Separate "users" for normal and "sudo" operations

Hi,

I have a setup where the remote sites are cygwin machines.

The main problem is that sudo is not available in any way (at least, I could not find any information on how to achieve this kind of functionality).

The question is: is it possible to use a different user to connect to the target machine to perform operations requiring “sudo”?

I am not clear on what you are asking for. You can run a playbook as any user ( that you have the credentials for ) Perhaps you could give more details on what it is you are asking for?

in more recent ansible, you can set ‘remote_user:’ at a task level and use that instead of sudo

you also have ‘runas.exe’ as a kind of sudo substitute on windows.

I have had issues with sudo / normal users causing conflicts. At first I made two copies of the playbook and had one with sudo, one without, but that is terrible for maintenance.
The per-task sudo: yes can be helpful for local actions, and per-task remote_user will be handy too. But for running entire playbooks as either sudo or root…

The problem i faced was that i sometimes run as root and sometimes as a sudo user, and unfortunately, unlike a unix shell where running a sudo command as root is fine, ansible errors out with something like

“invalid output was: [sudo via ansible, key=gxdfdfcyogebthrkocompltleramynjw] password:
Sorry, try again.”

My solution now is to set all tasks with

  • hosts: foo
    sudo: “{{use_sudo}}”

and pass in use_sudo as an extra var ala, ansible-playbook -i hosts site.yml --extra-vars=“use_sudo=yes”.
But it would be nice if ansible just made it possible to run sudo commands as root like normal unix.

Here is a more complete context of the problem i was trying to solve.
admin_user is the sometimes root, sometimes sudo user that can add new users. It failed until I added the “use_sudo” arg as outlined above.

ansible-playbook -i hosts playbooks/utils/sudo_useradd.yml --extra-vars=“hosts=bespin_cluster user=ansible pwd=*** admin_user=root sudo_pwd=required”

in sudo_useradd.yml

  • hosts: “{{hosts}}”
    vars:
    pwd_sudo_line: “%sudo ALL=(ALL) ALL”
    no_pwd_sudo_line: “%sudo ALL=(ALL) NOPASSWD: ALL”
    sudoers_line: “{{pwd_sudo_line}}” # default, can be over-ridden
    user: “{{admin_user}}”
    sudo: yes
    tasks:

TASK: [Add the desired lines] *************************************************
failed: [bespin] => {“failed”: true, “item”: “”, “parsed”: false}
failed: [Linux-Elasticsearch] => {“failed”: true, “item”: “”, “parsed”: false}
invalid output was: [sudo via ansible, key=gxdfdfcyogebthrkocompltleramynjw] password:
Sorry, try again.

in latest devel Already is sudo would not have changed the user it is a noop.

– Michael

Thanks everyone for suggestions (I was a bit away madly doing manual upgrades :)).

So far using different ‘remote_user’ for tasks that do not require special privileges and for those that do sounds exactly what I was looking for (sorry, Jim, I did not describe my problem better).

Hi,

I was facing the same issue until i changed the privilges of normal user to ‘ALL’ in sudoers file. Now ansible playbook doesn’t asks for passwords for this user.