I have linux box, where there is a user "user1", using C shell. The user has .cshrc in its home directory with some useful environment settings.
when I use this ansible logic though, the environment is not set properly for the user.
---
- name: some playbook
hosts: remote_host
become: yes
become_user: root
become_method: sudo
tasks:
- name: Check environment variables for user1
become: yes
become_user: user1
become_method: sudo
shell: "env"
register: envresult
- name: debug env
debug:
var: envresult.stdout
In the output I can see that the variables set in .cshrc are not in the environment. How can I force ansible to process the login scripts of users upon become?
Thank you!
You should add become_flags: "-i" to your playbook. The task then looks like
- name: Check environment variables for user1
become: yes
become_user: user1
become_method: sudo
become_flags: "-i"
shell: "env"
register: envresult
More Information is available at the Ansible documentation.
Related
I am trying to execute shell script using ansible shell module as shown in below code
-name : Execute
become_user: someuser
shell:
cmd: "./script.ksh"
chdir: "/path/to/script"
But the script still uses my login instead of "someuser". How this can be fixed ?
As suggested by #β.εηοιτ.βε the become: yes is missing, see exapmles and explanation in Become directives.
do you think become: yes is nothing but sudo ?
The default setting (atleast in my case) uses sudo.
To see the default become_method being used, check your "closest" ansible.cfg in the hierarchy.
You can run the playbook in verbose mode and by using -vvv increase verbosity to see the exact commands being used.
If the become: yes with become_user: <username> doesn't help try using a different become_method.
Example with su and su -:
- name : Execute
shell:
cmd: "./script.ksh"
chdir: "/path/to/script"
become: yes
become_user: someuser
become_method: "su"
or:
- name : Execute
shell:
cmd: "su - someuser -c './script.ksh'"
chdir: "/path/to/script"
become: yes
In this case you will most likely recieve the following warning:
[WARNING]: Consider using 'become', 'become_method', and 'become_user' rather than running su
I can become root on host only with command "sudo -i". I must be root to make some changes on this host. How can I become root with this method using ansibleplaybook?
For privilege escalation, become allows you to specify both become_method and become_flags:
- name: My playbook
hosts: myhosts
become: yes
become_method: sudo
become_flags: '-i'
tasks:
- name: My task
[..]
I login to server (CentOs 7) as my user and execute double sudo to become root. No password is required at such times.
Command: sudo sudo su
I need to install applications on such server as root user using Ansible (2.7)
Unfortunately, when i try following it gives: ""msg": "Timeout (12s) waiting for privilege escalation prompt: ""
---
- name: Copy file
become: true
become_method: su
hosts: all
tasks:
- name: Copy file
copy:
src: abc.txt
dest: /tmp/
I have tried other versions like changing become_method to sudo, etc. But they don't work. Any suggestion will help?
Im trying to run a shell script on the host machine after copying it over there using ansible. The script has 777 permissions.
Please read the below question as it gives the full scope of the actual issue that we are trying to deal with
Set different ORACLE_HOME and PATH environment variable using Ansible
- name: Run the Script [List]
shell: "/tmp/sqlscript/sql_select.sh {{item}} >> /tmp/sqlscript/output.out"
become: yes
become_method: sudo
become_user: oracle
register: orh
with_items: "{{ factor_dbs.split('\n') }}"
Below is the shell script
#!/bin/bash
source $HOME/bin/gsd_xenv $1 &> /dev/null
sqlplus -s <<EOF
/ as sysdba
set heading off
select d.name||','||i.instance_name||','||i.host_name||';' from v\$database d,v\$instance i;
EOF
Despite escalating the privileges, I observed that the task is not executing unless I add environment variables like below
- name: Run the script [List]
shell: "/tmp/sqlscript/oracle_home.sh {{item}} >> /tmp/sqlscript/orahome.out"
become: yes
become_method: sudo
become_user: oracle
environment:
PATH: "/home/oracle/bin:/usr/orasys/12.1.0.2r10/bin:/usr/bin:/bin:/usr/ucb:/sbin:/usr/sbin:/etc:/usr/local/bin:/oradata/epdmat/goldengate/config/sys"
ORACLE_HOME: "/usr/orasys/12.1.0.2r10"
register: orh
with_items: "{{ factor_dbs.split('\n') }}"
However this playbook needs to be run across different hosts which have different path and oracle_home variables.
My question is, why doest the task run despite escalating the permissions. When I try to run the same script manually by logging into the server and after doing "sudo su oracle", it seems to be running fine.
It depends on where you actually set your environment variables. There is a difference in executing a script when you are logged in at a remote machine, and running a script over ssh as Ansible does (see e.g., Differentiate Interactive login and non-interactive non-login shell). Depending on the type of shell and your system, different bash profiles are loaded.
I want to run a specific command as sudo -u username <command name> using Ansible.
I tried below task, but facing permissions issue.
---
-
hosts: all
become: yes
vars_files:
- vars.yml
tasks:
- name: "Create solr cores"
shell: /opt/apps/solr/bin/solr create -c test10
become_flags: '-u solr'
register: core_one
# changed_when: '"\"status\":0" in core_one.stdout'
Could anyone suggest on this?
The correct way to run a task is the following.
Having proper permissions is a prerequisite. Refer to man sudoers to learn more
- name: "Create solr cores"
shell: /opt/apps/solr/bin/solr create -c test10
become: yes
become_user: solr
register: core_one
You already have become: yes on the play level, so just for clarity.
remote_user: ansible
tasks:
- name: "Create solr cores"
shell: /opt/apps/solr/bin/solr create -c test10
become: yes
become_user: solr
register: core_one
In above example ansible connects to remote machine using user 'ansible'. Now this ansible user should have permission to switch to another user. i.e it should have root privileges
What happens with above code:
* ssh connection is made via ansible user (ansible-play does it)
* It uses command "sudo su solr" internally
* Then execute the command which is mentioned in shell