On 13. sep. 2016 18:41, Mike Schlottman wrote:
I have just started looking into Ansible and have built a server on Centos
7. I generally don't run anything as root so I created an ansible account
and group and chown -R ansible:ansible /etc/ansible.
I assumed that this would be OK, but as I start experimenting with
commands, it does not seem to use sudo the way I had expected.
It's perfectly OK to create a user, Ansible work great with sudo.
As expected this fails because the ansible user does not have access to
read /etc/shadow.
-sh-4.2$ ansible localhost -a '/bin/cat /etc/shadow'
localhost | FAILED | rc=1 >>
/bin/cat: /etc/shadow: Permission denied
When I try -b and --become-user root, I get this.
-sh-4.2$ ansible localhost -a '/bin/cat /etc/shadow' -b --become-user root
localhost | FAILED | rc=0 >>
MODULE FAILURE
[snip]
Am I using --become-user incorrectly?
I would not say so. What you are missng is the sudo password.
The become user is default root, so you do not need to specify that.
And you are using -b for become.
But you must provide the sudo password if you don't have NOPASSWORD in
sudoers.
So this should work for you:
ansible localhost -a 'cat /etc/shadow' -b --ask-sudo-pass
--
Kai Stian Olstad
--
You received this message because you are subscribed to the Google Groups "Ansible
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/1f1aca0c-b0a1-cd44-467d-5c0978add752%40olstad.com.
For more options, visit https://groups.google.com/d/optout.
