search

theforeman / foreman-ansible-modules

Ansible modules for interacting with the Foreman API and various plugin APIs such as Katello
GNU General Public License v3.0
145 stars 162 forks source link

New host parameters don't get added in foreman inventory source #1743

Closed vladvetu closed 4 weeks ago

vladvetu commented 1 month ago
SUMMARY

Manually added host parameters don't get populated in foreman inventory plugin:

plugin: theforeman.foreman.foreman
group_prefix: ""
vars_prefix: ""
# Disable because of REPORT API bug https://projects.theforeman.org/issues/37215
# Re-enable when fixed
want_content_facet_attributes: false
# Toggle, if true the inventory will retrieve ‘all_parameters’ information as host vars
want_params: true

# Merge extra vars into the available variables for composition (highest precedence).
use_extra_vars: true

# Toggle, if true the plugin will create Ansible groups for host collections
want_hostcollections: false

# Toggle, if true the inventory will fetch host_groups and create groupings for the same.
want_host_group: true

# Toggle, if true the inventory will fetch location the host belongs to and create groupings for the same.
want_location: true

#Toggle, if true the inventory will fetch organization the host belongs to and create groupings for the same.
want_organization: true

# Toggle, if True the plugin will retrieve host facts from the server
want_facts: false
ISSUE TYPE
ANSIBLE VERSION
❯ ansible --version
ansible [core 2.16.7]
...  
  executable location = /usr/bin/ansible
  python version = 3.11.9 (main, Apr 08 2024, 06:18:15) [GCC] (/usr/bin/python3.11)
  jinja version = 3.1.4
  libyaml = True
COLLECTION VERSION
❯ ansible-galaxy collection list | grep foreman
theforeman.foreman                       4.0.0
KATELLO/FOREMAN VERSION
rpm -q rubygem-katello foreman
rubygem-katello-4.12.0-1.el8.noarch
foreman-3.10.0-1.el8.noarch
STEPS TO REPRODUCE
  1. Add a new host parameter through the web UI.
  2. Go to Monitor -> Reports -> Reports Templates -> Ansible - Ansible Inventory -> Generate
  3. set Output format: JSON , Hosts: <your_host_with_new_params>, Host Parameters: yes -> Generate
  4. Insepct the JSON and confirm that the new parameters exist.
  5. invoke ansible-inventory -i foreman.yml --host <host_with_the_new_param>
  6. Check the ouput (the parameters are missing)
EXPECTED RESULTS

The new parameter to show in the hostvars.

ACTUAL RESULTS

The newly added host parameter does not get populated in the inventory

I feel like I'm missing something because the values are correctly shown in Host View -> Ansible -> Inventory

vladvetu commented 4 weeks ago

The scenario: I want to use foreman as a single place of truth for my ansible setup and to integrate it with AWX to have an "as accurate" as possible inventory source. I saw that the host_groups can store parameters and I saw it as a great opportunity to keep generic ansible variables inside them and use the nesting feature to add/override parameters as needed.

Following the guide for integrating foreman with AWX/Tower I created a non-admin user

For non-admin users, you must assign the AWX Inventory Reader role to your Foreman server user.

The problem is that AWX Inventory Reader role does NOT have the right to see the custom parameters added in host_groups or directly on a host (I believe that it can only see the global scoped parameters).

To be able to see the parameters the lowest role that I could found was Viewer. There is a View Host role but it doesn't seem to have the right permission to see the host parameters

Perhaps there could be a hint in the documentation because seeing the parameters it's a nice way to customize the ansible inventory and use foreman as a single source of truth.

https://docs.theforeman.org/nightly/Configuring_Ansible/index-foreman-el.html#

Hope this saves somebody a little bit of time.

evgeni commented 4 weeks ago

So you're saying the inventory code works fine, but the default role doesn't have sufficient permissions? That sounds like a bug in that role we should address.

vladvetu commented 4 weeks ago

Yes. If you can point me to the right repo, where should I open the issue, I will gladly do so.

evgeni commented 4 weeks ago

The role comes from the foreman_ansible plugin (see https://github.com/theforeman/foreman_ansible/blob/master/lib/foreman_ansible/register.rb) which tracks its issues at https://projects.theforeman.org/projects/ansible/issues

If you don't have an account there, shout, and I'll forward it myself.

vladvetu commented 4 weeks ago

I don't have one... So, if you can open one there will be much appreciated.

evgeni commented 4 weeks ago

https://projects.theforeman.org/issues/37537