nginxinc / ansible_role_nginx_controller_install Goto Github PK

Hi,

When we install the controller, we reach the timeout of 10min on this tasks, because we have a slow-lan and it take 10min to download image's docker before begining the installation and configuration of the controller. So can we add a variable to specify timeout time for this task if we have a slow-lan please ?

Thanks for your actions

Shell command should at a minimum display output of the debug for the install script.

Hai. I am trying to automate nginx controller installation on AWS using ansible nginx roles. I am able to deploy ubuntu EC2 instance using terraform but i am running into below issue while executing ansible playbook
TASK [nginxinc.nginx_controller.nginx_controller_install : Check for conflicting DB options] *** fatal: [13.234.238.2]: FAILED! => {"changed": false, "msg": "\"You must chose either the bundled_db or provide db connection details.\" \"The nginx_controller_bundled_dband optionalnginx_controller_configdb_volume_\" \"variables are mutually exclusive with nginx_controller_db_ options\"\n"}

below is my vars file -
`---
su_password: 'admin@123!'
nginx_controller_tarball: "/home/ubuntu/{{controller_tarball}}"
nginx_controller_install_path: /home/ubuntu
nginx_controller_remote_source: "false"
nginx_controller_tsdb_volume_type: "local"
nginx_controller_smtp_host: "localhost"
nginx_controller_smtp_port: "25"
nginx_controller_smtp_authentication: "false"
nginx_controller_smtp_use_tls: false
nginx_controller_noreply_address: "[email protected]"
nginx_controller_fqdn: "$(hostname -I | cut -d ' ' -f 1)"
nginx_controller_organization_name: "apisec"
nginx_controller_admin_firstname: "apisec"
nginx_controller_admin_lastname: "admin"
nginx_controller_admin_email: "mxxxxxcom"
nginx_controller_admin_password: 'admin@123!'
nginx_controller_self_signed_cert: true
nginx_controller_overwrite_existing_configs: true
nginx_controller_auto_install_docker: false
nginx_controller_bundled_db: true
controller_tarball: "controller-installer.tar.gz"

ansible_python_interpreter: /usr/bin/python3`

Please let me know what is the issue and how to fix it. As per above error i understand it says there is conflicting db options but afaik there are no conflicts in var file.

Attempted to run the playbook from localhost using sudo, it resulted in the following error:
TASK [ansible-controller : Controller - Installing] *********************************************************************************************************************************** fatal: [localhost]: FAILED! => {"changed": true, "cmd": "# must complete in less than 10 minutes\n set timeout 600\n ./install.sh --accept-license --database-host '10.149.39.47' --database-port '5432' --database-user 'naas' --database-password 'naas' --tsdb-volume-type 'local' --smtp-host '10.149.62.9' --smtp-port '1025' --smtp-authentication 'False' --smtp-use-tls 'False' --noreply-address '[email protected]' --fqdn '10.149.45.115' --organization-name 'Example' --admin-firstname 'Firstname' --admin-lastname 'Lastname' --admin-email '[email protected]' --admin-password 'Test123' --overwrite-existing-configs --auto-install-docker", "delta": "0:00:00.126237", "end": "2020-01-20 02:47:26.815015", "msg": "non-zero return code", "rc": 1, "start": "2020-01-20 02:47:26.688778", "stderr": "", "stderr_lines": [], "stdout": "Do not run the Controller installer using sudo.", "stdout_lines": ["Do not run the Controller installer using sudo."]} to retry, use: --limit @/home/ubuntu/ansible-role-nginx-controller-install/play2.retry

The readme should specifically mention that the playbook needs to be run remotely and should not be run locally so that the above is not hit.

ISSUE TYPE

Feature idea

COMPONENT NAME

tasks:
  - name: generate password hash # https://askubuntu.com/questions/982804/mkpasswd-m-sha-512-produces-incorrect-login
    expect:
      echo: yes
      command: /bin/bash -c "mkpasswd --method=sha-512 | sed 's/\$/\\$/g'"
      responses:
        (?i)password: '<some secure password>'
    register: password_hash

SUMMARY

Consider using password_hash filter instead of mkpasswd, to reduce complexity, and potential issues with sed command not being able to substitute the chars properly.

# Supporting su requirement for Controller installer role
- name: set root password to support su for Controller installation with Ubuntu
  user:
    name: root
    password: "{{ su_password | password_hash('sha512') }}"

Would then need to advise that "su_password" is a var that should be defined using something like below:

1. ansible vault
2. secrets management tool (hashicorp vault, cicd tool, etc.)

Hit this while attempting to verify timeout issues while the installer waits at prompts.
Specified the TSDB path and host as blank in variables assuming the installer will prompt for them, however they are quoted as blank strings, hence resulting in malformed command which later fails.

 - tsdb_nfs_path: ""
 - tsdb_nfs_host: 

TASK [ansible-controller : Controller - Extracting] ***********************************************************************************************************************************
skipping: [localhost]

TASK [ansible-controller : Controller - Installing] ***********************************************************************************************************************************
fatal: [localhost]: FAILED! => {"msg": "Unexpected templating type error occurred on (# must complete in less than 10 minutes\n set timeout 600\n ./install.sh --accept-license --database-host '{{ db_host }}' --database-port '{{ db_port }}' --database-user '{{ db_user }}' --database-password '{{ db_password }}' --tsdb-volume-type '{{ tsdb_volume_type }}' --smtp-host '{{ smtp_host }}' --smtp-port '{{ smtp_port }}' --smtp-authentication '{{ smtp_authentication }}' --smtp-use-tls '{{ smtp_use_tls }}' --noreply-address '{{ noreply_address }}' --fqdn '{{ fqdn }}' --organization-name '{{ organization_name }}' --admin-firstname '{{ admin_firstname }}' --admin-lastname '{{ admin_lastname }}' --admin-email '{{ admin_email }}' --admin-password '{{ admin_password }}' {{ (tsdb_volume_type == \"nfs\") | ternary('--tsdb-nfs-path ' + tsdb_nfs_path,'') }} {{ (tsdb_volume_type == \"nfs\") | ternary('--tsdb-nfs-host ' + tsdb_nfs_host,'') }} {{ (tsdb_volume_type == \"aws\") | ternary('--tsdb-aws-volume-id ' + tsdb_aws_volume_id,'') }} {{ (smtp_authentication | bool) | ternary('--smtp-user ' + smtp_user,'') }} {{ (smtp_authentication | bool) | ternary('--smtp-password ' + smtp_password,'') }} {{ (self_signed_cert | bool) | ternary('--self-signed-cert','') }} {{ (overwrite_existing_configs | bool) | ternary('--overwrite-existing-configs','') }} {{ (auto_install_docker | bool) | ternary('--auto-install-docker','') }}): cannot concatenate 'str' and 'NoneType' objects"}
	to retry, use: --limit @/home/ubuntu/ansible-role-nginx-controller-install/play2.retry

PLAY RECAP *********************************************************************************************

This is true for all vars and not just tsdb params.

Hi,
I'm getting error during the "Controller - Installing" step with below error! playbook that calls role is triggered from ADO pipeline.

2021-09-14T15:44:10.8653790Z fatal: [SECNGXCTLSR1003]: FAILED! => {"msg": "Unexpected templating type error occurred on (timeout --foreground 10m ./install.sh --accept-license --tsdb-volume-type '{{ nginx_controller_tsdb_volume_type }}' --smtp-host '{{ nginx_controller_smtp_host }}' --smtp-port '{{ nginx_controller_smtp_port | default(25) }}' --smtp-authentication '{{ nginx_controller_smtp_authentication }}' --smtp-use-tls '{{ nginx_controller_smtp_use_tls }}' --noreply-address '{{ nginx_controller_noreply_address }}' --fqdn '{{ nginx_controller_fqdn }}' --organization-name '{{ nginx_controller_organization_name }}' --admin-firstname '{{ nginx_controller_admin_firstname }}' --admin-lastname '{{ nginx_controller_admin_lastname }}' --admin-email '{{ nginx_controller_admin_email }}' --admin-password '{{ nginx_controller_admin_password }}' {{ (nginx_controller_tsdb_volume_type == \"nfs\") | ternary(\"--tsdb-nfs-path '\" + nginx_controller_tsdb_nfs_path + \"'\",'') }} {{ (nginx_controller_tsdb_volume_type == \"nfs\") | ternary(\"--tsdb-nfs-host '\" + nginx_controller_tsdb_nfs_host + \"'\",'') }} {{ (nginx_controller_tsdb_volume_type == \"aws\") | ternary(\"--tsdb-aws-volume-id '\" + nginx_controller_tsdb_aws_volume_id + \"'\",'') }} {{ (nginx_controller_configdb_volume_type != \"\" ) | ternary(\"--configdb-volume-type '\" + nginx_controller_configdb_volume_type + \"'\", '') }} {{ (nginx_controller_configdb_volume_type == \"nfs\") | ternary(\"--configdb-nfs-path '\" + nginx_controller_configdb_nfs_path + \"'\",'') }} {{ (nginx_controller_configdb_volume_type == \"nfs\") | ternary(\"--configdb-nfs-host '\" + nginx_controller_configdb_nfs_host + \"'\",'') }} {{ (nginx_controller_configdb_volume_type == \"aws\") | ternary(\"--configdb-aws-volume-id '\" + nginx_controller_configdb_aws_volume_id + \"'\",'') }} {{ ((nginx_controller_apigw_cert is defined and nginx_controller_apigw_cert | length > 0) and (nginx_controller_apigw_key is defined and nginx_controller_apigw_key | length > 0) ) | ternary(\"--apigw-cert '\" + nginx_controller_apigw_cert + \"'\",'') }} {{ ((nginx_controller_apigw_cert is defined and nginx_controller_apigw_cert | length > 0) and (nginx_controller_apigw_key is defined and nginx_controller_apigw_key | length > 0) ) | ternary(\"--apigw-key '\" + nginx_controller_apigw_key + \"'\",'') }} {{ (nginx_controller_smtp_authentication | bool) | ternary(\"--smtp-user '\" + nginx_controller_smtp_user + \"'\",'') }} {{ (nginx_controller_smtp_authentication | bool) | ternary(\"--smtp-password '\" + nginx_controller_smtp_password + \"'\",'') }} {{ (nginx_controller_self_signed_cert | bool) | ternary('--self-signed-cert','') }} {{ (nginx_controller_overwrite_existing_configs | bool) | ternary('--overwrite-existing-configs','') }} {{ (nginx_controller_auto_install_docker | bool) | ternary('--auto-install-docker','') }} {{ ((nginx_controller_bundled_db | bool) and ( nginx_controller_version is version('3.8', operator='ge', strict=True ))) | ternary(\"--use-bundled-db\",\"--database-host '\" + nginx_controller_db_host + \"' --database-port '\" + nginx_controller_db_port + \"' --database-user '\" + nginx_controller_db_user + \"' --database-password '\" + nginx_controller_db_password + \"'\" ) }} {{ ((nginx_controller_db_enable_ssl | bool) and ( not nginx_controller_bundled_db )) | ternary('--db-enable-ssl true','') }} {{ ((nginx_controller_db_enable_ssl | bool) and (nginx_controller_db_client_cert | length > 0)) | ternary(\"--db-client-cert '\" + nginx_controller_db_client_cert + \"'\",'') }} {{ ((nginx_controller_db_enable_ssl | bool) and (nginx_controller_db_client_key | length > 0)) | ternary(\"--db-client-key '\" + nginx_controller_db_client_key + \"'\",'') }} {{ ((nginx_controller_db_enable_ssl | bool) and (nginx_controller_db_ca | length > 0)) | ternary(\"--db-ca '\" + nginx_controller_db_ca + \"'\",'') }} {{ ((nginx_controller_version is version('3.5', operator='ge', strict=True) ) ) | ternary('--non-interactive','') }}\n): must be str, not NoneType"}

I can't tell from error above if it's complaining about the last line or one of the other variables.
Any suggestions would be greatly appreciated.
Thanks,

Describe the bug

We are seeing error running below task;
TASK [nginxinc.nginx_controller.nginx_controller_install : Controller - Installing]
The pipeline is failing with error connection timed out and then Failed to create the admin account in NGING Controller.

To reproduce

Steps to reproduce the behavior:

1. Deploy NGINX Controller Install role using playbook deploy.nginx.yml

roles:
    - role: nginx_controller_install
      vars:
        - nginx_controller_tarball: "/tmp/controller-installer-3.15.0.tar.gz"
        - nginx_controller_install_path: /home/vmadmin
        - nginx_controller_remote_source: no
        - nginx_controller_bundled_db: true
       # - nginx_controller_db_host: 
       # - nginx_controller_db_user: ""
       # - nginx_controller_db_password: ""
        - nginx_controller_db_enable_ssl: false
        - nginx_controller_db_client_cert: 
        - nginx_controller_db_client_key: 
        - nginx_controller_db_ca: 
        - nginx_controller_tsdb_volume_type: local
        # - nginx_controller_tsdb_nfs_path: ""
        # - nginx_controller_tsdb_nfs_host: 
        - nginx_controller_smtp_host: "localhost"
        - nginx_controller_smtp_authentication: false
        - nginx_controller_smtp_use_tls: false
        - nginx_controller_noreply_address: "[email protected]"
        - nginx_controller_fqdn: nginx-controller2-dev.azure.defra.cloud
        - nginx_controller_organization_name: "Defra"
        - nginx_controller_admin_firstname: "Nginx"
        - nginx_controller_admin_lastname: "Defra"
        - nginx_controller_admin_email: "[email protected]"
        - nginx_controller_admin_password: ""
        - nginx_controller_self_signed_cert: false
        - nginx_controller_apigw_cert: /etc/ssl/certs/star_azure_defra_cloud.crt
        - nginx_controller_apigw_key: /etc/ssl/private/star_azure_defra_cloud.key
        - nginx_controller_overwrite_existing_configs: true
        - ansible_python_interpreter: /usr/bin/python3
        # - ansible_become_password: '<some secure password>'

We are seeing below error running controller_install role and cannot see where it's failing. Not sure if the first issue connection timed out is causing the second command to fail, using bundled db for install.

16. Running database initialization task...\n\u001b[0m\u001b[32m NGINX Controller database has been initialized.\n\u001b[0msudo: unable to resolve host SECNGXCTLSR1003: Resource temporarily unavailable\ndb connection timed out\n\u001b[31m Failed to create the admin account in NGINX Controller.\n Detailed information can be found in installation logs at /var/log/nginx-controller/failure. Retry NGINX Controller installation or contact support, providing all logs.

Are there any known issues with below version for controller install? Could you please provide some direction to debug the above error, happy to provide logs as required.

collections:

- name: nginxinc.nginx_controller
  #version: 3.3.

Expected behaviour

Connect to database installed on same host install script is running not expecting any communication issues.

Your environment:

controller-installer-3.15.0.tar.gz
remote controller Ubuntu 18.04.5 LTS

ansible [core 2.11.4]
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/vmadmin/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.6/dist-packages/ansible
ansible collection location = /home/vmadmin/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/local/bin/ansible
python version = 3.6.9 (default, Jan 26 2021, 15:33:00) [GCC 8.4.0]
jinja version = 2.10
libyaml = True

Additional context

Add any other context about the problem here.

Describe the bug

In main.yml. should the line 86 be changed from :
{{ ((nginx_controller_bundled_db | bool) and (nginx_controller_version is version('3.8', operator='ge', strict=True))) | ternary("--database-host '" + nginx_controller_db_host + "' --database-port '" + nginx_controller_db_port + "' --database-user '" + nginx_controller_db_user + "' --database-password '" + nginx_controller_db_password + "'", "--use-bundled-db") }} \
to
{{ ((nginx_controller_bundled_db | bool) and (nginx_controller_version is version('3.8', operator='ge', strict=True))) | ternary("--use-bundled-db", "--database-host '" + nginx_controller_db_host + "' --database-port '" + nginx_controller_db_port + "' --database-user '" + nginx_controller_db_user + "' --database-password '" + nginx_controller_db_password + "'") }} \

To reproduce

Steps to reproduce the behavior:

1. In my vars, I have set: nginx_controller_bundled_db: true
2. Run ansible-playbook
3. Got the errors:
   TASK [nginxinc.nginx_controller_install : Install NGINX Controller] ********************************************************************************************
   fatal: [nginx-controller]: FAILED! => {"changed": true, "cmd": "timeout --foreground 10m ./install.sh --accept-license --tsdb-volume-type 'local' --smtp-host 'localhost' --smtp-port '25' --smtp-authentication 'False' --smtp-use-tls 'False' --noreply-address '[email protected]' --fqdn 'xxxxxx' --organization-name 'xxxx' --admin-firstname 'York' --admin-lastname 'Li' --admin-email '[email protected]' --admin-password 'Password123' --self-signed-cert --overwrite-existing-configs --database-host '' --database-port '5432' --database-user '' --database-password '' --non-interactive\n", "delta": "0:00:00.120985", "end": "2021-12-23 21:37:00.990613", "msg": "non-zero return code", "rc": 1, "start": "2021-12-23 21:37:00.869628", "stderr": "", "stderr_lines": [], "stdout": "ERROR: Parameter --database-host is invalid: Database hostname cannot be empty.", "stdout_lines": ["ERROR: Parameter --database-host is invalid: Database hostname cannot be empty."]}

Expected behavior

I thought when I have
nginx_controller_bundled_db: true

then
I should expect the option below in the ./install.sh command line
--use-bundled-db

Your environment

• Version of the NGINX role or specific commit
• Version of Ansible
  2.11
• Target deployment platform
  RHEL8

Additional context