On my remote host the user install is limited to sudo su -

44 views
Skip to first unread message

Jochen Benke

unread,
Oct 11, 2019, 11:50:33 AM10/11/19
to Ansible Project

On my remote host the user install is limited to sudo su -

/etc/sudoers

%install ALL=(ALL) /bin/su -

--> hosts
[ibmcloud_msbms]
ibmcloud_msbms-01 ansible_port=22 ansible_host=192.168.0.24 ansible_user=install root_path=/root os=redhat ansible_sudo_pass=xxxxx

--> playbook

  • name: "iotmsinstallinstall - all MSB runtimes."
    hosts: all
    pre_tasks:
    • include_vars:
      file: inventories/common/vars.yml
      roles:
    • iotmsinstall

--> task

  • name: "iotmsinstall - create iot messagesight group"
    group:
    name: "{{ common.iotms.group }}"
    gid: "{{ common.iotms.gid }}"
    become: yes
    become_user: root
    become_method: su

when I now run ansible-playbook with

ansible-playbook -i inventories/environments/hosts -vvv --limit ibmcloud_msbms-01 01_msb_iotms_install.yml

Result:

TASK [iotmsinstall : iotmsinstall - create iot messagesight group] **********************************************************************************************************************************************************************************************************************************
task path: /root/msb/msb_ms_config/msb_ms_install/roles/iotmsinstall/tasks/main.yml:14
<169.62.188.24> ESTABLISH SSH CONNECTION FOR USER: install
<169.62.188.24> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="install"' -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/996142a655 169.62.188.24 '/bin/sh -c '"'"'echo ~install && sleep 0'"'"''
<169.62.188.24> (0, '/home/install\n', '')
<169.62.188.24> ESTABLISH SSH CONNECTION FOR USER: install
<169.62.188.24> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="install"' -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/996142a655 169.62.188.24 '/bin/sh -c '"'"'( umask 77 && mkdir -p "echo /home/install/.ansible/tmp/ansible-tmp-1570807943.55-244746696635726" && echo ansible-tmp-1570807943.55-244746696635726="echo /home/install/.ansible/tmp/ansible-tmp-1570807943.55-244746696635726" ) && sleep 0'"'"''
<169.62.188.24> (0, 'ansible-tmp-1570807943.55-244746696635726=/home/install/.ansible/tmp/ansible-tmp-1570807943.55-244746696635726\n', '')
Using module file /usr/lib/python2.7/site-packages/ansible/modules/system/group.py
<169.62.188.24> PUT /root/.ansible/tmp/ansible-local-8491uuQPyt/tmpjP3jQp TO /home/install/.ansible/tmp/ansible-tmp-1570807943.55-244746696635726/AnsiballZ_group.py
<169.62.188.24> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="install"' -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/996142a655 '[169.62.188.24]'
<169.62.188.24> (0, 'sftp> put /root/.ansible/tmp/ansible-local-8491uuQPyt/tmpjP3jQp /home/install/.ansible/tmp/ansible-tmp-1570807943.55-244746696635726/AnsiballZ_group.py\n', '')
<169.62.188.24> ESTABLISH SSH CONNECTION FOR USER: install
<169.62.188.24> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="install"' -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/996142a655 169.62.188.24 '/bin/sh -c '"'"'chmod u+x /home/install/.ansible/tmp/ansible-tmp-1570807943.55-244746696635726/ /home/install/.ansible/tmp/ansible-tmp-1570807943.55-244746696635726/AnsiballZ_group.py && sleep 0'"'"''
<169.62.188.24> (0, '', '')
<169.62.188.24> ESTABLISH SSH CONNECTION FOR USER: install
<169.62.188.24> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="install"' -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/996142a655 -tt 169.62.188.24 '/bin/sh -c '"'"'su root -c '"'"'"'"'"'"'"'"'/bin/sh -c '"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-lsokftpdokaikbgqbyxfswoeislvcsfg ; /usr/bin/python /home/install/.ansible/tmp/ansible-tmp-1570807943.55-244746696635726/AnsiballZ_group.py'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"''"'"'"'"'"'"'"'"' && sleep 0'"'"''
fatal: [ibmcloud_msbms-01]: FAILED! => {
"msg": "Timeout (12s) waiting for privilege escalation prompt: "
}

ISSUE TYPE
  • Bug Report or Question
ANSIBLE VERSION
ansible 2.8.5
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Jun 20 2019, 20:27:34) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)

Kai Stian Olstad

unread,
Oct 11, 2019, 5:38:07 PM10/11/19
to ansible...@googlegroups.com
On 11.10.2019 17:50, Jochen Benke wrote:
> On my remote host the user install is limited to sudo su -
>
> /etc/sudoers
>
> %install ALL=(ALL) /bin/su -

Ansible need full sudo or full su access.
It can use a combination of sudo and su like this.


--
Kai Stian Olstad
Reply all
Reply to author
Forward
0 new messages