13

tl;dr = How do OS X users recommend working around this permissions error?

I'm on OS X 10.10.1 and I recently installed Ansible running the following: 

sudo pip install ansible --quiet
sudo pip install ansible --upgrade

I want to start off with a galaxy role to install homebrew and went to run this one with the following error: 

$ ansible-galaxy install geerlingguy.homebrew
- downloading role 'homebrew', owned by geerlingguy
- downloading role from https://github.com/geerlingguy/ansible-role-homebrew/archive/1.0.1.tar.gz
- extracting geerlingguy.homebrew to /etc/ansible/roles/geerlingguy.homebrew
- error: you do not have permission to modify files in /etc/ansible/roles/geerlingguy.homebrew
- geerlingguy.homebrew was NOT installed successfully.
- you can use --ignore-errors to skip failed roles.

While I see /etc is owned by root, I don't see any notes in documentation saying I should chmod anything.

For reference: 

$ ansible --version
ansible 1.8.2
  configured module search path = None

Is this expected or is my installation somehow wrong?

sorin
  • 161,544
  • 178
  • 535
  • 806
mbb
  • 3,052
  • 1
  • 27
  • 28

3 Answers3

17

The default location for roles is /etc/ansible/roles (for version <= 2.3. Since v2.4, the default location has changed to ~/.ansible/roles/, an issue has been raised). You need to specify --roles-path when using ansible-galaxy. Here's what ansible-galaxy install --help says:

-p ROLES_PATH, --roles-path=ROLES_PATH
    The path to the directory containing your roles. The
    default is the roles_path configured in your
    ansible.cfg file (/etc/ansible/roles if not
    configured)

You can also set roles_path in ansible.cfg; see the documentation for details.

Audrey Carval
  • 168
  • 2
  • 7
tedder42
  • 23,519
  • 13
  • 86
  • 102
  • Thank you for an answer! I'm familiar with the default path and understand I can redirect it. My question could be stated more clearly as *how is this error normally remedied by those on OS X?* I imagine that defining `--roles-path` on every galaxy or playbook call would be annoying. There must be a smarter way. Any recommendations? – mbb Dec 29 '14 at 03:14
  • 1
    I have a custom `roles_path` in my `/etc/ansible/ansible.cfg` file, currently set to a location inside my home folder (e.g. `roles_path = ~/dev/ansible/roles`. (see the last line in the answer above). If you specify the `roles_path` globally, you never have to specify it on the command line. – geerlingguy Dec 29 '14 at 03:20
  • Your second question is answered with `ansible.cfg`; follow the link to set the proper path. – tedder42 Dec 29 '14 at 06:43
4

Or you can use brew to install ansible. To do it you would need to run:

brew install ansible

If you had any previous installations, it is possible that you will see a message like this:

Error: The brew link step did not complete successfully The formula built, but is not symlinked into /usr/local Could not symlink bin/ansible Target /usr/local/bin/ansible already exists. You may want to remove it: rm '/usr/local/bin/ansible'

To force the link and overwrite all conflicting files: brew link --overwrite ansible

To list all files that would be deleted: brew link --overwrite --dry-run ansible

Possible conflicting files are: /usr/local/bin/ansible /usr/local/bin/ansible-console /usr/local/bin/ansible-doc /usr/local/bin/ansible-galaxy /usr/local/bin/ansible-playbook /usr/local/bin/ansible-pull /usr/local/bin/ansible-vault

So, run brew link --overwrite ansible to fix that. And now you will be able to install any roles without sudo.

Example:

» ansible-galaxy install bennojoy.redis
- downloading role 'redis', owned by bennojoy
- downloading role from https://github.com/bennojoy/redis/archive/master.tar.gz
- extracting bennojoy.redis to /usr/local/etc/ansible/roles/bennojoy.redis
- bennojoy.redis was installed successfully

sobolevn
  • 16,714
  • 6
  • 62
  • 60
2

As I saw you used "sudo" to install Ansible, I suppose it shall be OK to continue using "sudo" for ansible-galaxy installation. And that's what I just did.

Shaohong Li
  • 58
  • 4
  • You would need to have ansible available to root as well, which by default is not. In fact, your answer should be a comment altogether. – Wtower Jan 29 '16 at 13:34