[BUG] Cannot fetch "gossip encryption key"
HanXHX opened this issue · comments
Hi,
I tried your role with my vagrant setup but it crashes (single node).
$ ansible --version
ansible [core 2.14.2]
config file = None
configured module search path = ['/home/triplestack/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.10/dist-packages/ansible
ansible collection location = /home/triplestack/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/local/bin/ansible
python version = 3.10.6 (main, Mar 10 2023, 10:55:28) [GCC 11.3.0] (/usr/bin/python3)
jinja version = 3.1.2
libyaml = True
vars:
consul_iface: eth1
consul_node_role: server
consul_bootstrap_expect: true
consul_group_name: 'consul'
Raw output:
TASK [consul : Create temporary file to receive gossip encryption key] *********
task path: /home/triplestack/.ansible/roles/consul/tasks/nix.yml:134
changed: [consul1] => {"changed": true, "gid": 0, "group": "root", "mode": "0600", "owner": "root", "path": "/tmp/ansible.eca0g20e", "size": 0, "state": "file", "uid": 0}
TASK [consul : Generate gossip encryption key] *********************************
task path: /home/triplestack/.ansible/roles/consul/tasks/nix.yml:139
changed: [consul1] => {"changed": true, "cmd": "PATH=/usr/local/bin:$PATH consul keygen > /tmp/ansible.eca0g20e", "delta": "0:00:00.020346", "end": "2023-05-19 08:07:09.055333", "msg": "", "rc": 0, "start": "2023-05-19 08:07:09.034987", "stderr": "", "stderr_lines": [], "stdout": "", "stdout_lines": []}
TASK [consul : Fetch key locally to share with other nodes] ********************
task path: /home/triplestack/.ansible/roles/consul/tasks/nix.yml:143
fatal: [consul1]: FAILED! => {"changed": false, "msg": "file is not readable: /tmp/ansible.eca0g20e"}
TASK [consul : Clean up temporary file] ****************************************
task path: /home/triplestack/.ansible/roles/consul/tasks/nix.yml:151
--- before
+++ after
@@ -1,4 +1,4 @@
{
"path": "/tmp/ansible.eca0g20e",
- "state": "file"
+ "state": "absent"
}
changed: [consul1] => {"changed": true, "path": "/tmp/ansible.eca0g20e", "state": "absent"}
I think this due to settings who can fail togethers:
- Log as standard user + become with sudo
- tempfile module is used as root and is not read accessible. But Ansible doc says "In case you need to make them world-accessible you need to use ansible.builtin.file module." => https://github.com/ansible-community/ansible-consul/blob/27ece2ada238ff7cf9293c229eeed19286190e95/tasks/nix.yml#L135
- But fetch module is used with standard user (become = no): https://github.com/ansible-community/ansible-consul/blob/27ece2ada238ff7cf9293c229eeed19286190e95/tasks/nix.yml#L143-L145C17
Cheers,
Emilien
Good point. Sorry, I hadn't noticed this since in my projects I am not including this role with become: true
. See #555.