Ansible user privilege

609 views
Skip to first unread message

Quang Truong

unread,
Apr 6, 2018, 3:48:33 PM4/6/18
to Ansible Project
Dear all,

I'm new to ansible and system admin on linux, I have a problem that I don't understand what happen behind the scene.

Here is my scenario:

- I create a kvm (machine B) on my host machine, this is also an ansible control machine (machine A)
- Then copy the ssh key of the user (user X with sudoer) I will run ansible playbook from A to B
- I can run playbook with become privilege, in my playbook I install NIS and setup B to join my network domain (bind with a dns server)
- Then now the problem happen, I can't run playbook from A to B anymore with userX

Below are the problems:
 + When I put become: true (use default become_user, should be root) for all tasks then playbook can't gather facts from B, I got Permission denied when gathering facts
/usr/bin/python: can't open file '/home/[userX]/.ansible/tmp/ansible-tmp-1523038454.61-125714211155466/setup.py': [Errno 13] Permission denied
 + When I move become: true to individual task, then I have same Permission denied 
/usr/bin/python: can't open file '/home/[userX]/.ansible/tmp/ansible-tmp-1523040035.49-151403862005878/apt.py': [Errno 13] Permission denied
 + When I try to elevate to exact user X with become_user: userX, seems this user doesn't have proper permission
"changed": false, "msg": "Failed to lock apt for exclusive operation"

Seems I have some problems:
- root user didn't setup properly on B so it can't access to /home/[userX] directory (I read some instruction said that use 'HOME=/root ansible-playbook my_pb.yml ...' but still failed: OSError: [Errno 13] Permission denied: '~/.ansible/tmp')
- not sure what happen with userX but it can't execute sudo via ansible on B (although I tried to ssh with userX on B and do some sudo tasks such as apt-get install)

Please help to tell if I have miss any configurations (I think during the kvm creation, I miss some steps here)

Thanks,
Quang


Quang Truong

unread,
Apr 6, 2018, 4:58:51 PM4/6/18
to Ansible Project
Another update, I use 'su root' and can access to: /home/[userX]/.ansible but got permission denied when open tmp or cp directories.

Quang Truong

unread,
Apr 9, 2018, 5:01:16 PM4/9/18
to Ansible Project
I tried with this guide


It works for my case but I don't understand what happen behind the scene 
Reply all
Reply to author
Forward
0 new messages