search

oasis-roles / ansible_collection_system

GNU General Public License v3.0
35 stars 14 forks source link

Should assert that requires variables are present - rhsm #7

Open Cameronwyatt opened 5 years ago

Cameronwyatt commented 5 years ago

If you run the RHSM role without passing in required fields, it will hang, seemingly waiting for user input

TASK [oasis_roles.rhsm : Register system to RHSM provider] *********************
    task path: /home/cwyatt/.cache/molecule/idm/openstack/roles/oasis_roles.rhsm/tasks/subscribe.yml:1
    <10.0.150.0> ESTABLISH SSH CONNECTION FOR USER: cloud-user
    <10.0.150.0> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o Port=22 -o 'IdentityFile="/home/cwyatt/.cache/molecule/idm/openstack/ssh_key"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="cloud-user"' -o ConnectTimeout=10 -o UserKnownHostsFile=/dev/null -o ControlMaster=auto -o ControlPersist=60s -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -o ControlPath=/home/cwyatt/.ansible/cp/%h-%p-%r 10.0.150.0 '/bin/sh -c '"'"'echo ~cloud-user && sleep 0'"'"''
    <10.0.150.0> (0, b'/home/cloud-user\n', b'')
    <10.0.150.0> ESTABLISH SSH CONNECTION FOR USER: cloud-user
    <10.0.150.0> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o Port=22 -o 'IdentityFile="/home/cwyatt/.cache/molecule/idm/openstack/ssh_key"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="cloud-user"' -o ConnectTimeout=10 -o UserKnownHostsFile=/dev/null -o ControlMaster=auto -o ControlPersist=60s -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -o ControlPath=/home/cwyatt/.ansible/cp/%h-%p-%r 10.0.150.0 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /home/cloud-user/.ansible/tmp/ansible-tmp-1573485170.2015998-66758194154339 `" && echo ansible-tmp-1573485170.2015998-66758194154339="` echo /home/cloud-user/.ansible/tmp/ansible-tmp-1573485170.2015998-66758194154339 `" ) && sleep 0'"'"''
    <10.0.150.0> (0, b'ansible-tmp-1573485170.2015998-66758194154339=/home/cloud-user/.ansible/tmp/ansible-tmp-1573485170.2015998-66758194154339\n', b'')
    Using module file /home/cwyatt/.virtualenvs/molecule/lib/python3.6/site-packages/ansible/modules/packaging/os/redhat_subscription.py
    <10.0.150.0> PUT /home/cwyatt/.ansible/tmp/ansible-local-14391vlk7s0m4/tmp4ezdk8bb TO /home/cloud-user/.ansible/tmp/ansible-tmp-1573485170.2015998-66758194154339/AnsiballZ_redhat_subscription.py
    <10.0.150.0> SSH: EXEC scp -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o Port=22 -o 'IdentityFile="/home/cwyatt/.cache/molecule/idm/openstack/ssh_key"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="cloud-user"' -o ConnectTimeout=10 -o UserKnownHostsFile=/dev/null -o ControlMaster=auto -o ControlPersist=60s -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -o ControlPath=/home/cwyatt/.ansible/cp/%h-%p-%r /home/cwyatt/.ansible/tmp/ansible-local-14391vlk7s0m4/tmp4ezdk8bb '[10.0.150.0]:/home/cloud-user/.ansible/tmp/ansible-tmp-1573485170.2015998-66758194154339/AnsiballZ_redhat_subscription.py'
    <10.0.150.0> (0, b'', b'')
    <10.0.150.0> ESTABLISH SSH CONNECTION FOR USER: cloud-user
    <10.0.150.0> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o Port=22 -o 'IdentityFile="/home/cwyatt/.cache/molecule/idm/openstack/ssh_key"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="cloud-user"' -o ConnectTimeout=10 -o UserKnownHostsFile=/dev/null -o ControlMaster=auto -o ControlPersist=60s -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -o ControlPath=/home/cwyatt/.ansible/cp/%h-%p-%r 10.0.150.0 '/bin/sh -c '"'"'chmod u+x /home/cloud-user/.ansible/tmp/ansible-tmp-1573485170.2015998-66758194154339/ /home/cloud-user/.ansible/tmp/ansible-tmp-1573485170.2015998-66758194154339/AnsiballZ_redhat_subscription.py && sleep 0'"'"''
    <10.0.150.0> (0, b'', b'')
    <10.0.150.0> ESTABLISH SSH CONNECTION FOR USER: cloud-user
    <10.0.150.0> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o Port=22 -o 'IdentityFile="/home/cwyatt/.cache/molecule/idm/openstack/ssh_key"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="cloud-user"' -o ConnectTimeout=10 -o UserKnownHostsFile=/dev/null -o ControlMaster=auto -o ControlPersist=60s -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -o ControlPath=/home/cwyatt/.ansible/cp/%h-%p-%r -tt 10.0.150.0 '/bin/sh -c '"'"'sudo -H -S -n  -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-kiludxpamclcqqlouizmkzwxfnvdjzed ; /usr/bin/python /home/cloud-user/.ansible/tmp/ansible-tmp-1573485170.2015998-66758194154339/AnsiballZ_redhat_subscription.py'"'"'"'"'"'"'"'"' && sleep 0'"'"''
    Escalation succeeded
tehsmyers commented 5 years ago

This is unfortunately difficult to do, because of the many ways that subscription-manager can be used. The underlying ansible module for this task is redhat_subscription, and I'm specifically nervous about adding assertions or checks to this role that are more strict than the underlying module itself is. If fields are going to be required, they should be required by the module, not this role, so this should probably be an issue filed against Ansible itself.

In this case, though, I think the problem is not with this role itself (it correctly does nothing when there's nothing to do based on the values of e.g. rhsm_unsubscribe, rhsm_username, and rhsm_org_id), but with the implementation of it in this case. I believe that what's happened is an empty string was passed for rhsm_server_hostname. I don't know if this is a valid invocation of subscription-manager that should be allowed by the redhat_subscription module or not, so I don't feel comfortable at this point adding logic to prevent it, or errors like it, to either this role or the underlying module.

greg-hellings commented 4 years ago

It might be worth at least contacting the upstream maintainer to ask them that question about empty-string hostname. I can't imagine that it should be supported.

tehsmyers commented 4 years ago

I took a closer look at this today, and I think the role's already doing everything it can reasonably do here. I like the idea of asking the maintainer about the empty hostname being supported, and I think I'll just ask the question in the form of a pull request adding validation to prevent it.