package TASK ... 'should be run under the root user'

[dulh...@mailbox.org]

• I have this TASK in a playbook which should install a bunch of packages on my (rhel8) target rrequired for postgresql
  
• I am shooting my playbok as a user with root priviledges via sudo
• In earlier TASKS of the playbook I become a 'postgres' user, but would expect this to be ephemeral (so I become the intital user as soon a TASK is finished)
  

still I am getting an (inexplicable to me) error upon running this playbook, which seems to indicate I am not a root-capable user when trying to install those packages.

can anybody help me out with this?

[Stefan Hornburg (Racke)]

On 20/10/2021 15:26, dulhaver via Ansible Project wrote:
>
> * I have this TASK in a playbook <https://pastebin.com/h83HqMn0> which should install a bunch of packages on my (rhel8) target rrequired for postgresql
> *

> I am shooting my playbok as a user with root priviledges via sudo
>

Please show the code that you are using for that user in your playbook.

> *

> In earlier TASKS of the playbook I become a 'postgres' user, but would expect this to be ephemeral (so I become the intital user as soon a TASK is finished)
>

If that is part of the task, it should be fine.

Regards

            Racke


> *
>
> still I am getting an (inexplicable to me) error <https://pastebin.com/6fQ8xNuK> upon running this playbook, which seems to indicate I am not a root-capable user when trying to install those packages.

>
> can anybody help me out with this?

> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com <mailto:ansible-proje...@googlegroups.com>.
> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/965503419.166525.1634736398069%40office.mailbox.org <https://groups.google.com/d/msgid/ansible-project/965503419.166525.1634736398069%40office.mailbox.org?utm_medium=email&utm_source=footer>.


--
Ecommerce and Linux consulting + Perl and web application programming.
Debian and Sympa administration.

[dulh...@mailbox.org]

On 10/20/2021 3:32 PM Stefan Hornburg (Racke) <ra...@linuxia.de> wrote:

On 20/10/2021 15:26, dulhaver via Ansible Project wrote:

>

* I have this TASK in a playbook <https://pastebin.com/h83HqMn0> which should install a bunch of packages on my (rhel8) target rrequired for postgresql

*

I am shooting my playbok as a user with root priviledges via sudo

Please show the code that you are using for that user in your playbook.

it is the paste https://pastebin.com/h83HqMn0. However ... here you go

##############################################################

- name: check installed system packages for postgres

  package:

    name:

    - psmisc

    - strace

    - gdb

    - nagios-plugins-mysql

    - nagios-plugins-pgsql

    - nagios-plugins-http

    - openssl

    - pam

    - readline

    - libselinux

    - systemd-libs

    - zlib

    state: present

  ignore_errors: yes

  become: yes

  # become_user: [root_user]

##############################################################

[Stefan Hornburg (Racke)]

On 20/10/2021 15:49, dulhaver via Ansible Project wrote:

>
>> On 10/20/2021 3:32 PM Stefan Hornburg (Racke) <ra...@linuxia.de <mailto:ra...@linuxia.de>> wrote:
>>
>>
>> On 20/10/2021 15:26, dulhaver via Ansible Project wrote:
>> >

>>> * I have this TASK in a playbook <https://pastebin.com/h83HqMn0 <https://pastebin.com/h83HqMn0>> which should install a bunch of packages on my (rhel8) target rrequired for postgresql

>>> *
>>> I am shooting my playbok as a user with root priviledges via sudo
>>>
>> Please show the code that you are using for that user in your playbook.
>>

> it is the paste https://pastebin.com/h83HqMn0 <https://pastebin.com/h83HqMn0>. However ... here you go

Sorry, I wanted to see the head of the playbook respective the place in inventory where you set up the
become: variables.

>
> ##############################################################
> - name: check installed system packages for postgres
>   package:
>     name:
>     - psmisc
>     - strace
>     - gdb
>     - nagios-plugins-mysql
>     - nagios-plugins-pgsql
>     - nagios-plugins-http
>     - openssl
>     - pam
>     - readline
>     - libselinux
>     - systemd-libs
>     - zlib
>     state: present
>   ignore_errors: yes
>   become: yes
>   # become_user: [root_user]
> ##############################################################
>

(zealous_mode: yes)

Why do you use ignore_errors: yes here?

Regards
Racke

>>> *
>>> In earlier TASKS of the playbook I become a 'postgres' user, but would expect this to be ephemeral (so I become the intital user as soon a TASK is finished)
>>>
>> If that is part of the task, it should be fine.
>>
>> Regards
>>
>>             Racke
>>
>>
>>> *
>>>

>>> still I am getting an (inexplicable to me) error <https://pastebin.com/6fQ8xNuK <https://pastebin.com/6fQ8xNuK>> upon running this playbook, which seems to indicate I am not a root-capable user when trying to install those packages.

>>>
>>> can anybody help me out with this?
>

> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com <mailto:ansible-proje...@googlegroups.com>.

> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/948625849.239.1634737744031%40office.mailbox.org <https://groups.google.com/d/msgid/ansible-project/948625849.239.1634737744031%40office.mailbox.org?utm_medium=email&utm_source=footer>.

[dulh...@mailbox.org]

On 10/20/2021 4:07 PM Stefan Hornburg (Racke) <ra...@linuxia.de> wrote:

On 20/10/2021 15:49, dulhaver via Ansible Project wrote:

On 10/20/2021 3:32 PM Stefan Hornburg (Racke) <ra...@linuxia.de <mailto:ra...@linuxia.de>> wrote:

On 20/10/2021 15:26, dulhaver via Ansible Project wrote:

>

* I have this TASK in a playbook <https://pastebin.com/h83HqMn0 <https://pastebin.com/h83HqMn0>> which should install a bunch of packages on my (rhel8) target rrequired for postgresql

*

I am shooting my playbok as a user with root priviledges via sudo

Please show the code that you are using for that user in your playbook.

it is the paste https://pastebin.com/h83HqMn0 <https://pastebin.com/h83HqMn0>. However ... here you go

Sorry, I wanted to see the head of the playbook respective the place in inventory where you set up the

become: variables.

actually I figured out in the meantime that aparently my trouble lies exactly there:

I have a defaults.yaml that injects a bunch of variables into the playbook.

In that defaults.yml there is a variable referencing to user 'postgres' as ansible_become_user

  ansible_become_user: postgres

So I assume I'll have to figure out how to utilize different become users in a single playbook. I tried or overrule the defaults entry temporarily with ...

  become: yes

  become_user: [root_user]

... inside the TASK, but that apparently was not interpreted in the way I wanted

[Stefan Hornburg (Racke)]

On 20/10/2021 16:45, dulhaver via Ansible Project wrote:

>
>> On 10/20/2021 4:07 PM Stefan Hornburg (Racke) <ra...@linuxia.de <mailto:ra...@linuxia.de>> wrote:
>>
>>
>> On 20/10/2021 15:49, dulhaver via Ansible Project wrote:
>>>
>>>> On 10/20/2021 3:32 PM Stefan Hornburg (Racke) <ra...@linuxia.de <mailto:ra...@linuxia.de> <mailto:ra...@linuxia.de <mailto:ra...@linuxia.de>>> wrote:
>>>>
>>>>
>>>> On 20/10/2021 15:26, dulhaver via Ansible Project wrote:
>>>> >

>>>>> * I have this TASK in a playbook <https://pastebin.com/h83HqMn0 <https://pastebin.com/h83HqMn0> <https://pastebin.com/h83HqMn0 <https://pastebin.com/h83HqMn0>>> which should install a bunch of packages on my (rhel8) target rrequired for postgresql

>>>>> *
>>>>> I am shooting my playbok as a user with root priviledges via sudo
>>>>>
>>>> Please show the code that you are using for that user in your playbook.
>>>>

>>> it is the paste https://pastebin.com/h83HqMn0 <https://pastebin.com/h83HqMn0> <https://pastebin.com/h83HqMn0 <https://pastebin.com/h83HqMn0>>. However ... here you go

>>
>> Sorry, I wanted to see the head of the playbook respective the place in inventory where you set up the
>> become: variables.
> actually I figured out in the meantime that aparently my trouble lies exactly there:
> I have a defaults.yaml that injects a bunch of variables into the playbook.
> In that defaults.yml there is a variable referencing to user 'postgres' as ansible_become_user
>
> ansible_become_user: postgres
>
> So I assume I'll have to figure out how to utilize different become users in a single playbook. I tried or overrule the defaults entry temporarily with ...
>
>   become: yes
> become_user: [root_user]
>
> ... inside the TASK, but that apparently was not interpreted in the way I wanted

The default for the become_user should be root and you can override it in your tasks.

It can be tricky, so here an example how I do it:

- name: Ensure PostgreSQL database is initialized (RedHat, Suse)
  command: "{{ postgresql_initdb_path }} -D {{ postgresql_data_dir }}"
  become: true
  become_user: "{{ postgresql_user }}"
  vars:
    ansible_ssh_pipelining: true
  when:
    - postgresql_data_version_dir.stat.exists == false
    - ansible_os_family in ['Alpine', 'RedHat', 'Suse']

Regards

             Racke

> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com <mailto:ansible-proje...@googlegroups.com>.

> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/1635706396.1095.1634741116055%40office.mailbox.org <https://groups.google.com/d/msgid/ansible-project/1635706396.1095.1634741116055%40office.mailbox.org?utm_medium=email&utm_source=footer>.