New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ansible: v2.6 temp dir handling is broken on master #321

Closed
dw opened this Issue Jul 25, 2018 · 1 comment

Comments

Projects
None yet
2 participants
@dw
Owner

dw commented Jul 25, 2018

Some recent change has broken master, but looking into it revealed more inconsistencies between Mitogen and vanilla Ansible.

There are a seemingly endless selection of cases to emulate:

  • AnsibleModule.tmpdir reuses a controller-supplied directory (ansible_tmpdir) if it is present.
  • If ansible_tmpdir is not present, it creates and manages its own subdirectory under the vars/tilde-expanded ansible_remote_tmp template passed by _update_module_args().
  • If ansible_tmpdir isn't writeable, it creates and manages its own subdirectory in the system default temp directory.

Random logic:

  • ansible_tmpdir is present if ActionBase._make_tmp_path() was ever called, and become=false or become=root
  • _make_tmp_path() may or may not be called depending on the value of ANSIBLE_PIPELINING and ANSIBLE_KEEP_REMOTE_FILES

Two task variables are passed to the module executing on the child:

  • ansible_tmpdir: set if _make_tmp_path() has ever been called and become=false or become=root
  • ansible_remote_tmp: the unexpanded version of the template used to set ansible_tmpdir by _make_tmp_path()

One environment variable is passed to the module executing on the child:

  • ANSIBLE_REMOTE_TMP: set by _make_tmp_path() if become=false or become=root. The expanded version of the template, i.e. equivalent to ansible_tmpdir.

When pipelining=false and become=root, AnsibleModule.tmpdir is /home/sshuser/...

When pipelining=true and become=root, AnsibleModule.tmpdir is /root/...

When pipelining=true and become=mitogen__user1, AnsibleModule.tmpdir is /home/mitogen__user1/...

When pipelining=false and become=mitogen__user1, AnsibleModule.tmpdir is "Failed to set permissions on the temporary files Ansible needs to create when becoming an unprivileged user (rc: 1, err: chown: /var/tmp/ansible-tmp-1532536799.25-196509554541606/: Operation not permitted\nchown: /var/tmp/ansible-tmp-1532536799.25-196509554541606/custom_python_remote_tmp.py: Operation not permitted\n}). For information on working around this, see https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user"

@dw dw added bug ansible labels Jul 25, 2018

@abadger

This comment has been minimized.

abadger commented Jul 25, 2018

If you drop by IRC, jborean or I can explain the logic behind the various cases in tmpdir handling.

ANSIBLE_REMOTE_TMP should be removed (it was an earlier implementation of a feature for 2.4 that got mostly changed... that particular couple lines of code was missed when the rest of it was removed). but I think the others all have reasons.

@dw dw changed the title from ansible: temp dir handling is broken on master to ansible: v2.6 temp dir handling is broken on master Jul 25, 2018

@dw dw added the target:v0.2 label Aug 11, 2018

dw added a commit that referenced this issue Aug 19, 2018

dw added a commit that referenced this issue Aug 19, 2018

issue #321: take remote_tmp and system_tmpdirs into account.
Can't simply ignore these settings as some users may have weird noexec
filesystems.

dw added a commit that referenced this issue Aug 19, 2018

dw added a commit that referenced this issue Aug 19, 2018

dw added a commit that referenced this issue Aug 19, 2018

dw added a commit that referenced this issue Aug 19, 2018

dw added a commit that referenced this issue Aug 19, 2018

@dw dw closed this Aug 19, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment