nginxinc / ansible_role_nginx_controller_install Goto Github PK
View Code? Open in Web Editor NEWAnsible role for installing NGINX Controller
License: Apache License 2.0
Ansible role for installing NGINX Controller
License: Apache License 2.0
Hi,
When we install the controller, we reach the timeout of 10min on this tasks, because we have a slow-lan and it take 10min to download image's docker before begining the installation and configuration of the controller. So can we add a variable to specify timeout time for this task if we have a slow-lan please ?
Thanks for your actions
Shell command should at a minimum display output of the debug for the install script.
Hai. I am trying to automate nginx controller installation on AWS using ansible nginx roles. I am able to deploy ubuntu EC2 instance using terraform but i am running into below issue while executing ansible playbook
TASK [nginxinc.nginx_controller.nginx_controller_install : Check for conflicting DB options] *** fatal: [13.234.238.2]: FAILED! => {"changed": false, "msg": "\"You must chose either the bundled_db or provide db connection details.\" \"The
nginx_controller_bundled_dband optional
nginx_controller_configdb_volume_\" \"variables are mutually exclusive with
nginx_controller_db_ options\"\n"}
below is my vars file -
`---
su_password: 'admin@123!'
nginx_controller_tarball: "/home/ubuntu/{{controller_tarball}}"
nginx_controller_install_path: /home/ubuntu
nginx_controller_remote_source: "false"
nginx_controller_tsdb_volume_type: "local"
nginx_controller_smtp_host: "localhost"
nginx_controller_smtp_port: "25"
nginx_controller_smtp_authentication: "false"
nginx_controller_smtp_use_tls: false
nginx_controller_noreply_address: "[email protected]"
nginx_controller_fqdn: "$(hostname -I | cut -d ' ' -f 1)"
nginx_controller_organization_name: "apisec"
nginx_controller_admin_firstname: "apisec"
nginx_controller_admin_lastname: "admin"
nginx_controller_admin_email: "mxxxxxcom"
nginx_controller_admin_password: 'admin@123!'
nginx_controller_self_signed_cert: true
nginx_controller_overwrite_existing_configs: true
nginx_controller_auto_install_docker: false
nginx_controller_bundled_db: true
controller_tarball: "controller-installer.tar.gz"
ansible_python_interpreter: /usr/bin/python3`
Please let me know what is the issue and how to fix it. As per above error i understand it says there is conflicting db options but afaik there are no conflicts in var file.
Attempted to run the playbook from localhost using sudo, it resulted in the following error:
TASK [ansible-controller : Controller - Installing] *********************************************************************************************************************************** fatal: [localhost]: FAILED! => {"changed": true, "cmd": "# must complete in less than 10 minutes\n set timeout 600\n ./install.sh --accept-license --database-host '10.149.39.47' --database-port '5432' --database-user 'naas' --database-password 'naas' --tsdb-volume-type 'local' --smtp-host '10.149.62.9' --smtp-port '1025' --smtp-authentication 'False' --smtp-use-tls 'False' --noreply-address '[email protected]' --fqdn '10.149.45.115' --organization-name 'Example' --admin-firstname 'Firstname' --admin-lastname 'Lastname' --admin-email '[email protected]' --admin-password 'Test123' --overwrite-existing-configs --auto-install-docker", "delta": "0:00:00.126237", "end": "2020-01-20 02:47:26.815015", "msg": "non-zero return code", "rc": 1, "start": "2020-01-20 02:47:26.688778", "stderr": "", "stderr_lines": [], "stdout": "Do not run the Controller installer using sudo.", "stdout_lines": ["Do not run the Controller installer using sudo."]} to retry, use: --limit @/home/ubuntu/ansible-role-nginx-controller-install/play2.retry
The readme should specifically mention that the playbook needs to be run remotely and should not be run locally so that the above is not hit.
Feature idea
tasks:
- name: generate password hash # https://askubuntu.com/questions/982804/mkpasswd-m-sha-512-produces-incorrect-login
expect:
echo: yes
command: /bin/bash -c "mkpasswd --method=sha-512 | sed 's/\$/\\$/g'"
responses:
(?i)password: '<some secure password>'
register: password_hash
Consider using password_hash filter instead of mkpasswd, to reduce complexity, and potential issues with sed command not being able to substitute the chars properly.
# Supporting su requirement for Controller installer role
- name: set root password to support su for Controller installation with Ubuntu
user:
name: root
password: "{{ su_password | password_hash('sha512') }}"
Would then need to advise that "su_password" is a var that should be defined using something like below:
Hit this while attempting to verify timeout issues while the installer waits at prompts.
Specified the TSDB path and host as blank in variables assuming the installer will prompt for them, however they are quoted as blank strings, hence resulting in malformed command which later fails.
- tsdb_nfs_path: ""
- tsdb_nfs_host:
TASK [ansible-controller : Controller - Extracting] ***********************************************************************************************************************************
skipping: [localhost]
TASK [ansible-controller : Controller - Installing] ***********************************************************************************************************************************
fatal: [localhost]: FAILED! => {"msg": "Unexpected templating type error occurred on (# must complete in less than 10 minutes\n set timeout 600\n ./install.sh --accept-license --database-host '{{ db_host }}' --database-port '{{ db_port }}' --database-user '{{ db_user }}' --database-password '{{ db_password }}' --tsdb-volume-type '{{ tsdb_volume_type }}' --smtp-host '{{ smtp_host }}' --smtp-port '{{ smtp_port }}' --smtp-authentication '{{ smtp_authentication }}' --smtp-use-tls '{{ smtp_use_tls }}' --noreply-address '{{ noreply_address }}' --fqdn '{{ fqdn }}' --organization-name '{{ organization_name }}' --admin-firstname '{{ admin_firstname }}' --admin-lastname '{{ admin_lastname }}' --admin-email '{{ admin_email }}' --admin-password '{{ admin_password }}' {{ (tsdb_volume_type == \"nfs\") | ternary('--tsdb-nfs-path ' + tsdb_nfs_path,'') }} {{ (tsdb_volume_type == \"nfs\") | ternary('--tsdb-nfs-host ' + tsdb_nfs_host,'') }} {{ (tsdb_volume_type == \"aws\") | ternary('--tsdb-aws-volume-id ' + tsdb_aws_volume_id,'') }} {{ (smtp_authentication | bool) | ternary('--smtp-user ' + smtp_user,'') }} {{ (smtp_authentication | bool) | ternary('--smtp-password ' + smtp_password,'') }} {{ (self_signed_cert | bool) | ternary('--self-signed-cert','') }} {{ (overwrite_existing_configs | bool) | ternary('--overwrite-existing-configs','') }} {{ (auto_install_docker | bool) | ternary('--auto-install-docker','') }}): cannot concatenate 'str' and 'NoneType' objects"}
to retry, use: --limit @/home/ubuntu/ansible-role-nginx-controller-install/play2.retry
PLAY RECAP *********************************************************************************************
This is true for all vars and not just tsdb params.
Hi,
I'm getting error during the "Controller - Installing" step with below error! playbook that calls role is triggered from ADO pipeline.
2021-09-14T15:44:10.8653790Z fatal: [SECNGXCTLSR1003]: FAILED! => {"msg": "Unexpected templating type error occurred on (timeout --foreground 10m ./install.sh --accept-license --tsdb-volume-type '{{ nginx_controller_tsdb_volume_type }}' --smtp-host '{{ nginx_controller_smtp_host }}' --smtp-port '{{ nginx_controller_smtp_port | default(25) }}' --smtp-authentication '{{ nginx_controller_smtp_authentication }}' --smtp-use-tls '{{ nginx_controller_smtp_use_tls }}' --noreply-address '{{ nginx_controller_noreply_address }}' --fqdn '{{ nginx_controller_fqdn }}' --organization-name '{{ nginx_controller_organization_name }}' --admin-firstname '{{ nginx_controller_admin_firstname }}' --admin-lastname '{{ nginx_controller_admin_lastname }}' --admin-email '{{ nginx_controller_admin_email }}' --admin-password '{{ nginx_controller_admin_password }}' {{ (nginx_controller_tsdb_volume_type == \"nfs\") | ternary(\"--tsdb-nfs-path '\" + nginx_controller_tsdb_nfs_path + \"'\",'') }} {{ (nginx_controller_tsdb_volume_type == \"nfs\") | ternary(\"--tsdb-nfs-host '\" + nginx_controller_tsdb_nfs_host + \"'\",'') }} {{ (nginx_controller_tsdb_volume_type == \"aws\") | ternary(\"--tsdb-aws-volume-id '\" + nginx_controller_tsdb_aws_volume_id + \"'\",'') }} {{ (nginx_controller_configdb_volume_type != \"\" ) | ternary(\"--configdb-volume-type '\" + nginx_controller_configdb_volume_type + \"'\", '') }} {{ (nginx_controller_configdb_volume_type == \"nfs\") | ternary(\"--configdb-nfs-path '\" + nginx_controller_configdb_nfs_path + \"'\",'') }} {{ (nginx_controller_configdb_volume_type == \"nfs\") | ternary(\"--configdb-nfs-host '\" + nginx_controller_configdb_nfs_host + \"'\",'') }} {{ (nginx_controller_configdb_volume_type == \"aws\") | ternary(\"--configdb-aws-volume-id '\" + nginx_controller_configdb_aws_volume_id + \"'\",'') }} {{ ((nginx_controller_apigw_cert is defined and nginx_controller_apigw_cert | length > 0) and (nginx_controller_apigw_key is defined and nginx_controller_apigw_key | length > 0) ) | ternary(\"--apigw-cert '\" + nginx_controller_apigw_cert + \"'\",'') }} {{ ((nginx_controller_apigw_cert is defined and nginx_controller_apigw_cert | length > 0) and (nginx_controller_apigw_key is defined and nginx_controller_apigw_key | length > 0) ) | ternary(\"--apigw-key '\" + nginx_controller_apigw_key + \"'\",'') }} {{ (nginx_controller_smtp_authentication | bool) | ternary(\"--smtp-user '\" + nginx_controller_smtp_user + \"'\",'') }} {{ (nginx_controller_smtp_authentication | bool) | ternary(\"--smtp-password '\" + nginx_controller_smtp_password + \"'\",'') }} {{ (nginx_controller_self_signed_cert | bool) | ternary('--self-signed-cert','') }} {{ (nginx_controller_overwrite_existing_configs | bool) | ternary('--overwrite-existing-configs','') }} {{ (nginx_controller_auto_install_docker | bool) | ternary('--auto-install-docker','') }} {{ ((nginx_controller_bundled_db | bool) and ( nginx_controller_version is version('3.8', operator='ge', strict=True ))) | ternary(\"--use-bundled-db\",\"--database-host '\" + nginx_controller_db_host + \"' --database-port '\" + nginx_controller_db_port + \"' --database-user '\" + nginx_controller_db_user + \"' --database-password '\" + nginx_controller_db_password + \"'\" ) }} {{ ((nginx_controller_db_enable_ssl | bool) and ( not nginx_controller_bundled_db )) | ternary('--db-enable-ssl true','') }} {{ ((nginx_controller_db_enable_ssl | bool) and (nginx_controller_db_client_cert | length > 0)) | ternary(\"--db-client-cert '\" + nginx_controller_db_client_cert + \"'\",'') }} {{ ((nginx_controller_db_enable_ssl | bool) and (nginx_controller_db_client_key | length > 0)) | ternary(\"--db-client-key '\" + nginx_controller_db_client_key + \"'\",'') }} {{ ((nginx_controller_db_enable_ssl | bool) and (nginx_controller_db_ca | length > 0)) | ternary(\"--db-ca '\" + nginx_controller_db_ca + \"'\",'') }} {{ ((nginx_controller_version is version('3.5', operator='ge', strict=True) ) ) | ternary('--non-interactive','') }}\n): must be str, not NoneType"}
I can't tell from error above if it's complaining about the last line or one of the other variables.
Any suggestions would be greatly appreciated.
Thanks,
We are seeing error running below task;
TASK [nginxinc.nginx_controller.nginx_controller_install : Controller - Installing]
The pipeline is failing with error connection timed out and then Failed to create the admin account in NGING Controller.
Steps to reproduce the behavior:
roles:
- role: nginx_controller_install
vars:
- nginx_controller_tarball: "/tmp/controller-installer-3.15.0.tar.gz"
- nginx_controller_install_path: /home/vmadmin
- nginx_controller_remote_source: no
- nginx_controller_bundled_db: true
# - nginx_controller_db_host:
# - nginx_controller_db_user: ""
# - nginx_controller_db_password: ""
- nginx_controller_db_enable_ssl: false
- nginx_controller_db_client_cert:
- nginx_controller_db_client_key:
- nginx_controller_db_ca:
- nginx_controller_tsdb_volume_type: local
# - nginx_controller_tsdb_nfs_path: ""
# - nginx_controller_tsdb_nfs_host:
- nginx_controller_smtp_host: "localhost"
- nginx_controller_smtp_authentication: false
- nginx_controller_smtp_use_tls: false
- nginx_controller_noreply_address: "[email protected]"
- nginx_controller_fqdn: nginx-controller2-dev.azure.defra.cloud
- nginx_controller_organization_name: "Defra"
- nginx_controller_admin_firstname: "Nginx"
- nginx_controller_admin_lastname: "Defra"
- nginx_controller_admin_email: "[email protected]"
- nginx_controller_admin_password: ""
- nginx_controller_self_signed_cert: false
- nginx_controller_apigw_cert: /etc/ssl/certs/star_azure_defra_cloud.crt
- nginx_controller_apigw_key: /etc/ssl/private/star_azure_defra_cloud.key
- nginx_controller_overwrite_existing_configs: true
- ansible_python_interpreter: /usr/bin/python3
# - ansible_become_password: '<some secure password>'
We are seeing below error running controller_install role and cannot see where it's failing. Not sure if the first issue connection timed out is causing the second command to fail, using bundled db for install.
16. Running database initialization task...\n\u001b[0m\u001b[32m NGINX Controller database has been initialized.\n\u001b[0msudo: unable to resolve host SECNGXCTLSR1003: Resource temporarily unavailable\ndb connection timed out\n\u001b[31m Failed to create the admin account in NGINX Controller.\n Detailed information can be found in installation logs at /var/log/nginx-controller/failure. Retry NGINX Controller installation or contact support, providing all logs.
Are there any known issues with below version for controller install? Could you please provide some direction to debug the above error, happy to provide logs as required.
collections:
- name: nginxinc.nginx_controller
#version: 3.3.
Connect to database installed on same host install script is running not expecting any communication issues.
controller-installer-3.15.0.tar.gz
remote controller Ubuntu 18.04.5 LTS
ansible [core 2.11.4]
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/vmadmin/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.6/dist-packages/ansible
ansible collection location = /home/vmadmin/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/local/bin/ansible
python version = 3.6.9 (default, Jan 26 2021, 15:33:00) [GCC 8.4.0]
jinja version = 2.10
libyaml = True
Add any other context about the problem here.
In main.yml. should the line 86 be changed from :
{{ ((nginx_controller_bundled_db | bool) and (nginx_controller_version is version('3.8', operator='ge', strict=True))) | ternary("--database-host '" + nginx_controller_db_host + "' --database-port '" + nginx_controller_db_port + "' --database-user '" + nginx_controller_db_user + "' --database-password '" + nginx_controller_db_password + "'", "--use-bundled-db") }} \
to
{{ ((nginx_controller_bundled_db | bool) and (nginx_controller_version is version('3.8', operator='ge', strict=True))) | ternary("--use-bundled-db", "--database-host '" + nginx_controller_db_host + "' --database-port '" + nginx_controller_db_port + "' --database-user '" + nginx_controller_db_user + "' --database-password '" + nginx_controller_db_password + "'") }} \
Steps to reproduce the behavior:
I thought when I have
nginx_controller_bundled_db: true
then
I should expect the option below in the ./install.sh command line
--use-bundled-db
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.