-
Notifications
You must be signed in to change notification settings - Fork 23.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Template and copy modules failing when using su #7553
Comments
The problem is in the basic.py atomic_move method. It is trying to move the source to dest using shutil.move. A move wont work for su since the source directory is owned by the remote user. Line 1037 has a check for sudo(os,getenv("SUDO_USER")) and in the case of sudo does a shutil.copy2 instead of shutil.move. I was able to get it working by always doing shutil.copy2. I think the fix needs to be adding a check for su and using shutil.copy2 when su is true. I tried to do this, but it appears the environment variable for both SUDO_USER and SU_USER are 'None' at this point in the code. |
Can you please share the playbook you are using and the output from running with "-vvv" ? |
Updated with playbook and output |
@gezerk I believe the following patch will address the issue, however I can't quite reproduce the issue you're seeing (tried with both root and a non-root remote user). So if you could test this, I'd appreciate it: diff --git a/lib/ansible/module_utils/basic.py b/lib/ansible/module_utils/basic.py index e06b5cf..bd43ede 100644 --- a/lib/ansible/module_utils/basic.py +++ b/lib/ansible/module_utils/basic.py @@ -1020,6 +1020,7 @@ class AnsibleModule(object): context = self.selinux_default_context(dest) creating = not os.path.exists(dest) + switched_user = os.getlogin() != pwd.getpwuid(os.getuid())[0] try: # Optimistically try a rename, solves some corner cases and can avoid useless work, throws exception if not atomic. @@ -1035,7 +1036,7 @@ class AnsibleModule(object): prefix=".ansible_tmp", dir=dest_dir, suffix=dest_file) try: # leaves tmp file behind when sudo and not root - if os.getenv("SUDO_USER") and os.getuid() != 0: + if switched_user and os.getuid() != 0: # cleanup will happen by 'rm' of tempdir # copy2 will preserve some metadata shutil.copy2(src, tmp_dest.name) @@ -1058,7 +1059,7 @@ class AnsibleModule(object): umask = os.umask(0) os.umask(umask) os.chmod(dest, 0666 ^ umask) - if os.getenv("SUDO_USER"): + if switched_user: os.chown(dest, os.getuid(), os.getgid()) if self.selinux_enabled(): The |
I will give it a try as soon as possible, tomorrow at the latest. Nice On Tue, May 27, 2014 at 3:48 PM, James Cammarata
George Simpson |
I tested the patch, works great. Thanks again for the fix! Let me know if you ever need me to test the su functionality. That's the primary way we use ansible. I am happy to test anytime you need it. |
Great, I've merged that in. Please let us know if you run into any further problems regarding this. Thanks! |
I ran into a problem using the latest revision (6bc056e):
After a bit of digging around I had a look at the recent commits and saw this issue mentioned in a pull request, so I went back to commit 2fda9bc (the commit before the pull request referencing this issue was merged in), at which point "lineinfile" worked again. Don't know if it helps to know:
|
@perhallstroem could you please open a new issue for this? Thanks! |
This is still not working. I am using ansible 2.0.0.2: fatal: [sjc-nmtgci-15]: FAILED! => {"changed": true, "failed": true, "invocation": {"module_args": {"dest": "/opt/nmtgre-tools/jenkins/config/jenkins", "group": "eng", "mode": "0600", "owner": "px-build", "src": "default-jenkins.j2"}, "module_name": "template"}, "module_stderr": "", "module_stdout": "\r\nBECOME-SUCCESS-vtgcupyzjtojsbtboeyttvmiwyunzkwc\r\n{"msg": "Could not replace file: /users/ingunawa/.ansible/tmp/ansible-tmp-1453075333.7-198301965511122/source to /opt/nmtgre-tools/jenkins/config/jenkins: [Errno 13] Permission denied: '/users/ingunawa/.ansible/tmp/ansible-tmp-1453075333.7-198301965511122/source'", "failed": true, "invocation": {"module_args": {"src": "/users/ingunawa/.ansible/tmp/ansible-tmp-1453075333.7-198301965511122/source", "directory_mode": null, "force": true, "follow": true, "remote_src": null, "dest": "/opt/nmtgre-tools/jenkins/config/jenkins", "selevel": null, "seuser": null, "serole": null, "content": null, "setype": null, "original_basename": "default-jenkins.j2", "delimiter": null, "mode": "0600", "regexp": null, "owner": "px-build", "group": "eng", "validate": null, "backup": false}}}\r\nException exceptions.OSError: (2, 'No such file or directory', '/opt/nmtgre-tools/jenkins/config/.ansible_tmpFDjmX5jenkins') in <bound method _TemporaryFileWrapper.del of <closed file '', mode 'w+b' at 0x16019a80>> ignored\r\n", "msg": "MODULE FAILURE", "parsed": false} |
The full error: PUT /tmp/tmpUjjIrF TO /users/ingunawa/.ansible/tmp/ansible-tmp-1453075333.7-198301965511122/source |
Was a new issues created for this? @perhallstroem @jimi-c ? Noticing this issue with ansible 2.0.0.2 on ubuntu 16.04 and the latest devel, ansible 2.2.0 (devel 844b415).
The validate command is failing
implementing ihrwein/ansible-syslog-ng role |
@viper233 if so, please open a new issue for that. Thanks! |
Issue Type:
Bug Report
Ansible Version:
ansible 1.7 (devel 981d56b) last updated 2014/5/21 12:29:12 (GMT -400)
Environment:
Running from RHEL 6.2
Managing RHEL 5.8, 5.10, 6.2
Summary:
Template and copy modules fail when using su with the message:
{"msg": "Could not replace file: /tmp/ansible-tmp-1400646411.03-30275482183570/source to /tmp/ans_test/gsdummy.txt: [Errno 13] Permission denied: '/tmp/ansible-tmp-1400646411.03-30275482183570/source'", "failed": true}
Steps To Reproduce:
Run playbook using the copy module as an su user.
ansible-playbook demo.yml -imy_hosts.yml -u jdoe --ask-su-pass -vvv
Expected Results:
Requested files copied
Actual Results:
The text was updated successfully, but these errors were encountered: