Hi Team,
we have developed playbook for oracle backup, but we are having big roadblock to use privilege escalation.
we are using become_user mentod for privilege escalation but in our env for security reason unix team has added script which prompts ticket number after switching user.
so i can handle this in become_user method.
existing setput in my env.
login to redhat server using my person id
username:hitesh
…
…connected.
dzdo su - oracle
Please enter ticket number: INC00000
connected…
below is code which i have developed.
- name: Get oracle user from oracledb
shell: ps -ef| grep pmon|grep -v ‘grep’|grep {{ db_list[0] }}|awk ‘{print $1}’
register: oracleuser
- name: Get the oracle_group
shell: id -gn “{{ oracleuser.stdout_lines[0] }}”
register: oraclegroup
- name : create permafrost directory
file :
path : /tmp/permafrost/
state: directory
mode: “u+rwx,g+rwx,o+rwx”
become: true
become_user: “{{ oracleuser.stdout_lines[0] }}”
#owner: “{{ oracleuser.stdout_lines[0] }}”
#group: “{{ oraclegroup.stdout_lines[0] }}”
- name: Copy script file to dbserver
copy:
src: runme.sh
dest: /tmp/permafrost/
mode: “u+rwx,g+rwx,o+rwx”
- name: Run the permafrost script for each databases
#ga_db_sid: “{{ item_permafrost }}”
command: /bin/ksh runme.sh “{{ item_permafrost }}” “{{ gac_permafrost_path }}” “{{ gac_test_mount_only }}”
args:
chdir: /tmp/permafrost/
become: true
become_user: “{{ oracleuser.stdout_lines[0] }}”
register: permafrostscript_output
with_items: “{{ db_list }}”
loop_control:
loop_var: item_permafrost
please help me on this.