CODEWITHSUNDEEP
amazon-web-servicesansible
Ajeet Khan
Ajeet Khan

Reputation: 9210

Authentication or permission failure, did not have permissions on the remote directory

I am using ansijet to automate the ansible playbook to be run on a button click. The playbook is to stop the running instances on AWS. If run, manually from command-line, the playbook runs well and do the tasks. But when run through the web interface of ansijet, following error is encountered

Authentication or permission failure.  In some cases, you may have been able to authenticate and did not have permissions on the remote directory. Consider changing the remote temp path in ansible.cfg to a path rooted in "/tmp". Failed command was: mkdir -p $HOME/.ansible/tmp/ansible-tmp-1390414200.76-192986604554742 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1390414200.76-192986604554742 && echo $HOME/.ansible/tmp/ansible-tmp-1390414200.76-192986604554742, exited with result 1:

Following is the ansible.cfg configuration.

# some basic default values...

inventory      = /etc/ansible/hosts
#library        = /usr/share/my_modules/
remote_tmp     = $HOME/.ansible/tmp/
pattern        = *
forks          = 5
poll_interval  = 15
sudo_user      = root
#ask_sudo_pass = True
#ask_pass      = True
transport      = smart
#remote_port    = 22
module_lang    = C

I try to change the remote_tmp path to /home/ubuntu/.ansible/tmp But still getting the same error.

Upvotes: 20

Views: 69771

Answers (8)

Nick Lanham
Nick Lanham

Reputation: 1

In my case, I realized I triggered this error inadvertently by SSH'ing to the droplet. Upon connecting, I was prompted to enter the current root password to change the root password, but I did not know it. I disconnected and thought nothing of it

$ ssh -i ~/.ssh/digitalocean [email protected]
You are required to change your password immediately (administrator enforced).
You are required to change your password immediately (administrator enforced).
Welcome to Ubuntu 23.10 (GNU/Linux 6.5.0-10-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

  System information as of Wed Nov  8 00:20:41 UTC 2023

  System load:  0.82              Processes:             96
  Usage of /:   8.5% of 23.17GB   Users logged in:       0
  Memory usage: 21%               IPv4 address for eth0: 67.205.165.127
  Swap usage:   0%                IPv4 address for eth0: 10.10.0.5

2 updates can be applied immediately.
To see these additional updates run: apt list --upgradable


Last login: Wed Nov  8 00:06:19 2023 from 98.118.8.22
Changing password for root.
Current password:

Then the error happened-

Authentication or permission failure.  In some cases, you may have been able to authenticate and did not have permissions on the remote directory. Consider changing the remote temp path in ansible.cfg to a path rooted in "/tmp". Failed command was: mkdir -p $HOME/.ansible/tmp/ansible-tmp-1390414200.76-192986604554742 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1390414200.76-192986604554742 && echo $HOME/.ansible/tmp/ansible-tmp-1390414200.76-192986604554742, exited with result 1:

FIX:

Fixed by resetting the root password for that droplet host in the digitalocean UI. DO sent me a temporary password which I used to login via SSH and do the "required" password change. This resolved the error.

Upvotes: 0

bulatzamilov
bulatzamilov

Reputation: 1241

If you use docker as a driver, the containers should

  1. exist
  2. be named as you stated in your inventory
  3. be in the running state

when you're executing your playbook

Upvotes: 0

Olivia Brown
Olivia Brown

Reputation: 31

For me, the default password for the user had expired and I had to change it. I was able to see this was the problem by adding -vvv to the command I was running.

Upvotes: 0

Sonal
Sonal

Reputation: 689

This could happen mainly because on the Remote Server, there is no home directory present for the user.

The following steps resolved the issue for me -

  1. Log into the remote server

  2. switch to root

  3. If the user is linux_user from which Host (in my case Ansible) is trying to connect , then run following commands

    mkdir /home/linux_user

    chown linux_user:linux_user /home/linux_user

Upvotes: 0

Jaison
Jaison

Reputation: 1

Check the ansible user on the remote / client machine as this error occurs when the ansible user password expires on the remote / client machine.

==========
'WARNING: Your password has expired.\nPassword change required but no TTY available.\n')
<*.*.*.*> Failed to connect to the host via ssh: WARNING: Your password has expired.
Password change required but no TTY available.

Actual error : 

host_name | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to create temporary directory.In some cases, you may have been able to authenticate and did not have permissions on the target directory. Consider changing the remote tmp path in ansible.cfg to a path rooted in \"/tmp\", for more error information use -vvv. Failed command was: ( umask 77 && mkdir -p \"` echo /tmp/ansible-$USER `\"&& mkdir /tmp/ansible-$USER/ansible-tmp-1655256382.78-15189-162690599720687 && echo ansible-tmp-1655256382.78-15189-162690599720687=\"` echo /tmp/ansible-$USER/ansible-tmp-1655256382.78-15189-162690599720687 `\" ), exited with result 1",
    "unreachable": true
===========

Upvotes: 0

Angus
Angus

Reputation: 106

In my case I needed to login to the server for the first time and change the default password.

Upvotes: 0

Ankit Kulkarni
Ankit Kulkarni

Reputation: 1345

I faced the same problem a while ago and solved like this . The possible case is that either the remote server's /tmp directory did not have enough permission to write . Run the ls -ld /tmp command to make sure its output looks something like this drwxrwxrwt 7 root root 20480 Feb 4 14:18 /tmp I have root user as super user and /tmp has 1777 permission .

Also for me simply - remote_tmp = /tmp worked well.

Another check would be to make sure $HOME is present from the shell which you are trying to run . Ansible runs commands via /bin/sh shell and not /bin/bash.Make sure that $HOME is present in sh shell .

Upvotes: 1

Dave Snigier
Dave Snigier

Reputation: 2613

By default, the user Ansible connects to remote servers as will be the same name as the user ansible runs as. In the case of Ansijet, it will try to connect to remote servers with whatever user started Ansijet's node.js process. You can override this by specifying the remote_user in a playbook or globally in the ansible.cfg file.

Ansible will try to create the temp directory if it doesn't already exist, but will be unable to if that user does not have a home directory or if their home directory permissions do not allow them write access.

I actually changed the temp directory in my ansible.cfg file to point to a location in /tmp which works around these sorts of issues.

remote_tmp = /tmp/.ansible-${USER}/tmp

Upvotes: 20

Related Questions