Separate "users" for normal and "sudo" operations

[Mikhail Sobolev]

Hi,

I have a setup where the remote sites are cygwin machines.

The main problem is that sudo is not available in any way (at least, I could not find any information on how to achieve this kind of functionality).

The question is: is it possible to use a different user to connect to the target machine to perform operations requiring "sudo"?

--
Misha

[Jim Richardson]

I am not clear on what you are asking for.  You can run a playbook as any user ( that you have the credentials for ) Perhaps you could give more details on what it is you are asking for? 

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

--
http://neon-buddha.net

[Brian Coca]

in more recent ansible, you can set 'remote_user:' at a task level and use that instead of sudo

you also have 'runas.exe' as a kind of sudo substitute on windows.

[Kesten Broughton]

I have had issues with sudo / normal users causing conflicts.  At first I made two copies of the playbook and had one with sudo, one without, but that is terrible for maintenance.

The per-task sudo: yes can be helpful for local actions, and per-task remote_user will be handy too.  But for running entire playbooks as either sudo or root...

The problem i faced was that i sometimes run as root and sometimes as a sudo user, and unfortunately, unlike a unix shell where running a sudo command as root is fine, ansible errors out with something like

"invalid output was: [sudo via ansible, key=gxdfdfcyogebthrkocompltleramynjw] password: 

Sorry, try again."

My solution now is to set all tasks with

  - hosts: foo

    sudo: "{{use_sudo}}"

and pass in use_sudo as an extra var ala,  ansible-playbook -i hosts site.yml --extra-vars="use_sudo=yes".

But it would be nice if ansible just made it possible to run sudo commands as root like normal unix.

Here is a more complete context of the problem i was trying to solve.

admin_user is the sometimes root, sometimes sudo user that can add new users.  It failed until I added the "use_sudo" arg as outlined above.

ansible-playbook -i hosts playbooks/utils/sudo_useradd.yml --extra-vars="hosts=bespin_cluster user=ansible pwd=*** admin_user=root sudo_pwd=required"

in sudo_useradd.yml

 - hosts: "{{hosts}}"

   vars:

     pwd_sudo_line: "%sudo  ALL=(ALL)   ALL" 

     no_pwd_sudo_line: "%sudo  ALL=(ALL)   NOPASSWD: ALL"

     sudoers_line: "{{pwd_sudo_line}}"  # default, can be over-ridden

   user: "{{admin_user}}"

   sudo: yes

   tasks:

TASK: [Add the desired lines] ************************************************* 

failed: [bespin] => {"failed": true, "item": "", "parsed": false}

failed: [Linux-Elasticsearch] => {"failed": true, "item": "", "parsed": false}

invalid output was: [sudo via ansible, key=gxdfdfcyogebthrkocompltleramynjw] password: 

Sorry, try again.

[Michael DeHaan]

 in latest devel Already is sudo would not have changed the user it is a noop.

-- Michael

[Mikhail Sobolev]

On Monday, 11 November 2013 19:23:39 UTC+2, Brian Coca wrote:

in more recent ansible, you can set 'remote_user:' at a task level and use that instead of sudo

you also have 'runas.exe' as a kind of sudo substitute on windows.

Thanks everyone for suggestions (I was a bit away madly doing manual upgrades :)).

So far using different 'remote_user' for tasks that do not require special privileges and for those that do sounds exactly what I was looking for (sorry, Jim, I did not describe my problem better).

--
Misha

[vin...@sendinblue.com]

Hi, 

I was facing the same issue until i changed the privilges of normal user to 'ALL' in sudoers file. Now ansible playbook doesn't asks for passwords for this user.