After getting the hang of running Ansible on our Linux environment, my team has been tasked with getting it going on AIX. In working with our AIX team, we had to get them to set up AIX to support Python 2.7.5 and a more current version of Sudo (now on 1.8.18p1).
Our Ansible controller connects to the ansible user account on the remote AIX host, which has a sudoers entry as follows:
`
ansible ALL = (ALL) NOPASSWD: ALL,NOSHUTDOWN,NOHALT,NOREBOOT,NOETCLN,NOETCVI,NONETWORK,NOCONFIG
`
Our playbooks work just fine when trying to either be the ansible user account or using the become function to elevate to root. It appears, though, that when trying to use become to impersonate another user, I get the normal “Failed to set permissions on the temporary files Ansible needs to create when becoming an unprivileged user. For information on working around this, see https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user” error.
Our playbook is a simple one:
`
AIX Test
- hosts: aixTest
remote_user: ansible
serial: 99
tasks:
-
name: Touch a file
file:
path: /tmp/ansible_touched_file
state: touch -
name: Ask whoami
shell: whoami
register: whoami -
debug:
msg: “{{whoami.stdout_lines}}” -
name: Ask whoami (as root)
shell: whoami
register: whoami_root
become: yes
become_user: root -
debug:
msg: “{{whoami_root.stdout_lines}}” -
name: Ask whoami (as service)
shell: whoami
register: whoami_service
become: yes
become_user: service -
debug:
msg: “{{whoami_service.stdout_lines}}”
`
I’ve since run the playbook with -vvvv flags, and have attempted to run the command that the AIX server chokes on. It gives me an error that I’m not sure how to work around, and I imagine Ansible doesn’t either.
`
TASK [Ask whoami (as service)] *************************************************
task path: /ansible/aixTest/aixTest.yml:38
ESTABLISH CONNECTION FOR USER: ansible on PORT 22 TO aix0001a
EXEC /bin/sh -c ‘( umask 77 && mkdir -p “echo /tmp/ansible-tmp-1484233367.3-152056486857441” && echo ansible-tmp-1484233367.3-152056486857441=“echo /tmp/ansible-tmp-1484233367.3-152056486857441” ) && sleep 0’
PUT /tmp/tmpFsvfK3 TO /tmp/ansible-tmp-1484233367.3-152056486857441/command
EXEC /bin/sh -c ‘chown -R service /tmp/ansible-tmp-1484233367.3-152056486857441/ && sleep 0’
EXEC /bin/sh -c ‘find /tmp/ansible-tmp-1484233367.3-152056486857441/ -exec setfacl -m u:service:rX ‘"’"’{}‘"’“’ '”‘"’+‘"’"’ && sleep 0’
fatal: [aix0001a]: FAILED! => {“failed”: true, “msg”: “Failed to set permissions on the temporary files Ansible needs to create when becoming an unprivileged user. For information on working around this, see https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user”}
`
When running the play manually, I run into this:
`
$ sudo chown -R service /tmp/ansible-tmp-1484233367.3-152056486857441/
$ sudo find /tmp/ansible-tmp-1484233367.3-152056486857441/ -exec setfacl -m u:service:rX ‘"’“‘{}’”‘"’ ‘"’“‘+’”‘"’
find: 0652-018 An expression term lacks a required parameter.
`
Those of you that have worked with Ansible on AIX, have you had this problem? If so, what did you do to work around it? Open to any and all suggestions.
Thanks!
Nick