manageiq / ansible-manageiq-automate Goto Github PK

View Code? Open in Web Editor NEW

7.0 7.0 10.0 50 KB

Ansible role to modify the ManageIQ automate workspace

Home Page: https://galaxy.ansible.com/manageiq/manageiq_automate

License: Apache License 2.0

Python 100.00%

ansible-manageiq-automate's Introduction

ManageIQ

Discover, Optimize, and Control your Hybrid IT

Manage containers, virtual machines, networks, and storage from a single platform

ManageIQ is an open-source Management Platform that delivers the insight, control, and automation that enterprises need to address the challenges of managing hybrid IT environments. It has the following feature sets:

Insight: Discovery, Monitoring, Utilization, Performance, Reporting, Analytics, Chargeback, and Trending.
Control: Security, Compliance, Alerting, Policy-Based Resource and Configuration Management.
Automate: IT Process, Task and Event, Provisioning, Workload Management and Orchestration.
Integrate: Systems Management, Tools and Processes, Event Consoles, CMDB, RBA, and Web Services.

Get Started

Learn more

We respectfully ask that you do not directly email any manageiq committers with questions or problems. The community is best served when discussions are held in public.

Licensing

See LICENSE.txt.

Except where otherwise noted, all ManageIQ source files are covered by the following copyright and license notice:

Export Notice

By downloading ManageIQ software, you acknowledge that you understand all of the following: ManageIQ software and technical information may be subject to the U.S. Export Administration Regulations (the "EAR") and other U.S. and foreign laws and may not be exported, re-exported or transferred (a) to any country listed in Country Group E:1 in Supplement No. 1 to part 740 of the EAR (currently, Cuba, Iran, North Korea, Sudan & Syria); (b) to any prohibited destination or to any end user who has been prohibited from participating in U.S. export transactions by any federal agency of the U.S. government; or (c) for use in connection with the design, development or production of nuclear, chemical or biological weapons, or rocket systems, space launch vehicles, or sounding rockets, or unmanned air vehicle systems. You may not download ManageIQ software or technical information if you are located in one of these countries or otherwise subject to these restrictions. You may not provide ManageIQ software or technical information to individuals or entities located in one of these countries or otherwise subject to these restrictions. You are also responsible for compliance with foreign law requirements applicable to the import, export and use of ManageIQ software and technical information.

ansible-manageiq-automate's People

Contributors

Stargazers

Watchers

Forkers

ahmbas mattparko pkomanek miha-plesko kernt sigbjornaib syncrou fryguy isabella232 alaasmeti

ansible-manageiq-automate's Issues

Allow playbook to run if SCM access is restored during retries.

Original BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1835226

Description of problem:
When using a playbook as part of an automate provision, if ansible-runner is used to run a playbook and the initial connection to the SCM fails, retries of the task will never succeed, even if connectivity is resumed before all attempts are made.
How reproducible:
all the time

Steps to Reproduce:

set up an automate that calls a playbook as part of provisioning (using ansible-runner and a SCM)
break connectivity to the SCM
initiate a provisioning
restore connectivity before all retries are exhausted

Actual results:
failure to connect will cause the task to fail, then be retried.

Expected results:
when connectivity is restored, attempts should not fail anymore.

Ansible runner is unable to fetch roles where the SCM requires authentication

Original BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1835862

Description of problem:
When ansible-runner is used, roles specified in "roles/requirements.yml" which is present on an SCM which requires authentication fails to be downloaded.
Steps to Reproduce:
1.set up authentication protected SCM for ansible playbook with Roles specified in "roles/requirements.yml"
2.call the playbook through an automate (as part of an automate deployment

Actual results:
unable to download the required roles

Expected results:
able to download the required roles

Request the ability go run Ansible as non-root

Original BZ:https://bugzilla.redhat.com/show_bug.cgi?id=1837976

Proposed title of this feature request

run ansible as non-root user

What is the nature and description of the request?

For security purposes, the customer would like ansible to run as another user on appliances

What is the need this?

security purposes, to separate the user that runs ansible from root on the appliance. This adds also for benefits the possibility to set ssh keys for the user running ansible that aren't going to be put in place for root.

How would the customer like to achieve this? (List the functional requirements here)

ansible is running as another user.

