-
Notifications
You must be signed in to change notification settings - Fork 23.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ansible.builtin.git ignores become_user when executing without an inventory #80233
Comments
Files identified in the description: If these files are incorrect, please update the |
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
@bcoca the above comment is irrelevant to my issue, please reopen again. |
@C0rn3j I'm not sure any information you have provided indicates that become is not working. The error you are getting states:
To determine if sudo is being used, would require you to provide us with logs using needs_info |
TASK [zsh : Install/update lxd-completion-zsh for c0rn3j] **********************************************************************************************************************************************************************************
task path: /root/configs/roles/zsh/tasks/main.yaml:45
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: c0rn3j
<127.0.0.1> EXEC /bin/sh -c 'echo ~c0rn3j && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/c0rn3j/.ansible/tmp `"&& mkdir "` echo /home/c0rn3j/.ansible/tmp/ansible-tmp-1679416229.326483-742251-173087779788020 `" && echo ansible-tmp-1679416229.326483-742251-173087779788020="` echo /home/c0rn3j/.ansible/tmp/ansible-tmp-1679416229.326483-742251-173087779788020 `" ) && sleep 0'
Using module file /usr/lib/python3.10/site-packages/ansible/modules/git.py
<127.0.0.1> PUT /root/.ansible/tmp/ansible-local-741875ilxp_1mp/tmp2_eukzx1 TO /home/c0rn3j/.ansible/tmp/ansible-tmp-1679416229.326483-742251-173087779788020/AnsiballZ_git.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /home/c0rn3j/.ansible/tmp/ansible-tmp-1679416229.326483-742251-173087779788020/ /home/c0rn3j/.ansible/tmp/ansible-tmp-1679416229.326483-742251-173087779788020/AnsiballZ_git.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '/usr/bin/python /home/c0rn3j/.ansible/tmp/ansible-tmp-1679416229.326483-742251-173087779788020/AnsiballZ_git.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r /home/c0rn3j/.ansible/tmp/ansible-tmp-1679416229.326483-742251-173087779788020/ > /dev/null 2>&1 && sleep 0'
fatal: [localhost]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"accept_hostkey": false,
"accept_newhostkey": false,
"archive": null,
"archive_prefix": null,
"bare": false,
"clone": true,
"depth": null,
"dest": "/home/c0rn3j/.oh-my-zsh/custom/plugins/lxd-completion-zsh",
"executable": null,
"force": false,
"gpg_whitelist": [],
"key_file": null,
"recursive": true,
"reference": null,
"refspec": null,
"remote": "origin",
"repo": "https://github.com/endaaman/lxd-completion-zsh",
"separate_git_dir": null,
"single_branch": false,
"ssh_opts": null,
"track_submodules": false,
"umask": null,
"update": true,
"verify_commit": false,
"version": "HEAD"
}
},
"msg": "Failed to set a new url https://github.com/endaaman/lxd-completion-zsh for origin: fatal: detected dubious ownership in repository at '/home/c0rn3j/.oh-my-zsh/custom/plugins/lxd-completion-zsh'\nTo add an exception for this directory, call:\n\n\tgit config --global --add safe.directory /home/c0rn3j/.oh-my-zsh/custom/plugins/lxd-completion-zsh\n"
}
PLAY RECAP *********************************************************************************************************************************************************************************************************************************
localhost : ok=13 changed=0 unreachable=0 failed=1 skipped=2 rescued=0 ignored=0
Weirdly enough, it seems to depend on how I log into root to execute the playbook. If I use If I use |
Ok, when using implicit localhost, we will use the local connection plugin. The local connection plugin will run the modules as the user you executed In the above case, As far as I can see, this is not a bug, but there are some local configurations in your environment causing issues. There isn't enough information for me to go on, but if you are just running |
All of those assumptions are correct.
I am indeed running just It seems to be caused by USER and LOGNAME environment variables, unsetting both of those (which were set to my username) makes the local connection work. I think I understand why you do not believe that it is a bug, but wouldn't it be better if Ansible made a call to check the current user instead of relying on the environment variables? |
It isn't ansible that is failing at this point, well it is, but the underlying problem is coming from |
Hm, I am not sure if that's the case. % whoami; USER='root';LOGNAME='root'; git pull
c0rn3j
Already up to date.
# whoami; USER='root';LOGNAME='root'; git pull
root
fatal: detected dubious ownership in repository at '/home/c0rn3j/.oh-my-zsh/custom/plugins/lxd-completion-zsh'
# whoami; USER='c0rn3j';LOGNAME='c0rn3j'; git pull
root
fatal: detected dubious ownership in repository at '/home/c0rn3j/.oh-my-zsh/custom/plugins/lxd-completion-zsh' |
Ok, some of the information you have provided wasn't straight forward, but I think I see now. You are using I expect that the problem is that the
As such, we are not using become, because we've determined that the "remote" user and the become user are the same. FWIW, we do have a config that would allow this to work as is, but it's possible we may still classify this as a bug, but it will require some discussion with other members of the core team. That config is described at https://docs.ansible.com/ansible-core/2.14/reference_appendices/config.html#become-allow-same-user |
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
I ran across the same StackOverflow thread as mentioned here. Based on my search it is the closest thing I could find and I think I am having a similar issue with slightly different messaging. I am running the git module with implicit localhost and get these logs:
Task- name: Cloning dotfiles
become: true
become_user: "{{ lookup('env', 'USER') }}"
ansible.builtin.git:
repo: git@github.com:NChitty/dotFiles.git
dest: "{{ lookup('env', 'HOME') }}/dotFiles"
accept_newhostkey: true
version: main I've tried various combinations of not including EDIT: FWIW, to sanity check this error, I ran locally EDIT 2: Version:
|
Issue still occurs 1 year later. Basically the issue occurs when cloning as root, but the target directory is not owned by root. The workaround is to change directory ownership before cloning, or as the stackoverflow post states: - name: UPDATE - Safe Directory
command: git config --global --add safe.directory {{ project_root }}/shared/source
check_mode: no |
Summary
The git submodule launches as root when using a local connection (no inventory defined), ignoring become_user.
This leads to the module failing.
The module runs fine with an inventory when initiating an SSH connection.
Left side of the screenshot is with the supplied inventory through SSH.
Right side is when inventory is removed and same playbook is ran.
Issue Type
Bug Report
Component Name
git
Ansible Version
Configuration
OS / Environment
Arch Linux
Steps to Reproduce
/etc/ansible/hosts
Problematic task:
Expected Results
Module launches as user specified in become_user
Actual Results
Module only launches as the specified user when an inventory is defined and SSH connection is used.
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed to set a new url https://github.com/endaaman/lxd-completion-zsh for origin: fatal: detected dubious ownership in repository at '/home/c0rn3j/.oh-my-zsh/custom/plugins/lxd-completion-zsh'\nTo add an exception for this directory, call:\n\n\tgit config --global --add safe.directory /home/c0rn3j/.oh-my-zsh/custom/plugins/lxd-completion-zsh\n"}
Code of Conduct
The text was updated successfully, but these errors were encountered: