Uploaded image for project: 'Red Hat OpenShift Dev Spaces (formerly CodeReady Workspaces) '
  1. Red Hat OpenShift Dev Spaces (formerly CodeReady Workspaces)
  2. CRW-4917

"error Tunnel connection failed: 403 Forbidden" when execute Ansible sample task in airgap OCP 4.13 cluster

XMLWordPrintable

    • False
    • None
    • False

      Description of problem:

      Workaround

      Prerequisites (if any, like setup, operators/versions):

      Steps to Reproduce

      1. Deploy DS 3.9.0.RC-10-04 to airgap OCP 4.13 cluster
      2. Go to dashboard and create workspace from Ansible sample
      3. Go to VS Code Editor > top menu > Terminal > Run Task > "Molecule: Run Scenario for Backup Role"

      Actual results:

      Task failed to run because of error:

       *  Executing task: devfile: Molecule: Run Scenario for Backup Role 

INFO     default scenario test matrix: syntax, create, converge, idempotence, verify
INFO     Performing prerun with role_name_check=0...
INFO     Running ansible-galaxy collection install -v -r requirements.yml
WARNING  Retrying execution failure 1 of: ansible-galaxy collection install -v -r requirements.yml
ERROR    [0;34mNo config file found; using defaults[0m
Starting galaxy collection install process
Process install dependency map
Starting collection install process
Downloading https://galaxy.ansible.com/api/v3/plugin/ansible/content/published/collections/artifacts/kubernetes-core-2.4.0.tar.gz to /home/runner/.ansible/tmp/ansible-local-517ht31x2rn/tmpnclx5hd4/kubernetes-core-2.4.0-14sjmlwa

ERROR    [0;31mERROR! Failed to download collection tar from 'default' due to the following unforeseen error: <urlopen error Tunnel connection failed: 403 Forbidden>. <urlopen error Tunnel connection failed: 403 Forbidden>[0m

Traceback (most recent call last):
  File "/usr/local/bin/molecule", line 8, in <module>
    sys.exit(main())
             ^^^^^^
  File "/usr/local/lib/python3.11/site-packages/click/core.py", line 1130, in __call__
    return self.main(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/click/core.py", line 1055, in main
    rv = self.invoke(ctx)
         ^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/click/core.py", line 1657, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/click/core.py", line 1404, in invoke
    return ctx.invoke(self.callback, **ctx.params)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/click/core.py", line 760, in invoke
    return __callback(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/click/decorators.py", line 26, in new_func
    return f(get_current_context(), *args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/molecule/command/test.py", line 113, in test
    base.execute_cmdline_scenarios(scenario_name, args, command_args, ansible_args)
  File "/usr/local/lib/python3.11/site-packages/molecule/command/base.py", line 109, in execute_cmdline_scenarios
    scenario.config.runtime.prepare_environment(
  File "/usr/local/lib/python3.11/site-packages/ansible_compat/runtime.py", line 399, in prepare_environment
    self.install_requirements(req_file, retry=retry, offline=offline)
  File "/usr/local/lib/python3.11/site-packages/ansible_compat/runtime.py", line 376, in install_requirements
    raise AnsibleCommandError(result)
ansible_compat.errors.AnsibleCommandError: Got 1 exit code while running: ansible-galaxy collection install -v -r requirements.yml

 *  The terminal process terminated with exit code: 1. 
 *  Terminal will be reused by tasks, press any key to close it.

      squid logs
      1696871939.346    122 10.0.64.186 TCP_TUNNEL/200 4451 CONNECT galaxy.ansible.com:443 - HIER_DIRECT/104.26.0.234 -
1696871939.705    141 10.0.64.186 TCP_TUNNEL/200 4273 CONNECT galaxy.ansible.com:443 - HIER_DIRECT/104.26.0.234 -
1696871939.886    175 10.0.64.186 TCP_TUNNEL/200 4530 CONNECT galaxy.ansible.com:443 - HIER_DIRECT/104.26.0.234 -
1696871940.218     16 10.0.54.130 TCP_TUNNEL/200 7360 CONNECT console-openshift-console.apps.ds-airgap-v13.crw-qe.com:443 - HIER_DIRECT/18.189.92.68 -
1696871940.301    144 10.0.64.186 TCP_TUNNEL/200 4290 CONNECT galaxy.ansible.com:443 - HIER_DIRECT/104.26.0.234 -
1696871940.428    121 10.0.64.186 TCP_TUNNEL/200 8838 CONNECT galaxy.ansible.com:443 - HIER_DIRECT/104.26.0.234 -
1696871940.741     74 10.0.64.186 TCP_TUNNEL/200 4273 CONNECT galaxy.ansible.com:443 - HIER_DIRECT/104.26.0.234 -
1696871940.921    174 10.0.64.186 TCP_TUNNEL/200 4510 CONNECT galaxy.ansible.com:443 - HIER_DIRECT/104.26.0.234 -
1696871941.218     77 10.0.64.186 TCP_TUNNEL/200 4293 CONNECT galaxy.ansible.com:443 - HIER_DIRECT/104.26.0.234 -
1696871941.343    119 10.0.64.186 TCP_TUNNEL/200 7531 CONNECT galaxy.ansible.com:443 - HIER_DIRECT/104.26.0.234 -
1696871941.688    100 10.0.64.186 TCP_TUNNEL/200 4286 CONNECT galaxy.ansible.com:443 - HIER_DIRECT/104.26.0.234 -
1696871941.824    131 10.0.64.186 TCP_TUNNEL/200 111053 CONNECT galaxy.ansible.com:443 - HIER_DIRECT/104.26.0.234 -
1696871942.148     76 10.0.64.186 TCP_TUNNEL/200 4291 CONNECT galaxy.ansible.com:443 - HIER_DIRECT/104.26.0.234 -
1696871942.292    137 10.0.64.186 TCP_TUNNEL/200 34410 CONNECT galaxy.ansible.com:443 - HIER_DIRECT/104.26.0.234 -
1696871942.658    143 10.0.64.186 TCP_TUNNEL/200 4274 CONNECT galaxy.ansible.com:443 - HIER_DIRECT/104.26.0.234 -
1696871942.783    119 10.0.64.186 TCP_TUNNEL/200 4525 CONNECT galaxy.ansible.com:443 - HIER_DIRECT/104.26.0.234 -
1696871943.256    170 10.0.64.186 TCP_TUNNEL/200 4427 CONNECT galaxy.ansible.com:443 - HIER_DIRECT/104.26.0.234 -
1696871943.475    159 10.0.64.186 TCP_TUNNEL/200 4285 CONNECT galaxy.ansible.com:443 - HIER_DIRECT/104.26.0.234 -
1696871943.529      0 10.0.64.186 TCP_DENIED/403 2050 CONNECT ansible-galaxy-ng.s3.dualstack.us-east-1.amazonaws.com:443 - HIER_NONE/- text/html
1696871945.935  30048 10.0.79.207 TCP_TUNNEL/200 6425 CONNECT ds-airgap-v13-7bv2f-image-registry-us-east-2-cbyossxnympnakbuv.s3.dualstack.us-east-2.amazonaws.com:443 - HIER_DIRECT/3.5.133.161 -
1696871946.010  30051 10.0.79.207 TCP_TUNNEL/200 6425 CONNECT ds-airgap-v13-7bv2f-image-registry-us-east-2-cbyossxnympnakbuv.s3.dualstack.us-east-2.amazonaws.com:443 - HIER_DIRECT/3.5.133.161 -
1696871953.114  30041 10.0.79.207 TCP_TUNNEL/200 6425 CONNECT ds-airgap-v13-7bv2f-image-registry-us-east-2-cbyossxnympnakbuv.s3.dualstack.us-east-2.amazonaws.com:443 - HIER_DIRECT/3.5.133.161 -

      Expected results:

      Task has successfully executed:

       *  Executing task: devfile: Molecule: Run Scenario for Backup Role 

INFO     default scenario test matrix: syntax, create, converge, idempotence, verify
INFO     Performing prerun with role_name_check=0...
INFO     Running ansible-galaxy collection install -v -r requirements.yml
INFO     Set ANSIBLE_LIBRARY=/home/runner/.cache/ansible-compat/b26d1e/modules:/home/runner/.ansible/plugins/modules:/usr/share/ansible/plugins/modules
INFO     Set ANSIBLE_ROLES_PATH=/home/runner/.cache/ansible-compat/b26d1e/roles:/home/runner/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles
INFO     Running from /projects/ansible-devspaces-demo/collections/example/collection/roles/backup_file : ansible-galaxy collection install -vvv --force ../..
INFO     Running default > syntax

playbook: /projects/ansible-devspaces-demo/collections/example/collection/roles/backup_file/molecule/default/converge.yml
INFO     Running default > create
WARNING  Skipping, instances already created.
INFO     Running default > converge

