template rendering fails on Satellite 6.5 when role run from Satellite

[parmstro]

Warning: Detail

Abstract: template rendering fails with data sent from Satellite via <%= @host.policies_enc %> when set has hostgroup parameter for foreman_scap_client_policies with error

"AnsibleUndefinedVariable: 'unicode object' has no attribute 'minute'"

WORKAROUND: munge the foreman_scap_client_policies variable with from_json

• set_fact: foreman_scap_client_policies: "{{ foreman_scap_client_policies | from_json }}"

There appears to be something funky in the way that Satellite is passing the policies data. Wierd mix of unicode tagged values and not unicode tagged attribute keys or so it seems... I do not have the tools to figure it out. But see below.

TLDR

Env:

Red Hat Satellite (build: 6.5.2.1)

ansible --version ansible 2.8.5 config file = /etc/ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /bin/ansible python version = 2.7.5 (default, Jun 11 2019, 14:33:56) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]

Invoking job via ansible with the following vars (taken from @host.policies_enc) works as expected.

---

• hosts: testidm1.parmstrong.ca roles:
  • ansible-foreman_scap_client vars: foreman_scap_client_server: https://sat6.parmstrong.ca foreman_scap_client_port: 9090 foreman_scap_client_policies: [{ "id": "1", "hour": "12", "minute": "1", "month": "", "monthday": "", "weekday": "1", "profile_id": "xccdf_org.ssgproject.content_profile_pci-dss", "content_path": "/var/lib/openscap/content/96c2a9d5278d5da905221bbb2dc61d0ace7ee3d97f021fccac994d26296d986d.xml", "download_path": "/compliance/policies/2/content/96c2a9d5278d5da905221bbb2dc61d0ace7ee3d97f021fccac994d26296d986d", "tailoring_path": "", "tailoring_download_path": "" }]

However, when invoked via Satellite, the job invocation fails with the following error: ... 45: TASK [ansible-foreman_scap_client : Create cron in /etc/cron.d/] *** 46: fatal: [testidm1.parmstrong.ca]: FAILED! => {"changed": false, "msg": "AnsibleUndefinedVariable: 'unicode object' has no attribute 'minute'"} ...

Using debug msgs I saw an interesting thing - there appears to be a mix of unicode and non-unicode definition in the data coming from Satellite. See below bold type below:

Debug from successful run using command line ansible, as above: ... TASK [ansible-foreman_scap_client : debug] ** ok: [testidm1.parmstrong.ca] => (item={u'profile_id': u'xccdf_org.ssgproject.content_profile_pci-dss', u'hour': u'12', u'download_path': u'/compliance/policies/2/content/96c2a9d5278d5da905221bbb2dc61d0ace7ee3d97f021fccac994d26296d986d', u'content_path': u'/var/lib/openscap/content/96c2a9d5278d5da905221bbb2dc61d0ace7ee3d97f021fccac994d26296d986d.xml', u'month': u'', u'weekday': u'1', u'tailoring_download_path': u'', u'monthday': u'', u'id': u'1', u'minute': u'1', u'tailoring_path': u''}) => { "ansible_loop_var": "item", "item": { "content_path": "/var/lib/openscap/content/96c2a9d5278d5da905221bbb2dc61d0ace7ee3d97f021fccac994d26296d986d.xml", "download_path": "/compliance/policies/2/content/96c2a9d5278d5da905221bbb2dc61d0ace7ee3d97f021fccac994d26296d986d", "hour": "12", "id": "1", "minute": "1", "month": "", "monthday": "", "profile_id": "xccdf_org.ssgproject.content_profile_pci-dss", "tailoring_download_path": "", "tailoring_path": "", "weekday": "1" } }

TASK [ansible-foreman_scap_client : Create cron in /etc/cron.d/] **** changed: [testidm1.parmstrong.ca]

Now the output from the Satellite Console for a run with the same role...19: TASK [ansible-foreman_scap_client : debug] ***** 20: ok: [testidm1.parmstrong.ca] => (item={'profile_id': u'xccdf_org.ssgproject.content_profile_pci-dss', 'hour': u'3', 'download_path': u'/compliance/policies/2/content/96c2a9d5278d5da905221bbb2dc61d0ace7ee3d97f021fccac994d26296d986d', 'content_path': u'/var/lib/openscap/content/96c2a9d5278d5da905221bbb2dc61d0ace7ee3d97f021fccac994d26296d986d.xml', 'month': u'', 'weekday': u'', 'tailoring_download_path': u'', 'monthday': u'', 'id': 2, 'minute': u'0', 'tailoring_path': u''}) => { 21: "ansible_loop_var": "item", 22: "item": { 23: "content_path": "/var/lib/openscap/content/96c2a9d5278d5da905221bbb2dc61d0ace7ee3d97f021fccac994d26296d986d.xml", 24: "download_path": "/compliance/policies/2/content/96c2a9d5278d5da905221bbb2dc61d0ace7ee3d97f021fccac994d26296d986d", 25: "hour": "3", 26: "id": 2, 27: "minute": "0", 28: "month": "", 29: "monthday": "", 30: "profile_id": "xccdf_org.ssgproject.content_profile_pci-dss", 31: "tailoring_download_path": "", 32: "tailoring_path": "", 33: "weekday": "" 34: } 35: }

Notice that none of the attributes have u'attribute_name' as in the successful run... wierd.

[parmstro]

apparently this may be an environmental issue. With the change, running at the command line fails with

TASK [ansible-foreman_scap_client : set_fact] *** fatal: [testidm1.parmstrong.ca]: FAILED! => {"msg": "Unexpected templating type error occurred on ({{ foreman_scap_client_policies | from_json }}): expected string or buffer"}

yet succeeds with Satellite invocation... someone is handling the ansible differently...

[parmstro]

don't think it is ansible-foreman_scap_client related.