Solaris and pfexec, not working?

Archives Ansible Project
1

Hi,
I am not able to get the “ping” modules working when using privilege escalation on Solaris 11.

I am using Ansible 1.9.4 from a CentOS 7.1 control machine:

$ ansible --version ansible 1.9.4 configured module search path = None $ cat /etc/redhat-release CentOS Linux release 7.1.1503 (Core)

Remote server ‘server1’ is Solaris 11.1:

`
-bash-4.1$ uname -a
SunOS dbservere4 5.11 11.1 sun4v sparc sun4v

`

On the remote server ‘server1’ the account used to establish the SSH connection with has ‘pfexec’ privilges to become ‘root’:

`

-bash-4.1$ pfexec id
uid=0(root) gid=0(root)

`

Can someone help me understand why this is not working?

`

$ ANSIBLE_BECOME=True ANSIBLE_BECOME_METHOD=pfexec ansible server1 -m ping
server1 | FAILED => Internal Error: this module does not support running commands via pfexec

`

Thanks,
Thomas

2

1.9 had a skeleton for pfexec support but we never got to test it, it
is now available in 2.0 which is current devel and close to release.

If you really want to test with 1.9, you need to update the following
in the ssh.py or paramiko_ssh.py connection plugin (whichever you are
using).

self.become_methods_supported=['sudo', 'su', 'pbrun']

should look like:

self.become_methods_supported=['sudo', 'su', 'pbrun', 'pfexec']

3

Hi Brian,
thanks for the ‘pfexec’ hints. I tried both changing my Ansible 1.9 files and also tried using Ansible 2.0.0 0.4.beta2. The error messages I now get are similiar although not quiet identical. They both contain “No such file or directory”:

`

Ansible 1.9.4

4

does ping work w/o pfexec?

5

Yes, ping works fine without the Privilege Escalation “pfexec”:

`

[willert@localhost ~]$ ansible dbservere4 -m ping -vvvv
Using /home/willert/.ansible.cfg as config file
Loaded callback minimal of type stdout, v2.0
ESTABLISH SSH CONNECTION FOR USER: None
SSH: EXEC ssh -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/willert/.ansible/cp/ansible-ssh-%h-%p-%r -tt dbservere4 (umask 22 && mkdir -p “$(echo /tmp/.ansible/tmp/ansible-tmp-1447659206.06-120147812768677)” && echo “$(echo /tmp/.ansible/tmp/ansible-tmp-1447659206.06-120147812768677)”)
PUT /tmp/tmprmOes7 TO /tmp/.ansible/tmp/ansible-tmp-1447659206.06-120147812768677/ping
SSH: EXEC sftp -b - -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/willert/.ansible/cp/ansible-ssh-%h-%p-%r [dbservere4]
ESTABLISH SSH CONNECTION FOR USER: None
SSH: EXEC ssh -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/willert/.ansible/cp/ansible-ssh-%h-%p-%r -tt dbservere4 LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 LC_MESSAGES=en_US.UTF-8 /usr/bin/python /tmp/.ansible/tmp/ansible-tmp-1447659206.06-120147812768677/ping; rm -rf “/tmp/.ansible/tmp/ansible-tmp-1447659206.06-120147812768677/” > /dev/null 2>&1
dbservere4 | SUCCESS => {
“changed”: false,
“invocation”: {
“module_args”: {},
“module_name”: “ping”
},
“ping”: “pong”
}

`

/ Thomas

6

Sorry, the example without using “pfexec” was with Ansible 2:

`

[willert@localhost ~]$ ansible --version
ansible 2.0.0
config file = /home/willert/.ansible.cfg
configured module search path = None

`

/ Thomas