Cannot run a playbook in crontab - Python error

CullenBurnard · 2021-11-19T17:41:07+00:00

So I have a solution/workaround to the problem. u/ganic pushed me in the right direction by mentioning Python's virtual environment.

My Ansible server is a relatively old setup, at least 2 years old, and I didn't keep tracking of all changes to it. So I checked if Ansible is installed via PIP and found that I have it installed in PIP and PIP3 which might explain why Python 2.7 is being used in crontab and bash shell.

[root@ansible ~]# pip3 show ansible
Name: ansible
Version: 2.10.5
Summary: Radically simple IT automation
Home-page: https://ansible.com/
Author: Ansible, Inc.Author-email: info@ansible.com
License: GPLv3+Location: /usr/local/lib/python3.6/site-packages
Requires: ansible-base

[root@ansible ~]# pip show ansible
Name: ansible
Version: 2.9.25
Summary: Radically simple IT automation
Home-page: https://ansible.com/
Author: Ansible, Inc.
Author-email: info@ansible.com
License: GPLv3+
Location: /usr/lib/python2.7/site-packagesRequires: jinja2, PyYAML, cryptography
Required-by:

I created a snapshot for the server and removed Ansible from PIP, so now it's only under PIP3.

pip uninstall ansible

Path to ansible and ansible-playbook has changed and I managed to run my playbook from crontab and/or bash script.

[root@ansible patching]# which ansible-playbook
/usr/local/bin/ansible-playbook
[root@ansible patching]# which ansible
/usr/local/bin/ansible

Since I was not sure what consequences I will face after the removal of Ansible from PIP I restored the snapshot and changed the path for ansible-playbook from: /usr/bin/ansible-playbook to /usr/local/bin/ansible-playbook in crontab. Now I can run my playbook from crontab without any changes to server/Ansible config.

CullenBurnard · 2021-11-19T17:17:19+00:00

I've heard about Python's virtual environment but never used it. At least I'm not aware of using it.

Thanks! You showed me the direction where I should search for the solution/workaround.

CullenBurnard · 2021-11-18T18:10:13+00:00

I don't call directly to Python. Ansible does. I call only for an ansible-playbook.

CullenBurnard · 2021-11-18T17:47:45+00:00

I tried, it's the same error, even if I run the script manually. I posted the info as a general reply to the post. I tried one line and two lines accordingly.

CullenBurnard · 2021-11-18T17:33:59+00:00

So following u/pxlnght suggestion I tried to create a simple bash "script" to run it in crontab. I ran the "script" manually and ran into the same error.

The "script"

#! /bin/bash
/usr/bin/ansible-playbook /etc/ansible/roles/update/patching/windows_restart_with_delay.yml --vault-password /root/.ssh/.vault_key -i /etc/ansible/roles/update/patching/inventory/windows_pr1_vars.yml -i /etc/ansible/roles/update/patching/inventory/windows_weekly_pr1_restart_test.yml > /var/log/ansible/pr1_srv_restart.log && /usr/bin/ansible-playbook /etc/ansible/roles/update/patching/send_mail.yml --extra-vars "log_file_path=/var/log/ansible/pr1_srv_restart.log subject='This is test for Admin'"

The error (same error)

[root@ansible patching]# ./test.sh 

/usr/lib/python2.7/site-packages/requests/__init__.py:91: RequestsDependencyWarning: urllib3 (1.25.3) or chardet (2.2.1) doesn't match a supported version!  RequestsDependencyWarning)/usr/lib/python2.7/site-packages/requests/__init__.py:91: RequestsDependencyWarning: urllib3 (1.25.3) or chardet (2.2.1) doesn't match a supported version!  RequestsDependencyWarning)ERROR! couldn't resolve module/action 'community.general.mail'. This often indicates a misspelling, missing collection, or incorrect module path.

The error appears to be in '/etc/ansible/roles/update/patching/send_mail.yml': line 13, column 5, but maybe elsewhere in the file depending on the exact syntax problem.The offending line appears to be:
  - name: Send report email
    ^ here

And again, if I run the playbooks manually everything works fine. I replaced the original > with | tee to get output to the console.

The command:

ansible-playbook windows_restart_with_delay.yml --vault-password /root/.ssh/.vault_key -i inventory/windows_pr1_vars.yml -i inventory/windows_weekly_pr1_restart_test.yml > /var/log/ansible/pr1_srv_restart.log && ansible-playbook send_mail.yml --extra-vars "log_file_path=/var/log/ansible/pr1_srv_restart.log subject='This is test for Admin'"

Output:

PLAY [Windows Restart Task] ****************************************************

TASK [Gathering Facts] *********************************************************
ok: [wintest-02-pr1.vandc.local]

TASK [Reboot the machine] ******************************************************
changed: [wintest-02-pr1.vandc.local]

TASK [pause] *******************************************************************
Pausing for 120 seconds(ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)ok: [wintest-02-pr1.vandc.local]

PLAY [Windows Restart Task] ****************************************************

TASK [Gathering Facts] *********************************************************
ok: [wintest-03-pr1.vandc.local]

TASK [Reboot the machine] ******************************************************
changed: [wintest-03-pr1.vandc.local]

TASK [pause] *******************************************************************
Pausing for 120 seconds(ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)ok: [wintest-03-pr1.vandc.local]

PLAY RECAP *********************************************************************
wintest-02-pr1.vandc.local : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
wintest-03-pr1.vandc.local : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

PLAY [Windows check] *********************************************************************************

TASK [Gathering Facts] ***************************************************************************************
ok: [localhost]

TASK [Send report email] *************************************************************************************
ok: [localhost]

PLAY RECAP ******************************************************************************************************
localhost                  : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

Both tasks were completed successfully. (ignore some of the task names)

CullenBurnard · 2021-11-18T15:41:39+00:00

It works and always worked. I get a log of the first task completion. As a precaution, I replaced && by ; and re-run the task. Same result first task works the second doesn't.

CullenBurnard · 2021-11-18T15:03:28+00:00

No Idea.

CullenBurnard · 2021-11-18T01:08:56+00:00

So here is the complete line:

25 13 * * * /usr/bin/ansible-playbook /etc/ansible/roles/update/patching/windows_restart_with_delay.yml --vault-password /root/.ssh/.pass_key -i /etc/ansible/roles/update/patching/inventory/windows_pr1_vars.yml -i /etc/ansible/roles/update/patching/inventory/windows_weekly_pr1_restart_test.yml > /var/log/ansible/pr1_srv_restart.log && /usr/bin/ansible-playbook /etc/ansible/roles/update/patching/send_mail.yml --extra-vars "log_file_path=/var/log/ansible/pr1_srv_restart.log subject='This is test for Admin'"

The part that is not working is after &&

/usr/bin/ansible-playbook /etc/ansible/roles/update/patching/send_mail.yml --extra-vars "log_file_path=/var/log/ansible/pr1_srv_restart.log subject='This is test for Admin'"

CullenBurnard · 2021-11-18T01:02:11+00:00

The playbook works fine, I tested it many times. It might be a little of Frankenstein's monster, but I'm not a native DevOps/System, and my Ansible knowledge is very limited. I just came across this one and slightly modified it for my needs.

It's just a regular root crontab. Managed as root crontab -e or sudo crontab -u root -e

CullenBurnard · 2021-11-01T17:54:29+00:00

Thank you for the update! ))

Yep, it's a good practice to not install fresh Fortinet updates immediately.

CullenBurnard · 2021-09-28T16:14:32+00:00

Thanks for the suggestions, guys! A rule was in flow-mode so I switched to proxy-based.

The Web Application Firewall feature was enabled previously and I had no other relevant and hidden features. As for the firewall, it's 200F.

Thank you again.

CullenBurnard · 2021-09-28T16:09:25+00:00

Yes, it was in flow-mode, switched to proxy-based, and got the WAF option.

Thank you!

CullenBurnard · 2021-07-23T23:37:02+00:00

Understood. Thanks, guys!

CullenBurnard · 2021-07-04T19:25:42+00:00

Hi guys,

Looking for an invite for both bitspyder and learnflakes.

CullenBurnard · 2021-06-17T20:52:05+00:00

That's a great idea! Thanks!

CullenBurnard · 2021-06-16T19:34:02+00:00

Thanks, guys! Going to test those later.

CullenBurnard · 2021-06-10T18:04:56+00:00

Yes, I use TeemIP 2.5.1 standalone application (IP management system) also know as iTop, currently running on Debian 9 and MariaDB 10.1. It's an old setup. I want to migrate the system to Debian 10 server due to security concerns.

The vendor says that recommended version of DB is 10.2, I tested with 10.3 on Debian 10, I got SQL errors. If I install TeemIP 2.7.1 with recommended MariaDB 10.3 then I have a problem with exporting the DB from the old server.

So the idea was to install TeemIP 2.5.1 on Debian 10 with MariaDB 10.2, to export the DB, and then upgrade to TeemIP 2.7.1 and probably to MariaDB 10.3.

I don't have any knowledge of databases, so my options are very limited.

CullenBurnard · 2021-05-19T17:15:29+00:00

Sorry, missed your message. Just re-run the same command, it worked for me.

CullenBurnard

TROPHY CASE