On 14/06/2022 10:21, 'Shivakumar Venkataswamy' via Ansible Project wrote:
ansible is user account we created and member of  sudor's ( /etc/sudoers) with 
full privileges' same as root.

IMHO the privileges are only the same when using the "sudo" command.

Regards

              Racke



On Tuesday, 14 June 2022 at 13:16:48 UTC+5:30 ra...@linuxia.de wrote:

    On 14/06/2022 09:16, 'Shivakumar Venkataswamy' via Ansible Project wrote:
    > Hi team,
    >  look at my playbook
    > ---
    > -  hosts: all
    >    become: true
    >    become_user: ansible
    >    tasks:
    >    - name: add a user to the list of AllowUsers if not present
    >      vars:
    >        usernames:
    >           - shivakumar.venkataswamy
    >           - karthik.reddy
    >           - aman.saxena
    >      lineinfile:
    >        path: /etc/ssh/sshd_config
    >        backrefs: yes
    >        backup: yes
    >        state: absent
    >        regexp: '^AllowUsers((?:(?:\s+\S+(?!\S))(?<!\s{{ usernames 
}}))+\s*?)(\n?)$'
    >        line: 'AllowUsers\1 shivakumar.venkataswamy karthik.reddy 
aman.saxena\2'
    >        validate: /usr/sbin/sshd -t -f %s
    >
    Permission denied: '/etc/ssh/sshd_config'

    The ansible user can't edit the file, so try "become_user: root" in your 
task.

    Regards
                 Racke

    > I'm facing below error,
    > SSH password:
    > 1
    > BECOME password[defaults to SSH password]:
    > 2
    > 3
    > PLAY [all] 
*********************************************************************12:45:29
    > 4
    > 5
    > TASK [Gathering Facts] 
*********************************************************12:45:29
    > 6
    > ok: [172.16.13.254]
    > 7
    > 8
    > TASK [add a user to the list of AllowUsers if not present] 
*********************12:45:31
    > 9
    > An exception occurred during task execution. To see the full traceback, 
use -vvv. The error was: IOError: [Errno 13] Permission denied: 
'/etc/ssh/sshd_config'
    > 10
    > fatal: [172.16.13.254]: FAILED! => {"changed": false, "module_stderr": "Shared connection to 172.16.13.254 closed.\r\n", 
"module_stdout": "Traceback (most recent call last):\r\n File 
\"/home/ansible/.ansible/tmp/ansible-tmp-1655190931.6542027-6944-29566285149733/AnsiballZ_lineinfile.py\", line 102, in <module>\r\n _ansiballz_main()\r\n 
File \"/home/ansible/.ansible/tmp/ansible-tmp-1655190931.6542027-6944-29566285149733/AnsiballZ_lineinfile.py\", line 94, in _ansiballz_main\r\n 
invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\r\n File 
\"/home/ansible/.ansible/tmp/ansible-tmp-1655190931.6542027-6944-29566285149733/AnsiballZ_lineinfile.py\", line 40, in invoke_module\r\n 
runpy.run_module(mod_name='ansible.modules.files.lineinfile', init_globals=None, run_name='__main__', alter_sys=True)\r\n File \"/usr/lib64/python2.7…
    > 11
    > 12
    > PLAY RECAP 
*********************************************************************12:45:32
    > 13
    > 172.16.13.254 : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 
ignored=0
    > --
    > You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
    > To unsubscribe from this group and stop receiving emails from it, send an 
email to ansible-proje...@googlegroups.com.
    > To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/551f8529-2fc7-409c-bac9-06216fb7c6d5n%40googlegroups.com
 
<https://groups.google.com/d/msgid/ansible-project/551f8529-2fc7-409c-bac9-06216fb7c6d5n%40googlegroups.com?utm_medium=email&utm_source=footer
 
<https://groups.google.com/d/msgid/ansible-project/551f8529-2fc7-409c-bac9-06216fb7c6d5n%40googlegroups.com?utm_medium=email&utm_source=footer>>.


-- Automation expert - Ansible and friends
    Linux administrator & Debian maintainer
    Perl Dancer & conference hopper

--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/2ea9555c-aa77-4f44-8ef7-e68946e80917n%40googlegroups.com
 
<https://groups.google.com/d/msgid/ansible-project/2ea9555c-aa77-4f44-8ef7-e68946e80917n%40googlegroups.com?utm_medium=email&utm_source=footer>.


--
Automation expert - Ansible and friends
Linux administrator & Debian maintainer
Perl Dancer & conference hopper

--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/2ce21b25-df75-0483-ac58-1a21affd03bc%40linuxia.de.

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Reply via email to