Ansible package installation job through Red Hat Satellite 6 fails

Solution Verified - Updated 14 Jun 2024

Environment

Red Hat Satellite 6.4 and above

Issue

Ansible package installation job through Red Hat Satellite 6 failing with one of the below with errors:

fatal: [client.example.com]: FAILED! => {"changed": false, "msg": "No package matching 'tree' found available, installed or updated", "rc": 126, "results": ["No package matching 'tree' found available, installed or updated"]}
	to retry, use: --limit @/tmp/foreman-playbook-13479bf9-359c-4eda-ae99-35c6eaa73066.retry

fatal: [client.example.com]: FAILED! => {"changed": true, "msg": "You need to be root to perform this command.\n2019-07-04 14:55:51,202 [INFO] yum:31094:Dummy-1 @connection.py:868 - Connection built: host=xxxxxxx port=443 handler=/rhsm auth=identity_cert ca_dir=/etc/rhsm/ca/ insecure=False\n2019-07-04

Resolution

Ansible jobs executed through Red Hat Satellite 6 server leverages the embedded remote execution feature.
Under Administer > Settings > Remote Execution tab, Ensure Effective User is set to root and SSH User can either be root or a non-root user.
NOTE: They can be same if the user is root.
Under the Job Invocation page, click on Display advanced fields and fill in the Sudo password and click Submit.
NOTE: If this Sudo password is set under Administer > Settings > Remote Execution tab or as a Global parameter described below then skip providing the Sudo password again and just run the Ansible job.
In Red Hat Satellite 6.4 release, Ansible privilege escalation doesn't work because of this bug This content is not included.BZ # 1661483 which is fixed in Red Hat Satellite 6.5 release.
If Red Hat Satellite version is 6.4 then create ansible_sudo_pass parameter with the required password for the effective user either at Host or Host Group level or it can be configured as a Global Parameter. For more information on this refer to Running Ansible Playbooks as non-root users from Red Hat Satellite 6.

For more KB articles/solutions related to Red Hat Satellite 6.x Remote Execution Issues, please refer to the Red Hat Satellite Consolidated Troubleshooting Article for Red Hat Satellite 6.x Remote Execution Issues

Root Cause

Under Administer > Settings > Remote Execution tab, SSH User and Effective User were set to non-root user.
Per Content from docs.ansible.com is not included.Ansible documentation, SSH user (remote_user) and the Effective User (become_user), can't be the same, which would cause the jobs to fail where privilege escalation is a must. Below is the excerpt from Content from docs.ansible.com is not included.Ansible documentation.

become_user
    set to user with desired privileges — the user you become, NOT the user you login as. Does NOT imply become: yes, to allow it to be set at host level.

SBR

SysMgmt

Product(s)

Red Hat Satellite

Components

foreman

Category

Troubleshoot

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.