redhat-cop
[AAP 2.5] Unable to create organization
Summary
Previously working (i.e. under AAP 2.4) code
Issue Type
- Bug Report
Ansible, Collection, Controller details
ansible --version
ansible [core 2.16.11]
config file = /home/martjack/ansible.cfg
configured module search path = ['/home/martjack/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.12/site-packages/ansible
ansible collection location = /home/martjack/.ansible/collections/ansible_collections:/usr/share/ansible/collections/ansible_collections:/home/martjack/collections/ansible_collections
executable location = /usr/bin/ansible
python version = 3.12.6 (main, Sep 9 2024, 00:00:00) [GCC 14.2.1 20240801 (Red Hat 14.2.1-1)] (/usr/bin/python3)
jinja version = 3.1.4
libyaml = True
ansible-galaxy collection list
# /home/martjack/.ansible/collections/ansible_collections
Collection Version
---------------------------------------- -------
amazon.aws 8.2.1
ansible.controller 4.6.0
ansible.netcommon 7.1.0
ansible.utils 5.1.2
community.aws 8.0.0
containers.podman 1.16.1
infra.ah_configuration 2.0.6
infra.controller_configuration 2.10.3
infra.eda_configuration 1.1.0
redhat.redhat_csp_download 1.2.2
redhat.rhel_idm 1.13.2
redhat.rhel_system_roles 1.23.0
redhat.satellite 4.2.0
redhat.satellite_operations 3.0.0
# /usr/lib/python3.12/site-packages/ansible_collections
Collection Version
---------------------------------------- -------
amazon.aws 7.6.1
ansible.netcommon 5.3.0
ansible.posix 1.5.4
ansible.utils 2.12.0
ansible.windows 2.5.0
arista.eos 6.2.2
awx.awx 23.9.0
azure.azcollection 1.19.0
check_point.mgmt 5.2.3
chocolatey.chocolatey 1.5.1
cisco.aci 2.10.1
cisco.asa 4.0.3
cisco.dnac 6.18.0
cisco.intersight 2.0.17
cisco.ios 5.3.0
cisco.iosxr 6.1.1
cisco.ise 2.9.3
cisco.meraki 2.18.1
cisco.mso 2.9.0
cisco.nxos 5.3.0
cisco.ucs 1.11.0
cloud.common 2.1.4
cloudscale_ch.cloud 2.4.0
community.aws 7.2.0
community.azure 2.0.0
community.ciscosmb 1.0.9
community.crypto 2.22.0
community.digitalocean 1.27.0
community.dns 2.9.5
community.docker 3.12.1
community.general 8.6.5
community.grafana 1.9.1
community.hashi_vault 6.2.0
community.hrobot 1.9.3
community.library_inventory_filtering_v1 1.0.1
community.libvirt 1.3.0
community.mongodb 1.7.6
community.mysql 3.10.3
community.network 5.0.3
community.okd 2.3.0
community.postgresql 3.5.0
community.proxysql 1.6.0
community.rabbitmq 1.3.0
community.routeros 2.19.0
community.sap 2.0.0
community.sap_libs 1.4.2
community.sops 1.9.0
community.vmware 4.7.0
community.windows 2.3.0
community.zabbix 2.5.1
containers.podman 1.15.4
cyberark.conjur 1.3.0
cyberark.pas 1.0.27
dellemc.enterprise_sonic 2.5.0
dellemc.openmanage 8.7.0
dellemc.powerflex 2.5.0
dellemc.unity 1.7.1
f5networks.f5_modules 1.30.1
fortinet.fortimanager 2.7.0
fortinet.fortios 2.3.7
frr.frr 2.0.2
gluster.gluster 1.0.2
google.cloud 1.4.1
grafana.grafana 2.2.5
hetzner.hcloud 2.5.0
hpe.nimble 1.1.4
ibm.qradar 2.1.0
ibm.spectrum_virtualize 2.0.0
ibm.storage_virtualize 2.4.1
ieisystem.inmanage 2.0.0
infinidat.infinibox 1.4.5
infoblox.nios_modules 1.6.1
inspur.ispim 2.2.3
inspur.sm 2.3.0
junipernetworks.junos 5.3.1
kaytus.ksmanage 1.2.2
kubernetes.core 2.4.2
lowlydba.sqlserver 2.3.3
microsoft.ad 1.7.1
netapp.aws 21.7.1
netapp.azure 21.10.1
netapp.cloudmanager 21.22.1
netapp.elementsw 21.7.0
netapp.ontap 22.12.0
netapp.storagegrid 21.12.0
netapp.um_info 21.8.1
netapp_eseries.santricity 1.4.0
netbox.netbox 3.19.1
ngine_io.cloudstack 2.4.0
ngine_io.exoscale 1.1.0
openstack.cloud 2.2.0
openvswitch.openvswitch 2.1.1
ovirt.ovirt 3.2.0
purestorage.flasharray 1.31.1
