Dear Team,
I have written lots of playbooks for our Network Automation Nxos, ios and ASA.
Now trying call someof our playbooks from php web page using shell_exec('anisble_playbok cli command')...
Its throwing an error saying "unable to open shell"
But while executing same playbook from server CLI its working fine.
My doubt while executing from web, its taking user as 'Apache' which is not able to execute this playbook.
Where other users on that same unix server can able to execute that playbook.
So is there any way to change current user or what you suggest as a solution?
I have tried with become but didnt worked for me.
Sayantan Laha
Mike_A
October 18, 2019, 4:29am
2
Hi Sayantan
Not sure if would be the greatest idea from a security perspective to allow PHP to run something as a more privileged user.
Could you not host an API somewhere running as one of those users and the PHP triggers that API which then in turn makes the call?
In terms of actually answering it though, you could execute a one liner to sudo su to your chosen user and pass the command in to execute also.
Not strictly Ansible related though.
Kind regards
Mike
Thanks Mike for your quick revert.
Let me try with API cancept.
Thanks once again.
Sayantan
Mike_A
October 18, 2019, 4:54am
4
Did you grant permission for your user to sudo to the privileged user in /etc/sudoers?