Airgap 2.3 and 2.3.0.2 installation fails with Ansible collections error "community.general.pamd"

Products

VMware Telco Cloud Automation

Issue/Introduction

When executing the 'sh run. sh setup' command it reports error stating "could not resolve module/action 'community. general. polyamide"
While attempting to use the 2.3.0 package to install Airgap it fails with below error.

Redeployment still fails while attempting to use Airgap 2.3.0.2 version with similar error

Environment

VMware Telco Cloud Automation 2.3
Airgap version : 2.3
Airgap version : 2.3.0.2

Cause

This is a known Ansible issue which the newer version of Ansible being incompatible with the collection "community.general" plugin.
One of the task is to install the collection "community.general" before the the setup begins and it fails, however the setup process does not break rather continues to next steps and with the STIG rules applied the ansible tries to invoke the module "community.general.pamd" but fails to find it which is when the setup process breaks or fails.

Resolution

Currently there's no exact root cause for this issue nor there isn't any proper way to fix this issue with STIG enabled and suspect this is due to the upgrade of Ansible or its community plugin.

NOTE : STIG's are a set of security and configuration guidelines developed by DISA(Defense Information Systems Agency) to harden systems and make them more resilient against cyber threats.They provide detailed, product-specific instructions to align systems with government security requirements.

Workaround :

1. Download and extract airgap script bundle to /root folder

2. Modify file /root/airgap/scripts/playbooks/setup-system.yml, set specified ansible verion to install

#vi /root/airgap/scripts/playbooks/setup-system.yml

Modify line to as mentioned below:

shell: tdnf makecache;tdnf -y update;tdnf downgrade ansible-2.10.10-1.ph3 -y

3. Modify file /root/airgap/scripts/setup.yml, disable data sync section

Final output:

# Copyright © 2021 VMware, Inc. All rights reserved.
# entrance for setup phase
- name: Validate general settings
import_playbook: playbooks/validate-user-input.yml
- name: Validate setup-user-inputs.yml
import_playbook: playbooks/validate-setup-input.yml
- name: Prepare System
import_playbook: playbooks/setup-system.yml
- name: Setup Harbor
import_playbook: playbooks/setup-harbor.yml
- name: Setup WebServer
import_playbook: playbooks/setup-web-server.yml
- name: Setup logrotate
import_playbook: playbooks/logrotate.yml
- name: Update system for applying security compliance patches
import_playbook: playbooks/setup-compliance.yml
#- name: Synchronize Helm Repositories
# import_playbook: playbooks/setup-helm.yml
- name: Clear harbor password from config
import_playbook: playbooks/clear-harbor-password.yml
#- name: Synchronize Harbor and Photon Repositories
# import_playbook: playbooks/setup-repo.yml

4. Create new user-inputs.yml

#cd /root/airgap/scripts/vars/

#cp setup-user-inputs.yml user-inputs.yml

5. Modify user-inputs.yml per your environment, one more change which needed is to disable STIG configuration in first setup

Output:

# 5. System security compliance setup
# Since TCA 2.3 release support additional setup for security compliance
# Support stig only as of now, value can be stig or none to not apply
# security compliance
compliance_type: none

6. Execute setup first time and wait for it to complete

# cd /root/airgap/scripts/bin/
#./run.sh setup

7. Modify user-inputs.yml to enable STIG configuration

Output:

# 5. System security compliance setup
# Since TCA 2.3 release support additional setup for security compliance
# Support stig only as of now, value can be stig or none to not apply
# security compliance
compliance_type: stig

8. Re-run setup

#cd /root/airgap/scripts/bin/
#./run.sh setup

9. Sync data

# cd /root/airgap/scripts/bin/
#./run.sh sync