Ansible requires the ability to run any command via sudo, it does not work with a restricted set of commands, as it executes python via /bin/sh. It does not directly run those commands that you have restricted that group to.
On Thu, May 26, 2016 at 2:05 PM, Sam Sen <[email protected]> wrote: > Ok so i removed become_user and added "become: true" > > now it's asking for a password. > > TASK [restart web server] > ****************************************************** > fatal: [127.0.0.1]: FAILED! => {"changed": false, "failed": true, > "module_stderr": "sudo: a password is required\n", "module_stdout": "", > "msg": "MODULE FAILURE", "parsed": false} > > > My sudo entry shows this. > > %deployment ALL=(ALL) NOPASSWD: DEPLOYMENT > > Cmnd_Alias DEPLOYMENT_CMDS = /etc/init.d/aria_services restart, > /etc/init.d/aria_services start, /etc/init.d/aria_services stop, > > > > > On Thursday, May 26, 2016 at 1:29:42 PM UTC-4, Kai Stian Olstad wrote: >> >> On 26. mai 2016 18:22, Sam Sen wrote: >> > Does not work: >> > >> > - name: restart web server >> > shell: /etc/init.d/aria_services restart >> > when: install_rpm_results|success >> > register: restart_services_result >> > failed_when: "'FAIL' in restart_services_result.stdout" >> > ignore_errors: True >> > become_user: root >> >> become_user only says which user to be used. To actually use become/sudo >> you need to add become: true >> >> become_user default to root so you do not need to specify it if you like >> having less code. >> >> -- >> Kai Stian Olstad >> >> >> >> -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/c87c253a-8aa3-4d13-b38d-727f1ec418c4%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/c87c253a-8aa3-4d13-b38d-727f1ec418c4%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- Matt Martz @sivel sivel.net -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAD8N0v_sFB6eEr98gfRtr_s4QeFMk%2BG0sP2kJf51ynGHJZeBhg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
