0

I'm new to Ansible, so any advice would be appreciated.
I'm using ansible 2.9.10.

First of all

On my control node, I've created a playbook, in which I set up the control host as a repository host: the RHEL 8 installation ISO must be loop mounted on the directory /var/ftp/repo, firewalld service disabled and the vsftpd service is started as well as enabled, and allows anonymous user access to /var/ftp/repo directory

---
- name: Setup control host as repository host
  hosts: localhost
  become: true
  vars:
      anonymous_enable: yes
  tasks:
      - name: Install vsftpd
        yum:
                name: vsftpd
                state: latest

      - name: Start and enable vsftpd service
        service:
                name: vsftpd
                state: started
                enabled: true

      - name: Disable firewall 
        firewalld:
                service: firewall
                state: disabled

      - name: Allow anonymous user access to /var/ftp/repo
        template:
                src: templates/vsftpd.j2/v.j2
                dest: /etc/vsftpd/vsftpd.conf

      - name: Setup repo directory
        file:
                path: /var/ftp/repo
                state: directory

      - name: create repo
        mount:
                path: /var/ftp/repo
                src: /dev/sr0
                fstype: iso9660
                opts: loop,ro
                state: mounted

Next

I have managed node and want to configure it as repository client to the repository server, that was configured above, in previous example. I want to use ad-hoc command to enable access to the BaseOS ans AppStream repositories on my control-node. Below this command and returned result:

[ansible@control ~]$ ansible ansible1 -u root --ask-pass -m yum_repository -a "name=AppStream file=AppStream baseurl=ftp://control.example.com/repo/AppStream/ description=AppStream gpgcheck=no enabled=yes state=present"
SSH password:
 ansible1 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python" 
     },
    "changed": true,
    "repo": "AppStream",
    "state": "present"
     }

[ansible@control ~]$ ansible ansible1 -u root --ask-pass -m yum_repository -a "name=BaseOS file=BaseOS baseurl=ftp://control.example.com/repo/ description=BaseOS gpgcheck=no enabled=yes state=present"

SSH password: 
ansible1 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "repo": "BaseOS",
    "state": "present"

Looks like everything ok, BUT when I'm log in to the managed node and try to do yum repolist, i received:

Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
AppStream                                 0.0  B/s |   0  B     00:01    
BaseOS                                    0.0  B/s |   0  B     00:01    
Failed to synchronize cache for repo 'AppStream', ignoring this repo.
Failed to synchronize cache for repo 'BaseOS', ignoring this repo.

Then I've subscribed system with rhel subscription manager, but again when I'm log in to the managed node and try to do yum repolist, I received exactly the same error (in regards of my local repos on control's node in /var/ftp/repo directory):

Updating Subscription Management repositories.
AppStream                             0.0  B/s |   0  B     00:01    
BaseOS                                0.0  B/s |   0  B     00:01    
Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs)  3.2 kB/s | 4.5 kB     00:01    
Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs)  2.8 kB/s | 4.1 kB     00:01    
Failed to synchronize cache for repo 'AppStream', ignoring this repo.
Failed to synchronize cache for repo 'BaseOS', ignoring this repo.
repo id                               repo name                                                                    status
rhel-8-for-x86_64-appstream-rpms   Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs)                       10,766
rhel-8-for-x86_64-baseos-rpms      Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs)                          4,834

I need to use my local repo in /var/ftp/repo,please help me to understand where I was wrong! Also, when I tried to install some pkg using ad-hoc command I receive an error:

[ansible@control ~]$ ansible ansible1 -u root --ask-pass -m yum -a "name=httpd state=latest"
SSH password: 
ansible1 | FAILED! => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "failures": [
        "No package httpd available."
    ],
    "msg": "Failed to install some of the specified packages",
    "rc": 1,
    "results": []

FTP related info:

[ansible@control ~]$ ls /var/ftp/repo/
AppStream  EFI   extra_files.json  images    media.repo               RPM-GPG-KEY-redhat-release
BaseOS     EULA  GPL               isolinux  RPM-GPG-KEY-redhat-beta  TRANS.TBL
[ansible@control ~]$ systemctl status vsftpd
● vsftpd.service - Vsftpd ftp daemon
   Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2020-07-01 22:02:01 EEST; 50min ago
  Process: 1055 ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf (code=exited, status=0/SUCCESS)
 Main PID: 1059 (vsftpd)
    Tasks: 1 (limit: 4915)
   Memory: 344.0K
   CGroup: /system.slice/vsftpd.service
           └─1059 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf

Repo files on managed nodes content:

[ansible@control ~]$ ansible ansible1 -m command -a "cat /etc/yum.repos.d/AppStream.repo"
ansible1 | CHANGED | rc=0 >>
[AppStream]
baseurl = ftp://control.example.com/repo/
enabled = 1
gpgcheck = 0
name = AppStream
[ansible@control ~]$ ansible ansible1 -m command -a "cat /etc/yum.repos.d/BaseOS.repo"
ansible1 | CHANGED | rc=0 >>
[BaseOS]
baseurl = ftp://control.example.com/repo/
enabled = 1
gpgcheck = 0
name = BaseOS
d1masta94
  • 1
  • 1
  • 4

1 Answers1

1

You cannot install packages until you have subscribed the system and obtained an entitlement.

