I want to run a specific command as sudo -u username <command name> using Ansible.
I tried below task, but facing permissions issue.
---
-
hosts: all
become: yes
vars_files:
- vars.yml
tasks:
- name: "Create solr cores"
shell: /opt/apps/solr/bin/solr create -c test10
become_flags: '-u solr'
register: core_one
# changed_when: '"\"status\":0" in core_one.stdout'
Could anyone suggest on this?
The correct way to run a task is the following.
Having proper permissions is a prerequisite. Refer to man sudoers to learn more
- name: "Create solr cores"
shell: /opt/apps/solr/bin/solr create -c test10
become: yes
become_user: solr
register: core_one
You already have become: yes on the play level, so just for clarity.
remote_user: ansible
tasks:
- name: "Create solr cores"
shell: /opt/apps/solr/bin/solr create -c test10
become: yes
become_user: solr
register: core_one
In above example ansible connects to remote machine using user 'ansible'. Now this ansible user should have permission to switch to another user. i.e it should have root privileges
What happens with above code:
* ssh connection is made via ansible user (ansible-play does it)
* It uses command "sudo su solr" internally
* Then execute the command which is mentioned in shell
Related
I am trying to execute shell script using ansible shell module as shown in below code
-name : Execute
become_user: someuser
shell:
cmd: "./script.ksh"
chdir: "/path/to/script"
But the script still uses my login instead of "someuser". How this can be fixed ?
As suggested by #β.εηοιτ.βε the become: yes is missing, see exapmles and explanation in Become directives.
do you think become: yes is nothing but sudo ?
The default setting (atleast in my case) uses sudo.
To see the default become_method being used, check your "closest" ansible.cfg in the hierarchy.
You can run the playbook in verbose mode and by using -vvv increase verbosity to see the exact commands being used.
If the become: yes with become_user: <username> doesn't help try using a different become_method.
Example with su and su -:
- name : Execute
shell:
cmd: "./script.ksh"
chdir: "/path/to/script"
become: yes
become_user: someuser
become_method: "su"
or:
- name : Execute
shell:
cmd: "su - someuser -c './script.ksh'"
chdir: "/path/to/script"
become: yes
In this case you will most likely recieve the following warning:
[WARNING]: Consider using 'become', 'become_method', and 'become_user' rather than running su
I have linux box, where there is a user "user1", using C shell. The user has .cshrc in its home directory with some useful environment settings.
when I use this ansible logic though, the environment is not set properly for the user.
---
- name: some playbook
hosts: remote_host
become: yes
become_user: root
become_method: sudo
tasks:
- name: Check environment variables for user1
become: yes
become_user: user1
become_method: sudo
shell: "env"
register: envresult
- name: debug env
debug:
var: envresult.stdout
In the output I can see that the variables set in .cshrc are not in the environment. How can I force ansible to process the login scripts of users upon become?
Thank you!
You should add become_flags: "-i" to your playbook. The task then looks like
- name: Check environment variables for user1
become: yes
become_user: user1
become_method: sudo
become_flags: "-i"
shell: "env"
register: envresult
More Information is available at the Ansible documentation.
I can become root on host only with command "sudo -i". I must be root to make some changes on this host. How can I become root with this method using ansibleplaybook?
For privilege escalation, become allows you to specify both become_method and become_flags:
- name: My playbook
hosts: myhosts
become: yes
become_method: sudo
become_flags: '-i'
tasks:
- name: My task
[..]
I login to server (CentOs 7) as my user and execute double sudo to become root. No password is required at such times.
Command: sudo sudo su
I need to install applications on such server as root user using Ansible (2.7)
Unfortunately, when i try following it gives: ""msg": "Timeout (12s) waiting for privilege escalation prompt: ""
---
- name: Copy file
become: true
become_method: su
hosts: all
tasks:
- name: Copy file
copy:
src: abc.txt
dest: /tmp/
I have tried other versions like changing become_method to sudo, etc. But they don't work. Any suggestion will help?
I am trying to run a "folder creation" command with my ansible playbook. (Code is below)
The creation requires sudo login to execute.
I run the playbook as follows:
ansible-playbook myfile.yml --ask-pass
This prompts for user account password of remote machine.
The ssh connection gets established, but commands fail with permission denied since its not taking super user password.
How can I fix my issue?
hosts: GSP
tasks:
- name: "make build directory"
command: mkdir -p /home/build/
become: true
become_user: root
- name: "change permissions on the directory"
command: chmod 777 -R /home/
become: true
become_user: root
There's also --ask-become-pass switch for ansible-playbook cli to query user for sudo password.
You can add the ansible_become_pass variable to specify the become password in your playbook.
More details can be found here:
http://docs.ansible.com/ansible/latest/become.html