Problems with permissions accesing files with sudo
316 views
Skip to first unread message
mic...@gmail.com
Jul 1, 2014, 3:22:00 AM7/1/14
to ansible...@googlegroups.com
Hi,
I'm having problems with permissions accessing files.
I have this simple test playbook:
- hosts: all
sudo: true
tasks:
- copy: src=/tmp/root.txt dest=/tmp/pr.txt
The file "/tmp/root.txt" is owned by the root user with permissions 600.
If I'm using "sudo", why the playbook cannot access the file?
I'm having problems with permissions accessing files.
I have this simple test playbook:
- hosts: all
sudo: true
tasks:
- copy: src=/tmp/root.txt dest=/tmp/pr.txt
The file "/tmp/root.txt" is owned by the root user with permissions 600.
If I'm using "sudo", why the playbook cannot access the file?
mic...@gmail.com
Jul 1, 2014, 3:41:01 AM7/1/14
to ansible...@googlegroups.com
Now I have seen an issue in the Ansible github with the same problem:
https://github.com/ansible/ansible/issues/6948
It provides a patch to solve the error, but it only changes the error message.
The original error was:
TASK: [copy src=/tmp/root.txt dest=/tmp/pr.txt] *******************************
fatal: [158.42.104.90] => Traceback (most recent call last):
File "/usr/lib/pymodules/python2.7/ansible/runner/__init__.py", line 532, in _executor
exec_rc = self._executor_internal(host, new_stdin)
File "/usr/lib/pymodules/python2.7/ansible/runner/__init__.py", line 629, in _executor_internal
return self._executor_internal_inner(host, self.module_name, self.module_args, inject, port, complex_args=complex_args)
File "/usr/lib/pymodules/python2.7/ansible/runner/__init__.py", line 815, in _executor_internal_inner
result = handler.run(conn, tmp, module_name, module_args, inject, complex_args)
File "/usr/lib/pymodules/python2.7/ansible/runner/action_plugins/copy.py", line 158, in run
local_md5 = utils.md5(source_full)
File "/usr/lib/pymodules/python2.7/ansible/utils/__init__.py", line 570, in md5
infile = open(filename, 'rb')
IOError: [Errno 13] Permission denied: u'/tmp/root.txt'
The error with the patch provided in the issues is:
TASK: [copy src=/tmp/root.txt dest=/tmp/pr.txt] *******************************
fatal: [158.42.104.90] => error while accessing the file /tmp/root.txt, error was: [Errno 13] Permission denied: u'/tmp/root.txt'
https://github.com/ansible/ansible/issues/6948
It provides a patch to solve the error, but it only changes the error message.
The original error was:
TASK: [copy src=/tmp/root.txt dest=/tmp/pr.txt] *******************************
fatal: [158.42.104.90] => Traceback (most recent call last):
File "/usr/lib/pymodules/python2.7/ansible/runner/__init__.py", line 532, in _executor
exec_rc = self._executor_internal(host, new_stdin)
File "/usr/lib/pymodules/python2.7/ansible/runner/__init__.py", line 629, in _executor_internal
return self._executor_internal_inner(host, self.module_name, self.module_args, inject, port, complex_args=complex_args)
File "/usr/lib/pymodules/python2.7/ansible/runner/__init__.py", line 815, in _executor_internal_inner
result = handler.run(conn, tmp, module_name, module_args, inject, complex_args)
File "/usr/lib/pymodules/python2.7/ansible/runner/action_plugins/copy.py", line 158, in run
local_md5 = utils.md5(source_full)
File "/usr/lib/pymodules/python2.7/ansible/utils/__init__.py", line 570, in md5
infile = open(filename, 'rb')
IOError: [Errno 13] Permission denied: u'/tmp/root.txt'
The error with the patch provided in the issues is:
TASK: [copy src=/tmp/root.txt dest=/tmp/pr.txt] *******************************
fatal: [158.42.104.90] => error while accessing the file /tmp/root.txt, error was: [Errno 13] Permission denied: u'/tmp/root.txt'
Michael DeHaan
Jul 1, 2014, 2:53:08 PM7/1/14
to ansible...@googlegroups.com
This traceback is because the local ansible can't access the file, though we do consider tracebacks in Ansible to be bugs - in this case this is a closed ticket.
If you are seeing problems in the most recent release where you are getting a traceback, please do make sure there is a bug filed - however if Ansible can't read /tmp/root.txt above and is dying with a friendly error mesage about permissions, this is a sign it needs to read them locally and would not be a bug.
So it depends if you are getting a traceback or a nice error message, basically.
--To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/29be9f58-ba9a-4e68-8ada-d69243fe99ed%40googlegroups.com.
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
mic...@gmail.com
Jul 2, 2014, 3:33:55 AM7/2/14
to ansible...@googlegroups.com
My question is how can I copy a file from the Ansible node to the configured nodes when the file is only accessible by the root user.
Using the copy module directly does not work, so now I have to make some tricky tasks like that:
- hosts: all
sudo: true
tasks:
- local_action: shell cp /tmp/root.txt /tmp/root.txt,copy creates=/tmp/root.txt.copy
- local_action: file path=/tmp/root.txt.copy mode=0644
- copy: src=/tmp/root.txt.copy dest=/tmp/pr.txt
Is there any other way to do it?
- local_action: file path=/tmp/root.txt.copy mode=0644
- copy: src=/tmp/root.txt.copy dest=/tmp/pr.txt
Is there any other way to do it?
Michael DeHaan
Jul 2, 2014, 6:14:30 PM7/2/14
to ansible...@googlegroups.com
sudo: true in ansible affects the remote (managed) nodes.
The user running ansible will need to be able to access the files on the local end, so sudo ansible itself in that case if you need to read /tmp/root.txt and can't as you.
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/04a8e5fc-5b1d-4a99-a3f4-f48e6ee62c5c%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages