You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I use an Ansible playbook to create a golden image for AWS using the roles falcon_install, falcon_configure and falcon_uninstall.
When I run the Ansible playbook, I get the following error message:
TASK [crowdstrike.falcon.falcon_install : CrowdStrike Falcon | Copy Sensor Installation Package to remote host (non-windows)] *******************************************************
fatal: [i-0da31599f96a90199_asg-metadefender-image-ubuntu22-mdtest-202404050828]: FAILED! =>
msg: 'an error occurred while trying to read the file ''/var/tmp/falcon-sensor_7.13.0-16604_amd64.deb'': [Errno 13] Permission denied: b''/var/tmp/falcon-sensor_7.13.0-16604_amd64.deb''. [Errno 13] Permission denied: b''/var/tmp/falcon-sensor_7.13.0-16604_amd64.deb'''
The reason for this error message is a global umask 0077 on the Ansible control node.
After downloading the Falcon Sensor Installer via API, the file has the following permissions:
Although the Ansible playbook is executed with become: true, the Ansible task cannot access the file to copy it to the target host.
I could probably work around the problem by replacing the roles with the appropriate modules, but it would be more convenient to run an optional task between Download Falcon Sensor Installation Package (local) and Copy Sensor Installation Package to remote host (non-windows) that changes the permissions of the file.
Okay.. so I think this should be handled by the sensor_download instead of adding it as a task. This makes sense in and outside of the role. I'll get a PR started for that.
Okay.. so I think this should be handled by the sensor_download instead of adding it as a task. This makes sense in and outside of the role. I'll get a PR started for that.
@carlosmmatos I had the same thought and it would be the much smarter approach, but I was looking for a quick fix because I am not that good at writing Python. 😉
carlosmmatos
added a commit
to carlosmmatos/ansible_collection_falcon
that referenced
this issue
Apr 6, 2024
I use an Ansible playbook to create a golden image for AWS using the roles
falcon_install
,falcon_configure
andfalcon_uninstall
.When I run the Ansible playbook, I get the following error message:
The reason for this error message is a global
umask 0077
on the Ansible control node.After downloading the Falcon Sensor Installer via API, the file has the following permissions:
Although the Ansible playbook is executed with
become: true
, the Ansible task cannot access the file to copy it to the target host.I could probably work around the problem by replacing the roles with the appropriate modules, but it would be more convenient to run an optional task between
Download Falcon Sensor Installation Package (local)
andCopy Sensor Installation Package to remote host (non-windows)
that changes the permissions of the file.https://github.com/CrowdStrike/ansible_collection_falcon/blob/main/roles/falcon_install/tasks/api.yml#L63-L71
https://github.com/CrowdStrike/ansible_collection_falcon/blob/main/roles/falcon_install/tasks/api.yml#L63-L71
Something like:
The text was updated successfully, but these errors were encountered: