Ansible check file problem

Share the permissions and ownership(user and group) of the entire directory structure of "/opt/local" and your remote user, that way I can replicate your situation. Because there is no way in hell that the stat module is the problem because I am using the same Debian version and Ansible version as you on my test system where I am running your playbook.

As for the permissions:

directory that works. Let's say /opt/local/foo

Code:
stat .
  File: .
  Size: 4096            Blocks: 8          IO Block: 4096   directory
Device: fd18h/64792d    Inode: 557058      Links: 4
Access: (0770/drwxrwx---)  Uid: (  853/User2)   Gid: (  850/ Group1)
Context: system_u:object_r:usr_t:s0
Access: 2024-11-06 15:24:23.973268026 +0100
Modify: 2021-03-24 10:04:25.148307347 +0100
Change: 2023-04-09 13:09:17.336998791 +0200
 Birth: 2020-07-01 12:46:57.881937656 +0200

directory that doesn't work (one level below). Let's say /opt/local/foo/bar

Code:
stat .
  File: .
  Size: 4096            Blocks: 8          IO Block: 4096   directory
Device: fd18h/64792d    Inode: 557059      Links: 6
Access: (0770/drwxrwx---)  Uid: (  853/User2)   Gid: (  850/ Group1)
Context: system_u:object_r:usr_t:s0
Access: 2024-11-06 15:24:33.201335948 +0100
Modify: 2024-10-26 08:03:54.937978797 +0200
Change: 2024-10-26 08:03:54.937978797 +0200
 Birth: 2020-07-08 09:25:39.122989991 +0200

I am running the playbook as another user (user1). But the permissions are the same for both directories to me...

Thanks!
 


I'll look at that later, but in short:
  • The directory foo is owned by User2/Group1 with 0770 permissions
  • The directory bar is owned by User2/Group1 with 0770 permissions
  • How about /opt/local?
Also have a look at my #20 reply, I updated it, what happens when you try that?
 
Hi @f33dm3bits ,

/opt/local has the following permissions

Code:
Size: 4096            Blocks: 8          IO Block: 4096   directory
Device: fd03h/64771d    Inode: 8198        Links: 3
Access: (0755/drwxr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
Context: system_u:object_r:usr_t:s0
Access: 2024-11-06 13:03:53.173197485 +0100
Modify: 2020-04-15 10:57:09.181544222 +0200
Change: 2023-04-09 13:09:14.768998947 +0200
 Birth: 2020-04-15 10:57:09.181544222 +0200
Also have a look at my #20 reply, I updated it, what happens when you try that?

I tried it and now it worked! Even after, I removed the "Create missing directory" task and the playbook returns true, reporting that the directory indeed exists.

What is the issue here?

Thanks!
 
I tried it and now it worked! Even after, I removed the "Create missing directory" task and the playbook returns true, reporting that the directory indeed exists.

What is the issue here?

Thanks!
I haven't had time to test it out yet with the same permission setup, but my guess right now would be a permission issue.
Code:
- name: Create missing directory
   file:
     path: /opt/local/dir/foo/dir2/dir3
     state: directory
     mode: "0755"
Because with that task I set the permission to 0755, while before it was 0770. Try setting the permissions for the directory to what it was again.
directory: /opt/local/foo/bar
owner: user2
group: group1
mode: 0770
Then run it without the "Create missing directory" task again and see what the result is.
 
Last edited:
Then run it without the "Create missing directory" task again and see what the result is.
If I run it without that task, it works.
But I don't understand why it's needed to change the permissions for it to work. Also, the permissions are the same for the upper level and always succeeds.
 
If I run it without that task, it works.
But I don't understand why it's needed to change the permissions for it to work. Also, the permissions are the same for the upper level and always succeeds.
I meant put the permissions back of the folder you were having trouble with before it was changed by that task. From what you shared it was this before.
directory: /opt/local/foo/bar
owner: user2
group: group1
mode: 0770
Then run your playbook without my added "Create missing directory" task and then see if it happens again?
 
Hi. With the permissions back and without your added "Create missing directory", it works and reports existing file. Good!

However, I have another server with the same file structure and permissions, and it gives me the same error at the same path level. The folder already has 770 permissions, and yet ansible returns it doesn't exist. In this secondary server I have not run your "Create missing directory" yet.

It doesn't make sense to me.
 
However, I have another server with the same file structure and permissions, and it gives me the same error at the same path level. The folder already has 770 permissions, and yet ansible returns it doesn't exist. In this secondary server I have not run your "Create missing directory" yet.
Can you share the permissions and ownerships of that path of that server, ie like this?
Code:
ls -l /opt
ls -l /opt/local
ls -l /opt/local/foo
 
Code:
ls -l /opt/
drwxr-xr-x.  3 root     root      4096 Apr 15  2020 local
ls -l /opt/local
drwxrwxr-x. 7 user2 Group1 4096 May 21  2023 foo
ls -l /opt/local/foo
drwxrwx---. 3 user2 Group1  4096 Jul  1  2020 foo2

and the same goes on for deeper levels.

As for the users/groups:

Code:
getent passwd user1
user1:x:856:850::/home/user1:/bin/bash

getent group 850
User2:x:850:User3,User1
 
As for the users/groups:
What you shared is confusing because you also shared a group for user2, while all user have their own user group. It would be easier if you just shared the passwd entries for the users you are using as test users and then only share the group entrees of the group groups you created, unless you have added users to other users groups.
 
Last edited:
and the same goes on for deeper levels.
These permissions are different from the previous directory structure you shared?

I would just create tarball of the second system of the directory structure(/opt//local) you have so that you have a backup of those directories with permissions. Then manually run "chown 755 -R" on /opt/local, meaning that every user is able to access every directory. After that run your playbook and see if it reports back that it's existing. If it does than you have found the problem and you can then put back the directories from the tarball and the permissions and then work from there.
 
These permissions are different from the previous directory structure you shared?

I would just create tarball of the second system of the directory structure(/opt//local) you have so that you have a backup of those directories with permissions. Then manually run "chown 755 -R" on /opt/local, meaning that every user is able to access every directory. After that run your playbook and see if it reports back that it's existing. If it does than you have found the problem and you can then put back the directories from the tarball and the permissions and then work from there.
The permissions are the same.

I'm afraid I cannot make that test, since I have limited access to the server. I'll continue checking the permissions, since it seems the problem has to do with this.
 
I have several servers with (in theory), the same configuration. So I have run the playbook against 4 of them.
Trying to narrow down the problem, I have found some similarities and differences between those that work as expected and those that don't.
The following data has been retrieved logging into each server via SSH as the same user (user1) that runs the ansible playbook from the control node.

For the pair of servers that ansible reports existing folder.

Code:
Folder permissions: 750
Uid: 853
Gid: 850
getent passwd user1
user1:x:856:850:Application User:/home/user1:/bin/bash
getent group 850
Group850:x:850:
id
uid=856(user1) gid=850(Group850) groups=850(Group850),856(Group856) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

For the pair of servers that ansible reports NON existing folder.

Code:
Folder permissions: 770 (broader permissions)
Uid: 853
Gid: 850
getent passwd user1
user1:x:856:850::/home/user1:/bin/bash
Group850:x:850:user1, (other users)
uid=856(user1) gid=850(Group850) groups=850(Group850),856(Group856) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

Hope this helps to clarify...
 
Hope this helps to clarify...
No this makes it only more confusing. The last thing I would do is just to keep using this task.
Code:
- name: Create missing directory
      file:
        path: /opt/local/dir/foo/dir2/dir3
        state: directory
        mode: "0755"
And play around with the permissions settings, until you replicate it. I have no clear view of what the folder structure, user and group setup so I can't help much. As said before because my "Create missing directory" task with mode 0755 made Ansible see the directory, it makes me think it's some sort of permission thing you are running into. Play around with that or call it a day and just add that task in your playbook as it's not a bad thing to have a task like that in your playbook to make sure a directory has a specific set of permissions and exists before continuing with the other tasks that may depend on it.
 
No this makes it only more confusing. The last thing I would do is just to keep using this task.
Code:
- name: Create missing directory
      file:
        path: /opt/local/dir/foo/dir2/dir3
        state: directory
        mode: "0755"
And play around with the permissions settings, until you replicate it. I have no clear view of what the folder structure, user and group setup so I can't help much. As said before because my "Create missing directory" task with mode 0755 made Ansible see the directory, it makes me think it's some sort of permission thing you are running into. Play around with that or call it a day and just add that task in your playbook as it's not a bad thing to have a task like that in your playbook to make sure a directory has a specific set of permissions and exists before continuing with the other tasks that may depend on it.
I agree with you. Adding such task doesn't harm. Enough time "invested" :)

Thanks a lot!
 


Latest posts

Top