How to run Ansible from web server?

[Valeriy Solovyov]

Hello
I use apache2 + cgi. I enabled sudo for all users. But when I try run ansible throw apache2 cgi and I got:

{ "dark": { "127.0.0.1": { "msg": "Authentication or permission
failure. In some cases, you may have been able to authenticate and did
not have permissions on the remote directory. Consider changing the
remote temp path in ansible.cfg to a path rooted in \"/tmp\". Failed
command was: mkdir -p
$HOME/.ansible/tmp/ansible-1420984254.94-125323999727459 && chmod a+rx
$HOME/.ansible/tmp/ansible-1420984254.94-125323999727459 && echo
$HOME/.ansible/tmp/ansible-1420984254.94-125323999727459, exited with
result 1", "failed": true } }, "contacted": {} }

If I change inside ansible.cfg temp path -> all work.

When I run this script thew shell of www-data user it's working:
#su -l www-data
$ /lxc/www/py/index.py

Content-type: text/html

<html><head>
</head><body>
{
 "dark": {},
 "contacted": {
  "127.0.0.1": {
   "invocation": {
    "module_name": "service",
    "module_args": "name=shoc-lxc-net state=started enabled=yes"
   },
   "state": "started",
   "changed": false,
   "enabled": true,
   "name": "shoc-lxc-net"
  }
 }
}
127.0.0.1 >>> True

When I cheack:

# ls -la /var/www/
total 20
drwxrwxrwx  4 root     root     4096 Jan 11 15:57 .
drwxr-xr-x 14 root     root     4096 Jan  8 15:58 ..
drwxr-xr-x  2 root     root     4096 Jan 11 14:54 etc
-rw-r--r--  1 root     root      177 Mar 18  2013 index.html
drwx------  2 www-data www-data 4096 Jan 11 15:36 .ssh

# su www-data
$ mkdir /var/www/.ansible/tmp -p
$
# ls -la /var/www/.ansible/
total 12
drwxrwxr-x 3 www-data www-data 4096 Jan 11 15:57 .
drwxrwxrwx 5 root     root     4096 Jan 11 15:57 ..
drwxrwxr-x 2 www-data www-data 4096 Jan 11 15:57 tmp

my script:

#!/usr/bin/env python
# -*- coding: UTF-8 -*-# enable debugging
print "Content-type: text/html"
print

import cgitb
cgitb.enable()
print "<html><head>"
print ""
print "</head><body>"

import os
import ansible.runner
import sys
results = ansible.runner.Runner(
#    transport='ssh',
#    remote_user='root',
#    remote_pass='pass',
    transport='local',
#    su='yes',
#    su_user='root',
#    su_pass='su_pass',
    sudo='yes',
    sudo_user='root',
    sudo_pass='sudo_pass',
    pattern='127.0.0.1',
    module_name='service',
    module_args='name=shoc-lxc-net state=started enabled=yes',
    forks=10,
).run()

if results is None:
   print "No hosts found"
   sys.exit(1)

import json
print(json.dumps(results,
                 default=lambda obj: vars(obj),
                 indent=1))
for (hostname, result) in results['contacted'].items():
    if not 'failed' in result:
        print "%s >>> %s" % (hostname, result['enabled'])
print "</body></html>"

[James Couch]

I'm having the same issue. We're trying to run playbooks from Flask behind gunicorn as a non-root user and we're getting that same error. I've confirmed that user has full r/w/x access to the directory it's complaining about, but it still won't work. I can also run playbooks from the command-line as that user and it works fine. It seems to only be an issue when running through the Python API.