Nah, it wasn't a "use tower" note so much as a "individual commands can't be restricted with sudo" note.
Ansible just doesn't do that. Restricting sudo to not be able to run the "command" module would be super limiting anyway. On Tue, Oct 21, 2014 at 3:35 AM, Alain Kreienbuhl <[email protected]> wrote: > Okay, use tower. I'll check it out. > > Thanks for your answer and congrats for the 1st Ansible Fest. > > Cheers > > Alain > Le 20 oct. 2014 23:07, "Michael DeHaan" <[email protected]> a écrit : > >> Please read the explanation about sudo in the first "note" section under >> >> http://docs.ansible.com/intro_adhoc.html#id8 >> >> >> >> On Fri, Oct 17, 2014 at 12:57 PM, Alainkr <[email protected]> wrote: >> >>> Hello, >>> >>> I'm very puzzled >>> >>> I run usually all my playbooks with a user (user_sys) having full no >>> passwd sudo privileges . >>> Now for the deployment of app I wanted to use the a >>> user (user_adm) having sudo privileges only to what it is actually doing . >>> >>> Since the inventory file is setting ansible_ssh_user to the user_sys, in >>> the deployment playbook I'v specified ansible_ssh_user: user_adm >>> >>> >>> >>> Problem arise very early on with the fact gathering where i'm getting a >>> "Missing sudo password" error message. After disabling that, I'm getting a >>> more ""Missing sudo password" on a shell command that can be run by >>> user_adm. >>> >>> But it looks like ansible is doing sudo -u root /bin/sh -c >>> <ansible_shell>. Of course user_adm can't sudo run a shell as root. I just >>> want to sudo the actual commands ... >>> >>> I'm I stuck here ? Or missing something big ? >>> >>> >>> Thanks for you help >>> >>> Alain >>> >>> >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Ansible Project" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To post to this group, send email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/ansible-project/45b9021e-f9f1-4371-9c42-61e8a278c4d4%40googlegroups.com >>> <https://groups.google.com/d/msgid/ansible-project/45b9021e-f9f1-4371-9c42-61e8a278c4d4%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "Ansible Project" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/ansible-project/VPwO71Ey92E/unsubscribe >> . >> To unsubscribe from this group and all its topics, send an email to >> [email protected]. >> To post to this group, send email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgy6nXY42mA6%2BaEn31NWnbszZjDzmge9XwAMFKRAGD0oow%40mail.gmail.com >> <https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgy6nXY42mA6%2BaEn31NWnbszZjDzmge9XwAMFKRAGD0oow%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CAPyOoB5hZN2_AYkCHMFd609WD7a2Y9C4d6EwC_4hK8fCGdmQHg%40mail.gmail.com > <https://groups.google.com/d/msgid/ansible-project/CAPyOoB5hZN2_AYkCHMFd609WD7a2Y9C4d6EwC_4hK8fCGdmQHg%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgwZGyXekg77Y7QAh4WkFczGkh9TkNRLZ37hoveZ%3DiB6yg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
