cloudera-deploy icon indicating copy to clipboard operation
cloudera-deploy copied to clipboard

Published 20 hours ago verified publisher icon cloudera-labs

CDP private teardown - asks for a credentials

Open HirossxD opened this issue 1 year ago • 7 comments

I was able to deploy the cdp private without any credentials, only cdp license has been used. I am trying to teardown our deployed cluster via tags -t teardown,all . however it fails with this missing credetials error.

TASK [cloudera.exe.runtime : Refresh Environment Info with Descendants] ****************************************************************************************************
task path: /opt/cldr-runner/collections/ansible_collections/cloudera/exe/roles/runtime/tasks/initialize_teardown.yml:17
Friday 11 November 2022  13:39:06 +0000 (0:00:00.069)       0:00:08.557 *******
fatal: [localhost]: FAILED! => {"changed": false, "error": "{'base_error': NoCredentialsError('Unable to locate CDP credentials: No credentials found anywhere in chain. The shared credentials file should be stored at /home/runner/.cdp/credentials.'), 'ext_traceback': ['  File \"/root/.ansible/tmp/ansible-tmp-1668173946.776787-24441-170028905131803/AnsiballZ_env_info.py\", line 102, in <module>\\n    _ansiballz_main()\\n', '  File \"/root/.ansible/tmp/ansible-tmp-1668173946.776787-24441-170028905131803/AnsiballZ_env_info.py\", line 94, in _ansiballz_main\\n    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\\n', '  File \"/root/.ansible/tmp/ansible-tmp-1668173946.776787-24441-170028905131803/AnsiballZ_env_info.py\", line 40, in invoke_module\\n    runpy.run_module(mod_name=\\'ansible_collections.cloudera.cloud.plugins.modules.env_info\\', init_globals=None, run_name=\\'__main__\\', alter_sys=True)\\n', '  File \"/usr/lib64/python3.8/runpy.py\", line 207, in run_module\\n    return _run_module_code(code, init_globals, run_name, mod_spec)\\n', '  File \"/usr/lib64/python3.8/runpy.py\", line 97, in _run_module_code\\n    _run_code(code, mod_globals, init_globals,\\n', '  File \"/usr/lib64/python3.8/runpy.py\", line 87, in _run_code\\n    exec(code, run_globals)\\n', '  File \"/tmp/ansible_cloudera.cloud.env_info_payload_51viniow/ansible_cloudera.cloud.env_info_payload.zip/ansible_collections/cloudera/cloud/plugins/modules/env_info.py\", line 471, in <module>\\n', '  File \"/tmp/ansible_cloudera.cloud.env_info_payload_51viniow/ansible_cloudera.cloud.env_info_payload.zip/ansible_collections/cloudera/cloud/plugins/modules/env_info.py\", line 461, in main\\n', '  File \"/tmp/ansible_cloudera.cloud.env_info_payload_51viniow/ansible_cloudera.cloud.env_info_payload.zip/ansible_collections/cloudera/cloud/plugins/modules/env_info.py\", line 424, in __init__\\n', '  File \"/tmp/ansible_cloudera.cloud.env_info_payload_51viniow/ansible_cloudera.cloud.env_info_payload.zip/ansible_collections/cloudera/cloud/plugins/module_utils/cdp_common.py\", line 42, in _impl\\n    result = f(self, *args, **kwargs)\\n', '  File \"/tmp/ansible_cloudera.cloud.env_info_payload_51viniow/ansible_cloudera.cloud.env_info_payload.zip/ansible_collections/cloudera/cloud/plugins/modules/env_info.py\", line 429, in process\\n', '  File \"/usr/local/lib/python3.8/site-packages/cdpy/environments.py\", line 55, in describe_environment\\n    resp = self.sdk.call(\\n', '  File \"/usr/local/lib/python3.8/site-packages/cdpy/common.py\", line 594, in call\\n    parsed_err = CdpError(err)\\n'], 'error_code': None, 'violations': None, 'message': None, 'status_code': None, 'rc': None, 'service': None, 'operation': None, 'request_id': None}", "msg": "None", "violations": null}

HirossxD avatar Nov 11 '22 13:11 HirossxD

Interesting. It shouldn't attempt to contact CDP Public Cloud, and therefore need credentials, unless there is some CDP Public element in the definition. Are you able to share a redacted definition file so I can try to reproduce the issue?

