CODEWITHSUNDEEP
ansiblevagrant
Ryan.Bartsch
Ryan.Bartsch

Reputation: 4190

Issue with ansible copying file

I'm trying to provision a local kubernetes cluster using Vagrant (v2.1.2) and VirtualBox (v5.2.20).

My Vagrantfile uses the ansible_local provisioner to run some ansible playbooks to provision a K8s cluster using kubeadm.

This was all working perfectly a few months back when I ran this, but it's not working anymore. Not sure why it stopped working, but the ansible playbook for the master node fails when I trying to copy the kube config to the vagrant users home dir.

The ansible task that fails is as follows:

- name: Copy kubeconfig for vagrant user
  copy:
     src: /etc/kubernetes/admin.conf
     dest: /home/vagrant/.kube/
     owner: vagrant
     group: vagrant

This is causing the following error: fatal: [master1]: FAILED! => {"msg": "an error occurred while trying to read the file '/etc/kubernetes/admin.conf': [Errno 13] Permission denied: '/etc/kubernetes/admin.conf'"}

The src file does exist. If I ssh into the VM after the failure, I can copy the file with sudo cp /etc/kubernetes/admin.conf /home/vagrant/, but the failure above causes the vagrant provisioning to fail/halt.

FYI., I've tried a few combinatons of things at the play and task levels e.g. become: true, remote_user: root e.g.

---
- hosts: all
  become: true
  tasks:
  ...

... but to no avail.

permissions on admin.conf are as follows:

vagrant@master1:/etc/kubernetes$ ls -al admin.conf
-rw------- 1 root root 5453 Aug  5 14:07 admin.conf

Full master-playbook.yml can be found here.

How do I get ansible to copy the file?

Upvotes: 2

Views: 3055

Answers (1)

Vladimir Botka
Vladimir Botka

Reputation: 67984

Quoting from copy

src Local path to a file to copy to the remote server.

The play failed because the user who is running the ansible playbook can't read the file at the controller (local path)

permission denied: '/etc/kubernetes/admin.conf'

Use remote_src: yes

remote_src If yes it will go to the remote/target machine for the src

- name: Copy kubeconfig for vagrant user
  copy:
     remote_src: yes
     src: /etc/kubernetes/admin.conf
     dest: /home/vagrant/.kube/
     owner: vagrant
     group: vagrant

From the comment, this seems to be what you want to do

"The src file does exist. If I ssh into the VM after the failure, I can copy the file with sudo cp /etc/kubernetes/admin.conf /home/vagrant/"

This should work if the remote_user at VM is allowed to sudo su and escalation is properly set

- hosts: all
  become: yes
  become_user: root
  become_method: sudo

It would be not enough to allow the remote_user sudo cp only. See Can’t limit escalation to certain commands

Privilege escalation permissions have to be general. Ansible does not always use a specific command to do something but runs modules (code) from a temporary file name which changes every time. If you have ‘/sbin/service’ or ‘/bin/chmod’ as the allowed commands this will fail ...

Upvotes: 4

Related Questions