Problem copying a file to remote host with Ansible

Latest response

Good evening,

i have a problem when i try to copy a file to a remote host using Ansible (v.2.7.7).

System Description:
RHEL Server (7.6) with GUI and Ansible installed and RHEL Server (7.6) as the remote host to be configured.

Problem:
Ansible is interrupted with the following error:

TASK [suricata-update single rules file upload] ********************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: If you are using a module and expect the file to exist on the remote, see the remote_src option
fatal: [remote1]: FAILED! => {"changed": false, "msg": "Could not find or access '/var/lib/suricata/suricata.rules' on the Ansible Controller.\nIf you are using a module and expect the file to exist on the remote, see the remote_src option"}

Ansible Task

- name: Suricata installation
  hosts: detection
  become: true
  become_user: root

tasks:
###using suricata-update single rules file
  - name: suricata-update single rules file upload
    copy: src=/var/lib/suricata/suricata.rules
               dest=/etc/suricata/rules/suricata.rules
               remote_src=no
               mode=preserve
    notify: restart suricata

I have tried an alternative way with command and cp but again, it didn't work.

The suricata.files exists under /var/lib/suricata/ folder (root user) and has 744 permissions.

Any help would be appreciated.

Thanks

Responses

Have you checked that the user you are running as on the controller actually has the rights to see files inside the suricata dir?

Yes, that is right as Terje said, the '/var/lib' folder owned by root and the user who is executing the tasks doesn't have permission to copy the file from controller node. You could temporarily move that file to users home (ansible user) directory in the controller node then alter 'src' in the playbook and check if that works.

A short description of my VMs:

VM#1 (guimgmt) users: root, remote, guimgmt (both remote and guimgmt are sudoers)

VM#2 (remote1) users: root, remote (user remote is sudoer)

Actions taken:

1) Moved the suricata.rules file from: '/var/lib/suricata/rules/suricata.rules' ---> ~remote/Desktop/suricata.rules 2) Moved the suricata.rules file from: '/var/lib/suricata/rules/suricata.rules' ---> ~guimgmt/Desktop/suricata.rules

Both ways do not work and i keep receiving the same error as described on initial post.

How it worked: I have chowned everything below /var/lib/suricata/ as follows:

chown -R guimgmt:guimgmt /var/lib/suricata/

Now Ansible is running successfully.

But is this the way it should work? I would expect using "become: true" and "become_user: root" to elevate privileges and perform all actions fully privileged as root.

Yes. Remember that tasks are normally performed by copying python modules over to the target system, and running them there, potentially su-ing to root (becoming root), as in this case. It is not su-ing on the local machine.

What is unusual in your case is that you copy working files from the controllers system. Typically the controller will not have the same services as the target. The normal thing is to put files you want to copy to targets somewhere related to the playbook, in the case of roles it is standardized to be a subdirectory called files.

Yes, that is correct. The 'become' parameter works by elevating the privileges on the remote host not on the controller. In this case, you were trying to copy a file from controller node which is owned by root as another user which is by default not allowed. Hence, after changing the ownership it worked. However, changing the default ownership of /var/lib to non-root user is not a good practice. This is just for your information.

Gents, thank you very much for your answers. I will move the suricata.rules file into the files folder i also have where it has the necessary permissions. I was trying to copy files straight from /var/lib/ which was finally causing that problem. Thanks again!

Ansible: 2.9.13 I'm facing the issue/error "msg": "Could not find or access '/tmp/packages/installer.zip' on the Ansible Controller.\nIf you are using a module and expect the file to exist on the remote, see the remote_src option"

I've placed the file in '/tmp' folder and the permission on directory and sub-directories is 777. The file as-well has 777 permission scheme but still facing the error

i having the same issue,trying copy a file from ansible controller to remote machine, but did not work. though it is on ansible controller. file permssion is fine. what is the issue then?

TASK [update-local-autohome : copy temp_File to remote] *********************** An exception occurred during task execution. To see the full traceback, use -vvv. The error was: If you are using a module and expect the file to exist on the remote, see the remote_src option fatal: [sddvvrwm081]: FAILED! => {"changed": false, "msg": "Could not find or access '/tmp/auto.home_47969_sddvvrwm081' on the Ansible Controller.\nIf you are using a module and expect the file to exist on the remote, see the remote_src option"}

Did anyone get a resolution to this, seeing the same issue. The code is the same but a copy module task that works on Ansible (2.9.6) / AWX (AWX 9.3.0) does not work on Tower 3.8.3 / Ansible (ansible 2.9.20) ??