Develop Reference

Unable to run npm command in ansible awx_task container

I have been using ansible core for some time now and expanding my team so the need for ansible awx has become a little more pressing. I have been working at it for a week now and I think it's time to shout for help.
We had a process of replacing the baseurl of angularjs apps with some variable using ansible and set some settings before we compile it (currently thinking of a different way of doing this using build server like TeamCity but not right now we we are trying to be up with ansible awx).
ansible core checks out the code from the git branch version , replaces the variables and zip it to s3 etc.
Knowing that, the ansible awx host was configured with the nvm then node was installed and the .nvm mapped to /home/awx/.nvm
I have also mapped a bashrc to /home/awx/.bashrc. When I log into the awx_task container docker exec -it awx_task /bin/bash I see the below:
[root#awx ~]# npm --version
5.5.1
[root#awx ~]# echo $PATH /home/awx/.nvm/versions/node/v8.9.3/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
[root#awx ~]# env
NVM_DIR=/home/awx/.nvm
LANG=en_US.UTF-8
HOSTNAME=awx
NVM_CD_FLAGS=
DO_ANSIBLE_HOME=/opt/do_ansible_awx_home
PWD=/home/awx
HOME=/home/awx
affinity:container==eb57afe832eaa32472812d0cd8b614be6df213d8e866f1d7b04dfe109a887e44
TERM=xterm
NVM_BIN=/home/awx/.nvm/versions/node/v8.9.3/bin
SHLVL=1
LANGUAGE=en_US:en
PATH=/home/awx/.nvm/versions/node/v8.9.3/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
LESSOPEN=||/usr/bin/lesspipe.sh %s
_=/usr/bin/env
[root#awx ~]# cat /home/awx/.bashrc
# .bashrc
# User specific aliases and functions
alias rm='rm -i'
alias cp='cp -i'
alias mv='mv -i'
# Source global definitions
if [ -f /etc/bashrc ]; then
. /etc/bashrc
fi
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"
All the volume mappings, etc were done with the installer role templates and tasks so the output above is the same after multiple docker restart and reinstall running the ansible awx installer playbook. But during the execution of the playbook that makes use of the npm, it seems it has a different env PATH: /var/lib/awx/venv/ansible/bin:/var/lib/awx/venv/awx/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
At this point, I am not sure whether I failed to configure the path properly or other containers like awx_web should also be configured etc.
I have also noticed the env NVM_BIN and modified the npm playbook to include the path to the npm executable:
- name: Running install to build npm modules
npm:
path: "{{ bps_git_checkout_folder }}"
executable: "{{ lookup('env','NVM_BIN') }}/npm"
and it doens't even show during execution thus pointing at different path and env variables being loaded.
I will be grateful if you could shed some lights on whatever I am doing wrongly.
Thanks in advance
EDITS : After implementing #sergei suggestion I have used the extra vars npm_bin: /home/awx/.nvm/versions/node/v8.9.3/bin
I have changed the task to look like:
- name: Running install to build npm modules
npm:
path: "{{ bps_git_checkout_folder }}"
executable: "{{ npm_bin }}/npm"
But it produced this result:
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: root
<127.0.0.1> EXEC /bin/sh -c 'echo ~root && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-tmp-1579790680.4419668-165048670233209 `" && echo
ansible-tmp-1579790680.4419668-165048670233209="` echo /root/.ansible/tmp/ansible-tmp-1579790680.4419668-165048670233209 `" ) &&
sleep 0'
Using module file /usr/lib/python3.6/site-packages/ansible/modules/packaging/language/npm.py
<127.0.0.1> PUT /var/lib/awx/.ansible/tmp/ansible-local-10173xtu81x_o/tmpd40htayd TO /root/.ansible/tmp/ansible-tmp-1579790680.4419668-165048670233209/AnsiballZ_npm.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1579790680.4419668-165048670233209/ /root/.ansible/tmp/ansible-tmp-1579790680.4419668-165048670233209/AnsiballZ_npm.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '/usr/libexec/platform-python /root/.ansible/tmp/ansible-tmp-1579790680.4419668-165048670233209/AnsiballZ_npm.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-tmp-1579790680.4419668-165048670233209/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
Traceback (most recent call last):
File "/root/.ansible/tmp/ansible-tmp-1579790680.4419668-165048670233209/AnsiballZ_npm.py", line 114, in <module>
_ansiballz_main()
File "/root/.ansible/tmp/ansible-tmp-1579790680.4419668-165048670233209/AnsiballZ_npm.py", line 106, in _ansiballz_main
invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
File "/root/.ansible/tmp/ansible-tmp-1579790680.4419668-165048670233209/AnsiballZ_npm.py", line 49, in invoke_module
imp.load_module('__main__', mod, module, MOD_DESC)
File "/usr/lib64/python3.6/imp.py", line 235, in load_module
return load_source(name, filename, file)
File "/usr/lib64/python3.6/imp.py", line 170, in load_source
module = _exec(spec, sys.modules[name])
File "<frozen importlib._bootstrap>", line 618, in _exec
File "<frozen importlib._bootstrap…
PLAY RECAP
*********************************************************************
localhost : ok=5 changed=4 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
I have also tried to use shell module directly with the following:
- name: Running npm install
shell: "{{ npm_bin }}/npm install"
args:
chdir: "{{ bps_git_checkout_folder }}"
That has produced this instead:
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: root
<127.0.0.1> EXEC /bin/sh -c 'echo ~root && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-tmp-1579791187.453365-253173616238218 `" && echo
ansible-tmp-1579791187.453365-253173616238218="` echo /root/.ansible/tmp/ansible-tmp-1579791187.453365-253173616238218 `" ) &&
sleep 0'
Using module file /usr/lib/python3.6/site- packages/ansible/modules/commands/command.py
<127.0.0.1> PUT /var/lib/awx/.ansible/tmp/ansible-local-10395h1ga8fw3/tmpepeig729 TO /root/.ansible/tmp/ansible-tmp-1579791187.453365-253173616238218/AnsiballZ_command.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1579791187.453365-253173616238218/ /root/.ansible/tmp/ansible-tmp-1579791187.453365-253173616238218/AnsiballZ_command.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '/usr/libexec/platform-python /root/.ansible/tmp/ansible-tmp-1579791187.453365-253173616238218/AnsiballZ_command.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-tmp-1579791187.453365-253173616238218/ > /dev/null 2>&1 && sleep 0'
fatal: [localhost]: FAILED! => {
"changed": true,
"cmd": "/home/awx/.nvm/versions/node/v8.9.3/bin/npm install",
"delta": "0:00:00.005528",
"end": "2020-01-23 14:53:07.928843",
"invocation": {
"module_args": {
"_raw_params": "/home/awx/.nvm/versions/node/v8.9.3/bin/npm install",
"_uses_shell": true,
"argv": null,
"chdir": "/opt/do_ansible_awx_home/gh/deployments/sandbox/bps",
"creates": null,
"executable": null,
"removes": null,
"stdin": null,
"stdin_add_newline": true,
"strip_empty_ends": true,
"warn": true
}
},
"msg": "non-zero return code",
"rc": 127,
…
PLAY RECAP
*********************************************************************
localhost : ok=5 changed=4 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
Not really seeing what's wrong here . Grateful if anybody can share some lights on this.

Where is your packages sitting? In the host or inside the container? All execution is in the task container.
If you're npm files are sitting on the 'host' and not in the container then you have to refer to the host that the containers are sitting on to to refer to the path.

Not able to run ansible-playbook using becomeUser

I'm trying to run ansible-playbook from Jenkinsfile with become and becomeUser parameters but it seems Jenkins is taking its own userid "jenkins" to connect to remote host
Jenkinsfile
stage("Deployment"){
steps{
ansiColor('xterm') {
ansiblePlaybook(
playbook: 'myPlaybook.yaml',
inventory: 'myHosts.ini',
colorized: true,
become: true,
becomeUser: 'userID',
extras: '-vvv'
)
}
}
}
I also appended become and becomeUser in playbook as well
---
- name: Deploy stack from a compose file
hosts: myNodes
become: yes
become_user: userID
tasks:
- name: deploying my application
docker_stack:
state: present
Jenkins build log
TASK [Gathering Facts] *********************************************************
task path: /path/to/myPlaybook.yaml:2
<x.x.x.x> ESTABLISH SSH CONNECTION FOR USER: None
<x.x.x.x> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile="/var/lib/jenkins/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/var/lib/jenkins/.ansible/cp/5493f46899 x.x.x.x '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
<x.x.x.x> (255, '', 'jenkins#x.x.x.x: Permission denied (publickey,password).\r\n')
fatal: [x.x.x.x]: UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: jenkins#x.x.x.x: Permission denied (publickey,password).",
"unreachable": true
}
Even jenkins run with become and becomeUser command
[xx-yy] $ ansible-playbook myplaybook.yaml -i myHosts.ini -b --become-user userID -vvv
Please advise to resolve this, Thanks.

Found the alternate solution. Observed the logs line by line:
ESTABLISH SSH CONNECTION FOR USER: None
<x.x.x.x> ESTABLISH SSH CONNECTION FOR USER: None
<x.x.x.x> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/var/lib/jenkins/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/var/lib/jenkins/.ansible/cp/5493f46899 x.x.x.x '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
<x.x.x.x> (255, '', 'jenkins#x.x.x.x: Permission denied (publickey,password).\r\n')
Hence added ansible_user while doing ssh to remote user in inventory file:
[myNode]
x.x.x.x ansible_user=myuserId
Happy Learning

The below link could be helpful for you in understanding about become and become_user.
Medium Blog Link here .
And this is the snippet worth sharing,
# as bruce
$ ansible all -m ping -u bruce
# as bruce, sudoing to root
$ ansible all -m ping -u bruce --sudo
# as bruce, sudoing to batman
$ ansible all -m ping -u bruce --sudo --sudo-user batman
# With latest version of ansible `sudo` is deprecated so use become
# as bruce, sudoing to root
$ ansible all -m ping -u bruce -b
# as bruce, sudoing to batman
$ ansible all -m ping -u bruce -b --become-user batman

Jenkins docker_login ansible playbook : Permission denied

I would like to copy docker container inside docker registry with Jenkins.
When I execute Ansible playbook i get :
"msg": "Error connecting: Error while fetching server API version: ('Connection aborted.', error(13, 'Permission denied'))"
I suppose that ansible is run under user jenkins because this link, and because of the log file:
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: jenkins
Because the ansible playbook try to do a docker_login, I understand that user jenkins need to be able to connect to docker.
So I add jenkins to a docker users :
I don't understand why the permission is denied
The whole log jenkins file:
TASK [Log into Docker registry]
************************************************
task path: /var/jenkins_home/workspace/.../build_docker.yml:8
Using module file /usr/lib/python2.7/dist-
packages/ansible/modules/core/cloud/docker/docker_login.py
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: jenkins
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo ~/.ansible/tmp/ansible-tmp-1543388409.78-179785864196502 `" && echo ansible-tmp-1543388409.78-179785864196502="` echo ~/.ansible/tmp/ansible-tmp-1543388409.78-179785864196502 `" ) && sleep 0'
<127.0.0.1> PUT /tmp/tmpFASoHo TO /var/jenkins_home/.ansible/tmp/ansible-tmp-1543388409.78-179785864196502/docker_login.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /var/jenkins_home/.ansible/tmp/ansible-tmp-1543388409.78-179785864196502/ /var/jenkins_home/.ansible/tmp/ansible-tmp-1543388409.78-179785864196502/docker_login.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '/usr/bin/python /var/jenkins_home/.ansible/tmp/ansible-tmp-1543388409.78-179785864196502/docker_login.py; rm -rf "/var/jenkins_home/.ansible/tmp/ansible-tmp-1543388409.78-179785864196502/" > /dev/null 2>&1 && sleep 0'
fatal: [localhost]: FAILED! => {
"changed": false,
"failed": true,
"invocation": {
"module_args": {
"api_version": null,
"cacert_path": null,
"cert_path": null,
"config_path": "~/.docker/config.json",
"debug": false,
"docker_host": null,
"email": null,
"filter_logger": false,
"key_path": null,
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"reauthorize": false,
"registry_url": "https://registry.docker....si",
"ssl_version": null,
"timeout": null,
"tls": null,
"tls_hostname": null,
"tls_verify": null,
"username": "jenkins"
},
"module_name": "docker_login"
},
"msg": "Error connecting: Error while fetching server API version: ('Connection aborted.', error(13, 'Permission denied'))"
}
to retry, use: --limit #/var/jenkins_home/workspace/.../build_docker.retry
The whole ansible playbook
---
- hosts: localhost
vars:
git_branch: "{{ GIT_BRANCH|default('development') }}"
tasks:
- name: Log into Docker registry
docker_login:
registry_url: https://registry.docker.....si
username: ...
password: ....

