search

theforeman / foreman-ansible-modules

Ansible modules for interacting with the Foreman API and various plugin APIs such as Katello
GNU General Public License v3.0
148 stars 166 forks source link

Unable to use foreman.yml inventory with ansible-pull #1504

Closed lcrownover closed 2 years ago

lcrownover commented 2 years ago
SUMMARY

When using ansible-pull to have nodes configure themselves, I specify my foreman.yml inventory file for an inventory source. This results in the following error message:

hnd1.example.org | FAILED! => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "cmd": [
        "/usr/bin/git",
        "fetch",
        "--depth",
        "1",
        "origin",
        "main"
    ],
    "msg": "Failed to download remote objects and refs:  fatal: Unable to create '/home/ansible/.ansible/pull/hnd1.example.org/.git/shallow.lock': File exists.\n\nAnother git process seems to be running in this repository, e.g.\nan editor opened by 'git commit'. Please make sure all processes\nare terminated then try again. If it still fails, a git process\nmay have crashed in this repository earlier:\nremove the file manually to continue.\n"
}
localhost | CHANGED => {
    "after": "8ebb2cc7c73d0f4831e3d47f66f088575e4b3547",
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "before": "5de6143f58ceeb518e095de4a5471e5adea6124f",
    "changed": true,
    "remote_url_changed": false
}

My ansible-pull command looks like:

~ansible/venv/bin/ansible-pull \
    --accept-host-key \
    -U ssh://git@git.example.org/myteam/team.git \
    --private-key ~ansible/.ssh/id_rsa \
    -u ansible \
    -i ~ansible/inventory/foreman.yml \
    --vault-password-file ~ansible/.vault-pass \
    ansible/playbooks/test/connection_test.yml

Running this same command, but using a local ini or yml inventory works fine:

Starting Ansible Pull at 2022-10-14 22:08:54
ansible-pull --accept-host-key -U ssh://git@git.example.org/myteam/team.git --private-key /home/ansible/.ssh/id_rsa -u ansible -i /home/ansible/inventory/test.ini --vault-password-file /home/ansible/.vault-pass  ansible/playbooks/test/connection_test.yml
[WARNING]: Could not match supplied host pattern, ignoring: hnd1
hnd1.example.org | CHANGED => {
    "after": "043d88e8aee5e598620c42a933af393af07e724b",
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "before": null,
    "changed": true
}
[WARNING]: Could not match supplied host pattern, ignoring: hnd1
[WARNING]: SSL verification of https://foreman.example.org disabled

PLAY [all] *********************************************************************

TASK [connection test] *********************************************************
ok: [hnd1.example.org]

PLAY RECAP *********************************************************************
hnd1.example.org           : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

Contents of my foreman.yml:

plugin: theforeman.foreman.foreman
validate_certs: false
url: https://foreman.example.org
user: foreman_inventory
password: someFancyPassword
want_facts: true
want_params: true
want_host_group: false
want_hostcollections: true
want_location: false
want_organization: false
want_smart_proxies: false

keyed_groups:
  - key: foreman_facts['ansible_local::role::value']
    separator: ''
    prefix: ''

Which results in a successful graph:

(venv) [ansible@hnd1 ~]$ ansible-inventory -i inventory/foreman.yml --graph
@all:
  |--@compute_test:
  |  |--nd001.example.org
  |--@foreman_content_view_production:
  |  |--hnd1.example.org
  |  |--nd001.example.org
  |--@foreman_lifecycle_environment_library:
  |  |--hnd1.example.org
  |  |--nd001.example.org
  |--@head_test:
  |  |--hnd1.example.org
  |--@ungrouped:
  |  |--foreman.example.org
  |  |--localhost

The ultimate goal being: I'm hoping to generate the hosts file using Foreman as my CMDB for ansible facts (also using callback_foreman, which is working great!)

Also, my /etc/ansible/ansible.cfg:

[defaults]
callbacks_enabled = foreman

[callback_foreman]
url = https://foreman.example.org
ssl_cert = /etc/ansible/foreman/foreman_ssl_cert.pem
ssl_key = /etc/ansible/foreman/foreman_ssl_key.pem
verify_certs = false
ISSUE TYPE
ANSIBLE VERSION
ansible [core 2.13.5]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/ansible/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/ansible/venv/lib/python3.9/site-packages/ansible
  ansible collection location = /home/ansible/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/ansible/venv/bin/ansible
  python version = 3.9.7 (default, Sep 13 2021, 08:18:39) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)]
  jinja version = 3.1.2
  libyaml = True
COLLECTION VERSION
# /home/ansible/venv/lib/python3.9/site-packages/ansible_collections
Collection                    Version
----------------------------- -------
amazon.aws                    3.5.0
ansible.netcommon             3.1.3
ansible.posix                 1.4.0
ansible.utils                 2.6.1
ansible.windows               1.11.1
arista.eos                    5.0.1
awx.awx                       21.7.0
azure.azcollection            1.13.0
check_point.mgmt              2.3.0
chocolatey.chocolatey         1.3.1
cisco.aci                     2.2.0
cisco.asa                     3.1.0
cisco.dnac                    6.6.0
cisco.intersight              1.0.19
cisco.ios                     3.3.2
cisco.iosxr                   3.3.1
cisco.ise                     2.5.5
cisco.meraki                  2.11.0
cisco.mso                     2.0.0
cisco.nso                     1.0.3
cisco.nxos                    3.2.0
cisco.ucs                     1.8.0
cloud.common                  2.1.2
cloudscale_ch.cloud           2.2.2
community.aws                 3.6.0
community.azure               1.1.0
community.ciscosmb            1.0.5
community.crypto              2.7.0
community.digitalocean        1.22.0
community.dns                 2.3.3
community.docker              2.7.1
community.fortios             1.0.0
community.general             5.7.0
community.google              1.0.0
community.grafana             1.5.3
community.hashi_vault         3.3.1
community.hrobot              1.5.2
community.libvirt             1.2.0
community.mongodb             1.4.2
community.mysql               3.5.1
community.network             4.0.1
community.okd                 2.2.0
community.postgresql          2.2.0
community.proxysql            1.4.0
community.rabbitmq            1.2.2
community.routeros            2.3.0
community.sap                 1.0.0
community.sap_libs            1.3.0
community.skydive             1.0.0
community.sops                1.4.1
community.vmware              2.10.0
community.windows             1.11.0
community.zabbix              1.8.0
containers.podman             1.9.4
cyberark.conjur               1.2.0
cyberark.pas                  1.0.14
dellemc.enterprise_sonic      1.1.2
dellemc.openmanage            5.5.0
dellemc.os10                  1.1.1
dellemc.os6                   1.0.7
dellemc.os9                   1.0.4
f5networks.f5_modules         1.20.0
fortinet.fortimanager         2.1.5
fortinet.fortios              2.1.7
frr.frr                       2.0.0
gluster.gluster               1.0.2
google.cloud                  1.0.2
hetzner.hcloud                1.8.2
hpe.nimble                    1.1.4
ibm.qradar                    2.1.0
ibm.spectrum_virtualize       1.10.0
infinidat.infinibox           1.3.3
infoblox.nios_modules         1.4.0
inspur.ispim                  1.1.0
inspur.sm                     2.2.0
junipernetworks.junos         3.1.0
kubernetes.core               2.3.2
mellanox.onyx                 1.0.0
netapp.aws                    21.7.0
netapp.azure                  21.10.0
netapp.cloudmanager           21.20.1
netapp.elementsw              21.7.0
netapp.ontap                  21.24.1
netapp.storagegrid            21.11.1
netapp.um_info                21.8.0
netapp_eseries.santricity     1.3.1
netbox.netbox                 3.8.0
ngine_io.cloudstack           2.2.4
ngine_io.exoscale             1.0.0
ngine_io.vultr                1.1.2
openstack.cloud               1.10.0
openvswitch.openvswitch       2.1.0
ovirt.ovirt                   2.2.3
purestorage.flasharray        1.14.0
purestorage.flashblade        1.10.0
purestorage.fusion            1.1.1
sensu.sensu_go                1.13.1
servicenow.servicenow         1.0.6
splunk.es                     2.1.0
t_systems_mms.icinga_director 1.31.0
theforeman.foreman            3.7.0
vmware.vmware_rest            2.2.0
vultr.cloud                   1.1.0
vyos.vyos                     3.0.1
wti.remote                    1.0.4

# /home/ansible/.ansible/collections/ansible_collections
Collection         Version
------------------ -------
theforeman.foreman 3.7.0
KATELLO/FOREMAN VERSION
Server:
package tfm-rubygem-katello is not installed
foreman-3.1.1.23-2.el8sat.noarch

Client:
package tfm-rubygem-katello is not installed
package foreman is not installed
STEPS TO REPRODUCE
# connection_test.yml
---
- hosts: all
  gather_facts: false
  become: true
  tasks:
    - name: connection test
      command: /bin/true
      changed_when: false
ansible-pull \
    --accept-host-key \
    -U ssh://git@git.example.org/myteam/team.git \  # url to your git repo
    --private-key ~ansible/.ssh/id_rsa \ # give it a private key for your service account
    -u ansible \
    -i ~ansible/inventory/foreman.yml \ # use the foreman.yml i posted above, or use your own
    --vault-password-file ~ansible/.vault-pass \
    ansible/playbooks/test/connection_test.yml
EXPECTED RESULTS

I expect the inventory to process, and for this simplified example, will run the single playbook which just runs /bin/true.

ACTUAL RESULTS
(venv) [ansible@hnd1 ~]$ ansible-pull     --accept-host-key     -U ssh://git@git.example.org/myteam/myteam.git     --private-key ~ansible/.ssh/id_rsa     -u ansible     -i ~ansible/inventory/foreman.yml     --vault-password-file ~ansible/.vault-pass     ansible/playbooks/test/connection_test.yml -vvvv --diff

ansible-pull [core 2.13.5]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/ansible/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/ansible/venv/lib/python3.9/site-packages/ansible
  ansible collection location = /home/ansible/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/ansible/venv/bin/ansible-pull
  python version = 3.9.7 (default, Sep 13 2021, 08:18:39) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)]
  jinja version = 3.1.2
  libyaml = True
Using /etc/ansible/ansible.cfg as config file
Starting Ansible Pull at 2022-10-14 22:16:55
/home/ansible/venv/bin/ansible-pull --accept-host-key -U ssh://git@git.example.org/myteam/myteam.git --private-key /home/ansible/.ssh/id_rsa -u ansible -i /home/ansible/inventory/foreman.yml --vault-password-file /home/ansible/.vault-pass ansible/playbooks/test/connection_test.yml -vvvv --diff
EXEC: /home/ansible/venv/bin/ansible  -i /home/ansible/inventory/foreman.yml  -c local  -vvvv -m git -a "name=ssh://git@git.example.org/myteam/myteam.git dest=/home/ansible/.ansible/pull/hnd1.example.org accept_hostkey=yes key_file=/home/ansible/.ssh/id_rsa depth=1" all -l "localhost,hnd1,hnd1.example.org,127.0.0.1"
ansible [core 2.13.5]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/ansible/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/ansible/venv/lib/python3.9/site-packages/ansible
  ansible collection location = /home/ansible/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/ansible/venv/bin/ansible
  python version = 3.9.7 (default, Sep 13 2021, 08:18:39) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)]
  jinja version = 3.1.2
  libyaml = True
Using /etc/ansible/ansible.cfg as config file
setting up inventory plugins
host_list declined parsing /home/ansible/inventory/foreman.yml as it did not pass its verify_file() method
script declined parsing /home/ansible/inventory/foreman.yml as it did not pass its verify_file() method
Loading collection theforeman.foreman from /home/ansible/.ansible/collections/ansible_collections/theforeman/foreman
Using inventory plugin 'ansible_collections.theforeman.foreman.plugins.inventory.foreman' to process inventory source '/home/ansible/inventory/foreman.yml'
/home/ansible/venv/lib/python3.9/site-packages/urllib3/connectionpool.py:1045: InsecureRequestWarning: Unverified HTTPS request is being made to host 'is-hpc-sat-test.example.org'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
  warnings.warn(
Set default localhost to localhost
Parsed /home/ansible/inventory/foreman.yml inventory source with auto plugin
[WARNING]: Could not match supplied host pattern, ignoring: hnd1
Loading callback plugin minimal of type stdout, v2.0 from /home/ansible/venv/lib/python3.9/site-packages/ansible/plugins/callback/minimal.py
redirecting (type: callback) ansible.builtin.foreman to theforeman.foreman.foreman
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.
META: ran handlers
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: ansible
<localhost> EXEC /bin/sh -c 'echo ~ansible && sleep 0'
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/ansible/.ansible/tmp `"&& mkdir "` echo /home/ansible/.ansible/tmp/ansible-tmp-1665785826.9371886-30793-85527666686153 `" && echo ansible-tmp-1665785826.9371886-30793-85527666686153="` echo /home/ansible/.ansible/tmp/ansible-tmp-1665785826.9371886-30793-85527666686153 `" ) && sleep 0'
<hnd1.example.org> ESTABLISH LOCAL CONNECTION FOR USER: ansible
<hnd1.example.org> EXEC /bin/sh -c 'echo ~ansible && sleep 0'
<hnd1.example.org> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/ansible/.ansible/tmp `"&& mkdir "` echo /home/ansible/.ansible/tmp/ansible-tmp-1665785826.9457588-30794-242921096726264 `" && echo ansible-tmp-1665785826.9457588-30794-242921096726264="` echo /home/ansible/.ansible/tmp/ansible-tmp-1665785826.9457588-30794-242921096726264 `" ) && sleep 0'
<localhost> Attempting python interpreter discovery
<localhost> EXEC /bin/sh -c 'echo PLATFORM; uname; echo FOUND; command -v '"'"'python3.10'"'"'; command -v '"'"'python3.9'"'"'; command -v '"'"'python3.8'"'"'; command -v '"'"'python3.7'"'"'; command -v '"'"'python3.6'"'"'; command -v '"'"'python3.5'"'"'; command -v '"'"'/usr/bin/python3'"'"'; command -v '"'"'/usr/libexec/platform-python'"'"'; command -v '"'"'python2.7'"'"'; command -v '"'"'/usr/bin/python'"'"'; command -v '"'"'python'"'"'; echo ENDFOUND && sleep 0'
<hnd1.example.org> Attempting python interpreter discovery
<hnd1.example.org> EXEC /bin/sh -c 'echo PLATFORM; uname; echo FOUND; command -v '"'"'python3.10'"'"'; command -v '"'"'python3.9'"'"'; command -v '"'"'python3.8'"'"'; command -v '"'"'python3.7'"'"'; command -v '"'"'python3.6'"'"'; command -v '"'"'python3.5'"'"'; command -v '"'"'/usr/bin/python3'"'"'; command -v '"'"'/usr/libexec/platform-python'"'"'; command -v '"'"'python2.7'"'"'; command -v '"'"'/usr/bin/python'"'"'; command -v '"'"'python'"'"'; echo ENDFOUND && sleep 0'
<hnd1.example.org> EXEC /bin/sh -c '/home/ansible/venv/bin/python3.9 && sleep 0'
<localhost> EXEC /bin/sh -c '/home/ansible/venv/bin/python3.9 && sleep 0'
Using module file /home/ansible/venv/lib/python3.9/site-packages/ansible/modules/git.py
<localhost> PUT /home/ansible/.ansible/tmp/ansible-local-307906tqdjhzq/tmpxbsrkk4c TO /home/ansible/.ansible/tmp/ansible-tmp-1665785826.9371886-30793-85527666686153/AnsiballZ_git.py
Using module file /home/ansible/venv/lib/python3.9/site-packages/ansible/modules/git.py
<localhost> EXEC /bin/sh -c 'chmod u+x /home/ansible/.ansible/tmp/ansible-tmp-1665785826.9371886-30793-85527666686153/ /home/ansible/.ansible/tmp/ansible-tmp-1665785826.9371886-30793-85527666686153/AnsiballZ_git.py && sleep 0'
<hnd1.example.org> PUT /home/ansible/.ansible/tmp/ansible-local-307906tqdjhzq/tmp3u_blg1g TO /home/ansible/.ansible/tmp/ansible-tmp-1665785826.9457588-30794-242921096726264/AnsiballZ_git.py
<hnd1.example.org> EXEC /bin/sh -c 'chmod u+x /home/ansible/.ansible/tmp/ansible-tmp-1665785826.9457588-30794-242921096726264/ /home/ansible/.ansible/tmp/ansible-tmp-1665785826.9457588-30794-242921096726264/AnsiballZ_git.py && sleep 0'
<hnd1.example.org> EXEC /bin/sh -c '/usr/libexec/platform-python /home/ansible/.ansible/tmp/ansible-tmp-1665785826.9457588-30794-242921096726264/AnsiballZ_git.py && sleep 0'
<localhost> EXEC /bin/sh -c '/usr/libexec/platform-python /home/ansible/.ansible/tmp/ansible-tmp-1665785826.9371886-30793-85527666686153/AnsiballZ_git.py && sleep 0'
<localhost> EXEC /bin/sh -c 'rm -f -r /home/ansible/.ansible/tmp/ansible-tmp-1665785826.9371886-30793-85527666686153/ > /dev/null 2>&1 && sleep 0'
localhost | FAILED! => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "cmd": "/usr/bin/git clone --origin origin --depth 1 'ssh:********@git.example.org/myteam/myteam.git' /home/ansible/.ansible/pull/hnd1.example.org",
    "invocation": {
        "module_args": {
            "accept_hostkey": true,
            "accept_newhostkey": false,
            "archive": null,
            "archive_prefix": null,
            "bare": false,
            "clone": true,
            "depth": 1,
            "dest": "/home/ansible/.ansible/pull/hnd1.example.org",
            "executable": null,
            "force": false,
            "gpg_whitelist": [],
            "key_file": "/home/ansible/.ssh/id_rsa",
            "name": "ssh://git@git.example.org/myteam/myteam.git",
            "recursive": true,
            "reference": null,
            "refspec": null,
            "remote": "origin",
            "repo": "ssh://git@git.example.org/myteam/myteam.git",
            "separate_git_dir": null,
            "single_branch": false,
            "ssh_opts": null,
            "track_submodules": false,
            "umask": null,
            "update": true,
            "verify_commit": false,
            "version": "HEAD"
        }
    },
    "msg": "fatal: destination path '/home/ansible/.ansible/pull/hnd1.example.org' already exists and is not an empty directory.",
    "rc": 128,
    "stderr": "fatal: destination path '/home/ansible/.ansible/pull/hnd1.example.org' already exists and is not an empty directory.\n",
    "stderr_lines": [
        "fatal: destination path '/home/ansible/.ansible/pull/hnd1.example.org' already exists and is not an empty directory."
    ],
    "stdout": "",
    "stdout_lines": []
}
<hnd1.example.org> EXEC /bin/sh -c 'rm -f -r /home/ansible/.ansible/tmp/ansible-tmp-1665785826.9457588-30794-242921096726264/ > /dev/null 2>&1 && sleep 0'
hnd1.example.org | CHANGED => {
    "after": "043d88e8aee5e598620c42a933af393af07e724b",
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "before": null,
    "changed": true,
    "invocation": {
        "module_args": {
            "accept_hostkey": true,
            "accept_newhostkey": false,
            "archive": null,
            "archive_prefix": null,
            "bare": false,
            "clone": true,
            "depth": 1,
            "dest": "/home/ansible/.ansible/pull/hnd1.example.org",
            "executable": null,
            "force": false,
            "gpg_whitelist": [],
            "key_file": "/home/ansible/.ssh/id_rsa",
            "name": "ssh://git@git.example.org/myteam/myteam.git",
            "recursive": true,
            "reference": null,
            "refspec": null,
            "remote": "origin",
            "repo": "ssh://git@git.example.org/myteam/myteam.git",
            "separate_git_dir": null,
            "single_branch": false,
            "ssh_opts": null,
            "track_submodules": false,
            "umask": null,
            "update": true,
            "verify_commit": false,
            "version": "HEAD"
        }
    }
}
META: ran handlers
META: ran handlers

(venv) [ansible@hnd1 ~]$ ansible-pull     --accept-host-key     -U ssh://git@git.example.org/myteam/myteam.git     --private-key ~ansible/.ssh/id_rsa     -u ansible     -i ~ansible/inventory/foreman.yml     --vault-password-file ~ansible/.vault-pass     ansible/playbooks/test/connection_test.yml --check --diff
Starting Ansible Pull at 2022-10-14 22:19:15
/home/ansible/venv/bin/ansible-pull --accept-host-key -U ssh://git@git.example.org/myteam/myteam.git --private-key /home/ansible/.ssh/id_rsa -u ansible -i /home/ansible/inventory/foreman.yml --vault-password-file /home/ansible/.vault-pass ansible/playbooks/test/connection_test.yml --check --diff
/home/ansible/venv/lib/python3.9/site-packages/urllib3/connectionpool.py:1045: InsecureRequestWarning: Unverified HTTPS request is being made to host 'is-hpc-sat-test.example.org'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
  warnings.warn(
[WARNING]: Could not match supplied host pattern, ignoring: hnd1
hnd1.example.org | FAILED! => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "cmd": [
        "/usr/bin/git",
        "fetch",
        "--depth",
        "1",
        "origin",
        "main"
    ],
    "msg": "Failed to download remote objects and refs:  fatal: Unable to create '/home/ansible/.ansible/pull/hnd1.example.org/.git/shallow.lock': File exists.\n\nAnother git process seems to be running in this repository, e.g.\nan editor opened by 'git commit'. Please make sure all processes\nare terminated then try again. If it still fails, a git process\nmay have crashed in this repository earlier:\nremove the file manually to continue.\n"
}
localhost | SUCCESS => {
    "after": "043d88e8aee5e598620c42a933af393af07e724b",
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "before": "043d88e8aee5e598620c42a933af393af07e724b",
    "changed": false,
    "remote_url_changed": false
}
evgeni commented 2 years ago

