Privileges for become_user

Hi @ all,

i try to start/stop a service with ansible adn need to execute the comand with sudo:

executing
“sudo /usr/bin/systemctl start filebeat.service”

works pretty fine, but i would like to use the service-modul.

My playbook looks like this:

`

Hi

The user you connect as ('becomeuser' - I suppose that's obfuscated)
isn't allowed to do sudo.
If you fix that things are likely to start working.

On a related note, you can remove become_user as that it set to its
default (root), as well as become_method, which default to sudo.
So basically just "become: true" is needed.

Dick

Make sure user "sudouser" is able to become root with "sudo su".

      me@master: ssh sudouser@hostname
      sudouser@hostname: sudo su
      root@hostname:

Take a look at /etc/sudoers. You can run "sudo /usr/bin/systemctl ..."
because this command it's specifically allowed, I guess.

HTH, Cheers,

  -vlado

Hi, thanks for your answer.

the user is allowed to use sudo. If i change my playbook to:

`

tasks:

  • name: restart Filebeat per Command
    shell: “sudo /usr/bin/systemctl start filebeat.service filebeat.service”

`

its working, but thats not more than a workarround…

I think the problem is, that the sudo-template exactly contains the command “/usr/bin/systemctl * filebeat.service filebeat.service” an ansible uses any other command to start/stop the service

greetz

That is correct, ansible is hard (or impossible) to use with such a restrictive environment:

https://docs.ansible.com/ansible/latest/user_guide/become.html#id13

Use become:true next line of hosts at header.

OK,

the sudo-configuration in our enviroment is pretty strict, so i´m sure, that we couldn´t work with ansible in this cases. “Sudo su” to become root isn´t allowed.

thanks a lot

Hi,

FYI, there are other plugins
https://docs.ansible.com/ansible/latest/plugins/become.html#plugin-list

How are you going to "become" root? Just curious to learn the limitations of
Ansible.

Thank you,

  -vlado

Hi,

ih´ve already seen this page and think that become_exe is what i´m searching for. But i´m not able to download this plugin, the github-page is not available.

Thats how i log in and use sudo-commands manuel on this system:

→ Login with my personal user (No Sudo-privileges)
→ Sudo su - sudouser
→ Type sudo /usr/bin/systemctl start filebeat.service

ansible uses the sudouser directly to execute commands on the remote servers…

Well, when you're not allowed to "become" root then you are not allowed to
configure the system and as result you can´t "work with ansible in this
cases".

Cheers,

  -vlado