You can do this with the redhat_subscription module. After it is registered, you can use the rhsm_repository module to enable the repositories you want.

Here is how I register my RHEL systems and enable my desired RHEL repositories:

---
- hosts: all
  gather_facts: True
  tasks:
  - name: "Group by operating system"
    group_by:
      key: os_{{ ansible_distribution }}

- hosts: os_RedHat
  gather_facts: True
  # Registering the system and enabling repos must come first,
  # before installing packages
  pre_tasks:
    - block:
      - name: Register RHEL system
        redhat_subscription:
          activationkey: "Ansible_Provisioned"
          org_id: "*******"
          auto_attach: True
      - name: Enable RHEL repos (RHEL 7)
        rhsm_repository: name={{item}} state=enabled
        with_items:
          - rhel-{{ansible_distribution_major_version}}-server-rpms
          - rhel-{{ansible_distribution_major_version}}-server-extras-rpms
          - rhel-{{ansible_distribution_major_version}}-server-optional-rpms
        when: ansible_distribution_major_version|int <= 7
      - name: Enable RHEL repos (RHEL 8)
        rhsm_repository: name={{item}} state=enabled
        with_items:
          - rhel-{{ansible_distribution_major_version}}-for-{{ansible_architecture}}-baseos-rpms
          - rhel-{{ansible_distribution_major_version}}-for-{{ansible_architecture}}-appstream-rpms
          - rhel-{{ansible_distribution_major_version}}-for-{{ansible_architecture}}-supplementary-rpms
          - codeready-builder-for-rhel-{{ansible_distribution_major_version}}-{{ansible_architecture}}-rpms
        when: ansible_distribution_major_version|int == 8
      - name: Disable RHEL repos (RHEL 7)
        rhsm_repository: name={{item}} state=disabled
        with_items:
          - rhel-{{ansible_distribution_major_version}}-server-rt-rpms
          - rhel-{{ansible_distribution_major_version}}-server-rt-beta-rpms
        when: ansible_distribution_major_version|int <= 7
      when: ansible_distribution == 'RedHat'
  roles:
    - redhatinsights.insights-client

Note that if you're trying to install packages offline, you will have to disable the online Red Hat repos during your package installation temporarily (or permanently). For example:

- name: Install httpd
  dnf:
    name: httpd
    disablerepo: rhel-8-for-x86_64-appstream-rpms,rhel-8-for-x86_64-baseos-rpms

It also looks like your custom repos BaseOS and AppStream aren't actually accessible from your new node, so you should sort that out as well.

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
  • Thank you for your time, Michael! I understand the principle of work with the **redhat_subscription** and **rhsm_repository** modules. My issue is regarding my custom repos. I'm trying to setup my managed nodes as repository clients to the control node, which should operate as repository server and through FTP provide access to custom repo, but unfortunately I've got an error mentioned previously. I thought that maybe something wrong when I try to loop mount RHEL8 installation ISO on the directory /var/ftp/repo? – d1masta94 Jul 01 '20 at 16:33
  • @d1masta94 It's clear something is wrong with your custom repos, but your post doesn't contain any useful information about what might be going wrong. Do you actually have an FTP server running? Are the files there? Can you access them remotely yourself? Do the repo files point to the correct server and path? – Michael Hampton Jul 01 '20 at 16:40
  • Just added info that you asked inside main post – d1masta94 Jul 01 '20 at 17:04
  • @d1masta94 Did you try to connect to the FTP server yourself? – Michael Hampton Jul 01 '20 at 17:17
  • Also **FTP config** file: `[ansible@control ~]$ sudo cat /etc/vsftpd/vsftpd.conf anonymous_enable=True local_enable=True write_enable=True anon_upload_enable=True dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES pam_service_name=vsftpd userlist_enable=YES` – d1masta94 Jul 01 '20 at 17:51
  • From the control node to managed node: `[ansible@control ~]$ ftp 192.168.25.131 ftp: connect: No route to host ftp>` – d1masta94 Jul 01 '20 at 18:10