The part in the script befor "name: Show /etc/ssh/sshd_config file content"
works well, however, when it trys to cat the /etc/ssh/sshd_config file, it
failed and complains ""stderr_lines": ["/bin/cat: /etc/ssh/sshd_config:
Permission denied"]" Any gurus here can help me with this?
On Friday, February 22, 2019 at 2:48:23 PM UTC-8, Jason Yu wrote:
>
> The Configure_Base_Linux.yml file is as following:
>
> - name: Configure BASE Linux Servers
> hosts: linux
> gather_facts: true
> become: yes
> become_user: root
> pre_tasks:
> - name: Debug
> raw: sleep 1
> - name: get the username running the deploy
> become: false
> local_action: command whoami
> register: username_on_the_host
> - debug: var=username_on_the_host
>
>
>
> - name: Show /etc/ssh/sshd_config file content
> command: /bin/cat /etc/ssh/sshd_config
> register: cat
> become: yes
> become_method: su
> become_user: root
> - debug: var=cat.stdout_lines
>
> On Friday, February 22, 2019 at 2:47:03 PM UTC-8, Jason Yu wrote:
>>
>> Thank you for your help, it still didn't work. In fact, I changed the
>> module to cat a file /etc/sshd/sshd.conf but I got the same permission
>> error:
>>
>> amazon-ebs: TASK [Show /etc/ssh/sshd_config file content]
>> **********************************
>> amazon-ebs: fatal: [default]: FAILED! => {"changed": true, "cmd":
>> ["/bin/cat", "/etc/ssh/sshd_config"], "delta": "0:00:00.005604", "end":
>> "2019-02-22 22:43:50.264420", "msg": "non-zero return code", "rc": 1,
>> "start": "2019-02-22 22:43:50.258816", "stderr": "/bin/cat:
>> /etc/ssh/sshd_config: Permission denied", "stderr_lines": ["/bin/cat:
>> /etc/ssh/sshd_config: Permission denied"], "stdout": "", "stdout_lines": []}
>> amazon-ebs: to retry, use: --limit
>> @/workdir/Ansible/playbooks/common/Configure_Base_Linux.retry
>>
>>
>> is it a "privilege escalation" error in ansible ?
>>
>> On Thursday, February 21, 2019 at 8:09:39 PM UTC-8, fedoraproject wrote:
>>>
>>> Just a guess, but is the file immutable?
>>>
>>> Try deleting after 'chattr -i etc/yum.repos.d/redhat-rhui.repo'
>>>
>>> Can you delete by hand on the command line?
>>>
>>> In any case, this is a better question for the ansible-project mailing
>>> list.
>>>
>>> V/r,
>>> James Cassell
>>>
>>> On Thu, Feb 21, 2019, at 9:08 PM, Jason Yu wrote:
>>> > I got the following error when I tried to remove the
>>> > /etc/yum.repos.d/redhat-rhui.repo file. My playbook is as following:
>>> >
>>> >
>>> > - name: Configure BASE Linux Servers
>>> > hosts: linux
>>> > gather_facts: true
>>> > become: yes
>>> > become_user: root
>>> > pre_tasks:
>>> > - name: Debug
>>> > raw: sleep 1
>>> > - name: get the username running the deploy
>>> > become: false
>>> > local_action: command whoami
>>> > register: username_on_the_host
>>> > - debug: var=username_on_the_host
>>> > - name: Remove AWS RHUI
>>> > file:
>>> > path: "{{ item }}"
>>> > state: absent
>>> > force: yes
>>> > with_items:
>>> > - /etc/yum.repos.d/redhat-rhui.repo
>>> >
>>> > roles:
>>> > - { role: linux_common, tags: linux_common }
>>> > - { role: deep_security_agent, tags: deep_security_agent }
>>> >
>>> >
>>> >
>>> >
>>> > *********output with error *********************************
>>> > amazon-ebs: changed: [default]
>>> > amazon-ebs:
>>> > amazon-ebs: TASK [get the username running the deploy]
>>> > **************************** *********
>>> > amazon-ebs: changed: [default -> localhost]
>>> > amazon-ebs:
>>> > amazon-ebs: TASK [debug]
>>> > **********************************************************
>>>
>>> > *********
>>> > amazon-ebs: ok: [default] => {
>>> > amazon-ebs: "username_on_the_host": {
>>> > amazon-ebs: "changed": true,
>>> > amazon-ebs: "cmd": [
>>> > amazon-ebs: "whoami"
>>> > amazon-ebs: ],
>>> > amazon-ebs: "delta": "0:00:01.747620",
>>> > amazon-ebs: "end": "2019-02-22 02:03:25.776013",
>>> > amazon-ebs: "failed": false,
>>> > amazon-ebs: "rc": 0,
>>> > amazon-ebs: "start": "2019-02-22 02:03:24.028393",
>>> > amazon-ebs: "stderr": "",
>>> > amazon-ebs: "stderr_lines": [],
>>> > amazon-ebs: "stdout": "root",
>>> > amazon-ebs: "stdout_lines": [
>>> > amazon-ebs: "root"
>>> > amazon-ebs: ]
>>> > amazon-ebs: }
>>> > amazon-ebs: }
>>> > amazon-ebs:
>>> > amazon-ebs: TASK [Remove AWS RHUI]
>>> > ************************************************
>>>
>>> > *********
>>> > amazon-ebs: failed: [default]
>>> (item=/etc/yum.repos.d/redhat-rhui.repo)
>>> > => {"changed ": false, "gid": 0, "group":
>>> "root",
>>> > "item": "/etc/yum.repos.d/redhat-rhui.repo", "mode
>>>
>>> > ": "0644", "msg": "unlinking failed: [Errno 13] Permission denied:
>>> > '/etc/yum.repos.d/re dhat-rhui.repo' ",
>>> "owner":
>>> > "root", "path": "/etc/yum.repos.d/redhat-rhui.repo", "secon
>>>
>>> > text": "system_u:object_r:system_conf_t:s0", "size": 8679,
>>> "state":
>>> > "file", "uid": 0}
>>> > amazon-ebs: to retry, use: --limit
>>> > @/workdir/Ansible/playbooks/common/Confi
>>> > gure_Base_Linux.retry
>>> > amazon-ebs:
>>> > amazon-ebs: PLAY RECAP
>>> > ************************************************************
>>>
>>> > *********
>>> > amazon-ebs: default : ok=4 changed=2
>>> > unreachable=0 fail ed=1
>>> > amazon-ebs:
>>> > ==> amazon-ebs: Terminating the source AWS instance...
>>> > ==> amazon-ebs: Cleaning up any extra volumes...
>>> > ==> amazon-ebs: No volumes to clean up, skipping
>>> > ==> amazon-ebs: Deleting temporary security group...
>>> > ==> amazon-ebs: Deleting temporary keypair...
>>> > Build 'amazon-ebs' errored: Error executing Ansible: Non-zero exit
>>> status:
>>> > exit status 2
>>> >
>>> > ==> Some builds didn't complete successfully and had errors:
>>> > --> amazon-ebs: Error executing Ansible: Non-zero exit status: exit
>>> status 2
>>> >
>>> > ==> Builds finished but no artifacts were created.
>>> >
>>> > --
>>> > You received this message because you are subscribed to the Google
>>> > Groups "Ansible Development" group.
>>> > To unsubscribe from this group and stop receiving emails from it, send
>>> > an email to ansible-deve...@googlegroups.com.
>>> > For more options, visit https://groups.google.com/d/optout.
>>>
>>
--
You received this message because you are subscribed to the Google Groups
"Ansible Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-devel+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
