Disable become sudo "-n" flag?
1,308 views
Skip to first unread message
Josef Fortier
Jan 19, 2016, 7:01:45 PM1/19/16
to Ansible Project
I've a few old server in maintenance with older versions of sudo.
Since upgrading to ansible 2.0 (and 2.01) these servers are erroring out on sudo/become calls with:
sudo: illegal option `-n'
Checking these servers, I do see that the sudo versions do not support "-n".
Is there a workaround for this?
Brian Coca
Jan 19, 2016, 7:31:32 PM1/19/16
to Ansible Project
You can set the sudo flags in ansible.cfg, env var or in
ansible_sudo_flags inventory variable. The default is "-H -s -n". I
recommend you keep -H and -s.
--
Brian Coca
ansible_sudo_flags inventory variable. The default is "-H -s -n". I
recommend you keep -H and -s.
--
Brian Coca
Josef Fortier
Jan 20, 2016, 2:12:41 PM1/20/16
to Ansible Project
Thanks!
In my situations, an inventory variable makes the most sense.
For others reference, here is the needed synax in inventory.
[oes10managed:vars]
ansible_sudo_flags='-H'
Note that the case is lowercase (unlike the environmental variable).
This just "grandfathers in" the (newly) broken sudo clients without effecting other clients.
I could not get the " -s " flag to work. I received errors like:
/bin/sh: /bin/sh: cannot execute binary file
/bin/sh: /bin/sh: cannot execute binary file
Which I take to be further changes in sudo syntax.
That said, since I'm running the commands, I'm reasonably happy here that no problematic shell will be triggered.
As near as I can tell, this is most likely to avoid malicious playbooks.
Reply all
Reply to author
Forward
0 new messages