Rundeck 3.4.10 2022-01-18 Community not populating inventory in Nodes

[Nick Moore]

my inventory is from the following vendors juniper/meraki/palo alto networks

[rac...@rundeck.com]

Hi,

To get the Ansible inventory as Rundeck nodes you need to set up the Ansible model source (Project Settings > Edit Nodes > Add a new Node Source button > Ansible Resource Model Source. 

Here you can follow a step-by-step, here you can see how inventory works, and here you can see a full explanation about how Ansible and Rundeck integration works (scroll down and click on the "Explainer Video: Getting Started with the Rundeck Ansible Integration" video).

Regards.

[Nick Moore]

Yes that has already been setup nodes are still not populating.

[Nick Moore]

Found the following output in the logs

SSH password:
[WARNING]: Unable to parse /root/neteng/automation/ansible/hosts.ini as an
inventory source
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that
the implicit localhost does not match 'all'

[rac...@rundeck.com]

1. Make sure that Rundeck and Ansible coexist in the same server, this is important in order to Rundeck access to the inventory (`host`) and `ansible.cfg` files.

2. Make sure that Rundeck can reach these `hosts` and `ansible.cfg` files (for some reason the output points to config inside the root folder but the configuration points to `/var/lib/rundeck/projects` path).

3. Also, it seems that the inventory file is broken, ensure to use the correct inventory format, take a look.

Another good resource is this docker environment.

[Nick Moore]

Ansible and Rundeck are both running on the same host, however we are running Ansible inside of a conda venv

(ansible-prd) root@itnet-bastion0:~/neteng/automation/ansible# which ansible
/root/anaconda3/envs/ansible-prd/bin/ansible
(ansible-prd) root@itnet-bastion0:~/neteng/automation/ansible# systemctl status rundeckd
● rundeckd.service - LSB: rundeck job automation console
   Loaded: loaded (/etc/init.d/rundeckd; generated)
   Active: active (running) since Thu 2022-02-17 21:16:44 UTC; 4 days ago
     Docs: man:systemd-sysv-generator(8)
 Main PID: 11666 (java)
    Tasks: 62 (limit: 4915)
   CGroup: /system.slice/rundeckd.service
           └─11666 java -Drundeck.jaaslogin=true -Djava.security.auth.login.config=/etc/rundeck/jaas-loginmodule.conf -Dloginmodule.name=RDpropertyfilelogin -Drdeck.config=/etc/rundeck -Drundeck.server.configDir=

Inventory is working because the playbooks run fine, but I have updated my inventory to yaml and linted it

(ansible-prd) root@itnet-bastion0:~/neteng/automation/ansible/inventory# ansible-lint inventory.yaml
(ansible-prd) root@itnet-bastion0:~/neteng/automation/ansible/inventory#

I changed the path to root but it's still not working, how can I validate Rundeck can reach hosts and ansible.cfg and inventory.yaml?

[rac...@rundeck.com]

Hi Nick,

I don’t think that the Ansible plugin works in virtual environments, take a look at this ticket.

Now, in a “normal environment”, the root space isn’t a good place to put the config files. Checking the systemd output it seems that you’re running an RPM/DEB instance, which means that rundeck is running using the rundeck user (using /var/lib/rundeck as a home directory). A good place could be the /etc/ansible directory and make sure that the path and files can be reached by rundeck user and group.

Regards.

​

[Nick Moore]

Because we have multiple teams running different binaries on this host we would need this PR approved.

[Nick Moore]

I uninstalled rundeck from root and reinstalled under non-root user, I pointed the ansible.cfg and inventory files to the path used by our binary that resides outside the venv.

The nodes still aren't populating, how can I validate if the path and files can be access by the rundeck user/group?

nmoore@itnet-bastion0:~$ which ansible
/usr/bin/ansible
nmoore@itnet-bastion0:~$ ll /etc | grep ansible
drwxr-xr-x  16 root    root       4096 Feb 22 17:59 ansible/
nmoore@itnet-bastion0:~$ ansible --version
[WARNING]: log file at /var/log/ansible.log is not writeable and we cannot create it, aborting

ansible 2.9.27
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/home/nmoore/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/dist-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.17 (default, Feb 27 2021, 15:10:58) [GCC 7.5.0]
nmoore@itnet-bastion0:~$ cat /etc/ansible/ansible.cfg | grep inventory
inventory  = /etc/ansible/inventory/production.yaml

[rac...@rundeck.com]

Hi Nick,

The best way to see what's happening in Rundeck is to check the service.log file, take a look.

If something is wrong in the Ansible model source, you will see "live" the Ansible plugin responses in the `service.log`.

So, make sure those paths are reachable by the user that launches Rundeck (if you're using a war-based installation instance) or the `rundeck` user (if you're using an RPM/DEB instance). You can achieve this by setting the correct file permissions and checking that is readable for these users, here you can see many ways to check that (also you have the easiest way: switch to the desired user and try to read the file).

I think that this post should be useful in your case.

Greetings.

[Nick Moore]

After looking at the service log, I could see the inventory being discovered by the for our non-venv binary/inventory it was just missing the ssh keys to the hosts this is why it wasn't populating.

For practical purposes I would need to venv binary to be usable as the inventory in the non-venv isn't under my management.

Is there any way we can have this PR merged?

[rac...@rundeck.com]

At this point, wait for the plugin author's approval.

Alternatively, you can fork the project, add the changes and compile the plugin by yourself.

Greetings.