What is the exact problem tho? I see tasks executed against the hnd1.example.org host as it comes from the inventory. They fail, but that doesn't seem related to the inventory working?

lcrownover commented 2 years ago

The problem is that ansible-pull is unable to run when using the foreman.yml inventory. I can use a static inventory with ansible-pull, and I can use the foreman inventory with ansible(-playbook) from my workstation, but when having my remote node use the foreman inventory for its pull, it results in this odd double-cloning behavior.

I'm aware that this might not be the responsibility of theforeman contributors, as it's odd to me that the inventory would be causing this behavior, but I doubt I'll get any traction with the main ansible repo since it only happens using the foreman inventory. I would at least hope that others could reproduce this issue, (or not, in which case I'd be perfectly happy if I have something configured incorrectly).

evgeni commented 2 years ago

Do you happen to have a host called localhost in your Foreman? It's part of the inventory output, so I'd expect it to come from foreman. But then there are two hosts that match the all in the playbook - localhost and the fqdn notation. And that makes things execute twice. Or so I guess, at least.

lcrownover commented 2 years ago

I do not. I only have 3 hosts in this foreman instance: hnd1, n001, and the foreman server itself. My guess is that localhost is added to the inventory regardless of where the inventory is queried from, because running the same ansible-inventory -i inventory/foreman.yml --graph command from my workstation also returns localhost.

lcrownover commented 2 years ago

I think I've solved this issue.

When using ansible-pull, the arguments that take paths are (by default) relative to the path ~/.ansible/pull/hnd1.example.org/myrepo, unless you specify an absolute path.

For example, this command works:

ansible-pull \
    --accept-host-key \
    -U ssh://git@git.example.org/myteam/repo.git \
    --private-key ~ansible/.ssh/id_rsa \
    -u ansible \
    -i inventory/foreman.yml \   # <- using the relative path works. path on disk: ~/.ansible/pull/hnd1.example.org/repo/inventory/foreman.yml
    --vault-password-file ~ansible/.vault-pass \
    playbooks/test/connection_test.yml

While specifying an absolute path causes it to fail:

ansible-pull \
    --accept-host-key \
    -U ssh://git@git.example.org/myteam/repo.git \
    --private-key ~ansible/.ssh/id_rsa \
    -u ansible \
    -i ~ansible/inventory/foreman.yml \   # <- using an absolute path breaks it, this file is a copy of the file from the repo
    --vault-password-file ~ansible/.vault-pass \
    ansible/playbooks/test/connection_test.yml

Even if you specify the absolute path to the inventory file that exists in the cached repo directory, -i ~ansible/.ansible/pull/hnd1.example.org/repo/inventory/foreman.yml, it breaks.

For my purposes, this issue could be consider solved. I'm not sure if it's intended behavior, but I suppose that's not my call to make :)

Thanks for the help!