Im trying to run a shell script on the host machine after copying it over there using ansible. The script has 777 permissions.
Please read the below question as it gives the full scope of the actual issue that we are trying to deal with
Set different ORACLE_HOME and PATH environment variable using Ansible
- name: Run the Script [List]
shell: "/tmp/sqlscript/sql_select.sh {{item}} >> /tmp/sqlscript/output.out"
become: yes
become_method: sudo
become_user: oracle
register: orh
with_items: "{{ factor_dbs.split('\n') }}"
Below is the shell script
#!/bin/bash
source $HOME/bin/gsd_xenv $1 &> /dev/null
sqlplus -s <<EOF
/ as sysdba
set heading off
select d.name||','||i.instance_name||','||i.host_name||';' from v\$database d,v\$instance i;
EOF
Despite escalating the privileges, I observed that the task is not executing unless I add environment variables like below
- name: Run the script [List]
shell: "/tmp/sqlscript/oracle_home.sh {{item}} >> /tmp/sqlscript/orahome.out"
become: yes
become_method: sudo
become_user: oracle
environment:
PATH: "/home/oracle/bin:/usr/orasys/12.1.0.2r10/bin:/usr/bin:/bin:/usr/ucb:/sbin:/usr/sbin:/etc:/usr/local/bin:/oradata/epdmat/goldengate/config/sys"
ORACLE_HOME: "/usr/orasys/12.1.0.2r10"
register: orh
with_items: "{{ factor_dbs.split('\n') }}"
However this playbook needs to be run across different hosts which have different path and oracle_home variables.
My question is, why doest the task run despite escalating the permissions. When I try to run the same script manually by logging into the server and after doing "sudo su oracle", it seems to be running fine.
It depends on where you actually set your environment variables. There is a difference in executing a script when you are logged in at a remote machine, and running a script over ssh as Ansible does (see e.g., Differentiate Interactive login and non-interactive non-login shell). Depending on the type of shell and your system, different bash profiles are loaded.
Related
I am trying to execute shell script using ansible shell module as shown in below code
-name : Execute
become_user: someuser
shell:
cmd: "./script.ksh"
chdir: "/path/to/script"
But the script still uses my login instead of "someuser". How this can be fixed ?
As suggested by #β.εηοιτ.βε the become: yes is missing, see exapmles and explanation in Become directives.
do you think become: yes is nothing but sudo ?
The default setting (atleast in my case) uses sudo.
To see the default become_method being used, check your "closest" ansible.cfg in the hierarchy.
You can run the playbook in verbose mode and by using -vvv increase verbosity to see the exact commands being used.
If the become: yes with become_user: <username> doesn't help try using a different become_method.
Example with su and su -:
- name : Execute
shell:
cmd: "./script.ksh"
chdir: "/path/to/script"
become: yes
become_user: someuser
become_method: "su"
or:
- name : Execute
shell:
cmd: "su - someuser -c './script.ksh'"
chdir: "/path/to/script"
become: yes
In this case you will most likely recieve the following warning:
[WARNING]: Consider using 'become', 'become_method', and 'become_user' rather than running su
I try to run a linux script with the shell module but I get the following error:
/bin/sh: sh: command not found.
To run this linux script, I need to run it with a different user (oracle) than the one I use to connect
This is the task of the playbook
- name: Execute
become: true
become_user: oracle
become_method: sudo
shell: sh ora_expdp_partition.sh P_05_2021
args:
chdir: /fuentes01/vasmonitor
environment:
ORACLE_BASE: /oracle/oracle/app/oracle
LD_LIBRARY_PATH: /oracle/oracle/app/oracle/product/12.2.0/dbhome_1/lib:/lib:/usr/lib:/usr/lib64
ORACLE_HOME: /oracle/oracle/app/oracle/product/12.2.0/dbhome_1
PATH: /usr/sbin:/oracle/oracle/app/oracle/product/12.2.0/dbhome_1/bin:/usr/local/bin
CLASSPATH: /oracle/oracle/app/oracle/product/12.2.0/dbhome_1/jlib:/oracle/oracle/app/oracle/product/12.2.0/dbhome_1/rdbms/jlib
In the task I need to execute the script with the user oracle
When I execute the script with the user oracle manually, it works
In environment you specify a PATH that does not include /bin (or /usr/bin), so sh is not found in the PATH.
I am new to awx i use pre-exsisting playbook when i run it from ubuntu 20 terminal it works fine but i want to run it through awx when i run it from awx i get this error.
Failed to change ownership of the temporary files Ansible needs to create despite connecting as a privileged user. Unprivileged become user would be unable to read the file`
I install nextcloud from blog and i use these two commands at the end.
chown -R www-data:www-data /var/www/html/nextcloud
chmod -R 775 /var/www/html/nextcloud
the task where it throw error is this:
---
# tasks file for upgrade-nextcloud
- name: "[NC-Upgrade] - Get current version."
become_user: "{{ nextcloud_websrv_user }}"
command: php occ status --output=json
args:
chdir: "{{ nextcloud_webroot }}"
register: nc_current_version
changed_when: false
where become_user: "{{ nextcloud_websrv_user }}" is www-data. When i run it become_user: root then it say /var/www/html/nextcloud directory not found.
Do i need to mount the directory /var/www/html/nextcloud in awx_web container if i run it as a root.
The issue is fix the only problem is
connection:local
in main.yml so just need to remove it and i run it on a remote machine and also didn't provide the ssh credentials.
I'm having, what appears to be, a common issue of running shell/terminal commands via an ansible playbook.
If I were to go onto on of my remote machines and type the command on a fresh terminal window, it works, however attempting to do the same via a playbook is having directory issues.
This is essentially the command, but some of it changed a little for privacy, but its essentially an authenticator...
authenticator authenticate user userkeytab
If I try to just run it as shell, I get an error that the authenticator command cant be found in /bin/sh, so I attempted to use chdir to run the command at the default window, (/Users/username).
Here is roughly, the playbook, with one of my failed attempts... I just don’t know what chdir I should be using...
- hosts: all
tasks:
- name: Reauthenticate login
shell: authenticator authenticate user userkeytab
args:
chdir: ~/
ive also tried usr/local/bin.... any thoughts?
can you try with the 'command' module, example below:
- name: Change the working directory to somedir/ and run the command as db_owner if /path/to/database does not exist.
command: /usr/bin/make_database.sh db_user db_name
become: yes
become_user: db_owner
args:
chdir: somedir/
creates: /path/to/database
Resource:
https://docs.ansible.com/ansible/latest/modules/command_module.html
I want to run an Ansible playbook to provision a server. I can ssh into the server as a non-root user. I have sudo privileges, but I am not allowed to switch to root user. I effectively just want to execute sudo mkdir /opt/some_directory (the command works when I ssh in and execute the command on the server).
Using become:true produces the error of trying to switch to root user and then creating the directory, I think.
The Code:
- name: "Info: Creating directory."
become: true
file:
path: "{{ directory }}"
state: directory
mode: '0755'
The error I am getting is Sorry, user xxxxx is not allowed to execute '/bin/sh -c echo BECOME-SUCCESS...
Q: "Is there an alternative for Ansible's become: yes? I have sudo privileges, but I am not allowed to switch to root user. I effectively just want to execute sudo mkdir /opt/some_directory ..."
A: No. Quoting from Can’t limit escalation to certain commands
"Privilege escalation permissions have to be general... If you have ‘/sbin/service’ or ‘/bin/chmod’ as the allowed commands this will fail "...