Ansible-lint permission denied

Get Help
, ,
1

I just updated the version of ansible-dev-tools to version 25.2.1, which includes ansible-lint version 25.1.3. When I run ansible-lint --force-color -v -p -w metadata ./* on my collection. I end up getting a permission denied error. However, if I add the --offline linting works correctly. If I revert to our older version we were using (adt version 24.12.0), ansible-lint 24.12.2, everything works as expected.

Here is the full error I’m getting:

$ ansible-lint --version
ansible-lint 25.1.3 using ansible-core:2.18.3 ansible-compat:25.1.4 ruamel-yaml:0.18.10 ruamel-yaml-clib:0.2.12
$ echo "ansible-lint $ansible_lint_options $ansible_lint_verbosity -p $ansible_lint_warnings $ansible_lint_skip ./*"
ansible-lint --force-color -v -p -w metadata  ./*
$ ansible-lint $ansible_lint_options $ansible_lint_verbosity -p $ansible_lint_warnings $ansible_lint_skip ./*
INFO     Identified /builds/acuity/techci/openeng-infrastructure/ansible-collections/utils as project root due .git directory.
INFO     Collection paths was patched to include extra directories /root/.ansible/collections,/usr/share/ansible/collections,/usr/lib/python3.11/site-packages,/usr/lib64/python3.11/site-packages,/usr/local/lib/python3.11/site-packages,/usr/local/lib64/python3.11/site-packages
INFO     Set ANSIBLE_LIBRARY=/builds/acuity/techci/openeng-infrastructure/ansible-collections/utils/.ansible/modules:/root/.ansible/plugins/modules:/usr/share/ansible/plugins/modules
INFO     Set ANSIBLE_COLLECTIONS_PATH=/builds/acuity/techci/openeng-infrastructure/ansible-collections/utils/.ansible/collections:/root/.ansible/collections:/usr/share/ansible/collections:/usr/lib/python3.11/site-packages:/usr/lib64/python3.11/site-packages:/usr/local/lib/python3.11/site-packages:/usr/local/lib64/python3.11/site-packages
INFO     Set ANSIBLE_ROLES_PATH=/builds/acuity/techci/openeng-infrastructure/ansible-collections/utils/.ansible/roles:roles:/root/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles
INFO     Provisioning collection community.crypto:>2.20.0 from galaxy.yml
INFO     Running from /builds/acuity/techci/openeng-infrastructure/ansible-collections/utils : ansible-galaxy collection install -vvv community.crypto:>2.20.0
WARNING  Retrying execution failure 250 of: ansible-galaxy collection install -vvv community.crypto:>2.20.0
ERROR    Command ansible-galaxy collection install -vvv community.crypto:>2.20.0, returned 250 code:
Starting galaxy collection install process
Process install dependency map
Starting collection install process
Downloading https://galaxy.ansible.com/api/v3/plugin/ansible/content/published/collections/artifacts/community-crypto-2.25.0.tar.gz to /root/.ansible/tmp/ansible-local-275thmlaxj/tmpedui9x70/community-crypto-2.25.0-nlsp00vw
Installing 'community.crypto:2.25.0' to '/builds/acuity/techci/openeng-infrastructure/ansible-collections/utils/.ansible/collections/ansible_collections/community/crypto'
the full traceback was:
Traceback (most recent call last):
  File "/usr/lib64/python3.11/shutil.py", line 853, in move
    os.rename(src, real_dst)
OSError: [Errno 18] Invalid cross-device link: b'/root/.ansible/tmp/ansible-local-275thmlaxj/tmpedui9x70/tmpkqj_vkrv' -> b'/builds/acuity/techci/openeng-infrastructure/ansible-collections/utils/.ansible/collections/ansible_collections/community/crypto/MANIFEST.json'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
  File "/usr/local/lib/python3.11/site-packages/ansible/cli/__init__.py", line 646, in cli_executor
    exit_code = cli.run()
                ^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/ansible/cli/galaxy.py", line 727, in run
    return context.CLIARGS['func']()
           ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/ansible/cli/galaxy.py", line 98, in method_wrapper
    return wrapped_method(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/ansible/cli/galaxy.py", line 1392, in execute_install
    self._execute_install_collection(
  File "/usr/local/lib/python3.11/site-packages/ansible/cli/galaxy.py", line 1441, in _execute_install_collection
    install_collections(
  File "/usr/local/lib/python3.11/site-packages/ansible/galaxy/collection/__init__.py", line 780, in install_collections
    install(concrete_coll_pin, output_path, artifacts_manager)
  File "/usr/local/lib/python3.11/site-packages/ansible/galaxy/collection/__init__.py", line 1520, in install
    install_artifact(
  File "/usr/local/lib/python3.11/site-packages/ansible/galaxy/collection/__init__.py", line 1606, in install_artifact
    _extract_tar_file(collection_tar, MANIFEST_FILENAME, b_collection_path, b_temp_path)
  File "/usr/local/lib/python3.11/site-packages/ansible/galaxy/collection/__init__.py", line 1748, in _extract_tar_file
    shutil.move(to_bytes(tmpfile_obj.name, errors='surrogate_or_strict'), b_dest_filepath)
  File "/usr/lib64/python3.11/shutil.py", line 873, in move
    copy_function(src, real_dst)
  File "/usr/lib64/python3.11/shutil.py", line 449, in copy2
    copystat(src, dst, follow_symlinks=follow_symlinks)
  File "/usr/lib64/python3.11/shutil.py", line 384, in copystat
    _copyxattr(src, dst, follow_symlinks=follow)
  File "/usr/lib64/python3.11/shutil.py", line 334, in _copyxattr
    os.setxattr(dst, name, value, follow_symlinks=follow_symlinks)
PermissionError: [Errno 13] Permission denied: b'/builds/acuity/techci/openeng-infrastructure/ansible-collections/utils/.ansible/collections/ansible_collections/community/crypto/MANIFEST.json'
ansible-galaxy [core 2.18.3]
  config file = None
  configured module search path = ['/builds/acuity/techci/openeng-infrastructure/ansible-collections/utils/.ansible/modules', '/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.11/site-packages/ansible
  ansible collection location = /builds/acuity/techci/openeng-infrastructure/ansible-collections/utils/.ansible/collections:/root/.ansible/collections:/usr/share/ansible/collections:/usr/lib/python3.11/site-packages:/usr/lib64/python3.11/site-packages:/usr/local/lib/python3.11/site-packages:/usr/local/lib64/python3.11/site-packages
  executable location = /usr/local/bin/ansible-galaxy
  python version = 3.11.11 (main, Dec  9 2024, 15:32:27) [GCC 8.5.0 20210514 (Red Hat 8.5.0-22)] (/usr/bin/python3)
  jinja version = 3.1.5
  libyaml = True
No config file found; using defaults
Created /root/.ansible/galaxy_token
Collection 'community.crypto:2.25.0' obtained from server default https://galaxy.ansible.com/api/
ERROR! Unexpected Exception, this is probably a bug: [Errno 13] Permission denied: b'/builds/acuity/techci/openeng-infrastructure/ansible-collections/utils/.ansible/collections/ansible_collections/community/crypto/MANIFEST.json'
Command ansible-galaxy collection install -vvv community.crypto:>2.20.0, returned 250 code:
Starting galaxy collection install process
Process install dependency map
Starting collection install process
Downloading https://galaxy.ansible.com/api/v3/plugin/ansible/content/published/collections/artifacts/community-crypto-2.25.0.tar.gz to /root/.ansible/tmp/ansible-local-275thmlaxj/tmpedui9x70/community-crypto-2.25.0-nlsp00vw
Installing 'community.crypto:2.25.0' to '/builds/acuity/techci/openeng-infrastructure/ansible-collections/utils/.ansible/collections/ansible_collections/community/crypto'
the full traceback was:
Traceback (most recent call last):
  File "/usr/lib64/python3.11/shutil.py", line 853, in move
    os.rename(src, real_dst)
OSError: [Errno 18] Invalid cross-device link: b'/root/.ansible/tmp/ansible-local-275thmlaxj/tmpedui9x70/tmpkqj_vkrv' -> b'/builds/acuity/techci/openeng-infrastructure/ansible-collections/utils/.ansible/collections/ansible_collections/community/crypto/MANIFEST.json'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
  File "/usr/local/lib/python3.11/site-packages/ansible/cli/__init__.py", line 646, in cli_executor
    exit_code = cli.run()
                ^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/ansible/cli/galaxy.py", line 727, in run
    return context.CLIARGS['func']()
           ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/ansible/cli/galaxy.py", line 98, in method_wrapper
    return wrapped_method(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/ansible/cli/galaxy.py", line 1392, in execute_install
    self._execute_install_collection(
  File "/usr/local/lib/python3.11/site-packages/ansible/cli/galaxy.py", line 1441, in _execute_install_collection
    install_collections(
  File "/usr/local/lib/python3.11/site-packages/ansible/galaxy/collection/__init__.py", line 780, in install_collections
    install(concrete_coll_pin, output_path, artifacts_manager)
  File "/usr/local/lib/python3.11/site-packages/ansible/galaxy/collection/__init__.py", line 1520, in install
    install_artifact(
  File "/usr/local/lib/python3.11/site-packages/ansible/galaxy/collection/__init__.py", line 1606, in install_artifact
    _extract_tar_file(collection_tar, MANIFEST_FILENAME, b_collection_path, b_temp_path)
  File "/usr/local/lib/python3.11/site-packages/ansible/galaxy/collection/__init__.py", line 1748, in _extract_tar_file
    shutil.move(to_bytes(tmpfile_obj.name, errors='surrogate_or_strict'), b_dest_filepath)
  File "/usr/lib64/python3.11/shutil.py", line 873, in move
    copy_function(src, real_dst)
  File "/usr/lib64/python3.11/shutil.py", line 449, in copy2
    copystat(src, dst, follow_symlinks=follow_symlinks)
  File "/usr/lib64/python3.11/shutil.py", line 384, in copystat
    _copyxattr(src, dst, follow_symlinks=follow)
  File "/usr/lib64/python3.11/shutil.py", line 334, in _copyxattr
    os.setxattr(dst, name, value, follow_symlinks=follow_symlinks)
PermissionError: [Errno 13] Permission denied: b'/builds/acuity/techci/openeng-infrastructure/ansible-collections/utils/.ansible/collections/ansible_collections/community/crypto/MANIFEST.json'
ansible-galaxy [core 2.18.3]
  config file = None
  configured module search path = ['/builds/acuity/techci/openeng-infrastructure/ansible-collections/utils/.ansible/modules', '/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.11/site-packages/ansible
  ansible collection location = /builds/acuity/techci/openeng-infrastructure/ansible-collections/utils/.ansible/collections:/root/.ansible/collections:/usr/share/ansible/collections:/usr/lib/python3.11/site-packages:/usr/lib64/python3.11/site-packages:/usr/local/lib/python3.11/site-packages:/usr/local/lib64/python3.11/site-packages
  executable location = /usr/local/bin/ansible-galaxy
  python version = 3.11.11 (main, Dec  9 2024, 15:32:27) [GCC 8.5.0 20210514 (Red Hat 8.5.0-22)] (/usr/bin/python3)
  jinja version = 3.1.5
  libyaml = True
No config file found; using defaults
Created /root/.ansible/galaxy_token
Collection 'community.crypto:2.25.0' obtained from server default https://galaxy.ansible.com/api/
ERROR! Unexpected Exception, this is probably a bug: [Errno 13] Permission denied: b'/builds/acuity/techci/openeng-infrastructure/ansible-collections/utils/.ansible/collections/ansible_collections/community/crypto/MANIFEST.json'

Ths is being ran via gitlab pipeline, that is using a custom container image, that basically has our pki certs added to it, and adt is installed via python3 -m pip install ansible-dev-tools in the container file, all using the ubi8 as the base image. Anyone come across something like this before?

Edit: If I install the collections needed prior to running the ansible-lint command everything also works as expected with the latest versions. However, shouldn’t ansible-lint do this for me?

2

It looks like ansible-lint tries to install the collection but it fails:

What user is the GitLab CI running as and what is the ownership of the directory in question? Try adding this to .gitlab-ci.yml to debug?

before_script:
  - whoami
  - ls -lah /builds/acuity/techci/openeng-infrastructure/ansible-collections/utils/
3

Here is the info from the before_script.

$ whoami
root
$ echo $ansible_collection_path
/builds/acuity/techci/openeng-infrastructure/ansible-collections/utils/
$ ls -lah $ansible_collection_path
total 52K
drwxrwxrwx. 7 root root 4.0K Mar  4 12:43 .
drwxrwxrwx. 4 root root 4.0K Mar  4 12:43 ..
drwxrwxrwx. 6 root root 4.0K Mar  4 12:43 .git
-rw-rw-rw-. 1 root root 4.2K Mar  4 12:43 .gitlab-ci.yml
-rw-rw-rw-. 1 root root  708 Mar  4 12:43 CHANGELOG.md
-rw-rw-rw-. 1 root root  549 Mar  4 12:43 CHANGELOG.rst
-rw-rw-rw-. 1 root root  680 Mar  4 12:43 README.md
drwxrwxrwx. 2 root root 4.0K Mar  4 12:43 changelogs
drwxrwxrwx. 2 root root 4.0K Mar  4 12:43 docs
-rw-rw-rw-. 1 root root 3.4K Mar  4 12:43 galaxy.yml
drwxrwxrwx. 2 root root 4.0K Mar  4 12:43 meta
drwxrwxrwx. 5 root root 4.0K Mar  4 12:43 roles

What is odd is that I can add ansible-galaxy collection install community.crypto community.general to the before_script, to install the collections, before the linting stage and everything works as it should.

4

That is odd, I can’t see why there is a permissions issue, if I was you I’d probably just use the work-around and not worry too much about it… :woman_shrugging: