Closed dhoppe closed 6 months ago
@dhoppe Thanks for opening up these issues!
Let me take a look at this today along with the other issues you opened up.
Okay.. so I think this should be handled by the sensor_download instead of adding it as a task. This makes sense in and outside of the role. I'll get a PR started for that.
Okay.. so I think this should be handled by the sensor_download instead of adding it as a task. This makes sense in and outside of the role. I'll get a PR started for that.
@carlosmmatos I had the same thought and it would be the much smarter approach, but I was looking for a quick fix because I am not that good at writing Python. 😉
I use an Ansible playbook to create a golden image for AWS using the roles
falcon_install
,falcon_configure
andfalcon_uninstall
.When I run the Ansible playbook, I get the following error message:
The reason for this error message is a global
umask 0077
on the Ansible control node. After downloading the Falcon Sensor Installer via API, the file has the following permissions:Although the Ansible playbook is executed with
become: true
, the Ansible task cannot access the file to copy it to the target host.I could probably work around the problem by replacing the roles with the appropriate modules, but it would be more convenient to run an optional task between
Download Falcon Sensor Installation Package (local)
andCopy Sensor Installation Package to remote host (non-windows)
that changes the permissions of the file.https://github.com/CrowdStrike/ansible_collection_falcon/blob/main/roles/falcon_install/tasks/api.yml#L63-L71 https://github.com/CrowdStrike/ansible_collection_falcon/blob/main/roles/falcon_install/tasks/api.yml#L63-L71
Something like: