HiveBrain v1.2.0
Get Started
← Back to all entries
patternMinor

Ansible tmp files created with odd permissions

Submitted by: @import:stackexchange-devops··
0
Viewed 0 times
permissionsstackoverflowlinuxansibledevops
tmppermissionswithcreatedfilesansibleodd

Problem

I have an ansible playbook which can be simplified to this:

- name: Provision server                  
  hosts: all_hosts                                                           
  become: yes                                                                                                                                     
  roles:                                                                                                                                                    
    - { role: foo }


With the following in ansible.cfg, since it may be relevant:

[defaults]                                                                         
allow_world_readable_tmpfiles = True                                               
host_key_checking = False                                                          
log_path=./ansible.log                                                             
remote_user = ubuntu


That playbook successsfully configures 10 servers, but one of the servers fails with:

[WARNING]: sftp transfer mechanism failed on [xx.xx.xxx.xxx]. Use
ANSIBLE_DEBUG=1 to see detailed information
 [WARNING]: scp transfer mechanism failed on [xx.xx.xxx.xxx]. Use
ANSIBLE_DEBUG=1 to see detailed information
fatal: [host_1]: FAILED! => {"failed": true, "msg": "failed to transfer file to /home/ubuntu/.ansible/tmp/ansible-tmp-1500318083.01-204857088854554/stat.py:\n\nscp: /home/ubuntu/.ansible/tmp/ansible-tmp-1500318083.01-204857088854554/stat.py: Permission denied\n"}


So I ssh'd to the problematic server and a "healthy" server, and ls -al the contents of the latest temp folder for each. The healthy server had files with permissions of rwx --- ---. The unhealthy server had this:

---x------ 1 ubuntu ubuntu 58378 Jul 17 14:09 file.py
---x------ 1 ubuntu ubuntu 56779 Jul 17 14:09 stat.py


Why would those files get those permissions? I assume that is the problem, because then scp tries to write to them, but it cannot. That doe

Solution

The reason for the failure is that the server in question, unlike all the others, had sftp disabled.
Why the error messages are what they are, I don't know (why the errant scp transfer mechanism failed?), but I don't have time right now to investigate with the debug option enabled.

But that was the issue, and adding scp_if_ssh=True to the [ssh_connection] section of my ansible.cfg solved the issue:

[ssh_connection]                                                                   
scp_if_ssh=True

Code Snippets

[ssh_connection]                                                                   
scp_if_ssh=True

Context

StackExchange DevOps Q#1553, answer score: 3

Revisions (0)

No revisions yet.