Help for rhel_system_roles ad_integration

souovan · April 12, 2024, 6:14pm

If someone has already used this role Hybrid Cloud Console and can provide help i apreciate

I’m tryng to use it to add a RHEL 7.9 machine to Active Directory domain and it isn’t working. Even the role documentation showing that it supports RHEL7+

Ansible version:

ansible [core 2.14.4]
  config file = /home/van/roles/insert_domain/ansible.cfg
  configured module search path = ['/home/van/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.9/site-packages/ansible
  ansible collection location = /home/van/.ansible/collections/ansible_collections
  executable location = /usr/bin/ansible
  python version = 3.9.10 (main, Sep 23 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] (/usr/bin/python3)
  jinja version = 3.1.2
  libyaml = True

RHEL 7 info:

[root@node ~]# cat /etc/*release*
NAME="Red Hat Enterprise Linux Server"
VERSION="7.9 (Maipo)"
ID="rhel"
ID_LIKE="fedora"
VARIANT="Server"
VARIANT_ID="server"
VERSION_ID="7.9"
PRETTY_NAME="Red Hat Enterprise Linux"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:redhat:enterprise_linux:7.9:GA:server"
HOME_URL="https://www.redhat.com/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"

REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 7"
REDHAT_BUGZILLA_PRODUCT_VERSION=7.9
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="7.9"
Red Hat Enterprise Linux Server release 7.9 (Maipo)
Red Hat Enterprise Linux Server release 7.9 (Maipo)
cpe:/o:redhat:enterprise_linux:7.9:ga:server

Ansible execution output:

TASK [redhat.rhel_system_roles.ad_integration : Run realm join command] *****************************
fatal: [192.168.100.44]: FAILED! => {"changed": true, "cmd": ["realm", "join", "-U", "svc_ansible", "--membership-software", "adcli", "van.local"], "delta": "0:00:02.233292", "end": "2024-04-12 15:03:25.788493", "failed_when_result": true, "msg": "non-zero return code", "rc": 1, "start": "2024-04-12 15:03:23.555201", "stderr": "See: journalctl REALMD_OPERATION=r183.3675\nrealm: Não foi possível associar ao domínio: The following packages are not available for installation: sssd, adcli", "stderr_lines": ["See: journalctl REALMD_OPERATION=r183.3675", "realm: Não foi possível associar ao domínio: The following packages are not available for installation: sssd, adcli"], "stdout": "Senha para svc_ansible:", "stdout_lines": ["Senha para svc_ansible:"]}

PLAY RECAP ******************************************************************************************
192.168.100.44             : ok=10   changed=0    unreachable=0    failed=1    skipped=14   rescued=0    ignored=0

The role can’t install the necessary packages

sssd
adcli

Denney-tech · April 12, 2024, 6:57pm

Oh snap! I saw this role in the fedora.linux_system_roles long before it was added downstream to redhat.rhel_system_roles. Haven’t had a chance to try it yet.

Looks like ad_integration/vars/main.yml at main · linux-system-roles/ad_integration (github.com) __ad_integration_packages only includes realmd and PackageKit as part of the package verification list. I think the realm join command tries to install these itself though.

Are you running your playbook with become: true? This won’t work without elevated privileges.

souovan · April 12, 2024, 7:01pm

Yes, i’m running with become: true

Denney-tech · April 12, 2024, 7:05pm

Do you see the packages in yum list sssd adcli ?

souovan · April 12, 2024, 7:08pm

No, that’s what was strange, the function claims to support RHEL 7, but the packages that need it are not available in that version

[root@node ~]# yum list sssd adcli
Plugins carregados: langpacks, product-id, search-disabled-repos, subscription-manager

This system is registered with an entitlement server, but is not receiving updates. You can use subscription-manager to assign subscriptions.

Error: Nenhum pacote correspondente a ser listado

only the sssd-client package is available in the distro repos

[root@node ~]# yum search sssd adcli
Plugins carregados: langpacks, product-id, search-disabled-repos, subscription-manager

This system is registered with an entitlement server, but is not receiving updates. You can use subscription-manager to assign subscriptions.

===================================== N/S matched: sssd =====================================
sssd-client.x86_64 : SSSD Client libraries for NSS and PAM

  Nome e sumário correspondem mostly, use "search all" para tudo.
Aviso: nenhum resultado para: adcli

Denney-tech · April 12, 2024, 7:24pm

Looks like you don’t have Simple Content enabled and need to attach your subscriptions before you can install anything.

souovan · April 12, 2024, 7:55pm

oh nevermind, my RHEL is a VM lab machine and wasn’t properly subscribed to get updates and let install packages, thank you very much for you help, now the role worked properly !!!

system · May 12, 2024, 7:55pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.