Posix.mount error with ansible-navigator exclusively

Get Help
,
1

Hi,

End goal

I am studying for the RHCE exam, and am trying to make sure my playbooks can run with both ansible-playbook and ansible-navigator, just in case.

Issue

I currently have two playbooks (see below), and one of them throws me a permission denied error when played with ansible-navigator.
I have included all my code, but you are welcome to jump to the beginning of my second playbook, task “Mount the RHEL disk”.

Config files

ansible.cfg

[defaults]
inventory=inventory
remote_user=ansible
host_key_checking=false
deprecation_warnings=false
vault_password_file=vault-pass
collections_path=collections/:~/.ansible/collections:/usr/share/ansible/collections
roles_path=roles/:~/.ansible/roles:/usr/share/ansible/roles

[privilege_escalation]
become=true
become_method=sudo
become_user=root
become_ask_pass=false

.ansible-navigator.yml

ansible-navigator:
  execution-environment:
    pull:
      policy: missing
  playbook-artifact:
    enable: false

I also have secrets stored in vars/secrets.yml.

Playbook 1 (create users)

This playbook runs and re-runs fine with both ansible-playbook and ansible-navigator.

---
- name: Establish SSH connectivity to admin@managed
  hosts: all
  remote_user: admin
  gather_facts: false
  vars_files: vars/secrets.yml
  vars:
    ansible_password: "{{ adminuserpass }}"
    ansible_sudo_pass: "{{ adminuserpass }}"
  tasks:
    - name: Copy SSH ID from Control to Managed
      ansible.posix.authorized_key:
        user: admin
        state: present
        key: "{{ lookup('file', '/home/ansible/.ssh/id_rsa.pub') }}"

- name: Create users
  hosts: all
  remote_user: admin
  vars_files: vars/secrets.yml
  vars:
    user: ansible
    ansible_sudo_pass: "{{ adminuserpass }}"
  tasks:
    - name: Create the user {{ user }} and generate its SSH key
      user:
        name: "{{ user }}"
        generate_ssh_key: true
        ssh_key_bits: 2048
        ssh_key_file: .ssh/id_rsa

    - name: Copy SSH ID from Control to Managed
      ansible.posix.authorized_key:
        user: "{{ user }}"
        state: present
        key: "{{ lookup('file', '/home/ansible/.ssh/id_rsa.pub') }}"

    - name: Set a password for {{ user }}
      shell: "echo {{ ansibleuserpass }} | passwd --stdin {{ user }}"

    - name: Give sudo privileges to {{ user }}
      lineinfile:
        path: "/etc/sudoers.d/{{ user}}"
        line: "{{ user }} ALL=(ALL) NOPASSWD: ALL"
        create: true
        validate: /usr/sbin/visudo -cf %s

    - name: Run a command as {{ user }} with sudo privileges
      remote_user: "{{ user }}"
      shell: "ls -l /root"
      register: result

    - name: Print the result of the test command
      ansible.builtin.debug:
        var: result.stdout

Playbook 2 (create a repository server)

This playbook runs and re-runs fine with ansible-playbook.
However, with ansible-navigator it fails at the Mount the RHEL disk task with the following errors:

  • If it’s a re-run (after a successful use of ansible-playbook):
    Error mounting /home/ansible/mount: umount: /home/ansible/mount: must be superuser to unmount.

  • If the mount directory has been removed prior to running the playbook:
    Error mounting /home/ansible/mount: mount: /home/ansible/mount: permission denied.

- name: Create local package repositories
  hosts: localhost
  vars_files: vars/secrets.yml
  vars:
    ansible_sudo_pass: "{{ ansibleuserpass }}"
  tasks:
    - name: Mount the RHEL disk
      remote_user: ansible
      ansible.posix.mount:
        path: /home/ansible/mount
        src: /dev/sr0
        fstype: iso9660
        state: mounted

    - name: Create the main repo directory
      file:
        path: /reposerver
        state: directory

    - name: Populate the repo directories
      synchronize:
        src: "{{ item }}"
        dest: /reposerver
      loop:
        - /home/ansible/mount/BaseOS
        - /home/ansible/mount/AppStream

- name: Enable the local package repositories (for local use)
  hosts: localhost
  tasks:
    - name: Create .repo files
      yum_repository:
        name: "{{ item.name }}"
        description: "{{ item.description }}"
        baseurl: "{{ item.baseurl }}"
        gpgcheck: "{{ item.gpgcheck }}"
      loop:
        - name: localBaseOS
          description: local BaseOS
          baseurl: file:///reposerver/BaseOS
          gpgcheck: no
        - name: localAppStream
          description: local AppStream
          baseurl: file:///reposerver/AppStream
          gpgcheck: no

- name: Install and set up httpd
  hosts: localhost
  tasks:
    - name: Install httpd
      dnf:
        name: httpd
        state: latest
        disable_gpg_check: true

    - name: Enable the httpd service
      service:
        name: httpd
        state: started
        enabled: yes

    - name: Open firewalld
      ansible.posix.firewalld:
        service: http
        state: enabled
        permanent: true
        immediate: true

    - name: Symlink the repositories to httpd
      file:
        src: /reposerver
        dest: /var/www/html/reposerver
        state: link

- name: Set the SELinux context
  hosts: localhost
  tasks:
    - name: Set the SELinux context
    # This community module requires the CLI option "-e ansible_python_interpreter=/usr/bin/python"
      community.general.sefcontext:
        target: "/reposerver(/.*)?"
        setype: httpd_sys_content_t
        state: present
    - name: Restore the SELinux context
      command: restorecon -rv /reposerver

I am puzzled by this behavior.
I would be more than happy to let go of ansible-navigator, but who knows what the RHCE exam evaluation script uses, so here I am.

Thanks in advance. :slight_smile: