Hi,
I have a setup where the remote sites are cygwin machines.
The main problem is that sudo is not available in any way (at least, I could not find any information on how to achieve this kind of functionality).
The question is: is it possible to use a different user to connect to the target machine to perform operations requiring “sudo”?
I am not clear on what you are asking for. You can run a playbook as any user ( that you have the credentials for ) Perhaps you could give more details on what it is you are asking for?
in more recent ansible, you can set ‘remote_user:’ at a task level and use that instead of sudo
you also have ‘runas.exe’ as a kind of sudo substitute on windows.
I have had issues with sudo / normal users causing conflicts. At first I made two copies of the playbook and had one with sudo, one without, but that is terrible for maintenance.
The per-task sudo: yes can be helpful for local actions, and per-task remote_user will be handy too. But for running entire playbooks as either sudo or root…
The problem i faced was that i sometimes run as root and sometimes as a sudo user, and unfortunately, unlike a unix shell where running a sudo command as root is fine, ansible errors out with something like
“invalid output was: [sudo via ansible, key=gxdfdfcyogebthrkocompltleramynjw] password:
Sorry, try again.”
My solution now is to set all tasks with
and pass in use_sudo as an extra var ala, ansible-playbook -i hosts site.yml --extra-vars=“use_sudo=yes”.
But it would be nice if ansible just made it possible to run sudo commands as root like normal unix.
Here is a more complete context of the problem i was trying to solve.
admin_user is the sometimes root, sometimes sudo user that can add new users. It failed until I added the “use_sudo” arg as outlined above.
ansible-playbook -i hosts playbooks/utils/sudo_useradd.yml --extra-vars=“hosts=bespin_cluster user=ansible pwd=*** admin_user=root sudo_pwd=required”
in sudo_useradd.yml
TASK: [Add the desired lines] *************************************************
failed: [bespin] => {“failed”: true, “item”: “”, “parsed”: false}
failed: [Linux-Elasticsearch] => {“failed”: true, “item”: “”, “parsed”: false}
invalid output was: [sudo via ansible, key=gxdfdfcyogebthrkocompltleramynjw] password:
Sorry, try again.
in latest devel Already is sudo would not have changed the user it is a noop.
– Michael
Thanks everyone for suggestions (I was a bit away madly doing manual upgrades :)).
So far using different ‘remote_user’ for tasks that do not require special privileges and for those that do sounds exactly what I was looking for (sorry, Jim, I did not describe my problem better).
Hi,
I was facing the same issue until i changed the privilges of normal user to ‘ALL’ in sudoers file. Now ansible playbook doesn’t asks for passwords for this user.