Users are unable to run ad-hoc commands in Ansible Tower for a specific organization.
Environment
- Ansible Tower 3.8.4 (Ansible Automation Platform 1.2)
Issue
- Organization users even with admin access are not able to execute adhoc commands using their credentials and is showing an error:
Failed to launch adhoc command. POST returned status : 400
Error: awx.api.generics status 400 received by user admin attempting to access /api/v2/inventories/<userid>/ad_hoc_commands/
Resolution
- User should save the password in the credential on the tower.
- From Ansible Tower UI navigate to Resources - Credentials - Password.
- Fill in the password and uncheck "Prompt on launch".
Root Cause
Ad-hoc job do not have a prompt to enter the password so the user must save the password and uncheck the "Prompt on launch" parameter in tower credentials.
Diagnostic Steps
If the password for the credential is set to "ASK", the user would be prompted to enter the password. The ad-hoc jobs do not have a prompt to enter the password and will show error.
This can be verified by the following steps:
- Login to Tower API as some user (admin) using Web-browser:
https://<TOWER_URL>/api/login/
- Access to the ad-hoc API endpoint:
https://<TOWER_URL>/api/v2/inventories/56/ad_hoc_commands/
- Set appropriate POST data ( like credential, module_name or limit ) in CONTENT: section then press POST button.
{
"job_type": "run",
"limit": "<name@domain>",
"credential": 3,
"module_name": "ping",
"module_args": "",
"forks": 0,
"verbosity": 0,
"extra_vars": "",
"become_enabled": true,
"diff_mode": false
}
The output will show if the Password has been set to "ASK"
{
"id": 60,
"type": "credential",
"url": "/api/v2/credentials/60/",
"related": {
"named_url": "/api/v2/credentials/<url>/",
"created_by": "/api/v2/users/55/",
"modified_by": "/api/v2/users/55/",
"organization": "/api/v2/organizations/10/",
"activity_stream": "/api/v2/credentials/60/activity_stream/",
"access_list": "/api/v2/credentials/60/access_list/",
"object_roles": "/api/v2/credentials/60/object_roles/",
"owner_users": "/api/v2/credentials/60/owner_users/",
"owner_teams": "/api/v2/credentials/60/owner_teams/",
"copy": "/api/v2/credentials/60/copy/",
"input_sources": "/api/v2/credentials/60/input_sources/",
"credential_type": "/api/v2/credential_types/1/"
},
"summary_fields": {
"organization": {
"id": 10,
"name": "<name>",
"description": "This is my organization"
},
"credential_type": {
"id": 1,
"name": "Machine",
"description": ""
},
"created_by": {
"id": 55,
"username": "username@domain",
"first_name": "<first-name>",
"last_name": "<last-name>"
},
"modified_by": {
"id": 55,
"username": "<username@domain",
"first_name": "first-name",
"last_name": "last-name"
},
"object_roles": {
"admin_role": {
"description": "Can manage all aspects of the credential",
"name": "Admin",
"id": 1637
},
"use_role": {
"description": "Can use the credential in a job template",
"name": "Use",
"id": 1638
},
"read_role": {
"description": "May view settings for the credential",
"name": "Read",
"id": 1639
}
},
"user_capabilities": {
"edit": true,
"delete": true,
"copy": true,
"use": true
},
"owners": [
{
"id": 55,
"type": "user",
"name": "<username@domain",
"description": "first-name",
"url": "/api/v2/users/55/"
},
{
"id": 10,
"type": "organization",
"name": "<org-name>",
"description": "This is my organization",
"url": "/api/v2/organizations/10/"
}
]
},
"created": "2020-11-11T13:26:14.585783Z",
"modified": "2021-10-01T12:13:00.532167Z",
"name": "<user-cred>",
"description": "<description>",
"organization": 10,
"credential_type": 1,
"managed_by_tower": false,
"inputs": {
"password": "ASK",
"username": "<username>"
},
"kind": "ssh",
"cloud": false,
"kubernetes": false
}
The following part of the output shows the password will be asked:
"inputs": {
"password": "ASK",
"username": "<username>"
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments