Cannot extract the proper ENV value for SUDO_USER while invoking ansible script using python
9 views
Skip to first unread message
Rakesh Parida
Dec 10, 2019, 6:31:19 AM12/10/19
to Ansible Project
Hi
I have a Ansible playbook as below:
test.env.yml
---
- hosts: localhost
tasks:
- debug: msg="{{ lookup('env','SUDO_USER') }} is an environment variable"
Now i have setup a python virtual env and want to invoke the playbook using python:
my Python script is as follows:
#!/opt/raka/ansible_python27/.venv/bin/python
from __future__ import print_function
import argparse
import os
import subprocess
import shlex
import yaml
command = 'sudo ANSIBLE_CONFIG=/opt/raka/ansible_python27/ansible_config/ansible.cfg ANSIBLE_FORCE_COLOR=true ANSIBLE_DIFF_CONTEXT=0 /opt/raka/ansible_python27/.venv/bin/ansible-playbook /home/raka/test.env.yml'
print('Running Playbook: ', command)
subprocess.call(shlex.split('sudo ANSIBLE_CONFIG=/opt/raka/ansible_python27/ansible_config/ansible.cfg ANSIBLE_FORCE_COLOR=true ANSIBLE_DIFF_CONTEXT=0 /opt/raka/ansible_python27/.venv/bin/ansible-playbook /home/raka/test.env.yml'))
Now when i execute the python script using sudo i get root user as SUDO_USER
sudo ./test.py
Running Playbook: sudo ANSIBLE_CONFIG=/opt/raka/ansible_python27/ansible_config/ansible.cfg ANSIBLE_FORCE_COLOR=true ANSIBLE_DIFF_CONTEXT=0 /opt/raka/ansible_python27/.venv/bin/ansible-playbook /home/rparida1/test.env.yml
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
PLAY [localhost] *****************************************************************************************************************************************************
TASK [Gathering Facts] ***********************************************************************************************************************************************
ok: [localhost]
TASK [debug] *********************************************************************************************************************************************************
ok: [localhost] => {
"msg": "root is an environment variable"
}
PLAY RECAP ***********************************************************************************************************************************************************
localhost : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
But when i execute it without sudo i get proper results.
./test.py
Running Playbook: sudo ANSIBLE_CONFIG=/opt/raka/ansible_python27/ansible_config/ansible.cfg ANSIBLE_FORCE_COLOR=true ANSIBLE_DIFF_CONTEXT=0 /opt/raka/ansible_python27/.venv/bin/ansible-playbook /home/rparida1/test.env.yml
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
PLAY [localhost] *****************************************************************************************************************************************************
TASK [Gathering Facts] ***********************************************************************************************************************************************
ok: [localhost]
TASK [debug] *********************************************************************************************************************************************************
ok: [localhost] => {
"msg": "rparida1 is an environment variable"
}
PLAY RECAP ***********************************************************************************************************************************************************
localhost : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Kindly let me know how can i extract the proper value of SUDO_USER using sudo
Dick Visser
Dec 10, 2019, 7:46:14 AM12/10/19
to ansible...@googlegroups.com
On Tue, 10 Dec 2019 at 12:31, Rakesh Parida <rakeshp...@gmail.com> wrote:
>
> Hi
>
> I have a Ansible playbook as below:
> test.env.yml
> ---
> - hosts: localhost
>
> tasks:
> - debug: msg="{{ lookup('env','SUDO_USER') }} is an environment variable"
>
> Now i have setup a python virtual env and want to invoke the playbook using python:
STOP
>
> Hi
>
> I have a Ansible playbook as below:
> test.env.yml
> ---
> - hosts: localhost
>
> tasks:
> - debug: msg="{{ lookup('env','SUDO_USER') }} is an environment variable"
>
> Now i have setup a python virtual env and want to invoke the playbook using python:
Running playbooks is done using 'ansible-playbook' - not with hand
crafted python scripts.
See https://docs.ansible.com/ansible/latest/cli/ansible-playbook.html
Also, it looks like you have an issue understanding privilege
escalation. Please look at the docs about that as well:
https://docs.ansible.com/ansible/latest/user_guide/become.html
Lastly - you haven't told what you are actually trying to achieve with ansible?
What are you trying to automate?
--
Dick Visser
Trust & Identity Service Operations Manager
GÉANT
Reply all
Reply to author
Forward
0 new messages