Executing python script on remote server using ansible Error - ansible

I am logged in as root#x.x.x.12 with ansible 2.8.3 Rhel 8.
I wish to copy few files to root#x.x.x.13 Rhel 8 and then execute a python script.
I am able to copy the files sucessfully using ansible. I had even copied the keys and now it is ssh-less.
But during execution of script :
'fatal: [web_node1]: FAILED! => {"changed": false, "msg": "Could not find or access '/root/ansible_copy/write_file.py' on the Ansible Controller.\nIf you are using a module and expect the file to exist on the remote, see the remote_src option"}'
Please note that I am a novice to ansible.
I guess there is some permission issues.
Please Help me out if possible.
Thanking in anticipation
**yaml_file**
-
name: Copy_all_ansible_files_to_servers
hosts: copy_Servers
become: true
become_user: root
tasks:
-
name: copy_to_all
copy:
src: /home/testuser/ansible_project/{{item}}
dest: /root/ansible_copy/{{item}}
owner: root
group: root
mode: u=rxw,g=rxw,o=rxw
with_items:
- write_file.py
- sink.txt
- ansible_playbook_task.yaml
- copy_codes_2.yaml
notify :
- Run_date_command
-
name: Run_python_script
script: /root/ansible_copy/write_file.py > /root/ansible_copy/sink.txt
args:
#chdir: '{{ role_path }}'
executable: /usr/bin/python3.6
**inventory_file**
-
web_node1 ansible_host=x.x.x.13
[control]
thisPc ansible_connection=local
#Groups
[copy_Servers]
web_node1
Command: ansible-playbook copy_codes_2.yaml -i inventory.dat =>
PLAY [Copy_all_ansible_files_to_servers] *******************************************************************************************************************************************************************
TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [web_node1]
TASK [copy_to_all] *****************************************************************************************************************************************************************************************
ok: [web_node1] => (item=write_file.py)
ok: [web_node1] => (item=sink.txt)
ok: [web_node1] => (item=ansible_playbook_task.yaml)
ok: [web_node1] => (item=copy_codes_2.yaml)
TASK [Run_python_script] ***********************************************************************************************************************************************************************************
fatal: [web_node1]: FAILED! => {"changed": false, "msg": "Could not find or access '/root/ansible_copy/write_file.py' on the Ansible Controller.\nIf you are using a module and expect the file to exist on the remote, see the remote_src option"}
PLAY RECAP *************************************************************************************************************************************************************************************************
web_node1 : ok=2 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0

The script command will actually copy the file to the remote server before running it. Thus, when it complains about not being able to find or access the script, it's because it's trying to copy from /root/ansible_copy/write_file.py to the server.
If you don't really need the script to remain on the server after you execute it, you could remove the script from the copy task and change the script task to have the src point at /home/testuser/ansible_project/write_file.py.
Alternatively, instead of using the script command, you can manually run the script after transferring it using:
- name: run the write_file.py after it has already been transferred
command: python3.6 /root/ansible_copy/write_file.py > /root/ansible_copy/sink.txt
(Note: you may need to provide the full path to your python3.6 executable)

Related

OSError: [Errno 1] Operation not permitted in ansible

From my CentOS(Ansible controller host) trying to run below playbook.
Ansible version:-
$ ansible --version
ansible 2.9.21
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.6/site-packages/ansible
executable location = /usr/bin/ansible
python version = 3.6.8 (default, Aug 24 2020, 17:57:11) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]
---
- hosts: pro-server
become: yes
remote_user: root
tasks:
- name: Set authorized key taken from file
ansible.posix.authorized_key:
user: root
state: present
key: "{{ lookup('file', '/root/.ssh/id_rsa.pub') }}"
It fails with below error.
$ ansible-playbook -i hosts add-ssh-key.yml
PLAY [pro-server] ****************************************************************************************************************************************
TASK [Gathering Facts] ****************************************************************************************************************************************
ok: [50.51.52.24]
TASK [Set authorized key taken from file] ********************************************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: OSError: [Errno 1] Operation not permitted
fatal: [50.51.52.24]: FAILED! => {"changed": false, "msg": "Unable to make /tmp/tmp73HusP into to /root/.ssh/authorized_keys, failed final rename from /root/.ssh/.ansible_tmpy4MPxlauthorized_keys: [Errno 1] Operation not permitted"}
PLAY RECAP ****************************************************************************************************************************************************
50.51.52.24 : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
added the following to /etc/ansible/ansible.cfg. However still same problem persists.
allow_world_readable_tmpfiles = True
Any pointer to solve this problem will be helpful. Thank you.
As discussed in the comments, the problem is an 'a' attribute set on the authorized_keys file.
From man chattr:
A file with the 'a' attribute set can only be open in append mode for writing. Only the superuser or a process possessing the CAP_LINUX_IMMUTABLE capability can set or clear this attribute.
This can be fixed using the file module:
- name: make sure the 'a' attribute is removed from the authorized_keys-file
file:
path: '/root/.ssh/authorized_keys'
attributes: '-a'

