Skip to content

Instantly share code, notes, and snippets.

@wknapik

wknapik/main.yml

Created November 3, 2017 12:04
Show Gist options
  • Save wknapik/3b93d93053de458fbc2114cd5a7199b6 to your computer and use it in GitHub Desktop.
Save wknapik/3b93d93053de458fbc2114cd5a7199b6 to your computer and use it in GitHub Desktop.
Download ZIP
Set up a tunnel to tiller to use with the ansible helm module
Raw
main.yml
- set_fact:
tun_pid_file: ...
- name: set up a tunnel to tiller
shell: |
tiller_pod="$(kubectl get pod -l app=helm,name=tiller --namespace kube-system -o name|cut -d/ -f2)"
nohup kubectl port-forward "$tiller_pod" 44134:44134 --namespace kube-system </dev/null >/dev/null 2>&1 &
echo "$!" >{{ tun_pid_file|quote }}
creates: "{{ tun_pid_file }}"
- helm: ...
- name: tear down the tunnel to tiller
shell: |
kill "$(cat {{ tun_pid_file|quote }})" || true
rm -f {{ tun_pid_file|quote }}
removes: "{{ tun_pid_file }}"
@colinhoglund
Copy link

Had a couple issues with this workaround:

  • creates/removes need to be in the args: attribute
  • setup/tear down tasks report changed on every run
  • tear down should happen even if the helm command fails

Here is my modified version

    - set_fact:
        tun_pid_file: /tmp/helm_pid

    - block:
        - name: set up a tunnel to tiller
          shell: |
            tiller_pod="$(kubectl get pod -l app=helm,name=tiller --namespace kube-system -o name|cut -d/ -f2)"
            nohup kubectl port-forward "$tiller_pod" 44134:44134 --namespace kube-system </dev/null >/dev/null 2>&1 &
            echo "$!" >{{ tun_pid_file|quote }}
          args:
            creates: "{{ tun_pid_file }}"
          changed_when: false

        - helm: ...

      always:
        - name: tear down the tunnel to tiller
          shell: |
            kill "$(cat {{ tun_pid_file|quote }})" || true
            rm -f {{ tun_pid_file|quote }}
          args:
            removes: "{{ tun_pid_file }}"
          changed_when: false

@weslleycamilo
Copy link

Hi,

is it port-forward done in the k8s worker ? shouldn't it be local?

I still getting the error below when i try to use helm with its default hosts: localhost or when i try to find out tiller IPs service:

TASK [eks.cadic : Install helm chart] *******************************************************************************************************************************************
fatal: [127.0.0.1]: FAILED! => {"changed": false, "module_stderr": "2019-02-26 15:51:34,969 - ChartBuilder - INFO - Cloning http://storage.googleapis.com/kubernetes-charts-incubator/ for release aws-alb-ingress-controller\nTraceback (most recent call last):\n  File \"<stdin>\", line 113, in <module>\n  File \"<stdin>\", line 105, in _ansiballz_main\n  File \"<stdin>\", line 48, in invoke_module\n  File \"/tmp/ansible_helm_payload_7Mndfa/__main__.py\", line 184, in <module>\n  File \"/tmp/ansible_helm_payload_7Mndfa/__main__.py\", line 172, in main\n  File \"/tmp/ansible_helm_payload_7Mndfa/__main__.py\", line 104, in install\n  File \"/home/weslley/local/lib/python2.7/site-packages/pyhelm/tiller.py\", line 73,in list_releases\n    for y in release_list:\n  File \"/home/weslley/local/lib/python2.7/site-packages/grpc/_channel.py\", line 367, in next\n    return self._next()\n  File \"/home/weslley/local/lib/python2.7/site-packages/grpc/_channel.py\", line 358, in _next\n    raise self\ngrpc._channel._Rendezvous: <_Rendezvous of RPC that terminated with:\n\tstatus = StatusCode.UNAVAILABLE\n\tdetails = \"Connect Failed\"\n\tdebug_error_string = \"{\"created\":\"@1551207112.280851692\",\"description\":\"Failed to create subchannel\",\"file\":\"src/core/ext/filters/client_channel/client_channel.cc\",\"file_line\":2261,\"referenced_errors\":[{\"created\":\"@1551207112.280837427\",\"description\":\"Pick Cancelled\",\"file\":\"src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc\",\"file_line\":245,\"referenced_errors\":[{\"created\":\"@1551207112.280526235\",\"description\":\"Connect Failed\",\"file\":\"src/core/ext/filters/client_channel/subchannel.cc\",\"file_line\":867,\"grpc_status\":14,\"referenced_errors\":[{\"created\":\"@1551207112.280447463\",\"description\":\"Failed to connect to remote host: OS Error\",\"errno\":113,\"file\":\"src/core/lib/iomgr/tcp_client_posix.cc\",\"file_line\":212,\"os_error\":\"No route to host\",\"syscall\":\"getsockopt(SO_ERROR)\",\"target_address\":\"ipv4:172.20.108.123:44134\"}]}]}]}\"\n>\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

@xmsanchez
Copy link

Hi,

is it port-forward done in the k8s worker ? shouldn't it be local?

I still getting the error below when i try to use helm with its default hosts: localhost or when i try to find out tiller IPs service:

TASK [eks.cadic : Install helm chart] *******************************************************************************************************************************************
fatal: [127.0.0.1]: FAILED! => {"changed": false, "module_stderr": "2019-02-26 15:51:34,969 - ChartBuilder - INFO - Cloning http://storage.googleapis.com/kubernetes-charts-incubator/ for release aws-alb-ingress-controller\nTraceback (most recent call last):\n  File \"<stdin>\", line 113, in <module>\n  File \"<stdin>\", line 105, in _ansiballz_main\n  File \"<stdin>\", line 48, in invoke_module\n  File \"/tmp/ansible_helm_payload_7Mndfa/__main__.py\", line 184, in <module>\n  File \"/tmp/ansible_helm_payload_7Mndfa/__main__.py\", line 172, in main\n  File \"/tmp/ansible_helm_payload_7Mndfa/__main__.py\", line 104, in install\n  File \"/home/weslley/local/lib/python2.7/site-packages/pyhelm/tiller.py\", line 73,in list_releases\n    for y in release_list:\n  File \"/home/weslley/local/lib/python2.7/site-packages/grpc/_channel.py\", line 367, in next\n    return self._next()\n  File \"/home/weslley/local/lib/python2.7/site-packages/grpc/_channel.py\", line 358, in _next\n    raise self\ngrpc._channel._Rendezvous: <_Rendezvous of RPC that terminated with:\n\tstatus = StatusCode.UNAVAILABLE\n\tdetails = \"Connect Failed\"\n\tdebug_error_string = \"{\"created\":\"@1551207112.280851692\",\"description\":\"Failed to create subchannel\",\"file\":\"src/core/ext/filters/client_channel/client_channel.cc\",\"file_line\":2261,\"referenced_errors\":[{\"created\":\"@1551207112.280837427\",\"description\":\"Pick Cancelled\",\"file\":\"src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc\",\"file_line\":245,\"referenced_errors\":[{\"created\":\"@1551207112.280526235\",\"description\":\"Connect Failed\",\"file\":\"src/core/ext/filters/client_channel/subchannel.cc\",\"file_line\":867,\"grpc_status\":14,\"referenced_errors\":[{\"created\":\"@1551207112.280447463\",\"description\":\"Failed to connect to remote host: OS Error\",\"errno\":113,\"file\":\"src/core/lib/iomgr/tcp_client_posix.cc\",\"file_line\":212,\"os_error\":\"No route to host\",\"syscall\":\"getsockopt(SO_ERROR)\",\"target_address\":\"ipv4:172.20.108.123:44134\"}]}]}]}\"\n>\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

The port-forward is supposed to be ran locally, in your computer. It creates a tunnel to bind your local port 44134 to remote tiller's 44134 port. Then you just launch ansible on localhost.

To test it out you can just run in the terminal this command and then launch the ansible playbook and it will work:
nohup kubectl port-forward $(kubectl get pod -l app=helm,name=tiller --namespace kube-system -o name|cut -d/ -f2) 44134 -n kube-system &

@aparedero
Copy link

Just stumbled upon with this after two days without understand why helm Ansible module is not working.

This saved my day. This should be on Ansible official repository!

@jxsl13
Copy link

jxsl13 commented May 27, 2021

thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment