Ansible cannot copy a file. Probably permissions

Question

I want to copy a new certificate to Proxmox with Ansible.

My setup

.ssh/config is modified so ssh machine will log in with root.

scp /Users/dir/key.pem /etc/pve/nodes/machine/pve-ssl.key works fine.

Problem

Ansible fails. I'm running this on an up-to-date macbook. ansible --version is ansible 2.2.1.0.

machine.yml

- hosts: machines
  vars:
    ca_dir: /Users/dir/

  - name: copy a pve-ssl.key
    copy:
      src="{{ ca_dir }}/key.pem"
      dest=/etc/pve/nodes/machine/pve-ssl.key

Permissions?

This works fine:

- hosts: machines
  vars:
    ca_dir: /Users/dir/

  - name: copy a pve-ssl.key
    copy:
      src="{{ ca_dir }}/key.pem"
      dest=/root/pve-ssl.key

So it's a permissions problem, but why. Ansible is entering my machine with root - ansible machine -m shell -a 'who'.

Probably something to do with group permissions, since

$ ls -la /etc/pve/nodes/machine/
drwxr-xr-x 2 root www-data    0 Feb 26 01:35 .
[...]
$ ls -la /root
drwx------  5 root root  4096 Feb 26 12:09 .
[...]

How can I copy the file with ansible?

Answer 1

• If the question is "what is the problem?" then the answer is:

  It's because of the /dev/fuse filesystem mounted on /etc/pve (Ansible just cannot move the file from /tmp to the branch of /etc/pve, just like a simple mv /tmp/file /etc/pve command fails).

• If the question is "how to deal with the problem?" then:

  Copy the files elsewhere (/home/user) with Ansible and then copy the files using the command module on Proxmox and delete the originals.

Answer 2

You could also first touch the file and then copy it:

- name: touch empty file
  file:
    path: /etc/pve/nodes/machine/pve-ssl.key
    state: touch

- name: copy a pve-ssl.key
        copy:
          src: "{{ ca_dir }}/key.pem"
          dest: /etc/pve/nodes/machine/pve-ssl.key