I’m trying to find the equivalent of
`
ansible dev -a “/opt/pb/bin/pbrun su tomcat -c echo hi” -u aneesh
`
(this works)
I tried with
`
ansible dev -a “echo hi” -u aneesh --become-user=tomcat–become-method=pbrun -b
`
but it gave me the response
“failed”: true,
“msg”: "/bin/sh: pbrun: command not found\r\nOpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug1: mux_client_request_session: master session id:…
so I moved pbrun on the dev host to /bin/pbrun
and now it shows the error
“failed”: true,
“msg”: "usage: pbrun [-D level] -h | -K | -k | -V\r\nusage: pbrun -v [-AknS] [-D level] [-g groupname|#gid] [-p prompt] [-u user\r\n name|#uid]\r\nusage: pbrun -l[l] [-AknS] [-D level] [-g groupname|#gid] [-p prompt] [-U user\r\n name] [-u user name|#uid] [-g groupname|#gid] [command]\r\n…
Any idea how I can get this working?
basically this is what I’m trying to do :
ansible@ansible>ssh aneesh@dev aneesh@dev. pbrun su tomcat tomcat@dev> echo hi
Thanks,
Aneesh
ansible cannot chain privilege escalation methods, it can either use
pbrun or su, but not both. pbrun should be able to allow you to
execute all commands as a user w/o needing su.
Thanks Brian 
I do have access to execute certain sudo commands without chaining privilege escalation methods.
sudo -l
gives me a list of what I can execute.
But Ansible seems to be executing something other than this. For example I get the below error while running a playbook which has ‘sudo: yes’ set
and it fails with the below error
PLAY [ui] *********************************************************************
GATHERING FACTS ***************************************************************
fatal: [myhost] => Missing become password
Is there a way to find out what sudo command is being executed in the background?
Thanks,
Aneesh
use -vvvv to show the exact things being run, the message you are
seeing implies you need to provide a sudo password
Thanks for the very quick response Brian.
I see that it’s trying to execute
sudo -k && sudo -H -S -p “[sudo via ansible, key=abcdefghijk] password: " -u root /bin/sh -c '”‘“‘echo BECOME-SUCCESS-abcdefghijk; LANG=C LC_CTYPE=C /usr/bin/python /home/aneesh/.ansible/tmp/ansible-tmp-1433392081.2-227386081264121/setup; rm -rf /home/aneesh/.ansible/tmp/ansible-tmp-1433392081.2-227386081264121/ >/dev/null 2>&1’”’"
Is there a way to make Ansible use /bin/bash instead of /bin/sh
sudo -l
tells me that I have
(root) NOPASSWD: /bin/bash
So I’m guessing that it should work if I’m able to change the shell using some config?
try setting 'sudo_exe=/bin/bash in ansible.cfg or export ANSIBLE_SUDO_EXE=/bin/bash in your cli and then running the playbook,
usually /bin/sh is link to /bin/bash in centos/rhel systems.
Thanks Benno,
I hope you meant setting ‘executable = /bin/bash’ in ansible.cfg?
ohh sorry yes, the variable i mentioned is used to change the ‘sudo’ binary.
Thank you Benno and Brian,
that worked perfectly