search

rundeck-plugins / ansible-plugin

Ansible Integration for Rundeck
MIT License
331 stars 100 forks source link

ansible-vault-path is not taking into account #104

Open petromatviichuk opened 7 years ago

petromatviichuk commented 7 years ago

Hi, Seems there is an issue with decrypting vault files during plugin usage. My environment:

Rundeck 2.7.2
Ansible 2.2.1.0
rundeck-ansible-plugig: 2.0.2
rundeck user: rundeck
OS: Ubuntu 16.04

I've configured test project on Rundeck with Ansible Resource Model Source. Here is Project configuration:

#Mon Mar 27 16:04:15 UTC 2017
#edit below
project.description=
project.name=test3
project.nodeCache.delay=30
project.nodeCache.enabled=true
project.ssh-authentication=privateKey
project.ssh-keypath=/home/rundeck/.ssh/id_rsa
resources.source.1.config.ansible-become=false
resources.source.1.config.ansible-gather-facts=false
resources.source.1.config.ansible-ignore-errors=false
resources.source.1.config.ansible-inventory=/etc/ansible/hosts
resources.source.1.config.ansible-ssh-user=rundeck
resources.source.1.config.ansible-vault-path=/home/rundeck/vault
resources.source.1.type=com.batix.rundeck.plugins.AnsibleResourceModelSourceFactory
service.FileCopier.default.provider=com.batix.rundeck.plugins.AnsibleFileCopier
service.NodeExecutor.default.provider=jsch-ssh

In the logs I see following:

INFO  ProjectNodeSupport: Source #1 (com.batix.rundeck.plugins.AnsibleResourceModelSourceFactory): loading with properties: {ansible-become=false, ansible-ignore-errors=false, ansible-ssh-user=rundeck, ansible-gather-facts=false, ansible-inventory=/etc/ansible/hosts, ansible-vault-path=/home/rundeck/vault}
DEBUG DirPluginScanner: (shouldScanAll: ...: 11 vs 11
DEBUG DirPluginScanner: shouldScanAll: false, no change
DEBUG DirPluginScanner: (shouldScanAll: ...: 0 vs 0
DEBUG DirPluginScanner: shouldScanAll: false, no change
DEBUG FilePluginCache: getLoaderForIdent: Provider(ResourceModelSource,com.batix.rundeck.plugins.AnsibleResourceModelSourceFactory)
DEBUG FilePluginCache: loadFileProvider(filecache): /var/lib/rundeck/libext/ansible-plugin-2.0.2.jar
DEBUG JarPluginProviderLoader: loadInstance for Provider(ResourceModelSource,com.batix.rundeck.plugins.AnsibleResourceModelSourceFactory): /var/lib/rundeck/libext/ansible-plugin-2.0.2.jar
DEBUG JarPluginProviderLoader: Try loading provider com.batix.rundeck.plugins.AnsibleResourceModelSourceFactory
DEBUG JarPluginProviderLoader: Succeeded loading plugin com.batix.rundeck.plugins.AnsibleResourceModelSourceFactory for service: ResourceModelSource
DEBUG DirPluginScanner: shouldScanAll: false, interval
DEBUG DirPluginScanner: shouldScanAll: false, interval
DEBUG FilePluginCache: getLoaderForIdent: Provider(ResourceModelSource,com.batix.rundeck.plugins.AnsibleResourceModelSourceFactory)
DEBUG FilePluginCache: loadFileProvider(filecache): /var/lib/rundeck/libext/ansible-plugin-2.0.2.jar
DEBUG JarPluginProviderLoader: loadInstance for Provider(ResourceModelSource,com.batix.rundeck.plugins.AnsibleResourceModelSourceFactory): /var/lib/rundeck/libext/ansible-plugin-2.0.2.jar
DEBUG JarPluginProviderLoader: Try loading provider com.batix.rundeck.plugins.AnsibleResourceModelSourceFactory
DEBUG JarPluginProviderLoader: Succeeded loading plugin com.batix.rundeck.plugins.AnsibleResourceModelSourceFactory for service: ResourceModelSource
 procArgs: [ansible-playbook, gather-hosts.yml, --inventory-file=/etc/ansible/hosts, -vvvv, --extra-vars=@/tmp/rundeck/ansible-runner2872011549987041465extra-vars, --user=rundeck]
Using /etc/ansible/ansible.cfg as config file
ERROR! Decryption failed on /etc/ansible/group_vars/all
ERROR ExceptionCatchingResourceModelSource: [ResourceModelSource: 1.source (Ansible Resource Model Source), project: test3]
com.dtolabs.rundeck.core.resources.ResourceModelSourceException: ERROR: Ansible execution returned with non zero code.
        at com.batix.rundeck.plugins.AnsibleResourceModelSource.getNodes(AnsibleResourceModelSource.java:225)
        at com.dtolabs.rundeck.core.resources.ExceptionCatchingResourceModelSource.getNodes(ExceptionCatchingResourceModelSource.java:57)
        at com.dtolabs.rundeck.core.common.ProjectNodeSupport.getNodeSet(ProjectNodeSupport.java:108)
        at com.dtolabs.rundeck.core.common.ProjectNodeSupport$ProjectNodesSource.getNodes(ProjectNodeSupport.java:308)
        at com.dtolabs.rundeck.core.resources.ExceptionCatchingResourceModelSource.getNodes(ExceptionCatchingResourceModelSource.java:57)
        at com.dtolabs.rundeck.core.resources.ResourceModelSource$getNodes.call(Unknown Source)
        at rundeck.services.nodes.CachedProjectNodes.reloadNodeSet(CachedProjectNodes.groovy:42)
        at rundeck.services.nodes.CachedProjectNodes$reloadNodeSet.call(Unknown Source)
        at rundeck.services.NodeService$_loadNodes_closure3.doCall(NodeService.groovy:248)
        at rundeck.services.NodeService$_loadNodes_closure3.doCall(NodeService.groovy)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:90)
        at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:324)
        at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1207)
        at groovy.lang.ExpandoMetaClass.invokeMethod(ExpandoMetaClass.java:1110)
        at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1016)
        at groovy.lang.Closure.call(Closure.java:423)
        at groovy.lang.Closure.call(Closure.java:417)
        at com.codahale.metrics.Timer.time(Timer.java:99)
        at com.codahale.metrics.Timer$time$0.call(Unknown Source)
        at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:45)
        at com.codahale.metrics.Timer$time$0.call(Unknown Source)
        at MetricswebGrailsPlugin$_addDynamicMetricMethods_closure26.doCall(MetricswebGrailsPlugin.groovy:190)
        at sun.reflect.GeneratedMethodAccessor354.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:90)
        at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:324)
        at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1207)
        at groovy.lang.ExpandoMetaClass.invokeMethod(ExpandoMetaClass.java:1110)
        at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1016)
        at groovy.lang.Closure.call(Closure.java:423)
        at org.codehaus.groovy.runtime.metaclass.ClosureStaticMetaMethod.invoke(ClosureStaticMetaMethod.java:59)
        at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:324)
        at org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite$PogoMetaMethodSiteNoUnwrap.invoke(PogoMetaMethodSite.java:230)
        at org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite.call(PogoMetaMethodSite.java:68)
        at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:124)
        at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callSafe(AbstractCallSite.java:96)
        at rundeck.services.NodeService.loadNodes(NodeService.groovy:260)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:90)
        at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:324)
        at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1207)
        at groovy.lang.ExpandoMetaClass.invokeMethod(ExpandoMetaClass.java:1110)
        at org.codehaus.groovy.runtime.ScriptBytecodeAdapter.invokeMethodOnCurrentN(ScriptBytecodeAdapter.java:80)
        at rundeck.services.NodeService.this$dist$invoke$1(NodeService.groovy)
        at rundeck.services.NodeService$2.methodMissing(NodeService.groovy)
       at sun.reflect.GeneratedMethodAccessor854.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:90)
        at groovy.lang.MetaClassImpl.invokeMissingMethod(MetaClassImpl.java:933)
        at groovy.lang.MetaClassImpl.invokePropertyOrMissing(MetaClassImpl.java:1256)
        at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1209)
        at groovy.lang.ExpandoMetaClass.invokeMethod(ExpandoMetaClass.java:1110)
        at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1016)
        at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:807)
        at rundeck.services.NodeService$2.invokeMethod(NodeService.groovy)
        at groovy.lang.MetaClassImpl.invokeMethodOnGroovyObject(MetaClassImpl.java:1272)
        at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1166)
        at groovy.lang.ExpandoMetaClass.invokeMethod(ExpandoMetaClass.java:1110)
        at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1016)
        at org.codehaus.groovy.runtime.callsite.PogoMetaClassSite.callCurrent(PogoMetaClassSite.java:66)
        at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:145)
        at rundeck.services.NodeService$_2_reload_closure1.doCall(NodeService.groovy:112)
        at rundeck.services.NodeService$_2_reload_closure1.doCall(NodeService.groovy)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:90)
        at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:324)
        at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1207)
        at groovy.lang.ExpandoMetaClass.invokeMethod(ExpandoMetaClass.java:1110)
        at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1016)
        at groovy.lang.Closure.call(Closure.java:423)
        at groovy.lang.Closure.call(Closure.java:417)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at org.springframework.core.task.SimpleAsyncTaskExecutor$ConcurrencyThrottlingRunnable.run(SimpleAsyncTaskExecutor.java:251)
        at java.lang.Thread.run(Thread.java:745)
Caused by: com.batix.rundeck.core.AnsibleException: ERROR: Ansible execution returned with non zero code.
        at com.batix.rundeck.core.AnsibleRunner.run(AnsibleRunner.java:465)
        at com.batix.rundeck.plugins.AnsibleResourceModelSource.getNodes(AnsibleResourceModelSource.java:223)
        ... 85 more
WARN  LoggingResourceModelSourceCache: [ResourceModelSource: 1.source (Ansible Resource Model Source), project: test3] Returning cached model data

Have tested with ansible-vault-storage-path but same behavior. Also tried to set in project.properties configuration e.g. project.ansible-vault-path = /home/rundeck/vault but again without success.

I am doing something in wrong way? Thanks.

cmodijk commented 7 years ago

I'm having the same issue here is my configuration.

#Thu May 04 12:55:28 CEST 2017
#edit below
project.ansible-executable=/bin/bash
project.ansible-inventory=/opt/rundeck/server-jcid/hosts.ini
project.ansible-vault-path=/opt/rundeck/server-jcid/.vault_pass.txt
project.name=server-jcid
project.nodeCache.delay=30
project.nodeCache.enabled=true
project.ssh-authentication=privateKey
project.ssh-keypath=/var/lib/rundeck/.ssh/id_rsa
resources.source.1.config.ansible-become=false
resources.source.1.config.ansible-gather-facts=true
resources.source.1.config.ansible-ignore-errors=true
resources.source.1.config.ansible-inventory=/opt/rundeck/server-jcid/hosts.ini
resources.source.1.config.ansible-vault-path=/opt/rundeck/server-jcid/.vault_pass.txt
resources.source.1.type=com.batix.rundeck.plugins.AnsibleResourceModelSourceFactory
service.FileCopier.default.provider=com.batix.rundeck.plugins.AnsibleFileCopier
service.NodeExecutor.default.provider=com.batix.rundeck.plugins.AnsibleNodeExecutor
linlinas commented 7 years ago

+1 same issue for me.

smartattack commented 7 years ago

+1

Rundeck 2.8.2-1.31.GA (rpm) Ansible 2.3.1.0 Python 2.7 rundeck-ansible-plugin 2.0.2

orhan89 commented 6 years ago

@pmatv are you, by any chance, have a single encrypted variable? I do have similar issue and once i change it to full encrypted file, the problem gone.

petromatviichuk commented 6 years ago

@orhan89 actually no, at that time I used Ansible 2.2 without "single encrypted variable" feature. Btw due to this issue I had to change my setup by using SSH as default node executor and custom script for passing Ansible inventory to Rundeck resource model source.