Error with join role and Python 3

[arthuro3]

Hi,

Safeguard for Sudo : 6.1.1.0
Ansible: ansible [core 2.12.2]

When trying to join an host to the policy server with the privilege_manager.join role I got an error :

ansible-playbook -i hosts.ini run_join.yml --limit "moustache" -vvv -e 'ansible_python_interpreter=/usr/bin/python3.9'
TASK [oneidentity.privilege_manager.join : fail] ********************************************************************************************************************************************************************************************
task path: /root/.ansible/collections/ansible_collections/oneidentity/privilege_manager/roles/join/tasks/pmjoin.yml:17
fatal: [moustache]: FAILED! => {
"changed": false,
"msg": "Traceback (most recent call last):\n File "/tmp/ansible_pmjoin_payload_9qokr0xu/ansible_pmjoin_payload.zip/ansible_collections/oneidentity/privilege_manager/plugins/modules/pmjoin.py", line 257, in run_normal\n File "/tmp/ansible_pmjoin_payload_9qokr0xu/ansible_pmjoin_payload.zip/ansible_collections/oneidentity/privilege_manager/plugins/modules/pmjoin.py", line 311, in run_pmjoin\n File "/tmp/ansible_pmjoin_payload_9qokr0xu/ansible_pmjoin_payload.zip/ansible_collections/oneidentity/privilege_manager/plugins/modules/pmjoin.py", line 368, in run_pmjoin_join\n File "/usr/lib64/python3.9/subprocess.py", line 1134, in communicate\n stdout, stderr = self._communicate(input, endtime, timeout)\n File "/usr/lib64/python3.9/subprocess.py", line 1959, in _communicate\n input_view = memoryview(self._input)\nTypeError: memoryview: a bytes-like object is required, not 'str'\n"
}

Whereas with an interpreter python 2.7 the join is done. There is a just an error for generating the report :

ansible-playbook -i hosts.ini run_join.yml --limit "moustache" -vvv -e 'ansible_python_interpreter=/usr/bin/python2.7'

TASK [oneidentity.privilege_manager.join : generate reports] ********************************************************************************************************************************************************************************
task path: /root/.ansible/collections/ansible_collections/oneidentity/privilege_manager/roles/join/tasks/generate_reports.yml:4
fatal: [moustache -> {{ join_reports_host }}]: FAILED! => {
"msg": "Failed to get information on remote file (join_report.csv): /bin/sh: 1: /usr/bin/python2.7: not found\n"
}
PLAY RECAP **********************************************************************************************************************************************************************************************************************************
moustache : ok=8 changed=1 unreachable=0 failed=1 skipped=2 rescued=0 ignored=0

Arthur

[llnagy76]

Hi,
Thank you for reporting this issue!

I have not been able to reproduce your first issue. Could you assist me with my investigation? Please rerun the playbook and redirect the output to a file:
ansible-playbook -i hosts.ini run_join.yml --limit "moustache" -vvv -e 'ansible_python_interpreter=/usr/bin/python3.9' &> join_result.txt
Then please attach the output file. Thank you!

I have a guess about your second issue. The join is done on the managed nodes. However reports are generated on the controller node. You have /usr/bin/python2.7 on your managed node (moustache) but you do not have /usr/bin/python2.7 on your controller node (where you are running ansible-playbook).

Laszlo

[arthuro3]

Hi Laszlo,

For the second issue you were right. I added python2.7 on the controller node and the report is now generated.

For the first issue please find attached to output of the command :
ansible-playbook -i hosts.ini run_join.yml --limit "moustache" -vvv -e 'ansible_python_interpreter=/usr/bin/python3.9' -e 'join_state=joined' &>join_result.txt

join_result.txt

Regards,

Arthur

[llnagy76]

Hi Arthur!

Thanks for your help!

Unfortunately join_result.txt has not revealed any significant differences between your system and mine. On my test system the join role works with both python 3 and 2.

However I tried to understand what the problem could be based on the error message and I have a guess again. Could you assist me again?
I have modified pmjoin.py in privilege_manager/plugins/modules (and not in privilege_manager/plugins/module_utils where there is a file whose name is also pmjoin.py). I am attaching it here (in a .gz file because github does not allow me to attach .py files. You can decompress it with gunzip) Please backup your original pmjoin.py then move my modified pmjoin.py into privilege_manager/plugins/modules. Then run the join role and let's see if it works or not in your environment. If it still fails then please attach join_result.txt again. Thank you very much!
pmjoin.py.gz

Laszlo

[arthuro3]

Hi Laszlo,

I replaced the pmjoin.py with the new one:

> diff /root/.ansible/collections/ansible_collections/oneidentity/privilege_manager/plugins/modules/pmjoin.py /root/.ansible/collections/ansible_collections/oneidentity/privilege_manager/plugins/modules/pmjoin.py.backup
279d278
<         result_facts['password_type'] = str(type(password))
368c367
<         p = subprocess.Popen(' '.join(cmd), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True, universal_newlines=True)
---
>         p = subprocess.Popen(' '.join(cmd), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)

But there is always the error,

I attach the output,

join_result.bis.txt

Regards,

Arthur

[llnagy76]

Hi Arthur,
The fix has been released in v0.1.2.
Thanks for your help!
Laszlo