sudo does not seem to work with ansible 1.9
44 views
Skip to first unread message
Stephan Hradek
Aug 27, 2015, 10:39:14 AM8/27/15
to Ansible Project
It seems, the sudo option does not work.
I'm asked for the password, but I do not see it working.
Am I missing something?
I'm asked for the password, but I do not see it working.
Am I missing something?
$ ansible -vvvv all --sudo-user sudouser --ask-sudo-pass -a 'ls -al /opt/SP/sudouser/scripts'
SUDO password:
<myhost> ESTABLISH CONNECTION FOR USER: cygwinme
<myhost> REMOTE_MODULE command ls -al /opt/SP/sudouser/scripts
<myhost> EXEC ssh -C -tt -vvv -o ControlMaster=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 myhost /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1440686159.76-102172331141486 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1440686159.76-102172331141486 && echo $HOME/.ansible/tmp/ansible-tmp-1440686159.76-102172331141486'
<myhost> PUT /tmp/tmp3pJW5R TO /home/linuxme/.ansible/tmp/ansible-tmp-1440686159.76-102172331141486/command
<myhost> EXEC ssh -C -tt -vvv -o ControlMaster=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 myhost /bin/sh -c 'LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/linuxme/.ansible/tmp/ansible-tmp-1440686159.76-102172331141486/command; rm -rf /home/linuxme/.ansible/tmp/ansible-tmp-1440686159.76-102172331141486/ >/dev/null 2>&1'
myhost | FAILED | rc=2 >>
ls: cannot access /opt/SP/sudouser/scripts: Permission denied
Brian Coca
Aug 27, 2015, 10:53:40 AM8/27/15
to Ansible Project
you are missing the option to enable sudo (--sudo), setting user and
password do not force sudo as you can have that selectively set at the
host level.
--
Brian Coca
password do not force sudo as you can have that selectively set at the
host level.
--
Brian Coca
Stephan Hradek
Aug 27, 2015, 11:55:35 AM8/27/15
to Ansible Project
Am Donnerstag, 27. August 2015 16:53:40 UTC+2 schrieb Brian Coca:
you are missing the option to enable sudo (--sudo),
Thanks a lot. That did it and also showed me that it seems impossible for me to use ansible :(
Unfortunately I'm onlyi allowed to do "sudo -u sudouser" ans not "sudo -u sudouser some arbitrary command".
This is fine in an interactive session as the allowed command will leave me in a bash. But ansible tries to execute something like:
/bin/sh -c echo BECOME-SUCCESS-somegibberish; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /tmp/ansible-tmp-1440690655.74-51912605722035/commandOr is there also a way around this?
Brian Coca
Aug 27, 2015, 12:03:20 PM8/27/15
to Ansible Project
Allowing you to get a shell as a user has no real security above
allowing you to run any command directly as a user, this is a minor
sudoers configuration change.
Ansible works by copying scripts to temp dirs and running them (the
modules), this it how it avoids having an agent. If you cannot make
the change above and still don't have permissions to do this you might
want to look at ansible-pull.
--
Brian Coca
allowing you to run any command directly as a user, this is a minor
sudoers configuration change.
Ansible works by copying scripts to temp dirs and running them (the
modules), this it how it avoids having an agent. If you cannot make
the change above and still don't have permissions to do this you might
want to look at ansible-pull.
--
Brian Coca
Stephan Hradek
Aug 27, 2015, 12:27:24 PM8/27/15
to Ansible Project
Am Donnerstag, 27. August 2015 18:03:20 UTC+2 schrieb Brian Coca:
Allowing you to get a shell as a user has no real security above
allowing you to run any command directly as a user, this is a minor
sudoers configuration change.
I totally agree with you. Unfortunately I'm not in the position to make this change or convince someone to do that.
ansible-pull.
Will check what that is.
Thanks again
Thanks again
Reply all
Reply to author
Forward
0 new messages