Hello Team,
Can some one tell me do we need user to b in /etc/sudoers file of all servers if we wish to execute /sbin/vgs command on all servers.
also how can we we store global username password variable for ansible which is accesible for all other ansible components.
Sameer
There are various ways to become ( http://docs.ansible.com/ansible/latest/become.html#directives ) and sudo is just one of them. So no you don’t have to add a user to all systems sudoers file but I would hope you have a directory service that manages this for you.
The vault would be good for storing passwords and managing them http://docs.ansible.com/ansible/latest/playbooks_vault.html
When i use following command it aks me two passwords one ssh and other one for sudo. It should only asks password once as it is same password
ansible -k -m shell -a “/sbin/vgs” all
Below is the ansible.cfg config.
[privilege_escalation]
become=True
become_method=sudo
become_user=root
become_ask_pass=False — If this is false then why it is asking me the password.
It returns module failed if user smodak is not in sudoers file
ansible -b -k -m shell -a “/sbin/vgs” all
SSH password:
SUDO password[defaults to SSH password]:
NESBWDA01 | FAILED | rc=0 >>
MODULE FAILURE ----->
How to get the output even if user is not in sudoers file
Sameer
I am making assumptions about what you are attempting to do but try http://lathama.com/post/ansible-one-liners and an example inventory I have for testing is
‘’’
[local]
localhost ansible_python_interpreter=/usr/bin/python3 ansible_user=lathama ansible_become=root ansible_become_method=su
‘’’
I tried with given command but it does not work.
I will repeat my question. My question is we have 20 servers in inventory file and i want /sbin/vgs data using below command
ansible -b -k -m shell -a “/sbin/vgs” all
Now out of 20 server 2 servers does not have smodak account in /etc/sudoers file so i m getting below error for those
SUDO password[defaults to SSH password]:
NESBWDA01 | FAILED | rc=0 >>
MODULE FAILURE
How we can resolve this without adding smodak account in /etc/sudoers
Not sure why you wouldn't set-up sudoers for somethings like this,
but...
If you have a look at output of ansible --help you will notice there is
a couple of different arguments related to switching users.
In your case, you should try running something similar to:
ansible --ask-become-pass --become-method su -b -k -m shell -a "/sbin/vgs" all
This will prompt you for two passwords - one for SSH connection, and
one for the _root_ user.
Best regards
Hi,
/sbin/vgs command need to be root
So you need sudo or root direct access to use this command
ansible is not that magic... if you can't do it with shell, you can't do
it via ansible
Regards,
JYL
Hello Team,
when i run below command without -k switch it asks for one sudo password and fails on all server.
[smodak@hel-shell-2 tasks]$ ansible all -a “/bin/date”
SUDO password:
NESECDA01 | UNREACHABLE! => {
“changed”: false,
“msg”: “Failed to connect to the host via ssh: Permission denied (publickey,keyboard-interactive).\r\n”,
“unreachable”: true
}
NESGRDDB01 | UNREACHABLE! => {
“changed”: false,
“msg”: “Failed to connect to the host via ssh: \n\t\t\t\t\t\t\t\t\n\tName: Suse-11-SP4-Template \t \n \t\t\t\t\t\t\t\t\n\tType: VMware guest @ R10\t\t\t\t\n\t\t\t\t\t\t\t\t\n\tAuthorized uses only. \t\t\t\t\t\n\tAll activity may be monitored and reported.\t\t\t\n\t\t\t\t\t\t\t\t\n**************\nPermission denied (publickey,keyboard-interactive).\r\n”,
“unreachable”: true
}
But i run as following ansible all -k -a “/bin/date” . It runs well for other server except one server where it(user) does not have sudo permission on server.
[smodak@hel-shell-2 tasks]$ ansible all -k -a “/bin/date”
SSH password:
SUDO password[defaults to SSH password]:
NESBWDA01 | FAILED | rc=0 >>
MODULE FAILURE
Why does not ansible handles by its own if which server require sudo password or which does not.
Also why even for /bin/date it requires sudo permission. Even it should run correctly on server where it does not have sudo permission as this command does not require sudo permission.
when i run below command without -k switch it asks for one sudo password
and fails on all server.
[smodak@hel-shell-2 tasks]$ ansible all -a "/bin/date"
SUDO password:
NESECDA01 | UNREACHABLE! => {
Since you host require a password it will of course fail if you do not provide one.
But i run as following ansible all -k -a "/bin/date" . It runs well for
other server except one server where it(user) does not have sudo permission
on server.[smodak@hel-shell-2 tasks]$ ansible all -k -a "/bin/date"
SSH password:
SUDO password[defaults to SSH password]:
NESBWDA01 | FAILED | rc=0 >>
MODULE FAILUREWhy does not ansible handles by its own if which server require sudo
password or which does not.
Ansible does what you say it to do, run sudo, Ansible don't guess what you are trying to do. It run what you say it should do.
Also why even for /bin/date it requires sudo permission. Even it should run
correctly on server where it does not have sudo permission as this command
does not require sudo permission.
It don't require sudo.
But somewhere in your configuration like ansible.cfg you have become_ask_pass = True and/or ask_sudo_pass = True
That is why Ansible ask for sudo password even without -K on the command line.
Thanks for clearing my doubts.
This will encourage me to dig more.