Promlem with : ssh as regular user which has sudo priviledges, and execute tasks as sudo

[Dhruvin Shah]

Hi All,

I have a situation where, we need to disable the "root" user. and need to make configuration changes to linux servers using a regular(cafe3) user which has sudo privileges.

To achieve that, I am ssh in to server using "cafe3" using ansible, and mentioning the --sudo flag while executing it.

Ansible-Attempt-1:

~>ansible all --inventory-file=inv_my.yaml -m setup -u root --ask-pass --sudo-user=root --ask-sudo-pass --sudo

SSH password:

sudo password [defaults to SSH password]:

vcac148-085-217.eng.vmware.com | FAILED => Authentication failure.

Ansible-Attempt-2:

~>ansible all --inventory-file=inv_my.yaml -m setup -u root --ask-pass --sudo-user=cafe3 --ask-sudo-pass --sudo

SSH password:

sudo password [defaults to SSH password]:

vcac148-085-217.eng.vmware.com | FAILED => Authentication failure.

Manual attempt-3:

If I ssh in to server using user as cafe3, and try to run command like "sudo ls". It works fine.

It does ask me for sudo password and I provided the same password as I did in attempt-1 and attempt-2 above.

Please help. Thanks in advance.

- Dhruvin Shah

[Matt Martz]

I believe you have some of your options a little backwards.

You specified that you cannot login as root, however '-u root' specifies that you are attempting to connect via the root user.

You probably want:

ansible all --inventory-file=inv_my.yaml -m setup -u cafe3 --ask-pass --ask-sudo-pass --sudo

A few additional things:

1. --sudo-user=cafe3 will tell ansible that you want to run the sudo commands as cafe3, you instead wants this to be 'root'

2. The default for --sudo-user is root so you can actually just leave that off

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/dd3cc010-d972-424f-8ce8-8506b935b91f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Matt Martz
@sivel
sivel.net

[Dhruvin Shah]

Thanks Matt. Appreciate your help and time.

So I tried the command which you posted, still no success.

ansible all --inventory-file=inv_my.yaml -m setup -u cafe3 --ask-pass --ask-sudo-pass --sudo -vv

SSH password:

sudo password [defaults to SSH password]:

<vcac148-085-217.eng.vmware.com> REMOTE_MODULE setup

vcac148-085-217.eng.vmware.com | FAILED => SSH encountered an unknown error during the connection. We recommend you re-run the command using -vvvv, which will enable SSH debugging output to help diagnose the issue

Please help me figure the problem with my usage or a workaround here.

Thanks,

Dhruvin Shah

[Matt Martz]

As mentioned in the output, add -vvvv to your ansible command. It should help identify the issue.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/77f8343a-c242-438e-be0f-9633754abedd%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.