In the case where you put `sudo` in the command, then the command ansible runs from within the python script contains sudo.
In the case where you use become, and don't put sudo in the command, the python script is being executed with sudo, and not the inner specified command itself. On Thu, May 26, 2016 at 2:13 PM, Sam Sen <[email protected]> wrote: > Ok, so then why does it work if I add "sudo" in front of the command? > > Is this the become directive handles sudo differently? > > On Thursday, May 26, 2016 at 3:11:09 PM UTC-4, Matt Martz wrote: >> >> Ansible requires the ability to run any command via sudo, it does not >> work with a restricted set of commands, as it executes python via /bin/sh. >> It does not directly run those commands that you have restricted that group >> to. >> >> On Thu, May 26, 2016 at 2:05 PM, Sam Sen <[email protected]> wrote: >> >>> Ok so i removed become_user and added "become: true" >>> >>> now it's asking for a password. >>> >>> TASK [restart web server] >>> ****************************************************** >>> fatal: [127.0.0.1]: FAILED! => {"changed": false, "failed": true, >>> "module_stderr": "sudo: a password is required\n", "module_stdout": "", >>> "msg": "MODULE FAILURE", "parsed": false} >>> >>> >>> My sudo entry shows this. >>> >>> %deployment ALL=(ALL) NOPASSWD: DEPLOYMENT >>> >>> Cmnd_Alias DEPLOYMENT_CMDS = /etc/init.d/aria_services restart, >>> /etc/init.d/aria_services start, /etc/init.d/aria_services stop, >>> >>> >>> >>> >>> On Thursday, May 26, 2016 at 1:29:42 PM UTC-4, Kai Stian Olstad wrote: >>>> >>>> On 26. mai 2016 18:22, Sam Sen wrote: >>>> > Does not work: >>>> > >>>> > - name: restart web server >>>> > shell: /etc/init.d/aria_services restart >>>> > when: install_rpm_results|success >>>> > register: restart_services_result >>>> > failed_when: "'FAIL' in restart_services_result.stdout" >>>> > ignore_errors: True >>>> > become_user: root >>>> >>>> become_user only says which user to be used. To actually use >>>> become/sudo >>>> you need to add become: true >>>> >>>> become_user default to root so you do not need to specify it if you >>>> like >>>> having less code. >>>> >>>> -- >>>> Kai Stian Olstad >>>> >>>> >>>> >>>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Ansible Project" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To post to this group, send email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/ansible-project/c87c253a-8aa3-4d13-b38d-727f1ec418c4%40googlegroups.com >>> <https://groups.google.com/d/msgid/ansible-project/c87c253a-8aa3-4d13-b38d-727f1ec418c4%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> >> >> -- >> Matt Martz >> @sivel >> sivel.net >> > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/64c39915-1eaa-4103-9f73-ad9fe1d02814%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/64c39915-1eaa-4103-9f73-ad9fe1d02814%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- Matt Martz @sivel sivel.net -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAD8N0v9MjSN_G0z5csPsVBmnCK2VkYbe7Aqp-1SqrmJtaHbksQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