purestorage.flashblade 1.18.0
purestorage.fusion 1.6.1
sensu.sensu_go 1.14.0
splunk.es 2.1.2
t_systems_mms.icinga_director 2.0.1
telekom_mms.icinga_director 1.35.0
theforeman.foreman 3.15.0
vmware.vmware 1.5.0
vmware.vmware_rest 2.3.1
vultr.cloud 1.13.0
vyos.vyos 4.1.0
wti.remote 1.0.8
Controller version
4.6.0
- ansible installation method: one of source, pip, OS package, EE
OS / ENVIRONMENT
Host: Fedora 40, packaged-installed Ansible-core
Desired Behavior
I discovered this while loading a config via the dispatch role. I expect that the organization would be created by the config. Creating organizations works manually in the controller API so I suspect this is due to the gateway API changes
Actual Behavior
See the error below
Please give some details of what is actually happening. Include a [minimum complete verifiable example] with:
- playbook / task
TASK [infra.controller_configuration.organizations : Managing Controller Organizations | Wait for finish the Organizations management] ***
FAILED - RETRYING: [localhost]: Managing Controller Organizations | Wait for finish the Organizations management (30 retries left).
FAILED - RETRYING: [localhost]: Managing Controller Organizations | Wait for finish the Organizations management (29 retries left).
failed: [localhost] (item=Create/Update Controller Organization Demo Organization | Wait for finish the organization creation) => {"__organizations_job_async_results_item": {"__controller_organizations_item": {"name": "Demo Organization"}, "ansible_job_id": "j337651632875.144780", "ansible_loop_var": "__controller_organizations_item", "changed": false, "failed": 0, "finished": 0, "results_file": "/home/martjack/.ansible_async/j337651632875.144780", "started": 1}, "ansible_job_id": "j337651632875.144780", "ansible_loop_var": "__organizations_job_async_results_item", "attempts": 3, "changed": false, "finished": 1, "msg": "You don't have permission to POST to /api/controller/v2/organizations/ (HTTP 403).", "results_file": "/home/martjack/.ansible_async/j337651632875.144780", "started": 1, "stderr": "", "stderr_lines": [], "stdout": "", "stdout_lines": []}
STEPS TO REPRODUCE
Run the following playbook with appropriate URL and credentials:
---
- name: 'Error for creating organizations on AAP 2.5'
hosts: localhost
gather_facts: false
become: false
vars:
controller_hostname: https://example.ansible.com
controller_username: user
controller_password: password
controller_validate_certs: false
controller_organizations:
- name: Test Org
tasks:
- name: Load organizations
ansible.builtin.include_role:
name: infra.controller_configuration.organizations
this is not a bug, for 2.5 you need to go through gateway https://github.com/redhat-cop/infra.platform_configuration for any org/team/user content
Then shouldn't controller configuration skip those variables (or the related roles)? The error is at least surprising
As of right now, that collection is unreleased and not included in the containerized installer. That seems like a problem?
we were not given enough time to get it included in the bundle, we are looking at larger changes now which will take some time but long run should be best for everyone
aap_configuration should work with 2.5 now, the old controller_configuration does not
@djdanielsson question to what you mentioned above: if controller_configuration (and maybe other roles too) will no longer work with AAP 2.5, why then keep them still in the list of roles to be dispatched in the dispatcher role?
I am talking about a completely different collection which has its own dispatch role