Hi All,
I’m new here, but I’ll try and cover my bases. (sorry if its a little long winded)
I’m running awx 15.0.1 in a podman pod using docker containers (just for background).
I’ve ran into multiple issues with having a playbook that will work outside of awx, just in plan ole ansible, however when I try to run it in awx I get plays that won’t work unless I’m specifically using the root account.
The user is typically a service account (I understand this isn’t the best for security practices, however using a named account to run automated tasks on a schedule isn’t ideal either).
In any case the user is part of the wheel group and therefore has admin rights. I found issues with this particularly not working when trying to run plays to patch systems. Ansible specifically told me that a root account was needed. I found a way to resolve this by adding a configuration file to sudoers.d to correct how tty views the connection (I’m not super familiar with what this is doing to be honest). This allowed me to run patching with the desired account.
I now have found that if I need to run a play that uses the “command” module it causes the play to hang and doesn’t give a reason. The reason I believe is because the command it’s trying to pass requires sudo/root rights to run. The playbook is already set to become using sudo. Again this works fine if I use the root account. Just not my service account.
How does the user account need to be configured to run exactly as root does to avoid using the root account, or how can I at least correct this so that it works as expected with the current configuration?