /opt/ansible/bin/pip install --upgrade pip
sudo /opt/ansible/bin/pip install ansible
sudo /opt/ansible/bin/pip install netaddr lxml
sudo /opt/ansible/bin/ansible-galaxy collection install middleware_automation.keycloak

sudo /opt/ansible/bin/ansible-playbook -c local -i localhost, keycloak_playbook.yml
---
- name: Playbook for Keycloak X Hosts with HTTPS enabled
  hosts: all
  vars:
    keycloak_quarkus_admin_pass: "remembertochangeme"
    keycloak_quarkus_host: localhost
    keycloak_quarkus_port: 8443
    keycloak_quarkus_log: file
    keycloak_quarkus_proxy_mode: none
    keycloak_quarkus_jvm_package: java-21-amazon-corretto-headless-1:21.0.4+7-1.amzn2023.1.x86_64
    keycloak_quarkus_version: 24.0.4
    keycloak_quarkus_archive: keycloak-{{ keycloak_quarkus_version }}.zip
    keycloak_quarkus_download_url: https://github.com/keycloak/keycloak/releases/download/{{ keycloak_quarkus_version }}/{{ keycloak_quarkus_archive }}
  roles:
    - middleware_automation.keycloak.keycloak_quarkus
EXPECTED RESULTS
TASK [middleware_automation.keycloak.keycloak_quarkus : Download keycloak archive] **************************************************************************************************************
changed: [localhost]

I expected this task to get current dir properly and download keycloak archive successfully without any errors

As a solution I propose to replace this block:

- name: Ensure local download directory exists
  ansible.builtin.file:
    path: "{{ lookup('env', 'PWD') }}"
    state: directory
  delegate_to: localhost
  run_once: true

with this new way of getting current directory: 

- name: Get current working directory
  ansible.builtin.shell: "pwd"
  register: current_path
  delegate_to: localhost
  run_once: true
  changed_when: false

- name: Check if the local download archive path exists
  ansible.builtin.stat:
    path: "{{ current_path.stdout }}"
  register: local_path
  delegate_to: localhost
  run_once: true
  become: false
ACTUAL RESULTS

Got this error:

TASK [middleware_automation.keycloak.keycloak_quarkus : Download keycloak archive] **************************************************************************************************************
fatal: [localhost]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'dict object' has no attribute 'path'. 'dict object' has no attribute 'path'\n\nThe error appears to be in '/root/.ansible/collections/ansible_collections/middleware_automation/keycloak/roles/keycloak_quarkus/tasks/install.yml': line 67, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Download keycloak archive\n  ^ here\n"}

Then I've added debug for local_path sudo vi /root/.ansible/collections/ansible_collections/middleware_automation/keycloak/roles/keycloak_quarkus/tasks/install.yml

- name: Debug local_path
  debug:
    var: local_path

and got this output which shows that the local_path stat doesn't exist

TASK [middleware_automation.keycloak.keycloak_quarkus : Debug local_path] ***********************************************************************************************************************
ok: [localhost] => {
    "local_path": {
        "changed": false,
        "failed": false,
        "stat": {
            "exists": false
        }
    }
}
guidograzioli commented 1 month ago

The solution will be in line with how the other middleware_automation collections behave (override a default parameter, otherwise read PWD)

idNoRD commented 1 month ago

When I run without sudo it works

sudo /opt/ansible/bin/ansible-playbook -c local -i localhost, keycloak_playbook.yml

guidograzioli commented 1 month ago

~sudo~

I'd strongly advise NOT to run ansible-playbook with privileges, it is supposed to escalate when necessary on the other side (which is valid also when target is localhost). Why don't you try the install on a podman or docker container instead?

The molecule test scenarios are friendly pre-setup environments that can be used for evaluation/development/testing

idNoRD commented 1 month ago

I am trying to run ansible playbook on AWS EC2 instance from userdata script for production environment. Initially I run docker container with keycloak on EC2 but as I understand for production it's necessary to run it in rootless mode which may have slow network or other issues. Also docker consumes extra resources and needs extra maintenance/security so I just switched to this ansible playbook.

Regarding default download destination folder it can be /tmp with a task that verifies access to it. Example:

    - name: Ensure correct permissions on temporary directories
      file:
        path: "{{ item }}"
        state: directory
        owner: root
        group: root
        mode: "1777"
      loop:
        - /tmp