Closed milliams closed 4 years ago
I'm not sure if doing this will be expected for everyone. Ultimately you are trying to update a locked template. You could unlock it first, maybe using block
and rescue
. Really I would suggest using Foreman's RBAC to stop users changing stuff you don't want them to.
Ok, that's reasonable.
In that case I think that improving the error message would be helpful. At present it just prints:
{
"changed": false,
"msg": "Error while updating ProvisioningTemplate: 422 Client Error: Unprocessable \
Entity for url: https://localhost/api/v2/provisioning_templates/135"
}
Is that all that is returned from Foreman? In the Foreman logs there is the message This template is locked. Please clone it to a new template to customize.
. Is that returned through the API? If not I guess there's nothing you can do.
Unfortunately, this comes from python-requests (https://github.com/requests/requests/blob/master/requests/models.py#L937) The reason (Unprocessable Entity
) comes from the Foreman server, I suspect its probably best to raise an issue with Foreman https://projects.theforeman.org/issues/new
@milliams So it turns out Foreman does return an proper message via API, i've raised https://github.com/SatelliteQE/nailgun/issues/519 to see if can get that error printed to the user.
Since we moved away from nailgun and merged https://github.com/theforeman/foreman-ansible-modules/pull/505, I think this issue can be closed as you should see the error properly.
Please re-open if you think this is not the case.
SUMMARY
Using the foreman_provisioning_template to manage a provisioning template fails to change it is
locked: true
is set.ISSUE TYPE
ANSIBLE VERSION
KATELLO/FOREMAN VERSION
NAILGUN VERSION
STEPS TO REPRODUCE
Running the playbook once with:
succeeds correctly. Repeating the run without changing anything correctly identifies that the template hasn't changed and so doesn't run the task.
However, it doesn't work if I change the contents of the template so it becomes:
EXPECTED RESULTS
I would expect it to update the contents of the template even though it is locked. We want to manage these templates via Ansible but prevent users in the web interface from messing with them accidentally.
I expect it would need logic to unlock the template, make the change and then lock it again.
Alternatively, an error message from the module noticing that you're trying to change a locked template would aid debugging.
ACTUAL RESULTS
Looking in /var/log/foreman/production.log I see: