search

ansible / awx

AWX provides a web-based user interface, REST API, and task engine built on top of Ansible. It is one of the upstream projects for Red Hat Ansible Automation Platform.
Other
14k stars 3.42k forks source link

awx installation fails when using external postgres due to maintenance_db parameter #2218

Closed balonik closed 5 years ago

balonik commented 6 years ago
ISSUE TYPE
COMPONENT NAME
SUMMARY

launch_awx_task.sh and launch_awx.sh (in awx_web docker image) fails when

This is because of 'maintenance_db' concept of postgresql_db ansible module. The module first tries to connect to database specified in 'maintenance_db' parameter as the user specified.

ENVIRONMENT
STEPS TO REPRODUCE

Use AWX installer with external Postgres DB. External Postgres DB does not allow user 'awx' to connect to 'postgres' DB, for example such entry is not in pg_hba.conf file.

This is the line that causes the error: ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -vvv -i "127.0.0.1," -c local -v -m postgresql_db -U $DATABASE_USER -a "name=$DATABASE_NAME owner=$DATABASE_USER login_user=$DATABASE_USER login_host=$DATABASE_HOST login_password=$DATABASE_PASSWORD port=$DATABASE_PORT" all

EXPECTED RESULTS

AWX will start OK.

ACTUAL RESULTS

Following error will appear in the AWX logs during startup: An exception occurred during task execution. To see the full traceback, use -vvv. The error was: OperationalError: FATAL: no pg_hba.conf entry for host "172.18.0.3", user "awx", database "postgres", SSL off 127.0.0.1 | FAILED! => { "changed": false, "msg": "unable to connect to database: FATAL: no pg_hba.conf entry for host \"172.18.0.3\", user \"awx\", database \"postgres\", SSL off\n" }

ADDITIONAL INFORMATION

The easiest fix would be to add the 'maintenance_db' parameter to the specified call and hardcode it to the $DATABASE_NAME as it is expected the user will have access to AWX database.

Full traceback from the ansible call in awx_web:1.0.7.2 dockerhub image.

# ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -vvv -i "127.0.0.1," -c local -v -m postgresql_db -U $DATABASE_USER -a "name=$DATABASE_NAME owner=$DATABASE_USER login_user=$DATABASE_USER login_host=$DATABASE_HOST login_password=$DATABASE_PASSWORD port=$DATABASE_PORT" all
ansible 2.6.2
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Jul 13 2018, 13:06:57) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]
Using /etc/ansible/ansible.cfg as config file
[DEPRECATION WARNING]: The sudo command line option has been deprecated in favor of the "become" command line arguments. This feature will be removed in version 2.6. Deprecation warnings
can be disabled by setting deprecation_warnings=False in ansible.cfg.
setting up inventory plugins
Set default localhost to 127.0.0.1
Parsed 127.0.0.1, inventory source with host_list plugin
Loading callback plugin minimal of type stdout, v2.0 from /usr/lib/python2.7/site-packages/ansible/plugins/callback/minimal.pyc
META: ran handlers
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: root
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /tmp/ansible-tmp-1535730147.75-6154125087728 `" && echo ansible-tmp-1535730147.75-6154125087728="` echo /tmp/ansible-tmp-1535730147.75-6154125087728 `" ) && sleep 0'
Using module file /usr/lib/python2.7/site-packages/ansible/modules/database/postgresql/postgresql_db.py
<127.0.0.1> PUT /tmp/ansible-local-374mVcvvB/tmpb5wetS TO /tmp/ansible-tmp-1535730147.75-6154125087728/postgresql_db.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /tmp/ansible-tmp-1535730147.75-6154125087728/ /tmp/ansible-tmp-1535730147.75-6154125087728/postgresql_db.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '/usr/bin/python /tmp/ansible-tmp-1535730147.75-6154125087728/postgresql_db.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r /tmp/ansible-tmp-1535730147.75-6154125087728/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
Traceback (most recent call last):
  File "/tmp/ansible_VR9GFj/ansible_module_postgresql_db.py", line 421, in main
    db_connection = psycopg2.connect(database=maintenance_db, **kw)
  File "/usr/lib64/python2.7/site-packages/psycopg2/__init__.py", line 130, in connect
    conn = _connect(dsn, connection_factory=connection_factory, **kwasync)
OperationalError: FATAL:  no pg_hba.conf entry for host "172.18.0.2", user "awx", database "postgres", SSL off

127.0.0.1 | FAILED! => {
    "changed": false,
    "invocation": {
        "module_args": {
            "db": "awx",
            "encoding": "",
            "lc_collate": "",
            "lc_ctype": "",
            "login_host": "172.17.0.1",
            "login_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "login_unix_socket": "",
            "login_user": "awx",
            "maintenance_db": "postgres",
            "name": "awx",
            "owner": "awx",
            "port": 5432,
            "ssl_mode": "prefer",
            "ssl_rootcert": null,
            "state": "present",
            "target": "",
            "target_opts": "",
            "template": ""
        }
    },
    "msg": "unable to connect to database: FATAL:  no pg_hba.conf entry for host \"172.18.0.2\", user \"awx\", database \"postgres\", SSL off\n"
}
balonik commented 6 years ago

So the line in launch_awx_task.sh would look like

ANSIBLE_REMOTE_TEMP=/tmp ANSIBLE_LOCAL_TEMP=/tmp ansible -vvv -i "127.0.0.1," -c local -v -m postgresql_db -U $DATABASE_USER -a "name=$DATABASE_NAME owner=$DATABASE_USER login_user=$DATABASE_USER login_host=$DATABASE_HOST login_password=$DATABASE_PASSWORD port=$DATABASE_PORT maintenance_db=$DATABASE_NAME" all

I suppose this gets more tricky when using the postres docker image.

balonik commented 6 years ago

Raised a bug in ansible to get it fixed in the ansible module as an option https://github.com/ansible/ansible/issues/44978

jakemcdermott commented 5 years ago

Hello @balonik,

Thanks for creating this issue. Based on your most recent comment, this appears to be stemming from an ansible core issue and not AWX and so I am closing.