Re: [ansible-project] Re: Permissions issue, cannot become root

2017-08-11 Thread prakash ranjan 
I am also facing the same issue. tried several options but no solution.

Unable to take privilege of "sudo su -". 

This is content of my playbook. Commented ones shows that I have tried 
those options. I have also tried many options with command lines.

---
- hosts: all
#  remote_user: root
#  become: yes
#  become_method: sudo
#  become_exe: "sudo su -"
  become_user: root
  tasks:
 - name: run adhoc command which required root priviledge
#   command: /usr/bin/cat /root/ab
shell: su monitor -l -c "/usr/bin/cat /root/ab"
#   remote_user: root
#   become: yes #true
#   become_method: sudo
#   become_flags: '-u' # '-s /bin/sh'
#   become_user: root

-Prakash

On Monday, July 3, 2017 at 8:14:44 PM UTC-7, Brian Coca wrote:
>
> you don't even need become_user: root as that is the default. 
>
> -- 
> Brian Coca 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/a11dd1b1-7135-4d51-9ec6-2283d982e181%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Ansible SSH as one user and Sudo as another

2017-09-05 Thread prakash ranjan 
Hi,

This is what I'm getting:-

Working without sudo. But not with sudo option.

ansibledir$ ansible all -m command -a 'whoami'
 | SUCCESS | rc=0 >>
pranjan

ansibledir$ ansible all -m command -a 'whoami' --sudo -K
SUDO password: 
 | FAILED! => {
"changed": false, 
"failed": true, 
"module_stderr": "Shared connection to dc1-io-new closed.\r\n", 
"module_stdout": "\r\nSorry, user pranjan is not allowed to execute 
'/bin/sh -c echo BECOME-SUCCESS-bgclrmmybsvnbasemntshqvjavcnqvjf; 
/usr/bin/python 
/home/pranjan/.ansible/tmp/ansible-tmp-1504636239.12-238251240956861/command.py;
 
rm -rf 
\"/home/pranjan/.ansible/tmp/ansible-tmp-1504636239.12-238251240956861/\" > 
/dev/null 2>&1' as root on \r\n", 
"msg": "MODULE FAILURE", 
"rc": 1
}

Please help on this.

Thanks
Prakash

On Wednesday, January 21, 2015 at 8:51:46 AM UTC-8, tkuratomi wrote:
>
> On Wed, Jan 21, 2015 at 8:05 AM, Stuart Budd  > wrote: 
> > I still do not understand this. 
> > 
> > 
> > Example 1: 
> > 
> > Ansible Local Server   Remote server 
> > local-01 remote-01 
> > ---  
> > Local user foo--> ssh -->Remote user foo 
> > 
> > 
> > I do not understand how Ansible knows what user account to use on the 
> local 
> > and remote servers for the purposes of the SSH connection if no user 
> account 
> > is specified within the command line  ( ansible_ssh_user=foo ) or 
> > /etc/ansible/hosts file. 
> > 
>
> Ansible (and the ssh commandline) defaults to using the same username 
> on the remote server as you are logged into on the local server. 
>
> So if nothing is specified, If you invoke ansible from the local user 
> foo account, ansible will attempt to connect to a remote user foo 
> account. 
>
> > I will ask a new separate question. 
> > 
> > 
> > Example 2: 
> > 
> > Ansible Local Server   Remote server 
> > local-01 remote-01 
> > ---  
> > Local user foo--> ssh -->Remote user foo 
> > bar 
> > (foo user uses sudo to run command as bar) 
> > 
> > I still can not get this to work. The SSH connection is working fine for 
> > user foo and if the foo user uses sudo to run a command as user bar on 
> the 
> > remote server it works fine but I still can not get Ansible to glue it 
> > together. 
> > 
> This should work.  Try something like this: 
>
> $ ansible rhel7-test --sudo -K -a 'whoami' 
> sudo password: 
> rhel7-test | success | rc=0 >> 
> root 
>
> $ sudo vim /etc/ansible/ansible.cfg 
> $ # Edit the sudo_user config so that: sudo_user  = ansibletest1 
> $ ansible rhel7-test --sudo -K -a 'whoami' 
> sudo password: 
> rhel7-test | success | rc=0 >> 
> ansibletest1 
>
> > I will ask a separate question about this. 
> > This was my main question really. I have one non-root user that allows 
> SSH, 
> > but can not use sudo for root access. 
> > So I can not use the same example as above. 
> > 
> This sounds slightly problematic 
> *  To be able to administrate this box at all you'll need a chain of 
> accounts from the account you ssh in as to an account that has all of 
> the privileges that you need (usually the root account so that you can 
> do anything you need). 
> * To be able to run ansible efficiently you should have an account 
> that can ssh in and either has the privileges you need or be one sudo 
> or su login away from the account that has all the privileges you 
> need. 
>
> However all is not lost because: 
> * You can be more than one sudo login away (as bcoca's explanation was 
> showing) but that is harder to achieve, has many caveats, and is much 
> harder to explain clearly :-) 
> * If you have an account that can sudo to root you should be able to 
> either add the account you can ssh in as to /etc/sudoers or add SSH 
> keys to the account that you can sudo to root from so that you can SSH 
> into the box as the aaccount that's only one sudo step away from root. 
>
> -Toshio 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/64573e96-886a-4ae8-abfa-2421a7b87519%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.