Problem with permissions

I have permission problem when I try do deploy something using Ansible, here is the log:

host001:svc_test_prod02~/ansible$ ansible-playbook -i inventory/prod/ acc.yml -v --vault-password-file=~/.ansible-vault-pw --private-key ~/.ssh/svc_test_prod02

PLAY [impact02] ***************************************************************

GATHERING FACTS ***************************************************************
ok: [impact02]

TASK: [ac_connect | debug environment] ****************************************
ok: [impact02] => {
“msg”: “we are in PROD02 environment, temp dir /opt/refdata/PROD02/.acconnect_impact_temp”
}

TASK: [ac_connect | create directories] ***************************************
failed: [impact02] => {“failed”: true, “parsed”: false}
/home/svc_test_prod02/.bashrc: line 24: /opt/refdata/PROD02/test/bin/acenv.sh: No such file or directory
Traceback (most recent call last):
File “/home/svc_test_prod02/.ansible/tmp/ansible-tmp-1441058033.64-235558047812754/file”, line 1999, in
main()
File “/home/svc_test_prod02/.ansible/tmp/ansible-tmp-1441058033.64-235558047812754/file”, line 279, in main
os.mkdir(curpath)
OSError: [Errno 13] Permission denied: ‘/opt/refdata/PROD02’

FATAL: all hosts have already failed – aborting

PLAY RECAP ********************************************************************
to retry, use: --limit @/home/svc_test_prod02/acc.retry

impact02 : ok=2 changed=0 unreachable=0 failed=1

the runbook tries to create a directory.

What I did is I added the svc_test_prod02 public key to authorized_keys2. The user is defined in the inventory like this:

ansible_ssh_user: svc_test_prod02

Is there anything else I need to do? To add to this - this problem only happens when I perform this task as svc_test_prod02 user. If I login as my personal user I don’t have permission issues.

What about doing the login as your service account?

Most likely your user is missing sudo permissions or your playbook does not use sudo settings.

As the error message states, svc-test-prod02 is not allowed to write in the /opt/refdata directory. If I have to guess, I would say its owned by root:root with default 0755 permission. Thus only sudo will work.

/mf

I do have permissions there, the error I get:
OSError: [Errno 13] Permission denied: ‘/opt/refdata/PROD02’

here is what I see:

host001:svc_test_prod02/opt/refdata$ ls-ltr
drwxrwx— 6 svc_test_prod02 testprod 4096 Sep 1 15:07 PROD02

I am trying to isolate the problem, I left the python files that are generated in the .ansible directory.

I ran this:

myhost001~/.ansible/tmp$ /bin/sh -c ‘LANG=C LC_CTYPE=C /usr/bin/python /home/svc_acplus_prod02/.ansible/tmp/ansible-tmp-1441218726.44-141986608018617/file’

and see this output:

{“group”: “acplusprod”, “uid”: 102116, “changed”: false, “state”: “directory”, “gid”: 103244, “mode”: “0770”, “own er”: “svc_acplus_prod02”, “path”: “/opt/refdata/PROD02/apps/.tmp”, “size”: 4096}

This is the file that failed with not enough privilege, I ran it as my ansible_ssh_user by logging in into ansible_ssh_host. I got the command line from the logs which showed what was running. I am not sure if there are some variables that need to be set up to emulate exactly the install.