I am writing a playbook that will cover a wide ranged of hosts some that is integrated into AD with sudo privileges and others with just a local “root” account. I currently have the playbook written with the become module and it works fine for AD integrated hosts but when i specify a root user it throws the error “needs sudo password” when I set become_user: root it works fine for root accounts but it gives sudo errors when using AD integrated users. Is it possible to have a playbook use sudo passwords when the user specified (through command line -u) is not root?
You could use something like the following:
- name: Set sudo Passwort
set_fact:
ansible_become_pass: “{{ my_encrypted_password }}”
when: ansible_user == ‘non-root-user’
Hey Daniel,
That definitely looks like it can work but that would mean that I would have to specify one password for sudo accross all devices? As there are tons of devices and tons of “admin” accounts for users who are able to perform these action it wont be possible for me to place one password under ansible_become_pass. Is it possible for the password to be taken from the password entered when running the playbook or for the playbook to skip become all together when ansible_user != ‘root’?
I’ve tried this:
become: true
when: ansible_user != ‘root’
no luck
A very simple fix was to just change become:true to become:yes and root authentication works as long as you dont specify sudo password in command line (-K) and specify root account with -u
I thought become: True and become: yes are “the same”?!
That’s what I thought! Apparently they’re not because if I use true it works fine when specifying root account. I’ve tried googling to find the difference but no luck. I guess that’s my next question on here? Lol