Update: If you can escalate the privilege to root on localhost master the solution is to set remote_src: true
(credit @ivandov)
- copy:
become: true
become_user: root
src: /d/
dest: /dest/d/
mode: '0644'
remote_src: true
become: true
become_user: root
The below details describe the case when you're not able to escalate to root on masterlocalhost. Given the file on masterlocalhost
- copy:
become: true
become: root
src: /tmp/test/d/
dest: /tmp/test/dest/
become: true
become_user: root
First, it tries to read the file and fails
By default, module copy copies files from src (local path to a file to copy to the remote server) to dest (remote absolute path where the file should be copied to). In this case, become: true
means Ansible escalates privilege inon the remote host, but not inon the locallocalhost master. Despite the fact that the task is running inon localhost, i.e. both master and the remote host isare localhost,without without remote_src: true
the setting become: true
will applyapplies only to writing the file not to reading it. If you can't escalate to root on the localhost setting remote_src: true
- copy:
src: /tmp/test/d/
dest: /tmp/test/dest/
remote_src: true
become: true
become_user: root
will fail
fatal: [localhost]: FAILED! => changed=false ansible_facts: discovered_interpreter_python: /usr/bin/python3 module_stderr: |- sudo: a password is required module_stdout: '' msg: |- MODULE FAILURE See stdout/stderr for the exact error rc: 1
A: Without the escalation to the root, there is no workaround. It would violate the ownership and permissions of the files. For example, given the file at the controller
theThe playbook below was started by an unprivileged user
The solutionsIf you can't escalate to root on the localhost master the solution is to make the file readable for the user running the playbook.