bug(ansible): autobot-ai pip cache dir not owned by autobot-ai — cache disabled on every AI stack install #3535
Description
Summary
During AI stack provisioning, pip emits a warning on every run:
WARNING: The directory '/home/autobot-ai/.cache/pip' or its parent directory is not owned or is not writable by the current user. The cache has been disabled.
This disables the pip cache, causing every provisioning run to re-download all AI packages (large packages like torch, transformers, sentence-transformers, etc.) from scratch. On slow links or air-gapped setups this significantly extends provisioning time.
Root Cause
The autobot-ai service account home directory (/home/autobot-ai) is created by the Ansible role, but the .cache/pip subdirectory is either:
- Not created during provisioning, so pip tries to create it and fails if parent ownership is wrong
- Created with wrong ownership (e.g., root) when pip runs under sudo before
become_usertakes effect
The pip install tasks in autobot-slm-backend/ansible/roles/ai-stack/tasks/main.yml use become_user: "{{ ai_user }}" (autobot-ai), but the cache directory may be owned by root if any earlier pip call ran without become_user.
Fix
Add a task in the ai-stack role to ensure the pip cache directory exists and is owned by ai_user before the pip install tasks run:
- name: Create pip cache directory for ai user
ansible.builtin.file:
path: "/home/{{ ai_user }}/.cache/pip"
state: directory
owner: "{{ ai_user }}"
group: "{{ ai_group }}"
mode: "0755"This should be placed after "Fix venv ownership" and before "Upgrade pip in venv".
Related
Discovered during investigation of #3534 (ai-stack venv Python version mismatch). Secondary issue — does not block provisioning but degrades performance on every run.