search

csmart / ansible-role-virt-infra

Define and manage guests and networks on a KVM host with Ansible
GNU General Public License v3.0
67 stars 48 forks source link

Add Host to SSH config fails #35

Closed sluetze closed 3 years ago

sluetze commented 3 years ago

Hi, I'm trying to use the role to setup kvm + some vms (as it is intended). I'm using a REMOTE Host as target which is connected by a user "ansible", while i am logged in as user "USER" 

ansible_user: ansible
$ whoami
  USER

Add Host to SSH config fails 

An exception occurred during task execution. To see the full traceback, use -vvv. The error was: PermissionError: [Errno 13] Permission denied: b'/home/ansible/.ansible/tmp/ansible-moduletmp-1610370013.9305496-fk8n7156/tmp048j2a7t' -> b'/home/USER/.ssh/config'
failed: [remotehost -> x.x.x.x] (item=example-ubuntu-focal) => {"ansible_loop_var": "item", "changed": false, "item": "example-ubuntu-focal", "msg": "The destination directory (/home/USER/.ssh) is not writable by the current user. Error was: [Errno 13] Permission denied: b'/home/USER/.ssh/.ansible_tmpgqbw_lcnconfig'"}

this permission issue is for roles/ansible-role-virt-infra/tasks/wait.yml (ssh-fingerprint) and roles/ansible-role-virt-infra/tasks/hosts_add.yml (ssh-key addition)

This seems to be fixable easily by changing become: false to become: true for the add host task. while this is easy for me i am not quite sure if the result is wanted, or if the lookup has to be changed to use the "ansible_user" and the homedir of that user.

while adding the key to the known hosts, the owner also must get set.

sluetze commented 3 years ago

I digged into this a little deeper.

lookup('ENV' 'HOME') does a lookup on the ENV on the CONTROLLER. The docs state:

Allows you to query the environment variables available on the controller when you invoked Ansible.

Since my ansible_user (ansible) is not equal to my local user, the error is thrown

I think there are two possible solutions

  1. create the configs on LOCALHOST, so delegate_to: localhost could be sufficient. I'm not sure if this fixes it completely.
  2. use facts instead of lookup('ENV'). This is the cleaner approach since it definitivley fixes it and uses ansible best practices. the penalty of gather_facts is not that high in comparison for the runtime of whole role.

I'll file a PR for Solution 2