Hi, The central IT function at my company allows developers root access to a server for a short period of time to allow us to install any required middelware and application software when we are commissioning a server. I've been looking at using Ansible to automate this process to prevent user errors and make the process more efficient. The problem that I've run into is that they only allow root access using the following sudo call:
sudo rootsh -i -u root This uses a logging shell wrapper, rootsh (man page <http://linux.die.net/man/1/rootsh>), to log all terminal input and output for audit purposes. We can't change this and it means we can't use any of the standard become_methods that Ansible uses. Is there any way of adding a become_method to Ansible that would call the above command instead of just sudo? Alternatively, is there anyway of getting Ansible to run rootsh when it requests elevated privileges? I did try the following in the vain hope that it might work, but as I feared, it failed: site.yml: --- - hosts: vagrant-servers become: yes become_user: root become_method: sudo rootsh -i -u root roles: - ansible-oracle-java-master Play output: vagrant@ansible-master:~$ ansible-playbook -i hosts site.yml PLAY *************************************************************************** TASK [setup] ******************************************************************* fatal: [10.10.1.4]: FAILED! => {"failed": true, "msg": "ERROR! Privilege escalation method not found: sudo rootsh -i -u root"} fatal: [10.10.1.5]: FAILED! => {"failed": true, "msg": "ERROR! Privilege escalation method not found: sudo rootsh -i -u root"} fatal: [10.10.1.6]: FAILED! => {"failed": true, "msg": "ERROR! Privilege escalation method not found: sudo rootsh -i -u root"} fatal: [10.10.1.3]: FAILED! => {"failed": true, "msg": "ERROR! Privilege escalation method not found: sudo rootsh -i -u root"} NO MORE HOSTS LEFT ************************************************************* PLAY RECAP ********************************************************************* 10.10.1.3 : ok=0 changed=0 unreachable=0 failed=1 10.10.1.4 : ok=0 changed=0 unreachable=0 failed=1 10.10.1.5 : ok=0 changed=0 unreachable=0 failed=1 10.10.1.6 : ok=0 changed=0 unreachable=0 failed=1 vagrant@ansible-master:~$ Thanks, Colin. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/b717ad15-773a-42ef-bbbd-564aa6fac75c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
