-
Notifications
You must be signed in to change notification settings - Fork 948
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
File Permissions not preserved when using workingDir #5587
Comments
Can't say about the setting permission in workingDir (will wait developer review). |
good thought - i changed my flow to this:
the ls -laR output shows that the permission does get changed to 0600 successfully, but even with the parent WorkingDirectory (which i thought would preserve the workingDir for the duration of the flow), the permission reverts to 0644 by the time ansible executes, and i get the same error as before :
|
in fact, regardless of the original owner or permissions, the files that end up in {{ workingDir }} end up 0644 and owned by root. |
@BreckanM this is due by the fact you run Docker engine as root, so the files created by the Docker engine (we use a volume mount) will be created as root. |
thanks @loicmathieu. totally understand that copying the files into workingdir will make them owned by root. from what i can see the process is :
Concept : eg :
kestra flow:
|
Just for clarity - I have a workaround that does now work, but there are some details that need to be understood: Cytopia/ansible doesnt run 'docker-in-docker' - it runs on the parent OS not inside Kestra, so its 'docker-beside-docker' So my full workaround is:
Note:
Playbook will now connect using SSHKEY successfully. |
Describe the issue
When trying to use the cytopia/ansible docker container, i need to copy SSH priv key into the workingDir and reference it explicitly so that the passwordless ssh connection to remote host will work.
ssh public key has already copied to the remote machine successfully.
Note: i did change the Docker volumes to mounts in my compose.yml file :
Kestra Flow:
the error in log from Ansible in Docker is that permissions are too wide
fatal: [LinuxTestHost]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added '192.168.0.99' (ED25519) to the list of known hosts.\r\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\n@ WARNING: UNPROTECTED PRIVATE KEY FILE! @\r\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\nPermissions 0644 for '/tmp/kestra-wd/tmp/6rPK2pHakCy8L8id7oEfK4/kestra_id_rsa' are too open.\r\nIt is required that your private key files are NOT accessible by others.\r\nThis private key will be ignored.\r\nLoad key \"/tmp/kestra-wd/tmp/6rPK2pHakCy8L8id7oEfK4/kestra_id_rsa\": bad permissions\r\nkestra@192.168.0.99: Permission denied (publickey,password).", "unreachable": true}
Source Folder ( namespaceFiles )
workingDir status during execution of flow
It appears that when the files are pre-staged by Kestra (aka copied into the temp workingDir), permissions are not preserved.
Specifically 0600 changes to 0644 for the private key.
Is there a way to explicitly set permissions on the files in the workingDir ?
Environment
The text was updated successfully, but these errors were encountered: