Hi
James: This is one of the playbooks I've tried:
---
- hosts: clientbox
gather_facts: no
tasks:
- name: cp sudoers from /etc to /tmp
command: /bin/cp /etc/sudoers /tmp/cpsudoers
- name: change permissions of /tmp/sudoers
file: src=/tmp/cpsudoers mode=0777
- name: fetch sudoers
fetch: src=/tmp/cpsudoers dest=/ansible/deployment/files/backup/sap/
sap-t
- name: rm /tmp/sudoers
command: removes=/tmp/cpsudoers
And this is the result:
$ ap ~/deployment/playbooks/fetch_files_from_server.yml -Kvvvv
sudo password:
PLAY [clientbox]
******************************************************************
TASK: [cp sudoers from /etc to /tmp]
******************************************
<clientbox> ESTABLISH CONNECTION FOR USER: ansible
<clientbox> REMOTE_MODULE command /bin/cp /etc/sudoers /tmp/cpsudoers
<clientbox> EXEC ['ssh', '-C', '-vvv', '-o', 'PasswordAuthentication=no',
'-o', 'ControlMaster=auto', '-o', 'ControlPath=~/tmp/ansible-ssh-%h-%p-%r',
'-o', 'Port=22', '-o', 'KbdInteractiveAuthentication=no', '-o',
'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey',
'-o', 'PasswordAuthentication=no', '-o', 'ConnectTimeout=30', 'clientbox',
'/bin/bash
-c /usr/bin/python']
EXEC previous known host file not found for clientbox
failed: [clientbox] => {"changed": true, "cmd": ["/bin/cp", "/etc/sudoers",
"/tmp/cpsudoers"], "delta": "0:00:00.005682", "end": "2014-04-09
08:57:11.603329", "rc": 1, "start": "2014-04-09 08:57:11.597647"}
stderr: /bin/cp: cannot open `/etc/sudoers' for reading: Permission denied
FATAL: all hosts have already failed -- aborting
PLAY RECAP
********************************************************************
to retry, use: --limit @/ansible/fetch_files_from_server.retry
clientbox : ok=0 changed=0 unreachable=0
failed=1
Petr: I get the same result as an ad-hoc command:
$ a -m fetch -a "src=/etc/sudoers
dest=/ansible/deployment/files/backup/sap/sap-t" clientbox -K
sudo password:
clientbox | success >> {
"changed": false,
"file": "/etc/sudoers",
"msg": "no read permission on remote file, not transferring, ignored"
}
But of course, the twist is, that this actually works:
$ ssh -t clientbox "sudo -Hi cp /etc/sudoers /tmp/temp_sudoers && sudo -Hi
chmod 777 /tmp/temp_sudoers && scp
/tmp/temp_sudoers ansible-masterbox:/tmp/"
Please enter the password for user ansible:
ansible@ansible-masterbox's password:
temp_sudoers
100% 10KB 9.9KB/s 00:00
Connection to clientbox closed.
$ ll /tmp/*sudo*
-rwxr-xr-x 1 ansible ansible 10092 Apr 9 09:11 /tmp/temp_sudoers*
And in theory it is the very same logic. Ansible actually uses "sudo -Hi"
to log in to the boxes.
Thanks both for the time.
Any insights into this, greatly appreciated.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/19e01249-4c82-4204-bd35-c4e2a8557832%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
