What about on cases that you can't have ALL on the sudoers? For example i can't execute /bin/sh with sudo, is there any way to make the module not execute /bin/sh first? Just execute the commands without /bin/sh in the beginning?
On Thursday, 10 March 2016 14:05:29 UTC+1, Mark Janssen wrote: > > Ansible needs to be able to run 'ALL' commands... > > so: > > xxxx ALL=(ALL) ALL > > As it doesn't run su or anything directly, but runs python which exec's > stuff later. > > Mark > > On Thu, Mar 10, 2016 at 1:11 AM, Juan Roman <[email protected] > <javascript:>> wrote: > >> Sorry is this has been posted and answered by I find nothing while >> searching. I'm attempting to connect to my AIX server but can't sudo. >> >> Here's my sudo setup. >> >> xxxxx ALL=(ALL) /usr/bin/su -,/usr/bin/su - >> >> >> >> >> GATHERING FACTS >> *************************************************************** >> <aixserver.com> ESTABLISH CONNECTION FOR USER: userXX >> <aixserver.com> REMOTE_MODULE setup CHECKMODE=True >> <aixserver.com> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o >> ControlPersist=60s -o >> ControlPath="/home/userXX/.ansible/cp/ansible-ssh-%h-%p-%r" -o >> KbdInteractiveAuthentication=no -o >> PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey >> -o PasswordAuthentication=no -o ConnectTimeout=10 aixserver.com /bin/sh >> -c 'mkdir -p /tmp/ansible-tmp-1457568234.68-267839190034318 && chmod a+rx >> /tmp/ansible-tmp-1457568234.68-267839190034318 && echo >> /tmp/ansible-tmp-1457568234.68-267839190034318' >> <aixserver.com> PUT /tmp/tmpMNXTOm TO >> /tmp/ansible-tmp-1457568234.68-267839190034318/setup >> <aixserver.com> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o >> ControlPersist=60s -o >> ControlPath="/home/userXX/.ansible/cp/ansible-ssh-%h-%p-%r" -o >> KbdInteractiveAuthentication=no -o >> PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey >> -o PasswordAuthentication=no -o ConnectTimeout=10 aixserver.com /bin/sh >> -c 'sudo -k && sudo -H -S -p "[sudo via ansible, >> key=stujpsrxsgjiigrjvzefkwkrkuvaxyhs] password: " -u root /bin/sh -c >> '"'"'echo BECOME-SUCCESS-stujpsrxsgjiigrjvzefkwkrkuvaxyhs; LANG=C >> LC_CTYPE=C /usr/bin/python >> /tmp/ansible-tmp-1457568234.68-267839190034318/setup; rm -rf >> /tmp/ansible-tmp-1457568234.68-267839190034318/ >/dev/null 2>&1'"'"'' >> failed: [aixserver.com] => {"failed": true, "parsed": false} >> >> Sorry, user userXX is not allowed to execute '/bin/sh -c echo >> BECOME-SUCCESS-stujpsrxsgjiigrjvzefkwkrkuvaxyhs; LANG=C LC_CTYPE=C >> /usr/bin/python /tmp/ansible-tmp-1457568234.68-267839190034318/setup; rm >> -rf /tmp/ansible-tmp-1457568234.68-267839190034318/ >/dev/null 2>&1' as >> root on ti1wps2. >> debug1: mux_client_request_session: master session id: 2 >> debug3: mux_client_read_packet: read header failed: Broken pipe >> debug2: Received exit status from master 1 >> Shared connection to aixserver.com closed. >> >> >> TASK: [iib-bin | Change Directory to $IIB_ROOT_INSTALL] >> *********************** >> FATAL: no hosts matched or all hosts have already failed -- aborting >> >> >> PLAY RECAP >> ******************************************************************** >> to retry, use: --limit @/home/userXX/site.retry >> >> aixserver.com : ok=0 changed=0 unreachable=0 failed=1 >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To post to this group, send email to [email protected] >> <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/cac9d97c-3cd5-41b4-acfc-68fe75a072ca%40googlegroups.com >> >> <https://groups.google.com/d/msgid/ansible-project/cac9d97c-3cd5-41b4-acfc-68fe75a072ca%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > Mark Janssen -- maniac(at)maniac.nl > Unix / Linux Open-Source and Internet Consultant > Maniac.nl Sig-IO.nl Vps.Stoned-IT.com > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/a2073d7a-c43b-4438-b815-035abde1d3df%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