If anyone have the same problem I found the solution,...
My registry doesn't have valid HTTPS certificate. So, you need to add
{
"insecure-registries" : [ "https://registry.docker.....si" ]
}
inside /etc/docker/daemon.json

IBM Cloud Private Docker logged in as root rather than ubuntu

When I run the docker command on the ICP tutorial:
docker run --net=host -t -e LICENSE=accept -v "$(pwd)":/installer/cluster ibmcom/icp-inception:2.1.0.3 install
I receive a error that I am logged in as root instead of the ubuntu user. What may be causing this and how can it be fixed?
PLAY [Checking Python interpreter] *********************************************
TASK [Checking Python interpreter] *********************************************
changed: [10.2.7.26]
PLAY [Checking prerequisites] **************************************************
TASK [Gathering Facts] *********************************************************
[WARNING]: sftp transfer mechanism failed on [10.2.7.26]. Use ANSIBLE_DEBUG=1
to see detailed information
[WARNING]: scp transfer mechanism failed on [10.2.7.26]. Use ANSIBLE_DEBUG=1
to see detailed information
fatal: [10.2.7.26]: FAILED! => {"changed": false, "module_stderr": "Connection to 10.2.7.26 closed.\r\n", "module_stdout": "Please login as the user \"ubuntu\" rather than the user \"root\".\r\n\r\n", "msg": "MODULE FAILURE", "rc": 0}
NO MORE HOSTS LEFT *************************************************************
NO MORE HOSTS LEFT *************************************************************
PLAY RECAP *********************************************************************
10.2.7.26 : ok=1 changed=1 unreachable=0 failed=1
Edit:
The error from the verbose message:
<10.2.7.26> ESTABLISH SSH CONNECTION FOR USER: root
<10.2.7.26> SSH: EXEC ssh -C -o CheckHostIP=no -o LogLevel=ERROR -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o 'IdentityFile="/installer/cluster/ssh_key"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=root -o ConnectTimeout=60 10.2.7.26 'dd of=Please login as the user "ubuntu" rather than the user "root"./setup.py bs=65536'
<10.2.7.26> (0, 'Please login as the user "ubuntu" rather than the user "root".\n\n', '')
However, this error occurs when I use my private key generated from my cloud provider. When I follow the SSH key generator here: https://www.ibm.com/support/knowledgecenter/SSBS6K_2.1.0.3/installing/ssh_keys.html
I get this error:
<10.2.7.26> ESTABLISH SSH CONNECTION FOR USER: root
<10.2.7.26> SSH: EXEC ssh -C -o CheckHostIP=no -o LogLevel=ERROR -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o 'IdentityFile="/installer/cluster/ssh_key"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=root -o ConnectTimeout=60 -tt 10.2.7.26 'ls /usr/bin/python &>/dev/null || (echo "Can'"'"'t find Python interpreter(/usr/bin/python) on your node" && exit 1)'
<10.2.7.26> (255, '', 'Permission denied (publickey).\r\n')
fatal: [10.2.7.26]: UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied >(publickey).\r\n",
"unreachable": true
}
The hosts:
[master]
10.2.7.26
[worker]
10.2.7.26
[proxy]
10.2.7.26
The Config.yaml:
network_type: calico
kubelet_extra_args: ["--fail-swap-on=false"]
cluster_domain: cluster.local
etcd_extra_args: ["--grpc-keepalive-timeout=0", "--grpc-keepalive-interval=0",
"--snapshot-count=10000"]
default_admin_user: admin
default_admin_password: admin
disabled_management_services: ["istio", "vulnerability-advisor", "custom-metrics-adapter"]
image-security-enforcement:
clusterImagePolicy:
- name: "docker.io/ibmcom/*"
policy:

For ICP installation, it requires root user permission. Could you try to install ICP by below command?
sudo docker run --net=host -t -e LICENSE=accept -v "$(pwd)":/installer/cluster ibmcom/icp-inception:2.1.0.3 install
More information, you can access below link for details.
https://www.ibm.com/support/knowledgecenter/SSBS6K_2.1.0.3/installing/install_containers_CE.html

