Hi!
I’m trying to run a playbook locally and also trying to use the template module here.
This is an excerpt from my playbook:
`
Modules don't know anything about become, it gets handled by ansible
itself and not the module. We seem to be missing some output as the
last command makes the temp dirs and then you get the error on
permission denied w/o the command that we attempted to execute.
Modules don't know anything about become, it gets handled by ansible
itself and not the module. We seem to be missing some output as the
last command makes the temp dirs and then you get the error on
permission denied w/o the command that we attempted to execute.
Thanks for answering, Brian.
No, there is no output missing as I reduced the testcase to the bare minimum.
But I think I know where the problem is. Let me explain:
I’m setting this all up in a cloud-like environment where the user I have to use on the target system is not root, but may sudo to root.
What I wanted to achieve is to update the content of a webserver, by regularly polling a subversion repository.
What happens when the playbook was updated is:
a) User vfuser (my crontab user) is starting ansible-playbook
b) the playbook has a become-user: apache and updates its content using subversion
c) some templates now need to be updated which need be done by user apache, as the working copy belongs to apache → This fails as ansible tries to do this as vfuser
Of course ansible has to do this as vfuser (the one running ansible) as this would be the only valid user in a push-scenario.
Unfortunately I’m in a pull-scenario and so vfuser does not have permission.
I’m doing it now (overly complicated?) like this:
- Update Content
- This is the svn up. getting the content for apache
- Make Templates Accessible
- Does a chmod 0755 on all the updated directories
- Remove Dummy Dargets
- Removes all the html files, which will get created, just in case they already exist
- Create Dummy Targets
- Now create the empty html files and chown them to vfuser
- Fill Templates
- Fill the templates as vfuser
- Set Permission of Targets
- chown back to apache
- Cleanup Templates
- remove the templates
I’m not sure whether or not I found an “edge-case”, but I think it could be beneficial, could the template-fill also be run under “become_user”.
The template get's 'filled' on the master so the remote/become users
do not matter at that point, the filled template gets copied to the
target machine as the remote user, which in the case of sudo to non
root user it will go to a more permissive directory (the case is
already handled).
For some reason your task seems to be skipping that step and then not
running the command to copy into place, which should show with -vvvv
but it is not being shown for whatever reason (probably related to why
you are getting an error).
The template get’s ‘filled’ on the master so the remote/become users
do not matter at that point,
It could (and here does) matter when you run locally because master and target are the same machine.
For some reason your task seems to be skipping that step and then not
running the command to copy into place,
It skips that step because the filling does not work.