Aktualizacja PowerFlex nie powiodła się: ansible.legacy.setup /usr/bin/sudo: Odmowa zezwolenia
Summary: -Aktualizacja oprogramowania PowerFlex z wersji 4.5.1 do 4.5.2 — Aktualizacja jednego z węzłów nie powiodła się z powodu błędu Aktualizacja PowerFlex (XXX) — OS=PowerFlex Niepowodzenie z: OB-f0f65576-c290-4AE1-a398-cde0399284db-0 Nie udało się skonfigurować ndc-xxxxxxxx podczas uruchamiania zadania "Zbieranie faktów": Nie udało się wykonać następujących modułów: ansible.legacy.setup ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
Analiza dziennika wyjątków dostarczyła błąd i wskazała odpowiednie pliki yaml i .out jako główną przyczynę:
Dzienniki wdrożeń:
DEBUG [2024-05-08T10:59:38.422838] 27544: service_deployment.rb:1874:in `process_ansible_errors': Exception while running ansible playbook RuntimeError: Command
failed: env VAULT=****** ANSIBLE_STDOUT_CALLBACK=json ANSIBLE_HOST_KEY_CHECKING=False ANSIBLE_SSH_ARGS="-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no
-o ServerAliveInterval=30" ANSIBLE_PERSISTENT_CONNECT_TIMEOUT=120 ANSIBLE_PERSISTENT_COMMAND_TIMEOUT=120 timeout 1800 sudo -E /usr/local/bin/ansible-playbook -i
/opt/Dell/ASM/deployments/Job-d77631dd-0808-43ee-a152-dd4c4552d384-0/plays/ndc-esdsosp12-inv.yaml /opt/Dell/ASM/deployments/Job-d77631dd-0808-43ee-a152-dd4c4552d384-0/plays/ndc-esdsosp12.yaml
--vault-password-file /opt/asm-deployer/scripts/run_vault_script.py; output in /opt/Dell/ASM/deployments/Job-d77631dd-0808-43ee-a152-dd4c4552d384-0/ndc-esdsosp12.out
ERROR [2024-05-08T10:59:38.433623] 27544: service_deployment.rb:1887:in `process_ansible_errors': Error Message: The following modules failed to execute:
ansible.legacy.setup
DEBUG [2024-05-08T10:59:38.434102] 27544: service_deployment.rb:1897:in `process_ansible_errors': errpr_desc = The following modules failed to execute: ansible.legacy.setup;
additional_error_check = false
Dzienniki wyjątków:
<RuntimeError: Failed to transfer ca-cert on 10.x.x.71: RuntimeError: Error running ansible playbook: : RuntimeError :: Command failed: env VAULT=****** ANSIBLE_STDOUT_CALLBACK=json ANSIBLE_HOST_KEY_CHECKING=False ANSIBLE_SSH_ARGS="-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o ServerAliveInterval=30" ANSIBLE_PERSISTENT_CONNECT_TIMEOUT=120 ANSIBLE_PERSISTENT_COMMAND_TIMEOUT=120 timeout 1800 sudo -E /usr/local/bin/ansible-playbook -i /opt/Dell/ASM/deployments/Job-d77631dd-0808-43ee-a152-dd4c4552d384-0/plays/ndc-esdsosp12-inv___5.yaml /opt/Dell/ASM/deployments/Job-d77631dd-0808-43ee-a152-dd4c4552d384-0/plays/ndc-esdsosp12___5.yaml --vault-password-file /opt/asm-deployer/scripts/run_vault_script.py; output in /opt/Dell/ASM/deployments/Job-d77631dd-0808-43ee-a152-dd4c4552d384-0/ndc-esdsosp12___5.out: Error running ansible playbook: : RuntimeError :: Command failed: env VAULT=****** ANSIBLE_STDOUT_CALLBACK=json ANSIBLE_HOST_KEY_CHECKING=False ANSIBLE_SSH_ARGS="-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o ServerAliveInterval=30" ANSIBLE_PERSISTENT_CONNECT_TIMEOUT=120 ANSIBLE_PERSISTENT_COMMAND_TIMEOUT=120 timeout 1800 sudo -E /usr/local/bin/ansible-playbook -i /opt/Dell/ASM/deployments/Job-d77631dd-0808-43ee-a152-dd4c4552d384-0/plays/ndc-esdsosp12-inv___5.yaml /opt/Dell/ASM/deployments/Job-d77631dd-0808-43ee-a152-dd4c4552d384-0/plays/ndc-esdsosp12___5.yaml --vault-password-file /opt/asm-deployer/scripts/run_vault_script.py; output in /opt/Dell/ASM/deployments/Job-d77631dd-0808-43ee-a152-dd4c4552d384-0/ndc-esdsosp12___5.out>
Dzienniki .yaml:
all: hosts: 10.x.x.71: server: 10.x.x.71 ansible_ssh_user: pflex ansible_ssh_pass: !vault | $ANSIBLE_VAULT;1.1;AES256 33396339316633666565326637633562616561363339646436393530326666616332623233333862 3362356365656433386535666139306337386638626137340a383532623431613734613133366638 39353665653639343661346438343636633937306331333164656666663662373338396536313530 6137636663656637660a363036333663613566373237316637623635623265303434313231653735 3064 ansible_ssh_private_key_file: "/tmp/20240509-5076-oix54r" ansible_become_password: !vault | $ANSIBLE_VAULT;1.1;AES256 33396339316633666565326637633562616561363339646436393530326666616332623233333862 3362356365656433386535666139306337386638626137340a383532623431613734613133366638 39353665653639343661346438343636633937306331333164656666663662373338396536313530 6137636663656637660a363036333663613566373237316637623635623265303434313231653735 3064 source: "/opt/asm-deployer/tls/ca.crt" destination: "/etc/pki/trust/anchors" cert_file: ca.crt is_non_root_user: true
Dzienniki .out:
"hosts": {
"10.x.x.71": {
"_ansible_no_log": false,
"_ansible_verbose_override": true,
"action": "gather_facts",
"ansible_facts": {},
"changed": false,
"failed": true,
"failed_modules": {
"ansible.legacy.setup": {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3.6"
},
"failed": true,
"module_stderr": "Warning: Permanently added '10.x.x.71' (ECDSA) to the list of known hosts.\r\nConnection to 10.x.x.71 closed.\r\n",
"module_stdout": "/bin/sh: /usr/bin/sudo: Permission denied\r\n",
"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
"rc": 126, Cause
Zgodnie z analizą dzienników zauważyliśmy, że problem dotyczył uprawnień użytkownika "pflex". Ze względu na problem z uprawnieniami program "pflex" nie mógł skopiować certyfikatu ze źródła do miejsca docelowego.
Resolution
Skorygowanie uprawnień użytkownika pflex w węźle rozwiązało problem:
Na hoście:
usermod -a -G trusted pflex cd /etc/sudoers.d cp -p common-criteria common-criteria.2024-05-10 update: common-criteria %trusted ALL=(ALL) NOPASSWD: ALL
Testowanie:
sudo su - pflex sudo ls -ltra
Affected Products
PowerFlex rack, ScaleIOArticle Properties
Article Number: 000227009
Article Type: Solution
Last Modified: 03 Feb 2025
Version: 2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.