Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Become root in foreman_proxy_content role to add group #1873

Merged
merged 1 commit into from
Oct 25, 2024

Conversation

ianballou
Copy link
Contributor

Fixes an error when provisioning a proxy content devel box where the vagrant user was trying to add the foreman group.

Copy link
Member

@chris1984 chris1984 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR worked fine for me to get me going with a proxy box. @ehelms can you do a review on this?

Copy link
Contributor

@sjha4 sjha4 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed the below error:

TASK [foreman_proxy_content : Generate Certs] **********************************
fatal: [centos9-proxy-devel2 -> centos9-katello-devel(None)]: FAILED! => changed=true 
  cmd:
  - foreman-proxy-certs-generate
  - --foreman-proxy-fqdn
  - centos9-proxy-devel2.sajha.example.com
  - --certs-tar
  - /root/centos9-proxy-devel2.sajha.example.com.tar.gz
  delta: '0:00:00.337804'
  end: '2024-10-25 20:47:43.688736'
  msg: non-zero return code
  rc: 1
  start: '2024-10-25 20:47:43.350932'
  stderr: |-
    /usr/share/ruby/psych.rb:582:in `initialize': Permission denied @ rb_sysopen - /usr/share/foreman-installer/katello-certs/scenarios.d/foreman-proxy-certs.yaml (Errno::EACCES)
            from /usr/share/ruby/psych.rb:582:in `open'
            from /usr/share/ruby/psych.rb:582:in `unsafe_load_file'
            from /usr/share/gems/gems/kafo-7.5.1/lib/kafo/scenario_manager.rb:21:in `block in available_scenarios'
            from /usr/share/gems/gems/kafo-7.5.1/lib/kafo/scenario_manager.rb:19:in `each'
            from /usr/share/gems/gems/kafo-7.5.1/lib/kafo/scenario_manager.rb:19:in `inject'
            from /usr/share/gems/gems/kafo-7.5.1/lib/kafo/scenario_manager.rb:19:in `available_scenarios'
            from /usr/share/gems/gems/kafo-7.5.1/lib/kafo/scenario_manager.rb:100:in `select_scenario'
            from /usr/share/gems/gems/kafo-7.5.1/lib/kafo/kafo_configure.rb:575:in `config_file'
            from /usr/share/gems/gems/kafo-7.5.1/lib/kafo/kafo_configure.rb:115:in `initialize'
            from /usr/share/gems/gems/clamp-1.3.2/lib/clamp/command.rb:140:in `new'
            from /usr/share/gems/gems/clamp-1.3.2/lib/clamp/command.rb:140:in `run'
            from /usr/share/gems/gems/kafo-7.5.1/lib/kafo/kafo_configure.rb:54:in `run'
            from /usr/sbin/foreman-proxy-certs-generate:54:in `<main>'
  stderr_lines: <omitted>
  stdout: ''
  stdout_lines: <omitted>

Copy link
Member

@ekohl ekohl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if the whole role itself should declare become properly but I'm ok with this improvement now

@ekohl ekohl merged commit c6d0c27 into theforeman:master Oct 25, 2024
8 checks passed
@evgeni
Copy link
Member

evgeni commented Oct 26, 2024

I wonder if the whole role itself should declare become properly but I'm ok with this improvement now

Wouldn't that revert #1840

@ianballou ianballou deleted the fix-foreman-proxy-dev branch October 28, 2024 14:55
@ianballou
Copy link
Contributor Author

Thanks all!

@ekohl
Copy link
Member

ekohl commented Oct 28, 2024

Wouldn't that revert #1840

What I meant was that we could sprinkle become: true in roles/foreman_proxy_content/tasks where needed to avoid needing to do it on the playbook level.

Looking at it, the current PR effectively reverts that, right? Now every role is called with become: true which I'd think is the same as calling it on the playbook level.

@evgeni
Copy link
Member

evgeni commented Oct 28, 2024

It's not the same, no
Setup is still running as a user, and I think that's what was intended

@ekohl
Copy link
Member

ekohl commented Oct 28, 2024

Ah ok, that's something about Ansible I didn't know.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants