I’m having trouble executing my script from a user with sudo access instead of root.
I’m getting “permission denied” errors when playing the playbook, but if I execute the commands manually on the server it works just fine.
I did use “become” to execute the tasks with sudo and the right user.
The (relevant part of the) playbook :
`
I use following which works for me
sudo: yes
but user has sudo to ALL prilvilges
That’s what I’m doing here, as the “sudo” option have been deprecated in favor of “become”.
And my user also have all the privileges (see the output of “sudo -l”). At least if I understand correctly. Anyway it do have the required privilege I can “sudo apt-get install” something with this user and it works.
Try removing all parameters and add “sudo: yes” only ( like below)
I tried and it worked, obviously, because the task is actually run with root (instead of my user with sudo access) which is not what I wanted.
That’s why I’m using “become_user” (equivalent of the now deprecated “sudo_user”), in order to use sudo with my user and not root.
Below the Ansible output :
$ ansible-playbook -K -i test site.yml -vvvv
SUDO password:
PLAY [all] ********************************************************************
GATHERING FACTS ***************************************************************
<[the server name]> ESTABLISH CONNECTION FOR USER: [the user name]
<[the server name]> REMOTE_MODULE setup
<[the server name]> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath=“/home/kevin/.ansible/cp/ansible-ssh-%h-%p-%r” -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=[the user name] -o ConnectTimeout=10 [the server name] /bin/sh -c ‘mkdir -p $HOME/.ansible/tmp/ansible-tmp-1445011786.98-96385272343300 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1445011786.98-96385272343300 && echo $HOME/.ansible/tmp/ansible-tmp-1445011786.98-96385272343300’
<[the server name]> PUT /tmp/tmpzsyZR5 TO /home/[the user name]/.ansible/tmp/ansible-tmp-1445011786.98-96385272343300/setup
<[the server name]> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath=“/home/kevin/.ansible/cp/ansible-ssh-%h-%p-%r” -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=[the user name] -o ConnectTimeout=10 [the server name] /bin/sh -c ‘sudo -k && sudo -H -S -p “[sudo via ansible, key=xlkvnygczvuuuxouqlysjwveacqafobo] password: " -u root /bin/sh -c '”’“‘echo BECOME-SUCCESS-xlkvnygczvuuuxouqlysjwveacqafobo; LANG=C LC_CTYPE=C /usr/bin/python /home/[the user name]/.ansible/tmp/ansible-tmp-1445011786.98-96385272343300/setup; rm -rf /home/[the user name]/.ansible/tmp/ansible-tmp-1445011786.98-96385272343300/ >/dev/null 2>&1’”‘"’’
ok: [[the server name]]
TASK: [Install useful system tools] *******************************************
<[the server name]> ESTABLISH CONNECTION FOR USER: [the user name]
<[the server name]> REMOTE_MODULE apt name=vim,nano,htop,git,subversion,tig,ncdu,nodejs-legacy,npm,mesa-utils state=present
<[the server name]> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath=“/home/kevin/.ansible/cp/ansible-ssh-%h-%p-%r” -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=[the user name] -o ConnectTimeout=10 [the server name] /bin/sh -c ‘mkdir -p $HOME/.ansible/tmp/ansible-tmp-1445011796.4-117959804841916 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1445011796.4-117959804841916 && echo $HOME/.ansible/tmp/ansible-tmp-1445011796.4-117959804841916’
<[the server name]> PUT /tmp/tmpDRxOC1 TO /home/[the user name]/.ansible/tmp/ansible-tmp-1445011796.4-117959804841916/apt
<[the server name]> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath=“/home/kevin/.ansible/cp/ansible-ssh-%h-%p-%r” -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=[the user name] -o ConnectTimeout=10 [the server name] /bin/sh -c ‘sudo -k && sudo -H -S -p “[sudo via ansible, key=zkgarkbubgpvcowmyibknwzfzyeoksnf] password: " -u root /bin/sh -c '”’“‘echo BECOME-SUCCESS-zkgarkbubgpvcowmyibknwzfzyeoksnf; LANG=C LC_CTYPE=C /usr/bin/python /home/[the user name]/.ansible/tmp/ansible-tmp-1445011796.4-117959804841916/apt; rm -rf /home/[the user name]/.ansible/tmp/ansible-tmp-1445011796.4-117959804841916/ >/dev/null 2>&1’”‘"’’
changed: [[the server name]] =>
If you combine become_user with sudo: yes it will do what you want. You can leave sudo_user out.
“ERROR: sudo params (“become”, “become_user”) and su params (“sudo”, “sudo_user”) cannot be used together”
However, it will indeed do what I want if I combine “become: yes” with become_user (as “become” is a replacement for “sudo”, see http://docs.ansible.com/ansible/become.html).
That’s exactly what I was doing in the first place.
The issue, which is why I’m posting here, is that by doing this I got a “Permission denied” error, even though I DO have the permissions as I can do it manually on an SSH terminal with the same user.
ah, sorry about that. You would have to use sudo on the task and become on the overall play. You can not user both “side by side”.
But you are right, you can and should achieve that without the old sudo stuff, I only suggested that because it works for me right now.
Now, I went back and tried to achieve the same thing using only the become params (ssh into other machine, su to another user and execute sudo commands as this user).
unfortunately I was not able to achieve this. The only way was to specify the use of sudo as part of a command/shell/raw command. but not as a parameter to a task :-/
It seems that ansible expects the remote user to have all the sudo rights or directly su to a user having the proper rights.