You need to be root to execute - ansible

I have a lab setup with ansible controller + node and exploring few areas.
I am so far setup an user account named ansible in both machines and enabled ssh keybased authentication
Also setup sudo premissions for the user in both machines
When I try to run the below playbook , It works on the local machine and fails on the other node.
--- #Install Telnet
- hosts: all
name: Install Telnet
become: true
become_user: ansible
become_method: sudo
tasks:
- yum:
name: telnet
state: latest
Output is as follows
`[ansible#host1 playbooks]$ ansible-playbook telnetDeployYUM.yml
PLAY [Install Telnet] ***********************************************************************************************************************************************************************
TASK [Gathering Facts] **********************************************************************************************************************************************************************
ok: [192.168.64.6]
ok: [192.168.64.5]
TASK [yum] **********************************************************************************************************************************************************************************
ok: [192.168.64.5]
fatal: [192.168.64.6]: FAILED! => {"changed": true, "msg": "You need to be root to perform this command.\n", "obsoletes": {"grub2": {"dist": "x86_64", "repo": "#anaconda", "version": "1:2.02-0.64.el7.centos"}, "grub2-tools": {"dist": "x86_64", "repo": "#anaconda", "version": "1:2.02-0.64.el7.centos"}}, "rc": 1, "results": ["Loaded plugins: fastestmirror\n"]}
to retry, use: --limit #/home/ansible/playbooks/telnetDeployYUM.retry
PLAY RECAP **********************************************************************************************************************************************************************************
192.168.64.5 : ok=2 changed=0 unreachable=0 failed=0
192.168.64.6 : ok=1 changed=0 unreachable=0 failed=1
[ansible#host1 playbooks]$
`
I could also manually able to run sudo yum on the failed target as ansible user
I believe sudo set up in correct
[ansible#host2 root]$ sudo whoami
root
Can experts share some insights on what I am missing with respect to my failed machine , Thanks.
Below should work fine
- hosts: all
name: Install Telnet
become: yes
tasks:
- yum:
name: telnet
state: latest
ansible or user through which ansible is getting executed should be in sudoers file.
You are changing your user to ansible which is not required.
Run with -vvvv to see what ansible is doing.
Have you setup ansible in sudoers for password less privilege elevation?
you are getting a message that it is waiting for "escalation prompt". That means when you are running with become, you are failing to become since it needs the password. Make sure your test user is in /etc/sudoers AND you have it marked for that user to NOT need to enter a password when running sudo commands. The entry should end with :NOPASSWD on the line in that file.

Need ansible inventory file details

Could someone please help me to write ansible inventory file to connect to bitbucket - clone a file and place into ansible machine.
Playbook
---
- hosts: bitbucketURL
tasks:
- git:
repo: https://p-bitbucket.com:5999/projects/VIT/repos/sample-playbooks/browse/hello.txt
dest: /home/xxx/demo/output/
Inventory file
[bitbucketURL]
p-bitbucket.com:5999
[bitbucketURL:vars]
ansible_connection=winrm
ansible_user=xxx
ansible_pass=<passwd>
I am getting error while using this playbook and inventory file
-bash-4.2$ ansible-playbook -i inv demo_draft1.yml
PLAY [bitbucketURL] *****************************************************************************************************************************************
TASK [Gathering Facts] **************************************************************************************************************************************
fatal: [p-bitbucket.nl.eu.abnamro.com]: UNREACHABLE! => {"changed": false, "msg": "ssl: auth method ssl requires a password", "unreachable": true}
to retry, use: --limit #/home/c55016a/demo/demo_draft1.retry
PLAY RECAP **************************************************************************************************************************************************
p-bitbucket.nl.eu.abnamro.com : ok=0 changed=0 unreachable=1 failed=0
Please help me write a proper inventory file with correct parameters
You need no inventory at all. All you need to do is to set the play to execute on localhost:
---
- hosts: localhost
connection: local
gather_facts: false
tasks:
- git:
repo: https://p-bitbucket.com:5999/projects/VIT/repos/sample-playbooks/browse/hello.txt
dest: /home/xxx/demo/output/
That said, URL should point to Git repository, not a single file (if hello.txt is a single file).

Two different version of ansible gives two different outputs for same ansible playbook

- hosts: Ebonding
become: yes
become_method: sudo
tasks
- name: Clearing cache of Server4
file: path=/weblogic/bea/user_projects/domains/tmp state=absent
become: yes
become_user: wls10
Ansible version 2.0.0.0 run the above playbook successfully::
PLAY ***************************************************************************
TASK [setup] *******************************************************************
ok: [ggnqinfa2]
TASK [Clearing cache of Server4] ***********************************************
ok: [ggnqinfa2]
PLAY RECAP *********************************************************************
ggnqinfa2 : ok=2 changed=0 unreachable=0 failed=0
But latest version of ansible 2.5.0rc2 encountered below error::
PLAY [Ebonding] *****************************************************************************************************************************************************
TASK [Gathering Facts] **********************************************************************************************************************************************
ok: [ggnqinfa2]
TASK [Clearing cache of Server4] ************************************************************************************************************************************
fatal: [ggnqinfa2]: FAILED! => {"msg": "Failed to set permissions on the temporary files Ansible needs to create when becoming an unprivileged user (rc: 2, err: chown: /var/tmp/ansible-tmp-1520704924.34-191458796685785/: Not owner\nchown: /var/tmp/ansible-tmp-1520704924.34-191458796685785/file.py: Not owner\n}). For information on working around this, see https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user"}
PLAY RECAP **********************************************************************************************************************************************************
ggnqinfa2 : ok=1 changed=0 unreachable=0 failed=1
How can i run this playbook by latest version of ansible successfully?
Chances are the user you're using (wls10) does not have write access to the remote temporary directory /var/tmp.
This can be overridden using ansible.cfg and set via remote_tmp to a directory you have write-access to -- or, a "normal temp directory" (like /tmp) that has the sticky bit set.
For more info, see
http://docs.ansible.com/ansible/latest/intro_configuration.html#remote-tmp

Unable to escalate privileges for a task in ansible even after using become

I am trying to automate a scenario using ansible.
- name: Copy NRPE Upgrade script
template: src=nagiosclient.sh.j2 dest=/var/tmp/nagiosclient.sh
- name: Add Execute permissions of the script
file: dest=/var/tmp/nagiosclient.sh mode=a+x
- name: Execute the NRPE script
script: /var/tmp/nagiosclient.sh
become: true
tags: test
This is an excerpt of my playbook. This playbooks successfully runs the copy and add execute permissions tasks.
But when I try to run , the execute one it fails.
Because ansible is trying to login as 'gparasha' user, this path /var/tmp is unavailable for this user as expected.
But even if i add a "become:true" in the task as done above,
and even after using --become in the ansible playbook task,
i.e. "ansible-playbook -i hosts tltd.yml --become --tags test"
I am getting a permission denied error..
Can anyone suggest as to what is wrong here and how to rectify it?
gparasha-macOS:TLTD gparasha$ ansible-playbook -i hosts tltd.yml --become --tags test
PLAY [Run tasks on Author] **************************************************************************************************************************************************************
TASK [Gathering Facts] ******************************************************************************************************************************************************************
ok: [13.229.22.58]
fatal: [34.198.174.78]: UNREACHABLE! => {"changed": false, "msg": "Authentication failure.", "unreachable": true}
TASK [author : Execute the NRPE script] *************************************************************************************************************************************************
fatal: [13.229.22.58]: FAILED! => {"changed": false, "failed": true, "msg": "Could not find or access '/var/tmp/nagiosclient.sh'"}
[WARNING]: Could not create retry file '/opt/ansible/TLTD/tltd.retry'. [Errno 13] Permission denied: u'/opt/ansible/TLTD/tltd.retry'
PLAY RECAP ******************************************************************************************************************************************************************************
13.229.22.58 : ok=1 changed=0 unreachable=0 failed=1
34.198.174.78 : ok=0 changed=0 unreachable=1 failed=0
It doesn’t matter if you use become or not, because script module reads the script file from the control machine, transfers it to the target and executes there (with become privileges in your case).
The error comes from the fact that the script does not exist at /var/tmp/nagiosclient.sh on the control machine.
If you want to execute it on the target, you should use shell module and run /var/tmp/nagiosclient.sh.
Moreover, the permission denied problem is completely unrelated and it is a warning that a retry-file could not be created; also on the control machine.

Resources