search

ansible / awx-operator

An Ansible AWX operator for Kubernetes built with Operator SDK and Ansible. 🤖
https://www.github.com/ansible/awx
Apache License 2.0
1.2k stars 605 forks source link

script plugin: problem running ([Errno 13] Permission denied) #796

Open madeinindiadot opened 2 years ago

madeinindiadot commented 2 years ago
ISSUE TYPE
SUMMARY

Permission denied while using the python inventory script for building dynamic inventories in AWX tower

ENVIRONMENT
STEPS TO REPRODUCE

Create AWX operator in kubernetes Create AWXs Add project and git credentials Add Inventory Add source as "Sourced from a Project" Provide inventory source path from the git repo Sync the resource Add execution environment - https://github.com/ansible/ansible-runner quay.io/ansible/ansible-runner:latest - docker image

EXPECTED RESULTS

Inventories should be built from the python script

ACTUAL RESULTS

Getting permission denied for the python script and the inventory plugin is getting defaulted to ini instead of script as we are getting permission denied When an automation job pod is getting created, the file copied from source doesnt have execute permissions. We have also provided privileged: true but still it doesn't work

Let me know how to add inventory scripts with execute permissions so that the automation job will run and create proper dynamic inventories

ADDITIONAL INFORMATION

ansible-inventory [core 2.12.2] config file = /runner/project/ansible.cfg configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.8/site-packages/ansible ansible collection location = /runner/requirements_collections:/home/runner/.ansible/collections:/usr/share/ansible/collections:/usr/share/automation-controller/collections executable location = /usr/local/bin/ansible-inventory python version = 3.8.12 (default, Sep 21 2021, 00:10:52) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)] jinja version = 2.10.3 libyaml = True Using /runner/project/ansible.cfg as config file setting up inventory plugins host_list declined parsing /runner/project/rheva/tower_inventory.py as it did not pass its verify_file() method auto declined parsing /runner/project/rheva/tower_inventory.py as it did not pass its verify_file() method yaml declined parsing /runner/project/rheva/tower_inventory.py as it did not pass its verify_file() method toml declined parsing /runner/project/rheva/tower_inventory.py as it did not pass its verify_file() method [WARNING]: Failed to parse /runner/project/rheva/tower_inventory.py with script plugin: problem running /runner/project/rheva/tower_inventory.py --list ([Errno 13] Permission denied: '/runner/project/rheva/tower_inventory.py') File "/usr/local/lib/python3.8/site-packages/ansible/inventory/manager.py", line 290, in parse_source plugin.parse(self._inventory, self._loader, source, cache=cache) File "/usr/local/lib/python3.8/site-packages/ansible/plugins/inventory/script.py", line 150, in parse raise AnsibleParserError(to_native(e)) [WARNING]: Failed to parse /runner/project/rheva/tower_inventory.py with ini plugin: /runner/project/rheva/tower_inventory.py:3: Expected key=value host variable assignment, got: os File "/usr/local/lib/python3.8/site-packages/ansible/inventory/manager.py", line 290, in parse_source plugin.parse(self._inventory, self._loader, source, cache=cache) File "/usr/local/lib/python3.8/site-packages/ansible/plugins/inventory/ini.py", line 136, in parse raise AnsibleParserError(e) [WARNING]: Unable to parse /runner/project/rheva/tower_inventory.py as an inventory source ERROR! No inventory was parsed, please check your configuration and options.

madeinindiadot commented 2 years ago

Also we have added a credential with credential type as Vault. But it does not show under the source for inventories to add this vault credential type. It stays blank event though we have credentials added.

image image
rajivmulajker commented 2 years ago

Hi any update on this? Appreciate the help

hiddenicon commented 2 years ago

I am seeing this same issue, and I just cloned the latest AWX pull a few days ago.

AWX: 21.0.1.dev122+g64db44acef I'm running docker, not kubernetes.

I'm doing everything else the same as the OP's issue above.

