Ansible reports “permission denied” when issuing command on remote host

1,458 views
Skip to first unread message

Howard Lee

unread,
Jun 2, 2016, 1:12:45 PM6/2/16
to Ansible Project

Ansible 2.1
Ansible host: Ubuntu 16.04
Remote host: CentOS 6.5


I have a simple ansible project:

├── hosts
├── roles
│   └── setup
│       ├── defaults
│       │   └── main.yml
│       ├── tasks
│       │   └── main.yml
│       └── templates
│           └── automation-agent.config.j2
└── site.yml


Command I used to run playbook:

ansible-playbook -i hosts site.yml --user admin --ask-pass


On the remote host, I have set up user admin with root priviledge:

root    ALL=(ALL)       ALL
admin   ALL=(ALL)       ALL


However, one of the playbook tasks ran into issue:

- name: Back up Automation Agent config file if exists
  command: mv /etc/mongodb-mms/automation-agent.config /etc/mongodb-mms/automation-agent.config.bak

Ansible reports:

TASK [setup : Back up Automation Agent config file if exists] ******************
fatal: [192.168.241.135]: FAILED! => {"changed": true, "cmd": ["mv", "/etc/mongodb-mms/automation-agent.config", "/etc/mongodb-mms/automation-agent.config.bak"], "delta": "0:00:00.002588", "end": "2016-06-01 22:57:55.577158", "failed": true, "rc": 1, "start": "2016-06-01 22:57:55.574570", "stderr": "mv: cannot move `/etc/mongodb-mms/automation-agent.config' to `/etc/mongodb-mms/automation-agent.config.bak': Permission denied", "stdout": "", "stdout_lines": [], "warnings": []}


Noted that permission setting on /etc/mongodb-mms/automation-agent.config is 0600

-rw-------. 1 mongod mongod 313 Jun 1 04:48 automation-agent.config


Apparently one would need sudo priviledge to make changes to this file. I have tried Ansible's --become and --become-user, but not having success.

ansible-playbook -i hosts site.yml --user admin --ask-pass --become --become-user admin



What should I do in Ansible to gain sudo and make changes to that file?

Brian Coca

unread,
Jun 2, 2016, 1:15:29 PM6/2/16
to ansible...@googlegroups.com
try this:
ansible-playbook -i hosts site.yml --user admin --ask-pass --become 

`--become-user admin` is basically telling ansible to login as admin and then use sudo to become admin, which is basically useless. With the command above it will become 'root', the default.

----------
Brian Coca

Kai Stian Olstad

unread,
Jun 2, 2016, 3:51:02 PM6/2/16
to ansible...@googlegroups.com
On 02. juni 2016 19:15, Brian Coca wrote:
> try this:
> ansible-playbook -i hosts site.yml --user admin --ask-pass --become

You also need to add --ask-become-pass

--
Kai Stian Olstad

Howard Lee

unread,
Jun 3, 2016, 12:42:53 PM6/3/16
to Ansible Project, ansible-pr...@olstad.com
Yes, --ask-become-pass helped. Removing '--become-user admin' as it is redundant. The whole command now is:

ansible-playbook -i hosts site.yml --user admin --ask-pass --become --ask-become-pass

This is telling Ansible to ssh using 'admin', and uses 'admin' sudo priviledge to play tasks. It works great.

Thanks.

gdel...@gmail.com

unread,
Jun 4, 2016, 1:11:08 AM6/4/16
to Ansible Project, ansible-pr...@olstad.com
You can just add become: yes in your playbook so you don't have to define it when running the command.
Reply all
Reply to author
Forward
0 new messages