Problem: Permissions issues when cloning repository and compiling themes on CentOS

[mamedin]

I had some issues when cloning repositories and compiling themes on CentOS:

TASK [artefactual.atom : Pull new code] ***************************************************************************************************************************************************************************
fatal: [dogwood1]: FAILED! => {"changed": false, "cmd": ["/usr/bin/git", "fetch", "origin"], "msg": "Failed to download remote objects and refs:  error: cannot open .git/FETCH_HEAD: Permission denied\n\n"}

TASK [artefactual.atom : Build selected AtoM themes (CentOS/RH)] **************************************************************************************************************************************************
failed: [dogwood1] (item={u'build_cmd': u'make', u'path': u'/usr/share/nginx/dogwood/atom-a0af67a4a5180d0f825fe028a4760bb908500609/plugins/arDominionPlugin'}) => {"ansible_loop_var": "item", "changed": true, "cmd": ["scl", "enable", "rh-nodejs6", "make"], "delta": "0:00:00.016848", "end": "2020-09-08 03:55:52.355034", "item": {"build_cmd": "make", "path": "/usr/share/nginx/dogwood/atom-a0af67a4a5180d0f825fe028a4760bb908500609/plugins/arDominionPlugin"}, "msg": "non-zero return code", "rc": 2, "start": "2020-09-08 03:55:52.338186", "stderr": "/bin/sh: css/main.css: Permission denied\nmake: *** [less] Error 1", "stderr_lines": ["/bin/sh: css/main.css: Permission denied", "make: *** [less] Error 1"], "stdout": "Running LESS compiler...\nlessc --compress --relative-urls css/main.less > css/main.css", "stdout_lines": ["Running LESS compiler...", "lessc --compress --relative-urls css/main.less > css/main.css"]}
failed: [dogwood1] (item={u'build_cmd': u'make', u'path': u'/usr/share/nginx/dogwood/atom-a0af67a4a5180d0f825fe028a4760bb908500609/plugins/arArchivesCanadaPlugin'}) => {"ansible_loop_var": "item", "changed": true, "cmd": ["scl", "enable", "rh-nodejs6", "make"], "delta": "0:00:00.013155", "end": "2020-09-08 03:55:56.817192", "item": {"build_cmd": "make", "path": "/usr/share/nginx/dogwood/atom-a0af67a4a5180d0f825fe028a4760bb908500609/plugins/arArchivesCanadaPlugin"}, "msg": "non-zero return code", "rc": 2, "start": "2020-09-08 03:55:56.804037", "stderr": "/bin/sh: css/min.css: Permission denied\nmake: *** [less] Error 1", "stderr_lines": ["/bin/sh: css/min.css: Permission denied", "make: *** [less] Error 1"], "stdout": "Running LESS compiler...\nlessc --compress --relative-urls css/main.less > css/min.css", "stdout_lines": ["Running LESS compiler...", "lessc --compress --relative-urls css/main.less > css/min.css"]}

[mamedin]

I could fix the issue using in these tasks:

become: "yes"
become_user: "atom_user" 

[mamedin]

Seems related to an umask issue. The user I was using in my deploy had umask 0022, and it makes to fail the tasks.

Changing theansible_ssh_user umask to 0002 fixes the issue. (Was changed in $HOME/.bashrc)

CentOS set the masks for the user in /etc/profile file, this section:

# By default, we want umask to get set. This sets it for login shell
# Current threshold for system reserved uid/gids is 200
# You could check uidgid reservation validity in
# /usr/share/doc/setup-*/uidgid file
if [ $UID -gt 199 ] && [ "`/usr/bin/id -gn`" = "`/usr/bin/id -un`" ]; then
    umask 002
else
    umask 022
fi

That's the reason this user had umask 022.

I have checked other Atom2.6 deployments on CentOS and it worked because they were using umask 002 for ansible_ssh_user, so it seems we don't need to change the role.