Ansible become_user failing while logging-in as vagrant user
29 views
Skip to first unread message
Mukuntha rajaa
Jun 20, 2020, 12:22:27 PM6/20/20
to Ansible Project
Hello,
Problem:
Via inventory, I am logging as "vagrant" user. I am trying to switch to another-user and then create .ssh directory with owner and group as this another-user. It is failing saying permission denied.
TASK [Ensure dot-ssh directory exists] *********************************************************************************************
fatal: [192.168.99.105]: FAILED! => {"changed": false, "msg": "There was an issue creating /home/mrajaa/.ssh as requested: [Errno 13] Permission denied: b'/home/mrajaa/.ssh'", "path": "/home/mrajaa/.ssh/"}"vagrant" user has sudo permission in the target cluster.
sudo cat /etc/sudoers.d/vagrant-nopasswd
vagrant ALL=(ALL) NOPASSWD: ALL
Problem in detail:
I am trying to run a playbook on vagrant-provisioned-virtualbox, like
ap -i inventory-ansible main.yml --ask-vault-pass
Inventory is like this,
[vagrant-demo]
192.168.99.105
[vagrant-demo:vars]
ansible_user=vagrant
ansible_ssh_private_key_file=~/.vagrant.d/insecure_private_key$ cat main.yml
---
- import_playbook: provision.yml
- import_playbook: configure.yml
And I am swithching to another user at playbook level, so that all the further install and configure goes as expected.
$ head -20 configure.yml
---
- hosts: all
become: true
become_user: '{{ username }}'
become_method: sudo
- import_playbook: ../../main.yml head -30 ../../main.yml
---
- hosts: all
vars_files:
- vars/vars.yml
- vars/repos.yml
- vars/curlrepos.yml
- vars/token.yml
- vars/gitrepos.yml
pre_tasks:
- import_tasks: tasks/sshkeys.ymlAnd it is failing, while executing sshkeys task.
$ cat ../../tasks/sshkeys.yml
---
- name: Ensure dot-ssh directory exists
file:
path: "{{ ssh_dir }}"
state: directory
mode: 700
owner: "{{ username }}"
group: "{{ username }}"Can you please clarify, how to get this right.
Thanks and regards,
Mukuntha Rajaa.
vad...@gmail.com
Jun 20, 2020, 1:40:56 PM6/20/20
to ansible...@googlegroups.com
remove
become_user: '{{ username }}'
By default become_user is root. [1]
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/e02c741c-7f07-4644-a538-cb7af711248fo%40googlegroups.com.
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
Mukuntha rajaa
Jun 21, 2020, 1:52:29 AM6/21/20
to ansible...@googlegroups.com
Hello,
I have added that step intentionally. So that all the tasks are executed under "user" privileges. So that directory/file permission, etc will be proper.
You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/V7eoLQ-V3cc/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAOHBbgV4Wa7biQq2YJYR3Gba%2BoQ_8eRVCTAuRV%3DN-CfeZg6rEw%40mail.gmail.com.
Dick Visser
Jun 21, 2020, 2:55:04 AM6/21/20
to ansible...@googlegroups.com
This is probably because the parent directory isn't there, and user mrajaa doesn't have permission create it.
I don't see any task to create that user.
Those steps are missing from your playbook (or you didn't post them)
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/e02c741c-7f07-4644-a538-cb7af711248fo%40googlegroups.com.
Sent from a mobile device - please excuse the brevity, spelling and punctuation.
Mukuntha rajaa
Jun 21, 2020, 3:29:53 AM6/21/20
to ansible...@googlegroups.com
Hello,
Thanks for the e-mail. I have figured out the problem.
---
- hosts: all
#become: yes
#become_user: "{{ username }}"
#become_method: sudo
- import_playbook: ../../main.yml
In the above case, becoming as another user is of no use. Once I have imported playbook ( ie., main.yml ), it was running as vagrant user somehow. So I have commented it out. Once I have added like this in ../../main.yml, then everything is working fine. main.yml is the one which downloads and adds ssh keys.
$ head -6 ../../main.yml
---
- hosts: all
become: yes
become_user: "{{ username }}"
become_method: sudo
You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/V7eoLQ-V3cc/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAL8fbwNQBWHt31k1VQB8WqdkGwM7x-rtDdHJU%3D%3DbEUjiZMMt%2Bw%40mail.gmail.com.
Brian Coca
Jun 22, 2020, 2:47:27 PM6/22/20
to Ansible Project
become ONLY affects the play/task it is enabled for, you only set it
in the first play, the imported play does not inherit become settings.
--
----------
Brian Coca
in the first play, the imported play does not inherit become settings.
--
----------
Brian Coca
Reply all
Reply to author
Forward
0 new messages