CODEWITHSUNDEEP
ansible
user4948798
user4948798

Reputation: 2086

OSError: [Errno 1] Operation not permitted in ansible

From my CentOS(Ansible controller host) trying to run below playbook.

Ansible version:-

$ ansible --version
ansible 2.9.21
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.6/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.6.8 (default, Aug 24 2020, 17:57:11) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]

    ---
    - hosts: pro-server
      become: yes
      remote_user: root
      tasks:
        - name: Set authorized key taken from file
          ansible.posix.authorized_key:
            user: root
            state: present
            key: "{{ lookup('file', '/root/.ssh/id_rsa.pub') }}"

It fails with below error.

$ ansible-playbook -i hosts add-ssh-key.yml

PLAY [pro-server] ****************************************************************************************************************************************

TASK [Gathering Facts] ****************************************************************************************************************************************
ok: [50.51.52.24]

TASK [Set authorized key taken from file] ********************************************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: OSError: [Errno 1] Operation not permitted
fatal: [50.51.52.24]: FAILED! => {"changed": false, "msg": "Unable to make /tmp/tmp73HusP into to /root/.ssh/authorized_keys, failed final rename from /root/.ssh/.ansible_tmpy4MPxlauthorized_keys: [Errno 1] Operation not permitted"}

PLAY RECAP ****************************************************************************************************************************************************
50.51.52.24             : ok=1    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

added the following to /etc/ansible/ansible.cfg. However still same problem persists.

allow_world_readable_tmpfiles = True

Any pointer to solve this problem will be helpful. Thank you.

Upvotes: 2

Views: 6485

Answers (1)

toydarian
toydarian

Reputation: 4554

As discussed in the comments, the problem is an 'a' attribute set on the authorized_keys file.
From man chattr:

A file with the 'a' attribute set can only be open in append mode for writing. Only the superuser or a process possessing the CAP_LINUX_IMMUTABLE capability can set or clear this attribute.

This can be fixed using the file module:

- name: make sure the 'a' attribute is removed from the authorized_keys-file
  file:
    path: '/root/.ssh/authorized_keys'
    attributes: '-a'

Upvotes: 1

Related Questions