Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

invalid 'ipasudoopt': Only one value is allowed #25863

Closed
auth-day opened this issue Jun 19, 2017 · 9 comments
Closed

invalid 'ipasudoopt': Only one value is allowed #25863

auth-day opened this issue Jun 19, 2017 · 9 comments
Labels
affects_2.3 This issue/PR affects Ansible v2.3 bug This issue/PR relates to a bug. c:module_utils/ ipa IPA community support:core This issue/PR relates to code supported by the Ansible Engineering Team.

Comments

@auth-day
Copy link

auth-day commented Jun 19, 2017
edited

ISSUE TYPE
  • Bug Report
COMPONENT NAME

ipa

ANSIBLE VERSION
2.3.1.0
CONFIGURATION
OS / ENVIRONMENT
SUMMARY

When I add option

sudoopt:
    - '!authenticate'

it says:

TASK [ipa_sudorule] ********************************************************************************************************************************************************************
fatal: [10.200.3.155]: FAILED! => {"changed": false, "failed": true, "msg": "repsonse sudorule_add_option: invalid 'ipasudoopt': Only one value is allowed"}
STEPS TO REPRODUCE
  - ipa_sudorule:
      name: "{{ hostname }}"
      description: "Sudo rule for {{ hostname }}"
      sudoopt:
      - '!authenticate'
      cmdcategory: all
      state: present
      hostgroup:
        - "{{ hostname }}"
      usergroup:
        - "{{ hostname }}-admins"
        - "{{ hostname }}-admins-ext"
        - admins
      ipa_host: *
      ipa_user: *
      ipa_pass: *
EXPECTED RESULTS
ACTUAL RESULTS

the same error
@ansibot ansibot added affects_2.3 This issue/PR affects Ansible v2.3 bug_report c:module_utils/ needs_triage Needs a first human triage before being processed. labels Jun 19, 2017
@alikins
Copy link
Contributor

alikins commented Jun 19, 2017

Could you run this example with 'ansible-playbook -vvvv' and post the results?

@alikins alikins added needs_info This issue requires further information. Please answer any outstanding questions. and removed needs_triage Needs a first human triage before being processed. labels Jun 19, 2017
@auth-day
Copy link
Author

auth-day commented Jun 19, 2017
edited

Hello! Yes, please


TASK [ipa_sudorule] *************************************************************************************************************************************************************************************************************************
task path: /home/diman/ansible/ipa_client_enrollment.yml:53
Using module file /usr/lib/python2.7/dist-packages/ansible/modules/identity/ipa/ipa_sudorule.py
<192.168.1.5> ESTABLISH SSH CONNECTION FOR USER: admin
<192.168.1.5> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=admin -o ConnectTimeout=10 -o ControlPath=/home/diman/.ansible/cp/650f4a573d 10.201.3.174 '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
<192.168.1.5> (0, '/home/admin\n', '')
<192.168.1.5> ESTABLISH SSH CONNECTION FOR USER: admin
<192.168.1.5> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=admin -o ConnectTimeout=10 -o ControlPath=/home/diman/.ansible/cp/650f4a573d 10.201.3.174 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /home/admin/.ansible/tmp/ansible-tmp-1497901941.43-260694439487946 `" && echo ansible-tmp-1497901941.43-260694439487946="` echo /home/admin/.ansible/tmp/ansible-tmp-1497901941.43-260694439487946 `" ) && sleep 0'"'"''
<192.168.1.5> (0, 'ansible-tmp-1497901941.43-260694439487946=/home/admin/.ansible/tmp/ansible-tmp-1497901941.43-260694439487946\n', '')
<192.168.1.5> PUT /tmp/tmpL6NoKN TO /home/admin/.ansible/tmp/ansible-tmp-1497901941.43-260694439487946/ipa_sudorule.py
<192.168.1.5> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=admin -o ConnectTimeout=10 -o ControlPath=/home/diman/.ansible/cp/650f4a573d '[192.168.1.5]'
<192.168.1.5> (0, 'sftp> put /tmp/tmpL6NoKN /home/admin/.ansible/tmp/ansible-tmp-1497901941.43-260694439487946/ipa_sudorule.py\n', '')
<192.168.1.5> ESTABLISH SSH CONNECTION FOR USER: admin
<192.168.1.5> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=admin -o ConnectTimeout=10 -o ControlPath=/home/diman/.ansible/cp/650f4a573d 10.201.3.174 '/bin/sh -c '"'"'chmod u+x /home/admin/.ansible/tmp/ansible-tmp-1497901941.43-260694439487946/ /home/admin/.ansible/tmp/ansible-tmp-1497901941.43-260694439487946/ipa_sudorule.py && sleep 0'"'"''
<192.168.1.5> (0, '', '')
<192.168.1.5> ESTABLISH SSH CONNECTION FOR USER: admin
<192.168.1.5> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=admin -o ConnectTimeout=10 -o ControlPath=/home/diman/.ansible/cp/650f4a573d -tt 10.201.3.174 '/bin/sh -c '"'"'/usr/bin/python /home/admin/.ansible/tmp/ansible-tmp-1497901941.43-260694439487946/ipa_sudorule.py; rm -rf "/home/admin/.ansible/tmp/ansible-tmp-1497901941.43-260694439487946/" > /dev/null 2>&1 && sleep 0'"'"''
<192.168.1.5> (0, '\r\n{"msg": "repsonse sudorule_add_option: invalid \'ipasudoopt\': Only one value is allowed", "failed": true, "invocation": {"module_args": {"ipa_port": 443, "cn": "vm-rhel70", "usercategory": null, "user": null, "cmd": null, "ipa_prot": "https", "host": null, "hostgroup": ["vm-rhel70"], "name": "vm-rhel70", "sudoopt": ["!authenticate"], "hostcategory": null, "state": "present", "ipa_host": "ipa-server-name", "ipa_user": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "usergroup": ["vm-rhel70-admins", "vm-rhel70-admins-ext", "admins"], "ipa_pass": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "cmdcategory": "all", "validate_certs": true, "description": "Sudo rule from vm-rhel70"}}}\r\n', 'Shared connection to 192.168.1.5 closed.\r\n')
fatal: [192.168.1.5]: FAILED! => {
    "changed": false,
    "failed": true,
    "invocation": {
        "module_args": {
            "cmd": null,
            "cmdcategory": "all",
            "cn": "vm-rhel70",
            "description": "Sudo rule from vm-rhel70",
            "host": null,
            "hostcategory": null,
            "hostgroup": [
                "vm-rhel70"
            ],
            "ipa_host": "ipa-server-name",
            "ipa_pass": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "ipa_port": 443,
            "ipa_prot": "https",
            "ipa_user": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "name": "vm-rhel70",
            "state": "present",
            "sudoopt": [
                "!authenticate"
            ],
            "user": null,
            "usercategory": null,
            "usergroup": [
                "vm-rhel70-admins",
                "vm-rhel70-admins-ext",
                "admins"
            ],
            "validate_certs": true
        }
    },
    "msg": "repsonse sudorule_add_option: invalid 'ipasudoopt': Only one value is allowed"

