sudo does not seem to work with ansible 1.9

Archives Ansible Project
1

It seems, the sudo option does not work.

I’m asked for the password, but I do not see it working.

Am I missing something?

`
$ ansible -vvvv all --sudo-user sudouser --ask-sudo-pass -a ‘ls -al /opt/SP/sudouser/scripts’
SUDO password:
ESTABLISH CONNECTION FOR USER: cygwinme
REMOTE_MODULE command ls -al /opt/SP/sudouser/scripts
EXEC ssh -C -tt -vvv -o ControlMaster=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 myhost /bin/sh -c ‘mkdir -p $HOME/.ansible/tmp/ansible-tmp-1440686159.76-102172331141486 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1440686159.76-102172331141486 && echo $HOME/.ansible/tmp/ansible-tmp-1440686159.76-102172331141486’
PUT /tmp/tmp3pJW5R TO /home/linuxme/.ansible/tmp/ansible-tmp-1440686159.76-102172331141486/command
EXEC ssh -C -tt -vvv -o ControlMaster=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 myhost /bin/sh -c ‘LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/linuxme/.ansible/tmp/ansible-tmp-1440686159.76-102172331141486/command; rm -rf /home/linuxme/.ansible/tmp/ansible-tmp-1440686159.76-102172331141486/ >/dev/null 2>&1’
myhost | FAILED | rc=2 >>
ls: cannot access /opt/SP/sudouser/scripts: Permission denied

`

2

you are missing the option to enable sudo (--sudo), setting user and
password do not force sudo as you can have that selectively set at the
host level.

3

Thanks a lot. That did it and also showed me that it seems impossible for me to use ansible :frowning:

Unfortunately I’m onlyi allowed to do “sudo -u sudouser” ans not “sudo -u sudouser some arbitrary command”.

This is fine in an interactive session as the allowed command will leave me in a bash. But ansible tries to execute something like:

/bin/sh -c echo BECOME-SUCCESS-somegibberish; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /tmp/ansible-tmp-1440690655.74-51912605722035/command

Or is there also a way around this?

4

Allowing you to get a shell as a user has no real security above
allowing you to run any command directly as a user, this is a minor
sudoers configuration change.

Ansible works by copying scripts to temp dirs and running them (the
modules), this it how it avoids having an agent. If you cannot make
the change above and still don't have permissions to do this you might
want to look at ansible-pull.

5

Allowing you to get a shell as a user has no real security above
allowing you to run any command directly as a user, this is a minor
sudoers configuration change.

I totally agree with you. Unfortunately I’m not in the position to make this change or convince someone to do that.

ansible-pull.

Will check what that is.

Thanks again