Create files on mounted CIFS on Ansible Automation Platform failed with [Errno 13] Permission denied

Solution Verified - Updated -

Environment

  • Ansible Automation Platform 2.x

Issue

  • Creating files or directories using playbook on mounted CIFS filesystem on Ansible Automation Platform failed with error :
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Error, could not touch target: [Errno 13] Permission denied: b'/share/new_file'", "path": "/share/new_file"}

Resolution

1) Add the mount point to Paths to expose to isolated jobs :
AAP webUI -> Settings -> Jobs settings -> Paths to expose to isolated jobs

"/MOUNT_POINT:/MOUNT_POINT:z"

2) If you will target the AAP using "hosts: localhost" and "connection: local" the following must be applied :

  • Mount the cifs share with owner and group set to awx user and group .
 -o  uid=[AWX UID],gid=[AWX GID]
  • Set the SELinux context when mounting the CIFS :
-o context="system_u:object_r:container_file_t:s0"

So, the mount should be like the following /etc/fstab :

//CIFS_SHARE  /MOUNTPOINT cifs rw,credentials=/CREDENTIALS,uid=[AWX UID],gid=[AWX GID],context="system_u:object_r:container_file_t:s0" 0 0

3) If you will target the AAP using its hostname or IP "hosts: [AAP FQDN or IP] and without "connection: local" :

  • Set the SELinux context when mounting the CIFS share:
-o context="system_u:object_r:container_file_t:s0"

So, the mount should be like the following on /etc/fstab:

//CIFS_SHARE  /MOUNTPOINT cifs rw,credentials=/CREDENTIALS,context="system_u:object_r:container_file_t:s0" 0 0

Root Cause

  • Missing SELinux context on the CIFS mount point.

Diagnostic Steps

  • When running a playbook to create file on mounted CIFS on Ansible Automation Platform , it fails with error :
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Error, could not touch target: [Errno 13] Permission denied: b'/share/new_file'", "path": "/share/new_file"}

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments