OpenStack-Ansible

"V-38496 - Gather problematic system accounts" check fails on RHEL 7

Bug #1590185 reported by Mark Hooper on 2016-06-07

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack-Ansible	Invalid	Low	Major Hayden

Bug Description

The check "V-38496 - Gather problematic system accounts" fails gloriously due to RHEL 7 not using jinja2.8 by default. The specific issue is due to Jinja being 2.7 and not 2.8.

If see the following error then you need to run "pip install Jinja2 --upgrade":

TASK: [openstack-ansible-security | V-38496 - Gather problematic system accounts] ***
fatal: [172.31.255.20] => Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line 586, in _executor
    exec_rc = self._executor_internal(host, new_stdin)
  File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line 789, in _executor_internal
    return self._executor_internal_inner(host, self.module_name, self.module_args, inject, port, complex_args=complex_args)
  File "/usr/lib/python2.7/site-packages/ansible/runner/__init__.py", line 1013, in _executor_internal_inner
    complex_args = template.template(self.basedir, complex_args, inject, fail_on_undefined=self.error_on_undefined_vars)
  File "/usr/lib/python2.7/site-packages/ansible/utils/template.py", line 140, in template
    d[k] = template(basedir, v, templatevars, lookup_fatal, depth, expand_lists, convert_bare, fail_on_undefined, filter_fatal)
  File "/usr/lib/python2.7/site-packages/ansible/utils/template.py", line 124, in template
    varname = template_from_string(basedir, varname, templatevars, fail_on_undefined)
  File "/usr/lib/python2.7/site-packages/ansible/utils/template.py", line 382, in template_from_string
    res = jinja2.utils.concat(rf)
  File "<template>", line 11, in root
  File "/usr/lib/python2.7/site-packages/jinja2/filters.py", line 318, in do_join
    return text_type(d).join(imap(text_type, value))
  File "/usr/lib/python2.7/site-packages/jinja2/filters.py", line 931, in _select_or_reject
    if modfunc(func(transfunc(item))):
  File "/usr/lib/python2.7/site-packages/jinja2/filters.py", line 925, in <lambda>
    name, item, args, kwargs)
  File "/usr/lib/python2.7/site-packages/jinja2/environment.py", line 438, in call_test
    raise TemplateRuntimeError('no test named %r' % name)
TemplateRuntimeError: no test named 'equalto'

Tags:

Mark Hooper (hoopernet) on 2016-06-07

tags:

added: security

Major Hayden (rackerhacker) on 2016-06-14

Changed in openstack-ansible:
assignee:	nobody → Major Hayden (rackerhacker)

Jean-Philippe Evrard (jean-philippe-evrard) on 2016-06-14

Changed in openstack-ansible:
importance:	Undecided → Low
status:	New → Confirmed

Revision history for this message

Major Hayden (rackerhacker) wrote on 2016-06-14:

I'd recommend against using the built-in Ansible and Jinja2 packages provided by Red Hat because they're a little outdated with some of the new features that the role uses.

You have a two options:

1. Use the 'run_tests.sh' script from the repository

This will build out a small virtual environment with the right versions of Ansible and Jinja2

2. Build your own virtual environment

This is fairly easy and I can share some tips.

The Ansible version requirements should be more clearly stated in the documentation and these two options should be presented, too. I'll make a patch for that in the docs.

Major Hayden (rackerhacker) on 2016-08-24

Changed in openstack-ansible:
status:	Confirmed → Incomplete

Major Hayden (rackerhacker) on 2017-01-16

Changed in openstack-ansible:
status:	Incomplete → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.