Re: [ansible-project] looks like sudo error, may be
I can become root but not oracle
On Wed, 31 Oct 2018 at 21:09, Ankit Vashistha
wrote:
> I suspect it has something related to the permission mentioned in the
> output.
>
> On Thu, Nov 1, 2018, 7:36 AM 'Kallu Srikanth' via Ansible Project <
> ansible-project@googlegroups.com> wrote:
>
>> Playbook:
>>
>> ---
>> - hosts: patch_group
>> user: dpiesa
>> become: yes
>> become_user: root
>> become_method: sudo
>> roles:
>> - acx_oracle_stopdb
>>
>> Role :
>>
>> --- # Stop oracle db
>>
>> name: stopping Oracle database
>> debug:
>> msg: "Stopping database on host {{ ansible_fqdn }}"
>> Test user oracle
>> #- block:
>>
>> name: Test Perms
>> command: mv /home/oracle/test /home/oracle/test_ok
>> become: yes
>> become_user: oracle
>> Error
>>
>> TASK [acx_oracle_stopdb : Test Perms]
>> ***
>> fatal: [dscadev0454.mpsdev.net]: FAILED! => {"msg": "Timeout (12s)
>> waiting for privilege escalation prompt:
>> +-+\r\n|
>> Shared Account Shell Monitor |\r\n| |\r\n| This shell session is being
>> monitored, and appropriate |\r\n| personnel have been notified of this
>> invocation. You are |\r\n| responsible for all activity logged under this
>> session. |\r\n| Do NOT leave this terminal unattended. You are encouraged
>> |\r\n| to use adhoc sudo commands instead of a shell for casual |\r\n| use.
>> Excessive "trivial" use of the shell will be addressed. |\r\n|
>> |\r\n+-+\r\n"}
>>
>>
>> Can any body help please
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ansible-project+unsubscr...@googlegroups.com.
>> To post to this group, send email to ansible-project@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/0032a133-108b-4296-b332-653953ba6efd%40googlegroups.com
>> <https://groups.google.com/d/msgid/ansible-project/0032a133-108b-4296-b332-653953ba6efd%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CACecUhu%2B5P%3D%2BnUgNabVi%2BJjfBgYK9F9vi6vcbK52aXwpn%2Bp1Qg%40mail.gmail.com
> <https://groups.google.com/d/msgid/ansible-project/CACecUhu%2B5P%3D%2BnUgNabVi%2BJjfBgYK9F9vi6vcbK52aXwpn%2Bp1Qg%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CA%2BV0uEwsk%3DQ65oJ1Vy5A4MTdYxo7ZHrkzuYKTz9qhibwyYMFkQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
[ansible-project] looks like sudo error, may be
Playbook:
---
- hosts: patch_group
user: dpiesa
become: yes
become_user: root
become_method: sudo
roles:
- acx_oracle_stopdb
Role :
--- # Stop oracle db
name: stopping Oracle database
debug:
msg: "Stopping database on host {{ ansible_fqdn }}"
Test user oracle
#- block:
name: Test Perms
command: mv /home/oracle/test /home/oracle/test_ok
become: yes
become_user: oracle
Error
TASK [acx_oracle_stopdb : Test Perms]
***
fatal: [dscadev0454.mpsdev.net]: FAILED! => {"msg": "Timeout (12s) waiting
for privilege escalation prompt:
+-+\r\n|
Shared Account Shell Monitor |\r\n| |\r\n| This shell session is being
monitored, and appropriate |\r\n| personnel have been notified of this
invocation. You are |\r\n| responsible for all activity logged under this
session. |\r\n| Do NOT leave this terminal unattended. You are encouraged
|\r\n| to use adhoc sudo commands instead of a shell for casual |\r\n| use.
