On Sun, 9 May 2021 at 19:35, Lomic Legone <lomic.leg...@gmail.com> wrote:
>
> Below are some details and commands I wrote.
>
> Before this, I
>
> had to create a "mala" user on ubuntu2 (the node) with sudo privilege (during
> the ubuntu installation)
> created a public/private kay pair on ubuntu1 (the node manager) and I copied
> the public key on ubunt2 with ssh-copy-id command; it works well since I
> succeded in making "ssh mala@ubuntu2" from ubuntu1
>
>
> I never knew root password on ubuntu2 (smae thing on ubuntu1).
>
> In next commands, I tried to create a "ansible-user" on ubuntu2, I know it's
> useless since mala on ubnutu2 already exists, but I'm just following a tuto
> with a remote user creation. The action is not important, this is the failure
> wich I don't understand.
You're using having problem with ansible and the privilege escalation,
and you're using a "tuto" that uses ansible to create
users/account/passwords/etc.
To me that sounds like adding more complexity to the mix rather than
reducing it.
Try to *manually* make sure the hosts meet the requirements and get
ansible to work.
>
> grag@ubuntu1:~/ansible$ ansible localhost -i grt.inv -m debug -a "msg={{
> 'passforce' | password_hash('sha512', 'secretsalt') }}"
> localhost | SUCCESS => {
> "msg":
> "$6$secretsalt$X5YDmUgDphPxnMkByvHbNaiP4T5Uk0WjEZ9TukWKQnXmXN81jG3DcGZnNJiSz9ltgPhplH92HOR/RqgmyS.zN1"
> }
> grag@ubuntu1:~/ansible$ ansible -i grt.inv -m user -a 'name=user-ansible
> password=$6$secretsalt$X5YDmUgDphPxnMkByvHbNaiP4T5Uk0WjEZ9TukWKQnXmXN81jG3DcGZnNJiSz9ltgPhplH92HOR/RqgmyS.zN1'
> --user root --ask-pass all
> SSH password:
> ubuntu2 | FAILED! => {
> "msg": "to use the 'ssh' connection type with passwords, you must install
> the sshpass program"
> }
You're setting a root password which is not needed. So this error is
also irrelevant.
> grag@ubuntu1:~/ansible$ ansible -i grt.inv -m user -a 'name=user-ansible
> password=$6$secretsalt$X5YDmUgDphPxnMkByvHbNaiP4T5Uk0WjEZ9TukWKQnXmXN81jG3DcGZnNJiSz9ltgPhplH92HOR/RqgmyS.zN1'
> --user mala --ask-pass all
> SSH password:
> ubuntu2 | FAILED! => {
> "msg": "to use the 'ssh' connection type with passwords, you must install
> the sshpass program"
> }
> grag@ubuntu1:~/ansible$ more grt.inv
> ubuntu2
> grag@ubuntu1:~/ansible$
>
>
>
> Note that for ssh password, I typed mala password on ubunt2.
>
>
>
> Le vendredi 7 mai 2021 à 12:01:20 UTC+2, dick....@geant.org a écrit :
>>
>> Hii
>>
>> On Fri, 7 May 2021 at 11:40, Lomic Legone <lomic....@gmail.com> wrote:
>> >
>> > Hi all, I'm a newbee on ansible and I follow online tutos.
>> >
>> > I installed 2 ubuntu VM (named ubunt1 and ubunt2), one as node manager
>> > (ubuntu1) and the second one as simple node (ubuntu2). The ssh connection
>> > is tested and ok.
>> >
>> > When I installed ubuntu, I've never been asked for a root password, but
>> > only for the name/password for a simple user. But this user belongs to
>> > sudoers group so it can make admin tasks. So all is ok.
>>
>> That is one thing. Depending on your config, you might also have to
>> provide the password to use sudo.
>>
>> > The pb is that as I try to execute root tasks from ubuntu1 to ubuntu2 with
>> > ansible,
>>
>> What are "root tasks"? Is this different from tasks that require sudo?
>>
>> > even if ubuntu2 user belongs to sudoers groups, ansible fails. And if I
>> > use the "-become" option, ansible asks me the ubuntu2 root password that I
>> > don't know of course.
>>
>> See above, this might be required on your config. Check the NOPASSWD
>> option in your sudoers configuration.
>>
>> I assume the same username is used on both machines.
>>
>>
>>
>>
>>
>> >
>> > In fact I feel that the fact that ubuntu2 user has sudo privilege is
>> > useless.
>> >
>> > So how to do ?
>> >
>> > Thanks for your responses.
>> >
>> > --
>> > You received this message because you are subscribed to the Google Groups
>> > "Ansible Project" group.
>> > To unsubscribe from this group and stop receiving emails from it, send an
>> > email to ansible-proje...@googlegroups.com.
>> > To view this discussion on the web visit
>> > https://groups.google.com/d/msgid/ansible-project/bcf355f1-73a0-4228-ab02-75105617672bn%40googlegroups.com.
>>
>>
>>
>> --
>> Dick Visser
>> Trust & Identity Service Operations Manager
>> GÉANT
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/06140c20-ebdd-4c3a-812e-db7af5805ecen%40googlegroups.com.
--
Dick Visser
Trust & Identity Service Operations Manager
GÉANT
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAL8fbwNjQfMdQSDOO%2B3CDp-K5iAstuOxbdRQ-x6VM--w%3Df6jyQ%40mail.gmail.com.
