Ansible log user & group ownership

Get Help
1

I am trying to make the Ansible logs writable by more than one unix user, as we have multiple users who are running playbooks against our machines.

  • log_path=/var/log/ansible/ is set in the ansible.cfg
  • With chmod and chown I can tweak ownership & permissions after the logs have been created
  • But if anyone else tries to run a playbook, it fails & reports:
    • ERROR: [Errno 13] Permission denied:

If its not possible to make a single Ansible log file writable by multiple users, how would you recommend my group handle the logs?

  • Each user gets their own logs dir?
  • Only have a single account that runs playbooks?
  • Remove logging from the config and specify location instead within a playbook?

For some context on my usage of Ansible, see my question on generating logs for distinct target machines.

2

Not really an answer, but do you know of ARA (Ansible Records Ansible)? That might be a better solution than writing logs to a file, especially one shared by different users.

3

An interesting extension but just a level or two of complexity I don’t have the bandwidth for. I already use file logs for a bunch of other services, so it made sense reuse existing tools.

So @felixfontein, you don’t know if

  • one can specify ownership & permissions on log files apriori?
  • or even if they are permissive, have multiple users write to the same file in series?
4

another option is to use a syslog based callback, the ansible.log file is written to directly by the Ansible process, so the ownership cannot change unless you run as root or some similar workaround