ansible privilege escalation ( sudo su - )
34 views
Skip to first unread message
Suresh R
Mar 12, 2020, 1:01:51 AM3/12/20
to Ansible Project
i have command sudo su - is working fine when we do ssh to the server. BTW we were unable to execute the same through ansible.
Here is my ansible playbook and ansible.cfg
-
name: play1
hosts: all
become: yes
become_user: root
become_method: su
tasks:
- name: task1
command: whoami
name: play1
hosts: all
become: yes
become_user: root
become_method: su
tasks:
- name: task1
command: whoami
ansible.cfg
[defaults]
timeout = 30
host_key_checking = False
log_path=/automation/logs/ansible.log
forks = 20
[privilege_escalation]
become_exe='sudo su -'
timeout = 30
host_key_checking = False
log_path=/automation/logs/ansible.log
forks = 20
[privilege_escalation]
become_exe='sudo su -'
upon execution getting the below error. Not sure what am missing, can you help me to narrow down the issue.
debug1: auto-mux: Trying existing master
debug2: fd 3 setting O_NONBLOCK
debug2: mux_client_hello_exchange: master version 4
debug3: mux_client_forwards: request forwardings: 0 local, 0 remote
debug3: mux_client_request_session: entering
debug3: mux_client_request_alive: entering
debug3: mux_client_request_alive: done pid = 22143
debug3: mux_client_request_session: session request sent
debug1: mux_client_request_session: master session id: 2
debug3: mux_client_read_packet: read header failed: Broken pipe
debug2: Received exit status from master 1
Shared connection to hostname closed.
module_stdout: |-
Sorry, user username is not allowed to execute '/bin/su - root -c /bin/sh -c 'echo BECOME-SUCCESS-dfpfswsrshaqshzzihkprpuufxkkidfh; /usr/bin/python /local_home/username/.ansible/tmp/ansible-tmp-1583988062.13-162077793143077/setup.py'' as root on hostname.
msg: MODULE FAILURE
rc: 1
debug2: fd 3 setting O_NONBLOCK
debug2: mux_client_hello_exchange: master version 4
debug3: mux_client_forwards: request forwardings: 0 local, 0 remote
debug3: mux_client_request_session: entering
debug3: mux_client_request_alive: entering
debug3: mux_client_request_alive: done pid = 22143
debug3: mux_client_request_session: session request sent
debug1: mux_client_request_session: master session id: 2
debug3: mux_client_read_packet: read header failed: Broken pipe
debug2: Received exit status from master 1
Shared connection to hostname closed.
module_stdout: |-
Sorry, user username is not allowed to execute '/bin/su - root -c /bin/sh -c 'echo BECOME-SUCCESS-dfpfswsrshaqshzzihkprpuufxkkidfh; /usr/bin/python /local_home/username/.ansible/tmp/ansible-tmp-1583988062.13-162077793143077/setup.py'' as root on hostname.
msg: MODULE FAILURE
rc: 1
Dick Visser
Mar 12, 2020, 4:08:50 AM3/12/20
to ansible...@googlegroups.com
You manually use sudo but the in your playbook you use su?
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/bf0a6b05-1fd9-4bda-98e2-5e8f6f3717d8%40googlegroups.com.
Sent from a mobile device - please excuse the brevity, spelling and punctuation.
Suresh R
Mar 17, 2020, 3:59:53 PM3/17/20
to Ansible Project
can you provide the correct method for my situation ?
To unsubscribe from this group and stop receiving emails from it, send an email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/bf0a6b05-1fd9-4bda-98e2-5e8f6f3717d8%40googlegroups.com.
Dick Visser
Mar 17, 2020, 6:36:07 PM3/17/20
to ansible...@googlegroups.com
On Tue, 17 Mar 2020 at 21:00, Suresh R <sures...@gmail.com> wrote:
>
> can you provide the correct method for my situation ?
Probably - but only if you provide the details how privilege
>
> can you provide the correct method for my situation ?
escalation is configured on your target host.
Reply all
Reply to author
Forward
0 new messages