Hi,
I’m having problems with permissions accessing files.
I have this simple test playbook:
The file “/tmp/root.txt” is owned by the root user with permissions 600.
If I’m using “sudo”, why the playbook cannot access the file?
Now I have seen an issue in the Ansible github with the same problem:
https://github.com/ansible/ansible/issues/6948
It provides a patch to solve the error, but it only changes the error message.
The original error was:
TASK: [copy src=/tmp/root.txt dest=/tmp/pr.txt] *******************************
fatal: [158.42.104.90] => Traceback (most recent call last):
File “/usr/lib/pymodules/python2.7/ansible/runner/init.py”, line 532, in _executor
exec_rc = self._executor_internal(host, new_stdin)
File “/usr/lib/pymodules/python2.7/ansible/runner/init.py”, line 629, in _executor_internal
return self._executor_internal_inner(host, self.module_name, self.module_args, inject, port, complex_args=complex_args)
File “/usr/lib/pymodules/python2.7/ansible/runner/init.py”, line 815, in _executor_internal_inner
result = handler.run(conn, tmp, module_name, module_args, inject, complex_args)
File “/usr/lib/pymodules/python2.7/ansible/runner/action_plugins/copy.py”, line 158, in run
local_md5 = utils.md5(source_full)
File “/usr/lib/pymodules/python2.7/ansible/utils/init.py”, line 570, in md5
infile = open(filename, ‘rb’)
IOError: [Errno 13] Permission denied: u’/tmp/root.txt’
The error with the patch provided in the issues is:
TASK: [copy src=/tmp/root.txt dest=/tmp/pr.txt] *******************************
fatal: [158.42.104.90] => error while accessing the file /tmp/root.txt, error was: [Errno 13] Permission denied: u’/tmp/root.txt’
This traceback is because the local ansible can’t access the file, though we do consider tracebacks in Ansible to be bugs - in this case this is a closed ticket.
If you are seeing problems in the most recent release where you are getting a traceback, please do make sure there is a bug filed - however if Ansible can’t read /tmp/root.txt above and is dying with a friendly error mesage about permissions, this is a sign it needs to read them locally and would not be a bug.
So it depends if you are getting a traceback or a nice error message, basically.
My question is how can I copy a file from the Ansible node to the configured nodes when the file is only accessible by the root user.
Using the copy module directly does not work, so now I have to make some tricky tasks like that:
Is there any other way to do it?
sudo: true in ansible affects the remote (managed) nodes.
The user running ansible will need to be able to access the files on the local end, so sudo ansible itself in that case if you need to read /tmp/root.txt and can’t as you.