Issue | sudo su - | ansible
334 views
Skip to first unread message
Jatinder Jawanda
Jun 5, 2021, 8:57:52 AM6/5/21
to Ansible Project
Is it possible to run "sudo su -" in ansible with non-root user
```
- name: test
hosts: example.com
gather_facts: false
any_errors_fatal: true
become: true
become_exe: "sudo su - "
become_method: su
remote_user: test_user
tasks:
- name: check the user after sudo
shell: whoami
- debug:
msg: "{{ whoami }}"
Regards,
Jatinder Jawanda
```
- name: test
hosts: example.com
gather_facts: false
any_errors_fatal: true
become: true
become_exe: "sudo su - "
become_method: su
remote_user: test_user
tasks:
- name: check the user after sudo
shell: whoami
register: whoami
- debug:
msg: "{{ whoami }}"
Regards,
Jatinder Jawanda
Felix Fontein
Jun 5, 2021, 9:01:24 AM6/5/21
to ansible...@googlegroups.com
Hi,
this is supported with the community.general.sudosu become plugin:
https://docs.ansible.com/ansible/latest/collections/community/general/sudosu_become.html
Cheers,
Felix
On Sat, 5 Jun 2021 05:57:52 -0700 (PDT)
Jatinder Jawanda <jatinder...@gmail.com> wrote:
> Is it possible to run "*sudo su -*" in ansible with non-root user
this is supported with the community.general.sudosu become plugin:
https://docs.ansible.com/ansible/latest/collections/community/general/sudosu_become.html
Cheers,
Felix
On Sat, 5 Jun 2021 05:57:52 -0700 (PDT)
Jatinder Jawanda <jatinder...@gmail.com> wrote:
> Is it possible to run "*sudo su -*" in ansible with non-root user
Jatinder Jawanda
Jun 5, 2021, 9:08:22 AM6/5/21
to Ansible Project
Hey Felix,
I was looking at this documentation and not sure how to use it.
Is it possible if you can share a working code. I tried this below with this plugin but I was not able to make it run.
ansible example.com -i inventory/example -m shell -a "whoami" -e "ansible_ssh_pass=test@123" -e "ansible_sudo_pass=test@123" -u test_user -b -e "ansible_become_method=sudosu" -e -e "ansible_become_exe=sudo su -"
In sudoers I have following
test_user ALL=(root) /bin/su -
Regards,
Jatinder Jawanda
I was looking at this documentation and not sure how to use it.
Is it possible if you can share a working code. I tried this below with this plugin but I was not able to make it run.
ansible example.com -i inventory/example -m shell -a "whoami" -e "ansible_ssh_pass=test@123" -e "ansible_sudo_pass=test@123" -u test_user -b -e "ansible_become_method=sudosu" -e -e "ansible_become_exe=sudo su -"
In sudoers I have following
test_user ALL=(root) /bin/su -
Regards,
Jatinder Jawanda
Felix Fontein
Jun 5, 2021, 9:13:22 AM6/5/21
to ansible...@googlegroups.com
Hi Jatinder,
have you tried `ansible_become_method=community.general.sudosu` instead
of `ansible_become_method=sudosu`? The later will definitely not work,
since `sudosu` is not that old that it still has a short name.
(Besides that, I haven't used it, so I unfortunately cannot share
working code.)
Cheers,
Felix
On Sat, 5 Jun 2021 06:08:21 -0700 (PDT)
Jatinder Jawanda <jatinder...@gmail.com> wrote:
> Hey Felix,
>
> I was looking at this documentation and not sure how to use it.
> Is it possible if you can share a working code. I tried this below
> with this plugin but I was not able to make it run.
> *ansible example.com -i inventory/example -m shell -a "whoami" -e
--
Felix Fontein -- fe...@fontein.de -- https://felix.fontein.de/
have you tried `ansible_become_method=community.general.sudosu` instead
of `ansible_become_method=sudosu`? The later will definitely not work,
since `sudosu` is not that old that it still has a short name.
(Besides that, I haven't used it, so I unfortunately cannot share
working code.)
Cheers,
Felix
On Sat, 5 Jun 2021 06:08:21 -0700 (PDT)
Jatinder Jawanda <jatinder...@gmail.com> wrote:
> Hey Felix,
>
> I was looking at this documentation and not sure how to use it.
> Is it possible if you can share a working code. I tried this below
> with this plugin but I was not able to make it run.
> "ansible_ssh_pass=test@123" -e "ansible_sudo_pass=test@123" -u
> test_user -b -e "ansible_become_method=sudosu" -e -e
> "ansible_become_exe=sudo su -"*
> test_user -b -e "ansible_become_method=sudosu" -e -e
>
> In sudoers I have following
> *test_user ALL=(root) /bin/su -*
> In sudoers I have following
Felix Fontein -- fe...@fontein.de -- https://felix.fontein.de/
Jatinder Jawanda
Jun 5, 2021, 9:26:19 AM6/5/21
to Ansible Project
Nope, its not working !!
ansible example.com -i inventory/example -m shell -a "whoami" -e "ansible_ssh_pass=test@123" -e "ansible_sudo_pass=test@123" -u test_user -b -e "ansible_become_method=community.general.sudosu
FAILED! => {
"changed": false,
"module_stderr": "Shared connection to example.com closed.\r\n",
"module_stdout": "\r\n",
"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
"rc": 1
}
Regards,
Jatinder Jawanda
ansible example.com -i inventory/example -m shell -a "whoami" -e "ansible_ssh_pass=test@123" -e "ansible_sudo_pass=test@123" -u test_user -b -e "ansible_become_method=community.general.sudosu
FAILED! => {
"changed": false,
"module_stderr": "Shared connection to example.com closed.\r\n",
"module_stdout": "\r\n",
"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
"rc": 1
}
Regards,
Jatinder Jawanda
Felix Fontein
Jun 5, 2021, 12:05:32 PM6/5/21
to ansible...@googlegroups.com
Hi Jatinder,
it would be interesting to see more debug output. Have you tried
running ansible additionally with `-vvv`?
Best,
Felix
On Sat, 5 Jun 2021 06:26:19 -0700 (PDT)
Jatinder Jawanda <jatinder...@gmail.com> wrote:
> Nope, its not working !!
>
> *ansible example.com <http://example.com> -i inventory/example -m
it would be interesting to see more debug output. Have you tried
running ansible additionally with `-vvv`?
Best,
Felix
On Sat, 5 Jun 2021 06:26:19 -0700 (PDT)
Jatinder Jawanda <jatinder...@gmail.com> wrote:
> Nope, its not working !!
>
> shell -a "whoami" -e "ansible_ssh_pass=test@123" -e
> "ansible_sudo_pass=test@123" -u test_user -b -e
> "ansible_become_method=community.general.sudosu* FAILED! => {
> "ansible_sudo_pass=test@123" -u test_user -b -e
Jatinder Jawanda
Jun 5, 2021, 12:33:08 PM6/5/21
to Ansible Project
Here are the debug logs.
ansible localhost -m ping -u test_user --become -e "ansible_ssh_pass=test@123" -e "ansible_sudo_pass=test@123" -e "ansible_become_method=community.general.sudosu" -vvvv
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: test_user
<127.0.0.1> EXEC /bin/sh -c 'echo ~test_user && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/test_user/.ansible/tmp `"&& mkdir /home/test_user/.ansible/tmp/ansible-tmp-1622910467.15-29606-264197614406164 && echo ansible-tmp-1622910467.15-29606-264197614406164="` echo /home/test_user/.ansible/tmp/ansible-tmp-1622910467.15-29606-264197614406164 `" ) && sleep 0'
Using module file /opt/dma/.venv_ansible/lib/python2.7/site-packages/ansible/modules/system/ping.py
<127.0.0.1> PUT /home/test_user/.ansible/tmp/ansible-local-29579YwKbAR/tmpfCP59y TO /home/test_user/.ansible/tmp/ansible-tmp-1622910467.15-29606-264197614406164/AnsiballZ_ping.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /home/test_user/.ansible/tmp/ansible-tmp-1622910467.15-29606-264197614406164/ /home/test_user/.ansible/tmp/ansible-tmp-1622910467.15-29606-264197614406164/AnsiballZ_ping.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'sudo -H -S -p "[sudo via ansible, key=gouhehrxcdmgfhcjdbeadtdpeciznpks] password:" su -l root /bin/sh -c '"'"'echo BECOME-SUCCESS-gouhehrxcdmgfhcjdbeadtdpeciznpks ; /opt/dma/.venv_ansible/bin/python /home/test_user/.ansible/tmp/ansible-tmp-1622910467.15-29606-264197614406164/AnsiballZ_ping.py'"'"' && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r /home/test_user/.ansible/tmp/ansible-tmp-1622910467.15-29606-264197614406164/ > /dev/null 2>&1 && sleep 0'
localhost | FAILED! => {
"changed": false,
"module_stderr": "",
"module_stdout": "",
"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
"rc": 1
}
Regards,
Jatinder Jawanda
Jatinder Jawanda
Jun 5, 2021, 12:40:59 PM6/5/21
to Ansible Project
Furthermore, If I make a change in sudeors like below then --become-method=sudo also starts working.
After:
test_user ALL=(root) /bin/su
Regards,
Jatinder Jawanda
Before:
test_user ALL=(root) /bin/su -
test_user ALL=(root) /bin/su -
test_user ALL=(root) /bin/su
Regards,
Jatinder Jawanda
Reply all
Reply to author
Forward
0 new messages