An actual photo of me staring at this stupid build. Apparently I was swearing more than usual, and a colleague captured it.

The curious case of sudden Ansible build failures

So, I arrived a little earlier to work today to get some work done. First step: Set up a machine for QA. Luckily, we’ve done lots of work to make this a trivial exercise, it’s a push button operation! Except:

PLAY [apply common configuration to all nodes] *********************************ERROR! Attempting to decrypt but no vault secrets found

Boom. Failure. Now, the change I’d made to deploy this testing machine was beyond innocuous, and should definitely not result in the failure that I saw.

Several annoyed and confused minutes later, I discover this cherry:

[WARNING] Ansible is in a world writable directory (/opt/atlassian/pipelines/agent/build), ignoring it as an ansible.cfg source.

What. Suddenly configuration was being ignored?

Balls. Backing up a step, we keep our build container suuuuper up to date. It looks like Ansible released a new version this morning. Buried in that was this lovely PR:

No more configuration for world writable directories. Now, this makes quite some sense; what doesn’t make sense is why the directory would be world writable for BitBucket Pipelines?! But whatever. A quick and dirty:

    # Correct the permissions on the build environment directory.
# See https://github.com/ansible/ansible/pull/42142/files
chmod 700 /opt/atlassian/pipelines/agent/build

in the build script, and we’re in our way.

Back to the rest of Friday morning, then.

--

--

See https://www.andrewhowden.com/

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store