unable to update sudoers file on RH6u5 with validate option.

183 views
Skip to first unread message

Yasir Saleem

unread,
Jul 24, 2014, 9:05:59 AM7/24/14
to ansible...@googlegroups.com

Hi,
  I am not able to change '/etc/sudoers' file successfully on RH 6.5 (Santiago) when using validate option. The same thing works fine on RH6u4 sever.

Below is my playbook and response from the server.

Note: When I run the commented 'lineinfile' task works fine on RH6u5 as well but I want to validate before changing 'sudoers' file.

- hosts: proxy
  gather_facts: yes
  remote_user: "{{ ssh_remote_user }}"
  sudo: yes
  tasks:
    - name: update sudoer file to allow ADMIN nopasswd
      lineinfile: dest=/etc/sudoers state=present regexp='^%admin ALL =' line='%admin ALL=(ALL) NOPASSWD:ALL' validate='visudo -cf %s'
      #lineinfile: dest=/etc/sudoers state=present regexp='^%admin ALL =' line='%admin ALL=(ALL) NOPASSWD:ALL'


TASK: [update sudoer file to allow ADMIN nopasswd] ******************************* 
failed: [proxy10-qa1] => {"cmd": "visudo -cf /tmp/tmp8UPaDy", "failed": true, "rc": 2}
msg: [Errno 2] No such file or directory

FATAL: all hosts have already failed -- aborting

Thanks,
Yasir.

Michael DeHaan

unread,
Jul 24, 2014, 6:43:10 PM7/24/14
to ansible...@googlegroups.com
Hmmmm.

No such file or directory *MIGHT* be referring to visudo.  Can you try explicitly pathing it?




--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/ffda7799-0b24-469a-89fa-476dc389024c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Yasir Saleem

unread,
Jul 25, 2014, 9:17:00 AM7/25/14
to ansible...@googlegroups.com
Mike,

  I am sorry, I was able to fix the problem by specify full path for visudo command. It was in '/usr/sbin/visudo' 

Validate part looks like below:

validate='/usr/sbin/visudo -cf %s' 

For my RH6U5 boxes root does not have /usr/sbin in the path.

I could have replied earlier, When I tried to reply yesterday I was not able to access the group...

Thanks,

Yasir.
Reply all
Reply to author
Forward
0 new messages