3

I am trying to write an ansible playbook to send certificates to my client machines from my local machine. The error message I get is:

msg": "Could not find or access '/etc/icinga2/pki/clienthostname.crt' on the Ansible Controller.\nIf you are using a module and expect the file to exist on the remote, see the remote_src option"

In the error output I also see this line:

AnsibleFileNotFound(file_name=source, paths=[to_text(p) for p in search]) ansible.errors.AnsibleFileNotFound: Could not find or access '/etc/icinga2/pki/clienthostname.crt' on the Ansible Controller..\nIf you are using a module and expect the file to exist on the remote, see the remote_src option"

I have added both the following to escalate my privileges but nothing has changed. I have also tried adding remote_src to my playbook like the error message suggested and although my playbook does compete without any errors the files are not actually copied over

become: yes | become_user: root

Here is my playbook

name: Send client certificates
hosts: all
become: yes
become_user: root
vars:
        masternode: localhost
        clientnode: "{{ inventory_hostname }}"
tasks:
         -name: Copy files to remote host
          connection: local
          become: yes 
          become_user: root
          copy:
                  src: /etc/icinga2/pki/{{ clientnode }}.crt
                  dest: /etc/icinga2/pki

I have confirmed that I am spelling the directory correctly and the file does exist. As a normal user I cannot access this directory as I get the Permission Denied error, so that is why I have added the become: yes and become_true to my playbook to elevate privileges but I am still getting an error.

Improve this question
0

2 Answers 2

Reset to default
1

Here's the key thing: @Zina comments on another post "regarding become, it elevates privileges on the remote machine and not on the local"

So the problem doesn't lie at the far end, it's at the local (Ansible Controller) end: This doesn't 'become' root and therefore can't read the file to copy. This issue affected me too, trying to copy across a locked-down SSH key file. My workaround is to delegate_to: localhost to slurp the file contents into a variable (it stores this in base64), then write this to the target host,

- hosts: all
  become: true
  vars:
    key_file: /etc/ssl/private/some.key
  tasks:

    - name: Copy webserver key file into memory
      ansible.builtin.slurp:
        src: "{{ key_file }}"
      register: slurped_key_file
      delegate_to: localhost

    - name: Write copy of key file from memory
      ansible.builtin.copy:
        backup: true
        dest: "{{ key_file }}"
        group: root
        mode: 0600
        owner: root
        content: "{{ slurped_key_file['content'] | b64decode }}"

The trick here is that the delegate_to: localhost means that the local machine (Ansible controller) is treated as a remote machine for that stanza, and therefore become: is applied.

Improve this answer
0

Can you give only below and try

src: {{ clientnode }}.crt

What I mean, the files which you want to be copied, if present at same location, don't give the full path.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .