How can I use Ansible when I only have read-only access?

Question

I am using Ansible to automate some network troubleshooting tasks, but when I try to ping all my devices as a sanity check I get the following error:

"msg": "Authentication or permission failure. In some cases, you may have been able to authenticate and did not have permissions on the remote directory. Consider changing the remote temp path in ansible.cfg to a path rooted in \"/tmp\".

When I run the command in Ansible verbose mode, right before this error I get the following output:

<10.25.100.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "echo Cmd exec error./.ansible/tmp/ansible-tmp-1500330345.12-194265391907358" && echo ansible-tmp-1500330345.12-194265391907358="echo Cmd exec error./.ansible/tmp/ansible-tmp-1500330345.12-194265391907358" ) && sleep 0'

I am an intern and thus only have read-only access to all devices; therefore, I believe the error is occurring because of the mkdir command. My two questions are thus:

1) Is there anyway to configure Ansible to not create any temp files on the devices?

2) Is there some other factor that may be causing this error that I might have missed?

I have tried searching through the Ansible documentation for any relevant configurations, but I do not have much experience working with Ansible so I have been unable to find anything.

Answer 1

If someone have multiple nodes and sudo permission, and you want to bypass Read Only restriction, try to use raw module, to remount disk, on remoute node with raed/write option, it was helful for me.

Playbook example:

---
- hosts: bs
  gather_facts: no
  pre_tasks:
    - name: read/write
      raw: ansible bs -m raw -a "mount -o remount,rw /" -b --vault-password-file=vault.txt
      delegate_to: localhost
  tasks:
    - name: dns
      raw: systemctl restart dnsmasq
    - name: read only
      raw: mount -o remount,ro /

Answer 2

The question does not make sense in a broader context. Ansible is a tool for server configuration automation. Without write access you can't configure anything on the target machine, so there is no use case for Ansible.

In a narrower context, although you did not post any code, you seem to be trying to ping the target server. Ansible ping module is not an ICMP ping. Instead, it is a component which connects to the target server, transfers Python scripts and runs them. The scripts produce a response which means the target system meets minimal requirements to run Ansible modules.

However you seem to want to run a regular ping command using Ansible command module on your control machine and check the status:

- hosts: localhost
  vars:
    target_host: 192.168.1.1
  tasks:
    - command: ping {{ target_host }}

You might want to play with failed_when, ignore_errors, or changed_when parameters. See Error handling in playbook.

Note, that I suggested running the whole play on localhost, because in your configuration, it doesn't make sense to configure the target machines to which you have limited access rights in the inventory.

---

Additionally:

Is there anyway to configure Ansible to not create any temp files on the devices?

Yes. Running commands through raw module will not create temporary files.

As you seem to have an SSH access, you can use it to run a command and check its result:

- hosts: 192.168.1.1
  tasks:
    - raw: echo Hello World
      register: echo
    - debug:
        var: echo.stdout