search

rundeck-plugins / ansible-plugin

Ansible Integration for Rundeck
MIT License
331 stars 100 forks source link

Config options are ignored! #387

Open madsi1m opened 3 weeks ago

madsi1m commented 3 weeks ago

Hi I am struggling to get this new version working at all. v3 was fine. Digging into the problem a bit it seems ansible-ssh-user/password in the job or project is ignored!

Adding in some debug it seems in src/main/groovy/com/rundeck/plugins/ansible/plugin/AnsibleResourceModelSource.java, function configure the variable configuration only contains:

ansible-config-file-path=/var/lib/rundeck/work/Ansible_playboo...
ansible-binaries-dir-path=/srv/python/ansible2.14/bin
ansible-inventory=/var/lib/rundeck/work/Ansible_playboo...
project=Ansible_playbooks
ansible-ignore-errors=true
ansible-gather-facts=false

which means things in the function configure sets most things to default values.

Weirdly, PropertyResolver.resolveProperty() gets called, and adding some debug lines to that i can see it sees and extracts ansible-ssh-user/password correctly but doesn't seem to use it.

I wonder if this is the same problem as:

Cheers

kbens commented 3 weeks ago

I'm seeing an issue with Ansible Resource Module in 5.5 that might be similar? It can't seem to find the ansible-inventory binary, so maybe the ansible-binaries-dir-path value isn't working as expected? This works fine in 5.4 so I'm going to troubleshoot some more...

The Node Source had an error:
Failed to get node list from ansible: ERROR: Ansible IO failure: Cannot run program "ansible-inventory": error=2, No such file or directory
kbens commented 3 weeks ago

Another strange thing, the 5.5 release notes point to this module being bumped to 4.0.4 but I'm seeing it as 4.0.5?

image

MegaDrive68k commented 3 weeks ago

Hi @madsi1m

Could you share the steps to reproduce the issue on rundeck 5.5?

Thanks!

madsi1m commented 3 weeks ago

Hi a colleague of mine did some tinkering with our config and got further than I. It seems our "final" problem is that ansible-plugin is wanting and setting ansible_ssh_password but both ansible and mitogen seems to use ansible_ssh_pass. Reading docker-container.md in this repo, it is also using ansible_ssh_pass.

I created this PR that fixes this problem https://github.com/rundeck-plugins/ansible-plugin/pull/388 (tested on 5.5)

astapelfeld commented 2 weeks ago

My issue #389 seems to be also related to this one. In my case WinRM connections are not working: "credssp: auth method credssp requires a password" . I reproduced it manually and the plugin is passing the password as 'ansible_ssh_password' to ansible and that variable is not being recognized by the winrm module. Changing the variable to 'ansible_ssh_pass' works (even if not documented for winrm). That would explain why it was working in the past.

According the Ansible Docs:

ansible.builtin.ssh connection:

image

ansible.builtin.winrm connection:

image

I guess the ideal solution would be to have separate plugin attributes for each connection type, but until then, could the password be passed as 'ansible_password' as well? That variable seems to be used by all connection types.

For SSH ansible_ssh_password was added in ansible 2.8, so for those using ssh, upgrading ansible should solve the problem

And this is the commit by @ltamaster in which this was introduced: https://github.com/rundeck-plugins/ansible-plugin/commit/0f258715caf9e64ff7dbe6906daef99b7ab90a52 Ansible used to prompt for the password. The new behaviour is to pass the password as extraVar