Can't Use Standard become_method As Have To Use rootsh. Options?

Hi,

The central IT function at my company allows developers root access to a server for a short period of time to allow us to install any required middelware and application software when we are commissioning a server. I’ve been looking at using Ansible to automate this process to prevent user errors and make the process more efficient. The problem that I’ve run into is that they only allow root access using the following sudo call:

sudo rootsh -i -u root

This uses a logging shell wrapper, rootsh (man page), to log all terminal input and output for audit purposes. We can’t change this and it means we can’t use any of the standard become_methods that Ansible uses.

Is there any way of adding a become_method to Ansible that would call the above command instead of just sudo? Alternatively, is there anyway of getting Ansible to run rootsh when it requests elevated privileges?

I did try the following in the vain hope that it might work, but as I feared, it failed:

site.yml:

`

you can try setting the sudo exe to ‘sudo rootsh’ and add -i as a sudo flag (though ansible tries to avoid login shells for good reasons).

Hey Colin,

Have you had any luck with this? I’m running into some very similar issues.

Thanks!

here my solution:

ansible_host:
egrep “^sudo_exe|^sudo_flags” /etc/ansible/ansible.cfg
sudo_exe = /tmp/ansible_wrapper
sudo_flags =

target_host:
cat /tmp/ansible_wrapper
shift
shift
sudo /usr/bin/rootsh -u root – $@

playbook to create ansible_wrapper:

Hi, I have used the wrapper method. but it’s giving me the privilege escalation time out error.
Ansible Timeout (12s) waiting for privilege escalation prompt
Can you please tell me what you have used on the playbook after setting the wrapper? Thanks.