Running terminal command via Ansible playbook - macos

I'm having, what appears to be, a common issue of running shell/terminal commands via an ansible playbook.
If I were to go onto on of my remote machines and type the command on a fresh terminal window, it works, however attempting to do the same via a playbook is having directory issues.
This is essentially the command, but some of it changed a little for privacy, but its essentially an authenticator...
authenticator authenticate user userkeytab
If I try to just run it as shell, I get an error that the authenticator command cant be found in /bin/sh, so I attempted to use chdir to run the command at the default window, (/Users/username).
Here is roughly, the playbook, with one of my failed attempts... I just don’t know what chdir I should be using...
- hosts: all
tasks:
- name: Reauthenticate login
shell: authenticator authenticate user userkeytab
args:
chdir: ~/
ive also tried usr/local/bin.... any thoughts?

can you try with the 'command' module, example below:
- name: Change the working directory to somedir/ and run the command as db_owner if /path/to/database does not exist.
command: /usr/bin/make_database.sh db_user db_name
become: yes
become_user: db_owner
args:
chdir: somedir/
creates: /path/to/database
Resource:
https://docs.ansible.com/ansible/latest/modules/command_module.html

Related

Error when executing a linux script by ansible

I try to run a linux script with the shell module but I get the following error:
/bin/sh: sh: command not found.
To run this linux script, I need to run it with a different user (oracle) than the one I use to connect
This is the task of the playbook
- name: Execute
become: true
become_user: oracle
become_method: sudo
shell: sh ora_expdp_partition.sh P_05_2021
args:
chdir: /fuentes01/vasmonitor
environment:
ORACLE_BASE: /oracle/oracle/app/oracle
LD_LIBRARY_PATH: /oracle/oracle/app/oracle/product/12.2.0/dbhome_1/lib:/lib:/usr/lib:/usr/lib64
ORACLE_HOME: /oracle/oracle/app/oracle/product/12.2.0/dbhome_1
PATH: /usr/sbin:/oracle/oracle/app/oracle/product/12.2.0/dbhome_1/bin:/usr/local/bin
CLASSPATH: /oracle/oracle/app/oracle/product/12.2.0/dbhome_1/jlib:/oracle/oracle/app/oracle/product/12.2.0/dbhome_1/rdbms/jlib
In the task I need to execute the script with the user oracle
When I execute the script with the user oracle manually, it works
In environment you specify a PATH that does not include /bin (or /usr/bin), so sh is not found in the PATH.

Unable to execute bashrc function using ANSIBLE

I am trying to execute a bashrc function "enableSsh" using ANSIBLE. I am using below ANSIBLE code to get this done but getting error: enableSsh command not found.
- name: Switch to user root and enable ssh
become: yes
become_user: root
become_method: su
shell: . .bashrc && enableSsh
args:
executable: /bin/bash
Note: I tested it removing enableSsh and reloading bashrc is working fine. enableSsh is a function defined in remote server's bashrc file and works fine if execute directly from command line.
This is not an issue with Ansible, this is a shortcoming of the alias command as explained here.

Is there an alternative for Ansible's `become: yes`?

I want to run an Ansible playbook to provision a server. I can ssh into the server as a non-root user. I have sudo privileges, but I am not allowed to switch to root user. I effectively just want to execute sudo mkdir /opt/some_directory (the command works when I ssh in and execute the command on the server).
Using become:true produces the error of trying to switch to root user and then creating the directory, I think.
The Code:
- name: "Info: Creating directory."
become: true
file:
path: "{{ directory }}"
state: directory
mode: '0755'
The error I am getting is Sorry, user xxxxx is not allowed to execute '/bin/sh -c echo BECOME-SUCCESS...
Q: "Is there an alternative for Ansible's become: yes? I have sudo privileges, but I am not allowed to switch to root user. I effectively just want to execute sudo mkdir /opt/some_directory ..."
A: No. Quoting from Can’t limit escalation to certain commands
"Privilege escalation permissions have to be general... If you have ‘/sbin/service’ or ‘/bin/chmod’ as the allowed commands this will fail "...

how to start the service in target server using ansible playbook

I'm trying to run the following ansible playbook to start the "nexus" service on remote server at path "nexux/bin" it gets failed :
- hosts: nexus
become: yes
become_user: nexus
become_method: sudo
tasks:
- name: changing dir and starting nexus service
shell:
chdir: nexux/bin
executable: ./nexus start
Can someone troubleshoot here to deduce the root cause ?
As the ansible output very clearly told you, in that syntax you did not provide a command. The executable: is designed to be the shell executable, not the "run this thing" argument. It is very clear in the examples section of the fine manual
- shell: cd /opt/nexus/bin && ./nexus start
If you want to use the chdir: option, you must put it under a sibling yaml key to the shell:, like so:
- shell: echo hello world
args:
chdir: /opt/nexus/bin
# I'm omitting the "executable:" key here, because you for sure
# do not want to do that, but if you did, then fine, put it here
Having said all of that, as the docs also indicate, what you really want is to use command: because you are not making use of any special shell characters (redirects, pipes, && phrases, etc), so:
- command: ./nexus start
args:
chdir: /opt/nexus/bin
Try use the shell module, i also recommend to run with nohup and send the output to a file
- shell: |
cd /opt/nexus/bin
nohup ./nexus start > /tmp/nexus.log 2>&1 &

Unable to run script despite escalating privilege in Ansible

Im trying to run a shell script on the host machine after copying it over there using ansible. The script has 777 permissions.
Please read the below question as it gives the full scope of the actual issue that we are trying to deal with
Set different ORACLE_HOME and PATH environment variable using Ansible
- name: Run the Script [List]
shell: "/tmp/sqlscript/sql_select.sh {{item}} >> /tmp/sqlscript/output.out"
become: yes
become_method: sudo
become_user: oracle
register: orh
with_items: "{{ factor_dbs.split('\n') }}"
Below is the shell script
#!/bin/bash
source $HOME/bin/gsd_xenv $1 &> /dev/null
sqlplus -s <<EOF
/ as sysdba
set heading off
select d.name||','||i.instance_name||','||i.host_name||';' from v\$database d,v\$instance i;
EOF
Despite escalating the privileges, I observed that the task is not executing unless I add environment variables like below
- name: Run the script [List]
shell: "/tmp/sqlscript/oracle_home.sh {{item}} >> /tmp/sqlscript/orahome.out"
become: yes
become_method: sudo
become_user: oracle
environment:
PATH: "/home/oracle/bin:/usr/orasys/12.1.0.2r10/bin:/usr/bin:/bin:/usr/ucb:/sbin:/usr/sbin:/etc:/usr/local/bin:/oradata/epdmat/goldengate/config/sys"
ORACLE_HOME: "/usr/orasys/12.1.0.2r10"
register: orh
with_items: "{{ factor_dbs.split('\n') }}"
However this playbook needs to be run across different hosts which have different path and oracle_home variables.
My question is, why doest the task run despite escalating the permissions. When I try to run the same script manually by logging into the server and after doing "sudo su oracle", it seems to be running fine.
It depends on where you actually set your environment variables. There is a difference in executing a script when you are logged in at a remote machine, and running a script over ssh as Ansible does (see e.g., Differentiate Interactive login and non-interactive non-login shell). Depending on the type of shell and your system, different bash profiles are loaded.

Resources