Hi, I have used the wrapper method. but it's giving me the privilege escalation time out error. Ansible Timeout (12s) waiting for privilege escalation prompt Can you please tell me what you have used on the playbook after setting the wrapper? Thanks.
On Tuesday, October 24, 2017 at 7:11:15 PM UTC+6 Holger Foerster wrote: > here my solution: > > ansible_host: > egrep "^sudo_exe|^sudo_flags" /etc/ansible/ansible.cfg > sudo_exe = /tmp/ansible_wrapper > sudo_flags = > > target_host: > cat /tmp/ansible_wrapper > shift > shift > sudo /usr/bin/rootsh -u root -- $@ > > playbook to create ansible_wrapper: > --- > - hosts: target_host > gather_facts: False > become: no > > tasks: > - name: create ansible_wrapper file ... > copy: dest="/tmp/ansible_wrapper" content="shift\nshift\nsudo > /usr/bin/rootsh -u root -- $@\n\n" force=no > > - name: modify ansible_wrapper file ... > file: path="/tmp/ansible_wrapper" mode="777" > > - using of the wrapper: > ansible target_host -a "id -a" -b --become-method=sudo > target_host | SUCCESS | rc=0 >> > uid=0(root) gid=0(root) groups=0(root) > > > > > Am Donnerstag, 10. März 2016 09:03:48 UTC+1 schrieb Colin Anderson: >> >> Hi, >> >> The central IT function at my company allows developers root access to a >> server for a short period of time to allow us to install any required >> middelware and application software when we are commissioning a server. >> I've been looking at using Ansible to automate this process to prevent user >> errors and make the process more efficient. The problem that I've run into >> is that they only allow root access using the following sudo call: >> >> sudo rootsh -i -u root >> >> This uses a logging shell wrapper, rootsh (man page >> <http://linux.die.net/man/1/rootsh>), to log all terminal input and >> output for audit purposes. We can't change this and it means we can't use >> any of the standard become_methods that Ansible uses. >> >> Is there any way of adding a become_method to Ansible that would call the >> above command instead of just sudo? Alternatively, is there anyway of >> getting Ansible to run rootsh when it requests elevated privileges? >> >> I did try the following in the vain hope that it might work, but as I >> feared, it failed: >> >> site.yml: >> --- >> - hosts: vagrant-servers >> become: yes >> become_user: root >> become_method: sudo rootsh -i -u root >> >> roles: >> - ansible-oracle-java-master >> >> >> Play output: >> vagrant@ansible-master:~$ ansible-playbook -i hosts site.yml >> >> PLAY >> *************************************************************************** >> >> TASK [setup] >> ******************************************************************* >> fatal: [10.10.1.4]: FAILED! => {"failed": true, "msg": "ERROR! Privilege >> escalation method not found: sudo rootsh -i -u root"} >> fatal: [10.10.1.5]: FAILED! => {"failed": true, "msg": "ERROR! Privilege >> escalation method not found: sudo rootsh -i -u root"} >> fatal: [10.10.1.6]: FAILED! => {"failed": true, "msg": "ERROR! Privilege >> escalation method not found: sudo rootsh -i -u root"} >> fatal: [10.10.1.3]: FAILED! => {"failed": true, "msg": "ERROR! Privilege >> escalation method not found: sudo rootsh -i -u root"} >> >> NO MORE HOSTS LEFT >> ************************************************************* >> >> PLAY RECAP >> ********************************************************************* >> 10.10.1.3 : ok=0 changed=0 unreachable=0 failed >> =1 >> 10.10.1.4 : ok=0 changed=0 unreachable=0 failed >> =1 >> 10.10.1.5 : ok=0 changed=0 unreachable=0 failed >> =1 >> 10.10.1.6 : ok=0 changed=0 unreachable=0 failed >> =1 >> >> vagrant@ansible-master:~$ >> >> Thanks, >> Colin. >> > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/894e1e1f-f90c-42be-8eef-3d2b7d516240n%40googlegroups.com.
