Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ansible_mitogen blacklists third-party modules #1011

Open
nradchenko opened this issue Jul 20, 2023 · 4 comments · May be fixed by #1012
Open

ansible_mitogen blacklists third-party modules #1011

nradchenko opened this issue Jul 20, 2023 · 4 comments · May be fixed by #1012
Labels
affects-0.3 Issues related to 0.3.X Mitogen releases bug Code feature that hinders desired execution outcome

Comments

@nradchenko
Copy link

Hi,

I'd like to use xml module in my playbooks, but lxml python module required for operation is implicitly blacklisted for some unknown reason.

root@0d2e911be079:/etc/ansible# python -V
Python 3.11.4
root@0d2e911be079:/etc/ansible# pip freeze | grep -e ansible -e mitogen
ansible==2.10.7
ansible-base==2.10.17
mitogen==0.3.4
root@0d2e911be079:/etc/ansible# cat test.yml 
- hosts: all
  tasks:
    - xml:
        path: somepath
root@0d2e911be079:/etc/ansible# ansible-playbook test.yml -i localhost, -c local -l all -CD

PLAY [all] **********************************************************************************************************************************************************************************************************

TASK [Gathering Facts] **********************************************************************************************************************************************************************************************
ok: [localhost]

TASK [xml] **********************************************************************************************************************************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ModuleNotFoundError: 'lxml' is present in the Mitogen importer blacklist, therefore this context will not attempt to request it from the master, as the request will always be refused.
fatal: [localhost]: FAILED! => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python3"}, "changed": false, "msg": "Failed to import the required Python library (lxml) on 0d2e911be079's Python /usr/bin/python3. Please read the module documentation and install it in the appropriate location. If the required library is installed, but Ansible is using the wrong Python interpreter, please consult the documentation on ansible_python_interpreter"}

PLAY RECAP **********************************************************************************************************************************************************************************************************
localhost                  : ok=1    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0   

root@0d2e911be079:/etc/ansible#
@nradchenko nradchenko added affects-0.3 Issues related to 0.3.X Mitogen releases bug Code feature that hinders desired execution outcome labels Jul 20, 2023
@moreati
Copy link
Member

moreati commented Jul 28, 2023

There is a bug here but I'm afraid fixing it wouldn't allow mitogen to send the lxml module. Importing lxml requires importing lxml.etree, whch is a binary module. Binary modules are too platform specific for Mitogen to copy them across.

The error message should have been

TASK [xml] **********************************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ModuleNotFoundError: The Mitogen master process was unable to serve 'lxml.etree'. It may be a native Python extension, or it may be missing entirely. Check the importer debug logs on the master for more information.
fatal: [bertha.local]: FAILED! => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python3"}, "changed": false, "msg": "Failed to import the required Python library (lxml) on bertha's Python /usr/bin/python3. Please read the module documentation and install it in the appropriate location. If the required library is installed, but Ansible is using the wrong Python interpreter, please consult the documentation on ansible_python_interpreter"}

@moreati
Copy link
Member

moreati commented Jul 28, 2023

To use the Ansible xml module you'll need to install lxml on the target host(s), regardless of Mitogen.

@moreati moreati changed the title xml module is broken (lxml is blacklisted) ansible_mitogen incorrectly blacklists third-party modules Jul 28, 2023
@moreati
Copy link
Member

moreati commented Jul 28, 2023

ansible_mitogen.process._setup_responder() populates mitogen.core.Importer.whitelist. However this causes the logic in mitogen.core.is_blacklisted_import() to report all non-whitelisted modules (e.g. lxml) as blacklisted. Causing misleading/false denials such as

ModuleNotFoundError: 'lxml' is present in the Mitogen importer blacklist, therefore this context will not attempt to request it from the master, as the request will always be refused.

@moreati moreati linked a pull request Jul 28, 2023 that will close this issue
Draft
moreati added a commit to moreati/mitogen that referenced this issue Jul 28, 2023
@moreati
ansible_mitogen: Fix errant ModuleNotFoundError blacklist exceptions
fb4ae24 
Current module whitelist/blacklist behaviour is to reject any module not on
the whitelist if the whitelist is populated. Adding `ansible` and
`ansible_mitogen` to the whitelist effectively blocklisted every other Python
module/package, negating much of the benefit of Mitogen.

Fixes mitogen-hq#1011
@moreati moreati changed the title ansible_mitogen incorrectly blacklists third-party modules ansible_mitogen blacklists third-party modules Jul 28, 2023
@moreati
Copy link
Member

moreati commented Jul 28, 2023
edited
Loading

Looking through old commits this behaviour appears to be by design. If so it comes as a surprise to me.

moreati added a commit to moreati/mitogen that referenced this issue Jul 29, 2023
@moreati
ansible_mitogen: Fix errant ModuleNotFoundError blacklist exceptions
eb6bdaf 
Current module whitelist/blacklist behaviour is to reject any module not on
the whitelist if the whitelist is populated. Adding `ansible` and
`ansible_mitogen` to the whitelist effectively blocklisted every other Python
module/package, negating much of the benefit of Mitogen.

Fixes mitogen-hq#1011
moreati added a commit to moreati/mitogen that referenced this issue Jul 30, 2023
@moreati
ansible_mitogen: Fix errant ModuleNotFoundError blacklist exceptions
823ee90 
Current module whitelist/blacklist behaviour is to reject any module not on
the whitelist if the whitelist is populated. Adding `ansible` and
`ansible_mitogen` to the whitelist effectively blocklisted every other Python
module/package, negating much of the benefit of Mitogen.

Fixes mitogen-hq#1011
moreati added a commit to moreati/mitogen that referenced this issue Jul 30, 2023
@moreati
mitogen: Clarify blacklisted import error message
be9adb5 
Previous phrasing was misleading - it implied a given module was explicitly on
the blacklist, even if it was due to a restrictive whitelist and the blacklist
was empty.

Arguably the blacklist/whitelist semantics are themselves misleading. A
redesign is tempting.

See also mitogen-hq#1011, mitogen-hq#808
@moreati moreati mentioned this issue Jul 30, 2023
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
affects-0.3 Issues related to 0.3.X Mitogen releases bug Code feature that hinders desired execution outcome
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

ansible_mitogen: Remove restrictive whitelist of modules served from controller moreati/mitogen
2 participants
@moreati @nradchenko