Open jochen314 opened 1 year ago
I'm not able to reproduce. Can you share more details?
Ok, i guess it is more complicated, than i thought.... What we do: we have a role to setup our development environment in a AWS virtual machine. As part of the role, we have the following tasks:
- name: install terraform
include_role:
name: giner.tfenv
apply:
tags:
- terraform
vars:
tfenv_user: ubuntu
tags:
- terraform
When we run this 'normally', everything is fine.
But we want to run the ansible play using the AWS Stage Manager using the AWS-ApplyAnsiblePlaybooks command. Our understand is, that this executes:
#!/bin/bash
[...]
ansible-playbook -i "localhost," -c local -e "" "-v" "play.yml"
as root.
But then we get an error:
TASK [install terrform] ********************************************************
TASK [giner.tfenv : Install dependencies] **************************************
ok: [localhost] => {"cache_update_time": 1670411020, "cache_updated": false, "changed": false}
TASK [giner.tfenv : Set default tfenv_user] ************************************
skipping: [localhost] => {"changed": false, "skip_reason": "Conditional result was False"}
TASK [giner.tfenv : Read user's entry] *****************************************
ok: [localhost] => {"ansible_facts": {"getent_passwd": {"ubuntu": ["x", "1000", "1000", "Jochen", "/home/ubuntu", "/bin/bash"]}}, "changed": false}
TASK [giner.tfenv : Set tfenv_user_home (based on getent passwd)] **************
ok: [localhost] => {"ansible_facts": {"tfenv_user_home": "/home/ubuntu"}, "changed": false}
TASK [giner.tfenv : Set default tfenv_dir] *************************************
ok: [localhost] => {"ansible_facts": {"tfenv_dir": "/home/ubuntu/.tfenv"}, "changed": false}
TASK [giner.tfenv : Set default tfenv_bindir] **********************************
ok: [localhost] => {"ansible_facts": {"tfenv_bindir": "/home/ubuntu/bin"}, "changed": false}
TASK [giner.tfenv : Clone tfenv repo] ******************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed to set a new url https://github.com/tfutils/tfenv for origin: fatal: detected dubious ownership in repository at '/home/ubuntu/.tfenv'\nTo add an exception for this directory, call:\n\n\tgit config --global --add safe.directory /home/ubuntu/.tfenv\n"}
So a some point, the ownership of the git repository does not match the user executing the git clone
command.
But I also could not reproduce the problem without going through the whole process with AWS RunCommand :-(
But my understand of the documention is, that become_user
is ignored, if not also accompanied with become: yes
.
Is that wrong?
You are right. If ansible user and tfenv_user are different then become
is necessary. become
can be applied to include_role
in the playbook,
The script does not work, when executed locally as root user. The script does not correctly switch to the tfenv_user user
does not correctly switch the user.
The docu says: