Open mnaser opened 7 months ago
The issue is reproductible, however I am wondering if this is not intended, because using the ansible.builtin.copy
module we are reaching to the same issue
- copy:
src: /etc/kubernetes/admin.conf
dest: '{{ dest }}'
become: true
Here is the output
TASK [copy] **************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"msg": "an error occurred while trying to read the file '/etc/kubernetes/admin.conf': [Errno 13] Permission denied: b'/etc/kubernetes/admin.conf'. [Errno 13] Permission denied: b'/etc/kubernetes/admin.conf'"}
It seems like there is a weird overall behaviour with action modules not being executed as root.. I feel like maybe this is an Ansible bug?
Hello,
we are having the same problem: we want to run the module kubernets.core.k8s_info
on localhost
using a kubeconfig
that is only readable by root (we do not want to run the whole playbook as root though). Setting become: true
does not have the desired behaviour (as in this issue's description).
In my opinion, this is not an Ansible bug.
This behaviour is fine with the copy
module, since copy
works from "local" to "remote" and expects by default the source to be found locally. become
directives do not work on "local". You can work around that with copy by doing something like this:
---
- hosts: all
gather_facts: false
tasks:
- name: Copy
ansible.builtin.copy:
src: /root/test.txt
dest: /root/text-copy.txt
remote_src: true
become: true
delegate_to: localhost
Specifically: remote_src: true
forces Ansible to take the source from "remote" (which in this case is still localhost due to delegate_to
) and apply the become
directives.
k8s_info
should always look for the kubeconfig on "remote", which is why this behaviour suprises me.
I think this is because there is a part of this module that runs as an action module (which run locally), that part is the one that breaks!
SUMMARY
When using the Kubernetes modules with
connection_type
set tolocal
, andbecome
set totrue
, the modules fail if thekubeconfig
path is not accessible by the user running Ansible.For example, I set
kubeconfig
to/etc/kubernetes/admin.conf
, my task hasbecome
set totrue
and I am running the playbook as the userubuntu
.It will try to read
/etc/kubernetes/admin.conf
and fail.ISSUE TYPE
COMPONENT NAME
kubernetes.core.k8s_cluster_info
ANSIBLE VERSION
COLLECTION VERSION
CONFIGURATION
OS / ENVIRONMENT
STEPS TO REPRODUCE
EXPECTED RESULTS
No crash
ACTUAL RESULTS