molecule test seems to ignore ansible.cfg's remote_tmp setting

Question

I am trying to use molecule to test a very basic role.

(venv) [red@jumphost docker-ops]$ cat roles/fake_role/tasks/main.yml
---
# tasks file for fake_role
- name: fake_role | debug remote_tmp
  debug:
    msg: "remote_tmp is {{ remote_tmp | default('not_set') }}"

- name: who am i
  shell:
    cmd: whoami
    register: whoami_output

- name: debug who am i
  debug:
    msg: "{{ whoami_output }}"

This is my molecule.yml:

(venv) [red@jumphost docker-ops]$ cat roles/fake_role/molecule/default/molecule.yml
---
dependency:
  name: galaxy
driver:
  name: docker
# platforms:
#   - name: instance
platforms:
  - name: instance
    image: docker.io/pycontribs/centos:7
    pre_build_image: true
    privileged: true
    volume mounts:
      - "sys/fs/cgroup:/sys/fs/cgroup:rw"
    command: "/usr/sbin/init"
provisioner:
  name: ansible
verifier:
  name: ansible

And when I run ansible version I can see my ansible.cfg is /etc/ansible/ansible.cfg and I set the remote_tmp in it.

(venv) [red@jumphost fake_role]$ ansible --version
/home/red/GIT/venv/lib64/python3.6/site-packages/ansible/parsing/vault/__init__.py:44: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography and will be removed in a future release.
  from cryptography.exceptions import InvalidSignature
ansible [core 2.11.12]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/red/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/red/GIT/venv/lib64/python3.6/site-packages/ansible
  ansible collection location = /home/red/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/russell.cecala/GIT/venv/bin/ansible
  python version = 3.6.8 (default, Oct 19 2021, 05:14:06) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)]
  jinja version = 3.0.3
  libyaml = True
(venv) [red@ajumphost fake_role]$ grep remote_tmp /etc/ansible/ansible.cfg
#remote_tmp     = ~/.ansible/tmp
remote_tmp     = /tmp

When I run ...

(venv) [red@jumphost docker-ops]$ cd roles/fake_role/
(venv) [russell.cecala@jumphost fake_role]$ molecule test

... I get this output ...

... lots of output ...
PLAY [Converge] ****************************************************************

TASK [Include red.fake_role] *****************************************
/home/red/GIT/venv/lib64/python3.6/site-packages/ansible/parsing/vault/__init__.py:44: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography and will be removed in a future release.
  from cryptography.exceptions import InvalidSignature

TASK [brightpattern.fake_role : fake_role | debug remote_tmp] ******************
ok: [instance] => {
    "msg": "remote_tmp is not_set"
}

TASK [red.fake_role : who am i] **************************************
fatal: [instance]: UNREACHABLE! => {"changed": false, "msg": "Failed to create temporary directory.
In some cases, you may have been able to authenticate and did not have permissions on the
target directory. Consider changing the remote tmp path in ansible.cfg to a path rooted 
in \"/tmp\", for more error information use -vvv. Failed command was: 
( umask 77 && mkdir -p \"` echo ~/.ansible/tmp `\"&& mkdir \"` echo ~/.ansible/tmp/ansible-tmp-1668100608.7567627-2234645-21513917172593 `\" && echo ansible-tmp-1668100608.7567627-2234645-21513917172593=\"` echo ~/.ansible/tmp/ansible-tmp-1668100608.7567627-2234645-21513917172593 `\" ), exited with result 1", 
"unreachable": true}

PLAY RECAP *********************************************************************
instance                   : ok=1    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0
... a lot more output ...

Why wasn't remote_tmp set to /tmp?

UPDATE:

Here is my new molecule.yml:

(venv) [red@ap-jumphost fake_role]$ cat molecule/default/molecule.yml
---
dependency:
  name: galaxy
driver:
  name: docker
platforms:
  - name: instance
    image: docker.io/pycontribs/centos:7
    pre_build_image: true
    privileged: true
    volume mounts:
      - "sys/fs/cgroup:/sys/fs/cgroup:rw"
    command: "/usr/sbin/init"
provisioner:
  name: ansible
  config_options:
    defaults:
      remote_tmp: /tmp
verifier:
  name: ansible

But I am still getting the same error:

(venv) [red@ap-jumphost fake_role]$ molecule test
...
INFO     Running default > prepare
WARNING  Skipping, prepare playbook not configured.
INFO     Running default > converge
[DEPRECATION WARNING]: Ansible will require Python 3.8 or newer on the
controller starting with Ansible 2.12. Current version: 3.6.8 (default, Oct 19
2021, 05:14:06) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)]. This feature will be
removed from ansible-core in version 2.12. Deprecation warnings can be disabled
 by setting deprecation_warnings=False in ansible.cfg.

PLAY [Converge] ****************************************************************

TASK [Include red.fake_role] *****************************************
/home/red/GIT/venv/lib64/python3.6/site-packages/ansible/parsing/vault/__init__.py:44: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography and will be removed in a future release.
  from cryptography.exceptions import InvalidSignature

TASK [red.fake_role : fake_role | debug remote_tmp] ******************
ok: [instance] => {
    "msg": "remote_tmp is not_set"
}

TASK [red.fake_role : fake_role | debug ansible_remote_tmp] **********
ok: [instance] => {
    "msg": "ansible_remote_tmp is not_set"
}

TASK [red.fake_role : who am i] **************************************
fatal: [instance]: UNREACHABLE! => {"changed": false, "msg": "Failed to create temporary directory.In some cases, you may have been able to authenticate and did not have permissions on the target directory. Consider changing the remote tmp path in ansible.cfg to a path rooted in \"/tmp\", for more error information use -vvv. Failed command was: ( umask 77 && mkdir -p \"` echo /tmp `\"&& mkdir \"` echo /tmp/ansible-tmp-1668192366.5684752-2515263-14400147623756 `\" && echo ansible-tmp-1668192366.5684752-2515263-14400147623756=\"` echo /tmp/ansible-tmp-1668192366.5684752-2515263-14400147623756 `\" ), exited with result 1", "unreachable": true}

PLAY RECAP *********************************************************************
instance                   : ok=2    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0

WARNING  Retrying execution failure 4 of: ansible-playbook --inventory /home/red/.cache/molecule/fake_role/default/inventory --skip-tags molecule-notest,notest /home/red/GIT/docker-ops/roles/fake_role/molecule/default/converge.yml
CRITICAL Ansible return code was 4, command was: ['ansible-playbook', '--inventory', '/home/red/.cache/molecule/fake_role/default/inventory', '--skip-tags', 'molecule-notest,notest', '/home/red/GIT/docker-ops/roles/fake_role/molecule/default/converge.yml']

Easier to read error message:

fatal: [instance]: UNREACHABLE! =>
  {"changed": false,
   "msg": "Failed to create temporary directory.In some cases, you may have been able to
           authenticate and did not have permissions on the target directory. Consider
           changing the remote tmp path in ansible.cfg to a path rooted in \"/tmp\",
           for more error information use -vvv.
           Failed command was: ( umask 77 && mkdir -p \"` echo /tmp `\"&& mkdir \"` echo /tmp/ansible-tmp-1668192366.5684752-2515263-14400147623756 `\" && echo ansible-tmp-1668192366.5684752-2515263-14400147623756=\"` echo /tmp/ansible-tmp-1668192366.5684752-2515263-14400147623756 `\" ), exited with result 1", "unreachable": true}

I did happen to notice that the ~/.cache/molecule/fake_role/default/ansible.cfg file does have remote_tmp set.

[defaults]
ansible_managed = Ansible managed: Do NOT edit this file manually!
display_failed_stderr = True
forks = 50
retry_files_enabled = False
host_key_checking = False
nocows = 1
interpreter_python = auto_silent
remote_tmp = /tmp
[ssh_connection]
scp_if_ssh = True
control_path = %(directory)s/%%h-%%p-%%r

score 2 · Answer 1 · answered Nov 11 '22 at 07:39

Molecule produces it's own ansible.cfg for its own test use which will not take into account any global or local existing config file.

Depending on your version/configuration, this file is either created in:

molecule/<scenario>/.molecule/ansible.cfg
/home/<user>/.cache/molecule/<role>/<scenario>/ansible.cfg.

The easiest way to see where that file is generated and used on your own platform is to run molecule in --debug mode and inspect the output for the ANSIBLE_CONFIG variable in current use.

Now don't try to modify that file as it will be overwritten at some point anyway. Instead, you have to modify your provisionner environment in molecule.yml.

Below is an example adapted from the documentation for your particular case.

provisioner:
  name: ansible
  config_options:
    defaults:
      remote_tmp: /tmp

You can force regenerating the ansible.cfg cache file (and other molecule cached/temporary resources) for your scenario by running molecule reset

Please pay attention in the documentation link to the note warning you that some ansible.cfg config variables are blacklisted to warranty molecule functioning and will not be taken into account

Thank you very much for your answer. I may have to wait until Monday to get a chance to test your solution. — Red Cricket, Nov 11 '22 at 08:48
I tried your suggestion in the molecule.yml but still get the same error. Please see my updated question. Thanks! — Red Cricket, Nov 11 '22 at 18:52

molecule test seems to ignore ansible.cfg's remote_tmp setting

1 Answers1

Linked

Related