edit: I debugged the hard way in the end, since nobody was around.... Ignore the rest of this description.
Hey, I need to debug:
sudo rbac-playbook -l copr-be-dev.aws.fedoraproject.org groups/copr-backend.yml
But I can not run the playbook with -vvv.
-vvv
The output I see:
TASK [Create db] **************************************************************************************************************************************************************************************************************************** Saturday 22 February 2020 09:02:39 +0000 (0:00:00.051) 0:00:00.051 ***** An exception occurred during task execution. To see the full traceback, use -vvv. The error was: psycopg2.OperationalError: FATAL: Peer authentication failed for user "postgres" fatal: [copr-be-dev.aws.fedoraproject.org]: FAILED! => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python3"}, "changed": false, "msg": "unable to connect to database: FATAL: Peer authentication failed for user \"postgres\"\n"}
This is not reproducible when I run the same task from my box, or from temporarily started centos 7 box.
@frostyx fyi
This is because our boxes were moved to ec2 group overnight, our way of working with become stopped working. That's because group var file has:
ec2
ansible_become: true ansible_become_user: root ansible_become_method: sudo
This is IMO wrong thing to do. It basically says that every single box in ec2 doesn't have root ssh allowed. Proposals?
We were moved to ec2 because nagios, a66b967781d2169f7b14748c69236c86e6f79df9
Turns except for one, all the boxes in ec2 group are copr boxes: https://infrastructure.fedoraproject.org/cgit/ansible.git/commit/?id=5adf0ddfdc3d83f248a367e6f95fcb8b27f8826a
Which means that we should indeed drop ansible_become* config options from ec2 group var file.
ansible_become*
Sorry for the breakage. ;(
I think that stuff was leftover from our setting up proxy30 in aws. It can be removed.
I was working on getting some monitoring working on the ec2 instances (via ssh, since they all allow that).
Thanks for taking a look then!
I've put copr aws boxes back to ec2 group, and disabled ansible_become* hacks 2131404eef8573229c45d68cb5a4bec7e5961248
Metadata Update from @praiskup: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Commit 1850ec75 relates to this ticket
Commit 94a2ed07 relates to this ticket
Commit 70733f58 relates to this ticket
Commit 55c087bd relates to this ticket
Commit d2b44af0 relates to this ticket
Commit d52658a5 relates to this ticket
Commit 30633a0f relates to this ticket
Commit 59d7020c relates to this ticket
Commit e0474a98 relates to this ticket
Commit acc2a543 relates to this ticket
Login to comment on this ticket.