User performing local_action
242 views
Skip to first unread message
John Oliver
May 13, 2015, 1:24:36 PM5/13/15
to ansible...@googlegroups.com
joliver@flamingo ~ $ ansible-playbook -u joliver.sa -K deploy_checklist.yml
SUDO password:
PLAY [aria] *******************************************************************
GATHERING FACTS ***************************************************************
ok: [aria]
TASK: [command mkdir {{ local_dest }}] ****************************************
failed: [aria -> 127.0.0.1] => {"failed": true, "parsed": false}
Sorry, user joliver is not allowed to execute '/bin/sh -c echo BECOME-SUCCESS-kurupkexxbnzqduwcxnbrwsqscbbvjzz; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /opt/local/Library/Frameworks/Python.framework/Versions/2.7/Resources/Python.app/Contents/MacOS/Python /Users/joliver/.ansible/tmp/ansible-tmp-1431537294.93-186879714899356/command; rm -rf /Users/joliver/.ansible/tmp/ansible-tmp-1431537294.93-186879714899356/ >/dev/null 2>&1' as root on flamingo.
Is there a way to perform local_actions as the user I specify as an argument to ansible-playbook? It appears to be honoring the 'sudo: yes', so it stands to reason that if I'm specifying a user, that's who I want performing all actions.
John Oliver
May 13, 2015, 1:26:30 PM5/13/15
to ansible...@googlegroups.com
I did sort of get around this by passing 'sudo: no' to that one task.
Brian Coca
May 13, 2015, 1:36:20 PM5/13/15
to ansible...@googlegroups.com
-u is remote_user which does not map to local actions which are
normally executed as the user which executed ansible, since local
action does not 'log in' the only other was to change the user would
be using privilege escalation (sudo/su/etc).
On Wed, May 13, 2015 at 1:26 PM, John Oliver <jno...@gmail.com> wrote:
> I did sort of get around this by passing 'sudo: no' to that one task.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/da12e952-0556-4825-8c8c-cc530956c70d%40googlegroups.com.
>
> For more options, visit https://groups.google.com/d/optout.
--
Brian Coca
normally executed as the user which executed ansible, since local
action does not 'log in' the only other was to change the user would
be using privilege escalation (sudo/su/etc).
On Wed, May 13, 2015 at 1:26 PM, John Oliver <jno...@gmail.com> wrote:
> I did sort of get around this by passing 'sudo: no' to that one task.
>
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/da12e952-0556-4825-8c8c-cc530956c70d%40googlegroups.com.
>
> For more options, visit https://groups.google.com/d/optout.
--
Brian Coca
Reply all
Reply to author
Forward
0 new messages