ansible-middleware/keycloak

Delegated to localhost tasks should be "become: false"

darlaam opened this issue · 1 comments

SUMMARY

When running the keycloak_quakus playbook, it fails in the Check downloaded archive step, asking for a password.
I am able to install keycloak if I add become: false to the Check downloaded archive step :

- name: Check downloaded archive
  ansible.builtin.stat:
    path: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"
  register: local_archive_path
  delegate_to: localhost
  become: false
ISSUE TYPE
  • Bug Report
ANSIBLE VERSION
ansible [core 2.16.6]
  config file = /[redacted]/ansible.cfg
  configured module search path = ['/home/user/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /[redacted]/.venv/lib/python3.11/site-packages/ansible
  ansible collection location = /[redacted]/collections
  executable location = /[redacted]/.venv/bin/ansible
  python version = 3.11.8 (main, Mar 26 2024, 12:26:07) [GCC 13.2.0] (/[redacted].venv/bin/python3)
  jinja version = 3.1.2
  libyaml = True

COLLECTION VERSION
- geerlingguy.ntp, 2.3.1
- gitlab, 3.2.0
- lae.proxmox, v1.7.0
- gitalyCluster, master
- pgadddb, master
STEPS TO REPRODUCE
---

- name: Install keycloak
  hosts: service_keycloak

  roles:
    - name: 'Deploy keycloak'
      vars:
        keycloak_quarkus_admin_pass: "{{ kc_admin_password }}"
        keycloak_quarkus_host: "{{ keycloak_domain }}"
        keycloak_quarkus_db_user: "{{ db_kc_user }}"
        keycloak_quarkus_db_pass: "{{ db_kc_password }}"
        keycloak_quarkus_jdbc_url: "jdbc:postgresql://{{ postgres_ip_1 }}:5432/keycloak"
        keycloak_quarkus_jdbc_engine: "postgres"
        keycloak_version: "{{ keycloak_version }}"
      role: middleware_automation.keycloak.keycloak_quarkus
EXPECTED RESULTS

Keycloak to be installed

ACTUAL RESULTS
TASK [middleware_automation.keycloak.keycloak_quarkus : Download keycloak archive] ********************************************************************************************************************************
TASK [middleware_automation.keycloak.keycloak_quarkus : Download keycloak archive] ********************************************************************************************************************************
task path: /[redacted]/iac-ansible/collections/ansible_collections/middleware_automation/keycloak/roles/keycloak_quarkus/tasks/install.yml:62
ok: [10.1.0.59 -> localhost] => {"changed": false, "dest": "/[redacted]/iac-ansible/keycloak-24.0.3.zip", "elapsed": 1, "gid": 168000513, "group": "domain users", "mode": "0640", "msg": "HTTP Error 304: Not Modified", "owner": "user", "size": 176490353, "state": "file", "status_code": 304, "uid": 168001104, "url": "https://github.com/keycloak/keycloak/releases/download/24.0.3/keycloak-24.0.3.zip"}

TASK [middleware_automation.keycloak.keycloak_quarkus : Retrieve product download using JBoss Network API] ********************************************************************************************************
task path: /[redacted]/iac-ansible/collections/ansible_collections/middleware_automation/keycloak/roles/keycloak_quarkus/tasks/install.yml:87
skipping: [10.1.0.59] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false}

TASK [middleware_automation.keycloak.keycloak_quarkus : Determine install zipfile from search results] ************************************************************************************************************
task path: /[redacted]/iac-ansible/collections/ansible_collections/middleware_automation/keycloak/roles/keycloak_quarkus/tasks/install.yml:99
skipping: [10.1.0.59] => {"changed": false, "false_condition": "rhbk_enable is defined and rhbk_enable", "skip_reason": "Conditional result was False"}

TASK [middleware_automation.keycloak.keycloak_quarkus : Download Red Hat Build of Keycloak] ***********************************************************************************************************************
task path: /[redacted]/iac-ansible/collections/ansible_collections/middleware_automation/keycloak/roles/keycloak_quarkus/tasks/install.yml:105
skipping: [10.1.0.59] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false}

TASK [middleware_automation.keycloak.keycloak_quarkus : Check downloaded archive] *********************************************************************************************************************************
task path: /[redacted]/iac-ansible/collections/ansible_collections/middleware_automation/keycloak/roles/keycloak_quarkus/tasks/install.yml:115
fatal: [10.1.0.59 -> localhost]: FAILED! => {"changed": false, "module_stderr": "sudo: password required\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

Thanks for reporting; I am adding the missing become, however, mind that hitting the issue could be caused by running the whole playbook with become: true (I'd advise to not run it with escalation at the playbook level)