Chaffelson avatar Nov 11 '22 16:11 Chaffelson

Well, my definiton file uses default cluster definiton, however I have set use_download_mirror to no in order to prevent asking for credentials when deploying. Is somewhere a template how does use_default_cluster_definition: yes would look like as definition itself ?

definition.yml :

---

# Copyright 2021 Cloudera, Inc. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

datahub:
  definitions:
    - include: "datahub_streams_messaging_light.j2"

use_default_cluster_definition: yes
use_download_mirror: no
preload_cm_parcel_repo: yes

HirossxD avatar Nov 14 '22 07:11 HirossxD

Sure, the default CDP Base cluster definition is here in the defaults.

You appear to be using the Sandbox definition, which includes a datahub element - this is a CDP Public deployment and that is why it is trying to use credentials for this service. It is essentially trying to teardown that datahub if it exists.

Chaffelson avatar Nov 14 '22 08:11 Chaffelson

Yeah, after commenting datahub, playbook with teardown tag does not asks for credentials anymore. thanks!

However, after running

ansible-playbook /runner/project/container_project/cloudera-deploy/main.yml -e "definition_path=/runner/project/container_project/cloudera-deploy/examples/sandbox" -e "profile=/home/runner/.config/cloudera-deploy/profiles/default" -t teardown,all  -i "/runner/project/container_project/cloudera-deploy/examples/sandbox/inventory_static.ini" --flush-cache

it seems that it does not load hosts from the inventory.

HirossxD avatar Nov 14 '22 10:11 HirossxD

passing in a static inventory with the -i should be loading it, that is quite strange. Can you share the output where it's not loading?

Chaffelson avatar Nov 14 '22 10:11 Chaffelson

For example here

PLAY [Verify inventory [verify_inventory]] *************************************

TASK [cloudera.cluster.inventory : Fail if inventory groups are empty] *********
Monday 14 November 2022  12:01:48 +0000 (0:00:00.105)       0:00:10.419 *******
skipping: [localhost]

TASK [cloudera.cluster.inventory : Ensure that FreeIPA and a ca_server are not configured together] ***
Monday 14 November 2022  12:01:48 +0000 (0:00:00.034)       0:00:10.453 *******
skipping: [localhost]

TASK [cloudera.cluster.inventory : set_fact] ***********************************
Monday 14 November 2022  12:01:48 +0000 (0:00:00.031)       0:00:10.485 *******
skipping: [localhost]

TASK [cloudera.cluster.inventory : Ensure that all hosts requiring TLS certificates have a FreeIPA client] ***
Monday 14 November 2022  12:01:48 +0000 (0:00:00.034)       0:00:10.519 *******
skipping: [localhost]
[WARNING]: Could not match supplied host pattern, ignoring: cloudera_manager

PLAY [Verify definition [verify_definition]] ***********************************
skipping: no hosts matched
[WARNING]: Could not match supplied host pattern, ignoring: custom_repo

PLAY [Install custom parcel repository] ****************************************
skipping: no hosts matched

PLAY [Verify definition [verify_parcels_and_roles]] ****************************
skipping: no hosts matched
[WARNING]: Could not match supplied host pattern, ignoring: cluster
[WARNING]: Could not match supplied host pattern, ignoring: ca_server

PLAY [Apply OS pre-requisite configurations] ***********************************
skipping: no hosts matched
[WARNING]: Could not match supplied host pattern, ignoring: tls

HirossxD avatar Nov 14 '22 12:11 HirossxD

It seems like something was constantly renaming my inventory file from .ini to some numbers. I have restarted container so /opt/cldr-runner have default values now.

HirossxD avatar Nov 14 '22 13:11 HirossxD