New server deploy

When running bootstrapper on Rocky 8:

An exception occurred during task execution. To see the full traceback, use -vvv. The error was: PermissionError: [Errno 1] Operation not permitted: b'/etc/.ansible_tmpgn9gry65resolv.conf' -> b'/etc/resolv.conf'
fatal: [localhost]: FAILED! => changed=false
  msg: 'Unable to make /root/.ansible/tmp/ansible-moduletmp-1727691395.3649442-_caa9s0e/tmp4504n575 into to /etc/resolv.conf, failed final rename from b''/etc/.ansible_tmpgn9gry65resolv.conf'': [Errno 1] Operation not permitted: b''/etc/.ansible_tmpgn9gry65resolv.conf'' -> b''/etc/resolv.conf'''

I’ve not seen this before, so I will require further information in order to proceed. Output from these commands should provide adequate guidance:

stat /etc/resolv.conf
lsattr /etc/resolv.conf
ls -Z /etc/resolv.conf
systemctl status systemd-resolved
mount

And possibly,

cd /usr/local/apnscp/resources/playbooks
ansible-playbook -vvv bootstrap.yml

stat /etc/resolv.conf
[root@web01 ~]# stat /etc/resolv.conf
File: /etc/resolv.conf
Size: 81 Blocks: 8 IO Block: 4096 regular file
Device: fd03h/64771d Inode: 404048 Links: 1
Access: (0644/-rw-r–r–) Uid: ( 0/ root) Gid: ( 0/ root)
Context: system_u:object_r:net_conf_t:s0
Access: 2024-09-30 11:54:35.556021460 +0200
Modify: 2023-08-07 19:22:17.820000000 +0200
Change: 2023-08-07 19:22:17.824000000 +0200
Birth: 2023-08-07 19:21:22.222000000 +0200

lsattr /etc/resolv.conf
[root@web01 ~]# lsattr /etc/resolv.conf
----i---------e----- /etc/resolv.conf

ls -Z /etc/resolv.conf
system_u:object_r:net_conf_t:s0 /etc/resolv.conf

systemctl status systemd-resolved
[root@web01 ~]# systemctl status systemd-resolved
● systemd-resolved.service - Network Name Resolution
Loaded: loaded (/usr/lib/systemd/system/systemd-resolved.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Docs: man:systemd-resolved.service(8)
https://www.freedesktop.org/wiki/Software/systemd/resolved
https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients

[root@web01 ~]# systemctl status systemd-resolved
● systemd-resolved.service - Network Name Resolution
Loaded: loaded (/usr/lib/systemd/system/systemd-resolved.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Docs: man:systemd-resolved.service(8)
https://www.freedesktop.org/wiki/Software/systemd/resolved
https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients

ansible-playbook -vvv bootstrap.yml
The full traceback is:
Traceback (most recent call last):
  File "/tmp/ansible_lineinfile_payload_t1z_luvp/ansible_lineinfile_payload.zip/ansible/module_utils/basic.py", line 2356, in atomic_move
    os.rename(b_src, b_dest)
PermissionError: [Errno 1] Operation not permitted: b'/root/.ansible/tmp/ansible-moduletmp-1727721574.4100144-42xet2qz/tmpitthlknz' -> b'/etc/resolv.conf'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/tmp/ansible_lineinfile_payload_t1z_luvp/ansible_lineinfile_payload.zip/ansible/module_utils/basic.py", line 2415, in atomic_move
    os.rename(b_tmp_dest_name, b_dest)
PermissionError: [Errno 1] Operation not permitted: b'/etc/.ansible_tmpc9f07ipsresolv.conf' -> b'/etc/resolv.conf'
fatal: [localhost]: FAILED! => changed=false
  invocation:
    module_args:
      attributes: null
      backrefs: false
      backup: false
      content: null
      create: false
      delimiter: null
      directory_mode: null
      firstmatch: false
      follow: false
      force: null
      group: null
      insertafter: null
      insertbefore: null
      line: null
      mode: null
      owner: null
      path: /etc/resolv.conf
      regexp: ^\s*nameserver\s+(?!1\.0\.0\.1|1\.1\.1\.1).*$
      remote_src: null
      selevel: null
      serole: null
      setype: null
      seuser: null
      src: null
      state: absent
      unsafe_writes: false
      validate: null
  msg: 'Unable to make /root/.ansible/tmp/ansible-moduletmp-1727721574.4100144-42xet2qz/tmpitthlknz into to /etc/resolv.conf, failed final rename from b''/etc/.ansible_tmpc9f07ipsresolv.conf'': [Errno 1] Operation not permitted: b''/etc/.ansible_tmpc9f07ipsresolv.conf'' -> b''/etc/resolv.conf'''

PLAY RECAP *******************************************************************************************************************************
localhost                  : ok=20   changed=0    unreachable=0    failed=1    skipped=18   rescued=0    ignored=0

Who’s the VPS/server provider?

Netcup → Amsterdam location

Installed from their template? I suggest doing one manual install and making that the template, don’t rely on provider’s ones 'cause they’re messy usually…

1 Like

Alright, never had the problem on their nuremburg location but ill try!

Thanks for the tip, hero!

chattr -i /etc/resolv.conf

There are better ways to force traffic to use designated nameservers than setting the immutable flag…

I’ve done what Anatoli said!

For now it looks good, probably imaging issue.

Users that are using Netcup → Do the custom image thing! :slight_smile:

1 Like

I do get this failure:

2024-10-01 13:14:58,599 p=463751 u=root n=ansible | fatal: [localhost]: FAILED! => {“attempts”: 2, “changed”: true, “cmd”: [“dnf”, “remove”, “-y”, “–duplicates”, “–setopt=protected_packages=”], “delta”: “0:00:01.392998”, “end”: “2024-10-01 13:14:58.590339”, “failed_when_result”: true, “msg”: “non-zero return code”, “rc”: 1, “start”: “2024-10-01 13:14:57.197341”, “stderr”: “Errors during downloading metadata for repository ‘rspamd’:\n - Status code: 404 for https://rspamd.com/rpm/rspamd.asc (IP: 135.181.136.158)\nError: Failed to retrieve GPG key for repo ‘rspamd’: Status code: 404 for https://rspamd.com/rpm/rspamd.asc (IP: 135.181.136.158)”, “stderr_lines”: [“Errors during downloading metadata for repository ‘rspamd’:”, " - Status code: 404 for https://rspamd.com/rpm/rspamd.asc (IP: 135.181.136.158)", “Error: Failed to retrieve GPG key for repo ‘rspamd’: Status code: 404 for https://rspamd.com/rpm/rspamd.asc (IP: 135.181.136.158)”], “stdout”: "Rspamd stable repository 1.9 kB/s | 833 B 00:00 \nRspamd stable repository

Just informational, I don’t know if it will proceed with the install.

Probably a bug?

2 Likes

Not only Netcup, this is good practice for all providers. If you can install OS from scratch, do that instead of relying on provided templates.

I indeed messed up the follow up… ooopsy.

Bug @ rspam is fixed by them (as the file is back anyway)

Matt, thanks as always for your help!
Anatoli, you too for the bestpractice!

1 Like

PR has been closed now: [BUG] http://rspamd.com/rpm/rspamd.asc is 404 · Issue #5168 · rspamd/rspamd · GitHub :+1: