Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Name of a role may prevent it from being executed in 2.2.0 #20448

Closed
theLastTrain opened this issue Jan 19, 2017 · 9 comments
Closed

Name of a role may prevent it from being executed in 2.2.0 #20448

theLastTrain opened this issue Jan 19, 2017 · 9 comments
Labels
affects_2.2 This issue/PR affects Ansible v2.2 bug This issue/PR relates to a bug. support:core This issue/PR relates to code supported by the Ansible Engineering Team.

Comments

@theLastTrain
Copy link

ISSUE TYPE
  • Bug Report
COMPONENT NAME

roles in a play

ANSIBLE VERSION
 #ansible 2.2.0.0
  config file = /home/nutstore/etp-ansible/ansible.cfg
  configured module search path = Default w/o overrides
CONFIGURATION
[defaults]
hostfile=hosts
ask_sudo_pass=True
host_key_checking=False

[privilege_escalation]
become=True
become_method=sudo
become_user=root
OS / ENVIRONMENT

CentOS release 6.8 (Final)

SUMMARY

Name of a role can prevent it from running in 2.2.0

STEPS TO REPRODUCE

Structure of Ansible dir like this

etp-ansible/
├── ansible.cfg
├── group_vars
│   └── target.yml
├── hosts
├── roles
    ├── fail2ban
        ├── files
        │   └── jail.local
        ├── tasks
        │   └── main.yml
        └── tests
            └── main.yml

Content of roles/fail2ban/tasks/main.yml 

---
- name: Install package `fail2ban`
  package:
    name: fail2ban
    state: present

- name: Ensure fail2ban path exists
  file:
    dest: /etc/fail2ban
    state: directory
    owner: root
    group: root

- name: Copy jail.local
  copy:
    src: jail.local
    dest: /etc/fail2ban/jail.local
    owner: root
    group: root
    mode: 0644

- name: Restart service fail2ban
  service: name=fail2ban state=restarted

Content of roles/fail2ban/tests/main.yml is quite straight forward

---
- name: Test suit
  hosts: localhost
  roles:
    - role: ../../fail2ban
EXPECTED RESULTS

Tasks listed in tasks/main.yml should be executed.

ACTUAL RESULTS

After I run ansible-playbook roles/fail2ban/tests/main.yml, nothing happens:

PLAY [Test suit] ***************************************************************

TASK [setup] *******************************************************************
ok: [localhost]

PLAY RECAP *********************************************************************
localhost                  : ok=1    changed=0    unreachable=0    failed=0

And --list-tasks gives me this

playbook: roles/fail2ban/tests/main.yml

  play #1 (localhost): Test suit	TAGS: []
    tasks:

However, if I mv fail2ban\ to failban\ and change - role: ../../fail2ban into - role: ../../failban, everything seems fine

$ ansible-playbook roles/failban/tests/main.yml --list-tasks
playbook: roles/failban/tests/main.yml

  play #1 (localhost): Test suit	TAGS: []
    tasks:
      ../../failban : Install package `fail2ban`	TAGS: []
      ../../failban : Ensure fail2ban path exists	TAGS: []
      ../../failban : Copy jail.local	TAGS: []
      ../../failban : Restart service fail2ban	TAGS: []
@ansibot ansibot added affects_2.2 This issue/PR affects Ansible v2.2 bug_report needs_triage Needs a first human triage before being processed. labels Jan 19, 2017
@nitzmahone
Copy link
Member

Hmm, I'm not able to reproduce this against 2.2.0 (the relatively-pathed role runs fine from a playbook invoked inside it) - can you get it down to a super-tiny self-contained repro and upload somewhere?

@nitzmahone nitzmahone added needs_info This issue requires further information. Please answer any outstanding questions. and removed needs_triage Needs a first human triage before being processed. labels Jan 20, 2017
@bcoca
Copy link
Member

bcoca commented Jan 20, 2017

note that this is not the ideal way of referencing roles, you normally put them in the roles path referenced in config or in roles/ relative to play. That said, this should still work, but again, not optimal.

