I am working with ansible and I want to install tomcat to 2 other ubuntu machines (webserver1, webserver2).
I have a this hosts file:
[group1]
10.40.0.168 ansible_ssh_user=user1
[group2]
10.40.0.83 ansible_ssh_user=user2
And I have this playbook:
---
- hosts: all
sudo: yes
tasks:
- name: install apache
apt: name=apache2 update_cache=yes state=latest
No this works fine just for one host when I use this command:
ansible-playbook apache3.yml --ask-sudo-pass
Because I return one password.
But what's the better/easiest way to make it work for multiple users, with multiple passwords?
You can give the ssh and sudo password while defining the webservers itself
[group1]
ansible_host=10.40.0.168 ansible_ssh_user=user1 ansible_ssh_pass=***** ansible_sudo_pass=*****
[group2]
ansible_host=10.40.0.83 ansible_ssh_user=user2 ansible_ssh_pass=***** ansible_sudo_pass=*****
Reference
Related
I have a requirement to setup an application and for that I need to install Nginx as root and then run another Java application as a different application user.
The condition for this is, I have a privileged user "priv_suer" which has sudo and I'm running the playbook as this user as I need to install and configure Nginx. But my application user is different from this user "app_user" which is unprivileged application only user.
The issue I'm facing is, this app_user needs password to become app_user. So in my case I need two passwords one is to become root and another one to become app_user.
I referred Understanding privilege escalation: become and only option I could find was "ansible_become_password".
Can anyone help me with this?
I think that privilege escalation can help. My solution is:
Declare different groups for servers running your Java applications and servers you want to install Nginx. In your case, the two groups can share the same servers.
Here below I give an example of inventory.yml file:
all:
children:
app:
hosts:
127.0.0.1:
vars:
ansible_become_pass: app_user#123
ansible_python_interpreter: /usr/bin/python3
ansible_user: app_user
nginx:
hosts:
127.0.0.1:
vars:
ansible_become_pass: root#123
ansible_python_interpreter: /usr/bin/python3
ansible_user: root
An example of playbook is as follow:
- hosts: app
tasks:
- name: Install Java app
become: yes
- hosts: nginx
tasks:
- name: Install NGINX
become: yes
Finally, run your ansible playbook with an inventory provided using -i option:
ansible-playbook -i etc/ansible/inventory.yml etc/ansible/playbook.yml
I have ansible filtering option defined with following playbook. But when executed with centos user it is not filtering by user to run. I have to run this playbook 3 times with 3 different user:
1. centos
2. ec2-user
3. admin
This is how I am executing
1. ansible-playbook -i inventory -u admin group_by.yaml
2. ansible-playbook -i inventory -u ec2-user group_by.yaml
3. ansible-playbook -i inventory -u centos group_by.yaml
The problem is remote_user is not working. It is filtering and grouping.
---
- name: Run tasks based on OS
hosts: all
tasks:
- name: Group OS
group_by:
key: "{{ ansible_distribution }}"
- hosts: CentOS
become: yes
become_user: root
remote_user: centos
tasks:
- name: Install on centos
package:
name: telnet
state: absent
- hosts: Amazon
become: yes
become_user: root
remote_user: ec2-user
tasks:
- name: Install on ec2
package:
name: telnet
- hosts: Debian
become: yes
become_user: root
remote_user: admin
tasks:
- name: Install on debian
package:
name: telnet
I have run the command already multiple times. it is picking my default user. Remote_user is not working in playbook.
Is there any way we can run multiple roles with a particular sudo user using Ansible. If yes how can i do it .
ansible 2.7.5
An option would be to use a playbook. For example:
- hosts: webservers
remote_user: particular_sudo_user
become: yes
become_method: sudo
roles:
- role01
- role02
my loginuser is user1 and i want to execute the playbook with root. how can i do this. if i use in cmdline it does not work like this
ansible-playbook main.yaml -i hosts --user=git -k --become-user=root --ask-become-pass --become-method=su
Please tell me how to implement this.
name: Install and Configure IEM
hosts: rhel
ansible_become: yes
ansible_become_method: su
ansible_become_user: root
ansible_become_pass: passw0rd
tasks:
- name: Creating masthead file path
file: path=/etc/opt/BESClient state=directory
- name: Creating install directory
I use :
deploy.yml
- name: Todo something
hosts: all
become: yes
become_user: root
become_method: su
When you execute the playbook pass the password as an extra var.
--extra-vars='ansible_become_pass=password'
From Ansible docs:
you can set those in the playbook as #Raul-Hugo, with become_user and become_user;
alternatively, it can also be done in the inventory, which allows setting per host or group. But then the variables get "ansible_" prefix: ansible_become_user, ansible_become_user, etc. That's why the playbook you gave in your question did not work: it used variable names that are used in the inventory.
You can become root like below and install the packages
tasks:
- name: install apache package
become: yes
become_user: root
yum:
name: httpd
state: present
- name: ensure apache is running
become: yes
become_user: root
service:
name: httpd
state: started
All the above answers caused Ansible to try to login as root from the beginning. but in this case, the user you request is git so the below example worked for me:
- name: Install and Configure IEM
hosts: rhel
tasks:
- name: Creating masthead file path
file: path=/etc/opt/BESClient state=directory
remote_user: git
become: yes # when not specifying `become_user` it's "root"
This will cause it to login as git and after the login - switch to root
I am trying to run an extremely simple playbook to test a new Ansible setup.
When using the 'new' Ansible Privilege Escalation config options in my ansible.cfg file:
[defaults]
host_key_checking=false
log_path=./logs/ansible.log
executable=/bin/bash
#callback_plugins=./lib/callback_plugins
######
[privilege_escalation]
become=True
become_method='sudo'
become_user='tstuser01'
become_ask_pass=False
[ssh_connection]
scp_if_ssh=True
I get the following error:
fatal: [webserver1.local] => Internal Error: this module does not support running commands via 'sudo'
FATAL: all hosts have already failed -- aborting
The playbook is also very simple:
# Checks the hosts provisioned by midrange
---
- name: Test su connecting as current user
hosts: all
gather_facts: no
tasks:
- name: "sudo to configued user -- tstuser01"
#action: ping
command: /usr/bin/whoami
I am not sure if there is something broken in Ansible 1.9.1 or if I am doing something wrong. Surely the 'command' module in Ansible allows running commands as sudo.
The issue is with configuration; I also took it as an example and got the same problem. After playing awhile I noticed that the following works:
1) deprecated sudo:
---
- hosts: all
sudo: yes
gather_facts: no
tasks:
- name: "sudo to root"
command: /usr/bin/whoami
2) new become
---
- hosts: all
become: yes
become_method: sudo
gather_facts: no
tasks:
- name: "sudo to root"
command: /usr/bin/whoami
3) using ansible.cfg:
[privilege_escalation]
become = yes
become_method = sudo
and then in a playbook:
---
- hosts: all
gather_facts: no
tasks:
- name: "sudo to root"
command: /usr/bin/whoami
since you "becoming" tstuser01 (not a root like me), please play a bit, probably user name should not be quoted too:
become_user = tstuser01
at least this is the way I define remote_user in ansible.cfg and it works... My issue resolved, hope yours too
I think you should use the sudo directive in the hosts section so that subsequent tasks can run with sudo privileges unless you explicitly specified sudo:no in a task.
Here's your playbook that I've modified to use sudo directive.
# Checks the hosts provisioned by midrange
---
- hosts: all
sudo: yes
gather_facts: no
tasks:
- name: "sudo to configued user -- tstuser01"
command: /usr/bin/whoami