sap_swpm: inifile generation on non-linux ansible controllers

[sean-freeman]

sap_swpm: inifile generation on non-linux ansible controllers

Error:

TASK [community.sap_install.sap_swpm : SAP SWPM Pre Install - Create temporary directory on control node] *********
fatal: [test-nwas -> localhost]: FAILED! => changed=false
  module_stderr: |-
    sudo: a password is required
  module_stdout: ''
  msg: |-
    MODULE FAILURE
    See stdout/stderr for the exact error
  rc: 1

Analysis:

This is caused by delegate_to: localhost and hardcoding user and group parameters of built-in Ansible Modules tempfile/copy/template; setting parameter mode has no apparent effect. When removed or become: false is set - then the processing occurs on the remote/target host then the file is correctly generated and execution occurs.

To retain this, would require execution from macOS (and likely Windows WSL when the playbook file is on Windows NTFS drive instead of inside the Linux container) with sudo and env var passing: sudo -E ansible-playbook test.yml

It is also very possible this will cause issues in pipeline containers where storage is restrictive, such as Azure DevOps Pipeline, Jenkins, CircleCI, TravisCI, OpenShift Pipelines (Tekton), GitLab Runner etc.

The benefit of processing the inifile locally (between 10-100 seconds, assuming 1 sec processing per parameter and maximum 100 inifile parameters) is a minor benefit when compared to the cross-platform interoperability benefit.

Suggestion:

To retain local processing, declare become: false and remove user + group parameters for built-in Ansible Modules tempfile/copy/template.

[berndfinger]

Thanks for reporting this @sean-freeman. I tried several combinations of parameters for tempfile, copy and template, and the one which passed all my tests was the one without localhost delegation for the affected tasks. So let's got that route then.