search

ansible-collections / community.aws

Ansible Collection for Community AWS
GNU General Public License v3.0
189 stars 398 forks source link

SSM Connection: Failed to create temporary directory #2047

Closed eastridge-admins closed 9 months ago

eastridge-admins commented 9 months ago

Summary

When running an ansible playbook using the following inventory file:

---
plugin: amazon.aws.aws_ec2

# The values for profile, access key, secret key and token can be hardcoded like:
profile: EastridgeDev

# Populate inventory with instances in these regions
regions:
  - us-west-2

# Specify the AWS EC2 instance filters to match.
include_filters:
- tag:Name:
  - 'UW2DTESTALEX02'

# handles how we connect
hostnames:
  - instance-id

I am unable to connect to the server because and it gives the following error:

Failed to create temporary directory. In some cases, you may have been able to authenticate and did not have permissions on the target directory. Consider changing the remote tmp path in ansible.cfg to a path rooted in \"/tmp\", for more error information use -vvv. Failed command was: ( umask 77 && mkdir -p \"` echo \u001b[?2004h\u001b[?2004l/.ansible/tmp `\"&& mkdir \"` echo \u001b[?2004h\u001b[?2004l/.ansible/tmp/ansible-tmp-1705620658.0062428-14-37554500730912 `\" && echo ansible-tmp-1705620658.0062428-14-37554500730912=\"` echo \u001b[?2004h\u001b[?2004l/.ansible/tmp/ansible-tmp-1705620658.0062428-14-37554500730912 `\" ), exited with result 1, stdout output: \u001b[?2004h\u001b[?2004l\r\r\r\nmkdir: cannot create directory ‘2004h2004l’: Permission denied\r\r\n\u001b[?2004h\u001b[?2004l\r\r\r

To give more context, when I run this playbook locally it runs successfully, but when I try to run this playbook from a docker container that has ansible and the plugins installed, it fails.

Issue Type

Bug Report

Component Name

aws_ssm

Ansible Version

ansible [core 2.15.8]
  config file = None
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.11/site-packages/ansible
  ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.11.6 (main, Oct  4 2023, 06:22:18) [GCC 12.2.1 20220924] (/usr/bin/python3)
  jinja version = 3.1.3
  libyaml = True

Collection Versions

# /usr/lib/python3.11/site-packages/ansible_collections
Collection                    Version
----------------------------- -------
amazon.aws                    6.5.0  
ansible.netcommon             5.2.0  
ansible.posix                 1.5.4  
ansible.utils                 2.11.0 
ansible.windows               1.14.0 
arista.eos                    6.1.2  
awx.awx                       22.7.0 
azure.azcollection            1.18.1 
check_point.mgmt              5.1.1  
chocolatey.chocolatey         1.5.1  
cisco.aci                     2.7.0  
cisco.asa                     4.0.2  
cisco.dnac                    6.7.5  
cisco.intersight              1.0.27 
cisco.ios                     4.6.1  
cisco.iosxr                   5.0.3  
cisco.ise                     2.5.16 
cisco.meraki                  2.16.5 
cisco.mso                     2.5.0  
cisco.nso                     1.0.3  
cisco.nxos                    4.4.0  
cisco.ucs                     1.10.0 
cloud.common                  2.1.4  
cloudscale_ch.cloud           2.3.1  
community.aws                 6.3.0  
community.azure               2.0.0  
community.ciscosmb            1.0.6  
community.crypto              2.15.1 
community.digitalocean        1.24.0 
community.dns                 2.6.2  
community.docker              3.4.9  
community.fortios             1.0.0  
community.general             7.5.0  
community.google              1.0.0  
community.grafana             1.5.4  
community.hashi_vault         5.0.0  
community.hrobot              1.8.1  
community.libvirt             1.3.0  
community.mongodb             1.6.3  
community.mysql               3.7.2  
community.network             5.0.0  
community.okd                 2.3.0  
community.postgresql          2.4.3  
community.proxysql            1.5.1  
community.rabbitmq            1.2.3  
community.routeros            2.10.0 
community.sap                 1.0.0  
community.sap_libs            1.4.1  
community.skydive             1.0.0  
community.sops                1.6.6  
community.vmware              3.10.0 
community.windows             1.13.0 
community.zabbix              2.1.0  
containers.podman             1.10.3 
cyberark.conjur               1.2.2  
cyberark.pas                  1.0.23 
dellemc.enterprise_sonic      2.2.0  
dellemc.openmanage            7.6.1  
dellemc.powerflex             1.9.0  
dellemc.unity                 1.7.1  
f5networks.f5_modules         1.26.0 
fortinet.fortimanager         2.2.1  
fortinet.fortios              2.3.2  
frr.frr                       2.0.2  
gluster.gluster               1.0.2  
google.cloud                  1.2.0  
grafana.grafana               2.2.3  
hetzner.hcloud                1.16.0 
hpe.nimble                    1.1.4  
ibm.qradar                    2.1.0  
ibm.spectrum_virtualize       1.12.0 
infinidat.infinibox           1.3.12 
infoblox.nios_modules         1.5.0  
inspur.ispim                  1.3.0  
inspur.sm                     2.3.0  
junipernetworks.junos         5.3.0  
kubernetes.core               2.4.0  
lowlydba.sqlserver            2.2.1  
microsoft.ad                  1.3.0  
netapp.aws                    21.7.0 
netapp.azure                  21.10.0
netapp.cloudmanager           21.22.0
netapp.elementsw              21.7.0 
netapp.ontap                  22.7.0 
netapp.storagegrid            21.11.1
netapp.um_info                21.8.0 
netapp_eseries.santricity     1.4.0  
netbox.netbox                 3.14.0 
ngine_io.cloudstack           2.3.0  
ngine_io.exoscale             1.1.0  
ngine_io.vultr                1.1.3  
openstack.cloud               2.1.0  
openvswitch.openvswitch       2.1.1  
ovirt.ovirt                   3.2.0  
purestorage.flasharray        1.21.0 
purestorage.flashblade        1.14.0 
purestorage.fusion            1.6.0  
sensu.sensu_go                1.14.0 
servicenow.servicenow         1.0.6  
splunk.es                     2.1.0  
t_systems_mms.icinga_director 1.33.1 
telekom_mms.icinga_director   1.34.1 
theforeman.foreman            3.14.0 
vmware.vmware_rest            2.3.1  
vultr.cloud                   1.10.0 
vyos.vyos                     4.1.0  
wti.remote                    1.0.5

AWS SDK versions

Name: boto
Version: 2.49.0
Summary: Amazon Web Services Library
Home-page: https://github.com/boto/boto/
Author: Mitch Garnaat
Author-email: mitch@garnaat.com
License: MIT
Location: /usr/lib/python3.11/site-packages
Requires: 
Required-by: 
---
Name: boto3
Version: 1.34.21
Summary: The AWS SDK for Python
Home-page: https://github.com/boto/boto3
Author: Amazon Web Services
Author-email: 
License: Apache License 2.0
Location: /usr/lib/python3.11/site-packages
Requires: botocore, jmespath, s3transfer
Required-by: 
---
Name: botocore
Version: 1.34.21
Summary: Low-level, data-driven core of boto 3.
Home-page: https://github.com/boto/botocore
Author: Amazon Web Services
Author-email: 
License: Apache License 2.0
Location: /usr/lib/python3.11/site-packages
Requires: jmespath, python-dateutil, urllib3
Required-by: awscli, boto3, s3transfer

Configuration

CONFIG_FILE() = None

OS / Environment

Alpine

Steps to Reproduce

---
- name: Test SSM Playbook
  hosts: all
  gather_facts: true
  become: true
  vars:
    ansible_connection: community.aws.aws_ssm
    ansible_aws_ssm_bucket_name: eastridge-it-ansible-ssm
    ansible_aws_ssm_region: us-west-2
    ansible_aws_ssm_timeout: 2000

  tasks:
    - name: Run a command
      ansible.builtin.command: "ls"
      register: dir_out

    - name: Print the output
      ansible.builtin.debug:
        msg: "{{ item  }}"
      with_items:
        - "{{ dir_out.stdout_lines }}"

Expected Results


PLAY RECAP ************************************************************************************************************************************************************************
i-0122aa34404b60c2f        : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

Actual Results

ansible-playbook [core 2.15.8]
  config file = /ansible/module/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.11/site-packages/ansible
  ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible-playbook
  python version = 3.11.6 (main, Oct  4 2023, 06:22:18) [GCC 12.2.1 20220924] (/usr/bin/python3)
  jinja version = 3.1.3
  libyaml = True
Using /ansible/module/ansible.cfg as config file
setting up inventory plugins
Loading collection ansible.builtin from 
host_list declined parsing /ansible/module/aws_ec2.yaml as it did not pass its verify_file() method
Loading collection amazon.aws from /usr/lib/python3.11/site-packages/ansible_collections/amazon/aws
Using inventory plugin 'ansible_collections.amazon.aws.plugins.inventory.aws_ec2' to process inventory source '/ansible/module/aws_ec2.yaml'
Parsed /ansible/module/aws_ec2.yaml inventory source with auto plugin
Loading callback plugin default of type stdout, v2.0 from /usr/lib/python3.11/site-packages/ansible/plugins/callback/default.py
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.

PLAYBOOK: run_ec2_ssm.yml ******************************************************
Positional arguments: run_ec2_ssm.yml
verbosity: 4
connection: smart
timeout: 10
become_method: sudo
tags: ('all',)
inventory: ('/ansible/module/aws_ec2.yaml',)
forks: 5
1 plays in run_ec2_ssm.yml

PLAY [Test SSM Playbook] *******************************************************

TASK [Gathering Facts] *********************************************************
task path: /ansible/module/run_ec2_ssm.yml:2
Loading collection community.aws from /usr/lib/python3.11/site-packages/ansible_collections/community/aws
<i-0122aa34404b60c2f> ESTABLISH SSM CONNECTION TO: i-0122aa34404b60c2f
<i-0122aa34404b60c2f> INITIALIZE BOTO3 CLIENTS
<i-0122aa34404b60c2f> SETUP BOTO3 CLIENTS: SSM
<i-0122aa34404b60c2f> _get_bucket_endpoint: S3 (global)
<i-0122aa34404b60c2f> _get_bucket_endpoint: S3 (bucket region) - us-west-2
<i-0122aa34404b60c2f> SETUP BOTO3 CLIENTS: S3 https://s3.us-west-2.amazonaws.com
<i-0122aa34404b60c2f> START SSM SESSION: i-0122aa34404b60c2f
<i-0122aa34404b60c2f> SSM COMMAND: ['/usr/local/bin/session-manager-plugin', '{"SessionId": "EastridgeGitlabImage-0b26d098cd8ea5e5b", "TokenValue": "MY_TOKEN_VALUE", "StreamUrl": "wss://ssmmessages.us-west-2.amazonaws.com/v1/data-channel/EastridgeGitlabImage-0b26d098cd8ea5e5b?role=publish_subscribe&cell-number=AAEAATO3ActjG1NzhqEaqkhif7lMhParjdu+jY1Op0gCcmj5AAAAAGWptLDNq8czI+5K+XqkAS3ZCXh/EMl5sCLMYU3dmilifSJh7Q==", "ResponseMetadata": {"RequestId": "18491a2c-7704-4ce2-a29d-b3dce726ebcb", "HTTPStatusCode": 200, "HTTPHeaders": {"server": "Server", "date": "Thu, 18 Jan 2024 23:30:56 GMT", "content-type": "application/x-amz-json-1.1", "content-length": "1085", "connection": "keep-alive", "x-amzn-requestid": "18491a2c-7704-4ce2-a29d-b3dce726ebcb"}, "RetryAttempts": 0}}', 'us-west-2', 'StartSession', '', '{"Target": "i-0122aa34404b60c2f"}', 'https://ssm.us-west-2.amazonaws.com']
<i-0122aa34404b60c2f> PRE stdout line: 
b'\r\nStarting session with SessionId: EastridgeGitlabImage-0b26d098cd8ea5e5b\r\n'
<i-0122aa34404b60c2f> PRE startup output received
<i-0122aa34404b60c2f> PRE Disabling Echo: b'stty -echo\n'
<i-0122aa34404b60c2f> PRE remaining: 2000
<i-0122aa34404b60c2f> PRE stdout line: 
b'\r\nStarting session with SessionId: EastridgeGitlabImage-0b26d098cd8ea5e5b\r\n\x1b[?2004hsh-5.2$ '
<i-0122aa34404b60c2f> PRE stdout line: 
b'\r\nStarting session with SessionId: EastridgeGitlabImage-0b26d098cd8ea5e5b\r\n\x1b[?2004hsh-5.2$ stty -echo\r\r\n\x1b[?2004l\r\x1b[?2004hsh-5.2$ '
<i-0122aa34404b60c2f> PRE Disabling Prompt: 
b"PS1='' ; printf '\\n%s\\n' 'rGYIhSKNSYKkGjBsGdIOrMGUyk'\n"
<i-0122aa34404b60c2f> PRE stdout line: 
b'\r\nStarting session with SessionId: EastridgeGitlabImage-0b26d098cd8ea5e5b\r\n\x1b[?2004hsh-5.2$ stty -echo\r\r\n\x1b[?2004l\r\x1b[?2004hsh-5.2$ \x1b[?2004l\r\r\r\n\r\r\nrGYIhSKNSYKkGjBsGdIOrMGUyk\r\r\n\x1b[?2004h'
<i-0122aa34404b60c2f> PRE Terminal configured
<i-0122aa34404b60c2f> SSM CONNECTION ID: EastridgeGitlabImage-0b26d098cd8ea5e5b
<i-0122aa34404b60c2f> EXEC: echo ~
<i-0122aa34404b60c2f> _wrap_command: 
'printf '%s\n' 'TrLuLkOIWkkGoPorGzBAFDPwYj';
echo | echo ~;
printf '\n%s\n%s\n' "$?" 'JqbhuwNamImLRWJoYFevLUkqDD';
'
<i-0122aa34404b60c2f> EXEC stdout line: 

<i-0122aa34404b60c2f> EXEC stdout line: 
TrLuLkOIWkkGoPorGzBAFDPwYj
<i-0122aa34404b60c2f> EXEC stdout line: 

<i-0122aa34404b60c2f> EXEC stdout line: 
/home/ssm-user
<i-0122aa34404b60c2f> EXEC stdout line: 

<i-0122aa34404b60c2f> EXEC stdout line: 

<i-0122aa34404b60c2f> EXEC stdout line: 
0
<i-0122aa34404b60c2f> EXEC stdout line: 
JqbhuwNamImLRWJoYFevLUkqDD
<i-0122aa34404b60c2f> POST_PROCESS: 

/home/ssm-user

0
<i-0122aa34404b60c2f> POST_PROCESSED: 

/home/ssm-user

<i-0122aa34404b60c2f> ssm_retry: (success) (0, '\x1b[?2004h\x1b[?2004l\r\r\r\n/home/ssm-user\r\r\n\x1b[?2004h\x1b[?2004l\r\r\r', '')
<i-0122aa34404b60c2f> EXEC: ( umask 77 && mkdir -p "` echo /.ansible/tmp `"&& mkdir "` echo /.ansible/tmp/ansible-tmp-1705620658.0062428-14-37554500730912 `" && echo ansible-tmp-1705620658.0062428-14-37554500730912="` echo /.ansible/tmp/ansible-tmp-1705620658.0062428-14-37554500730912 `" )
<i-0122aa34404b60c2f> _wrap_command: 
'printf '%s\n' 'NTPpXqDVJMsyyrxyYDFemdqtSw';
echo | ( umask 77 && mkdir -p "` echo /.ansible/tmp `"&& mkdir "` echo /.ansible/tmp/ansible-tmp-1705620658.0062428-14-37554500730912 `" && echo ansible-tmp-1705620658.0062428-14-37554500730912="` echo /.ansible/tmp/ansible-tmp-1705620658.0062428-14-37554500730912 `" );
printf '\n%s\n%s\n' "$?" 'OXNunbzLJbAoLvaFcxEyfhjTRo';
'
<i-0122aa34404b60c2f> EXEC stdout line: 

<i-0122aa34404b60c2f> EXEC stdout line: 
NTPpXqDVJMsyyrxyYDFemdqtSw
<i-0122aa34404b60c2f> EXEC stdout line: 

<i-0122aa34404b60c2f> EXEC stdout line: 
mkdir: cannot create directory ‘2004h2004l’: Permission denied
<i-0122aa34404b60c2f> EXEC stdout line: 

<i-0122aa34404b60c2f> EXEC stdout line: 

<i-0122aa34404b60c2f> EXEC stdout line: 
1
<i-0122aa34404b60c2f> EXEC stdout line: 
OXNunbzLJbAoLvaFcxEyfhjTRo
<i-0122aa34404b60c2f> POST_PROCESS: 

mkdir: cannot create directory ‘2004h2004l’: Permission denied

1
<i-0122aa34404b60c2f> POST_PROCESSED: 

mkdir: cannot create directory ‘2004h2004l’: Permission denied

<i-0122aa34404b60c2f> ssm_retry: (success) (1, '\x1b[?2004h\x1b[?2004l\r\r\r\nmkdir: cannot create directory ‘2004h2004l’: Permission denied\r\r\n\x1b[?2004h\x1b[?2004l\r\r\r', '')
<i-0122aa34404b60c2f> CLOSING SSM CONNECTION TO: i-0122aa34404b60c2f
<i-0122aa34404b60c2f> TERMINATE SSM SESSION: EastridgeGitlabImage-0b26d098cd8ea5e5b
fatal: [i-0122aa34404b60c2f]: UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to create temporary directory. In some cases, you may have been able to authenticate and did not have permissions on the target directory. Consider changing the remote tmp path in ansible.cfg to a path rooted in \"/tmp\", for more error information use -vvv. Failed command was: ( umask 77 && mkdir -p \"` echo \u001b[?2004h\u001b[?2004l/.ansible/tmp `\"&& mkdir \"` echo \u001b[?2004h\u001b[?2004l/.ansible/tmp/ansible-tmp-1705620658.0062428-14-37554500730912 `\" && echo ansible-tmp-1705620658.0062428-14-37554500730912=\"` echo \u001b[?2004h\u001b[?2004l/.ansible/tmp/ansible-tmp-1705620658.0062428-14-37554500730912 `\" ), exited with result 1, stdout output: \u001b[?2004h\u001b[?2004l\r\r\r\nmkdir: cannot create directory ‘2004h2004l’: Permission denied\r\r\n\u001b[?2004h\u001b[?2004l\r\r\r",
    "unreachable": true
}

PLAY RECAP *********************************************************************
i-0122aa34404b60c2f        : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0

Code of Conduct

tremble commented 9 months ago

Thanks for taking the time to open this issue.

This looks like a duplicate of #1756 please try upgrading to community.aws 7.1.0.

eastridge-admins commented 9 months ago

@tremble That did the trick it's working now. Thanks for the help!

DenisMkS commented 1 month ago

I have the same issue. community.aws 8.0.0

inventory (values redacted): instance-name ansible_host=i-1234567890 ansible_connection=aws_ssm ansible_aws_ssm_region=eu-west-1 ansible_aws_ssm_profile=profile ansible_aws_ssm_bucket_name=bucket_name

command: ansible -i inventory instance-name -m ping -vvvvv

error:

<i-123456789> EXEC: echo ~ubuntu
<i-123456789> _wrap_command: 
'printf '%s\n' 'RGZrWnmddYCIcPkSEmczRrvgrp';
echo | echo ~ubuntu;
printf '\n%s\n%s\n' "$?" 'MnvXNiVCbxgLnDpgxnnhTZiswi';
'
<i-123456789> EXEC stdout line: 
RGZrWnmddYCIcPkSEmczRrvgrp
<i-123456789> EXEC stdout line: 
/home/ubuntu
<i-123456789> EXEC stdout line: 

<i-123456789> EXEC stdout line: 
0
<i-123456789> EXEC stdout line: 
MnvXNiVCbxgLnDpgxnnhTZiswi
<i-123456789> POST_PROCESS: 
/home/ubuntu

0
<i-123456789> POST_PROCESSED: 
/home/ubuntu
<i-123456789> ssm_retry: (success) (0, '/home/ubuntu\r\r', '')
<i-123456789> EXEC: ( umask 77 && mkdir -p "` echo /home/ubuntu/.ansible/tmp `"&& mkdir "` echo /home/ubuntu/.ansible/tmp/ansible-tmp-1727455054.3445492-51980-98379523949974 `" && echo ansible-tmp-1727455054.3445492-51980-98379523949974="` echo /home/ubuntu/.ansible/tmp/ansible-tmp-1727455054.3445492-51980-98379523949974 `" )
<i-123456789> _wrap_command: 
'printf '%s\n' 'zLNzInkYZFFCjAiCtvvtiHOaXV';
echo | ( umask 77 && mkdir -p "` echo /home/ubuntu/.ansible/tmp `"&& mkdir "` echo /home/ubuntu/.ansible/tmp/ansible-tmp-1727455054.3445492-51980-98379523949974 `" && echo ansible-tmp-1727455054.3445492-51980-98379523949974="` echo /home/ubuntu/.ansible/tmp/ansible-tmp-1727455054.3445492-51980-98379523949974 `" );
printf '\n%s\n%s\n' "$?" 'FQYPbSfkMFprbwBwCkBMfBotLr';
'
<i-123456789> EXEC stdout line: 
zLNzInkYZFFCjAiCtvvtiHOaXV
<i-123456789> EXEC stdout line: 
mkdir: cannot create directory ‘/home/ubuntu’: Permission denied
<i-123456789> EXEC stdout line: 

<i-123456789> EXEC stdout line: 
1
<i-123456789> EXEC stdout line: 
FQYPbSfkMFprbwBwCkBMfBotLr
<i-123456789> POST_PROCESS: 
mkdir: cannot create directory ‘/home/ubuntu’: Permission denied

1
<i-123456789> POST_PROCESSED: 
mkdir: cannot create directory ‘/home/ubuntu’: Permission denied
<i-123456789> ssm_retry: (success) (1, 'mkdir: cannot create directory ‘/home/ubuntu’: Permission denied\r\r', '')
<i-123456789> CLOSING SSM CONNECTION TO: i-123456789
<i-123456789> TERMINATE SSM SESSION: User-Name-yg45vxdgipzb6r2us9nfdlfpsq
instance-name | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to create temporary directory. In some cases, you may have been able to authenticate and did not have permissions on the target directory. Consider changing the remote tmp path in ansible.cfg to a path rooted in \"/tmp\", for more error information use -vvv. Failed command was: ( umask 77 && mkdir -p \"` echo /home/ubuntu/.ansible/tmp `\"&& mkdir \"` echo /home/ubuntu/.ansible/tmp/ansible-tmp-1727455054.3445492-51980-98379523949974 `\" && echo ansible-tmp-1727455054.3445492-51980-98379523949974=\"` echo /home/ubuntu/.ansible/tmp/ansible-tmp-1727455054.3445492-51980-98379523949974 `\" ), exited with result 1, stdout output: mkdir: cannot create directory ‘/home/ubuntu’: Permission denied\r\r",
    "unreachable": true
}