Even I have issues running ansible with powerbroker. Can you please advise?
The output from ansible server is ************TRUNCATED********************** <bonnie.corp.toronto.ca> ESTABLISH SSH CONNECTION FOR USER: ithakur <bonnie.corp.toronto.ca> SSH: EXEC sshpass -d14 ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o User=ithakur -o ConnectTimeout=10 -o ControlPath=/home/ithakur/.ansible/cp/f7a7b94991 bonnie.corp.toronto.ca '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /home/ithakur/.ansible/tmp/ansible-tmp-1544716066.76-279050599284853 `" && echo ansible-tmp-1544716066.76-279050599284853="` echo /home/ithakur/.ansible/tmp/ansible-tmp-1544716066.76-279050599284853 `" ) && sleep 0'"'"'' <bonnie.corp.toronto.ca> (0, 'ansible-tmp-1544716066.76-279050599284853=/home/ithakur/.ansible/tmp/ansible-tmp-1544716066.76-279050599284853\n', '') Using module file /usr/lib/python2.7/site-packages/ansible/modules/commands/command.py <bonnie.corp.toronto.ca> PUT /home/ithakur/.ansible/tmp/ansible-local-99556TgIARg/tmpq1ZjQE TO /home/ithakur/.ansible/tmp/ansible-tmp-1544716066.76-279050599284853/command.py <bonnie.corp.toronto.ca> SSH: EXEC sshpass -d14 sftp -o BatchMode=no -b - -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o User=ithakur -o ConnectTimeout=10 -o ControlPath=/home/ithakur/.ansible/cp/f7a7b94991 '[bonnie.corp.toronto.ca]' <bonnie.corp.toronto.ca> (0, 'sftp> put /home/ithakur/.ansible/tmp/ansible-local-99556TgIARg/tmpq1ZjQE /home/ithakur/.ansible/tmp/ansible-tmp-1544716066.76-279050599284853/command.py\n', '') <bonnie.corp.toronto.ca> ESTABLISH SSH CONNECTION FOR USER: ithakur <bonnie.corp.toronto.ca> SSH: EXEC sshpass -d14 ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o User=ithakur -o ConnectTimeout=10 -o ControlPath=/home/ithakur/.ansible/cp/f7a7b94991 bonnie.corp.toronto.ca '/bin/sh -c '"'"'chmod u+x /home/ithakur/.ansible/tmp/ansible-tmp-1544716066.76-279050599284853/ /home/ithakur/.ansible/tmp/ansible-tmp-1544716066.76-279050599284853/command.py && sleep 0'"'"'' <bonnie.corp.toronto.ca> (0, '', '') <bonnie.corp.toronto.ca> ESTABLISH SSH CONNECTION FOR USER: ithakur <bonnie.corp.toronto.ca> SSH: EXEC sshpass -d14 ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o User=ithakur -o ConnectTimeout=10 -o ControlPath=/home/ithakur/.ansible/cp/f7a7b94991 -tt bonnie.corp.toronto.ca '/bin/sh -c '"'"'pbrun -u root '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-mqwghadmolrcjovmnwvtcsmcbeorgfzs; /usr/bin/python /home/ithakur/.ansible/tmp/ansible-tmp-1544716066.76-279050599284853/command.py'"'"'"'"'"'"'"'"' && sleep 0'"'"'' <bonnie.corp.toronto.ca> (127, 'Command rejected !\r\n\r\nYou can run the following commands on bonnie.corp.toronto.ca :\r\npbrun su -\r\npbrun gentok username token YYYY/MM/DD YYYY/MM/DD server1 server2 ...\r\n\r\npbrun9.4.3-18[119443]: If you need further help, please contact SysAdmin!\r\n', 'Shared connection to bonnie.corp.toronto.ca closed.\r\n') <bonnie.corp.toronto.ca> ESTABLISH SSH CONNECTION FOR USER: ithakur <bonnie.corp.toronto.ca> SSH: EXEC sshpass -d14 ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o User=ithakur -o ConnectTimeout=10 -o ControlPath=/home/ithakur/.ansible/cp/f7a7b94991 bonnie.corp.toronto.ca '/bin/sh -c '"'"'rm -f -r /home/ithakur/.ansible/tmp/ansible-tmp-1544716066.76-279050599284853/ > /dev/null 2>&1 && sleep 0'"'"'' <bonnie.corp.toronto.ca> (0, '', '') fatal: [bonnie.corp.toronto.ca]: FAILED! => { "changed": false, "module_stderr": "Shared connection to bonnie.corp.toronto.ca closed.\r\n", ##################################### tHE POWER BROKER CONF FILE IS AnsibleUsers = {"ansible", "ithakur"}; AnsibleCommands = {"/bin/sh" , "/usr/bin/python"}; if ( user in AnsibleUsers && command in AnsibleCommands ) { if ( ( runargv[1] == "-c" && runargv[2] == "echo" ) || ( glob("~/.ansible/tmp/ansible-tmp-*/command.py", runargv[1]) == 0 ) ) { runuser = "root"; rungroup = "!g!"; rungroups = {"!G!"}; runcommand = command; # runcommand = basename(command); # setenv("PATH", "/sbin:/bin:/usr/bin:/usr/local/bin:/usr/sbin"); # iolog = logmktemp("/tmp/" + user + "/pb." + user + "." + command + "."+ strftime("%m-%d-%y.%H-%M-%S")+ ".XXXXXX"); # print("This request will be logged in:", iolog); accept; } } cAN YOU ADVISE WHY IT FAILS. THERE IS A GLOBAL POLICY WHER I HAVE pbrun su - On Friday, April 1, 2016 at 7:18:16 PM UTC-4, phillip....@gmail.com wrote: > > I'm relatively experienced with Ansible 1.3, but just now trying to bring > Ansible 2.0 for the first time in a new project (and hoping to displace > chef). I Have round 1k servers to manage that use pbrun, but others > installed and control pbrun, > I have traditional sudo in a few of these hosts as well, but pbrun is the > preferred privilege elevation method > > I use all ssh-config auth in the following example. > > HELP - I really need to figure this out, as ansible will be mostly useless > to me unless I can reliably use it with pbrun > > $ ansible all -i myhosts -o -m shell -a 'uptime' -b --become-method pbrun > c00413.mydom.com | FAILED! => {"changed": false, "failed": true, > "module_stderr": "", "module_stdout": "/bin/bash: pbrun: command not > found\r\n", "msg": "MODULE FAILURE", "parsed": false} > c00414.mydom.com | FAILED! => {"changed": false, "failed": true, > "module_stderr": "", "module_stdout": "/bin/bash: pbrun: command not > found\r\n", "msg": "MODULE FAILURE", "parsed": false} > c00415.mydom.com | FAILED! => {"changed": false, "failed": true, > "module_stderr": "", "module_stdout": "/bin/bash: pbrun: command not > found\r\n", "msg": "MODULE FAILURE", "parsed": false} > c00416.mydom.com | FAILED! => {"changed": false, "failed": true, > "module_stderr": "", "module_stdout": "/bin/bash: pbrun: command not > found\r\n", "msg": "MODULE FAILURE", "parsed": false} > c00417.mydom.com | FAILED! => {"changed": false, "failed": true, > "module_stderr": "", "module_stdout": "/bin/bash: pbrun: command not > found\r\n", "msg": "MODULE FAILURE", "parsed": false} > c00418.mydom.com | FAILED! => {"changed": false, "failed": true, > "module_stderr": "", "module_stdout": "/bin/bash: pbrun: command not > found\r\n", "msg": "MODULE FAILURE", "parsed": false} > > > $ ansible all -i myhosts -o -m shell -a 'uptime' -b --become-method > '/opt/pb/bin/pbrun' > c00413.mydom.com | FAILED! => {"failed": true, "msg": "Privilege > escalation method not found: /opt/pb/bin/pbrun"} > c00414.mydom.com | FAILED! => {"failed": true, "msg": "Privilege > escalation method not found: /opt/pb/bin/pbrun"} > c00415.mydom.com | FAILED! => {"failed": true, "msg": "Privilege > escalation method not found: /opt/pb/bin/pbrun"} > c00416.mydom.com | FAILED! => {"failed": true, "msg": "Privilege > escalation method not found: /opt/pb/bin/pbrun"} > c00417.mydom.com | FAILED! => {"failed": true, "msg": "Privilege > escalation method not found: /opt/pb/bin/pbrun"} > c00418.mydom.com | FAILED! => {"failed": true, "msg": "Privilege > escalation method not found: /opt/pb/bin/pbrun"} > > *Here is my cfg file ... i did make a few changes trying to troubleshoot > this* > > [defaults] > > # some basic default values... > > hostfile = ./hosts > inventory = ./hosts > library = /usr/share/ansible > remote_tmp = $HOME/.ansible/tmp > pattern = * > forks = 20 > poll_interval = 10 > sudo_user = root > transport = ssh > remote_port = 22 > module_lang = C > > gathering = implicit > > # change this for alternative sudo implementations > #sudo_exe = sudo <<changed this > #module_name = shell <<changed this > #ask_sudo_pass= true <<changed this > > executable = /bin/bash <<added this > # the message changed when I made that change > #FAILED! => {"changed": false, "failed": true, "module_stderr": "", > "module_stdout": "/bin/sh: pbrun: command not found\r\n", "msg": "MODULE > FAILURE", "p arsed": false} > > # SSH timeout > timeout = 3 > > [ssh_connection] > > # ssh arguments to use > # Leaving off ControlPersist will result in poor performance, so use > # paramiko on older platforms rather than removing it > ssh_args = -o ControlMaster=auto -o ControlPersist=1800s > #1800 seconds is 30min > > > > > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/cd189d54-265a-43c8-8224-cccbb3154adc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.