I have 2 users: dashadmin and dash
I have my target machine with settings that only allow access as privileged user dashadmin, root ssh has been locked. For security reasons i would like to keep user dash unpriviiged.
I am trying to administer a user account dash and run a command that requires using the unprivileged user dashbc the command requires conf file in the users home path...
Here is the play
- name: generate bls privatekey
command: dash-cli bls generate
become: yes
become_user: dash
register: bls
i get this error:
TASK [dashmn : After dashd started, generate masternode bls private key] ***************************************
fatal: [78.141.219.106]: FAILED! => {"msg": "Failed to set permissions on the temporary files Ansible needs to create when becoming an unprivileged user (rc: 1, err: chown: changing ownership of '/var/tmp/ansible-tmp-1594229288.4458573-404302-256218153903862/': Operation not permitted\nchown: changing ownership of '/var/tmp/ansible-tmp-1594229288.4458573-404302-256218153903862/AnsiballZ_command.py': Operation not permitted\n}). For information on working around this, see https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user"}
2 questions:
What is the best way to run this command/bypass this error?
what is the best way to store the output for later use?
i think i found a way to avoid this, i will add the unprivileged user to sudoer list during setup and remove from sudoer after everything is installed.
Related
I am trying to install informatica 10.4 on windows but while domain creation, it is throwing me permission issue, but i am running the installer as admin and took the command from logs which was giving issue and ran it in cmd as admin but still the same issue.
I feel installer is trying to add permissions for wrong domain / user.
How to change that to correct domain / user?
error:
OutPut : [ICMD_10033] Command [generateEncryptionKey] failed with error [[INFASETUP_10000] [FrameworkUtils_0006] The encryption key file cannot be generated. [[FrameworkUtils_0022] Failed to find user name [WORKGROUP\SYSTEM] during Informatica service startup, and so cannot grant read and write permissions on the node configuration directory to the user. Verify that the user that started the Informatica service is valid. If you are a Local System User, you can ignore this message as you inherit the read-write permissions.]..].
I was wondering if it was possible to have Vagrant provisioning with Ansible playbooks to have a task where a command which requires user input is executed and pauses to wait for user interaction.
The use case is to auth the gcloud terminal command with gcloud auth login. The command asks the user to go to a url which perform the Google authentication and then enter the verification code provided after the access is granted:
Go to the following link in your browser:
https://accounts.google.com/o/oauth2/....
Enter verification code:
I've seen prompt and wait_for modules for Ansible but it does not look like can be used in this scenario?
If the account you're trying to authenticate in that scenario is a service account, give gcloud auth activate-service-account a try. It'd be especially useful here because it prompts for nothing, all it does is login a service account using a key file. You can find out more about it here.
Maybe the expect module will work on your case. Have you read about it?
Example from ansible docs:
- name: Case insensitive password string match
expect:
command: passwd username
responses:
(?i)password: "MySekretPa$$word"
# you don't want to show passwords in your logs
no_log: true
- name: Generic question with multiple different responses
expect:
command: /path/to/custom/command
responses:
Question:
- response1
- response2
- response3
You can combine this with uri module to authenticate on google cloud, register the output, parse it with regex or something and then use it on expect module...
Source: Ansible Expect Module
I am trying to setup Ambari on single node cluster.
Ambari setup was done as root user
I tried all the post related to this , change the permission and did set up as permission
http://docs.hortonworks.com/HDPDocuments/Ambari-2.1.2.1/bk_Installing_HDP_AMB/content/_set_up_password-less_ssh.html
cd ~/.ssh
rm -rf /root/.ssh
ssh-keygen -t dsa
cat /root/.ssh/id_dsa.pub >> /root/.ssh/authorized_keys
cat /root/.ssh/authorized_keys
Copied the the Key from above line in Ambari while setting up cluster Step
ambari-server restart
When I try to Register and Confirm in lInstall Options I get below error
However I am able to do "ssh root#hadoop.maxsjohn.com without giving the password.
==========================
Creating target directory...
==========================
Command start time 2017-03-13 03:35:43
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
SSH command execution finished
host=hadoop.maxsjohn.com, exitcode=255
Command end time 2017-03-13 03:35:43
ERROR: Bootstrap of host hadoop.maxsjohn.com fails because previous action finished with non-zero exit code (255)
ERROR MESSAGE: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
STDOUT:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).[Error Message][1]
So, coming in a year later I got a very similar error but with a multiple host cluster. In case it helps, I found this error happens for the host running Ambari Server when the private key file chosen on the 'Install Options' page in the 'Cluster Install Wizard' is incorrect (in my case I re-created the keys but neglected to update Ambari). From the host OS perspective the passwordless SSH works just fine but Ambari fails to install the host until the corresponding SSH Private Key file is chosen.
I suspect the password cannot be blank. You need to set a password. If this is for your learning, i would suggest take a copy of VM from hortonworks site and use it. You don't have to go through the pain of installing and configuring. Here is the link
am newbi to devops and got a task to create user , am using ansible in my control machine and want to create a new user with password in server2
playbook i have written is
hosts:appservers
user:test
sudo:yes
gather_facts:yes
var :
password:centos
task:
- name: creating user
user: name=john password={{password}}
after running the above script i tried to login with that user on another server as
[root]# su - test
after doing the above step it didnt asked for the password and took me to the test user as
[test#localhost ~]$
y it is not asking for the password ?
Root doesn't need a password to switch users. Try using ssh test#localhost to test the password.
I am very new to postgres-xl. I am planning to use it to my application. There is no properdocumentation to download and install in distributed mode. Please guide me, from where to download, install, configuration, what are the dependent packages for centOS 6 to support postgres-xl, what are the services need to start and how to start them, configuration changes for distributed environment.In a distribued environment, what are the services to start and how. Please guide me. Thanks..!
Following are key points to install Postgres-XL.
Detailed information, please see https://ruihaijiang.wordpress.com/2015/09/17/postgres-xl-installation-example-on-linux/
1. Plan your hosts, IP, ports, etc. For example,
GTM:
hostname=host1
nodename=gtm
IP=192.168.187.130
port=6666
Coordinator:
hostname=host2
nodename=coord1
IP=192.168.187.131
pooler_port=6668,port=5432
Datanode1:
hostname=host3
nodename=datanode1
IP=192.168.187.132
pooler_port=6669, port=15432
Datanode2:
hostname=host4
nodename=datanode2
IP=192.168.187.133
pooler_port=6670, port=15433
2. Write your pgxc_ctl.conf
#user and path
pgxcOwner=postgres
pgxcUser=$pgxcOwner
pgxcInstallDir=/usr/local/pgsql
#gtm and gtmproxy
gtmMasterDir=$HOME/pgxc/nodes/gtm
gtmMasterPort=6666
gtmMasterServer=192.168.187.130
gtmSlave=n
#gtm proxy
gtmProxy=n
#coordinator
coordMasterDir=$HOME/pgxc/nodes/coord
coordNames=(coord1)
coordPorts=(5432)
poolerPorts=(6668)
coordPgHbaEntries=(192.168.187.0/24)
coordMasterServers=(192.168.187.131)
coordMasterDirs=($coordMasterDir/coord1)
coordMaxWALsernder=0
coordMaxWALSenders=($coordMaxWALsernder)
coordSlave=n
coordSpecificExtraConfig=(none none none)
coordSpecificExtraPgHba=(none none none)
#datanode
datanodeNames=(datanode1 datanode2)
datanodePorts=(15432 15433)
datanodePoolerPorts=(6669 6670)
datanodePgHbaEntries=(192.168.187.0/24)
datanodeMasterServers=(192.168.187.132 192.168.187.133)
datanodeMasterDir=$HOME/pgxc/nodes/dn_master
datanodeMasterDirs=($datanodeMasterDir/datanode1 $datanodeMasterDir/datanode2)
datanodeMaxWalSender=0
datanodeMaxWALSenders=($datanodeMaxWalSender $datanodeMaxWalSender)
datanodeSlave=n
primaryDatanode=datanode1
3. Configure ssh authentication to avoid inputing password for pgxc_ctl
This really spent me a few days.
On host1, generate the authentication key file,
ssh-keygen -t rsa (Just press ENTER for all input values)
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
On host1, upload file authorized_keys to host2, host3 and host3, as following,
scp ~/.ssh/authorized_keys postgres#192.168.187.131:~/.ssh/
scp ~/.ssh/authorized_keys postgres#192.168.187.132:~/.ssh/
scp ~/.ssh/authorized_keys postgres#192.168.187.133:~/.ssh/
On every host, run following commands,
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
On host1, try to connect host2, host3 and host4, make sure no password is needed,
ssh postgres#192.168.187.131
ssh postgres#192.168.187.132
ssh postgres#192.168.187.133
4. Run pgxc_ctl to configure and start the cluster
At host1, run following command:
pgxc_ctl init all