Closed Nizla closed 7 years ago
Wow, thanks for the detailed report! That's a developer's dream. ;)
It seems your playbook targets "172.30.253.30" with its hosts
entry. But the job screenshot shows Rundeck is trying to run it on node "rundeck".
How did you configure your job? Can you post your job definition as YAML?
That's the behaviour i expect from the playbook. What the playbook try to do is to connect, from the rundeck server, to the switch (172.30.253.30) using SSH. So the playbook must be run locally.
Here the job definition from the job using the plugin:
- description: test job which create acl, and destro them afterward
executionEnabled: true
id: b80b0aa3-bd1a-48b2-8efe-6842980b6986
loglevel: INFO
name: test_acl
scheduleEnabled: true
sequence:
commands:
- configuration:
extraArgs: -u root
playbook: /etc/ansible/playbooks/ios/ios-test-acl.yml
description: test the creation of the acl
nodeStep: true
type: com.batix.rundeck.AnsiblePlaybookNodeStep
- configuration:
extraArgs: -u root
playbook: /etc/ansible/playbooks/ios/ios-delete-test-acl.yml
description: test the destruction of the freshly created acl
nodeStep: true
type: com.batix.rundeck.AnsiblePlaybookNodeStep
keepgoing: false
strategy: node-first
uuid: b80b0aa3-bd1a-48b2-8efe-6842980b6986
Here the job definition from the job who don't:
- description: |-
Test acl creation with ansible module (ios_config)
and delete them afterward (with ios_config too)
executionEnabled: true
id: a97c4e76-ca7c-428a-991d-3f8f5e98b3a5
loglevel: INFO
name: test_ansible_acl
scheduleEnabled: true
sequence:
commands:
- description: create the acl
exec: ansible-playbook /etc/ansible/playbooks/ios/ios-test-acl.yml
- description: delete them
exec: ansible-playbook /etc/ansible/playbooks/ios/ios-delete-test-acl.yml
keepgoing: false
strategy: node-first
uuid: a97c4e76-ca7c-428a-991d-3f8f5e98b3a5
And the playbooks i'm using in the job are like these (the module i used are nxos_command and nxos_config).
- hosts: ios
gather_facts: no
connection: local
tasks:
- name: OBTAIN LOGIN CREDENTIALS
include_vars: secrets.yml
- name: DEFINE PROVIDER
set_fact:
provider:
host: "{{ inventory_hostname }}"
username: "{{ creds['username'] }}"
password: "{{ creds['password'] }}"
auth_pass: "{{ creds['auth_pass'] }}"
- name: CREATE 'TEST' ACCESS-LIST
ios_config:
provider: "{{ provider }}"
authorize: yes
lines:
- 10 permit ip host 1.1.1.1 any
- 20 deny ip any any
parents: ['ip access-list extended TEST']
#before: ['no ip access-list extended TEST']
match: exact
Only put the one for the creation of acl list, the destruction is just the same with 'no ip access-list extended TEST' in lines:
Hi @Nizla ,
Can you please try to post the content of the rundeck limit file, it is a temp so you should find it only while the job is running and should be named /tmp/ansible-runner*targets or if you are limiting to only one host the execution will use -l HOST_NAME instead of the file. you can find the full command executed by rundeck if you do : ps -eaf | grep -i "ansible-playbook" while the job is running.
The plugin passes the selected nodes of the job to the playbook via the -l
parameter. So if you select the local Rundeck server node for the job, but your Ansible playbook targets "ios" it won't find a matching host.
It makes more sense if you imagine a playbook that targets "all" or "webservers" but you want to limit the job only to nodes "webserver1" and "webserver5" or something like that. You would then create a job, add a step for the playbook and only select those two nodes for the job.
If you think about it, the nodes you select for a job are the nodes where something should happen, as it is with other steps (Command, Script, Copy File). That's what I initially came up with, happy to discuss improvements (an option to not pass the limits maybe?).
It seems like more of a problem of philosophy and way of using Rundeck and Ansible, but the mistake was on my side. When i choose the "Dispatch to nodes" option and give him the good node or all the nodes, the playbook run perfectly well.
I didn't understand what the "dispatch to nodes" and "execute locally" options were trying to do. But it's just using the --limit parameter. It was misleading in my case because of the option "run locally". Because everything must be run locally in my job, and that's made by the "connection: local" at the beginning of my playbooks. But i must give him a list of distant host too, as it is used as a parameter by the module i used to connect with SSH, and the local server isn't on the list of hosts.
The way you're using Ansible (with the limit parameter each time) is cool, I didn't thought about it before :+1: But sometimes your playbook is already made with the exact hosts you want it to run, so an option to not use the limit parameter could be very cool, as even ansible made it optional when using the command line. You can pass around by putting ".*" in the node filter, but it will try to launch the job with ALL the nodes referenced in rundeck (with failure of course). And so it's a big waste of time and ressources.
Hi there,
I started using Rundeck and Ansible for a few days from today, and, i've run into a lot of problem, but this one i'm not passing through. I'm just trying to launch 2 simple playbook into a Cisco Switch who create an ACL Test, and destroy it. Just to test if playbook can work normally.
Playbooks work fine when:
ansible-playbook /etc/ansible/playbooks/ios/ios-test-acl.yml
su rundeck -s /bin/bash -c "ansible-playbook /etc/ansible/playbooks/ios/ios-test-acl.yml
But they won't work when i launch them from Rundeck with the option coming from the plugin (to launch playbook)
I'm pretty sure i'm missing something but i can't find what it is and it's pretty frustrating. Here what i've done at the moment.
Project configuration following the readme:
ownership from rundeck to /var/lib/rundeck:
drwxr-xr-x 12 rundeck root 4.0K Jun 20 16:59 rundeck
The test command is good:
ansible config file:
node rundeck can see:
And the host file (with the password which is visible and not crypted for the ssh pass missing here):
Tanks in advance !
Server: Debian 8.4 Rundeck 2.6.7-1 Ansible 2.1.0.0 Plugin 1.2.4 Java 1.7.0_101 Python 2.7.9 Client: Cisco IOS - C2960X - 15.0(2)EX5