Simple, Beautiful Software Development

Share this post

The curious case of sudden Ansible build failures

www.andrewhowden.com

Discover more from Simple, Beautiful Software Development

Idle words from Andrew Howden about Site Reliability Engineering, Software Development, Product development or other software and software tangential topics.
Continue reading
Sign in

The curious case of sudden Ansible build failures

So, I arrived a little earlier to work today to get some work done. First step: Set up a machine for QA. Luckily, we’ve done lots of work…

Andrew howden
Jul 6, 2018
Share this post

The curious case of sudden Ansible build failures

www.andrewhowden.com
Share
An actual photo of me staring at this stupid build. Apparently I was swearing more than usual, and a colleague captured it.

So, I arrived a little earlier to work today to get some work done. First step: Set up a machine for QA. Luckily, we’ve done lots of work to make this a trivial exercise, it’s a push button operation! Except:

PLAY [apply common configuration to all nodes] *********************************ERROR! Attempting to decrypt but no vault secrets found

Boom. Failure. Now, the change I’d made to deploy this testing machine was beyond innocuous, and should definitely not result in the failure that I saw.

Several annoyed and confused minutes later, I discover this cherry:

[WARNING] Ansible is in a world writable directory (/opt/atlassian/pipelines/agent/build), ignoring it as an ansible.cfg source.

What. Suddenly configuration was being ignored?

Balls. Backing up a step, we keep our build container suuuuper up to date. It looks like Ansible released a new version this morning. Buried in that was this lovely PR:

[stable-2.5] ignore ansible.cfg in world writable cwd (#42070) by abadger · Pull Request #42142 ·…
ignore ansible.cfg in world writable cwd also added 'warnings' to config updated man page template (cherry picked from…github.com

No more configuration for world writable directories. Now, this makes quite some sense; what doesn’t make sense is why the directory would be world writable for BitBucket Pipelines?! But whatever. A quick and dirty:

    # Correct the permissions on the build environment directory.
    # See https://github.com/ansible/ansible/pull/42142/files
    chmod 700 /opt/atlassian/pipelines/agent/build

in the build script, and we’re in our way.

Back to the rest of Friday morning, then.

Share this post

The curious case of sudden Ansible build failures

www.andrewhowden.com
Share
Previous
Next
Comments
Top
New

No posts

Ready for more?

© 2023 Andrew Howden
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing