I’m trying to use Ansible to administer several OSMC installations in unison, along with many other separate Debian-based systems.
For those who haven’t heard of Ansible, it’s a system configuration management tool whose primary method of getting things done is to copy Python scripts onto a remote computer and execute them to achieve some desired system state. In my case, I’m successfully using it to centrally manage Kodi add-ons and settings.
I’d also like to use it to manage Debian package states, but when Ansible connects to an OSMC device, the system PATH
is mangled and things fail.
I’ve confirmed that this isn’t an Ansible issue. I’ve found two possible culprits in the way OSMC is set up though:
-
The
secure_path
default in/etc/sudoers
doesn’t seem to be honoured:$ ssh osmc@XXX bash -c '"sudo grep secure_path /etc/sudoers ; echo $PATH ; sudo bash -c echo\ $PATH"' ... Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" /usr/local/bin:/usr/bin:/bin:/usr/games /usr/local/bin:/usr/bin:/bin:/usr/games
-
There’s a big difference in the
PATH
depending on whether the shell is run interactively or not:$ ssh osmc@XXX ... osmc@osmc:~$ echo $PATH /usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games:/sbin:/usr/sbin:/opt/vc/bin
$ ssh osmc@XXX bash -c '"echo $PATH"' ... /usr/local/bin:/usr/bin:/bin:/usr/games
On every other Debian-based system I have access to, the PATH
is not different based on whether the shell is login, non-login, interactive or non-interactive. In the case of Point #2, it seems that having PATH
setup in /etc/profile
and /etc/profile.d/*.sh
could be part of the issue, as these files are only read and executed for “login” shells. Shells started by non-interactive SSH commands are not login shells.
I don’t have an elegant solution for this issue at the moment. What are your thoughts?