Missing sudo password

512 views
Skip to first unread message

Alainkr

unread,
Oct 17, 2014, 12:57:38 PM10/17/14
to ansible...@googlegroups.com
Hello,

I'm very puzzled

I run usually all my playbooks with a user (user_sys) having full no passwd sudo privileges  .
Now for the deployment of app I wanted to use the a user (user_adm) having sudo privileges only to what it is actually doing .

Since the inventory file is setting ansible_ssh_user to the user_sys, in the deployment playbook I'v specified ansible_ssh_user: user_adm



Problem arise very early on with the fact gathering where i'm getting a "Missing sudo password" error message. After disabling that,  I'm getting a more ""Missing sudo password" on a shell command that can be run by user_adm.

But it looks like ansible is doing sudo -u root /bin/sh -c <ansible_shell>. Of course user_adm can't sudo run a shell as root. I just want to sudo the actual commands ...

I'm I stuck here ? Or missing something big ?


Thanks for you help

Alain
 


Michael DeHaan

unread,
Oct 20, 2014, 5:07:56 PM10/20/14
to ansible...@googlegroups.com
Please read the explanation about sudo in the first "note" section under




--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/45b9021e-f9f1-4371-9c42-61e8a278c4d4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Alain Kreienbuhl

unread,
Oct 21, 2014, 3:35:09 AM10/21/14
to ansible...@googlegroups.com

Okay,  use tower. I'll check it out.

Thanks for your answer and congrats for the 1st Ansible Fest.

Cheers

Alain

You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/VPwO71Ey92E/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ansible-proje...@googlegroups.com.

To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgy6nXY42mA6%2BaEn31NWnbszZjDzmge9XwAMFKRAGD0oow%40mail.gmail.com.

Michael DeHaan

unread,
Oct 21, 2014, 11:46:56 PM10/21/14
to ansible...@googlegroups.com
Nah, it wasn't a "use tower" note so much as a "individual commands can't be restricted with sudo" note.

Ansible just doesn't do that.

Restricting sudo to not be able to run the "command" module would be super limiting anyway.


To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAPyOoB5hZN2_AYkCHMFd609WD7a2Y9C4d6EwC_4hK8fCGdmQHg%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages