Troubleshooting Ansible

• Error with Self Signed SSL Cert on SCM server
• Error:module ‘enum’ has no attribute ‘IntFlag’
• Error with nosuid when read/write files

Error with Self Signed SSL Cert on SCM server

Error : Peer’s certificate issuer has been marked as not trusted by the user

{
    "stderr_lines": [
        "fatal: unable to access 'https://$encrypted$:[email protected]/ansible/network-automation.git/': Peer's certificate issuer has been marked as not trusted by the user."
    ],
    "cmd": "/usr/bin/git clone --origin origin 'https://$encrypted$:[email protected]/ansible/network-automation.git' /var/lib/awx/projects/_8__network_poc",
    "_ansible_no_log": false,
    "stdout": "Cloning into '/var/lib/awx/projects/_8__network_poc'...\n",
    "changed": false,
    "invocation": {
        "module_args": {
            "force": false,
            "track_submodules": false,
            "reference": null,
            "dest": "/var/lib/awx/projects/_8__network_poc",
            "umask": null,
            "clone": true,
            "gpg_whitelist": [],
            "accept_hostkey": false,
            "update": true,
            "ssh_opts": null,
            "repo": "https://$encrypted$:[email protected]/ansible/network-automation.git",
            "bare": false,
            "archive": null,
            "refspec": null,
            "executable": null,
            "remote": "origin",
            "recursive": true,
            "separate_git_dir": null,
            "verify_commit": false,
            "depth": null,
            "version": "HEAD",
            "key_file": null
        }
    },
    "stderr": "fatal: unable to access 'https://$encrypted$:[email protected]/ansible/network-automation.git/': Peer's certificate issuer has been marked as not trusted by the user.\n",
    "rc": 128,
    "_ansible_delegated_vars": {
        "ansible_host": "localhost"
    },
    "stdout_lines": [
        "Cloning into '/var/lib/awx/projects/_8__network_poc'..."
    ],
    "msg": "fatal: unable to access 'https://$encrypted$:[email protected]/ansible/network-automation.git/': Peer's certificate issuer has been marked as not trusted by the user."
}

Solution Resolution SSL certificate validation can be prevented for Git connections originating from Tower by adding the following settings in the Tower UI at Settings » Configure Tower » Jobs in JSON format:

{
  "GIT_SSL_NO_VERIFY": "True"
}

Reference

Note : For cloning repo, use below methods

git config --global http.sslverify false
#or
export GIT_SSL_NO_VERIFY=true

Error:module ‘enum’ has no attribute ‘IntFlag’

{
    "exception": "Traceback (most recent call last):\n  File \"/var/lib/awx/.ansible/tmp/ansible-tmp-1599103337.21-17-81526385316505/AnsiballZ_fortios_facts.py\", line 102, in <module>\n    _ansiballz_main()\n  File \"/var/lib/awx/.ansible/tmp/ansible-tmp-1599103337.21-17-81526385316505/AnsiballZ_fortios_facts.py\", line 17, in _ansiballz_main\n    import base64\n  File \"/usr/lib64/python3.6/base64.py\", line 9, in <module>\n    import re\n  File \"/usr/lib64/python3.6/re.py\", line 142, in <module>\n    class RegexFlag(enum.IntFlag):\nAttributeError: module 'enum' has no attribute 'IntFlag'\n",
    "_ansible_no_log": false,
    "_ansible_delegated_vars": {
        "ansible_host": "localhost"
    },
    "module_stderr": "Traceback (most recent call last):\n  File \"/var/lib/awx/.ansible/tmp/ansible-tmp-1599103337.21-17-81526385316505/AnsiballZ_fortios_facts.py\", line 102, in <module>\n    _ansiballz_main()\n  File \"/var/lib/awx/.ansible/tmp/ansible-tmp-1599103337.21-17-81526385316505/AnsiballZ_fortios_facts.py\", line 17, in _ansiballz_main\n    import base64\n  File \"/usr/lib64/python3.6/base64.py\", line 9, in <module>\n    import re\n  File \"/usr/lib64/python3.6/re.py\", line 142, in <module>\n    class RegexFlag(enum.IntFlag):\nAttributeError: module 'enum' has no attribute 'IntFlag'\n",
    "changed": false,
    "module_stdout": "",
    "rc": 1,
    "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error"
}

Solution

https://access.redhat.com/solutions/4282031

Error with nosuid when read/write files

sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?

Solution

It isn’t possible to use Tower with local action to escalate to the root user. It will be necessary to alter your task to connect via SSH and then escalate to root using another user(not AWX). This is done purposefully to avoid security risks associated with our user having root level access to the system.

NOTE : It is not recommended that sudo access be given to AWX user. You’ll need to adjust your playbook to SSH rather than use a local connection.

Root Cause: The AWX service user is intentionally restricted from sudo operations.

https://access.redhat.com/solutions/3223501