Permission denied when deleting directory in Ansible - ansible

I have a task which simply creates directory in the home directory of user 'foo' as follows:
---
- name: Create bar directory
become: yes
become_user: foo
file:
path: "/home/foo/bar"
state: directory
owner: foo
group: foo
mode: 755
This works fine, but when I try to run a task to delete the directory created by above task, I got the following error:
TASK: [a task | Create bar directory]
failed: [192.168.50.4] => {"failed": true}
msg: rmtree failed: [Errno 13] Permission denied: '/home/foo/bar'
FATAL: all hosts have already failed -- aborting
Below is the delete task.
---
- name: Create bar directory
become: yes
become_user: foo
file:
path: "/home/foo/bar"
state: absent
I confirmed the created directory is owned by 'foo' so the directory should be able to be deleted by 'foo'. Why am I getting permission denied error?

Although the directory is owned by the correct user, I realized that the permission for the directory was not correctly set, i.e, drwxr-xr-x.
The problem was mode: 755, which does not seem to be a problem at all. But I needed to prepend 0 before 755 in order for it to work as expected.
Example in official document

Related

Unable to create a directory using Ansible

I have tried something like this
- name: Create a directory
ansible.builtin.file:
path: /etc/fail2ban
state: directory
mode: '0755'
and I am a getting a error
fatal: [localhost]: FAILED! => {"changed": false, "msg": "There was an issue creating /etc/fail2ban as requested: [Errno 13] Permission denied: b'/etc/fail2ban'", "path": "/etc/fail2ban"}
I am trying to create a directory on a remote server.
Need Help !!!
Thanks in advance.
Have you already tested the execution with become: yes?
- name: Create a directory
ansible.builtin.file:
path: /etc/fail2ban
state: directory
mode: '0755'
become: yes
See the Ansible docs for more information on become and privilege escalation.
Otherwise the output of stat might help you to understand what is going on. You could add the following two tasks before your file task:
- name: Get file stat
stat:
path: /etc/fail2ban
register: stat_result
- name: Print file stat
debug:
var: stat_result

Create a file in ansible inside a directory

I need to create the file kubernetes.list inside the directory /etc/apt/sources.list.d/
but this directory does not exist - So I want ansible to create the directory and touch the file as well.
This is the current setup I have and it throws the error
No such file or directory
- name: create the file
file:
path: path=/etc/apt/sources.list.d/kubernetes.list
state: touch
can someone please help me?
You can create the folder before creating the file:
- hosts: all
tasks:
- name: create folder if not exists
become: true
file:
path: /etc/apt/sources.list.d
state: directory
owner: root
group: root
mode: 0775
- name: create file
become: true
file:
path: /etc/apt/sources.list.d/kubernetes.list
state: touch

Issue with ansible copying file

I'm trying to provision a local kubernetes cluster using Vagrant (v2.1.2) and VirtualBox (v5.2.20).
My Vagrantfile uses the ansible_local provisioner to run some ansible playbooks to provision a K8s cluster using kubeadm.
This was all working perfectly a few months back when I ran this, but it's not working anymore. Not sure why it stopped working, but the ansible playbook for the master node fails when I trying to copy the kube config to the vagrant users home dir.
The ansible task that fails is as follows:
- name: Copy kubeconfig for vagrant user
copy:
src: /etc/kubernetes/admin.conf
dest: /home/vagrant/.kube/
owner: vagrant
group: vagrant
This is causing the following error: fatal: [master1]: FAILED! => {"msg": "an error occurred while trying to read the file '/etc/kubernetes/admin.conf': [Errno 13] Permission denied: '/etc/kubernetes/admin.conf'"}
The src file does exist. If I ssh into the VM after the failure, I can copy the file with sudo cp /etc/kubernetes/admin.conf /home/vagrant/, but the failure above causes the vagrant provisioning to fail/halt.
FYI., I've tried a few combinatons of things at the play and task levels e.g. become: true, remote_user: root e.g.
---
- hosts: all
become: true
tasks:
...
... but to no avail.
permissions on admin.conf are as follows:
vagrant#master1:/etc/kubernetes$ ls -al admin.conf
-rw------- 1 root root 5453 Aug 5 14:07 admin.conf
Full master-playbook.yml can be found here.
How do I get ansible to copy the file?
Quoting from copy
src Local path to a file to copy to the remote server.
The play failed because the user who is running the ansible playbook can't read the file at the controller (local path)
permission denied: '/etc/kubernetes/admin.conf'
Use remote_src: yes
remote_src If yes it will go to the remote/target machine for the src
- name: Copy kubeconfig for vagrant user
copy:
remote_src: yes
src: /etc/kubernetes/admin.conf
dest: /home/vagrant/.kube/
owner: vagrant
group: vagrant
From the comment, this seems to be what you want to do
"The src file does exist. If I ssh into the VM after the failure, I can copy the file with sudo cp /etc/kubernetes/admin.conf /home/vagrant/"
This should work if the remote_user at VM is allowed to sudo su and escalation is properly set
- hosts: all
become: yes
become_user: root
become_method: sudo
It would be not enough to allow the remote_user sudo cp only. See Can’t limit escalation to certain commands
Privilege escalation permissions have to be general. Ansible does not always use a specific command to do something but runs modules (code) from a temporary file name which changes every time. If you have ‘/sbin/service’ or ‘/bin/chmod’ as the allowed commands this will fail ...

How to copy remote directory to localhost using playbook, directory contains different user files/folders?

I could able to copy a directory from a remote machine to localhost.
However when the remote directory contains different files/folders which belongs to different users (gerrit & hal) and I'm getting permission denied error, as I'm executing playbook on the remote machine with gerrit's user.
My inventory file:
Target1 ansible_host=X.X.X.X ansible_connection=ssh ansible_user=gerrit
This is my playbook:
- hosts: Target1
gather_facts: false
tasks:
- name: Copy file
synchronize:
src: /dir/path/mydir
dest: .
mode: pull
I expect all data from mydir folder which belongs to gerrit's user should copy on localhost and exclude the files/folders which belongs to Hal user. But currently, I'm getting permission denied error.

Setting up symlink error - Ansible

I am trying to set a symlink from source to destination, but keep hitting
fatal: [default]: FAILED! => {"changed": false, "failed": true, "msg": "Error while linking: [Errno 2] No such file or directory", "path": "/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.11.sdk/System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/include/ruby-2.0.0/ruby/config.h", "state": "absent"}
Observed that it shows state absent even though state is given as link.
This is the executed task:
- name: "Create ruby config.h symlink"
file:
src: "/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.11.sdk/System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/include/ruby-2.0.0/universal-darwin15/ruby/config.h"
dest: "/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.11.sdk/System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/include/ruby-2.0.0/ruby/config.h"
state: link
force: yes
when: xcode_version != "8.0"
File exists:
ls -l /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.11.sdk/System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/include/ruby-2.0.0/universal-darwin15/ruby/config.h
-rw-r--r-- 2 root wheel 7805 Jan 31 2016 /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.11.sdk/System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/include/ruby-2.0.0/universal-darwin15/ruby/config.h
Note: Included force yes based on discussion here - Ansbible github issue
Any help is appreciated!
My answer may not address the OP question, but it certainly does cause this issue and so might explain another person running into this issue. I've often found such an error can be caused by a trailing / in the link name.
For example, a task to create a directory as below will succeed.
- name: ensure foobar directory exists
file:
state: directory
path: '/tmp/foobar/'
owner: 'foo'
group: 'bar'
mode: 0777
However, the subsequent link creation task, if written as below, will result in the error you're experiencing.
- name: Establish link to foobar
file:
src: '/tmp/foobar/'
dest: '/local/baz/'
state: link
Results in the below error.
fatal: [default]: FAILED! => {"changed": false, "failed": true, "msg":
"Error while linking: [Errno 2] No such file or directory", "path":
"...",
"state": "absent"}
Removing the / as per below, can resolve this.
- name: Establish link to foobar
file:
src: '/tmp/foobar/'
dest: '/local/baz'
state: link
I'm not sure if a missing directory is the cause of the problem here but it's a good practice to ensure that the destination directory exists before creating a link that points to that directory:
- name: Ensure that the directory exist
file:
path: "/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.11.sdk/System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/include/ruby-2.0.0/ruby"
state: directory
mode: 0755
owner: root
group: wheel
- name: "Create ruby config.h symlink"
file:
...

Resources