Hi there,
i have a playbook which creates virtual machines via vmware and provisioned the OS by setting the IP, register to a foreman instance, installs basic packages and so one.
One step of this process is to join a Microsoft AD via the linux-system-roles.ad_integration role. Because the DNS record is created via the computer account I have to delegate the role, in the first run, to the IP of the host.
- name: "Join AD realm with delegate"
when: inventory_hostname != adclient_remote_host
ansible.builtin.include_role:
name: fedora.linux_system_roles.ad_integration
apply:
become: true
delegate_to: "{{ adclient_remote_host }}"
remote_user: "{{ adclient_remote_user }}"
The role “ad_integration” then tries to install missing packages via the “package” module (not using the FQCN). This failes with the message:
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: NoneType: None
fatal: [dmfapptst.falke.central → 172.20.141.113]: FAILED! => {“changed”: false, “msg”: “Could not find a module for {{hostvars[‘xxx.xxx.xxx.xxx’][‘ansible_facts’][‘pkg_mgr’]}}.”}
Which is a known issue with “package” when used with “delegate_to”: Cannot delegate to a host defined by a variable whose value is determined using ansible_facts, for package module · Issue #82598 · ansible/ansible · GitHub
In Ansible 2.18 this behaviour is fixed and I could confirm by temporary updating my environment. Unfortunately I have to support EL 7 hosts which python version is stuck to 3.6.8 so I need to kepp on using Ansible 2.16.
One solution is to keep all collections/roles local and patch all calls to “package” by hand to use yum/dnf. In my opinion this should be the last option to consider.
I had a look at the implementation of “package.py” and saw that there are no real dependencies to python >3.6.8 so it would be an option to backport this one action plugin to Ansible 2.16.
That what I did:
- Created ./plugins/action in my project
- placed patched package.py into ./plugins/action/
- set “action_plugins = ./plugins/action” in my ansible.cfg
When calling “package” from a local playbook the new patched version gets loaded but when called from a nested role the old “ansible.builtin.package” gets executed.
Now my question: Is there a chance I can overload the default plugin globally (in my environment - without patching anything in “~/” or “site-packages”) or is there another way to get around the mentioned issue?