0

I'm new to Ansible, so any advice would be appreciated.
I'm using ansible 2.9.10.

First of all

On my control node, I've created a playbook, in which I set up the control host as a repository host: the RHEL 8 installation ISO must be loop mounted on the directory /var/ftp/repo, firewalld service disabled and the vsftpd service is started as well as enabled, and allows anonymous user access to /var/ftp/repo directory

---
- name: Setup control host as repository host
  hosts: localhost
  become: true
  vars:
      anonymous_enable: yes
  tasks:
      - name: Install vsftpd
        yum:
                name: vsftpd
                state: latest

  - name: Start and enable vsftpd service
    service:
            name: vsftpd
            state: started
            enabled: true

  - name: Disable firewall 
    firewalld:
            service: firewall
            state: disabled

  - name: Allow anonymous user access to /var/ftp/repo
    template:
            src: templates/vsftpd.j2/v.j2
            dest: /etc/vsftpd/vsftpd.conf

  - name: Setup repo directory
    file:
            path: /var/ftp/repo
            state: directory

  - name: create repo
    mount:
            path: /var/ftp/repo
            src: /dev/sr0
            fstype: iso9660
            opts: loop,ro
            state: mounted

Next

I have managed node and want to configure it as repository client to the repository server, that was configured above, in previous example. I want to use ad-hoc command to enable access to the BaseOS ans AppStream repositories on my control-node. Below this command and returned result:

[ansible@control ~]$ ansible ansible1 -u root --ask-pass -m yum_repository -a "name=AppStream file=AppStream baseurl=ftp://control.example.com/repo/AppStream/ description=AppStream gpgcheck=no enabled=yes state=present"
SSH password:
 ansible1 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python" 
     },
    "changed": true,
    "repo": "AppStream",
    "state": "present"
     }

[ansible@control ~]$ ansible ansible1 -u root --ask-pass -m yum_repository -a "name=BaseOS file=BaseOS baseurl=ftp://control.example.com/repo/ description=BaseOS gpgcheck=no enabled=yes state=present"


SSH password: 
ansible1 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "repo": "BaseOS",
    "state": "present"

Looks like everything ok, BUT when I'm log in to the managed node and try to do yum repolist, i received:

Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
AppStream                                 0.0  B/s |   0  B     00:01    
BaseOS                                    0.0  B/s |   0  B     00:01    
Failed to synchronize cache for repo 'AppStream', ignoring this repo.
Failed to synchronize cache for repo 'BaseOS', ignoring this repo.

Then I've subscribed system with rhel subscription manager, but again when I'm log in to the managed node and try to do yum repolist, I received exactly the same error (in regards of my local repos on control's node in /var/ftp/repo directory):

Updating Subscription Management repositories.
AppStream                             0.0  B/s |   0  B     00:01    
BaseOS                                0.0  B/s |   0  B     00:01    
Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs)  3.2 kB/s | 4.5 kB     00:01    
Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs)  2.8 kB/s | 4.1 kB     00:01    
Failed to synchronize cache for repo 'AppStream', ignoring this repo.
Failed to synchronize cache for repo 'BaseOS', ignoring this repo.
repo id                               repo name                                                                    status
rhel-8-for-x86_64-appstream-rpms   Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs)                       10,766
rhel-8-for-x86_64-baseos-rpms      Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs)                          4,834

I need to use my local repo in /var/ftp/repo,please help me to understand where I was wrong! Also, when I tried to install some pkg using ad-hoc command I receive an error:

[ansible@control ~]$ ansible ansible1 -u root --ask-pass -m yum -a "name=httpd state=latest"
SSH password: 
ansible1 | FAILED! => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "failures": [
        "No package httpd available."
    ],
    "msg": "Failed to install some of the specified packages",
    "rc": 1,
    "results": []

FTP related info:

