Hi,
I have a playbook that creates users on systems.
A part of this playbook is this:
- name: User Jurrien
user: name=jurrien uid= comment=“J. Bloemen (Jurrien) ” groups=unixbeheer password={{ jurrien_password }}
In version 1.2.3 this works perfect!
In version 1.3.2 I get this error:
<prdunix0001.ict.domain.nl> ESTABLISH CONNECTION FOR USER: jurrien on PORT 22 TO prdunix0001.ict.domain.nl
<prdunix0001.ict.domain.nl> EXEC /bin/sh -c ‘mkdir -p $HOME/.ansible/tmp/ansible-1381412043.2-39888688610240 && chmod a+rx $HOME/.ansible/tmp/ansible-1381412043.2-39888688610240 && echo $HOME/.ansible/tmp/ansible-1381412043.2-39888688610240’
<prdunix0001.ict.domain.nl> REMOTE_MODULE user name=jurrien uid= comment=“J. Bloemen (Jurrien) ” groups=unixbeheer password=$6$VXjAyxtz$rZSz6zsBxSQl9QP3SnbDv9vx/y9sdcvHT9yU0wCsgQ7qcFVMM3eb1AOodzFWTXUflYH0lbpeSq7v2p/LEgzF81
<prdunix0001.ict.domain.nl> PUT /tmp/tmpP82ejK TO /home/jurrien/.ansible/tmp/ansible-1381412043.2-39888688610240/user
<prdunix0001.ict.domain.nl> EXEC /bin/sh -c ‘/usr/bin/python /home/jurrien/.ansible/tmp/ansible-1381412043.2-39888688610240/user; rm -rf /home/jurrien/.ansible/tmp/ansible-1381412043.2-39888688610240/ >/dev/null 2>&1’
failed: [prdunix0001.ict.domain.nl] => {“cmd”: [“/usr/sbin/usermod”, “-p”, “encrypyted password”, “jurrien”], “failed”: true, “item”: “”, “rc”: 13}
msg: [Errno 13] Permission denied
FATAL: all hosts have already failed – aborting
Is this a bug or am I doing something wrong?
Kind regards, Jurriën
I’m not sure. Sounds like you got a permission denied error from usermod because it’s trying to do more than it used to be doing.
Perhaps something you can help explore more using the “./hacking/test-module” script that is in the checkout on the remote system.
I would like to help. No problem.
Oke, Do I have to checkout the git repo for that? I’m now using a RPM from the EPEL repo.
In the Git repo version 1.4 exists and I tried it with this version also but the same error. Also the module rhn_register is not working:
<euphrates.ict.domain.nl> ESTABLISH CONNECTION FOR USER: jurrien on PORT 22 TO euphrates.ict.domain.nl
<euphrates.ict.domain.nl> EXEC /bin/sh -c ‘mkdir -p $HOME/.ansible/tmp/ansible-1381483432.52-169344486506095 && chmod a+rx $HOME/.ansible/tmp/ansible-1381483432.52-169344486506095 && echo $HOME/.ansible/tmp/ansible-1381483432.52-169344486506095’
<euphrates.ict.domain.nl> REMOTE_MODULE lineinfile dest=/etc/sysconfig/rhn/up2date regexp=“^serverURL=” line=“serverURL=https://prdrhn0001.ict.domain.nl/XMLRPC”
<euphrates.ict.domain.nl> PUT /tmp/tmp4oDY8a TO /home/jurrien/.ansible/tmp/ansible-1381483432.52-169344486506095/lineinfile
<euphrates.ict.domain.nl> EXEC /bin/sh -c ‘/usr/bin/python /home/jurrien/.ansible/tmp/ansible-1381483432.52-169344486506095/lineinfile; rm -rf /home/jurrien/.ansible/tmp/ansible-1381483432.52-169344486506095/ >/dev/null 2>&1’
failed: [euphrates.ict.domain.nl] => {“failed”: true, “item”: “”, “parsed”: false}
invalid output was: Traceback (most recent call last):
File “/home/jurrien/.ansible/tmp/ansible-1381483432.52-169344486506095/lineinfile”, line 1260, in ?
main()
File “/home/jurrien/.ansible/tmp/ansible-1381483432.52-169344486506095/lineinfile”, line 319, in main
ins_aft, ins_bef, create, backup, backrefs)
File “/home/jurrien/.ansible/tmp/ansible-1381483432.52-169344486506095/lineinfile”, line 166, in present
f = open(dest, ‘rb’)
IOError: [Errno 13] Permission denied: ‘/etc/sysconfig/rhn/up2date’
Now trying the test-module…
It looks like the commands aren’t running with sudo…
[jurrien@prdunix0001 ansible]$ ./hacking/test-module -m library/system/user -a “password= name=jurrien”
- including generated source, if any, saving to: /home/jurrien/.ansible_module_generated
- this will offset any line numbers in tracebacks/debuggers!
In version 1.2.2 and 1.2.3 you could forget sudo: yes in the playbooks. In version 1.3 and higher you need to put this in the playbooks if want to use sudo.
Problem solved for me!
What do you mean by “you could forget sudo: yes” ?
Are you saying that ‘–sudo yes’ does not appear to be setting the default for you?
Or do you mean that passing ‘–sudo-user’ doesn’t set the sudo condition to true (this last part is true).
In the playbooks I created when I was using Ansible 1.2.X I didn’t added the option “sudo: yes” but when running the playbook I added the “-K” option because I am using sudo with password to execute the modules/commands.
After upgrading to version 1.3 or higher I need to add “sudo: yes” to each playbook or I get the permission denied errors.
Right, that’s intended.
Because you might have some playbooks running sudo and some not.
If you want to be explicit on the command line you can just say “–sudo” and that will default sudo on for everthing, and fits nicely with the “–ask-sudo-pass” (-K)