Closed grosmanal closed 2 years ago
Not sure what to do here as this seems to be a problem related to the way Ansible works + your setup
Hello,
To fix that, I add a before setup tasks :
- name: Fix bug with git ssh key
file:
path: "{{ ansistrano_deploy_to }}/git_identity_key"
mode: u+r
ignore_errors: true
no_log: true
But I think there is a problem with the role.
I encounter the issue too. Indeed, it seems this issue happens when the key on the destination path is on a different partition than the home directory of the user used by Ansible. In this case and as it was said in the first post, Ansible needs the read permissions on the destination file. Also, this issue shouldn't occur if we use the root user because this user can read all files even if there is no read permissions.
The issue doesn't happen anymore when I use the fix suggested on the previous message of this thread. Also, if I remove the shred task (ANSISTRANO | GIT | Shred GIT deployment key), the issue doesn't happen anymore too.
Before the shred task, the key file on the destination path has the 400 permissions and after the shred task, the permissions are set to 200. Then the issue occurs because the read permissions are missing.
Could we get rid of the shred task or add a variable to activate it or not ?
We certainly can add a boolean to make the shred task optional for cases like yours if it causes a problem in your particular setups. If you can please submit a PR with a boolean default to keep the shred step I will merge it straight away
Also, if you can refer to this issue in the README.md when documenting the new variable that will be helpful for other users
Hello.
As you suggested, I've submitted a pull request (with your recommandations) to fix this issue and give the ability not to execute the shred command.
Hello @ricardclau Please can you create a new tag with this commit if possible ? Thank you !! :)
Sorry, real life came in after merging, 3.11.0 is being baked at the moment, please allow some minutes for Travis to finish and post to Ansible Galaxy. Thanks for your contribution!
The tag has been created. Thank you. This issue can be closed now.
Sorry to reopen the case but it seems the tag still doesn't appear on the Ansible Galaxy, is there an issue with the CI ?
New issue opened for the missing tag on Ansible Galaxy : https://github.com/ansistrano/deploy/issues/382
Hello, Deployment with ansistrano failed on step : Ensure GIT deployment key is up to date (local key file). Here is the error log with maximum ansible verbosity :
After some research, I found the issue is caused by the presence of partitions on the target deployment host. Ansistrano overwrites
git_identity_key
file each time the deploy script is launched. According to this, the permission of this file has to be 400 (nobody can read it). In case of a unique partition filesystem, moving the file from temporary ansible directory to the «ansistrano deploy to» directory, python does not need to read the file, it only change «filesystem table of contents» (I suppose). This works fineBut in case of multiple partitions filesystem, more specifically : if the home of the remote user used by ansible (
localadmin
for me) is on a different partition of the deployment directory (ansistrano_deploy_to value,/opt/webserviceBUG
in the previous log), python need to read the file to copy the content on another filesystem before removing the file. Because of the lack of read permission python failed to open the file in the ansible temporary directory.As a workaround, I found that deleting
git_identity_key
inansible_deploy_to
directory before trying to overwrite it doesn't trigger this issue (and I don't understand why)