Need help to find how to run root command with non-root user and escalated privilages
530 views
Skip to first unread message
Kallu Srikanth
May 18, 2018, 3:26:50 PM5/18/18
to Ansible Project
Hi,
I highly appreciate if anybody can help, please
############### playbook ##################
- hosts: dpie_prod
user: dpiesa
tasks:
- name: install telnet
yum: pkg=telnet state=installed update_cache=true
# command: sudo yum install telnet -y
become: yes
become_user: root
become_method: sudo
The above does not work and throws this error
TASK [install telnet] ****************************************************************************************************************************************
[WARNING]: Module invocation had junk after the JSON data: usage: sudo -e [-S] [-p prompt] [-u username|#uid] file ...
fatal: [lind01.corp.acxiom.net]: FAILED! => {"changed": false, "module_stderr": "Shared connection to lind01.corp.acxiom.net closed.\r\n", "module_stdout": "sudo: illegal option `-n'\r\nusage: sudo -h | -K | -k | -L | -l | -V | -v\r\nusage: sudo [-bEHPS] [-p prompt] [-u username|#uid] [VAR=value]\r\n {-i | -s | <command>}\r\nusage: sudo -e [-S] [-p prompt] [-u username|#uid] file ...\r\n", "msg": "MODULE FAILURE", "rc": 1}
to retry, use: --limit @/home/dpiesa/playbooks/install_telnet.retry
##########################################################################################################################################################################
But below works
- hosts: dpie_prod
user: dpiesa
tasks:
- name: install telnet
command: sudo yum install telnet -y
########################################################################################################################################################################
[dpiesa@cwypatch06 playbooks]$ ansible --version
ansible 2.5.2
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/home/dpiesa/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /bin/ansible
python version = 2.7.5 (default, Aug 4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]
I think I am not using become options correctly can somebody help ??
Thank you.
Brian Coca
May 21, 2018, 11:35:10 PM5/21/18
to Ansible Project
You seem to have a non standard/old sudo, change the default
become_flags as they seem to be causing the problem, specifically,
remove -n (default: '-H -S -n'
)
--
----------
Brian Coca
become_flags as they seem to be causing the problem, specifically,
remove -n (default: '-H -S -n'
)
--
----------
Brian Coca
David Villasmil
May 21, 2018, 11:46:11 PM5/21/18
to ansible...@googlegroups.com
I think if you set 'become' then you don't need to use sudo.
Also, why don't you use the module to install packages instead of executing yum?
http://docs.ansible.com/ansible/latest/modules/yum_module.html
Example:
- name: install one specific version of Apache
yum:
name: httpd-2.2.29-1.4.amzn1
state: present
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CACVha7dTfoP38R2wh8itmi1OsyV9-8wrOO686FYjLbNZ%3DEFJ9Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
abhay srivastava
May 21, 2018, 11:59:42 PM5/21/18
to ansible...@googlegroups.com
Try:
- hosts: dpie_prod
user: dpiesa
become: True
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscribe@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/2de5f3d4-b9b8-45be-b0c2-8941e4c55c52%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Regards,
Abhay Srivastava
---------------------------
Mob-9160512000
Abhay Srivastava
---------------------------
Mob-9160512000
Kallu Srikanth
May 22, 2018, 12:19:40 PM5/22/18
to Ansible Project
Not sure how can I specifically remove this -n
Below is my code/error/other info if you can help, please
Code : -
---
- hosts: dpie_prod
user: dpiesa
become: yes
become_method: enable
tasks:
- name: install telnet
yum: pkg=telnet state=present update_cache=true
ERROR:
fatal: [lind01]: FAILED! => {"changed": false, "msg": "You need to be root to perform this command.\n", "rc": 1, "results": ["Loaded plugins: fastestmirror, package_upload, product-id, search-disabled-\n : repos, security, subscription-manager\n"]}
But I can run this successfully manually on a server like this without password
#dpiesa@lind01:/home/dpiesa> sudo yum install telnet
Also can become root like this
dpiesa@lind01:/home/dpiesa> become
root@lind01:/root>
Kallu Srikanth
May 22, 2018, 12:35:25 PM5/22/18
to Ansible Project
Hi Abhay i still have the error
Code : -
---
- hosts: dpie_prod
user: dpiesa
become: true
become_method: enable
tasks:
- name: install telnet
yum: pkg=telnet state=present update_cache=true
ERROR:
fatal: [lind01]: FAILED! => {"changed": false, "module_stderr": "Shared connection to lind01.\r\n", "module_stdout": "sudo: illegal option `-n'\r\nusage: sudo -h | -K | -k | -L | -l | -V | -v\r\nusage: sudo [-bEHPS] [-p prompt] [-u username|#uid] [VAR=value]\r\n {-i | -s | <command>}\r\nusage: sudo -e [-S] [-p prompt] [-u username|#uid] file ...\r\n", "msg": "MODULE FAILURE", "rc": 1}
But I can run this successfully manually on a server like this without password
#dpiesa@lind01:/home/dpiesa> sudo yum install telnet
Also can become root like this
dpiesa@lind01:/home/dpiesa> become
root@lind01:/root>
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/2de5f3d4-b9b8-45be-b0c2-8941e4c55c52%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
abhay srivastava
May 22, 2018, 1:05:44 PM5/22/18
to ansible...@googlegroups.com
Are you able to do sudo without password
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/573867fd-3869-4395-a0d1-7c20fb415e7c%40googlegroups.com.
Kallu Srikanth
May 22, 2018, 2:57:15 PM5/22/18
to Ansible Project
Brian, Actually it worked instead of removing -n i added "default: '-H -S" at the end of the file
Thank you very much, I really appreciate it
On Monday, May 21, 2018 at 10:35:10 PM UTC-5, Brian Coca wrote:
Reply all
Reply to author
Forward
0 new messages