My inventory python file runs fine locally on my docker host, but doesn't execute from sync in AWX. Receiving the same error about permission denied. I received this same error when running locally until I made it an executable. I feel like not's changing to executable when being sync'd from SCM.

setting up inventory plugins
host_list declined parsing /runner/project/inventory_scripts/all_cisco_ios.py as it did not pass its verify_file() method
auto declined parsing /runner/project/inventory_scripts/all_cisco_ios.py as it did not pass its verify_file() method
yaml declined parsing /runner/project/inventory_scripts/all_cisco_ios.py as it did not pass its verify_file() method
toml declined parsing /runner/project/inventory_scripts/all_cisco_ios.py as it did not pass its verify_file() method
[WARNING]:  * Failed to parse
/runner/project/inventory_scripts/all_cisco_ios.py with script plugin: problem
running /runner/project/inventory_scripts/all_cisco_ios.py --list ([Errno 13]
Permission denied: '/runner/project/inventory_scripts/all_cisco_ios.py')
  File "/usr/local/lib/python3.8/site-packages/ansible/inventory/manager.py", line 290, in parse_source
    plugin.parse(self._inventory, self._loader, source, cache=cache)
  File "/usr/local/lib/python3.8/site-packages/ansible/plugins/inventory/script.py", line 150, in parse
    raise AnsibleParserError(to_native(e))
[WARNING]:  * Failed to parse
/runner/project/inventory_scripts/all_cisco_ios.py with ini plugin:
/runner/project/inventory_scripts/all_cisco_ios.py:3: Expected key=value host
variable assignment, got: requests
  File "/usr/local/lib/python3.8/site-packages/ansible/inventory/manager.py", line 290, in parse_source
    plugin.parse(self._inventory, self._loader, source, cache=cache)
  File "/usr/local/lib/python3.8/site-packages/ansible/plugins/inventory/ini.py", line 136, in parse
    raise AnsibleParserError(e)
[WARNING]: Unable to parse /runner/project/inventory_scripts/all_cisco_ios.py
as an inventory source
ERROR! No inventory was parsed, please check your configuration and options.
hiddenicon commented 2 years ago

I am seeing this same issue, and I just cloned the latest AWX pull a few days ago.

AWX: 21.0.1.dev122+g64db44acef I'm running docker, not kubernetes.

I'm doing everything else the same as the OP's issue above.

My inventory python file runs fine locally on my docker host, but doesn't execute from sync in AWX. Receiving the same error about permission denied. I received this same error when running locally until I made it an executable. I feel like not's changing to executable when being sync'd from SCM.

setting up inventory plugins
host_list declined parsing /runner/project/inventory_scripts/all_cisco_ios.py as it did not pass its verify_file() method
auto declined parsing /runner/project/inventory_scripts/all_cisco_ios.py as it did not pass its verify_file() method
yaml declined parsing /runner/project/inventory_scripts/all_cisco_ios.py as it did not pass its verify_file() method
toml declined parsing /runner/project/inventory_scripts/all_cisco_ios.py as it did not pass its verify_file() method
[WARNING]:  * Failed to parse
/runner/project/inventory_scripts/all_cisco_ios.py with script plugin: problem
running /runner/project/inventory_scripts/all_cisco_ios.py --list ([Errno 13]
Permission denied: '/runner/project/inventory_scripts/all_cisco_ios.py')
  File "/usr/local/lib/python3.8/site-packages/ansible/inventory/manager.py", line 290, in parse_source
    plugin.parse(self._inventory, self._loader, source, cache=cache)
  File "/usr/local/lib/python3.8/site-packages/ansible/plugins/inventory/script.py", line 150, in parse
    raise AnsibleParserError(to_native(e))
[WARNING]:  * Failed to parse
/runner/project/inventory_scripts/all_cisco_ios.py with ini plugin:
/runner/project/inventory_scripts/all_cisco_ios.py:3: Expected key=value host
variable assignment, got: requests
  File "/usr/local/lib/python3.8/site-packages/ansible/inventory/manager.py", line 290, in parse_source
    plugin.parse(self._inventory, self._loader, source, cache=cache)
  File "/usr/local/lib/python3.8/site-packages/ansible/plugins/inventory/ini.py", line 136, in parse
    raise AnsibleParserError(e)
[WARNING]: Unable to parse /runner/project/inventory_scripts/all_cisco_ios.py
as an inventory source
ERROR! No inventory was parsed, please check your configuration and options.

For some reason when pulling using git into AWX from my repo, the +x was being wiped out. It appears to have been an issue on my gitlab side. Once I've redone my repo, or used a different repo, the +x was sticking and now the python file is found and executed correctly.

aleexx17 commented 2 years ago

For anyone who is looking for a simple solution can just do git add --chmod=+x path/to/file and then git commit and push. Then it should work without a problem.

jcuervas commented 1 year ago

Saved my day!!

ursetto commented 6 months ago

In my case, this was caused by /tmp being mounted as noexec on the host. If the executable bit is set correctly in git and it still doesn't work, check this next.