@ansibot ansibot removed the needs_info This issue requires further information. Please answer any outstanding questions. label Jun 19, 2017
@ansibot ansibot added the support:core This issue/PR relates to code supported by the Ansible Engineering Team. label Jun 29, 2017
@Nosmoht
Copy link
Contributor

Nosmoht commented Jun 30, 2017

I'll check that

@auth-day
Copy link
Author

It would be great! Thanks!

Nosmoht pushed a commit to Nosmoht/ansible that referenced this issue Jun 30, 2017
ipa_sudorule: Fix issue ansible#25863
9ebe605
@Nosmoht Nosmoht mentioned this issue Jun 30, 2017
Merged
@Nosmoht
Copy link
Contributor

Nosmoht commented Jun 30, 2017

PR #26285 open.

@Akasurde
Copy link
Member

@diboanches Could you please check with #26285 and let us know if it works for you ?

@Akasurde
Copy link
Member

resolved_by_pr #26285

ansibot pushed a commit that referenced this issue Sep 27, 2017
@Nosmoht @ansibot
ipa_sudorule: Fix issue #25863 (#26285)
adc8d60
@Akasurde
Copy link
Member

Can someone close this issue as PR is merged ?

prasadkatti pushed a commit to prasadkatti/ansible that referenced this issue Oct 1, 2017
@Nosmoht
ipa_sudorule: Fix issue ansible#25863 (ansible#26285)
0674de3
BondAnthony pushed a commit to BondAnthony/ansible that referenced this issue Oct 5, 2017
@Nosmoht @BondAnthony
ipa_sudorule: Fix issue ansible#25863 (ansible#26285)
4c5cb73
@auth-day
Copy link
Author

Hi! Sorry for delays! Thanks a lot everyone!

@ansibot ansibot added bug This issue/PR relates to a bug. and removed bug_report labels Mar 7, 2018
@dagwieers dagwieers added the ipa IPA community label Feb 8, 2019
@ansible ansible locked and limited conversation to collaborators Apr 26, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
affects_2.3 This issue/PR affects Ansible v2.3 bug This issue/PR relates to a bug. c:module_utils/ ipa IPA community support:core This issue/PR relates to code supported by the Ansible Engineering Team.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@alikins @dagwieers @Akasurde @ansibot @Nosmoht @auth-day