Hey!
We can't access the playbook here - https://pastebin.com/edit/9Uvjdupe at
least I can't. pastebin redirects me to the login page. I can however
access default_postgres.yml file
I'm going to assume you are using sudo as become_method. I am also going to
assume selinux is not part of the issue here, nor standard unix permissions
or posix acls.
When you run the task manually: /opt/db/postgres/postgresql/bin/initdb -D
/opt/db/data/postgres/data/ on the target as user postgres ... say you
login as root to the machine then you run su - postgres, right? At this
point you are running commands as postgres.
I'm wondering if you can mimic that very same behaviour adding
become_flags to the equation:
- name: configure postgres - create database
command: "{{ postgres_home }}/bin/initdb -D {{ postgres_data }}"
args:
creates: "{{ postgres_data }}/PG_VERSION"
become: yes
become_flags: "su - {{ ansible_postgres_user }} -c"
become_user: "{{ ansible_postgres_user }}"
Please let me know if that works,
Regards,
El mié, 27 oct 2021 a las 14:32, dulhaver via Ansible Project (<
[email protected]>) escribió:
>
> - here is the entire playbook <https://pastebin.com/edit/9Uvjdupe>
> - here is the defaults_postgres.yml <https://pastebin.com/ZKjis1BA> I
> refer to in it
>
> I am wondering whether the use of a ...
>
> - ansible_become_user: root
> - ansbile_postgres_user: postgres
>
> ... in the same context may be related to my problem
>
>
> On 10/27/2021 1:55 PM dulhaver via Ansible Project <
> [email protected]> wrote:
>
>
> I have a playbook to install postgresql on a rhel8 target
>
>
> one TASK should start the initdb process ...
> \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
>
> - name: configure postgres - create database
> command: "{{ postgres_home }}/bin/initdb -D {{ postgres_data }}"
> args:
> creates: "{{ postgres_data }}/PG_VERSION"
> become: yes
> become_user: postgres
> \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
>
>
>
> but fails with an "initdb: error: cannot be run as root" error *details
> below
>
> \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
>
> TASK [configure postgres - create database]
> **********************************************************************
> fatal: [vm-51150-0180.step.zrz.dvz.cn-mv.de]: FAILED! => changed=true
> cmd:
> - /opt/db/postgres/postgresql/bin/initdb
> - -D
> - /opt/db/data/postgres/data
> delta: '0:00:00.009346'
> end: '2021-10-27 11:54:25.210944'
> msg: non-zero return code
> rc: 1
> start: '2021-10-27 11:54:25.201598'
> stderr: |-
> initdb: error: cannot be run as root
> Please log in (using, e.g., "su") as the (unprivileged) user that will
> own the server process.
> stderr_lines: <omitted>
> stdout: ''
> stdout_lines: <omitted>
> \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
>
>
> the TASK however has a particular become_user: postgres specified.
> Furthermore Selinux is set to @permissive in an erlier TASK.
>
> Manually running /opt/db/postgres/postgresql/bin/initdb -D
> /opt/db/data/postgres/data/ on the target as user postgres works, so I
> can not make much sense of this. It's kind of obvious the become process
> does not work, but I can't figure out why. Plaid a bit with indentation,
> but did not find any solution that works
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/776382835.43477.1635335720976%40office.mailbox.org
> <https://groups.google.com/d/msgid/ansible-project/776382835.43477.1635335720976%40office.mailbox.org?utm_medium=email&utm_source=footer>.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/206501226.44462.1635341565280%40office.mailbox.org
> <https://groups.google.com/d/msgid/ansible-project/206501226.44462.1635341565280%40office.mailbox.org?utm_medium=email&utm_source=footer>
> .
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAFtje5MX0gxwDrsuitrabPQKh%2B_%3DboD%3DWnyGxXx9e7B6vsmFdw%40mail.gmail.com.
