CDP private teardown - asks for a credentials

[HirossxD]

I was able to deploy the cdp private without any credentials, only cdp license has been used.
I am trying to teardown our deployed cluster via tags -t teardown,all . however it fails with this missing credetials error.

TASK [cloudera.exe.runtime : Refresh Environment Info with Descendants] ****************************************************************************************************
task path: /opt/cldr-runner/collections/ansible_collections/cloudera/exe/roles/runtime/tasks/initialize_teardown.yml:17
Friday 11 November 2022  13:39:06 +0000 (0:00:00.069)       0:00:08.557 *******
fatal: [localhost]: FAILED! => {"changed": false, "error": "{'base_error': NoCredentialsError('Unable to locate CDP credentials: No credentials found anywhere in chain. The shared credentials file should be stored at /home/runner/.cdp/credentials.'), 'ext_traceback': ['  File \"/root/.ansible/tmp/ansible-tmp-1668173946.776787-24441-170028905131803/AnsiballZ_env_info.py\", line 102, in <module>\\n    _ansiballz_main()\\n', '  File \"/root/.ansible/tmp/ansible-tmp-1668173946.776787-24441-170028905131803/AnsiballZ_env_info.py\", line 94, in _ansiballz_main\\n    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\\n', '  File \"/root/.ansible/tmp/ansible-tmp-1668173946.776787-24441-170028905131803/AnsiballZ_env_info.py\", line 40, in invoke_module\\n    runpy.run_module(mod_name=\\'ansible_collections.cloudera.cloud.plugins.modules.env_info\\', init_globals=None, run_name=\\'__main__\\', alter_sys=True)\\n', '  File \"/usr/lib64/python3.8/runpy.py\", line 207, in run_module\\n    return _run_module_code(code, init_globals, run_name, mod_spec)\\n', '  File \"/usr/lib64/python3.8/runpy.py\", line 97, in _run_module_code\\n    _run_code(code, mod_globals, init_globals,\\n', '  File \"/usr/lib64/python3.8/runpy.py\", line 87, in _run_code\\n    exec(code, run_globals)\\n', '  File \"/tmp/ansible_cloudera.cloud.env_info_payload_51viniow/ansible_cloudera.cloud.env_info_payload.zip/ansible_collections/cloudera/cloud/plugins/modules/env_info.py\", line 471, in <module>\\n', '  File \"/tmp/ansible_cloudera.cloud.env_info_payload_51viniow/ansible_cloudera.cloud.env_info_payload.zip/ansible_collections/cloudera/cloud/plugins/modules/env_info.py\", line 461, in main\\n', '  File \"/tmp/ansible_cloudera.cloud.env_info_payload_51viniow/ansible_cloudera.cloud.env_info_payload.zip/ansible_collections/cloudera/cloud/plugins/modules/env_info.py\", line 424, in __init__\\n', '  File \"/tmp/ansible_cloudera.cloud.env_info_payload_51viniow/ansible_cloudera.cloud.env_info_payload.zip/ansible_collections/cloudera/cloud/plugins/module_utils/cdp_common.py\", line 42, in _impl\\n    result = f(self, *args, **kwargs)\\n', '  File \"/tmp/ansible_cloudera.cloud.env_info_payload_51viniow/ansible_cloudera.cloud.env_info_payload.zip/ansible_collections/cloudera/cloud/plugins/modules/env_info.py\", line 429, in process\\n', '  File \"/usr/local/lib/python3.8/site-packages/cdpy/environments.py\", line 55, in describe_environment\\n    resp = self.sdk.call(\\n', '  File \"/usr/local/lib/python3.8/site-packages/cdpy/common.py\", line 594, in call\\n    parsed_err = CdpError(err)\\n'], 'error_code': None, 'violations': None, 'message': None, 'status_code': None, 'rc': None, 'service': None, 'operation': None, 'request_id': None}", "msg": "None", "violations": null}

[Chaffelson]

Interesting. It shouldn't attempt to contact CDP Public Cloud, and therefore need credentials, unless there is some CDP Public element in the definition. Are you able to share a redacted definition file so I can try to reproduce the issue?

[HirossxD]

Well, my definiton file uses default cluster definiton, however I have set use_download_mirror to no in order to prevent asking for credentials when deploying.
Is somewhere a template how does use_default_cluster_definition: yes would look like as definition itself ?

definition.yml :

---

# Copyright 2021 Cloudera, Inc. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

datahub:
  definitions:
    - include: "datahub_streams_messaging_light.j2"

use_default_cluster_definition: yes
use_download_mirror: no
preload_cm_parcel_repo: yes

[Chaffelson]

Sure, the default CDP Base cluster definition is here in the defaults.

You appear to be using the Sandbox definition, which includes a datahub element - this is a CDP Public deployment and that is why it is trying to use credentials for this service. It is essentially trying to teardown that datahub if it exists.

[HirossxD]

Yeah, after commenting datahub, playbook with teardown tag does not asks for credentials anymore. thanks!

However, after running

ansible-playbook /runner/project/container_project/cloudera-deploy/main.yml -e "definition_path=/runner/project/container_project/cloudera-deploy/examples/sandbox" -e "profile=/home/runner/.config/cloudera-deploy/profiles/default" -t teardown,all  -i "/runner/project/container_project/cloudera-deploy/examples/sandbox/inventory_static.ini" --flush-cache

it seems that it does not load hosts from the inventory.

[Chaffelson]

passing in a static inventory with the -i should be loading it, that is quite strange. Can you share the output where it's not loading?

[HirossxD]

For example here

PLAY [Verify inventory [verify_inventory]] *************************************

TASK [cloudera.cluster.inventory : Fail if inventory groups are empty] *********
Monday 14 November 2022  12:01:48 +0000 (0:00:00.105)       0:00:10.419 *******
skipping: [localhost]

TASK [cloudera.cluster.inventory : Ensure that FreeIPA and a ca_server are not configured together] ***
Monday 14 November 2022  12:01:48 +0000 (0:00:00.034)       0:00:10.453 *******
skipping: [localhost]

TASK [cloudera.cluster.inventory : set_fact] ***********************************
Monday 14 November 2022  12:01:48 +0000 (0:00:00.031)       0:00:10.485 *******
skipping: [localhost]

TASK [cloudera.cluster.inventory : Ensure that all hosts requiring TLS certificates have a FreeIPA client] ***
Monday 14 November 2022  12:01:48 +0000 (0:00:00.034)       0:00:10.519 *******
skipping: [localhost]
[WARNING]: Could not match supplied host pattern, ignoring: cloudera_manager

PLAY [Verify definition [verify_definition]] ***********************************
skipping: no hosts matched
[WARNING]: Could not match supplied host pattern, ignoring: custom_repo

PLAY [Install custom parcel repository] ****************************************
skipping: no hosts matched

PLAY [Verify definition [verify_parcels_and_roles]] ****************************
skipping: no hosts matched
[WARNING]: Could not match supplied host pattern, ignoring: cluster
[WARNING]: Could not match supplied host pattern, ignoring: ca_server

PLAY [Apply OS pre-requisite configurations] ***********************************
skipping: no hosts matched
[WARNING]: Could not match supplied host pattern, ignoring: tls

[HirossxD]

It seems like something was constantly renaming my inventory file from .ini to some numbers. I have restarted container so /opt/cldr-runner have default values now.