Hi,
I’m using “ansible 1.9 (devel b11be68249) last updated 2015/03/17 12:39:00 (GMT +000)” and am facing an issue with the ‘sudo_user’ switch.
My role fails on the postgres user not being able to be authenticated.
The ansible command host is Ubuntu, ansible target is localhost
My playbook looks like this:
So issue seems to be when sudo_user is set at role level, not at play level.
Hi Brian,
Not really. If sudo_user is set only at the play level the sudo user is root:
------- excerpt from the stdout when running with -vvvv --------
"[sudo via ansible, key=vksodlsoxtyvcfgxeosslbsttkfqyzcb] password: " -u root /bin/sh -c
can you show test with the issue at the play level? i cannot
reproduce, i used the following:
- hosts: testmachine
sudo: yes
sudo_user: nobody
tasks:
- template:
src: testfile
dest: /tmp/z
mode: 0600
with -vvvv i can see:
/bin/sh -c 'sudo -k && sudo -H -S -p "[sudo via ansible,
key=cxwmwhlrjpfrghjcbaabmtadbvgcgouq] password: " -u nobody /bin/sh -c
'"'"'echo BECOME-SUCCESS-cxwmwhlrjpfrghjcbaabmtadbvgcgouq; LANG=C
LC_CTYPE=C /usr/bin/python
/tmp/ansible-tmp-1426689710.81-275921666186925/copy'"'"''
What do you mean by ‘show test’?
Did you try when the target machine (your ‘testmachine’) is set to localhost in the inventory?
W dniu środa, 18 marca 2015 14:41:34 UTC użytkownik Brian Coca napisał:
same result if host is localhost, i can reproduce the issue with roles
not picking up sudo_user but not with a play.
Sorry, I need to leave now but will get back to you with an example later today.
Cheers,
Jacek
W dniu środa, 18 marca 2015 14:59:46 UTC użytkownik Brian Coca napisał:
Could it be related to https://github.com/ansible/ansible/issues/10475 ?
No, that is probably a path in the old code that bypasses sudo if you
are already root.
tested with 1.8.4, putting sudo_user on role does not seem to work either.
Hi All,
I’m sending the play and role for you to check (see below).
It doesn’t work right (shows ‘postgres’, ‘root’) with:
ansible 1.9 (devel 73f5a1fcdd) last updated 2015/03/19 13:38:54 (GMT +000)
lib/ansible/modules/core: (detached HEAD 76198a8223) last updated 2015/03/19 13:39:04 (GMT +000)
lib/ansible/modules/extras: (detached HEAD cb848fcd9e) last updated 2015/03/19 13:39:04 (GMT +000)
v2/ansible/modules/core: (detached HEAD 34784b7a61) last updated 2015/03/17 12:39:06 (GMT +000)
v2/ansible/modules/extras: (detached HEAD 46e316a20a) last updated 2015/03/19 13:39:04 (GMT +000)
configured module search path = None
It does work correctly (shows ‘postgres’, ‘postgres’) with:
ansible 1.9 (devel ffb281d96c) last updated 2015/03/19 13:32:20 (GMT +000)
lib/ansible/modules/core: (detached HEAD 618806aeeb) last updated 2015/03/19 13:36:08 (GMT +000)
lib/ansible/modules/extras: (detached HEAD 945da71ce4) last updated 2015/03/19 13:36:08 (GMT +000)
v2/ansible/modules/core: (detached HEAD 34784b7a61) last updated 2015/03/17 12:39:06 (GMT +000)
v2/ansible/modules/extras: (detached HEAD 650d740a3a) last updated 2015/03/19 13:36:09 (GMT +000)
configured module search path = None
--------- test.yml ------
Works as expected, setting sudo_user at role level is not supported.
You can set it at play or task level.
Do you mean that within my original example I’ll need:
I'm looking at the previous stable version 1.8.4 and it does not work
there, in which version did this work for you?
I always worked with sources straight from github. Previously, it worked with 1.7.? (can’t remember exactly) then, sometime in Feb or earlier, I updated to 1.9 (ffb281d96c) and it was ok, too.
W dniu czwartek, 19 marca 2015 15:17:40 UTC użytkownik Brian Coca napisał: