Deployment Failed With Permission Denied when /tmp is mounted with noexec flag
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Triaged
|
High
|
Unassigned |
Bug Description
Description
===========
Deployment failed with permission denied error during executing TASK [tripleo-
```
[Errno 13] Permission denied: '/tmp/ansible-
```
Actually exec permission bit of the python script mentioned in the error message is well configured, but the `/tmp` is mounted with `noexec` flag on my Undercloud because of security requirement, so it's not executable.
```
$ mount | grep /tmp
tmpfs on /tmp type tmpfs (rw,nosuid,
```
Steps to reproduce
==================
1. mount /tmp with `noexec` flag
2. openstack deploy.
Expected result
===============
Deployed successfully.
Actual result
=============
Failed.
Environment
===========
OSP16
Logs & Configs
==============
```
2020-09-23 21:58:41,709 p=303 u=mistral | TASK [tripleo-
2020-09-23 21:58:41,710 p=303 u=mistral | Wednesday 23 September 2020 21:58:41 +0800 (0:00:02.169) 1:05:18.181 ***
2020-09-23 21:58:41,849 p=303 u=mistral | included: /usr/share/
2020-09-23 21:58:41,930 p=303 u=mistral | TASK [tripleo-
2020-09-23 21:58:41,931 p=303 u=mistral | Wednesday 23 September 2020 21:58:41 +0800 (0:00:00.220) 1:05:18.402 ***
2020-09-23 21:58:42,925 p=303 u=mistral | changed: [undercloud] => (item=admin) => {"ansible_job_id": "764312968366.
2020-09-23 21:58:43,640 p=303 u=mistral | changed: [undercloud] => (item=service) => {"ansible_job_id": "400271196630.
2020-09-23 21:58:43,734 p=303 u=mistral | TASK [tripleo-
2020-09-23 21:58:43,734 p=303 u=mistral | Wednesday 23 September 2020 21:58:43 +0800 (0:00:01.803) 1:05:20.206 ***
2020-09-23 21:58:44,158 p=303 u=mistral | failed: [undercloud] (item={'started': 1, 'finished': 0, 'ansible_job_id': '764312968366.
2020-09-23 21:58:44,413 p=303 u=mistral | failed: [undercloud] (item={'started': 1, 'finished': 0, 'ansible_job_id': '400271196630.
```
summary: |
- Ansible Task Permission Denied when /tmp is mounted with noexec flag + Ansible Task Failed With Permission Denied when /tmp is mounted with + noexec flag |
tags: | added: tripleo |
tags: | added: tripleo-common |
summary: |
- Ansible Task Failed With Permission Denied when /tmp is mounted with + Deployment Failed With Permission Denied when /tmp is mounted with noexec flag |
description: | updated |
Changed in tripleo: | |
status: | New → Triaged |
importance: | Undecided → High |
milestone: | none → victoria-rc1 |
Changed in tripleo: | |
milestone: | victoria-rc1 → wallaby-1 |
Changed in tripleo: | |
milestone: | wallaby-1 → wallaby-2 |
Changed in tripleo: | |
milestone: | wallaby-2 → wallaby-3 |
Changed in tripleo: | |
milestone: | wallaby-3 → wallaby-rc1 |
Changed in tripleo: | |
milestone: | wallaby-rc1 → xena-1 |
Changed in tripleo: | |
milestone: | xena-1 → xena-2 |
Changed in tripleo: | |
milestone: | xena-2 → xena-3 |
I found that the `ansible_ remote_ tmp` is set as `/tmp/ansible- ${USER} ` for fixing an issue.
https:/ /review. opendev. org/#/c/ 577544
As far as I know the variable(in the `inventory.yaml`) takes the highest precedence for ansible configuration, so I guess there is no way I can override it? Is that possible to make `ansible_ remote_ tmp` configurable or add a condition for covering the `noexec` corner case?