Using Ansible to Install Jenkins Plugins tells me the crumb value is invalid

TL;DR
Jenkins is telling me I am passing an invalid crumb value when installing plugins from an Ansible script
Details
I have Jenkins 2.32.2 running in a Docker container, using the official Docker container.
I have installed it to a Vagrant VM, and am attempting to configure the plugins using Ansible.
I am iterating through a list of plugins using the following task
- name: Install plugins
include: install_plugin.yml
with_items: "{{ plugins }}"
loop_control:
loop_var: plugin_name
tags: [jenkins]
with the following list defined in the defaults/main.yml file
plugins:
- git
- template-project
- pipeline
- docker-workflow
- template-project
- config-file-provider
- bitbucket
- disk-usage
- greenballs
- jacoco
- slack
- sonar
Below is the definition of install_plugin.yml which is called from the main.yml file
---
- name: Get Jenkins crumb
uri:
user: admin
password: "{{ jenkins_admin_password }}"
force_basic_auth: yes
url: "http://{{ ansible_hostname }}:8080/crumbIssuer/api/json"
return_content: yes
register: crumb_token
until: crumb_token.content.find('Please wait while Jenkins is getting ready') == -1
retries: 10
delay: 5
tags: [jenkins]
- name: Plugins are installed
uri:
url: "http://{{ ansible_host }}:8080/pluginManager/installNecessaryPlugins"
method: POST
user: admin
password: "{{ jenkins_admin_password }}"
body: '<jenkins><install plugin="{{ plugin_name }}#latest" /></jenkins>'
headers:
Content-Type: "text/xml"
Jenkins-Crumb: "{{ crumb_token.json.crumb }}"
creates: "{{ jenkins_home }}/plugins/{{ plugin_name }}"
register: plugins_result
tags: [jenkins]
- wait_for:
path: "{{ jenkins_home }}/plugins/{{ plugin_name }}"
tags: [jenkins]
When I attempt to emulate this using curl from the command line, I get the expected results using the following 2 commands, it works successfully
~/Projects/ci> curl --user admin:admin cluster01:8080/crumbIssuer/api/json
{"_class":"hudson.security.csrf.DefaultCrumbIssuer","crumb":"646966a811fe84bdc5dc00a0de942b80","crumbRequestField":"Jenkins-Crumb"}%
~/Projects/ci> curl -X POST --user admin:admin -d '<jenkins><install plugin="git#latest" /></jenkins>' --header 'Jenkins-Crumb: 646966a811fe84bdc5dc00a0de942b80' --header 'Content-Type: text/xml' http://cluster01:8080/pluginManager/installNecessaryPlugins
But when I run the Ansible playbook, I get the following error
status code was not [200]: HTTP Error 403: No valid crumb was included in the request
Here is the log output from -vvvv for this step
TASK [jenkins : Install plugins] ***********************************************
task path: /Users/chris/Projects/ci/roles/jenkins/tasks/main.yml:56
included: /Users/chris/Projects/ci/roles/jenkins/tasks/install_plugin.yml for cluster01
included: /Users/chris/Projects/ci/roles/jenkins/tasks/install_plugin.yml for cluster01
included: /Users/chris/Projects/ci/roles/jenkins/tasks/install_plugin.yml for cluster01
included: /Users/chris/Projects/ci/roles/jenkins/tasks/install_plugin.yml for cluster01
included: /Users/chris/Projects/ci/roles/jenkins/tasks/install_plugin.yml for cluster01
included: /Users/chris/Projects/ci/roles/jenkins/tasks/install_plugin.yml for cluster01
included: /Users/chris/Projects/ci/roles/jenkins/tasks/install_plugin.yml for cluster01
included: /Users/chris/Projects/ci/roles/jenkins/tasks/install_plugin.yml for cluster01
included: /Users/chris/Projects/ci/roles/jenkins/tasks/install_plugin.yml for cluster01
included: /Users/chris/Projects/ci/roles/jenkins/tasks/install_plugin.yml for cluster01
included: /Users/chris/Projects/ci/roles/jenkins/tasks/install_plugin.yml for cluster01
TASK [jenkins : Get Jenkins crumb] *********************************************
task path: /Users/chris/Projects/ci/roles/jenkins/tasks/install_plugin.yml:2
Using module file /usr/local/Cellar/ansible/2.2.0.0_2/libexec/lib/python2.7/site-packages/ansible/modules/core/network/basics/uri.py
<cluster01> ESTABLISH SSH CONNECTION FOR USER: vagrant
<cluster01> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile=".vagrant/machines/cluster01/virtualbox/private_key"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=10 -o ControlPath=/Users/chris/.ansible/cp/ansible-ssh-%h-%p-%r cluster01 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1486148016.3-32614286575555 `" && echo ansible-tmp-1486148016.3-32614286575555="` echo $HOME/.ansible/tmp/ansible-tmp-1486148016.3-32614286575555 `" ) && sleep 0'"'"''
<cluster01> PUT /var/folders/g5/h48p994d3qn7d9_nz7xv2lvh0000gn/T/tmprL_Pye TO /home/vagrant/.ansible/tmp/ansible-tmp-1486148016.3-32614286575555/uri.py
<cluster01> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile=".vagrant/machines/cluster01/virtualbox/private_key"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=10 -o ControlPath=/Users/chris/.ansible/cp/ansible-ssh-%h-%p-%r '[cluster01]'
<cluster01> ESTABLISH SSH CONNECTION FOR USER: vagrant
<cluster01> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile=".vagrant/machines/cluster01/virtualbox/private_key"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=10 -o ControlPath=/Users/chris/.ansible/cp/ansible-ssh-%h-%p-%r cluster01 '/bin/sh -c '"'"'chmod u+x /home/vagrant/.ansible/tmp/ansible-tmp-1486148016.3-32614286575555/ /home/vagrant/.ansible/tmp/ansible-tmp-1486148016.3-32614286575555/uri.py && sleep 0'"'"''
<cluster01> ESTABLISH SSH CONNECTION FOR USER: vagrant
<cluster01> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile=".vagrant/machines/cluster01/virtualbox/private_key"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=10 -o ControlPath=/Users/chris/.ansible/cp/ansible-ssh-%h-%p-%r -tt cluster01 '/bin/sh -c '"'"'sudo -H -S -n -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-vzqwuvcglpsfrrzkvwdcupjtukijcwvl; /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486148016.3-32614286575555/uri.py; rm -rf "/home/vagrant/.ansible/tmp/ansible-tmp-1486148016.3-32614286575555/" > /dev/null 2>&1'"'"'"'"'"'"'"'"' && sleep 0'"'"''
ok: [cluster01] => {
"attempts": 1,
"changed": false,
"connection": "close",
"content": "{\"_class\":\"hudson.security.csrf.DefaultCrumbIssuer\",\"crumb\":\"ad67abc734af7eae279df5c68098a29e\",\"crumbRequestField\":\"Jenkins-Crumb\"}",
"content_type": "application/json;charset=UTF-8",
"date": "Fri, 03 Feb 2017 18:53:36 GMT",
"invocation": {
"module_args": {
"backup": null,
"body": null,
"body_format": "raw",
"content": null,
"creates": null,
"delimiter": null,
"dest": null,
"directory_mode": null,
"follow": false,
"follow_redirects": "safe",
"force": false,
"force_basic_auth": true,
"group": null,
"headers": {
"Authorization": "Basic YWRtaW46YWRtaW4="
},
"http_agent": "ansible-httpget",
"method": "GET",
"mode": null,
"owner": null,
"password": "admin",
"regexp": null,
"remote_src": null,
"removes": null,
"return_content": true,
"selevel": null,
"serole": null,
"setype": null,
"seuser": null,
"src": null,
"status_code": [
200
],
"timeout": 30,
"unsafe_writes": null,
"url": "http://cluster01:8080/crumbIssuer/api/json",
"url_password": "admin",
"url_username": "admin",
"use_proxy": true,
"user": "admin",
"validate_certs": true
},
"module_name": "uri"
},
"json": {
"_class": "hudson.security.csrf.DefaultCrumbIssuer",
"crumb": "ad67abc734af7eae279df5c68098a29e",
"crumbRequestField": "Jenkins-Crumb"
},
"msg": "OK (unknown bytes)",
"redirected": false,
"server": "Jetty(9.2.z-SNAPSHOT)",
"status": 200,
"url": "http://cluster01:8080/crumbIssuer/api/json",
"x_content_type_options": "nosniff",
"x_jenkins": "2.32.2",
"x_jenkins_session": "3abb7e45"
}
TASK [jenkins : Plugins are installed] *****************************************
task path: /Users/chris/Projects/ci/roles/jenkins/tasks/install_plugin.yml:15
Using module file /usr/local/Cellar/ansible/2.2.0.0_2/libexec/lib/python2.7/site-packages/ansible/modules/core/network/basics/uri.py
<cluster01> ESTABLISH SSH CONNECTION FOR USER: vagrant
<cluster01> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile=".vagrant/machines/cluster01/virtualbox/private_key"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=10 -o ControlPath=/Users/chris/.ansible/cp/ansible-ssh-%h-%p-%r cluster01 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1486148016.66-148559593691735 `" && echo ansible-tmp-1486148016.66-148559593691735="` echo $HOME/.ansible/tmp/ansible-tmp-1486148016.66-148559593691735 `" ) && sleep 0'"'"''
<cluster01> PUT /var/folders/g5/h48p994d3qn7d9_nz7xv2lvh0000gn/T/tmp1RWIY4 TO /home/vagrant/.ansible/tmp/ansible-tmp-1486148016.66-148559593691735/uri.py
<cluster01> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile=".vagrant/machines/cluster01/virtualbox/private_key"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=10 -o ControlPath=/Users/chris/.ansible/cp/ansible-ssh-%h-%p-%r '[cluster01]'
<cluster01> ESTABLISH SSH CONNECTION FOR USER: vagrant
<cluster01> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile=".vagrant/machines/cluster01/virtualbox/private_key"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=10 -o ControlPath=/Users/chris/.ansible/cp/ansible-ssh-%h-%p-%r cluster01 '/bin/sh -c '"'"'chmod u+x /home/vagrant/.ansible/tmp/ansible-tmp-1486148016.66-148559593691735/ /home/vagrant/.ansible/tmp/ansible-tmp-1486148016.66-148559593691735/uri.py && sleep 0'"'"''
<cluster01> ESTABLISH SSH CONNECTION FOR USER: vagrant
<cluster01> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile=".vagrant/machines/cluster01/virtualbox/private_key"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=10 -o ControlPath=/Users/chris/.ansible/cp/ansible-ssh-%h-%p-%r -tt cluster01 '/bin/sh -c '"'"'sudo -H -S -n -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-qixxmffrdktqhuyukutskswbxfsaxrdd; /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1486148016.66-148559593691735/uri.py; rm -rf "/home/vagrant/.ansible/tmp/ansible-tmp-1486148016.66-148559593691735/" > /dev/null 2>&1'"'"'"'"'"'"'"'"' && sleep 0'"'"''
fatal: [cluster01]: FAILED! => {
"cache_control": "must-revalidate,no-cache,no-store",
"changed": false,
"connection": "close",
"content": "<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\"/>\n<title>Error 403 No valid crumb was included in the request</title>\n</head>\n<body><h2>HTTP ERROR 403</h2>\n<p>Problem accessing /pluginManager/installNecessaryPlugins. Reason:\n<pre> No valid crumb was included in the request</pre></p><hr><i><small>Powered by Jetty://</small></i><hr/>\n\n</body>\n</html>\n",
"content_length": "387",
"content_type": "text/html; charset=ISO-8859-1",
"date": "Fri, 03 Feb 2017 18:53:37 GMT",
"failed": true,
"invocation": {
"module_args": {
"backup": null,
"body": "<jenkins><install plugin=\"git#latest\" /></jenkins>",
"body_format": "raw",
"content": null,
"creates": "/var/jenkins_home/plugins/git",
"delimiter": null,
"dest": null,
"directory_mode": null,
"follow": false,
"follow_redirects": "safe",
"force": false,
"force_basic_auth": false,
"group": null,
"headers": {
"Content-Type": "text/xml",
"Jenkins-Crumb": "ad67abc734af7eae279df5c68098a29e"
},
"http_agent": "ansible-httpget",
"method": "POST",
"mode": null,
"owner": null,
"password": "admin",
"regexp": null,
"remote_src": null,
"removes": null,
"return_content": false,
"selevel": null,
"serole": null,
"setype": null,
"seuser": null,
"src": null,
"status_code": [
200
],
"timeout": 30,
"unsafe_writes": null,
"url": "http://cluster01:8080/pluginManager/installNecessaryPlugins",
"url_password": "admin",
"url_username": "admin",
"use_proxy": true,
"user": "admin",
"validate_certs": true
},
"module_name": "uri"
},
"msg": "Status code was not [200]: HTTP Error 403: No valid crumb was included in the request",
"redirected": false,
"server": "Jetty(9.2.z-SNAPSHOT)",
"status": 403,
"url": "http://cluster01:8080/pluginManager/installNecessaryPlugins",
"x_content_type_options": "nosniff"
}
I've pushed the whole build (Vagrant and Ansible) to github

I ran into this as well and found that you need to specify force_basic_auth: True in your uri task that installs the plugins. I see that you have it in the task that registers the crumb_token variable (name: Get Jenkins crumb), so you just need to add it to the name: Plugins are installed task.