[ansible@control ~]$ ls /var/ftp/repo/
AppStream  EFI   extra_files.json  images    media.repo               RPM-GPG-KEY-redhat-release
BaseOS     EULA  GPL               isolinux  RPM-GPG-KEY-redhat-beta  TRANS.TBL
[ansible@control ~]$ systemctl status vsftpd
● vsftpd.service - Vsftpd ftp daemon
   Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2020-07-01 22:02:01 EEST; 50min ago
  Process: 1055 ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf (code=exited, status=0/SUCCESS)
 Main PID: 1059 (vsftpd)
    Tasks: 1 (limit: 4915)
   Memory: 344.0K
   CGroup: /system.slice/vsftpd.service
           └─1059 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf

Repo files on managed nodes content:

[ansible@control ~]$ ansible ansible1 -m command -a "cat /etc/yum.repos.d/AppStream.repo"
ansible1 | CHANGED | rc=0 >>
[AppStream]
baseurl = ftp://control.example.com/repo/
enabled = 1
gpgcheck = 0
name = AppStream
[ansible@control ~]$ ansible ansible1 -m command -a "cat /etc/yum.repos.d/BaseOS.repo"
ansible1 | CHANGED | rc=0 >>
[BaseOS]
baseurl = ftp://control.example.com/repo/
enabled = 1
gpgcheck = 0
name = BaseOS
d1masta94
  • 1

1 Answers1

1

You cannot install packages until you have subscribed the system and obtained an entitlement.

You can do this with the redhat_subscription module. After it is registered, you can use the rhsm_repository module to enable the repositories you want.

Here is how I register my RHEL systems and enable my desired RHEL repositories:

---
- hosts: all
  gather_facts: True
  tasks:
  - name: "Group by operating system"
    group_by:
      key: os_{{ ansible_distribution }}

    

  • hosts: os_RedHat
gather_facts: True
    Registering the system and enabling repos must come first,
    

    before installing packages
    
pre_tasks:
      

    • block:
        

      • name: Register RHEL system
redhat_subscription:
  activationkey: "Ansible_Provisioned"
  org_id: "*******"
  auto_attach: True
        • 

      • name: Enable RHEL repos (RHEL 7)
rhsm_repository: name={{item}} state=enabled
with_items:
          

        • rhel-{{ansible_distribution_major_version}}-server-rpms
          • 

        • rhel-{{ansible_distribution_major_version}}-server-extras-rpms
          • 

        • rhel-{{ansible_distribution_major_version}}-server-optional-rpms
          • 

        
when: ansible_distribution_major_version|int <= 7
        • 

      • name: Enable RHEL repos (RHEL 8)
rhsm_repository: name={{item}} state=enabled
with_items:
          

        • rhel-{{ansible_distribution_major_version}}-for-{{ansible_architecture}}-baseos-rpms
          • 

        • rhel-{{ansible_distribution_major_version}}-for-{{ansible_architecture}}-appstream-rpms
          • 

        • rhel-{{ansible_distribution_major_version}}-for-{{ansible_architecture}}-supplementary-rpms
          • 

        • codeready-builder-for-rhel-{{ansible_distribution_major_version}}-{{ansible_architecture}}-rpms
          • 

        
when: ansible_distribution_major_version|int == 8
        • 

      • name: Disable RHEL repos (RHEL 7)
rhsm_repository: name={{item}} state=disabled
with_items:
          

        • rhel-{{ansible_distribution_major_version}}-server-rt-rpms
          • 

        • rhel-{{ansible_distribution_major_version}}-server-rt-beta-rpms
          • 

        
when: ansible_distribution_major_version|int <= 7
        • 

      
when: ansible_distribution == 'RedHat'
      • 

    
roles:
      

    • redhatinsights.insights-client
      • 

    

    •

Note that if you're trying to install packages offline, you will have to disable the online Red Hat repos during your package installation temporarily (or permanently). For example:

- name: Install httpd
  dnf:
    name: httpd
    disablerepo: rhel-8-for-x86_64-appstream-rpms,rhel-8-for-x86_64-baseos-rpms

It also looks like your custom repos BaseOS and AppStream aren't actually accessible from your new node, so you should sort that out as well.

Michael Hampton
  • 252,907