Where can files be stored so that they can be used in playbooks?

kurokobo / awx-on-k3s

An example implementation of AWX on single node K3s using AWX Operator, with easy-to-use simplified configuration with ownership of data and passwords.

MIT License

572 stars 162 forks source link

Where can files be stored so that they can be used in playbooks? #381

Closed dernate closed 3 months ago

dernate commented 3 months ago

Environment

OS: Ubuntu 24.04
Kubernetes/K3s: k3s version v1.29.5+k3s1 (4e53a323) go version go1.21.9
AWX Operator: 2.19.0

Question

I would also like to be able to store paths to files in my playbooks. AWX lives in the k3s cluster and the file system is therefore not directly accessible: How can I make the files findable for awx?

Example: I would like to distribute public ssh keys, as explained here: https://docs.ansible.com/ansible/latest/collections/ansible/posix/authorized_key_module.html for example:

- name: Set authorized key taken from file
  ansible.posix.authorized_key:
    user: charlie
    state: present
    key: "{{ lookup('file', '/home/charlie/.ssh/id_rsa.pub') }}"

When I try to run this the following error occurs:

Could not find or access '/home/charlie/.ssh/id_rsa.pub' ...

Thanks for your help.

kurokobo commented 3 months ago

@dernate Hi, Try to use Container Group. See Case 1: Read and write files on K3s host during Jobs section in this guide: https://github.com/kurokobo/awx-on-k3s/tree/main/containergroup#case-1-read-and-write-files-on-k3s-host-during-jobs

dernate commented 3 months ago

Hi, thank you very much! It works perfect!

dernate commented 3 months ago

Hi, sorry but unfortunately I was too happy too soon... The test described works perfectly, but unfortunately I can't get it to work for real things.

My playbook looks like this:

---
- name: copy stuff
  hosts: all
  tasks: 
    - name: copy abc.sh to /home/awx/
      ansible.builtin.copy:
        src: /data/work/somefolder/abc.sh
        dest: /home/awx/abc.sh
        mode: '0755'
        force: true

The following error occurs:

Could not find or access '/data/work/somefolder/abc.sh' on the Ansible Controller.
If you are using a module and expect the file to exist on the remote, see the remote_src option

I changed the file/folder properties as explainend:

root@app-awx:/data/work# ls -l
drwx------ 2 ww   root 4096 Jul 23 14:43 somefolder

root@app-awx:/data/work# ls -l somefolder/
-rwx------ 1 ww root 8325 Jul 16 16:08 abc.sh

What am I doing wrong? Thanks for the help!

swils024 commented 3 months ago

The ownership and permissions of /data/work doesn't look right . I would expect the user to be '1000' or 'awx' and the group to be 'root' - especially since you are copying to the /home/awx folder. Does the folder exist? You can also use things like 'secrets' to securely store sensitive info as a variable. Not entirely sure what the keys are being used for. If you are looking to use keys to connect to hosts, consider using a Machine credential as this supports SSH keys or passwords. AWX will encrypt credentials once saved.

dernate commented 3 months ago

Hi @swils024, my user for the aws-host is called "ww", so this is correct. I changed the ownership as described in the docs. I don't see why the folder and file permissions doesn't look right, the docs says it should be set to 700, thats what -rwx------ is.

sudo chown 1000:0 /data/work
sudo chown 1000:0 /data/work/somefolder
sudo chown 1000:0 /data/work/somefolder/abc.sh
sudo chmod 700 /data/work
sudo chmod 700 /data/work/somefolder
sudo chmod 700 /data/work/somefolder/abc.sh

Or did I do it wrong?

dernate commented 3 months ago

Ohh god, so stupid from me... I'm sorry! I just forgot to add the container group to the Environments on the job template...

Now it works perfectly.

Again: sorry!