I’m new to ansible…so bear with me. I created a simple playbook that takes a 0 byte file and copies it to remote hosts under a different user, creating the directory to put it in prior to the copy.
We have a mix of python 2.6 and 2.7 on our Linux hosts (running redhat 6). The execution is successful on 1 host only.
My Playbook (.yml) looks like:
There is a permission denied:
"msg": "There was an issue creating bin-tmp as requested: [Errno 13] Permission denied: 'bin-tmp'
Maybe not all server are set up the same way (rights, owner, groups). Can you create the dir manually being the become_user on the host? Try to create a dir /tmp/bin-tmp ( a full path). If this works on all servers, try to narrow down the problem.
yes, i was aware of the permission denied and I checked the permissions on the entire FS directory structure being written to and all the perms are the same across all 15 hosts. I can create directories/files in /tmp so can the user websphe I sudo into.
I set my playbook to do serial: 1 and export the variable ANSIBLE_KEEP_REMOTE_FILES=1 to see what was being written where.
As per the playbook it attempts to create the folder in the home of websphe, not in /tmp. Then if that is successful, it will create the file in the bin-tmp directory. If i manually create the bin-tmp folder it still complains it cannot create the folder permission denied error.
In /tmp on the remote host it created:
drwxr-x—+ 2 jm6239 sretpe 4096 Mar 23 14:23 ansible-tmp-1490304237.71-42478243914318
obviously the name changes for each host.
I added the -vvvv option and it’s not much more help:
$ ansible-playbook -i inventory/staging -vvvv site.yml
/home/jm6239/python26/lib/python2.6/site-packages/cryptography/init.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
DeprecationWarning
No config file found; using defaults
Loading callback plugin default of type stdout, v2.0 from /home/jm6239/python26/lib/python2.6/site-packages/ansible/plugins/callback/init.pyc
PLAYBOOK: site.yml *************************************************************
1 plays in site.yml
PLAY [all] *********************************************************************
TASK [create bin directory] ****************************************************
task path: /home/jm6239/apb/site.yml:8
Using module file /home/jm6239/python26/lib/python2.6/site-packages/ansible/modules/core/files/file.py
<zlt11405.vci.att.com> ESTABLISH SSH CONNECTION FOR USER: None
<zlt11405.vci.att.com> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/jm6239/.ansible/cp/ansible-ssh-%h-%p-%r zlt11405.vci.att.com ‘/bin/sh -c ‘"’"’( umask 77 && mkdir -p “echo /tmp/ansible-tmp-1490304420.41-56306997831746” && echo ansible-tmp-1490304420.41-56306997831746=“echo /tmp/ansible-tmp-1490304420.41-56306997831746” ) && sleep 0’“'”‘’
<zlt11405.vci.att.com> PUT /tmp/tmpZGEDnn TO /tmp/ansible-tmp-1490304420.41-56306997831746/file.py
<zlt11405.vci.att.com> SSH: EXEC sftp -b - -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/jm6239/.ansible/cp/ansible-ssh-%h-%p-%r ‘[zlt11405.vci.att.com]’
<zlt11405.vci.att.com> ESTABLISH SSH CONNECTION FOR USER: None
<zlt11405.vci.att.com> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/jm6239/.ansible/cp/ansible-ssh-%h-%p-%r zlt11405.vci.att.com ‘/bin/sh -c ‘"’“‘setfacl -m u:websphe:r-x /tmp/ansible-tmp-1490304420.41-56306997831746/ /tmp/ansible-tmp-1490304420.41-56306997831746/file.py && sleep 0’”’“‘’
<zlt11405.vci.att.com> ESTABLISH SSH CONNECTION FOR USER: None
<zlt11405.vci.att.com> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/jm6239/.ansible/cp/ansible-ssh-%h-%p-%r -tt zlt11405.vci.att.com '/bin/sh -c '”‘“'sudo -H -S -n -u websphe /bin/sh -c '”’“'”‘"’“'”‘"’“‘echo BECOME-SUCCESS-rbchxbeiebdjawddkvoyzeezexijyggy; /usr/bin/python /tmp/ansible-tmp-1490304420.41-56306997831746/file.py’”‘"’“'”‘"’“'”‘"’ && sleep 0’“'”‘’
fatal: [zlt11405.vci.att.com]: FAILED! => {
“changed”: false,
“failed”: true,
“invocation”: {
“module_args”: {
“backup”: null,
“content”: null,
“delimiter”: null,
“diff_peek”: null,
“directory_mode”: null,
“follow”: false,
“force”: false,
“group”: null,
“mode”: null,
“original_basename”: null,
“owner”: null,
“path”: “bin-tmp”,
“recurse”: false,
“regexp”: null,
“remote_src”: null,
“selevel”: null,
“serole”: null,
“setype”: null,
“seuser”: null,
“src”: null,
“state”: “directory”,
“unsafe_writes”: null,
“validate”: null
},
“module_name”: “file”
},
“msg”: “There was an issue creating bin-tmp as requested: [Errno 13] Permission denied: ‘bin-tmp’”,
“path”: “bin-tmp”,
“state”: “absent”
}
to retry, use: --limit @/home/jm6239/apb/site.retry
PLAY RECAP *********************************************************************
zlt11405.vci.att.com : ok=0 changed=0 unreachable=0 failed=1
I changed my hosts file to only have the working host and this is the output with -vvvv option:
$ ansible-playbook -i inventory/staging -vvvv site.yml
/home/jm6239/python26/lib/python2.6/site-packages/cryptography/init.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
DeprecationWarning
No config file found; using defaults
Loading callback plugin default of type stdout, v2.0 from /home/jm6239/python26/lib/python2.6/site-packages/ansible/plugins/callback/init.pyc
PLAYBOOK: site.yml *************************************************************
1 plays in site.yml
PLAY [all] *********************************************************************
TASK [create bin directory] ****************************************************
task path: /home/jm6239/apb/site.yml:7
Using module file /home/jm6239/python26/lib/python2.6/site-packages/ansible/modules/core/files/file.py
<zlt14143.vci.att.com> ESTABLISH SSH CONNECTION FOR USER: None
<zlt14143.vci.att.com> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/jm6239/.ansible/cp/ansible-ssh-%h-%p-%r zlt14143.vci.att.com ‘/bin/sh -c ‘"’"’( umask 77 && mkdir -p “echo /tmp/ansible-tmp-1490304963.93-167360694044386” && echo ansible-tmp-1490304963.93-167360694044386=“echo /tmp/ansible-tmp-1490304963.93-167360694044386” ) && sleep 0’“'”‘’
<zlt14143.vci.att.com> PUT /tmp/tmpSAzmvD TO /tmp/ansible-tmp-1490304963.93-167360694044386/file.py
<zlt14143.vci.att.com> SSH: EXEC sftp -b - -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/jm6239/.ansible/cp/ansible-ssh-%h-%p-%r ‘[zlt14143.vci.att.com]’
<zlt14143.vci.att.com> ESTABLISH SSH CONNECTION FOR USER: None
<zlt14143.vci.att.com> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/jm6239/.ansible/cp/ansible-ssh-%h-%p-%r zlt14143.vci.att.com ‘/bin/sh -c ‘"’“‘setfacl -m u:websphe:r-x /tmp/ansible-tmp-1490304963.93-167360694044386/ /tmp/ansible-tmp-1490304963.93-167360694044386/file.py && sleep 0’”’“‘’
<zlt14143.vci.att.com> ESTABLISH SSH CONNECTION FOR USER: None
<zlt14143.vci.att.com> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/jm6239/.ansible/cp/ansible-ssh-%h-%p-%r -tt zlt14143.vci.att.com '/bin/sh -c '”‘“'sudo -H -S -n -u websphe /bin/sh -c '”’“'”‘"’“'”‘"’“‘echo BECOME-SUCCESS-qbtkjugivbiurbbkajdovxhabozqahri; /usr/bin/python /tmp/ansible-tmp-1490304963.93-167360694044386/file.py’”‘"’“'”‘"’“'”‘"’ && sleep 0’“'”‘’
ok: [zlt14143.vci.att.com] => {
“changed”: false,
“diff”: {
“after”: {
“path”: “bin-tmp”
},
“before”: {
“path”: “bin-tmp”
}
},
“gid”: 600,
“group”: “websphe”,
“invocation”: {
“module_args”: {
“backup”: null,
“content”: null,
“delimiter”: null,
“diff_peek”: null,
“directory_mode”: null,
“follow”: false,
“force”: false,
“group”: null,
“mode”: null,
“original_basename”: null,
“owner”: null,
“path”: “bin-tmp”,
“recurse”: false,
“regexp”: null,
“remote_src”: null,
“selevel”: null,
“serole”: null,
“setype”: null,
“seuser”: null,
“src”: null,
“state”: “directory”,
“unsafe_writes”: null,
“validate”: null
},
“module_name”: “file”
},
“mode”: “0750”,
“owner”: “websphe”,
“path”: “bin-tmp”,
“size”: 23,
“state”: “directory”,
“uid”: 600
}
TASK [copy file] ***************************************************************
task path: /home/jm6239/apb/site.yml:9
Using module file /home/jm6239/python26/lib/python2.6/site-packages/ansible/modules/core/files/stat.py
<zlt14143.vci.att.com> ESTABLISH SSH CONNECTION FOR USER: None
<zlt14143.vci.att.com> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/jm6239/.ansible/cp/ansible-ssh-%h-%p-%r zlt14143.vci.att.com ‘/bin/sh -c ‘"’"’( umask 77 && mkdir -p “echo /tmp/ansible-tmp-1490304964.62-180098139679591” && echo ansible-tmp-1490304964.62-180098139679591=“echo /tmp/ansible-tmp-1490304964.62-180098139679591” ) && sleep 0’“'”‘’
<zlt14143.vci.att.com> PUT /tmp/tmpSAzmvD TO /tmp/ansible-tmp-1490304964.62-180098139679591/stat.py
<zlt14143.vci.att.com> SSH: EXEC sftp -b - -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/jm6239/.ansible/cp/ansible-ssh-%h-%p-%r ‘[zlt14143.vci.att.com]’
<zlt14143.vci.att.com> ESTABLISH SSH CONNECTION FOR USER: None
<zlt14143.vci.att.com> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/jm6239/.ansible/cp/ansible-ssh-%h-%p-%r zlt14143.vci.att.com ‘/bin/sh -c ‘"’“‘setfacl -m u:websphe:r-x /tmp/ansible-tmp-1490304964.62-180098139679591/ /tmp/ansible-tmp-1490304964.62-180098139679591/stat.py && sleep 0’”’“‘’
<zlt14143.vci.att.com> ESTABLISH SSH CONNECTION FOR USER: None
<zlt14143.vci.att.com> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/jm6239/.ansible/cp/ansible-ssh-%h-%p-%r -tt zlt14143.vci.att.com '/bin/sh -c '”‘“'sudo -H -S -n -u websphe /bin/sh -c '”’“'”‘"’“'”‘"’“‘echo BECOME-SUCCESS-vhwdotdcrejnwkbsjrjqxabmpqkbxmal; /usr/bin/python /tmp/ansible-tmp-1490304964.62-180098139679591/stat.py’”‘"’“'”‘"’“'”‘"’ && sleep 0’“'”‘’
Using module file /home/jm6239/python26/lib/python2.6/site-packages/ansible/modules/core/files/file.py
<zlt14143.vci.att.com> ESTABLISH SSH CONNECTION FOR USER: None
<zlt14143.vci.att.com> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/jm6239/.ansible/cp/ansible-ssh-%h-%p-%r zlt14143.vci.att.com ‘/bin/sh -c ‘"’"’( umask 77 && mkdir -p “echo /tmp/ansible-tmp-1490304965.03-76353737824909” && echo ansible-tmp-1490304965.03-76353737824909=“echo /tmp/ansible-tmp-1490304965.03-76353737824909” ) && sleep 0’“'”‘’
<zlt14143.vci.att.com> PUT /tmp/tmpeDGPZb TO /tmp/ansible-tmp-1490304965.03-76353737824909/file.py
<zlt14143.vci.att.com> SSH: EXEC sftp -b - -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/jm6239/.ansible/cp/ansible-ssh-%h-%p-%r ‘[zlt14143.vci.att.com]’
<zlt14143.vci.att.com> ESTABLISH SSH CONNECTION FOR USER: None
<zlt14143.vci.att.com> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/jm6239/.ansible/cp/ansible-ssh-%h-%p-%r zlt14143.vci.att.com ‘/bin/sh -c ‘"’“‘setfacl -m u:websphe:r-x /tmp/ansible-tmp-1490304965.03-76353737824909/ /tmp/ansible-tmp-1490304965.03-76353737824909/file.py && sleep 0’”’“‘’
<zlt14143.vci.att.com> ESTABLISH SSH CONNECTION FOR USER: None
<zlt14143.vci.att.com> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/jm6239/.ansible/cp/ansible-ssh-%h-%p-%r -tt zlt14143.vci.att.com '/bin/sh -c '”‘“'sudo -H -S -n -u websphe /bin/sh -c '”’“'”‘"’“'”‘"’“‘echo BECOME-SUCCESS-urxseihnvczhzziuuucztrltyehnazuu; /usr/bin/python /tmp/ansible-tmp-1490304965.03-76353737824909/file.py’”‘"’“'”‘"’“'”‘"’ && sleep 0’“'”‘’
ok: [zlt14143.vci.att.com] => {
“changed”: false,
“checksum”: “da39a3ee5e6b4b0d3255bfef95601890afd80709”,
“dest”: “bin-tmp/jm_temp.sh”,
“diff”: {
“after”: {
“path”: “bin-tmp/jm_temp.sh”
},
“before”: {
“path”: “bin-tmp/jm_temp.sh”
}
},
“gid”: 600,
“group”: “websphe”,
“invocation”: {
“module_args”: {
“backup”: null,
“content”: null,
“delimiter”: null,
“dest”: “bin-tmp/jm_temp.sh”,
“diff_peek”: null,
“directory_mode”: null,
“follow”: false,
“force”: false,
“group”: null,
“mode”: null,
“original_basename”: “temp.sh”,
“owner”: null,
“path”: “bin-tmp/jm_temp.sh”,
“recurse”: false,
“regexp”: null,
“remote_src”: null,
“selevel”: null,
“serole”: null,
“setype”: null,
“seuser”: null,
“src”: “temp.sh”,
“state”: null,
“unsafe_writes”: null,
“validate”: null
}
},
“mode”: “0640”,
“owner”: “websphe”,
“path”: “bin-tmp/jm_temp.sh”,
“size”: 0,
“state”: “file”,
“uid”: 600
}
PLAY RECAP *********************************************************************
zlt14143.vci.att.com : ok=2 changed=0 unreachable=0 failed=0
A faster way of debug this might be to run these two tasks
- command: pwd
- command: ls -la
When running the tasks with -v you see the stdout and can determine in which directory it's trying to create the directory and the permissions there.
ok…i added the pwd and ls command into my playbook. Reran and it appears that the sudo is not working for 14 of the hosts. I modified my hosts to have 1 good and 1 bad and this is the results of the pwd:
TASK [command] *****************************************************************
changed: [zlt11404.vci.att.com] => {“changed”: true, “cmd”: [“pwd”], “delta”: “0:00:00.008074”, “end”: “2017-03-24 06:55:40.534256”, “rc”: 0, “start”: “2017-03-24 06:55:40.526182”, “stderr”: “”, “stdout”: “/home/jm6239”, “stdout_lines”: [“/home/jm6239”], “warnings”: }
changed: [zlt14143.vci.att.com] => {“changed”: true, “cmd”: [“pwd”], “delta”: “0:00:01.008465”, “end”: “2017-03-24 06:55:42.409550”, “rc”: 0, “start”: “2017-03-24 06:55:41.401085”, “stderr”: “”, “stdout”: “/home/websphe”, “stdout_lines”: [“/home/websphe”], “warnings”: }
The zlt14143 is the server it’s working on. As you see it says the directory is /home/websphe and on the zlt11404 it is showing my personal home. I’ve compared everything i can think of and cannot see why it’s not working on 14 of the hosts.
Found the issue.
For some reason on all the hosts but 1 it’s pulling in my personal home information not the account i’m sudo’d into. Which that account does not have permissions to write to my home. I exact pathed the locations to put the file and problem was solved.