For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.

if you run a playbook, ansible runs it as non-root user on the appliance

HTTP Error 401

TASK [syncrou.manageiq-automate : Initialize the Workspace] ********************
fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "msg": "HTTP Error 401: Unauthorized"}

PLAY RECAP *********************************************************************
localhost : ok=1 changed=0 unreachable=0 failed=1

get_attribute fails on empty arrays

In CF I'm doing
@handle.root['a_groups'] = groups

where groups could be an empty array ( [] )

embedded ansible in verbose mode shows this as expected, e.g.:


                "/ManageIQ/System/event_handlers/event_enforce_policy": {
                    "::miq::parent": "/ManageIQ/System/Event/MiqEvent/POLICY/request_vm_retire"
                },
                "root": {
                    **"a_groups": [],**
                    "a_platform": "linux",
                    "ae_next_state": "",
                    "ae_provider_category": "infrastructure",
                    "ae_result": "ok",
                    "ae_retry_server_affinity": false,
                    "ae_state": "AnsibleRetire1",
                    "ae_state_max_retries": 100,

but then the obvious call:

  tasks:
    - name: Get $evm.root['a_groups']
      manageiq_automate:
        workspace: "{{ workspace }}"
        get_attribute:
          object: "root"
          attribute: "a_groups"
      register: a_groups

fails with
Object root Attribute a_groups does not exist

unless
ignore_errors: True

(but even then, special care must be taken to not operate on a non-existant fact in the playbook)

Unexpected Exception, this is probably a bug: cannot import name '_psutil_linux'

Hi,

if i´m using the role manageiq.manageiq_automate i receive this Error by using Ansible Playbook Method

i got 2 Appliances

1x ManageIQ Version: najdorf-1.3
1x ManageIQ Version: oparin-1.1

and both having the same issue

/var/www/miq/vmdb/log]# tail -f evm.log | grep ERROR

{"event"=>"verbose", "uuid"=>"6364e89c-f42e-4ba0-8fbb-19112b50597c", "counter"=>15, "stdout"=>"ERROR! Unexpected Exception, this is probably a bug: cannot import name '_psutil_linux' from partially initialized module 'psutil' (most likely due to a circular import) (/usr/lib64/python3.6/site-packages/psutil/init.py)", "start_line"=>14, "end_line"=>15, "runner_ident"=>"result"}
[----] E, [2023-03-16T11:28:12.829545 #2304:bb698] ERROR -- evm: MIQ(MiqAeEngine.deliver) Error delivering {"dialog_param_input_hostname"=>"", "dialog_param_input_fqdn"=>"", "dialog_param_input_sockets"=>"1", "dialog_text_box_3"=>"4", "dialog_text_box_1"=>"16 GB", "dialog_param_input_lvs_dropdown"=>nil, "dialog_text_box_2"=>"", "dialog_text_box_4"=>"", "dialog_radio_button_1"=>"1", "dialog_text_box_5"=>"", "User::user"=>1, "ServiceTemplate::service_template"=>17} for object [ServiceTemplate.17] with state [] to Automate: ansible playbook failed
[----] E, [2023-03-16T11:28:12.831150 #2304:bb698] ERROR -- evm: [NoMethodError]: undefined method root' for nil:NilClass  Method:[rescue in values_from_automate] [----] E, [2023-03-16T11:28:12.831594 #2304:bb698] ERROR -- evm: /var/www/miq/vmdb/app/models/dynamic_dialog_field_value_processor.rb:14:in values_from_automate'

My Ansible Playbook is very simple and added via scm

roles

manageiq.manageiq_automate
testplaybook.yaml

- name: Embedded Ansible | Test | Start
  hosts: localhost
  connection: local
  vars:
    - auto_commit: True
    - object: root
    - interval: 600
  gather_facts: False

  roles:
  - manageiq.manageiq_automate

  tasks:
  - name: Get the full list of objects/instances in the workspace (get_object_names)
    manageiq_automate:
      workspace: "{{ workspace }}"
      get_object_names: yes
    register: workspace_object_names

  - name: DEBUG object_names
    debug: 
      msg: "{{ workspace_object_names }}"

thx

TASK [syncrou.manageiq-automate : Initialize the Workspace] failed

my playbook is :