why i cannot remove this file /etc/yum.repos.d/redhat-rhui,repo even with the root permission.
18 views
Skip to first unread message
Jason Yu
Feb 22, 2019, 6:28:09 PM2/22/19
to Ansible Project
Dear Ansible Gurus and friends:
I have the following ansible script to remove the default AWS repos on an new created RHEL ec2 instance from Packer.
It works well untill the "Remove AWS RHUI repos" module. For some reason, the privilege escalation doesn't work for this native file module. However, if I use the command module with a sudo command, it works fine as " sudo rm -rf /etc/yum.repos.d/redhat-rhui.repo"
I could not figure out why it behaves like this. Could anyone help me with this ? I have been stucked here for a few days for deliver this Packer script with ansible calls.
- name: Configure BASE Linux Servers
hosts: linux
gather_facts: true
become: yes
become_user: root
become_method: su
pre_tasks:
- name: Debug
raw: sleep 1
- name: get the username running the deploy
become: false
local_action: command whoami
register: username_on_the_host
- debug: var=username_on_the_host
- name: Show /etc/ssh/sshd_config file content
command: sudo cat /etc/ssh/sshd_config
register: cat
become: yes
become_method: su
become_user: root
- debug: var=cat.stdout_lines
- name: Remove AWS RHUI repos
file:
path: "{{ item }}"
state: absent
force: yes
with_items:
- /etc/yum.repos.d/redhat-rhui.repo
- /etc/yum.repos.d/rhui-load-balancers.conf
- /etc/yum.repos.d/redhat-rhui-client-config.repo
- /etc/yum/pluginconf.d/amazon-id.conf
- /etc/yum/pluginconf.d/rhui-lb.conf
roles:
- { role: linux_common, tags: linux_common }
- { role: deep_security_agent, tags: deep_security_agent }
The error is like below:
amazon-ebs: TASK [Remove AWS RHUI repos] ***************************************************
amazon-ebs: failed: [default] (item=/etc/yum.repos.d/redhat-rhui.repo) => {"changed": false, "gid": 0, "group": "root", "item": "/etc/yum.repos.d/redhat-rhui.repo", "mode": "0644", "msg": "unlinking failed: [Errno 13] Permission denied: '/etc/yum.repos.d/redhat-rhui.repo' ", "owner": "root", "path": "/etc/yum.repos.d/redhat-rhui.repo", "secontext": "system_u:object_r:system_conf_t:s0", "size": 8679, "state": "file", "uid": 0}
amazon-ebs: failed: [default] (item=/etc/yum.repos.d/rhui-load-balancers.conf) => {"changed": false, "gid": 0, "group": "root", "item": "/etc/yum.repos.d/rhui-load-balancers.conf", "mode": "0644", "msg": "unlinking failed: [Errno 13] Permission denied: '/etc/yum.repos.d/rhui-load-balancers.conf' ", "owner": "root", "path": "/etc/yum.repos.d/rhui-load-balancers.conf", "secontext": "system_u:object_r:system_conf_t:s0", "size": 80, "state": "file", "uid": 0}
amazon-ebs: failed: [default] (item=/etc/yum.repos.d/redhat-rhui-client-config.repo) => {"changed": false, "gid": 0, "group": "root", "item": "/etc/yum.repos.d/redhat-rhui-client-config.repo", "mode": "0644", "msg": "unlinking failed: [Errno 13] Permission denied: '/etc/yum.repos.d/redhat-rhui-client-config.repo' ", "owner": "root", "path": "/etc/yum.repos.d/redhat-rhui-client-config.repo", "secontext": "system_u:object_r:system_conf_t:s0", "size": 607, "state": "file", "uid": 0}
amazon-ebs: failed: [default] (item=/etc/yum/pluginconf.d/amazon-id.conf) => {"changed": false, "gid": 0, "group": "root", "item": "/etc/yum/pluginconf.d/amazon-id.conf", "mode": "0644", "msg": "unlinking failed: [Errno 13] Permission denied: '/etc/yum/pluginconf.d/amazon-id.conf' ", "owner": "root", "path": "/etc/yum/pluginconf.d/amazon-id.conf", "secontext": "system_u:object_r:etc_t:s0", "size": 17, "state": "file", "uid": 0}
amazon-ebs: failed: [default] (item=/etc/yum/pluginconf.d/rhui-lb.conf) => {"changed": false, "gid": 0, "group": "root", "item": "/etc/yum/pluginconf.d/rhui-lb.conf", "mode": "0644", "msg": "unlinking failed: [Errno 13] Permission denied: '/etc/yum/pluginconf.d/rhui-lb.conf' ", "owner": "root", "path": "/etc/yum/pluginconf.d/rhui-lb.conf", "secontext": "system_u:object_r:etc_t:s0", "size": 74, "state": "file", "uid": 0}
amazon-ebs: to retry, use: --limit @/workdir/Ansible/playbooks/common/Configure_Base_Linux.retry
amazon-ebs:
amazon-ebs: PLAY RECAP *********************************************************************
amazon-ebs: default : ok=6 changed=3 unreachable=0 failed=1
amazon-ebs:
==> amazon-ebs: Terminating the source AWS instance...
==> amazon-ebs: Cleaning up any extra volumes...
==> amazon-ebs: No volumes to clean up, skipping
==> amazon-ebs: Deleting temporary security group...
==> amazon-ebs: Deleting temporary keypair...
Build 'amazon-ebs' errored: Error executing Ansible: Non-zero exit status: exit status 2
Jason Yu
Feb 22, 2019, 6:37:13 PM2/22/19
to Ansible Project
Here is the output with --vvv option:
Jason Yu
Feb 23, 2019, 12:21:32 AM2/23/19
to Ansible Project
I got it reoslved by using a different user. running packer under root will not escalate the privilege to root. not sure if it's a bug or something.
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/190feb58-ebbc-4281-95f4-de10fffa9629%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Thank you,
50 Pointe Drive, Brea, CA 92821 |(O)714.674.8422 J...@avery.com
Reply all
Reply to author
Forward
0 new messages