Ansible – IOError: [Errno 13] Permission denied:


After spending more than year learning Ansible and Python and doing nothing about it, I have been getting my hands dirty with Ansible yet again. Only this time it will be more aligned to a real world project.

So recently I was testing a playbook to backup Cisco IOS config and used the ios_config module to run a backup and schedule it using Ansible tower.

Just a simple playbook, nothing fancy:

- name: IOS Config Backup
hosts: coresw03
connection: network_cli
gather_facts: no

tasks:
- name: Start Backup
ios_config:
backup: yes

And here’s how the job was configured in Ansible tower:

The ios_config module attempts to write backup file in the backup folder in the playbook root directory. If the directory does not exist, it is created. Because my Ansible tower was installed/setup using the root account (which is required to install Ansible tower) my default project directory was
/var/lib/awx/projects, which is only accessible via root.

Ansible tower was not able to access this directory when executing the playbook and encountered the below error;

The full traceback is:
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/ansible/executor/task_executor.py", line 140, in run
res = self._execute()
File "/usr/lib/python2.7/dist-packages/ansible/executor/task_executor.py", line 612, in _execute
result = self._handler.run(task_vars=variables)
File "/usr/lib/python2.7/dist-packages/ansible/plugins/action/ios_config.py", line 52, in run
result['backup'])
File "/usr/lib/python2.7/dist-packages/ansible/plugins/action/ios_config.py", line 78, in _write_backup
open(filename, 'w').write(contents)
IOError: [Errno 13] Permission denied: u'/var/lib/awx/projects/backup/backup/coresw03_config.2019-04-20@12:29:30'

To solve this problem, I changed the permissions to 1777 for the directory where the backup config was being saved by the ios_config module

chmod
1777 /var/lib/awx/projects/backup/backup

Alternatively, a much simpler option is to store the playbooks in a directory that is less restricted and has the correct permissions. :)

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s