I tried and it worked, obviously, because the task is actually run with
root (instead of my user with sudo access) which is not what I wanted.
That's why I'm using "become_user" (equivalent of the now deprecated
"sudo_user"), in order to use sudo with my user and not root.
Below the Ansible output :
$ ansible-playbook -K -i test site.yml -vvvv
SUDO password:
PLAY [all]
********************************************************************
GATHERING FACTS
***************************************************************
<[the server name]> ESTABLISH CONNECTION FOR USER: [the user name]
<[the server name]> REMOTE_MODULE setup
<[the server name]> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o
ControlPersist=60s -o
ControlPath="/home/kevin/.ansible/cp/ansible-ssh-%h-%p-%r" -o
KbdInteractiveAuthentication=no -o
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o User=[the user name] -o ConnectTimeout=10
[the server name] /bin/sh -c 'mkdir -p
$HOME/.ansible/tmp/ansible-tmp-1445011786.98-96385272343300 && chmod a+rx
$HOME/.ansible/tmp/ansible-tmp-1445011786.98-96385272343300 && echo
$HOME/.ansible/tmp/ansible-tmp-1445011786.98-96385272343300'
<[the server name]> PUT /tmp/tmpzsyZR5 TO /home/[the user
name]/.ansible/tmp/ansible-tmp-1445011786.98-96385272343300/setup
<[the server name]> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o
ControlPersist=60s -o
ControlPath="/home/kevin/.ansible/cp/ansible-ssh-%h-%p-%r" -o
KbdInteractiveAuthentication=no -o
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o User=[the user name] -o ConnectTimeout=10
[the server name] /bin/sh -c 'sudo -k && sudo -H -S -p "[sudo via ansible,
key=xlkvnygczvuuuxouqlysjwveacqafobo] password: " -u root /bin/sh -c
'"'"'echo BECOME-SUCCESS-xlkvnygczvuuuxouqlysjwveacqafobo; LANG=C
LC_CTYPE=C /usr/bin/python /home/[the user
name]/.ansible/tmp/ansible-tmp-1445011786.98-96385272343300/setup; rm -rf
/home/[the user
name]/.ansible/tmp/ansible-tmp-1445011786.98-96385272343300/ >/dev/null
2>&1'"'"''
ok: [[the server name]]
TASK: [Install useful system tools]
*******************************************
<[the server name]> ESTABLISH CONNECTION FOR USER: [the user name]
<[the server name]> REMOTE_MODULE apt
name=vim,nano,htop,git,subversion,tig,ncdu,nodejs-legacy,npm,mesa-utils
state=present
<[the server name]> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o
ControlPersist=60s -o
ControlPath="/home/kevin/.ansible/cp/ansible-ssh-%h-%p-%r" -o
KbdInteractiveAuthentication=no -o
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o User=[the user name] -o ConnectTimeout=10
[the server name] /bin/sh -c 'mkdir -p
$HOME/.ansible/tmp/ansible-tmp-1445011796.4-117959804841916 && chmod a+rx
$HOME/.ansible/tmp/ansible-tmp-1445011796.4-117959804841916 && echo
$HOME/.ansible/tmp/ansible-tmp-1445011796.4-117959804841916'
<[the server name]> PUT /tmp/tmpDRxOC1 TO /home/[the user
name]/.ansible/tmp/ansible-tmp-1445011796.4-117959804841916/apt
<[the server name]> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o
ControlPersist=60s -o
ControlPath="/home/kevin/.ansible/cp/ansible-ssh-%h-%p-%r" -o
KbdInteractiveAuthentication=no -o
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o User=[the user name] -o ConnectTimeout=10
[the server name] /bin/sh -c 'sudo -k && sudo -H -S -p "[sudo via ansible,
key=zkgarkbubgpvcowmyibknwzfzyeoksnf] password: " -u root /bin/sh -c
'"'"'echo BECOME-SUCCESS-zkgarkbubgpvcowmyibknwzfzyeoksnf; LANG=C
LC_CTYPE=C /usr/bin/python /home/[the user
name]/.ansible/tmp/ansible-tmp-1445011796.4-117959804841916/apt; rm -rf
/home/[the user
name]/.ansible/tmp/ansible-tmp-1445011796.4-117959804841916/ >/dev/null
2>&1'"'"''
changed: [[the server name]] =>
Le vendredi 16 octobre 2015 17:57:21 UTC+2, Santosh Jambhlikar a écrit :
>
> Try removing all parameters and add "sudo: yes" only ( like below)
>
> ---
> - hosts: all
> sudo: yes
>
>
> tasks:
>
>
> - name: Install useful system tools
> apt: name={{ item }} state=present
> with_items:
> - vim
> - nano
>
>
>
> Sent with MailTrack
> <https://mailtrack.io/install?source=signature&lang=en&referral=santoshdj...@gmail.com&idSignature=22>
>
> On Fri, Oct 16, 2015 at 8:25 PM, Kevin Jaquier <kevin....@gmail.com
> <javascript:>> wrote:
>
>> That's what I'm doing here, as the "sudo" option have been deprecated in
>> favor of "become".
>> And my user also have all the privileges (see the output of "sudo -l").
>> At least if I understand correctly. Anyway it do have the required
>> privilege I can "sudo apt-get install" something with this user and it
>> works.
>>
>> Le vendredi 16 octobre 2015 10:08:32 UTC+2, Santosh Jambhlikar a écrit :
>>>
>>> I use following which works for me
>>>
>>> sudo: yes
>>>
>>> but user has sudo to ALL prilvilges
>>>
>>> On Thursday, 15 October 2015 21:20:21 UTC+5:30, Kevin Jaquier wrote:
>>>>
>>>> I'm having trouble executing my script from a user with sudo access
>>>> instead of root.
>>>>
>>>> I'm getting "permission denied" errors when playing the playbook, but
>>>> if I execute the commands manually on the server it works just fine.
>>>> I did use "become" to execute the tasks with sudo and the right user.
>>>>
>>>> The (relevant part of the) playbook :
>>>>
>>>> ---
>>>> - hosts: all
>>>> remote_user: "{{ user }}"
>>>> become: yes
>>>> become_user: "{{ user }}"
>>>> become_method: sudo
>>>>
>>>>
>>>> tasks:
>>>>
>>>>
>>>> - name: Install useful system tools
>>>> apt: name={{ item }} state=present
>>>> with_items:
>>>> - vim
>>>> - nano
>>>> - htop
>>>> - git
>>>> - subversion
>>>> - tig
>>>> - ncdu
>>>> - nodejs-legacy
>>>> - npm
>>>> - mesa-utils
>>>>
>>>>
>>>>
>>>> Ansible output :
>>>>
>>>> $ ansible-playbook -K -i test site.yml -vvvv
>>>> SUDO password:
>>>>
>>>>
>>>> PLAY [all]
>>>> ********************************************************************
>>>>
>>>>
>>>> GATHERING FACTS
>>>> ***************************************************************
>>>> <[the server address]> ESTABLISH CONNECTION FOR USER: [the user name]
>>>> <[the server address]> REMOTE_MODULE setup
>>>> <[the server address]> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o
>>>> ControlPersist=60s -o ControlPath=
>>>> "/home/kevin/.ansible/cp/ansible-ssh-%h-%p-%r" -o
>>>> KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with
>>>> -mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o
>>>> User=[the user name] -o ConnectTimeout=10 [the server address] /bin/sh
>>>> -c 'mkdir
>>>> -p /tmp/ansible-tmp-1444921321.94-213782579685333 && chmod a+rx
>>>> /tmp/ansible-tmp-1444921321.94-213782579685333 && echo
>>>> /tmp/ansible-tmp-1444921321.94-213782579685333'
>>>> <[the server address]> PUT /tmp/tmpk_hOEu TO /tmp/ansible-tmp-
>>>> 1444921321.94-213782579685333/setup
>>>> <[the server address]> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o
>>>> ControlPersist=60s -o ControlPath=
>>>> "/home/kevin/.ansible/cp/ansible-ssh-%h-%p-%r" -o
>>>> KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with
>>>> -mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o
>>>> User=[the user name] -o ConnectTimeout=10 [the server address] /bin/sh
>>>> -c 'chmod a+r /tmp/ansible-tmp-1444921321.94-213782579685333/setup'
>>>> <[the server address]> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o
>>>> ControlPersist=60s -o ControlPath=
>>>> "/home/kevin/.ansible/cp/ansible-ssh-%h-%p-%r" -o
>>>> KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with
>>>> -mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o
>>>> User=[the user name] -o ConnectTimeout=10 [the server address] /bin/sh
>>>> -c 'sudo
>>>> -k && sudo -H -S -p "[sudo via ansible,
>>>> key=upzdhdqqnkqtecoipruvaisazfdvjubv] password: " -u [the user name]
>>>> /bin/sh -c '"'"'echo BECOME-SUCCESS-upzdhdqqnkqtecoipruvaisazfdvjubv;
>>>> LANG=C LC_CTYPE=C /usr/bin/python
>>>> /tmp/ansible-tmp-1444921321.94-213782579685333/setup'"'"''
>>>> <[the server address]> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o
>>>> ControlPersist=60s -o ControlPath=
>>>> "/home/kevin/.ansible/cp/ansible-ssh-%h-%p-%r" -o
>>>> KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with
>>>> -mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o
>>>> User=[the user name] -o ConnectTimeout=10 [the server address] /bin/sh
>>>> -c 'rm -rf /tmp/ansible-tmp-1444921321.94-213782579685333/ >/dev/null
>>>> 2>&1'
>>>> ok: [[the server address]]
>>>>
>>>>
>>>> TASK: [Install useful system tools]
>>>> *******************************************
>>>> <[the server address]> ESTABLISH CONNECTION FOR USER: [the user name]
>>>> <[the server address]> REMOTE_MODULE apt name=vim,nano,htop,git,
>>>> subversion,tig,ncdu,nodejs-legacy,npm state=present
>>>> <[the server address]> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o
>>>> ControlPersist=60s -o ControlPath=
>>>> "/home/kevin/.ansible/cp/ansible-ssh-%h-%p-%r" -o
>>>> KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with
>>>> -mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o
>>>> User=[the user name] -o ConnectTimeout=10 [the server address] /bin/sh
>>>> -c 'mkdir
>>>> -p /tmp/ansible-tmp-1444921350.8-23676536
>>>> ...
>>>
>>> --
>> You received this message because you are subscribed to a topic in the
>> Google Groups "Ansible Project" group.
>> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/ansible-project/qKc091c74Kc/unsubscribe
>> .
>> To unsubscribe from this group and all its topics, send an email to
>> ansible-proje...@googlegroups.com <javascript:>.
>> To post to this group, send email to ansible...@googlegroups.com
>> <javascript:>.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/0cedfb66-db4b-4a6c-8a6d-8d4614fdd9ad%40googlegroups.com
>>
>> <https://groups.google.com/d/msgid/ansible-project/0cedfb66-db4b-4a6c-8a6d-8d4614fdd9ad%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/415de419-b341-4bce-b31a-0031af9d3adf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
