On 1/15/21 6:08 AM, Ramakrishna Veeragandham wrote: > Hi Ansible team, > > I am Ram. We need some help in running the Ansible playbook ( specifically > how to add sudo while running playbooks ). > in your environment, we can run all admin related commands with sudo acess ( > by adding sudo in front of command . For > example, sudo vgs or sudo vi /etc/sudoers ). We don't have root access and > hence we don't wanted to run the playbooks > with direct root access . > > Most of our servers ( Redhat / Solaris / Aix ) doesn't have root access. The > possibility of running all admin activities > are by running sudo <command> as admin ( sysunx ) user. > > I mean, after logging to the server with sysunx account, we run the admin > related command as sudo <command>. How to > simulate this in Ansible. > >
You need to add "become: yes" to the touch task (or to the whole playbook):
Regards
Rackd
>
> #Playbook code
>
> [root@sgdlvapp03infra splunk_forwarder]# cat sudo_test_solaris.yml
>
> ---
>
> - hosts: dev
>
> gather_facts: yes
>
> #become: yes
>
> become_user: sysunx
>
> become_method: sudo
>
> ignore_errors: true
>
>
>
> vars_files:
>
> - /var/lib/ansible_playbooks/inventory/password.yml
>
> #- /var/lib/ansible_playbooks/inventory/auth.yml
>
>
>
> tasks:
>
> - name: ping
>
> ping:
>
>
>
> - name: touch file '/opt/testfile'
>
> shell: touch /opt/testfile
>
> args:
>
> warn: false
>
> register: shell_output
>
>
>
> - name: Print status
>
> debug: var=shell_output
>
>
>
> - name: touch file '/opt/testfile' using file module
>
> file:
>
> path: /opt/testfile
>
> state: touch
>
> register: output
>
>
>
> - name: Print status
>
> debug: var=output
>
>
>
> - name: remove file '/opt/testfile'
>
> file:
>
> path: /opt/testfile
>
> state: absent
>
> register: deleted
>
>
>
> - name: Print status after deletion
>
> debug: var=deleted
>
> [root@sgdlvapp03infra splunk_forwarder]#
>
>
>
>
>
> [root@sgdlvapp03infra splunk_forwarder]# ansible-playbook
> sudo_test_solaris.yml --ask-vault-pass -i ../../inventory/test_INV
>
> Vault password:
>
>
>
> PLAY [dev]
> *****************************************************************************************************************************************************************
>
>
>
> TASK [Gathering Facts]
> *****************************************************************************************************************************************************
>
> ok: [10.4.67.141]
>
>
>
> TASK [ping]
> ****************************************************************************************************************************************************************
>
> ok: [10.4.67.141]
>
>
>
> TASK [touch file '/opt/testfile']
> ******************************************************************************************************************************************
>
> fatal: [10.4.67.141]: FAILED! => {"changed": true, "cmd": "touch
> /opt/testfile", "delta": "0:00:00.016422", "end":
> "2021-01-15 12:53:02.654437", "msg": "non-zero return code", "rc": 1,
> "start": "2021-01-15 12:53:02.638015", "stderr":
> "touch: cannot create /opt/testfile: Permission denied", "stderr_lines":
> ["touch: cannot create /opt/testfile:
> Permission denied"], "stdout": "", "stdout_lines": []}
>
> ...ignoring
>
>
>
> TASK [Print status]
> ********************************************************************************************************************************************************
>
> ok: [10.4.67.141] => {
>
> "shell_output": {
>
> "changed": true,
>
> "cmd": "touch /opt/testfile",
>
> "delta": "0:00:00.016422",
>
> "end": "2021-01-15 12:53:02.654437",
>
> "failed": true,
>
> "msg": "non-zero return code",
>
> "rc": 1,
>
> "start": "2021-01-15 12:53:02.638015",
>
> "stderr": "touch: cannot create /opt/testfile: Permission denied",
>
> "stderr_lines": [
>
> "touch: cannot create /opt/testfile: Permission denied"
>
> ],
>
> "stdout": "",
>
> "stdout_lines": []
>
> }
>
> }
>
>
>
> TASK [touch file '/opt/testfile' using file module]
> ************************************************************************************************************************
>
> fatal: [10.4.67.141]: FAILED! => {"changed": false, "msg": "Error, could not
> touch target: [Errno 13] Permission denied:
> '/opt/testfile'", "path": "/opt/testfile"}
>
> ...ignoring
>
>
>
> TASK [Print status]
> ********************************************************************************************************************************************************
>
> ok: [10.4.67.141] => {
>
> "output": {
>
> "changed": false,
>
> "failed": true,
>
> "msg": "Error, could not touch target: [Errno 13] Permission denied:
> '/opt/testfile'",
>
> "path": "/opt/testfile"
>
> }
>
> }
>
>
>
> TASK [remove file '/opt/testfile']
> ****************************************************************************************************************************************
>
> ok: [10.4.67.141]
>
>
>
> TASK [Print status after deletion]
> *****************************************************************************************************************************************
>
> ok: [10.4.67.141] => {
>
> "deleted": {
>
> "changed": false,
>
> "failed": false,
>
> "path": "/opt/testfile",
>
> "state": "absent"
>
> }
>
> }
>
>
>
> PLAY RECAP
> *****************************************************************************************************************************************************************
>
> 10.4.67.141 : ok=8 changed=1 unreachable=0 failed=0
> skipped=0 rescued=0 ignored=2
>
>
>
> [root@sgdlvapp03infra splunk_forwarder]#
>
> [root@sgdlvapp03infra splunk_forwarder]#
>
> [root@sgdlvapp03infra splunk_forwarder]# cat ../../inventory/test_INV
>
> [dev]
>
> #sgdlvapp03infra ansible_ssh_user=root ansible_ssh_pass='{{ root_password }}'
>
> 10.4.67.141
>
>
>
> [dev:vars]
>
> ansible_ssh_user=sysunx
>
> ansible_ssh_pass='{{ password }}'
>
> ansible_become_pass='{{ password }}'
>
> ansible_python_interpreter=/usr/bin/python
>
> [root@sgdlvapp03infra splunk_forwarder]#
>
>
>
> For example, How I am running sudo commands manually on target machine
> access is shown below.
>
>
>
> sysunx@dvsun25b:~$
>
> sysunx@dvsun25b:~$ touch /opt/test_file
>
> touch: cannot create /opt/test_file: Permission denied
>
> sysunx@dvsun25b:~$
>
> sysunx@dvsun25b:~$ sudo touch /opt/test_file
>
> sysunx@dvsun25b:~$ ls -lrt /opt/test_file
>
> -rw-r----- 1 root root 0 Jan 15 12:51 /opt/test_file
>
> sysunx@dvsun25b:~$
>
> sysunx@dvsun25b:~$ sudo cat /etc/sudoers | grep sysunx
>
> %sysunxg ALL=(ALL) NOPASSWD: ADMIN01, ADMIN02, ADMIN03, ADMIN04, ADMIN05,
> ADMIN06, ADMIN12,!ID02, !FILE01, !FILE02,
> !FILE03, !FILE04, !FILE07, !FILE08, !FILE09, !FILE11, !FILE12
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to
> ansible-project+unsubscr...@googlegroups.com
> <mailto:ansible-project+unsubscr...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/0572d911-3458-436e-831d-f4403f3c5a57n%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/0572d911-3458-436e-831d-f4403f3c5a57n%40googlegroups.com?utm_medium=email&utm_source=footer>.
--
Ecommerce and Linux consulting + Perl and web application programming.
Debian and Sympa administration. Provisioning with Ansible.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/63a9d7ed-c9e6-a7e8-aed1-40a4e4e715ae%40linuxia.de.
OpenPGP_signature
Description: OpenPGP digital signature
