Template and copy modules failing when using su #7553
Comments
|
The problem is in the basic.py atomic_move method. It is trying to move the source to dest using shutil.move. A move wont work for su since the source directory is owned by the remote user. Line 1037 has a check for sudo(os,getenv("SUDO_USER")) and in the case of sudo does a shutil.copy2 instead of shutil.move. I was able to get it working by always doing shutil.copy2. I think the fix needs to be adding a check for su and using shutil.copy2 when su is true. I tried to do this, but it appears the environment variable for both SUDO_USER and SU_USER are 'None' at this point in the code. |
|
Can you please share the playbook you are using and the output from running with "-vvv" ? |
|
Updated with playbook and output |
|
@gezerk I believe the following patch will address the issue, however I can't quite reproduce the issue you're seeing (tried with both root and a non-root remote user). So if you could test this, I'd appreciate it: diff --git a/lib/ansible/module_utils/basic.py b/lib/ansible/module_utils/basic.py
index e06b5cf..bd43ede 100644
--- a/lib/ansible/module_utils/basic.py
+++ b/lib/ansible/module_utils/basic.py
@@ -1020,6 +1020,7 @@ class AnsibleModule(object):
context = self.selinux_default_context(dest)
creating = not os.path.exists(dest)
+ switched_user = os.getlogin() != pwd.getpwuid(os.getuid())[0]
try:
# Optimistically try a rename, solves some corner cases and can avoid useless work, throws exception if not atomic.
@@ -1035,7 +1036,7 @@ class AnsibleModule(object):
prefix=".ansible_tmp", dir=dest_dir, suffix=dest_file)
try: # leaves tmp file behind when sudo and not root
- if os.getenv("SUDO_USER") and os.getuid() != 0:
+ if switched_user and os.getuid() != 0:
# cleanup will happen by 'rm' of tempdir
# copy2 will preserve some metadata
shutil.copy2(src, tmp_dest.name)
@@ -1058,7 +1059,7 @@ class AnsibleModule(object):
umask = os.umask(0)
os.umask(umask)
os.chmod(dest, 0666 ^ umask)
- if os.getenv("SUDO_USER"):
+ if switched_user:
os.chown(dest, os.getuid(), os.getgid())
if self.selinux_enabled():
The |
|
I will give it a try as soon as possible, tomorrow at the latest. Nice On Tue, May 27, 2014 at 3:48 PM, James Cammarata
George Simpson |
|
I tested the patch, works great. Thanks again for the fix! Let me know if you ever need me to test the su functionality. That's the primary way we use ansible. I am happy to test anytime you need it. |
|
Great, I've merged that in. Please let us know if you run into any further problems regarding this. Thanks! |
|
I ran into a problem using the latest revision (6bc056e): After a bit of digging around I had a look at the recent commits and saw this issue mentioned in a pull request, so I went back to commit 2fda9bc (the commit before the pull request referencing this issue was merged in), at which point "lineinfile" worked again. Don't know if it helps to know: |
|
@perhallstroem could you please open a new issue for this? Thanks! |
|
This is still not working. I am using ansible 2.0.0.2: fatal: [sjc-nmtgci-15]: FAILED! => {"changed": true, "failed": true, "invocation": {"module_args": {"dest": "/opt/nmtgre-tools/jenkins/config/jenkins", "group": "eng", "mode": "0600", "owner": "px-build", "src": "default-jenkins.j2"}, "module_name": "template"}, "module_stderr": "", "module_stdout": "\r\nBECOME-SUCCESS-vtgcupyzjtojsbtboeyttvmiwyunzkwc\r\n{"msg": "Could not replace file: /users/ingunawa/.ansible/tmp/ansible-tmp-1453075333.7-198301965511122/source to /opt/nmtgre-tools/jenkins/config/jenkins: [Errno 13] Permission denied: '/users/ingunawa/.ansible/tmp/ansible-tmp-1453075333.7-198301965511122/source'", "failed": true, "invocation": {"module_args": {"src": "/users/ingunawa/.ansible/tmp/ansible-tmp-1453075333.7-198301965511122/source", "directory_mode": null, "force": true, "follow": true, "remote_src": null, "dest": "/opt/nmtgre-tools/jenkins/config/jenkins", "selevel": null, "seuser": null, "serole": null, "content": null, "setype": null, "original_basename": "default-jenkins.j2", "delimiter": null, "mode": "0600", "regexp": null, "owner": "px-build", "group": "eng", "validate": null, "backup": false}}}\r\nException exceptions.OSError: (2, 'No such file or directory', '/opt/nmtgre-tools/jenkins/config/.ansible_tmpFDjmX5jenkins') in <bound method _TemporaryFileWrapper.del of <closed file '', mode 'w+b' at 0x16019a80>> ignored\r\n", "msg": "MODULE FAILURE", "parsed": false} |
|
The full error: PUT /tmp/tmpUjjIrF TO /users/ingunawa/.ansible/tmp/ansible-tmp-1453075333.7-198301965511122/source |
|
Was a new issues created for this? @perhallstroem @jimi-c ? Noticing this issue with ansible 2.0.0.2 on ubuntu 16.04 and the latest devel, ansible 2.2.0 (devel 844b415). The validate command is failing implementing ihrwein/ansible-syslog-ng role |
|
@viper233 if so, please open a new issue for that. Thanks! |
Issue Type:
Bug Report
Ansible Version:
ansible 1.7 (devel 981d56b) last updated 2014/5/21 12:29:12 (GMT -400)
Environment:
Running from RHEL 6.2
Managing RHEL 5.8, 5.10, 6.2
Summary:
Template and copy modules fail when using su with the message:
{"msg": "Could not replace file: /tmp/ansible-tmp-1400646411.03-30275482183570/source to /tmp/ans_test/gsdummy.txt: [Errno 13] Permission denied: '/tmp/ansible-tmp-1400646411.03-30275482183570/source'", "failed": true}
Steps To Reproduce:
Run playbook using the copy module as an su user.
ansible-playbook demo.yml -imy_hosts.yml -u jdoe --ask-su-pass -vvv
Expected Results:
Requested files copied
Actual Results:
The text was updated successfully, but these errors were encountered: