Using sudo with pam-ssh-agent-auth after sudo_flags is removed?
235 views
Skip to first unread message
Chris Pick
Dec 5, 2017, 3:31:17 PM12/5/17
to Ansible Project
In my project's "ansible.cfg" I set "sudo_flags = -H -S" to remove the "-n" option so that sudo works with pam-ssh-agent-auth (as suggested in this issue and in the docs).
When I run `ansible-playbook` (version 2.4.2.0) it reports the following warning:
When I run `ansible-playbook` (version 2.4.2.0) it reports the following warning:
[DEPRECATION WARNING]: DEFAULT_SUDO_FLAGS option, In favor of become which is a generic framework .
This feature will be removed in version 2.8. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.
I don't see any "become_flags" (or similar) option, nor do I think that would be an appropriate place to change this setting as this really is a sudo-specific flag.
My question is: what I should do when 2.8 is released, is there an alternative that will allow sudo to continue to work with pam-ssh-agent-auth?
Thanks for any thoughts, -Chris
Thanks for any thoughts, -Chris
Kai Stian Olstad
Dec 5, 2017, 3:40:24 PM12/5/17
to ansible...@googlegroups.com
On Tuesday, 5 December 2017 21.31.16 CET 'Chris Pick' via Ansible Project wrote:
> I don't see any "become_flags" (or similar) option, nor do I think that
> would be an appropriate place to change this setting as this really is a
> sudo-specific flag.
>
> My question is: what I should do when 2.8 is released, is there an
> alternative that will allow sudo to continue to work with
> pam-ssh-agent-auth?
https://docs.ansible.com/ansible/2.4/config.html#default-become-flags
> I don't see any "become_flags" (or similar) option, nor do I think that
> would be an appropriate place to change this setting as this really is a
> sudo-specific flag.
>
> My question is: what I should do when 2.8 is released, is there an
> alternative that will allow sudo to continue to work with
> pam-ssh-agent-auth?
--
Kai Stian Olstad
Chris Pick
Dec 5, 2017, 3:55:45 PM12/5/17
to Ansible Project
On Tuesday, December 5, 2017 at 3:40:24 PM UTC-5, Kai Stian Olstad wrote:
https://docs.ansible.com/ansible/2.4/config.html#default-become-flags
Thanks, that works great.
I was looking for "become_flags" in https://docs.ansible.com/ansible/2.4/intro_configuration.html where it doesn't appear.
Is that documentation out of date?
I was looking for "become_flags" in https://docs.ansible.com/ansible/2.4/intro_configuration.html where it doesn't appear.
Is that documentation out of date?
Kai Stian Olstad
Dec 5, 2017, 4:46:43 PM12/5/17
to ansible...@googlegroups.com
Code is commited in without documentation, sometimes the documentation is added in a later commit but this commit is not merged in to all the correct branches.
I tried once to get a commit merged inn, but nothing happened so I guess documentation is low priority and the time is used on creating new stuff, hopefully with documentation :-)
So the best thing is to use the latest documentation called devel since that more updated and relevant.
An there you see intro_configuration is quite different
https://docs.ansible.com/ansible/devel/intro_configuration.html
--
Kai Stian Olstad
Reply all
Reply to author
Forward
0 new messages