search

ansible / awx-ee

An Ansible execution environment for AWX project
https://quay.io/ansible/awx-ee
Other
129 stars 151 forks source link

VMware Inventory not working #230

Open metabsd opened 5 months ago

metabsd commented 5 months ago

Error while using inventory plugins. I found that the problem seem to be an incompatibility between cryptography and pyOpenssl python libs.

https://stackoverflow.com/questions/74981558/error-updating-python3-pip-attributeerror-module-lib-has-no-attribute-openss

I found that ansible-builder install the right version pyOpenssl but during the build process another section replace it for an older version.

I attached the build output. 5_Build image.txt

The first version installed. image

Older version overwrite. image

Error

module 'lib' has no attribute 'OpenSSL_add_all_algorithms'

All execution

Loading collection community.vmware from /usr/share/ansible/collections/ansible_collections/community/vmware
[WARNING]:  * Failed to parse /runner/inventory/vmware_vm_inventory.yml with
auto plugin: module 'lib' has no attribute 'OpenSSL_add_all_algorithms'
  File "/usr/local/lib/python3.9/site-packages/ansible/inventory/manager.py", line 293, in parse_source
    plugin.parse(self._inventory, self._loader, source, cache=cache)
  File "/usr/local/lib/python3.9/site-packages/ansible/plugins/inventory/auto.py", line 50, in parse
    plugin = inventory_loader.get(plugin_name)
  File "/usr/local/lib/python3.9/site-packages/ansible/plugins/loader.py", line 859, in get
    return self.get_with_context(name, *args, **kwargs).object
  File "/usr/local/lib/python3.9/site-packages/ansible/plugins/loader.py", line 882, in get_with_context
    self._module_cache[path] = self._load_module_source(name, path)
  File "/usr/local/lib/python3.9/site-packages/ansible/plugins/loader.py", line 832, in _load_module_source
    spec.loader.exec_module(module)
  File "<frozen importlib._bootstrap_external>", line 850, in exec_module
  File "<frozen importlib._bootstrap>", line 228, in _call_with_frames_removed
  File "/usr/share/ansible/collections/ansible_collections/community/vmware/plugins/inventory/vmware_vm_inventory.py", line 392, in <module>
    from ansible_collections.community.vmware.plugins.plugin_utils.inventory import (
  File "<frozen importlib._bootstrap>", line 1007, in _find_and_load
  File "<frozen importlib._bootstrap>", line 986, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 680, in _load_unlocked
  File "/usr/local/lib/python3.9/site-packages/ansible/utils/collection_loader/_collection_finder.py", line 583, in exec_module
    exec(code_obj, module.__dict__)
  File "/usr/share/ansible/collections/ansible_collections/community/vmware/plugins/plugin_utils/inventory.py", line 35, in <module>
    from vmware.vapi.vsphere.client import create_vsphere_client
  File "/usr/local/lib/python3.9/site-packages/vmware/vapi/vsphere/client.py", line 13, in <module>
    from vmware.vapi.lib.connect import get_requests_connector
  File "/usr/local/lib/python3.9/site-packages/vmware/vapi/lib/connect.py", line 11, in <module>
    from vmware.vapi.lib.ssl import UnverifiedClientContextFactory
  File "/usr/local/lib/python3.9/site-packages/vmware/vapi/lib/ssl.py", line 8, in <module>
    from OpenSSL import SSL, crypto
  File "/usr/lib/python3.9/site-packages/OpenSSL/__init__.py", line 8, in <module>
    from OpenSSL import crypto, SSL
  File "/usr/lib/python3.9/site-packages/OpenSSL/crypto.py", line 3279, in <module>
    _lib.OpenSSL_add_all_algorithms()
[WARNING]: Unable to parse /runner/inventory/vmware_vm_inventory.yml as an
inventory source
ERROR! No inventory was parsed, please check your configuration and options.

Inventory plugins

Custom EE

---
version: 3
images:
  base_image:
    name: quay.io/centos/centos:stream9
dependencies:
  ansible_core:
    # Require minimum of 2.15 to get ansible-inventory --limit option
    package_pip: ansible-core>=2.15.0rc2,<2.16
  ansible_runner:
    package_pip: ansible-runner
  galaxy: |
    ---
    collections:
      - name: awx.awx
      - name: azure.azcollection
      - name: amazon.aws
      - name: theforeman.foreman
      - name: google.cloud
      - name: openstack.cloud
      - name: community.vmware
      - name: ovirt.ovirt
      - name: kubernetes.core
      - name: ansible.posix
      - name: ansible.windows
      - name: redhatinsights.insights
      - name: servicenow.servicenow
      - name: cisco.ios
      - name: community.general
      - name: ibm.power_aix
      - name: community.crypto
      - name: community.zabbix
  system: |
    git-core [platform:rpm]
    python3.9-devel [platform:rpm compile]
    libcurl-devel [platform:rpm compile]
    krb5-devel [platform:rpm compile]
    krb5-workstation [platform:rpm]
    subversion [platform:rpm]
    subversion [platform:dpkg]
    git-lfs [platform:rpm]
    sshpass [platform:rpm]
    rsync [platform:rpm]
    epel-release [platform:rpm]
    python-unversioned-command [platform:rpm]
    unzip [platform:rpm]
  python: |
    git+https://github.com/ansible/ansible-sign
    ncclient
    paramiko
    pykerberos
    pyOpenSSL
    pypsrp[kerberos,credssp]
    pywinrm[kerberos,credssp]
    requests-credssp
    toml
    pexpect>=4.5
    python-daemon
    pyyaml
    urllib3
    requests
    six
    xkcdpass
    zabbix-api
    cvpysdk
    jmespath
    receptorctl
additional_build_steps:
  append_base:
    - RUN $PYCMD -m pip install -U pip
  append_final:
    - COPY --from=quay.io/ansible/receptor:devel /usr/bin/receptor /usr/bin/receptor
    - RUN mkdir -p /var/run/receptor
    - RUN git lfs install --system
    - RUN sed -i '/\[\ crypto_policy \]/aOptions = UnsafeLegacyRenegotiation' /etc/pki/tls/openssl.cnf
metabsd commented 5 months ago

For now I workaround via this.

image

fosterseth commented 5 months ago

@TheRealHaoLiu do we need to change the awx-ee execution-environment yaml file?

metabsd commented 4 months ago

Are you planning to use a newer version of Python? I just noticed that Ansible-lint is going to drop support for Python 3.9 with the latest version.