*I got it reoslved by using a different user. running packer under root will not escalate the privilege to root. not sure if it's a bug or something. *
On Fri, Feb 22, 2019 at 3:37 PM Jason Yu <[email protected]> wrote: > Here is the output with --vvv option: > > > amazon-ebs: TASK [Remove AWS RHUI repos] > *************************************************** > amazon-ebs: failed: [default] (item=/etc/yum.repos.d/redhat-rhui.repo) > => {"changed": false, "gid": 0, "group": "root", "item": > "/etc/yum.repos.d/redhat-rhui.repo", "mode": "0644", "msg": "unlinking > failed: [Errno 13] Permission denied: '/etc/yum.repos.d/redhat-rhui.repo' > ", "owner": "root", "path": "/etc/yum.repos.d/redhat-rhui.repo", > "secontext": "system_u:object_r:system_conf_t:s0", "size": 8679, "state": > "file", "uid": 0} > amazon-ebs: failed: [default] > (item=/etc/yum.repos.d/rhui-load-balancers.conf) => {"changed": false, > "gid": 0, "group": "root", "item": > "/etc/yum.repos.d/rhui-load-balancers.conf", "mode": "0644", "msg": > "unlinking failed: [Errno 13] Permission denied: > '/etc/yum.repos.d/rhui-load-balancers.conf' ", "owner": "root", "path": > "/etc/yum.repos.d/rhui-load-balancers.conf", "secontext": > "system_u:object_r:system_conf_t:s0", "size": 80, "state": "file", "uid": 0} > amazon-ebs: failed: [default] > (item=/etc/yum.repos.d/redhat-rhui-client-config.repo) => {"changed": > false, "gid": 0, "group": "root", "item": > "/etc/yum.repos.d/redhat-rhui-client-config.repo", "mode": "0644", "msg": > "unlinking failed: [Errno 13] Permission denied: > '/etc/yum.repos.d/redhat-rhui-client-config.repo' ", "owner": "root", > "path": "/etc/yum.repos.d/redhat-rhui-client-config.repo", "secontext": > "system_u:object_r:system_conf_t:s0", "size": 607, "state": "file", "uid": > 0} > amazon-ebs: failed: [default] > (item=/etc/yum/pluginconf.d/amazon-id.conf) => {"changed": false, "gid": 0, > "group": "root", "item": "/etc/yum/pluginconf.d/amazon-id.conf", "mode": > "0644", "msg": "unlinking failed: [Errno 13] Permission denied: > '/etc/yum/pluginconf.d/amazon-id.conf' ", "owner": "root", "path": > "/etc/yum/pluginconf.d/amazon-id.conf", "secontext": > "system_u:object_r:etc_t:s0", "size": 17, "state": "file", "uid": 0} > amazon-ebs: failed: [default] > (item=/etc/yum/pluginconf.d/rhui-lb.conf) => {"changed": false, "gid": 0, > "group": "root", "item": "/etc/yum/pluginconf.d/rhui-lb.conf", "mode": > "0644", "msg": "unlinking failed: [Errno 13] Permission denied: > '/etc/yum/pluginconf.d/rhui-lb.conf' ", "owner": "root", "path": > "/etc/yum/pluginconf.d/rhui-lb.conf", "secontext": > "system_u:object_r:etc_t:s0", "size": 74, "state": "file", "uid": 0} > amazon-ebs: to retry, use: --limit > @/workdir/Ansible/playbooks/common/Configure_Base_Linux.retry > amazon-ebs: > amazon-ebs: PLAY RECAP > ********************************************************************* > amazon-ebs: default : ok=6 changed=3 > unreachable=0 failed=1 > amazon-ebs: > ==> amazon-ebs: Terminating the source AWS instance... > ==> amazon-ebs: Cleaning up any extra volumes... > ==> amazon-ebs: No volumes to clean up, skipping > ==> amazon-ebs: Deleting temporary security group... > ==> amazon-ebs: Deleting temporary keypair... > Build 'amazon-ebs' errored: Error executing Ansible: Non-zero exit status: > exit status 2 > > > > > > > > On Friday, February 22, 2019 at 3:28:09 PM UTC-8, Jason Yu wrote: >> >> Dear Ansible Gurus and friends: >> >> I have the following ansible script to remove the default AWS repos on an >> new created RHEL ec2 instance from Packer. >> >> It works well untill the "Remove AWS RHUI repos" module. For some reason, >> the privilege escalation doesn't work for this native file module. However, >> if I use the command module with a sudo command, it works fine as " sudo >> rm -rf /etc/yum.repos.d/redhat-rhui.repo" >> >> I could not figure out why it behaves like this. Could anyone help me >> with this ? I have been stucked here for a few days for deliver this Packer >> script with ansible calls. >> >> >> >> >> - name: Configure BASE Linux Servers >> hosts: linux >> gather_facts: true >> become: yes >> become_user: root >> become_method: su >> pre_tasks: >> - name: Debug >> raw: sleep 1 >> - name: get the username running the deploy >> become: false >> local_action: command whoami >> register: username_on_the_host >> - debug: var=username_on_the_host >> >> - name: Show /etc/ssh/sshd_config file content >> command: sudo cat /etc/ssh/sshd_config >> register: cat >> become: yes >> become_method: su >> become_user: root >> - debug: var=cat.stdout_lines >> >> - name: Remove AWS RHUI repos >> file: >> path: "{{ item }}" >> state: absent >> force: yes >> with_items: >> - /etc/yum.repos.d/redhat-rhui.repo >> - /etc/yum.repos.d/rhui-load-balancers.conf >> - /etc/yum.repos.d/redhat-rhui-client-config.repo >> - /etc/yum/pluginconf.d/amazon-id.conf >> - /etc/yum/pluginconf.d/rhui-lb.conf >> >> >> roles: >> - { role: linux_common, tags: linux_common } >> - { role: deep_security_agent, tags: deep_security_agent } >> >> >> >> >> The error is like below: >> >> amazon-ebs: TASK [Remove AWS RHUI repos] >> *************************************************** >> amazon-ebs: failed: [default] >> (item=/etc/yum.repos.d/redhat-rhui.repo) => {"changed": false, "gid": 0, >> "group": "root", "item": "/etc/yum.repos.d/redhat-rhui.repo", "mode": >> "0644", "msg": "unlinking failed: *[Errno 13] **Permission denied: >> '/etc/yum.repos.d/redhat-rhui.repo' ", *"owner": "root", "path": >> "/etc/yum.repos.d/redhat-rhui.repo", "secontext": >> "system_u:object_r:system_conf_t:s0", "size": 8679, "state": "file", "uid": >> 0} >> amazon-ebs: failed: [default] >> (item=/etc/yum.repos.d/rhui-load-balancers.conf) => {"changed": false, >> "gid": 0, "group": "root", "item": >> "/etc/yum.repos.d/rhui-load-balancers.conf", "mode": "0644", "msg": >> "unlinking failed: [Errno 13] Permission denied: >> '/etc/yum.repos.d/rhui-load-balancers.conf' ", "owner": "root", "path": >> "/etc/yum.repos.d/rhui-load-balancers.conf", "secontext": >> "system_u:object_r:system_conf_t:s0", "size": 80, "state": "file", "uid": 0} >> amazon-ebs: failed: [default] >> (item=/etc/yum.repos.d/redhat-rhui-client-config.repo) => {"changed": >> false, "gid": 0, "group": "root", "item": >> "/etc/yum.repos.d/redhat-rhui-client-config.repo", "mode": "0644", "msg": >> "unlinking failed: [Errno 13] Permission denied: >> '/etc/yum.repos.d/redhat-rhui-client-config.repo' ", "owner": "root", >> "path": "/etc/yum.repos.d/redhat-rhui-client-config.repo", "secontext": >> "system_u:object_r:system_conf_t:s0", "size": 607, "state": "file", "uid": >> 0} >> amazon-ebs: failed: [default] >> (item=/etc/yum/pluginconf.d/amazon-id.conf) => {"changed": false, "gid": 0, >> "group": "root", "item": "/etc/yum/pluginconf.d/amazon-id.conf", "mode": >> "0644", "msg": "unlinking failed: [Errno 13] Permission denied: >> '/etc/yum/pluginconf.d/amazon-id.conf' ", "owner": "root", "path": >> "/etc/yum/pluginconf.d/amazon-id.conf", "secontext": >> "system_u:object_r:etc_t:s0", "size": 17, "state": "file", "uid": 0} >> amazon-ebs: failed: [default] >> (item=/etc/yum/pluginconf.d/rhui-lb.conf) => {"changed": false, "gid": 0, >> "group": "root", "item": "/etc/yum/pluginconf.d/rhui-lb.conf", "mode": >> "0644", "msg": "unlinking failed: [Errno 13] Permission denied: >> '/etc/yum/pluginconf.d/rhui-lb.conf' ", "owner": "root", "path": >> "/etc/yum/pluginconf.d/rhui-lb.conf", "secontext": >> "system_u:object_r:etc_t:s0", "size": 74, "state": "file", "uid": 0} >> amazon-ebs: to retry, use: --limit >> @/workdir/Ansible/playbooks/common/Configure_Base_Linux.retry >> amazon-ebs: >> amazon-ebs: PLAY RECAP >> ********************************************************************* >> amazon-ebs: default : ok=6 changed=3 >> unreachable=0 failed=1 >> amazon-ebs: >> ==> amazon-ebs: Terminating the source AWS instance... >> ==> amazon-ebs: Cleaning up any extra volumes... >> ==> amazon-ebs: No volumes to clean up, skipping >> ==> amazon-ebs: Deleting temporary security group... >> ==> amazon-ebs: Deleting temporary keypair... >> Build 'amazon-ebs' errored: Error executing Ansible: Non-zero exit >> status: exit status 2 >> >> -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/190feb58-ebbc-4281-95f4-de10fffa9629%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/190feb58-ebbc-4281-95f4-de10fffa9629%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- *Thank you, * *Jason Yu* | *Development Operations Engineer* | Avery Products 50 Pointe Drive, Brea, CA 92821 |(O)714.674.8422 [email protected] <[email protected]> -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAGezk2GkN%3D3t39TvBFuB_f3TqghN4pkgJHyTP_u2d80hebmnOg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
