All,
We are using whitelisting software from McAfee. It is called Solidifier. When enabled, it prevents execution of non-solidified executables. In practical terms, that means that when Ansible creates a temporary python script and attempts to execute, it is blocked by Solidifier.
There are a number of workarounds availble. The easy ones have been ruled out for security reasons and those have to do with putting Solidifier in update mode, run ansible-playbook, and then re-enable it.
Other things I have tried:
- In /etc/ansible.cfg, I enabled pipelining. BTW, I made sure requiretty is disabled in /etc/sudoers. Turning this on didn’t help.
- I also tried setting ANSIBLE_PIPELINING environment variable and ANSIBLE_SSH_PIPELINING environment variable. This is a redundancy but I was throwing spagetti against the wall to see what would stick.
I also noticed a special_context_filesystems in the [selinux] section so enabled that.
Nothing helped.
I attached a file in which I captured the output from ansible.
Is there a way to prevent ansible from creating temporary python scripts and then attempting to run them?
(attachments)
ansible_failure (1.37 KB)