Search code examples
ansible

Ansible Failed to set permissions on the temporary

I am using ansible to replace the ssh keys for a user on multiple RHEL6 & RHEL7 servers. The task I am running is:

- name: private key   
  copy:
    src: /Users/me/Documents/keys/id_rsa
    dest: ~/.ssh/
    owner: unpriv
    group: unpriv
    mode: 0600
    backup: yes

Two of the hosts that I'm trying to update are giving the following error:

fatal: [host1]: FAILED! => {"failed": true, "msg": "Failed to set permissions on the temporary files Ansible needs to create when becoming an unprivileged user (rc: 1, err: chown: changing ownership of /tmp/ansible-tmp-19/': Operation not permitted\nchown: changing ownership of/tmp/ansible-tmp-19/stat.py': Operation not permitted\n). For information on working around this, see https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user"}

The thing is that these two that are getting the errors are clones of some that are updating just fine. I've compared the sudoers and sshd settings, as well as permissions and mount options on the /tmp directory. They are all the same between the problem hosts and the working ones. Any ideas on what I could check next?

I am running ansible 2.3.1.0 on Mac OS Sierra, if that helps.

Update:

@techraf

I have no idea why this worked on all hosts except for two. Here is the original playbook:

- name: ssh_keys
  hosts: my_hosts
  remote_user: my_user
  tasks:
    - include: ./roles/common/tasks/keys.yml
      become: yes
      become_method: sudo

and original keys.yml:

- name: public key
  copy:
    src: /Users/me/Documents/keys/id_rsab
    dest: ~/.ssh/
    owner: unpriv
    group: unpriv
    mode: 060
    backup: yes

I changed the playbook to:

- name: ssh_keys
  hosts: my_hosts
  remote_user: my_user
  tasks:
    - include: ./roles/common/tasks/keys.yml
      become: yes
      become_method: sudo
      become_user: root

And keys.yml to:

- name: public key
  copy:
    src: /Users/me/Documents/keys/id_rsab
    dest: /home/unpriv/.ssh/
    owner: unpriv
    group: unpriv
    mode: 0600
    backup: yes

And it worked across all hosts.

Solution

  • You could try something like this:

    - name: private key 
  become: true
  become_user: root
  copy:
    src: /Users/me/Documents/keys/id_rsa
    dest: ~/.ssh/
    owner: unpriv
    group: unpriv
    mode: 0600
    backup: yes

    Notice the:

    become: true
become_user: root

    Check the "become" docs for more info