Due to the joys of Enterprise security, it appears that ansible is hanging (literally just sits until I Ctl+C like 10 minutes later) when trying to run any modules besides raw.
So for an example of a working command:
$ ansible all -i <path/to/hosts_file> -m raw -a “whoami; hostname” -u myself -s -U sudo_user -v
Yields lots of pretty green output with the hostname | success | rc=0 => etc. etc.
The following command module invocation though just hangs (with and without sudo_user being added):
$ ansible all -i <path/to/hosts_file> -m command -a “hostname” -u myself (-s -U sudo_user) -vvvv
With it in -vvvv verbose mode I’m able to see it connect to the server, sudo to the user properly and even upload the file, but then it just sits forever. So I decided to go take a look.
It appears that the module is indeed uploaded to the remote /tmp/ansible-<dynamic_stuff>/command location and has all the proper code, but the default permissions for newly created files on the server are setting it to 644 instead of 755. In turn the command is never able to be executed (best guess)?
Any ideas on how to fix this? Has anyone encountered this before? Is there a way to tell ansible to run chmod 755 on all modules it uploads somewhere perhaps? Or a hook where I could chmod 755 the entire /tmp/ansible-* directory recursively?
Thanks for any ideas / suggestions. Unfortunately I’m not able to control the default permissions on newly created files in my environment.
Correction, it appears if I run the command module as my regular user without sudo it actually works as expected, but as soon as I add the sudo user flag and the username in it changes the file’s permissions when created. It appears that the file is still under my user’s ownership which is why I can easily chmod it, but it’s odd that it runs when just run by me directly without sudo, but not when uploaded by me while using the sudo flags.
That said, the initial problem is still essentially the same. I need to see if there’s a way to have the modules’ permissions changed after each upload or if there’s even a way I can upload the modules myself and change the permissions on them and have ansible use the pre-uploaded modules somehow?
And farther and farther down the rabbit hole I go. Brian helped me figure out where permissions were being changed in IRC. Unfortunately making it executable worked as far as the permissions change didn’t make any difference in the module returning any results (which I was able to see it’s being called via system python directly so it really shouldn’t have). Now I have no clue why it’s just hanging after being invoked…
So… logging in and running modules directly as myself works, and via sudo to a non-root user with the raw module works, but as soon as I try execute any module as a non-root user via sudo it hangs.
