[Buildbot] #3576: docs.buildbot.net is not up to date
Buildbot trac
trac at buildbot.net
Tue Jul 5 17:21:50 UTC 2016
#3576: docs.buildbot.net is not up to date
--------------------+-----------------------
Reporter: tardyp | Owner: dustin
Type: defect | Status: assigned
Priority: blocker | Milestone: 0.9.0
Version: master | Resolution:
Keywords: |
--------------------+-----------------------
Comment (by skelly):
For some reason, using ansible-playbook directly correctly groups the host
but then fails later on:
{{{
TASK [simple-buildout : Make sure we have an updated copy of the
repository] ***
task path: /usr/home/bbinfra/repo/roles/simple-buildout/tasks/main.yml:2
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: bbinfra
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /tmp/ansible-
tmp-1467738062.41-183164413838624 `" && echo ansible-
tmp-1467738062.41-183164413838624="` echo /tmp/ansible-
tmp-1467738062.41-183164413838624 `" ) && sleep 0'
<localhost> PUT /tmp/tmpPuDAa6 TO /tmp/ansible-
tmp-1467738062.41-183164413838624/git
<localhost> EXEC /bin/sh -c 'chown -R bbuser /tmp/ansible-
tmp-1467738062.41-183164413838624/ && sleep 0'
<localhost> EXEC /bin/sh -c 'setfacl -R -m u:bbuser:rX /tmp/ansible-
tmp-1467738062.41-183164413838624/ && sleep 0'
fatal: [localhost]: FAILED! => {"failed": true, "msg": "Failed to set
permissions on the temporary files Ansible needs to create when becoming
an unprivileged user. For information on working around this, see
https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-
user"}
}}}
Ansible tries to chown to bbuser but that fails because bbinfra can't
change the owner like that. Ansible then tries to use ACLs to restrict
access to the module being executed. This doesn't work on FreeBSD unless
the [http://unix.stackexchange.com/a/188172 acls mount option is used].
[https://github.com/ansible/ansible/blob/v2.1.0.0-1/lib/ansible/plugins/action/__init__.py#L362
Checking the code] and there appears to be a config option to tell Ansible
to ignore the problem. The `allow_world_readable_tmpfiles` option is what
needs to be set.
--
Ticket URL: <http://trac.buildbot.net/ticket/3576#comment:3>
Buildbot <http://buildbot.net/>
Buildbot: build/test automation
More information about the bugs
mailing list