Re: [ansible-project] validation command privilege issue

fusillator Tue, 05 Mar 2019 15:09:00 -0800

Unfortunately this morning I was in a hurry, and I posted the latest test 
with the useless sudo


Anyway I tried again getting the same error:

$ cat roles/monit_install/tasks/main.yml 
- name: copy configuration file
  template:
    mode: 0600
    dest: /etc/monitrc
    src: monitrc.j2
    validate: /usr/bin/monit -c %s -t 
$ ansible-playbook monit_install.yml --become --ask-become-pass
SUDO password: 

PLAY [server2] 
****************************************************************************************************************************************************************************************************************************************************************

TASK [Gathering Facts] 
********************************************************************************************************************************************************************************************************************************************************
ok: [server2]

TASK [monit_install : copy configuration file] 
********************************************************************************************************************************************************************************************************************************
fatal: [server2]: FAILED! => {"changed": false, "checksum": 
"435dbc73eaa2ccd4efd4c442e75e59e080088c02", "exit_status": 1, "msg": 
"failed to validate", "stderr": "The control file 
'/home/fusillator/.ansible/tmp/ansible-tmp-1551826763.1-47158502331153/source' 
must be owned by you.\n", "stderr_lines": ["The control file 
'/home/fusillator/.ansible/tmp/ansible-tmp-1551826763.1-47158502331153/source' 
must be owned by you."], "stdout": "", "stdout_lines": []}
    to retry, use: --limit 
@/home/fusillator/Code/ansible/monit_install.retry

PLAY RECAP 
********************************************************************************************************************************************************************************************************************************************************************
server2                    : ok=1    changed=0    unreachable=0    
failed=1   

whereas the validation of the same file succeded using the user root: 

$ ansible-playbook monit_install.yml -u root -k
SSH password: 

PLAY [server2] 
****************************************************************************************************************************************************************************************************************************************************************

TASK [Gathering Facts] 
********************************************************************************************************************************************************************************************************************************************************
ok: [server2]

TASK [monit_install : copy configuration file] 
********************************************************************************************************************************************************************************************************************************
changed: [server2]

PLAY RECAP 
********************************************************************************************************************************************************************************************************************************************************************
server2                    : ok=2    changed=1    unreachable=0    
failed=0   

Should I open a bug?
Do I miss something?

Thanks 

Luca 

Il giorno martedì 5 marzo 2019 22:40:23 UTC+1, Kai Stian Olstad ha scritto:
>
> On 05.03.2019 11:47, fusillator wrote: 
> > Hi all, I've a very simple role to copy and validate a monit 
> configuration 
> > file 
> > 
> > cat roles/monit_install/tasks/main.yml 
> > - name: copy configuration file 
> >    template: 
> >      mode: 0600 
> >      dest: /etc/monitrc 
> >      src: monitrc.j2 
> >      validate: /usr/bin/sudo /usr/bin/monit -c %s -t 
> > 
>
> <snip /> 
>
> > but it fails when I try to launch it with sudo/become as follows: 
> > (after having removed the file monitrc on server2) 
> > 
> > $ ansible-playbook monit_install.yml --become --ask-become-pass 
> > SUDO password: 
>
> Since you are running the whole playbook with become/sudo there is no need 
> to have sudo in the validate. 
>
> -- 
> Kai Stian Olstad 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/c9356342-89e7-4804-9735-697b6519d1dc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] validation command privilege issue

Reply via email to