I am trying to run a "folder creation" command with my ansible playbook. (Code is below)
The creation requires sudo login to execute.
I run the playbook as follows:
ansible-playbook myfile.yml --ask-pass
This prompts for user account password of remote machine.
The ssh connection gets established, but commands fail with permission denied since its not taking super user password.
How can I fix my issue?
hosts: GSP
tasks:
- name: "make build directory"
command: mkdir -p /home/build/
become: true
become_user: root
- name: "change permissions on the directory"
command: chmod 777 -R /home/
become: true
become_user: root
There's also --ask-become-pass switch for ansible-playbook cli to query user for sudo password.
You can add the ansible_become_pass variable to specify the become password in your playbook.
More details can be found here:
http://docs.ansible.com/ansible/latest/become.html
Related
I am new to awx i use pre-exsisting playbook when i run it from ubuntu 20 terminal it works fine but i want to run it through awx when i run it from awx i get this error.
Failed to change ownership of the temporary files Ansible needs to create despite connecting as a privileged user. Unprivileged become user would be unable to read the file`
I install nextcloud from blog and i use these two commands at the end.
chown -R www-data:www-data /var/www/html/nextcloud
chmod -R 775 /var/www/html/nextcloud
the task where it throw error is this:
---
# tasks file for upgrade-nextcloud
- name: "[NC-Upgrade] - Get current version."
become_user: "{{ nextcloud_websrv_user }}"
command: php occ status --output=json
args:
chdir: "{{ nextcloud_webroot }}"
register: nc_current_version
changed_when: false
where become_user: "{{ nextcloud_websrv_user }}" is www-data. When i run it become_user: root then it say /var/www/html/nextcloud directory not found.
Do i need to mount the directory /var/www/html/nextcloud in awx_web container if i run it as a root.
The issue is fix the only problem is
connection:local
in main.yml so just need to remove it and i run it on a remote machine and also didn't provide the ssh credentials.
I want to run an Ansible playbook to provision a server. I can ssh into the server as a non-root user. I have sudo privileges, but I am not allowed to switch to root user. I effectively just want to execute sudo mkdir /opt/some_directory (the command works when I ssh in and execute the command on the server).
Using become:true produces the error of trying to switch to root user and then creating the directory, I think.
The Code:
- name: "Info: Creating directory."
become: true
file:
path: "{{ directory }}"
state: directory
mode: '0755'
The error I am getting is Sorry, user xxxxx is not allowed to execute '/bin/sh -c echo BECOME-SUCCESS...
Q: "Is there an alternative for Ansible's become: yes? I have sudo privileges, but I am not allowed to switch to root user. I effectively just want to execute sudo mkdir /opt/some_directory ..."
A: No. Quoting from Can’t limit escalation to certain commands
"Privilege escalation permissions have to be general... If you have ‘/sbin/service’ or ‘/bin/chmod’ as the allowed commands this will fail "...
I login to server (CentOs 7) as my user and execute double sudo to become root. No password is required at such times.
Command: sudo sudo su
I need to install applications on such server as root user using Ansible (2.7)
Unfortunately, when i try following it gives: ""msg": "Timeout (12s) waiting for privilege escalation prompt: ""
---
- name: Copy file
become: true
become_method: su
hosts: all
tasks:
- name: Copy file
copy:
src: abc.txt
dest: /tmp/
I have tried other versions like changing become_method to sudo, etc. But they don't work. Any suggestion will help?
I want to perform some actions, that do not require using the Administrator account. For example, cloning a git repo or creating a folder.
I tried this:
- name: Create gogo1 directory
win_shell: mkdir c:\tmp\gogo1
become: yes
become_user: vagrant
vars:
ansible_become_pass: vagrant
This creates the desired directoy, but when I am logged in as user vagrant and try to remove it I get:
You'll need to provide administrator permission to delete this folder.
The user Vagrant is not given any permissions to the folder gogo1.
I need to do this in addition:
- name: Change owner of gogo1
win_owner:
path: c:\tmp\gogo1
user: vagrant
recurse: yes
Using win_psexec works as intended. It creates the directory, gives user vagrant the permissions, and thus I can delete it without being prompted with the above message.
- name: Create gogo2 directory
win_psexec:
command: cmd /k "cd c:\tmp && mkdir gogo && exit"
username: vagrant
password: vagrant
How can I use become and become_user to create a folder (or do clone a git repo) and giving the user all necessary permissions and ownership (like win_psexec does?
For become to work as you want you need it to login interactively so the profile for the user is loaded when the folder is created.
To do this you can try to set the login_flags (Ansible 2.5+) on become like so:
- name: Create gogo1 directory
win_shell: mkdir c:\tmp\gogo1
become: yes
become_user: vagrant
become_flags: logon_type=interactive logon_flags=with_profile
vars:
ansible_become_pass: vagrant
You can read all the specifics on become_flags here: http://docs.ansible.com/ansible/latest/user_guide/become.html
I have set sudo_user in /etc/ansible/ansible.cfg.
In my playbook I have set remote_user, sudo_user and sudo:yes (also tried sudo:True) on the same level as hosts:
I then use a role that does:
shell: cp -f src /usr/local/bin/dest
sudo: yes
and get
stderr: cp: cannot create regular file `/usr/local/bin/dest': Permission denied
The credentials in AWX are set correctly - I am able to manually log in as the desired user on the remote machine and copy the file with sudo cp. I have no idea what I'm doing wrong.
What's your sudo user? Your base playbook should look something like this:
# Base System: this is my base playbook
- name: Base Playbook
hosts: all
user: myuser
sudo: True