Excessive "trivial" use of the shell will be addressed. |\r\n|
|\r\n+-+\r\n"}
Can any body help please
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/0032a133-108b-4296-b332-653953ba6efd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Need help to find how to run root command with non-root user and escalated privilages
Brian, Actually it worked instead of removing -n i added "default: '-H -S" at the end of the file Thank you very much, I really appreciate it On Monday, May 21, 2018 at 10:35:10 PM UTC-5, Brian Coca wrote: > > You seem to have a non standard/old sudo, change the default > become_flags as they seem to be causing the problem, specifically, > remove -n (default: '-H -S -n' > ) > > -- > -- > Brian Coca > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/43f9f0d6-09a3-4fbe-aac4-cfc3a3dc200f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Need help to find how to run root command with non-root user and escalated privilages
Hi Abhay i still have the error
Code : -
---
- hosts: dpie_prod
user: dpiesa
become: true
become_method: enable
tasks:
- name: install telnet
yum: pkg=telnet state=present update_cache=true
ERROR:
fatal: [lind01]: FAILED! => {"changed": false, "module_stderr": "Shared
connection to lind01.\r\n", "module_stdout": "sudo: illegal option
`-n'\r\nusage: sudo -h | -K | -k | -L | -l | -V | -v\r\nusage: sudo
[-bEHPS] [-p prompt] [-u username|#uid] [VAR=value]\r\n{-i | -s
| }\r\nusage: sudo -e [-S] [-p prompt] [-u username|#uid] file
...\r\n", "msg": "MODULE FAILURE", "rc": 1}
But I can run this successfully manually on a server like this without
password
#dpiesa@lind01:/home/dpiesa> sudo yum install telnet
Also can become root like this
dpiesa@lind01:/home/dpiesa> become
root@lind01:/root>
On Monday, May 21, 2018 at 10:59:42 PM UTC-5, abhay srivastava wrote:
>
> Try:
>
> - hosts: dpie_prod
> user: dpiesa
> become: True
> tasks:
> - name: install telnet
> yum: pkg=telnet state=installed update_cache=true
> #command: sudo yum install telnet -y
>
>
>
>
> On Sat, May 19, 2018 at 12:56 AM, 'Kallu Srikanth' via Ansible Project <
> ansible...@googlegroups.com > wrote:
>
>> Hi,
>>
>> I highly appreciate if anybody can help, please
>>
>> ### playbook ##
>>
>> - hosts: dpie_prod
>> user: dpiesa
>> tasks:
>> - name: install telnet
>> yum: pkg=telnet state=installed update_cache=true
>> #command: sudo yum install telnet -y
>> become: yes
>> become_user: root
>> become_method: sudo
>>
>> The above does not work and throws this error
>>
>> TASK [install telnet]
>>
>> [WARNING]: Module invocation had junk after the JSON data: usage: sudo
>> -e [-S] [-p prompt] [-u username|#uid] file ...
>>
>> fatal: [lind01.corp.acxiom.net]: FAILED! => {"changed": false,
>> "module_stderr": "Shared connection to lind01.corp.acxiom.net
>> closed.\r\n", "module_stdout": "sudo: illegal option `-n'\r\nusage: sudo -h
>> | -K | -k | -L | -l | -V | -v\r\nusage: sudo [-bEHPS] [-p prompt] [-u
>> username|#uid] [VAR=value]\r\n{-i | -s | }\r\nusage:
>> sudo -e [-S] [-p prompt] [-u username|#uid] file ...\r\n", "msg": "MODULE
>> FAILURE", "rc": 1}
>> to retry, use: --limit
>> @/home/dpiesa/playbooks/install_telnet.retry
>>
>>
>> ##
>>
>> But below works
>>
>> - hosts: dpie_prod
>> user: dpiesa
>> tasks:
>> - name: install telnet
>> command: sudo yum install telnet -y
>>
>>
>>
>>
>> [dpiesa@cwypatch06 playbooks]$ ansible --version
>> ansible 2.5.2
>> config file = /etc/ansible/ansible.cfg
>> configured module search path =
>> [u'/home/dpiesa/.ansible/plugins/modules',
>> u'/usr/share/ansible/plugins/modules']
>> ansible python module location =
>> /usr/lib/python2.7/site-packages/ansible
>> executable location = /bin/ansible
>> python version = 2.7.5 (default, Aug 4 2017, 00:39:18) [GCC 4.8.5
>> 20150623 (Red Hat 4.8.5-16)]
>>
>>
>> I think I am not using become options correctly can somebody help ??
