failed: [clientbox] => {"changed": true, "rc": 1}
stdout: cp: cannot open `/etc/sudoers' for reading: Permission denied
ssh -t clientbox "sudo -Hi cp /etc/sudoers /tmp/temp_sudoers && sudo -Hi chmod 777 /tmp/temp_sudoers && scp /tmp/temp_sudoers ansible_masterbox:/tmp/"
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/eee2d34a-a2e5-408d-8ccc-e67c11d5a7ee%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[root@clientbox tmp]# sestatus
SELinux status: disabled
[root@clientbox tmp]# stat /etc/sudoers
File: `/etc/sudoers'
Size: 10092 Blocks: 24 IO Block: 4096 regular file
Device: fd00h/64768d Inode: 1246098 Links: 1
Access: (0440/-r--r-----) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2014-04-08 13:55:52.000000000 +0100
Modify: 2014-04-08 12:59:46.000000000 +0100
Change: 2014-04-08 12:59:46.000000000 +0100
Do you try to copy files via single command, like ansible -i hosts all -m shell -a 'cp /etc/sudoers /tmp/temp_sudoers' or via playbook?
Any example?...
---
- hosts: clientbox
gather_facts: no
tasks:
- name: cp sudoers from /etc to /tmp
command: /bin/cp /etc/sudoers /tmp/cpsudoers
- name: change permissions of /tmp/sudoers
file: src=/tmp/cpsudoers mode=0777
- name: fetch sudoers
fetch: src=/tmp/cpsudoers dest=/ansible/deployment/files/backup/sap/sap-t
- name: rm /tmp/sudoers
command: removes=/tmp/cpsudoers
$ ap ~/deployment/playbooks/fetch_files_from_server.yml -Kvvvv
sudo password:
PLAY [clientbox] ******************************************************************
TASK: [cp sudoers from /etc to /tmp] ******************************************
<clientbox> ESTABLISH CONNECTION FOR USER: ansible
<clientbox> REMOTE_MODULE command /bin/cp /etc/sudoers /tmp/cpsudoers
<clientbox> EXEC ['ssh', '-C', '-vvv', '-o', 'PasswordAuthentication=no', '-o', 'ControlMaster=auto', '-o', 'ControlPath=~/tmp/ansible-ssh-%h-%p-%r', '-o', 'Port=22', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', 'ConnectTimeout=30', 'clientbox', '/bin/bash -c /usr/bin/python']
EXEC previous known host file not found for clientbox
failed: [clientbox] => {"changed": true, "cmd": ["/bin/cp", "/etc/sudoers", "/tmp/cpsudoers"], "delta": "0:00:00.005682", "end": "2014-04-09 08:57:11.603329", "rc": 1, "start": "2014-04-09 08:57:11.597647"}
stderr: /bin/cp: cannot open `/etc/sudoers' for reading: Permission denied
FATAL: all hosts have already failed -- aborting
PLAY RECAP ********************************************************************
to retry, use: --limit @/ansible/fetch_files_from_server.retry
clientbox : ok=0 changed=0 unreachable=0 failed=1
$ a -m fetch -a "src=/etc/sudoers dest=/ansible/deployment/files/backup/sap/sap-t" clientbox -K
sudo password:
clientbox | success >> {
"changed": false,
"file": "/etc/sudoers",
"msg": "no read permission on remote file, not transferring, ignored"
}
$ ssh -t clientbox "sudo -Hi cp /etc/sudoers /tmp/temp_sudoers && sudo -Hi chmod 777 /tmp/temp_sudoers && scp
/tmp/temp_sudoers ansible-masterbox:/tmp/"
Please enter the password for user ansible:
ansible@ansible-masterbox's password:
temp_sudoers 100% 10KB 9.9KB/s 00:00
Connection to clientbox closed.
$ ll /tmp/*sudo*
-rwxr-xr-x 1 ansible ansible 10092 Apr 9 09:11 /tmp/temp_sudoers*
And in theory it is the very same logic. Ansible actually uses "sudo -Hi" to log in to the boxes.