Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WIP] Added CDN configuration to organizations module #1523

Open
wants to merge 9 commits into
base: develop
Choose a base branch
from
Open

[WIP] Added CDN configuration to organizations module #1523

wants to merge 9 commits into from

Conversation

Thulium-Drake
Copy link
Contributor

o/ guys,

As mentioned in #1450 , the foreman_organization module doesn't do CDN configuration.

I took a stab at it and tried to integrate it. It seems to work well, but it's still a WIP, but it seems to function (I only tested 'redhat_cdn' with a different URL and 'export_sync', I still need to set up a secondary test Satellite).

Fire away! I'd love feedback!

@Thulium-Drake
Copy link
Contributor Author

I tried some more tests, but it seems that I probably need some extra logic to resolve the content credential before putting it in the payload the module sends towards Foreman/Satellite.

Also, it always changes right now, is that something I missed? Or doesn't the API report these settings back?

@evgeni any ideas? :)

bittner
bittner suggested changes Nov 27, 2022
View reviewed changes
plugins/modules/organization.py Outdated Show resolved Hide resolved
@Thulium-Drake
Copy link
Contributor Author

@mdellweg @evgeni ping :-)

evgeni
evgeni reviewed Nov 30, 2022
View reviewed changes
plugins/modules/organization.py Outdated
Comment on lines 178 to 190
# upstream_ca_cert=dict(required=False, type='entity', resource_type='content_credentials', scope=['']),
upstream_ca_cert_id=dict(required=False),
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we really shouldn't require the user to provide an id, why did the commented code not work? because of the scope?

in other places, we use it like this:

ssl_ca_cert=dict(type='entity', resource_type='content_credentials', scope=['organization']),

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, I fully agree, this is just my current 'worked-around' version, and indeed, because of the scope.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@evgeni I think at first I copied that line of code from repository.py or something like it, but it kept complaining about that the scope couldn't be found :/

evgeni
evgeni reviewed Nov 30, 2022
View reviewed changes
plugins/modules/organization.py

if extra_payload:
payload.update(extra_payload)
module.resource_action('organizations', 'cdn_configuration', payload)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do I read it right, this essentially always returns changed=True now, as there is no way to "diff" the cdn config?!

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The data is shown in the API reply to /katello/api/organizations/:id, so we could diff it… What a mess

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have tried poking around in the API, but I can't find it.

When I go to https://sat.rh.lab/api/organizations/1/cdn_configuration I get a 404. And it's not listed in the 'overview' at the organizations/<org_id> endpoint either.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

attention attention! katello overrides the org controller!

you need to go to /katello/api/organizations/:id, not to /api/organizations/:id, the apipie library will do the right thing for us.

and yes, the cdn_configuration part is only defined for PUT (update) operations, you can't GET it, but the data is part of the normal org show view, if you look at the right controller

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I feel my Python-Fu is lacking a bit, but I made an attempt to compare some things, and it seems to work well :-)

This will never be idempotent for network_sync as the current password cannot be compared with the provided password.

@Thulium-Drake
Copy link
Contributor Author

@evgeni ping :-)

@Thulium-Drake
Copy link
Contributor Author

Thulium-Drake commented Jan 4, 2023
edited

@evgeni I've rebased my edits and removed the workaroundy hack with the content_credential_id, this is the debug output when running it:

TASK [network sync] **************************************************************************************************
task path: /root/projects/playground/playbooks/satellite_cdn.yml:31
<satellite.lab> ESTABLISH SSH CONNECTION FOR USER: root
<satellite.lab> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o 'ControlPath="/root/.ansible/cp/c945b7bf4f"' satellite.lab '/bin/sh -c '"'"'echo ~root && sleep 0'"'"''
<satellite.lab> (0, b'/root\n', b'')
<satellite.lab> ESTABLISH SSH CONNECTION FOR USER: root
<satellite.lab> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o 'ControlPath="/root/.ansible/cp/c945b7bf4f"' satellite.lab '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /root/.ansible/tmp `"&& mkdir "` echo /root/.ansible/tmp/ansible-tmp-1672826860.017399-539401-22017854009825 `" && echo ansible-tmp-1672826860.017399-539401-22017854009825="` echo /root/.ansible/tmp/ansible-tmp-1672826860.017399-539401-22017854009825 `" ) && sleep 0'"'"''
<satellite.lab> (0, b'ansible-tmp-1672826860.017399-539401-22017854009825=/root/.ansible/tmp/ansible-tmp-1672826860.017399-539401-22017854009825\n', b'')
<satellite.lab> Attempting python interpreter discovery
<satellite.lab> ESTABLISH SSH CONNECTION FOR USER: root
<satellite.lab> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o 'ControlPath="/root/.ansible/cp/c945b7bf4f"' satellite.lab '/bin/sh -c '"'"'echo PLATFORM; uname; echo FOUND; command -v '"'"'"'"'"'"'"'"'python3.10'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.9'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.8'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.7'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.6'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.5'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'/usr/bin/python3'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'/usr/libexec/platform-python'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python2.7'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python2.6'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'/usr/bin/python'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python'"'"'"'"'"'"'"'"'; echo ENDFOUND && sleep 0'"'"''
<satellite.lab> (0, b'PLATFORM\nLinux\nFOUND\n/usr/bin/python3.9\n/usr/bin/python3.8\n/usr/bin/python3.6\n/usr/bin/python3\n/usr/libexec/platform-python\nENDFOUND\n', b'')
<satellite.lab> ESTABLISH SSH CONNECTION FOR USER: root
<satellite.lab> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o 'ControlPath="/root/.ansible/cp/c945b7bf4f"' satellite.lab '/bin/sh -c '"'"'/usr/bin/python3.9 && sleep 0'"'"''
<satellite.lab> (0, b'{"platform_dist_result": [], "osrelease_content": "NAME=\\"Red Hat Enterprise Linux\\"\\nVERSION=\\"8.7 (Ootpa)\\"\\nID=\\"rhel\\"\\nID_LIKE=\\"fedora\\"\\nVERSION_ID=\\"8.7\\"\\nPLATFORM_ID=\\"platform:el8\\"\\nPRETTY_NAME=\\"Red Hat Enterprise Linux 8.7 (Ootpa)\\"\\nANSI_COLOR=\\"0;31\\"\\nCPE_NAME=\\"cpe:/o:redhat:enterprise_linux:8::baseos\\"\\nHOME_URL=\\"https://www.redhat.com/\\"\\nDOCUMENTATION_URL=\\"https://access.redhat.com/documentation/red_hat_enterprise_linux/8/\\"\\nBUG_REPORT_URL=\\"https://bugzilla.redhat.com/\\"\\n\\nREDHAT_BUGZILLA_PRODUCT=\\"Red Hat Enterprise Linux 8\\"\\nREDHAT_BUGZILLA_PRODUCT_VERSION=8.7\\nREDHAT_SUPPORT_PRODUCT=\\"Red Hat Enterprise Linux\\"\\nREDHAT_SUPPORT_PRODUCT_VERSION=\\"8.7\\"\\n"}\n', b'')
Using module file /root/projects/playground/collections/ansible_collections/theforeman/foreman/plugins/modules/organization.py
<satellite.lab> PUT /root/.ansible/tmp/ansible-local-53939758ltomzv/tmpeb36nexm TO /root/.ansible/tmp/ansible-tmp-1672826860.017399-539401-22017854009825/AnsiballZ_organization.py
<satellite.lab> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o 'ControlPath="/root/.ansible/cp/c945b7bf4f"' '[satellite.lab]'
<satellite.lab> (0, b'sftp> put /root/.ansible/tmp/ansible-local-53939758ltomzv/tmpeb36nexm /root/.ansible/tmp/ansible-tmp-1672826860.017399-539401-22017854009825/AnsiballZ_organization.py\n', b'')
<satellite.lab> ESTABLISH SSH CONNECTION FOR USER: root
<satellite.lab> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o 'ControlPath="/root/.ansible/cp/c945b7bf4f"' satellite.lab '/bin/sh -c '"'"'chmod u+x /root/.ansible/tmp/ansible-tmp-1672826860.017399-539401-22017854009825/ /root/.ansible/tmp/ansible-tmp-1672826860.017399-539401-22017854009825/AnsiballZ_organization.py && sleep 0'"'"''
<satellite.lab> (0, b'', b'')
<satellite.lab> ESTABLISH SSH CONNECTION FOR USER: root
<satellite.lab> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o 'ControlPath="/root/.ansible/cp/c945b7bf4f"' -tt satellite.lab '/bin/sh -c '"'"'/usr/libexec/platform-python /root/.ansible/tmp/ansible-tmp-1672826860.017399-539401-22017854009825/AnsiballZ_organization.py && sleep 0'"'"''
<satellite.lab> (1, b'/usr/lib/python3.6/site-packages/urllib3/connectionpool.py:847: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings\r\n  InsecureRequestWarning)\r\n/usr/lib/python3.6/site-packages/urllib3/connectionpool.py:847: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings\r\n  InsecureRequestWarning)\r\n/usr/lib/python3.6/site-packages/urllib3/connectionpool.py:847: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings\r\n  InsecureRequestWarning)\r\n\r\n{"failed": true, "msg": "Failed to lookup scope [\'organization\'] while searching for content_credentials.", "exception": "  File \\"/tmp/ansible_theforeman.foreman.organization_payload_uvddux_t/ansible_theforeman.foreman.organization_payload.zip/ansible_collections/theforeman/foreman/plugins/module_utils/foreman_helper.py\\", line 845, in _lookup_entity\\n    params.update(self.scope_for(scope, resource_type))\\n  File \\"/tmp/ansible_theforeman.foreman.organization_payload_uvddux_t/ansible_theforeman.foreman.organization_payload.zip/ansible_collections/theforeman/foreman/plugins/module_utils/foreman_helper.py\\", line 817, in scope_for\\n    return {\'{0}_id\'.format(scope_key): self.lookup_entity(key)[\'id\']}\\n", "invocation": {"module_args": {"username": "admin", "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "server_url": "https://satellite.lab", "validate_certs": false, "name": "Default Organization", "upstream_type": "network_sync", "upstream_url": "https://example.com", "upstream_ca_cert": "Upstream Satellite", "upstream_username": "admin", "upstream_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "upstream_organization": "Example", "upstream_lifecycle_environment": "Library", "upstream_content_view": "Bla", "state": "present", "parameters": null, "description": null, "label": null, "ignore_types": null}}}\r\n', b'Shared connection to satellite.lab closed.\r\n')
<satellite.lab> Failed to connect to the host via ssh: Shared connection to satellite.lab closed.
<satellite.lab> ESTABLISH SSH CONNECTION FOR USER: root
<satellite.lab> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o 'ControlPath="/root/.ansible/cp/c945b7bf4f"' satellite.lab '/bin/sh -c '"'"'rm -f -r /root/.ansible/tmp/ansible-tmp-1672826860.017399-539401-22017854009825/ > /dev/null 2>&1 && sleep 0'"'"''
<satellite.lab> (0, b'', b'')
The full traceback is:
  File "/tmp/ansible_theforeman.foreman.organization_payload_uvddux_t/ansible_theforeman.foreman.organization_payload.zip/ansible_collections/theforeman/foreman/plugins/module_utils/foreman_helper.py", line 845, in _lookup_entity
    params.update(self.scope_for(scope, resource_type))
  File "/tmp/ansible_theforeman.foreman.organization_payload_uvddux_t/ansible_theforeman.foreman.organization_payload.zip/ansible_collections/theforeman/foreman/plugins/module_utils/foreman_helper.py", line 817, in scope_for
    return {'{0}_id'.format(scope_key): self.lookup_entity(key)['id']}
fatal: [satellite.lab]: FAILED! => changed=false 
  ansible_facts:
    discovered_interpreter_python: /usr/libexec/platform-python
  invocation:
    module_args:
      description: null
      ignore_types: null
      label: null
      name: Default Organization
      parameters: null
      password: VALUE_SPECIFIED_IN_NO_LOG_PARAMETER
      server_url: https://satellite.lab
      state: present
      upstream_ca_cert: Upstream Satellite
      upstream_content_view: Bla
      upstream_lifecycle_environment: Library
      upstream_organization: Example
      upstream_password: VALUE_SPECIFIED_IN_NO_LOG_PARAMETER
      upstream_type: network_sync
      upstream_url: https://example.com
      upstream_username: admin
      username: admin
      validate_certs: false
  msg: Failed to lookup scope ['organization'] while searching for content_credentials.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@evgeni evgeni evgeni left review comments

@bittner bittner bittner requested changes

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@Thulium-Drake @evgeni @bittner