per host configuration option

[Makimoto Marakatti]

Hi

I've got a machine that needs to have remote_tmp set to "$HOME/.ansible/tmp". But this gives me issues with the rest of the boxes. So the option in the config file says "remote_tmp     = /tmp".

I've tried to set the option on the inventory file for this host only:

commando remote_tmp=$HOME/.ansible/tmp

and also as a host_variable in host_file_dir/host_vars/hostname:

$ cat host_vars/commando
-rw-rw-r-- 1 ansible ansible 35 Feb 12 10:34 host_vars/commando
---
remote_tmp: $HOME/.ansible/tmp

It does not work:

$ ansible commando -m ping -K
sudo password:
previous known host file not found
commando | FAILED => Authentication or permission failure.  In some cases, you may have been able to authenticate and did not have permissions on the remote directory. Consider changing the remote temp path in ansible.cfg to a path rooted in "/tmp". Failed command was: mkdir -p /tmp/ansible-1392202978.96-158385720428034 && chmod a+rx /tmp/ansible-1392202978.96-158385720428034 && echo /tmp/ansible-1392202978.96-158385720428034, exited with result 1: mkdir: cannot create directory `/tmp/ansible-1392202978.96-158385720428034': Permission denied

There's something I'm not doing right, and I'm trusting the more experienced crowd here will be able to give me some insight.

PS. Also, if you happen to know why I'm getting the previous "known host file not found", that would be great

Thanks

[Brian Coca]

this is not currently configurable by host, just the ansible.cfg setting and the environment variable ANSIBLE_REMOTE_TEMP.

[Makimoto Marakatti]

Is there a way then to set this in a playbook at runtime?

[Michael DeHaan]

Not currently.

Patches to add it as an inventory variable would be accepted (just apply to any group you need), but I'm not sure it really belongs as a playbook keyword.

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Makimoto Marakatti]

Ok. So what are my options here? I cannot be the only person with a situation like this.
Diverging OS baseline installs is one of the reasons ansible is used after all?
Is there not any workaround?

[Michael DeHaan]

There is not, which is not saying I'm unsympathetic.

Needing to specify remote temp is an infrequent thing, and not really a common OS divergence thing most people run into anymore.   Most folks just pick a path that works, like $HOME/tmp.

I'm a bit curious why the $HOME related option didn't work across the board?  Does the user not have a homedir?

[Makimoto Marakatti]

Well, if I set remote_tmp to the default I get the same error message as above in ~50% of my servers. Setting it to /tmp gives me issues with this single server.
Having close to 400 boxes, I'm prone to lean to the less damaging option. It somehow has to do with the fact that in many of those failing %50 boxes the home dir is a shared one through NFS. But it's not granted either to get an error because the home dir is on nfs: it just has more probabilities of failing. (IE: haven't figured out yet what the real issues is...)

Reading about this, is there not the possibility to have a conf file in the playbook dir? That would actually take precedence over the main one??

At this point any advice is good :)

[Walid]

what are the  /tmp and $HOME/tmp permissions? I am wondering if it is a permission issue, you can fix it using the raw module?!

[Makimoto Marakatti]

No difference there really. I even tried to chmod 777 ~/.ansible to see if it made a difference, but no luck.
I will get to the root cause eventually... :)

[Walid]

is any of the /tmp and $HOME/tmp in a shared file system?

[Makimoto Marakatti]

yes, /home is on nfs on some systems, but even if that raises chances of issues with ansible, it's not conclusive. Some of the hosts that indeed have the /home shared do not show any issues. So there's something going on, but haven't yet figured it out.

[Walid]

no but system root or what ever user you are running ansible as (su, sudo, user) could have different permissions on an NFS mount than system permissions. root could be squashed, ids could be not mapped correctly 

[Makimoto Marakatti]

I've been looking at all that, but work gets in the way! :)
Right now I'm going to ignore that error in the lone box and get some things done. When I'm finished with the whole reorganisation, the issue most probably will have gone away...
anyway, thanks for the help! appreciated!

[Makimoto Marakatti]

Hi

Just bumping this thread to let interested parties know I found the solution for this.
I had in .ansible.cfg this line:

ask_sudo_pass  = True

Once that was removed all issues have disappeared.
Don't really see why, but the fact remains: no problems whatsoever.
I'm guessing that somehow ansible's behaviour changes in unexpected ways for me to see.
I connect through a user and then sudo to root. The first stage is done through ssh certs. No passwds there.
The second is a normal sudo.
If I add -K to the command line works flawlessly. with the setting on the .cfg file I get all kinds of weird behaviour that you can read on this thread.

Anyway. Solved!

Thanks all for the time

[Michael DeHaan]

Sounds like you *might* be an old version of Ansible where --ask-sudo-pass implies --sudo.

This really shouldn't be the case anymore, so let us know what you are running.

Thanks!

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/e2b5646d-90c1-454b-8626-0c77747e4bc2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Makimoto Marakatti]

Hi

Just updated to 1.5.2 from 1.5 few minutes ago.

[Michael DeHaan]

Ok thanks if ask_sudo_pass in the config is causing --sudo, then this should definitely be a ticket.   This implication we fixed in the CLI, but possibly not here.

Can you please file one on github.com/ansible/ansible?

Thanks!

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/7a6de876-91cd-4ae7-977d-f435bc7e4446%40googlegroups.com.

[Makimoto Marakatti]

Hi

issue #6467 raised.

[Adam Lininger]

I realize this is nearly 3 years old. However, I've run in to and finally diagnosed this issue (on my systems). The fuse code in the kernel makes a fuse filesystem only readable by the owning user...regardless of filesystem permissions. Not even root can override that.

It would be nice to be able to set remote_tmp on a per-server basis (e.g. in the .cfg file).

Adam

[Adam Lininger]

Correction, as a per host variable in the inventory.

--
You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/kkWmnQBD2mA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ansible-project+unsubscribe@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/0183b92f-4428-4813-ab8d-16acdac2a905%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.