why i cannot remove this file /etc/yum.repos.d/redhat-rhui,repo even with the root permission.

Dear Ansible Gurus and friends:

I have the following ansible script to remove the default AWS repos on an new created RHEL ec2 instance from Packer.

It works well untill the “Remove AWS RHUI repos” module. For some reason, the privilege escalation doesn’t work for this native file module. However, if I use the command module with a sudo command, it works fine as " sudo rm -rf /etc/yum.repos.d/redhat-rhui.repo"

I could not figure out why it behaves like this. Could anyone help me with this ? I have been stucked here for a few days for deliver this Packer script with ansible calls.

  • name: Configure BASE Linux Servers
    hosts: linux
    gather_facts: true
    become: yes
    become_user: root
    become_method: su
    pre_tasks:

  • name: Debug
    raw: sleep 1

  • name: get the username running the deploy
    become: false
    local_action: command whoami
    register: username_on_the_host

  • debug: var=username_on_the_host

  • name: Show /etc/ssh/sshd_config file content
    command: sudo cat /etc/ssh/sshd_config
    register: cat
    become: yes
    become_method: su
    become_user: root

  • debug: var=cat.stdout_lines

  • name: Remove AWS RHUI repos
    file:
    path: “{{ item }}”
    state: absent
    force: yes
    with_items:

  • /etc/yum.repos.d/redhat-rhui.repo

  • /etc/yum.repos.d/rhui-load-balancers.conf

  • /etc/yum.repos.d/redhat-rhui-client-config.repo

  • /etc/yum/pluginconf.d/amazon-id.conf

  • /etc/yum/pluginconf.d/rhui-lb.conf

roles:

  • { role: linux_common, tags: linux_common }
  • { role: deep_security_agent, tags: deep_security_agent }

The error is like below:

amazon-ebs: TASK [Remove AWS RHUI repos] ***************************************************
amazon-ebs: failed: [default] (item=/etc/yum.repos.d/redhat-rhui.repo) => {“changed”: false, “gid”: 0, “group”: “root”, “item”: “/etc/yum.repos.d/redhat-rhui.repo”, “mode”: “0644”, “msg”: "unlinking failed: [Errno 13] Permission denied: ‘/etc/yum.repos.d/redhat-rhui.repo’ ", “owner”: “root”, “path”: “/etc/yum.repos.d/redhat-rhui.repo”, “secontext”: “system_u:object_r:system_conf_t:s0”, “size”: 8679, “state”: “file”, “uid”: 0}
amazon-ebs: failed: [default] (item=/etc/yum.repos.d/rhui-load-balancers.conf) => {“changed”: false, “gid”: 0, “group”: “root”, “item”: “/etc/yum.repos.d/rhui-load-balancers.conf”, “mode”: “0644”, “msg”: "unlinking failed: [Errno 13] Permission denied: ‘/etc/yum.repos.d/rhui-load-balancers.conf’ ", “owner”: “root”, “path”: “/etc/yum.repos.d/rhui-load-balancers.conf”, “secontext”: “system_u:object_r:system_conf_t:s0”, “size”: 80, “state”: “file”, “uid”: 0}
amazon-ebs: failed: [default] (item=/etc/yum.repos.d/redhat-rhui-client-config.repo) => {“changed”: false, “gid”: 0, “group”: “root”, “item”: “/etc/yum.repos.d/redhat-rhui-client-config.repo”, “mode”: “0644”, “msg”: "unlinking failed: [Errno 13] Permission denied: ‘/etc/yum.repos.d/redhat-rhui-client-config.repo’ ", “owner”: “root”, “path”: “/etc/yum.repos.d/redhat-rhui-client-config.repo”, “secontext”: “system_u:object_r:system_conf_t:s0”, “size”: 607, “state”: “file”, “uid”: 0}
amazon-ebs: failed: [default] (item=/etc/yum/pluginconf.d/amazon-id.conf) => {“changed”: false, “gid”: 0, “group”: “root”, “item”: “/etc/yum/pluginconf.d/amazon-id.conf”, “mode”: “0644”, “msg”: "unlinking failed: [Errno 13] Permission denied: ‘/etc/yum/pluginconf.d/amazon-id.conf’ ", “owner”: “root”, “path”: “/etc/yum/pluginconf.d/amazon-id.conf”, “secontext”: “system_u:object_r:etc_t:s0”, “size”: 17, “state”: “file”, “uid”: 0}
amazon-ebs: failed: [default] (item=/etc/yum/pluginconf.d/rhui-lb.conf) => {“changed”: false, “gid”: 0, “group”: “root”, “item”: “/etc/yum/pluginconf.d/rhui-lb.conf”, “mode”: “0644”, “msg”: "unlinking failed: [Errno 13] Permission denied: ‘/etc/yum/pluginconf.d/rhui-lb.conf’ ", “owner”: “root”, “path”: “/etc/yum/pluginconf.d/rhui-lb.conf”, “secontext”: “system_u:object_r:etc_t:s0”, “size”: 74, “state”: “file”, “uid”: 0}
amazon-ebs: to retry, use: --limit @/workdir/Ansible/playbooks/common/Configure_Base_Linux.retry
amazon-ebs:
amazon-ebs: PLAY RECAP *********************************************************************
amazon-ebs: default : ok=6 changed=3 unreachable=0 failed=1
amazon-ebs:
==> amazon-ebs: Terminating the source AWS instance…
==> amazon-ebs: Cleaning up any extra volumes…
==> amazon-ebs: No volumes to clean up, skipping
==> amazon-ebs: Deleting temporary security group…
==> amazon-ebs: Deleting temporary keypair…
Build ‘amazon-ebs’ errored: Error executing Ansible: Non-zero exit status: exit status 2

Here is the output with --vvv option:

amazon-ebs: TASK [Remove AWS RHUI repos] ***************************************************
amazon-ebs: failed: [default] (item=/etc/yum.repos.d/redhat-rhui.repo) => {“changed”: false, “gid”: 0, “group”: “root”, “item”: “/etc/yum.repos.d/redhat-rhui.repo”, “mode”: “0644”, “msg”: "unlinking failed: [Errno 13] Permission denied: ‘/etc/yum.repos.d/redhat-rhui.repo’ ", “owner”: “root”, “path”: “/etc/yum.repos.d/redhat-rhui.repo”, “secontext”: “system_u:object_r:system_conf_t:s0”, “size”: 8679, “state”: “file”, “uid”: 0}
amazon-ebs: failed: [default] (item=/etc/yum.repos.d/rhui-load-balancers.conf) => {“changed”: false, “gid”: 0, “group”: “root”, “item”: “/etc/yum.repos.d/rhui-load-balancers.conf”, “mode”: “0644”, “msg”: "unlinking failed: [Errno 13] Permission denied: ‘/etc/yum.repos.d/rhui-load-balancers.conf’ ", “owner”: “root”, “path”: “/etc/yum.repos.d/rhui-load-balancers.conf”, “secontext”: “system_u:object_r:system_conf_t:s0”, “size”: 80, “state”: “file”, “uid”: 0}
amazon-ebs: failed: [default] (item=/etc/yum.repos.d/redhat-rhui-client-config.repo) => {“changed”: false, “gid”: 0, “group”: “root”, “item”: “/etc/yum.repos.d/redhat-rhui-client-config.repo”, “mode”: “0644”, “msg”: "unlinking failed: [Errno 13] Permission denied: ‘/etc/yum.repos.d/redhat-rhui-client-config.repo’ ", “owner”: “root”, “path”: “/etc/yum.repos.d/redhat-rhui-client-config.repo”, “secontext”: “system_u:object_r:system_conf_t:s0”, “size”: 607, “state”: “file”, “uid”: 0}
amazon-ebs: failed: [default] (item=/etc/yum/pluginconf.d/amazon-id.conf) => {“changed”: false, “gid”: 0, “group”: “root”, “item”: “/etc/yum/pluginconf.d/amazon-id.conf”, “mode”: “0644”, “msg”: "unlinking failed: [Errno 13] Permission denied: ‘/etc/yum/pluginconf.d/amazon-id.conf’ ", “owner”: “root”, “path”: “/etc/yum/pluginconf.d/amazon-id.conf”, “secontext”: “system_u:object_r:etc_t:s0”, “size”: 17, “state”: “file”, “uid”: 0}
amazon-ebs: failed: [default] (item=/etc/yum/pluginconf.d/rhui-lb.conf) => {“changed”: false, “gid”: 0, “group”: “root”, “item”: “/etc/yum/pluginconf.d/rhui-lb.conf”, “mode”: “0644”, “msg”: "unlinking failed: [Errno 13] Permission denied: ‘/etc/yum/pluginconf.d/rhui-lb.conf’ ", “owner”: “root”, “path”: “/etc/yum/pluginconf.d/rhui-lb.conf”, “secontext”: “system_u:object_r:etc_t:s0”, “size”: 74, “state”: “file”, “uid”: 0}
amazon-ebs: to retry, use: --limit @/workdir/Ansible/playbooks/common/Configure_Base_Linux.retry
amazon-ebs:
amazon-ebs: PLAY RECAP *********************************************************************
amazon-ebs: default : ok=6 changed=3 unreachable=0 failed=1
amazon-ebs:
==> amazon-ebs: Terminating the source AWS instance…
==> amazon-ebs: Cleaning up any extra volumes…
==> amazon-ebs: No volumes to clean up, skipping
==> amazon-ebs: Deleting temporary security group…
==> amazon-ebs: Deleting temporary keypair…
Build ‘amazon-ebs’ errored: Error executing Ansible: Non-zero exit status: exit status 2

I got it reoslved by using a different user. running packer under root will not escalate the privilege to root. not sure if it’s a bug or something.