David Lundgren

Web Developer & Systems Administrator

Ansible “Authentication or permission failure.”

I recently upgraded some servers, and on reboot I ran into the peculiar condition where I received the following warning:

fatal: [user] => Authentication or permission failure. In some cases, you
 may have been able to authenticate and did not have permissions on the remote
 directory. Consider changing the remote temp path in ansible.cfg to a path
 rooted in "/tmp". Failed command was: mkdir -p
 $HOME/.ansible/tmp/ansible-tmp-1401973086.25-185293296215162 && echo
 $HOME/.ansible/tmp/ansible-tmp-1401973086.25-185293296215162, exited with
 result 1

I followed the instructions I found on Changing Ansible Temporary Directory, as it has worked for many others. I had to turn on verbose logging but I still couldn’t see the issue. After running the command manually I got the following error

mkdir: cannot create directory '.ansible': Disk quota exceeded`

Basically, when I restarted my servers the grpquota and usrquota commands in /etc/fstab took effect. I’m not sure why they were on as we have restarted these servers on other occasions and they were not there. While I have these servers scheduled for a restart, to remove the quotas, and add noatime, I’ve simply turned off the quotas using quotaoff /

Cleaning up Ansible task formatting

I’ve been using Ansible for the last several years, and I’ve used YAML just as long. Yet a lot of playbooks and tasks for Ansible are often horribly formatted. This causes anger within me, so I want to let others know, that there is a better way.

“Use the YAML, Ansible Writers”

YAML may not be as expressive as other formats, however, as authors of roles and tasks for Ansible we can do better at formatting so that they are readable.

Example of hard to read

- name: download file
  get_url: url=https://raw.githubusercontent.com/some/path/some.file dest=/usr/local/share/some.file

- name: update permissions
  file: path=/usr/local/share/some.file mode="0644"

Example of a more readable version of the above.

- name: download file
    url: https://raw.githubusercontent.com/some/path/some.file
    dest: /usr/local/share/some.file

- name: update permissions
    path: /usr/local/share/some.file
    mode: "0644"

It’s easier to change change /usr/local/share/some.file into "{{ download_file_dest }}" because you don’t have parse the entire line and scroll over in your HEAD!

pure-authd external script failing

I have a PHP script handling authentication for pure-authd, and the problem is that it fails. After a reboot it is still failing. If I log in, restart it manually and monitor the log files, it works. As soon as I log out it fails!

I’ve come to the conclusion that pure-authd doesn’t properly daemonize, and detach from the controlling terminal. PHP was actually using fsockopen to another server and it stopped being able to use DNS because I logged out of the shell.

I ended up switching to the IP of the server. While this is not the ideal solution, it works because internally the IP is a reserved DHCP address for the server, and we shouldn’t be updating the server any time soon.