>>
>> Thank you.
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ansible-proje...@googlegroups.com .
>> To post to this group, send email to ansible...@googlegroups.com
>> .
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/2de5f3d4-b9b8-45be-b0c2-8941e4c55c52%40googlegroups.com
>>
>> <https://groups.google.com/d/msgid/ansible-project/2de5f3d4-b9b8-45be-b0c2-8941e4c55c52%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> --
> Regards,
> Abhay Srivastava
> ---
> Mob-9160512000
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/573867fd-3869-4395-a0d1-7c20fb415e7c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [ansible-project] Need help to find how to run root command with non-root user and escalated privilages
Not sure how can I specifically remove this -n
Below is my code/error/other info if you can help, please
Code : -
---
- hosts: dpie_prod
user: dpiesa
become: yes
become_method: enable
tasks:
- name: install telnet
yum: pkg=telnet state=present update_cache=true
ERROR:
fatal: [lind01]: FAILED! => {"changed": false, "msg": "You need to be root
to perform this command.\n", "rc": 1, "results": ["Loaded plugins:
fastestmirror, package_upload, product-id, search-disabled-\n
: repos, security, subscription-manager\n"]}
But I can run this successfully manually on a server like this without
password
#dpiesa@lind01:/home/dpiesa> sudo yum install telnet
Also can become root like this
dpiesa@lind01:/home/dpiesa> become
root@lind01:/root>
On Monday, May 21, 2018 at 10:35:10 PM UTC-5, Brian Coca wrote:
>
> You seem to have a non standard/old sudo, change the default
> become_flags as they seem to be causing the problem, specifically,
> remove -n (default: '-H -S -n'
> )
>
> --
> --
> Brian Coca
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/f6dd1c80-7dfb-4090-a3f6-2cfda49f56c5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[ansible-project] Need help to find how to run root command with non-root user and escalated privilages
Hi,
I highly appreciate if anybody can help, please
### playbook ##
- hosts: dpie_prod
user: dpiesa
tasks:
- name: install telnet
yum: pkg=telnet state=installed update_cache=true
#command: sudo yum install telnet -y
become: yes
become_user: root
become_method: sudo
The above does not work and throws this error
TASK [install telnet]
[WARNING]: Module invocation had junk after the JSON data: usage: sudo -e
[-S] [-p prompt] [-u username|#uid] file ...
fatal: [lind01.corp.acxiom.net]: FAILED! => {"changed": false,
"module_stderr": "Shared connection to lind01.corp.acxiom.net closed.\r\n",
"module_stdout": "sudo: illegal option `-n'\r\nusage: sudo -h | -K | -k |
-L | -l | -V | -v\r\nusage: sudo [-bEHPS] [-p prompt] [-u username|#uid]
[VAR=value]\r\n{-i | -s | }\r\nusage: sudo -e [-S] [-p
prompt] [-u username|#uid] file ...\r\n", "msg": "MODULE FAILURE", "rc": 1}
to retry, use: --limit @/home/dpiesa/playbooks/install_telnet.retry
##
But below works
- hosts: dpie_prod
user: dpiesa
tasks:
- name: install telnet
command: sudo yum install telnet -y
[dpiesa@cwypatch06 playbooks]$ ansible --version
ansible 2.5.2
config file = /etc/ansible/ansible.cfg
configured module search path =
[u'/home/dpiesa/.ansible/plugins/modules',
u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /bin/ansible
python version = 2.7.5 (default, Aug 4 2017, 00:39:18) [GCC 4.8.5
20150623 (Red Hat 4.8.5-16)]
I think I am not using become options correctly can somebody help ??
Thank you.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/2de5f3d4-b9b8-45be-b0c2-8941e4c55c52%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
