"Unfortunately, it seems that Ansible thinks it is smarter than I am, and refuses to run my modules in sudo if the remote user is root, so everything fails with permission denied errors."
This is true because sudo to the same user causes problems on lots of systems. This is the first I've heard of sudo to root from root giving different behavior than being root. Can you share some more details about your SELinux policy configuration? On Fri, Apr 4, 2014 at 9:02 AM, Dustin C. Hatch <[email protected]>wrote: > In my environment, when a VM is first provisioned, it has no users > other than root, and root has no password. The machines are pre-seeded > with an authorized SSH key so I can log in as root remotely to finish > the set up. These machines have SELinux enforcing the strict policy, > so even logging in as root is insufficient to make any changes, I have > to use sudo to get to the sysadm_r role. Unfortunately, it seems that > Ansible thinks it is smarter than I am, and refuses to run my modules > in sudo if the remote user is root, so everything fails with > permission denied errors. > > Is there a way I can force or trick Ansible into running my plays > through sudo, even when logged in as root? > > Note: one of the steps in my playbook is to set up another user that > will be used for all subsequent Ansible runs; only the initial set up > needs to be run as root. > > Dustin C. Hatch > http://dustin.hatch.name/ > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CAP8b%3Ddz06Gvm--LLgpWF3sDyU%3DQQdWRepO%2B8QYQnui1okhMz6A%40mail.gmail.com > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAEVJ8QOYGqjgCvpLz26H%2BaHguvBe2%2BtePbPVEhvscz-rOwLkmA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
