Toughts on playbook to create snapshot on vcenter before ansible exuction playbook

Hello Guys,

Can you help me out with a issue i am facing , i want to create a snapshot before “ansible” is changing somthing on a server.

I have the creation of snapshot this works as expected but if i combine it with a other playbook this returns in invalid credenitals.

i have tried adding the password in the vault , in awx always the same error. My touthts are that create snapshot is targeting locahost and the playbook is targetting a specefic host.

Could this be the issue?
Any other toughts to handle this?

---
# tasks file for createsnapshot
- name: Create Snapshot
  community.vmware.vmware_guest_snapshot:
    hostname: "{{ vcenter_hostname }}"
    username: "{{ vcenter_username }}"
    password: "{{ vcenter_password }}"
    datacenter: "{{ vcenter_datacenter }}"
    validate_certs: false
    folder: "{{ vcenter_vm_folder }}"
    name: "{{ vm_name | default(inventory_hostname) }}"
    snapshot_name: "{{ vm_snapshot_name | default('Before execution ansible playbook') }}"
    description: "{{ vm_snapshot_name | default('Before execution ansible playbook') }}"
    state: present
    memory_dump: true
  delegate_to: localhost

- name: Deploy docker
  hosts: TEST_ONLY
  become: true
  vars_files:
    - ../vault.yml
  tasks:
    - name: Create snapshot
      ansible.builtin.import_role:
        name: vcenter/create-snapshot
      delegate_to: localhost

    - name: Install Docker
      ansible.builtin.import_role:
        name: linux/docker

the error i recieve

{
  "module_stdout": "",
  "module_stderr": "\nsu: Authentication failure\n",
  "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
  "rc": 1,
  "_ansible_no_log": false,
  "changed": false,
  "_ansible_delegated_vars": {
    "ansible_host": "localhost",
    "ansible_port": null,
    "ansible_user": "ansible",
    "ansible_connection": "local"
  }
}
1 Like

Ah sorry I didn’t read it correctly, move the “become: true” further down maybe, to the task where it is needed?

I think delegate_to: localhost in your first task is extra and should be removed:

- name: Deploy docker
  hosts: TEST_ONLY
  become: true
  vars_files:
    - ../vault.yml
  tasks:
    - name: Create snapshot
      ansible.builtin.import_role:
        name: vcenter/create-snapshot
      delegate_to: localhost <-- remove

    - name: Install Docker
      ansible.builtin.import_role:
        name: linux/docker

You already have delegate_to: localhost in your role task and that should be enough.

Hello, @bvitnik ,

I have tried this before did not resolve my issue same permission error.

@disi removed the become since this is not required in the playbook the roles themself have the required steps if called for.

But did not change anything.

Are you sure the error message is exactly the same when you remove delegate_to: localhost? Can you post your inventory file (if any) and command line you are using to run Ansible? Can you also tell us which exact task fails?

P.S. Ah. I see now that you are using import_role instead of include_role so delegate_to should have no effect here. I thought it was messing with the include. You can ignore the first question.

does the ‘ansible’ user exist on the localhost? It definitely seems like an error with become or connection vars.
Try setting this on your vmware task

delegate_to: localhost
vars:
  ansible_become: false

What version of ansible is this? _ansible_ vars were removed in like 2.8

this is been run using AWX the inventory is simply containing 2 host

Where is the “TEST_ONLY” host (or group?) defined? You are using it here:

But I don’t see it on your screenshots. What I see on your screenshots are:

  • An AWX inventory called “TEST ONLY” (under the hood it’s an inventory file)
  • A host called “TEST_HOST” specified inside the inventory from the previous point

The hosts: key in playbook accepts names of hosts and groups, not names of inventories if that is what you had in mind.

So either do something like this:

- name: Deploy docker
  hosts: all

to target all of the hosts, both “ANSIBLE-DEPLOY” and “TEST_HOST” in your “TEST ONLY” inventory or like this:

- name: Deploy docker
  hosts: TEST_HOST

if you want to target only the host “TEST_HOST” from your “TEST ONLY” inventory.

Just a note that underscore “_” is an invalid (non allowed) character for hostname. You should avoid it.

1 Like

let me clairify it a bit more

the creation of the snapshot should been taken on the localhost (Execution Enviroment that then talks to the vcenter to create the snap).

Then the installation of docker should be done on the hosts that are in TEST ONLY. Without that i am adjusting the modules so the modules keep repeatable

vmware_guest_snapshot module is always used with delegate_to: localhost. That’s perfectly understandable and that’s how it was designed to work.

On the other hand, my comments are still holding. Also, the question “Can you also tell us which exact task fails?” is unfortunately left unanswered.

1 Like

Hy,

i have simpelfied the playbook and put the creation of the snapshot first in line and there it is failing. My gues because it is set to all.

And the creation of the snapshot relies on localhost (what is not in the hostgroup).

so the failing task is creating the snapshot (if i run the task seperate targetting locahost direct this works).

I’m not sure I follow :slightly_smiling_face:. Examples of the code that works and examples that does not work would be helpful.

I have found a workable solution instead of importing the roles i include them with a small adjustment on role (become on role level instead of playbook).

This now works as expected, if run the playbook this creates the snapshot of the vm updates the message of the snapshot

- name: Deploy docker
  hosts: all
  tasks:
    - name: Create snapshot vm
      ansible.builtin.include_role:
        name: vcenter/create-snapshot
      vars:
        vm_name: "{{ inventory_hostname }}"
        vm_snapshot_name: "Before execution ansible playbook - Installation docker"

    - name: Install Docker
      ansible.builtin.include_role:
        name: linux/docker

@bvitnik thanks for the help

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.