search

ansible / ansible

Ansible is a radically simple IT automation platform that makes your applications and systems easier to deploy and maintain. Automate everything from code deployment to network configuration to cloud management, in a language that approaches plain English, using SSH, with no agents to install on remote systems. https://docs.ansible.com.
https://www.ansible.com/
GNU General Public License v3.0
62.42k stars 23.82k forks source link

Ansible podman connector fails because of denied permissions of files copy #57740

Closed sshnaidm closed 5 years ago

sshnaidm commented 5 years ago
SUMMARY

Using podman connection plugin with ansible - it fails to run and reports permission denied error: PermissionError: [Errno 13] Permission denied: b'/root/.ansible/tmp/ansible-tmp-1560332641.0692234-230169342520221/AnsiballZ_setup.py'

On Fedora29 podman can't mount rootless containers, it fails with error: Error: cannot mount using driver overlay in rootless mode In the plugin the error isn't handled and mount point is empty, which causes copying ansible temporary files to /root/.ansible/tmp on the localhost, not to container itself. It should support direct copy of files using "podman cp" without mount if it's not available on the current system. (Also may need support for root containers, but it's a different story) Also podman plugin should fail on errors when copying files or encounter any other problem, not continue to work silently.

ISSUE TYPE
COMPONENT NAME

ansible-podman

ANSIBLE VERSION
ansible 2.9.0.dev0
  config file = /home/sshnaidm/.ansible.cfg
  configured module search path = ['/home/sshnaidm/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/sshnaidm/venvs/molecule-dev/lib/python3.7/site-packages/ansible
  executable location = /home/sshnaidm/venvs/molecule-dev/bin/ansible
  python version = 3.7.3 (default, May 11 2019, 00:45:16) [GCC 8.3.1 20190223 (Red Hat 8.3.1-2)]
CONFIGURATION
DEFAULT_CALLBACK_PLUGIN_PATH(/home/sshnaidm/.ansible.cfg) = ['/home/sshnaidm/ansible_plugins']
DEFAULT_CALLBACK_WHITELIST(/home/sshnaidm/.ansible.cfg) = ['profile_tasks']
DEFAULT_HASH_BEHAVIOUR(/home/sshnaidm/.ansible.cfg) = merge
DEFAULT_LOG_PATH(/home/sshnaidm/.ansible.cfg) = /home/sshnaidm/ansible_logs
DEFAULT_STDOUT_CALLBACK(/home/sshnaidm/.ansible.cfg) = debug
HOST_KEY_CHECKING(/home/sshnaidm/.ansible.cfg) = False
OS / ENVIRONMENT
Fedora release 29 (Twenty Nine)
Linux h 5.0.17-200.fc29.x86_64 #1 SMP Mon May 20 15:39:10 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
STEPS TO REPRODUCE

start container:

podman run -d --name testc --rm python:3.6 sleep 1d

playbook file:

- hosts: testc
  connection: podman

  tasks:
    - name: Install it
      package:
        name: vim
        state: latest

inventory file:

testc ansible_host=testc ansible_connection=podman

command to run:

ansible-playbook -v /tmp/pod.yaml -i inventory
EXPECTED RESULTS

Ansible connects to running testc container and install there vim.

ACTUAL RESULTS
ansible-playbook 2.9.0.dev0
  config file = /home/sshnaidm/.ansible.cfg
  configured module search path = ['/home/sshnaidm/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/sshnaidm/venvs/molecule-dev/lib/python3.7/site-packages/ansible
  executable location = /home/sshnaidm/venvs/molecule-dev/bin/ansible-playbook
  python version = 3.7.3 (default, May 11 2019, 00:45:16) [GCC 8.3.1 20190223 (Red Hat 8.3.1-2)]
Using /home/sshnaidm/.ansible.cfg as config file
setting up inventory plugins
host_list declined parsing /tmp/test-inv as it did not pass its verify_file() method
script declined parsing /tmp/test-inv as it did not pass its verify_file() method
auto declined parsing /tmp/test-inv as it did not pass its verify_file() method
Parsed /tmp/test-inv inventory source with ini plugin
Loading callback plugin debug of type stdout, v2.0 from /home/sshnaidm/venvs/molecule-dev/lib/python3.7/site-packages/ansible/plugins/callback/debug.py
Loading callback plugin profile_tasks of type aggregate, v2.0 from /home/sshnaidm/venvs/molecule-dev/lib/python3.7/site-packages/ansible/plugins/callback/profile_tasks.py

PLAYBOOK: pod.yaml ************************************************************************************************************************************************************************************************
Positional arguments: /tmp/pod.yaml
verbosity: 4
connection: smart
timeout: 10
become_method: sudo
tags: ('all',)
inventory: ('/tmp/test-inv',)
forks: 5
1 plays in /tmp/pod.yaml

PLAY [testc] ******************************************************************************************************************************************************************************************************

TASK [Gathering Facts] ********************************************************************************************************************************************************************************************
task path: /tmp/pod.yaml:1
Wednesday 12 June 2019  12:44:01 +0300 (0:00:00.027)       0:00:00.027 ******** 
<testc> RUN [b'podman', b'mount', b'testc']
<testc> RUN [b'podman', b'exec', b'testc', b'/bin/sh', b'-c', b'echo ~ && sleep 0']
<testc> RUN [b'podman', b'exec', b'testc', b'/bin/sh', b'-c', b'( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-tmp-1560332641.0692234-230169342520221 `" && echo ansible-tmp-1560332641.0692234-230169342520221="` echo /root/.ansible/tmp/ansible-tmp-1560332641.0692234-230169342520221 `" ) && sleep 0']
<testc> Attempting python interpreter discovery
<testc> RUN [b'podman', b'exec', b'testc', b'/bin/sh', b'-c', b"echo PLATFORM; uname; echo FOUND; command -v '/usr/bin/python'; command -v 'python3.7'; command -v 'python3.6'; command -v 'python3.5'; command -v 'python2.7'; command -v 'python2.6'; command -v '/usr/libexec/platform-python'; command -v '/usr/bin/python3'; command -v 'python'; echo ENDFOUND && sleep 0"]
<testc> Python interpreter discovery fallback (pipelining support required for extended interpreter discovery)
Using module file /home/sshnaidm/venvs/molecule-dev/lib/python3.7/site-packages/ansible/modules/system/setup.py
<testc> PUT /home/sshnaidm/.ansible/tmp/ansible-local-8288hqjec7rg/tmp9io85ha4 TO /root/.ansible/tmp/ansible-tmp-1560332641.0692234-230169342520221/AnsiballZ_setup.py
The full traceback is:
Traceback (most recent call last):
  File "/home/sshnaidm/venvs/molecule-dev/lib/python3.7/site-packages/ansible/executor/task_executor.py", line 145, in run
    res = self._execute()
  File "/home/sshnaidm/venvs/molecule-dev/lib/python3.7/site-packages/ansible/executor/task_executor.py", line 635, in _execute
    result = self._handler.run(task_vars=variables)
  File "/home/sshnaidm/venvs/molecule-dev/lib/python3.7/site-packages/ansible/plugins/action/gather_facts.py", line 70, in run
    res = self._execute_module(module_name=fact_module, module_args=mod_args, task_vars=task_vars, wrap_async=False)
  File "/home/sshnaidm/venvs/molecule-dev/lib/python3.7/site-packages/ansible/plugins/action/__init__.py", line 836, in _execute_module
    self._transfer_data(remote_module_path, module_data)
  File "/home/sshnaidm/venvs/molecule-dev/lib/python3.7/site-packages/ansible/plugins/action/__init__.py", line 447, in _transfer_data
    self._transfer_file(afile, remote_path)
  File "/home/sshnaidm/venvs/molecule-dev/lib/python3.7/site-packages/ansible/plugins/action/__init__.py", line 424, in _transfer_file
    self._connection.put_file(local_path, remote_path)
  File "/home/sshnaidm/venvs/molecule-dev/lib/python3.7/site-packages/ansible/plugins/connection/podman.py", line 128, in put_file
    to_bytes(real_out_path, errors='surrogate_or_strict')
  File "/home/sshnaidm/venvs/molecule-dev/lib64/python3.7/shutil.py", line 121, in copyfile
    with open(dst, 'wb') as fdst:
PermissionError: [Errno 13] Permission denied: b'/root/.ansible/tmp/ansible-tmp-1560332641.0692234-230169342520221/AnsiballZ_setup.py'

fatal: [testc]: FAILED! => {}

MSG:

Unexpected failure during module execution.

PLAY RECAP ********************************************************************************************************************************************************************************************************
testc                      : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0   

Wednesday 12 June 2019  12:44:02 +0300 (0:00:01.563)       0:00:01.590 ******** 
=============================================================================== 
Gathering Facts -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.56s
/tmp/pod.yaml:1 --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
ansibot commented 5 years ago

Files identified in the description: None

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

sivel commented 5 years ago

!component =lib/ansible/plugins/connection/podman.py

ansibot commented 5 years ago

Files identified in the description:

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

ansibot commented 5 years ago

cc @TomasTomecek click here for bot help

sshnaidm commented 5 years ago

Should be solved in https://github.com/ansible/ansible/pull/57741