Hi,
I’m connecting to my host as “user1” and my become user name is “user2”. The only account that has sudo privs to run the “do-something” command is user1.
Attempt 1:
I’m trying to run the following task, but it doesn’t work because ansible isn’t providing the password to the host and it sits there until it times out:
task:
name: apply configurator on {{ inventory_hostname }}
become: false
shell: “sudo /usr/bin/do-something”
output:
**Attempt 2:**
I then tried to run the following task, but it doesn't work because it runs as *user2*, but that's not what I want because *user2* doesn't have sudo privs:
task:
> - name: apply configurator on {{ inventory_hostname }}
I then try to run the following task, but it hangs as it waits for credentials for *user2*'s password, which ansible will not provide (even it it worked):
I've even tried setting the become_user to *user1*, but that doesn't work either. Using "sudo" in the shell command causes it to hang because a prompt for password is waiting whereas keeping "sudo" out gets me another permission error.
Any help is greatly appreciated.
Thanks,
Kevin
Hi Tony,
Thanks for the tip. Unfortunately, I can’t modify this file, but I did find a solution! Although, it does look like there may be a bug in Ansible (version 2.4.2.0).
It’s worth noting that I had the following in my inventory group vars file:
ansible_become_user: user2
I tried the following task:
name: Configurator command needs to be run
become_user: root
shell: “/usr/bin/do-something”
Which also didn’t work because ansible reported that I didn’t have privileges (same error as I reported above with attempts 2).
Later, I removed then ansible_become_user variable setting from my inventory group vars file and re-ran the task with success!
Looking at the variable precedence documentation, it says that task variable settings are higher precedence then inventory group variables.
I’m I looking at this the wrong way? Or shouldn’t this have worked by setting the become_user to root in the task no matter what’s in the inventory group vars file?
They are not the same, but they are related, 'ansible_become_user' is
a 'connection variable' which has higher precedence than 'become_user'
which is a playbook keyword.
The former is meant to be specific to a host/group of hosts to provide
a way to deal with heterogeneous environments, the latter is a way to
make play/task specific usage and expected to work in more homogeneous
environments.