workshops icon indicating copy to clipboard operation
workshops copied to clipboard

Published 20 hours ago verified publisher icon ansible

RHEL workshop credentials issue

Open KnightRide12 opened this issue 2 years ago • 3 comments

Problem Summary

Exercise 6 system-roles for RHEL automation workshop asks participants to launch SECURITY / Hardening job template. The job template will fail as the credentials is not set in the job template and the wrong execution environment is set. The credentials needs to be set to "Workshop Credential" and the execution environment needs to be set to "rhel_90_workshop execution environment" in order for the role to be present.

Issue Type

Bug

Extra vars file

N/A

Ansible Playbook Output

Before credential is set: PLAY [harden linux systems] **************************************************** TASK [Gathering Facts] ********************************************************* fatal: [node1]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added '3.145.55.50' (ECDSA) to the list of known hosts.\r\[email protected]: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).", "unreachable": true} fatal: [node2]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added '3.145.11.190' (ECDSA) to the list of known hosts.\r\[email protected]: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).", "unreachable": true} fatal: [node3]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added '3.144.83.132' (ECDSA) to the list of known hosts.\r\[email protected]: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).", "unreachable": true} PLAY RECAP ********************************************************************* node1 : ok=0 changed=0 unreachable=1 failed=0 skipped=0 rescued=0 ignored=0
node2 : ok=0 changed=0 unreachable=1 failed=0 skipped=0 rescued=0 ignored=0
node3 : ok=0 changed=0 unreachable=1 failed=0 skipped=0 rescued=0 ignored=0

Credential is set but wrong EE is used: Identity added: /runner/artifacts/9/ssh_key_data (/runner/artifacts/9/ssh_key_data) PLAY [harden linux systems] **************************************************** TASK [Gathering Facts] ********************************************************* ok: [node3] ok: [node1] ok: [node2] TASK [Configure Firewall] ****************************************************** TASK [linux-system-roles.firewall : include_tasks] ***************************** included: /runner/requirements_roles/linux-system-roles.firewall/tasks/firewalld.yml for node2, node3, node1 TASK [linux-system-roles.firewall : Ensure ansible_facts used by role] ********* ok: [node2] ok: [node3] ok: [node1] TASK [linux-system-roles.firewall : Install firewalld] ************************* ok: [node3] ok: [node2] ok: [node1] TASK [linux-system-roles.firewall : Install python-firewall] ******************* skipping: [node2] skipping: [node3] skipping: [node1] TASK [linux-system-roles.firewall : Install python3-firewall] ****************** ok: [node2] ok: [node3] ok: [node1] TASK [linux-system-roles.firewall : Enable and start firewalld service] ******** ok: [node2] ok: [node3] ok: [node1] TASK [linux-system-roles.firewall : Check if previous replaced is defined] ***** ok: [node2] ok: [node3] ok: [node1] TASK [linux-system-roles.firewall : Get config files, checksums before and remove] *** skipping: [node2] skipping: [node3] skipping: [node1] TASK [linux-system-roles.firewall : Configure firewall] ************************ TASK [linux-system-roles.firewall : Get config files, checksums after] ********* skipping: [node2] skipping: [node3] skipping: [node1] TASK [linux-system-roles.firewall : Calculate what has changed] **************** skipping: [node2] skipping: [node3] skipping: [node1] TASK [linux-system-roles.firewall : Show diffs] ******************************** skipping: [node2] skipping: [node3] skipping: [node1] TASK [Configure Timesync] ****************************************************** ERROR! the role 'redhat.rhel_system_roles.timesync' was not found in /runner/project/playbooks/security/roles:/runner/requirements_roles:/home/runner/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles:/runner/project/playbooks/security The error appears to be in '/runner/project/playbooks/security/hardening.yml': line 20, column 15, but may be elsewhere in the file depending on the exact syntax problem. The offending line appears to be: include_role: name: redhat.rhel_system_roles.timesync ^ here PLAY RECAP ********************************************************************* node1 : ok=7 changed=0 unreachable=0 failed=0 skipped=6 rescued=0 ignored=0
node2 : ok=7 changed=0 unreachable=0 failed=0 skipped=6 rescued=0 ignored=0
node3 : ok=7 changed=0 unreachable=0 failed=0 skipped=6 rescued=0 ignored=0

Ansible Version

ansible [core 2.12.2] config file = /etc/ansible/ansible.cfg configured module search path = ['/home/student1/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible ansible collection location = /home/student1/.ansible/collections:/usr/share/ansible/collections executable location = /usr/bin/ansible python version = 3.8.12 (default, Sep 16 2021, 10:46:05) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)] jinja version = 2.10.3 libyaml = True

Ansible Configuration

ACTION_WARNINGS(/etc/ansible/ansible.cfg) = False COLLECTIONS_ON_ANSIBLE_VERSION_MISMATCH(/etc/ansible/ansible.cfg) = ignore DEFAULT_HOST_LIST(/etc/ansible/ansible.cfg) = ['/home/student1/lab_inventory/hosts'] DEFAULT_STDOUT_CALLBACK(/etc/ansible/ansible.cfg) = yaml DEFAULT_TIMEOUT(/etc/ansible/ansible.cfg) = 60 DEPRECATION_WARNINGS(/etc/ansible/ansible.cfg) = False HOST_KEY_CHECKING(/etc/ansible/ansible.cfg) = False INTERPRETER_PYTHON(/etc/ansible/ansible.cfg) = auto_silent PERSISTENT_COMMAND_TIMEOUT(/etc/ansible/ansible.cfg) = 200 PERSISTENT_CONNECT_TIMEOUT(/etc/ansible/ansible.cfg) = 200 RETRY_FILES_ENABLED(/etc/ansible/ansible.cfg) = False SYSTEM_WARNINGS(/etc/ansible/ansible.cfg) = False

Ansible Execution Node

Ansible Controller (previously known as Ansible Tower)

Operating System

RHEL

KnightRide12 avatar Jun 22 '22 04:06 KnightRide12

This should be fixed now for the execution environment part, I will send a PR to attach the workshop credentials

anshulbehl avatar Jul 06 '22 17:07 anshulbehl

is this fixed @anshulbehl ?

IPvSean avatar Aug 29 '22 18:08 IPvSean

followup @anshulbehl

IPvSean avatar Jan 13 '23 15:01 IPvSean