Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Should assert that requires variables are present - rhsm #7

Open
Cameronwyatt opened this issue Nov 11, 2019 · 3 comments
Open

Should assert that requires variables are present - rhsm #7

Cameronwyatt opened this issue Nov 11, 2019 · 3 comments
Assignees
@tehsmyers

Comments

@Cameronwyatt
Copy link

If you run the RHSM role without passing in required fields, it will hang, seemingly waiting for user input

TASK [oasis_roles.rhsm : Register system to RHSM provider] *********************
    task path: /home/cwyatt/.cache/molecule/idm/openstack/roles/oasis_roles.rhsm/tasks/subscribe.yml:1
    <10.0.150.0> ESTABLISH SSH CONNECTION FOR USER: cloud-user
    <10.0.150.0> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o Port=22 -o 'IdentityFile="/home/cwyatt/.cache/molecule/idm/openstack/ssh_key"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="cloud-user"' -o ConnectTimeout=10 -o UserKnownHostsFile=/dev/null -o ControlMaster=auto -o ControlPersist=60s -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -o ControlPath=/home/cwyatt/.ansible/cp/%h-%p-%r 10.0.150.0 '/bin/sh -c '"'"'echo ~cloud-user && sleep 0'"'"''
    <10.0.150.0> (0, b'/home/cloud-user\n', b'')
    <10.0.150.0> ESTABLISH SSH CONNECTION FOR USER: cloud-user
    <10.0.150.0> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o Port=22 -o 'IdentityFile="/home/cwyatt/.cache/molecule/idm/openstack/ssh_key"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="cloud-user"' -o ConnectTimeout=10 -o UserKnownHostsFile=/dev/null -o ControlMaster=auto -o ControlPersist=60s -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -o ControlPath=/home/cwyatt/.ansible/cp/%h-%p-%r 10.0.150.0 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /home/cloud-user/.ansible/tmp/ansible-tmp-1573485170.2015998-66758194154339 `" && echo ansible-tmp-1573485170.2015998-66758194154339="` echo /home/cloud-user/.ansible/tmp/ansible-tmp-1573485170.2015998-66758194154339 `" ) && sleep 0'"'"''
    <10.0.150.0> (0, b'ansible-tmp-1573485170.2015998-66758194154339=/home/cloud-user/.ansible/tmp/ansible-tmp-1573485170.2015998-66758194154339\n', b'')
    Using module file /home/cwyatt/.virtualenvs/molecule/lib/python3.6/site-packages/ansible/modules/packaging/os/redhat_subscription.py
    <10.0.150.0> PUT /home/cwyatt/.ansible/tmp/ansible-local-14391vlk7s0m4/tmp4ezdk8bb TO /home/cloud-user/.ansible/tmp/ansible-tmp-1573485170.2015998-66758194154339/AnsiballZ_redhat_subscription.py
    <10.0.150.0> SSH: EXEC scp -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o Port=22 -o 'IdentityFile="/home/cwyatt/.cache/molecule/idm/openstack/ssh_key"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="cloud-user"' -o ConnectTimeout=10 -o UserKnownHostsFile=/dev/null -o ControlMaster=auto -o ControlPersist=60s -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -o ControlPath=/home/cwyatt/.ansible/cp/%h-%p-%r /home/cwyatt/.ansible/tmp/ansible-local-14391vlk7s0m4/tmp4ezdk8bb '[10.0.150.0]:/home/cloud-user/.ansible/tmp/ansible-tmp-1573485170.2015998-66758194154339/AnsiballZ_redhat_subscription.py'
    <10.0.150.0> (0, b'', b'')
    <10.0.150.0> ESTABLISH SSH CONNECTION FOR USER: cloud-user
    <10.0.150.0> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o Port=22 -o 'IdentityFile="/home/cwyatt/.cache/molecule/idm/openstack/ssh_key"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="cloud-user"' -o ConnectTimeout=10 -o UserKnownHostsFile=/dev/null -o ControlMaster=auto -o ControlPersist=60s -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -o ControlPath=/home/cwyatt/.ansible/cp/%h-%p-%r 10.0.150.0 '/bin/sh -c '"'"'chmod u+x /home/cloud-user/.ansible/tmp/ansible-tmp-1573485170.2015998-66758194154339/ /home/cloud-user/.ansible/tmp/ansible-tmp-1573485170.2015998-66758194154339/AnsiballZ_redhat_subscription.py && sleep 0'"'"''
    <10.0.150.0> (0, b'', b'')
    <10.0.150.0> ESTABLISH SSH CONNECTION FOR USER: cloud-user
    <10.0.150.0> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o Port=22 -o 'IdentityFile="/home/cwyatt/.cache/molecule/idm/openstack/ssh_key"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="cloud-user"' -o ConnectTimeout=10 -o UserKnownHostsFile=/dev/null -o ControlMaster=auto -o ControlPersist=60s -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -o ControlPath=/home/cwyatt/.ansible/cp/%h-%p-%r -tt 10.0.150.0 '/bin/sh -c '"'"'sudo -H -S -n  -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-kiludxpamclcqqlouizmkzwxfnvdjzed ; /usr/bin/python /home/cloud-user/.ansible/tmp/ansible-tmp-1573485170.2015998-66758194154339/AnsiballZ_redhat_subscription.py'"'"'"'"'"'"'"'"' && sleep 0'"'"''
    Escalation succeeded
@tehsmyers
Copy link
Contributor

This is unfortunately difficult to do, because of the many ways that subscription-manager can be used. The underlying ansible module for this task is redhat_subscription, and I'm specifically nervous about adding assertions or checks to this role that are more strict than the underlying module itself is. If fields are going to be required, they should be required by the module, not this role, so this should probably be an issue filed against Ansible itself.

In this case, though, I think the problem is not with this role itself (it correctly does nothing when there's nothing to do based on the values of e.g. rhsm_unsubscribe, rhsm_username, and rhsm_org_id), but with the implementation of it in this case. I believe that what's happened is an empty string was passed for rhsm_server_hostname. I don't know if this is a valid invocation of subscription-manager that should be allowed by the redhat_subscription module or not, so I don't feel comfortable at this point adding logic to prevent it, or errors like it, to either this role or the underlying module.

@greg-hellings
Copy link
Contributor

It might be worth at least contacting the upstream maintainer to ask them that question about empty-string hostname. I can't imagine that it should be supported.

@tehsmyers tehsmyers self-assigned this Dec 3, 2019
@tehsmyers
Copy link
Contributor

I took a closer look at this today, and I think the role's already doing everything it can reasonably do here. I like the idea of asking the maintainer about the empty hostname being supported, and I think I'll just ask the question in the form of a pull request adding validation to prevent it.

@greg-hellings greg-hellings transferred this issue from oasis-roles/rhsm May 11, 2020
@greg-hellings greg-hellings changed the title Should assert that requires variables are present Should assert that requires variables are present - rhsm May 11, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tehsmyers tehsmyers

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@greg-hellings @tehsmyers @Cameronwyatt