Django secret key unreadable by “Retrieve secret key” task
The task “Retrieve secret key from […]/django_secret_key” fails to read the generated secret key:
TASK [funkwhale : Create django_secret_key file] *********************************************************************************************************************************************************************************************
--- before
+++ after: /home/bignose/.ansible/tmp/ansible-local-1119292ag4jz_a4/tmpbalcqqb6
@@ -0,0 +1 @@
+0e19646133b3e306ac4d03dca5f57cc6430d29c37e09a1bd47
\ No newline at end of file
changed: [lindale.whitetree]
TASK [funkwhale : Setup a dummy secret key] **************************************************************************************************************************************************************************************************
skipping: [lindale.whitetree]
TASK [funkwhale : Retrieve secret key from /srv/funkwhale/config/django_secret_key] **********************************************************************************************************************************************************
fatal: [lindale.whitetree]: FAILED! => changed=false
msg: 'file is not readable: /srv/funkwhale/config/django_secret_key'
This is because the task “Create django_secret_key file” correctly sets the file as readable only by the application user:
$ ls -l /srv/funkwhale/config/django_secret_key
-rw------- 1 funkwhale funkwhale 50 Dec 25 13:30 /srv/funkwhale/config/django_secret_key
but the “Retrieve secret key” task does not act as that user.
Instead, the “Retrieve secret key” task should use become
and become_user
to act as that application user on the remote host.