Ansible become user cannot run the command - ansible

My yml:
---
- hosts: all
gather_facts: yes
become: yes
become_method: sudo
become_user: or{{sid}}
tasks:
- name: Check the id
shell: whoami
register: id
Error:
fatal: [exlodbadm04 ]: FAILED! => {"changed": false, "module_stderr": "Shared connection to exlodbadm04 closed.\r\n", "module_stdout": "\r\nSorry, user tkounain is not allowed to execute '/bin/sh -c echo BECOME-SUCCESS-oaagrwuwwvqysbkjdrksyihaplvrowyf; /usr/bin/python /tmp/ansible-tmp-1575536551.48-205039480507144/setup.py' as oranew on ogexlonqdbadm04.og.ge.com.\r\n", "msg": "MODULE FAILURE", "rc": 1}
Im running it like this:
ansible-playbook tk.yml -e "sid=anew" --ask-sudo-pass --ask-pass

Related

Display MQ listener status usning Ansible not working

---
- hosts: all
become_user: mqm
become_method: sudo
tasks:
- name: Execute a MQ Command
shell:
cmd: "echo 'DISPLAY LSSTATUS(TCP) STATUS' | runmqsc QMGR"
chdir: /opt/mqm/bin/runmqsc
register: mqstat
- debug:
var: mqstat.stdout_lines
**Error: **
TASK [Execute a MQ Command] ****************************************************************************************************************************************
fatal: [QMGR]: FAILED! => {"changed": false, "module_stderr": "Shared connection to xyz.pqr.com closed.\r\n", "module_stdout": "Traceback (most recent call last):\r\n File \"/tmp/ansible_UASQnG/ansible_module_command.py\", line 213, in <module>\r\n main()\r\n File \"/tmp/ansible_UASQnG/ansible_module_command.py\", line 152, in main\r\n os.chdir(chdir)\r\nOSError: [Errno 20] Not a directory: '/opt/mqm/bin/runmqsc'\r\n", "msg": "MODULE FAILURE", "rc": 0}
chdir: /opt/mqm/bin/runmqsc
If this is supposed to be the directory to execute the command in, runmqsc is not a directory name so isnt it supposed to be simply chdir: /opt/mqm/bin. In addition from the comments, remember that if you pipe to runmqsc, then runmqsc has to be on the path. If it is not, then you need to fully qualify it, meaning try:
shell:
cmd: "echo 'DISPLAY LSSTATUS(TCP) STATUS' | ./runmqsc QMGR"
chdir: /opt/mqm/bin
or
shell:
cmd: "echo 'DISPLAY LSSTATUS(TCP) STATUS' | /opt/mqm/bin/runmqsc QMGR"
chdir: /opt/mqm/bin

Ansible Regex: Get a integer from command & pass to other command to run

I have to execute below 2 commands whose value depends on the system.
# sysctl -w kernel.shmmax= parse_from_shm.sh script #For example 17179869184
# sysctl -w kernel.shmall= parse_from_shm.sh script #For example 4194304
./shm.sh will echo both system values required in the below format
kernel.shmmax=4185686016
kernel.shmall=1021896
So I have to parse & get integer value above result & execute ultimately below 2 commands
# sysctl -w kernel.shmmax=4185686016
# sysctl -w kernel.shmall=1021896
I have tried to register & parse the integer values using regex. But I couldn't able to process it perfectly. Any help would be of great help.
---
- hosts: fossology_test
become: true
become_user: root
environment:
HOME: /usr/ansible
gather_facts: no
tasks:
- name: run shell script
become: true
become_user: root
command: ./shm.sh
args:
chdir: /usr/local/src/
register: results
- set_fact:
shmmax: "{{ results.stdout | regex_search(shmmaxregexp, '\\1' ) }}"
shmall: "{{ results.stdout | regex_search(shmallregexp, '\\1' ) }}"
vars:
shmmaxregexp: 'shmmax=([^\"]+)'
shmallregexp: 'shmall=([^\"]+)'
- name: sysctl -w kernel.shmmax="{{ shmmax | int }}"
become: true
become_user: root
command: sysctl -w kernel.shmmax="{{ shmmax | int }}"
- name: sysctl -w kernel.shmall="{{ shmall }}"
become: true
become_user: root
command: sysctl -w kernel.shmall="{{ shmall }}"
This is the output
dinesh#dinesh-VirtualBox:~/Documents/remote/Ansible-Playbook/fossology_playbook$ ansible-playbook regex.yml -K -v
Using /etc/ansible/ansible.cfg as config file
BECOME password:
PLAY [fossology_test] ************************************************************************************
TASK [run shell script] **********************************************************************************
changed: [fossology_test] => {"changed": true, "cmd": ["./shm.sh"], "delta": "0:00:00.005912", "end": "2020-03-28 05:25:42.022156", "rc": 0, "start": "2020-03-28 05:25:42.016244", "stderr": "", "stderr_lines": [], "stdout": "kernel.shmmax=4185686016\nkernel.shmall=1021896", "stdout_lines": ["kernel.shmmax=4185686016", "kernel.shmall=1021896"]}
TASK [set_fact] ******************************************************************************************
ok: [fossology_test] => {"ansible_facts": {"shmall": ["1021896"], "shmmax": ["4185686016\nkernel.shmall=1021896"]}, "changed": false}
TASK [sysctl -w kernel.shmmax="0"] ***********************************************************************
changed: [fossology_test] => {"changed": true, "cmd": ["sysctl", "-w", "kernel.shmmax=0"], "delta": "0:00:00.003133", "end": "2020-03-28 05:25:42.574223", "rc": 0, "start": "2020-03-28 05:25:42.571090", "stderr": "", "stderr_lines": [], "stdout": "kernel.shmmax = 0", "stdout_lines": ["kernel.shmmax = 0"]}
TASK [sysctl -w kernel.shmall="[u'1021896']"] ************************************************************
changed: [fossology_test] => {"changed": true, "cmd": ["sysctl", "-w", "kernel.shmall=[u'1021896']"], "delta": "0:00:00.003558", "end": "2020-03-28 05:25:43.071811", "rc": 0, "start": "2020-03-28 05:25:43.068253", "stderr": "sysctl: setting key \"kernel.shmall\": Invalid argument", "stderr_lines": ["sysctl: setting key \"kernel.shmall\": Invalid argument"], "stdout": "kernel.shmall = [u'1021896']", "stdout_lines": ["kernel.shmall = [u'1021896']"]}
PLAY RECAP ***********************************************************************************************
fossology_test : ok=4 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
I am using ansible 2.9.6
dinesh#dinesh-VirtualBox:/$ ansible --version
ansible 2.9.6
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/home/dinesh/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.17 (default, Nov 7 2019, 10:07:09) [GCC 7.4.0]
As you can very clearly see in the set_fact results dict, the output of regexp_search is a list of matched strings, not the just the capture group. And, because your regex is imprecise, that's why your shmmax is the numbers plus a newline plus the rest of the text.
The accurate regex is shmmax=([0-9]+) because those values aren't "any character except a double quote" it's "any number after the equals sign"

Ansible | No such file or directory

I am trying to execute command /usr/local/bin/airflow initdb in path /home/ec2-user/ in one of EC2 servers.
TASK [../../roles/airflow-config : Airflow | Config | Initialize Airflow Database] ***
fatal: [127.0.0.1]: FAILED! => {"changed": true, "cmd": "/usr/local/bin/airflow initdb", "delta": "0:00:00.004832", "end": "2019-07-23 14:38:22.928975", "msg": "non-zero return code", "rc": 127, "start": "2019-07-23 14:38:22.924143", "stderr": "/bin/bash: /usr/local/bin/airflow: No such file or directory", "stderr_lines": ["/bin/bash: /usr/local/bin/airflow: No such file or directory"], "stdout": "", "stdout_lines": []}
ansible/roles/airflow-config/main.yml file is
- name: Airflow | Config
import_tasks: config.yml
tags:
- config
ansible/roles/airflow-config/config.yml file is
- name: Airflow | Config | Initialize Airflow Database
shell: "/usr/local/bin/airflow initdb"
args:
chdir: "/home/ec2-user"
executable: /bin/bash
become: yes
become_method: sudo
become_user: root
ansible/plays/airflow/configAirflow.yml
---
- hosts: 127.0.0.1
gather_facts: yes
become: yes
vars:
aws_account_id: "12345678910"
roles:
- {role: ../../roles/airflow-config}

Ansible copy from the remote server to ansible host fails

I need to copy the latest log file from remote linux server to the ansible host. This is what I have tried so far.
- hosts: [host]
remote_user: root
tasks:
- name: Copy the file
command: bash -c "ls -rt | grep install | tail -n1"
register: result
args:
chdir: /root
- name: Copying the file
copy:
src: "/root/{{ result.stdout }}"
dest: /home
But I am getting the following error .
TASK [Gathering Facts] ********************************************************************************************************************************************************************************************
ok
TASK [Copy the file] **********************************************************************************************************************************************************************************************
changed: => {"changed": true, "cmd": ["bash", "-c", "ls -rt | grep install | tail -n1"], "delta": "0:00:00.011388", "end": "2017-06-14 07:53:26.475344", "rc": 0, "start": "2017-06-14 07:53:26.463956", "stderr": "", "stdout": "install.20170614-051027.log", "stdout_lines": ["install.20170614-051027.log"], "warnings": []}
TASK [Copying the file] *******************************************************************************************************************************************************************************************
fatal: FAILED! => {"changed": false, "failed": true, "msg": "Unable to find 'install.20170614-051027.log' in expected paths."}
PLAY RECAP ********************************************************************************************************************************************************************************************************
: ok=2 changed=1 unreachable=0 failed=1
But that file is right there.Please help me resolve this issue.
Ansible Copy copies files from ansible host to remote host. Use Ansible fetch instead.
http://docs.ansible.com/ansible/fetch_module.html
This one works , i have to use fetch instead of copy to get the file from remote .
- name: Copy the file
command: bash -c "ls -rt | grep install | tail -n1"
register: result
args:
chdir: /root
- name: Copying the file
fetch:
src: "/root/{{ result.stdout }}"
dest: /home
flat: yes

Ansible expect with ktutil

I'd like to make a kerberos keytab with ansible + expect, but the keytab file doesn't get created. What is wrong with my play ? How could I troubleshoot?
---
- hosts: localhost
connection: local
gather_facts: false
vars_prompt:
- name: "kuser"
prompt: "enter your user"
- name: "kpw"
prompt: "enter your pw"
tasks:
- name: Generate Kerberos ticket
expect:
command: ktutil
responses:
ktutil: "addent -password -p {{ kuser }}#MYDOMAIN.LOCAL -k 1 -e rc4-hmac"
Password: "{{ kpw }}"
ktutil: "wkt /username.keytab"
ktutil: "quit"
The output with -vvv
Using /etc/ansible/ansible.cfg as config file
[WARNING]: provided hosts list is empty, only localhost is available
[WARNING]: While constructing a mapping from /repo/Playbooks/test.yml, line 15, column 9, found a duplicate dict key (ktutil). Using last
defined value only.
1 plays in /repo/Playbooks/test.yml
enter your user:
enter your pw:
PLAY ***************************************************************************
TASK [Generate Kerberos ticket] ************************************************
task path: /repo/Playbooks/test.yml:11
ESTABLISH LOCAL CONNECTION FOR USER: root
127.0.0.1 EXEC ( umask 22 && mkdir -p "$( echo $HOME/.ansible/tmp/ansible-tmp-1496244261.67-88427652465239 )" && echo "$( echo $HOME/.ansible/tmp/ansible-tmp-1496244261.67-88427652465239 )" )
127.0.0.1 PUT /tmp/tmpwLW3r2 TO /root/.ansible/tmp/ansible-tmp-1496244261.67-88427652465239/expect
127.0.0.1 EXEC LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 LC_MESSAGES=en_US.UTF-8 /usr/bin/python /root/.ansible/tmp/ansible-tmp-1496244261.67-88427652465239/expect; rm -rf "/root/.ansible/tmp/ansible-tmp-1496244261.67-88427652465239/" > /dev/null 2>&1
changed: [localhost] => {"changed": true, "cmd": "ktutil", "delta": "0:00:00.282785", "end": "2017-05-31 15:24:22.038164", "invocation": {"module_args": {"chdir": null, "command": "ktutil", "creates": null, "echo": false, "removes": null, "responses": {"Password": "mypw", "ktutil": "quit"}, "timeout": 30}, "module_name": "expect"}, "rc": 0, "start": "2017-05-31 15:24:21.755379", "stdout": "ktutil: ", "stdout_lines": ["ktutil: "]}
PLAY RECAP *********************************************************************
localhost : ok=1 changed=1 unreachable=0 failed=0
I don't have the keytab created following the above
The problem seems to be that you're repeating the same key for some of the responses. From the ansible expect module documentation:
"If the response is a list, successive matches return successive responses"
Replacing the kutil prompts with a list of responses should prevent the error (and deploy the keytab), eg:
responses:
ktutil:
- "addent -password -p {{ kuser }}#MYDOMAIN.LOCAL -k 1 -e rc4-hmac"
- "wkt /username.keytab"
- "quit"
Password: "{{ kpw }}"
More information: http://docs.ansible.com/ansible/expect_module.html
What actually worked for me was -
- name: addent of keytab
hosts: localhost
vars:
realm: "MYREALM.COM"
sec: "aes256-cts"
passw: "ansible"
usname: "friend"
tasks:
- name: keytab command
expect:
**command: ktutil
responses:
ktutil:
- "addent -password -p {{ usname }}#{{ realm }} -k 1 -e {{ sec }}"
- " wkt /etc/ansible/loopkey.keytab"
- "quit"
Password(.*): "{{ passw }}"**

Resources