When running bootstrapper on Rocky 8:
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: PermissionError: [Errno 1] Operation not permitted: b'/etc/.ansible_tmpgn9gry65resolv.conf' -> b'/etc/resolv.conf'
fatal: [localhost]: FAILED! => changed=false
msg: 'Unable to make /root/.ansible/tmp/ansible-moduletmp-1727691395.3649442-_caa9s0e/tmp4504n575 into to /etc/resolv.conf, failed final rename from b''/etc/.ansible_tmpgn9gry65resolv.conf'': [Errno 1] Operation not permitted: b''/etc/.ansible_tmpgn9gry65resolv.conf'' -> b''/etc/resolv.conf'''
I’ve not seen this before, so I will require further information in order to proceed. Output from these commands should provide adequate guidance:
stat /etc/resolv.conf
lsattr /etc/resolv.conf
ls -Z /etc/resolv.conf
systemctl status systemd-resolved
mount
And possibly,
cd /usr/local/apnscp/resources/playbooks
ansible-playbook -vvv bootstrap.yml
stat /etc/resolv.conf
[root@web01 ~]# stat /etc/resolv.conf
File: /etc/resolv.conf
Size: 81 Blocks: 8 IO Block: 4096 regular file
Device: fd03h/64771d Inode: 404048 Links: 1
Access: (0644/-rw-r–r–) Uid: ( 0/ root) Gid: ( 0/ root)
Context: system_u:object_r:net_conf_t:s0
Access: 2024-09-30 11:54:35.556021460 +0200
Modify: 2023-08-07 19:22:17.820000000 +0200
Change: 2023-08-07 19:22:17.824000000 +0200
Birth: 2023-08-07 19:21:22.222000000 +0200
lsattr /etc/resolv.conf
[root@web01 ~]# lsattr /etc/resolv.conf
----i---------e----- /etc/resolv.conf
ls -Z /etc/resolv.conf
system_u:object_r:net_conf_t:s0 /etc/resolv.conf
systemctl status systemd-resolved
[root@web01 ~]# systemctl status systemd-resolved
● systemd-resolved.service - Network Name Resolution
Loaded: loaded (/usr/lib/systemd/system/systemd-resolved.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Docs: man:systemd-resolved.service(8)
https://www.freedesktop.org/wiki/Software/systemd/resolved
https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
[root@web01 ~]# systemctl status systemd-resolved
● systemd-resolved.service - Network Name Resolution
Loaded: loaded (/usr/lib/systemd/system/systemd-resolved.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Docs: man:systemd-resolved.service(8)
https://www.freedesktop.org/wiki/Software/systemd/resolved
https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
ansible-playbook -vvv bootstrap.yml
The full traceback is:
Traceback (most recent call last):
File "/tmp/ansible_lineinfile_payload_t1z_luvp/ansible_lineinfile_payload.zip/ansible/module_utils/basic.py", line 2356, in atomic_move
os.rename(b_src, b_dest)
PermissionError: [Errno 1] Operation not permitted: b'/root/.ansible/tmp/ansible-moduletmp-1727721574.4100144-42xet2qz/tmpitthlknz' -> b'/etc/resolv.conf'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/tmp/ansible_lineinfile_payload_t1z_luvp/ansible_lineinfile_payload.zip/ansible/module_utils/basic.py", line 2415, in atomic_move
os.rename(b_tmp_dest_name, b_dest)
PermissionError: [Errno 1] Operation not permitted: b'/etc/.ansible_tmpc9f07ipsresolv.conf' -> b'/etc/resolv.conf'
fatal: [localhost]: FAILED! => changed=false
invocation:
module_args:
attributes: null
backrefs: false
backup: false
content: null
create: false
delimiter: null
directory_mode: null
firstmatch: false
follow: false
force: null
group: null
insertafter: null
insertbefore: null
line: null
mode: null
owner: null
path: /etc/resolv.conf
regexp: ^\s*nameserver\s+(?!1\.0\.0\.1|1\.1\.1\.1).*$
remote_src: null
selevel: null
serole: null
setype: null
seuser: null
src: null
state: absent
unsafe_writes: false
validate: null
msg: 'Unable to make /root/.ansible/tmp/ansible-moduletmp-1727721574.4100144-42xet2qz/tmpitthlknz into to /etc/resolv.conf, failed final rename from b''/etc/.ansible_tmpc9f07ipsresolv.conf'': [Errno 1] Operation not permitted: b''/etc/.ansible_tmpc9f07ipsresolv.conf'' -> b''/etc/resolv.conf'''
PLAY RECAP *******************************************************************************************************************************
localhost : ok=20 changed=0 unreachable=0 failed=1 skipped=18 rescued=0 ignored=0
anatoli
September 30, 2024, 6:42pm
4
Who’s the VPS/server provider?
Netcup → Amsterdam location
anatoli
September 30, 2024, 6:46pm
6
Installed from their template? I suggest doing one manual install and making that the template, don’t rely on provider’s ones 'cause they’re messy usually…
1 Like
Alright, never had the problem on their nuremburg location but ill try!
Thanks for the tip, hero!
chattr -i /etc/resolv.conf
There are better ways to force traffic to use designated nameservers than setting the immutable flag…
I’ve done what Anatoli said!
For now it looks good, probably imaging issue.
Users that are using Netcup → Do the custom image thing!
1 Like
I do get this failure:
2024-10-01 13:14:58,599 p=463751 u=root n=ansible | fatal: [localhost]: FAILED! => {“attempts”: 2, “changed”: true, “cmd”: [“dnf”, “remove”, “-y”, “–duplicates”, “–setopt=protected_packages=”], “delta”: “0:00:01.392998”, “end”: “2024-10-01 13:14:58.590339”, “failed_when_result”: true, “msg”: “non-zero return code”, “rc”: 1, “start”: “2024-10-01 13:14:57.197341”, “stderr”: “Errors during downloading metadata for repository ‘rspamd’:\n - Status code: 404 for https://rspamd.com/rpm/rspamd.asc (IP: 135.181.136.158)\nError: Failed to retrieve GPG key for repo ‘rspamd’: Status code: 404 for https://rspamd.com/rpm/rspamd.asc (IP: 135.181.136.158)”, “stderr_lines”: [“Errors during downloading metadata for repository ‘rspamd’:”, " - Status code: 404 for https://rspamd.com/rpm/rspamd.asc (IP: 135.181.136.158)", “Error: Failed to retrieve GPG key for repo ‘rspamd’: Status code: 404 for https://rspamd.com/rpm/rspamd.asc (IP: 135.181.136.158)”], “stdout”: "Rspamd stable repository 1.9 kB/s | 833 B 00:00 \nRspamd stable repository
Just informational, I don’t know if it will proceed with the install.
Not only Netcup, this is good practice for all providers . If you can install OS from scratch, do that instead of relying on provided templates.
I indeed messed up the follow up… ooopsy.
Bug @ rspam is fixed by them (as the file is back anyway)
Matt, thanks as always for your help!
Anatoli, you too for the bestpractice!
1 Like
anatoli
October 4, 2024, 12:48pm
14