@nitzmahone
Copy link
Member

@bcoca: this specific case is invoking a role-specific "test" playbook inside the role

@bcoca
Copy link
Member

bcoca commented Jan 20, 2017
edited

i would just symlink the roles/ directory or move the tests to the top level

@theLastTrain
Copy link
Author

theLastTrain commented Jan 20, 2017
edited

@nitzmahone Hi, I just load a tiny repo here on GitHub. The 2 roles failban and fail2ban lies in parallel in roles/.

I tried agin, and the result remains the same.
For fail2ban

$ ansible-playbook roles/fail2ban/tests/main.yml
SUDO password: 

PLAY [Test suit] ***************************************************************

TASK [setup] *******************************************************************
ok: [localhost]

PLAY RECAP *********************************************************************
localhost                  : ok=1    changed=0    unreachable=0    failed=0

For failban

$ ansible-playbook roles/failban/tests/main.yml
SUDO password: 

PLAY [Test suit] ***************************************************************

TASK [setup] *******************************************************************
ok: [localhost]

TASK [../../failban : Install package `fail2ban`] ******************************
ok: [localhost]

TASK [../../failban : Ensure fail2ban path exists] *****************************
ok: [localhost]

TASK [../../failban : Copy jail.local] *****************************************
ok: [localhost]

TASK [../../failban : Restart service fail2ban] ********************************
changed: [localhost]

PLAY RECAP *********************************************************************
localhost                  : ok=5    changed=1    unreachable=0    failed=0

What's more, if I reference both of them in a top level play, everything seems fine:

$ ansible-playbook test.yml
SUDO password: 

PLAY [Test suit] ***************************************************************

TASK [setup] *******************************************************************
ok: [localhost]

TASK [fail2ban : Install package `fail2ban`] ***********************************
ok: [localhost]

TASK [fail2ban : Ensure fail2ban path exists] **********************************
ok: [localhost]

TASK [fail2ban : Copy jail.local] **********************************************
ok: [localhost]

TASK [fail2ban : Restart service fail2ban] *************************************
changed: [localhost]

TASK [failban : Install package `fail2ban`] ************************************
ok: [localhost]

TASK [failban : Ensure fail2ban path exists] ***********************************
ok: [localhost]

TASK [failban : Copy jail.local] ***********************************************
ok: [localhost]

TASK [failban : Restart service fail2ban] **************************************
changed: [localhost]

PLAY RECAP *********************************************************************
localhost                  : ok=9    changed=2    unreachable=0    failed=0

@ansibot ansibot removed the needs_info This issue requires further information. Please answer any outstanding questions. label Jan 20, 2017
@walbert947
Copy link
Contributor

I tried to reproduce this on a Ubuntu 14.04 host running Ansible 2.2.1.0, and a CentOS 6.8 host running Ansible 2.1.2.0, and both hosts were able to run both roles without any problems.

$ ansible-playbook roles/fail2ban/tests/main.yml --check --list-tasks

playbook: roles/fail2ban/tests/main.yml

  play #1 (localhost): Test suit	TAGS: []
    tasks:
      ../../fail2ban : Install package `fail2ban`	TAGS: []
      ../../fail2ban : Ensure fail2ban path exists	TAGS: []
      ../../fail2ban : Copy jail.local	TAGS: []
      ../../fail2ban : Restart service fail2ban	TAGS: []

$ ansible-playbook roles/fail2ban/tests/main.yml --check
SUDO password: 

PLAY [Test suit] ***************************************************************

TASK [setup] *******************************************************************
ok: [localhost]

TASK [../../fail2ban : Install package `fail2ban`] *****************************
ok: [localhost]

TASK [../../fail2ban : Ensure fail2ban path exists] ****************************
ok: [localhost]

TASK [../../fail2ban : Copy jail.local] ****************************************
changed: [localhost]

TASK [../../fail2ban : Restart service fail2ban] *******************************
changed: [localhost]

PLAY RECAP *********************************************************************
localhost                  : ok=5    changed=2    unreachable=0    failed=0

@theLastTrain
Copy link
Author

theLastTrain commented Jan 23, 2017
edited

I think I figured out how to reproduce this.

I install Ansible 2.2.0 on a clean Centos 6.8 machine, then clone the repo I uploaded.
Till now, everything seems fine:

# For fail2ban
$ ansible-playbook roles/fail2ban/tests/main.yml --list-task
playbook: roles/fail2ban/tests/main.yml
  play #1 (localhost): Test suit	TAGS: []
    tasks:
      ../../fail2ban : Install package `fail2ban`	TAGS: []
      ../../fail2ban : Ensure fail2ban path exists	TAGS: []
      ../../fail2ban : Copy jail.local	TAGS: []
      ../../fail2ban : Restart service fail2ban	TAGS: []

# For failban
$ ansible-playbook roles/failban/tests/main.yml --list-task
playbook: roles/failban/tests/main.yml

  play #1 (localhost): Test suit	TAGS: []
    tasks:
      ../../failban : Install package `fail2ban`	TAGS: []
      ../../failban : Ensure fail2ban path exists	TAGS: []
      ../../failban : Copy jail.local	TAGS: []
      ../../failban : Restart service fail2ban	TAGS: []

Then run role fail2ban:

ansible-playbook roles/fail2ban/tests/main.yml
SUDO password: 

PLAY [Test suit] ***************************************************************

TASK [setup] *******************************************************************
ok: [localhost]

TASK [../../fail2ban : Install package `fail2ban`] *****************************
changed: [localhost]

TASK [../../fail2ban : Ensure fail2ban path exists] ****************************
ok: [localhost]

TASK [../../fail2ban : Copy jail.local] ****************************************
fatal: [localhost]: FAILED! => {"changed": false, "checksum": "a244a87751cf1b1b144927e117ea598250feac21", "failed": true, 
"msg": "Aborting, target uses selinux but python bindings (libselinux-python) aren't installed!"}
	to retry, use: --limit @/home/nutstore/ansible-issue20448/roles/fail2ban/tests/main.retry

PLAY RECAP *********************************************************************
localhost                  : ok=3    changed=1    unreachable=0    failed=1

And things start getting weird:

$ ansible-playbook roles/fail2ban/tests/main.yml --list-tasks

playbook: roles/fail2ban/tests/main.yml

  play #1 (localhost): Test suit	TAGS: []
    tasks:
$ ansible-playbook roles/fail2ban/tests/main.yml --check
SUDO password: 

PLAY [Test suit] ***************************************************************

TASK [setup] *******************************************************************
ok: [localhost]

PLAY RECAP *********************************************************************
localhost                  : ok=1    changed=0    unreachable=0    failed=0   

$ ansible-playbook roles/fail2ban/tests/main.yml
SUDO password: 

PLAY [Test suit] ***************************************************************

TASK [setup] *******************************************************************
ok: [localhost]

PLAY RECAP *********************************************************************
localhost                  : ok=1    changed=0    unreachable=0    failed=0

I tried installing libselinux-python and reboots, and neither will help.
But role failban still works fine:

$ ansible-playbook roles/failban/tests/main.yml --list-tasks
playbook: roles/failban/tests/main.yml

  play #1 (localhost): Test suit	TAGS: []
    tasks:
      ../../failban : Install package `fail2ban`	TAGS: []
      ../../failban : Ensure fail2ban path exists	TAGS: []
      ../../failban : Copy jail.local	TAGS: []
      ../../failban : Restart service fail2ban	TAGS: []

@walbert947

@theLastTrain
Copy link
Author

Moreover, if libselinux-python is installed in advance, everything goes fine.
I assume that the issue is caused by a calling to core module copy without libselinux-python ?

@ansibot ansibot added the support:core This issue/PR relates to code supported by the Ansible Engineering Team. label Jun 29, 2017
@ansibot ansibot added bug This issue/PR relates to a bug. and removed bug_report labels Mar 1, 2018
@bcoca
Copy link
Member

bcoca commented Apr 5, 2019

closing as per above

@bcoca bcoca closed this as completed Apr 5, 2019
@ansible ansible locked and limited conversation to collaborators Jul 25, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
affects_2.2 This issue/PR affects Ansible v2.2 bug This issue/PR relates to a bug. support:core This issue/PR relates to code supported by the Ansible Engineering Team.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@bcoca @walbert947 @ansibot @nitzmahone @theLastTrain