ansible.errors.AnsibleError: Unable to create local directories(/.ansible/tmp): [Errno 13] Permission denied: b'/.ansible'

Question

I'm running Ansible in a container and getting:

ansible-playbook --version
Unhandled error:
 Traceback (most recent call last):
  File "/usr/local/lib/python3.8/dist-packages/ansible/utils/path.py", line 85, in makedirs_safe
    os.makedirs(b_rpath, mode)
  File "/usr/lib/python3.8/os.py", line 213, in makedirs
    makedirs(head, exist_ok=exist_ok)
  File "/usr/lib/python3.8/os.py", line 223, in makedirs
    mkdir(name, mode)
PermissionError: [Errno 13] Permission denied: b'/.ansible'

and more errors including

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/bin/ansible-playbook", line 62, in <module>
    import ansible.constants as C
  File "/usr/local/lib/python3.8/dist-packages/ansible/constants.py", line 174, in <module>
    config = ConfigManager()
  File "/usr/local/lib/python3.8/dist-packages/ansible/config/manager.py", line 291, in __init__
    self.update_config_data()
  File "/usr/local/lib/python3.8/dist-packages/ansible/config/manager.py", line 571, in update_config_data
    raise AnsibleError("Invalid settings supplied for %s: %s\n" % (config, to_native(e)), orig_exc=e)
ansible.errors.AnsibleError: Invalid settings supplied for DEFAULT_LOCAL_TMP: Unable to create local directories(/.ansible/tmp): [Errno 13] Permission denied: b'/.ansible'

This is the Dockerfile I'm using:

FROM ubuntu

ENV ANSIBLE_VERSION 2.9.9

# Install Ansible.
RUN apt-get update && apt-get install -y curl unzip ca-certificates python3 python3-pip \
    && pip3 install ansible==${ANSIBLE_VERSION} \
    && apt-get clean all
    
# Define default command.
CMD ["/usr/bin/bash"]

This works locally. But it does not inside a docker container in EKS.

Any idea what's wrong?

Answer 1

This happened to me on and off (unsure why it worked sometimes and other times didn't) - I am using Jenkins via Helm chart and was using an alpine based image as my runner/job.

I would intermittently get this error:

[Errno 13] Permission denied: '/home/jenkins/ansible-local-25xw3gv2wo'.

I did some digging/debugging and noticed that my /etc/password did not match my docker image/build container being used when run by jenkins. When jenkins used my custom container image, it would have it's own /etc/password overwrite my own. In that file, jenkins user was no longer there and HOME was shown as

HOME=/

Explicitly setting home directory or ansible_tmp directory via env variable or other means would not work. I was able to get around this bug/issue by switching to a debian based slim image instead of an alpine one. From what I can tell so far, it appears to be bug with jenkins and side car/jnlp container working with alpine job/run time containers.

OLD Dockerfile - alpine based image runner having issues with jobs in jenkins

# debian based default
FROM python:3.11.3 as builder

WORKDIR /opt

RUN /usr/local/bin/python3 -m venv venv/ &&\
    /opt/venv/bin/pip install pip --upgrade && \
    /opt/venv/bin/pip install ansible

# Note - for some reason, when I use alpine base for jenkins - it replaces /etc/passwd with it's own and has permission issue
# - It sets HOME to "/" - causing the issue, doesn't change with env or flags even if you set them
FROM python:alpine

RUN apk update && apk upgrade

RUN apk add git openssh

RUN adduser -D -s /bin/ash -u 1000 jenkins && \
    mkdir -p /opt/venv

ENV PATH="/opt/venv/bin:$PATH"

COPY --from=builder /opt/venv/ /opt/venv

USER jenkins

New image based on debian slim that does not run into the issue

# debian based default
FROM python:3.11.4-slim as builder

RUN apt -y update && apt -y upgrade

RUN apt install -y git openssh-client

RUN /usr/local/bin/python3 -m pip install pip --upgrade && \
    /usr/local/bin/python3 -m pip install ansible

RUN useradd --shell /bin/bash --create-home -u 1000 jenkins

WORKDIR /home/jenkins

USER jenkins

Answer 2

Following this thread, I have solved it successfully.

https://stackoverflow.com/a/35180089/17758190

I have edited ansible.cfg in your ansible remote_tmp = /tmp/.ansible/tmp

Answer 3

I was having the same problem. I am running Jenkins in a docker container. I tried three different GitHub ansible images. None of that mattered. What worked was changing this ...

        stage('Execute AD Hoc Ansible.') {
            steps {
                script {
                    sh """
                    ansible ${PATTERN} -i ${INVENTORY} -l "${LIMIT}" -m ${MODULE} -a ${DASH_A} ${EXTRA_PARAMS}
                    """
                }
            }
        }

... to this ...

        stage('Execute AD Hoc Ansible.') {
            steps {
                script {
                    env.DEFAULT_LOCAL_TMP = env.WORKSPACE_TMP
                    env.HOME = env.WORKSPACE

                    sh """
                    ansible ${PATTERN} -i ${INVENTORY} -l "${LIMIT}" -m ${MODULE} -a ${DASH_A} ${EXTRA_PARAMS}
                    """
                }
            }
        }

Note I had to set env vars with these lines:

                    env.DEFAULT_LOCAL_TMP = env.WORKSPACE_TMP
                    env.HOME = env.WORKSPACE