PLAY [Converge] ****************************************************************

TASK [Gathering Facts] *********************************************************
ok: [molecule-ubi8-init-1]

TASK [Include backup_file] *****************************************************

TASK [backup_file : Ping the host] *********************************************
ok: [molecule-ubi8-init-1]

TASK [backup_file : Backup File | Create backup directory] *********************
ok: [molecule-ubi8-init-1]

TASK [backup_file : Backup File | Copy source file to backup destination] ******
ok: [molecule-ubi8-init-1]

PLAY RECAP *********************************************************************
molecule-ubi8-init-1       : ok=4    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

INFO     Running default > idempotence

PLAY [Converge] ****************************************************************

TASK [Gathering Facts] *********************************************************
ok: [molecule-ubi8-init-1]

TASK [Include backup_file] *****************************************************

TASK [backup_file : Ping the host] *********************************************
ok: [molecule-ubi8-init-1]

TASK [backup_file : Backup File | Create backup directory] *********************
ok: [molecule-ubi8-init-1]

TASK [backup_file : Backup File | Copy source file to backup destination] ******
ok: [molecule-ubi8-init-1]

PLAY RECAP *********************************************************************
molecule-ubi8-init-1       : ok=4    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

INFO     Idempotence completed successfully.
INFO     Running default > verify
INFO     Running Ansible Verifier

PLAY [Verify] ******************************************************************

TASK [Verifier | include default role vars] ************************************
ok: [molecule-ubi8-init-1]

TASK [Verifier Backup Created | Check if backup destination directory exists] ***
ok: [molecule-ubi8-init-1]

TASK [Verifier Backup Created | Assert backup file directory exists] ***********
ok: [molecule-ubi8-init-1] => {
    "changed": false,
    "msg": "All assertions passed"
}

TASK [Verifier Backup Created | Assert backup file directory is writable] ******
ok: [molecule-ubi8-init-1] => {
    "changed": false,
    "msg": "All assertions passed"
}

TASK [Verifier Backup Created | Check if backup file was created] **************
ok: [molecule-ubi8-init-1]

TASK [Verifier Backup Created | Assert backup file exists and isn't a link] ****
ok: [molecule-ubi8-init-1] => {
    "changed": false,
    "msg": "All assertions passed"
}

TASK [Verifier Backup Created | Fail immediately if backup file doesn't exist] ***
skipping: [molecule-ubi8-init-1]

TASK [Verifier Backup Created | Store information about source] ****************
ok: [molecule-ubi8-init-1]

TASK [Verifier Backup Created | Assert source and backup file have matching checksums] ***
ok: [molecule-ubi8-init-1] => {
    "changed": false,
    "msg": "All assertions passed"
}

TASK [Verifier | Show failures] ************************************************
skipping: [molecule-ubi8-init-1]

TASK [Verifier | Fail test] ****************************************************
skipping: [molecule-ubi8-init-1]

PLAY RECAP *********************************************************************
molecule-ubi8-init-1       : ok=8    changed=0    unreachable=0    failed=0    skipped=3    rescued=0    ignored=0

INFO     Verifier completed successfully.
 *  Terminal will be reused by tasks, press any key to close it.

      Reproducibility (Always/Intermittent/Only Once):

      Acceptance criteria: 

      Solution:

      allow next domains in squid proxy of airgap cluster:

      .ansible.com
.ansible-galaxy-ng.s3.dualstack.us-east-1.amazonaws.com

       

      Definition of Done:

      Build Details:

      Additional info (Such as Logs, Screenshots, etc):

       

       *

        1. Screenshot from 2023-10-06 21-49-23.png
          Screenshot from 2023-10-06 21-49-23.png
          257 kB

              dnochevn Dmytro Nochevnov
              dnochevn Dmytro Nochevnov
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: