sudo(become) difference between "copy" module and "command" module
38 views
Skip to first unread message
Mukuntha rajaa
Jun 8, 2020, 11:25:58 AM6/8/20
to Ansible Project
Hello,
"become" works perfectly fine with "command" module. But not with "copy" module. Am I doing something wrong here.
Working playbook:
- name: demo
hosts: localhost
tasks:
- name: copy
command: cp /etc/ssh/sshd_config /tmp/sshd_config
become: yes
- name: edit
lineinfile:
path: /tmp/sshd_config
regexp: '^PermitRootLogin'
line: "PermitRootLogin yes"
become: yes
working logs:
$ ap lineinfile.yml
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
PLAY [demo] ************************************************************************************************************************
TASK [Gathering Facts] *************************************************************************************************************
ok: [localhost]
TASK [copy] ************************************************************************************************************************
changed: [localhost]
TASK [edit] ************************************************************************************************************************
changed: [localhost]
PLAY RECAP *************************************************************************************************************************
localhost : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Problematic playbook:
- name: demo
hosts: localhost
tasks:
- name: copy
copy:
src: /etc/ssh/sshd_config
dest: /tmp/sshd_config
become: yes
- name: edit
lineinfile:
path: /tmp/sshd_config
regexp: '^PermitRootLogin'
line: "PermitRootLogin yes"
become: yes
Logs for problematic playbook:
$ap zz.yml
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
PLAY [demo] ************************************************************************************************************************
TASK [Gathering Facts] *************************************************************************************************************
ok: [localhost]
TASK [copy] ************************************************************************************************************************
fatal: [localhost]: FAILED! => {"msg": "an error occurred while trying to read the file '/etc/ssh/sshd_config': [Errno 13] Permission denied: b'/etc/ssh/sshd_config'"}
PLAY RECAP *************************************************************************************************************************
localhost : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
James Cassell
Jun 8, 2020, 1:24:48 PM6/8/20
to Ansible List
On Mon, Jun 8, 2020, at 11:25 AM, Mukuntha rajaa wrote:
> Hello,
>
> "become" works perfectly fine with "command" module. But not with
> "copy" module. Am I doing something wrong here.
>
V/r,
James Cassell
Mukuntha rajaa
Jun 8, 2020, 8:28:06 PM6/8/20
to ansible...@googlegroups.com
Thanks for your email. This playbook is for testing purpose. I wanted src to be from controller only.
--
You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/RQrthEhiPpo/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/d437a90c-b2d0-4973-a5f2-701e301d8ac4%40www.fastmail.com.
James Cassell
Jun 8, 2020, 9:27:55 PM6/8/20
to Ansible List
On Mon, Jun 8, 2020, at 8:27 PM, Mukuntha rajaa wrote:
> Thanks for your email. This playbook is for testing purpose. I wanted
> src to be from controller only.
>
In that case, you'll need to make sure the src file can be read by the user running ansible. sshd_config is not world readable by default.
> Thanks for your email. This playbook is for testing purpose. I wanted
> src to be from controller only.
>
V/r,
James Cassell
Mukuntha rajaa
Jun 8, 2020, 10:00:09 PM6/8/20
to ansible...@googlegroups.com
Hello,
Which is why I've mentioned "become: yes" option. Like I've mentioned in starting of this thread, if I run the exact same playbook with "command" module, permission issue does not come. Only with "copy" module, it complains about permission issue. Please note I've used "become" in both the cases.
--
You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/RQrthEhiPpo/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/f9eeee27-d1df-491f-b0fd-08b92b5dad93%40www.fastmail.com.
Luca 'remix_tj' Lorenzetto
Jun 9, 2020, 2:59:20 AM6/9/20
to ansible...@googlegroups.com
Hello,
but become applies on target host, not controller. And, as stated
before, in the first playbook you're copying with cp sshd_config of
the remote host to /tmp/sshd_config. Instead in the second one you're
copying sshd_config from controller to /tmp/sshd_config of the remote
host.
Even if the host is localhost and localhost is the controller, it is
treated like any remote host. Become is applied inside the connection
to remote host (even if connection: local), not when executing
ansible.
Luca
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAD2erzdtU%2BUBeMSSWHeB0Vk-42wMYVBy%2BxcC2JSMPzhEVufn8g%40mail.gmail.com.
--
"E' assurdo impiegare gli uomini di intelligenza eccellente per fare
calcoli che potrebbero essere affidati a chiunque se si usassero delle
macchine"
Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716)
"Internet è la più grande biblioteca del mondo.
Ma il problema è che i libri sono tutti sparsi sul pavimento"
John Allen Paulos, Matematico (1945-vivente)
Luca 'remix_tj' Lorenzetto, http://www.remixtj.net , <lorenze...@gmail.com>
but become applies on target host, not controller. And, as stated
before, in the first playbook you're copying with cp sshd_config of
the remote host to /tmp/sshd_config. Instead in the second one you're
copying sshd_config from controller to /tmp/sshd_config of the remote
host.
Even if the host is localhost and localhost is the controller, it is
treated like any remote host. Become is applied inside the connection
to remote host (even if connection: local), not when executing
ansible.
Luca
> To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAD2erzdtU%2BUBeMSSWHeB0Vk-42wMYVBy%2BxcC2JSMPzhEVufn8g%40mail.gmail.com.
--
"E' assurdo impiegare gli uomini di intelligenza eccellente per fare
calcoli che potrebbero essere affidati a chiunque se si usassero delle
macchine"
Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716)
"Internet è la più grande biblioteca del mondo.
Ma il problema è che i libri sono tutti sparsi sul pavimento"
John Allen Paulos, Matematico (1945-vivente)
Luca 'remix_tj' Lorenzetto, http://www.remixtj.net , <lorenze...@gmail.com>
Mukuntha rajaa
Jun 9, 2020, 5:16:07 AM6/9/20
to ansible...@googlegroups.com
Hello,
Thanks a lot. Its clear now. I have used "remote_src" to apply "become" logic.
Regards,
Mukuntha.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAKuX69qwQrH9bBTWkYGhavTfk-_Sc%2B%3DYBMk%3DZdpfRC7EVYY0rQ%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages