I am having trouble with configuring Ansible and sudo to allow me to SSH into a server and run a command as another user. I have gone through the questions / answers below and the Ansible documentation here: http://docs.ansible.com/intro_inventory.html
But I still can not get it to work. Please can someone put me on the right track. References: http://stackoverflow.com/questions/24743085/ansible-ssh-as-one-user-and-sudo-as-another http://serverfault.com/questions/559154/ansible-using-different-sudo-user-for-different-hosts *I am trying to do this:* server-01 client-01 -------------- --------- foo ----> ssh ---> foo bar - sudo as root user Using Ansible, connect from: server-01 to: client-01 using the user foo and then use sudo to run a command as user bar User bar is setup to be able to run any command. However, I am not sure where the problem is, with sudo or Ansible. I think the problem is with sudo but I am not sure where. *This ansible command works:* [foo@server-01 ~]$ *ansible client-01 -m raw -a "touch /var/tmp/testfile" --ask-sudo-pass* sudo password: ********* ( password for foo user ) client-01 | success | rc=0 >> *This one does not:* *ansible client-01 -m raw -a "touch /etc/testfile" --ask-sudo-pass* sudo password: ********* ( password for foo user ) client-01 | FAILED | rc=1 >> touch: cannot touch `/etc/testfile': Permission denied I have SSH authentication without a password setup between server-01 and client-01 for user foo and it works OK. [foo@server-01 ~]$ id uid=96(foo) gid=96(foo) groups=96(foo) [foo@server-01 ~]$ su - foo Password: [foo@server-01 ~]$ [foo@server-01 ~]$ [foo@server-01 ~]$ ssh client-01 Last login: Thu Jan 15 16:32:05 2015 from server-01.voodooit.co.uk [foo@client-01 ~]$ *This is my setup:* server-01: /etc/ansible/hosts ------------------------------------- # Ansible Inventory file [clients] client-01 ansible_sudo=true ansible_ssh_user=foo ansible_sudo_user=bar client-01: /etc/sudoers ------------------------------------- [root@client-01 ~]# cat /etc/sudoers ## root can run any command anywhere root ALL=(ALL) ALL bar ALL=(ALL) ALL foo ALL=(bar) NOPASSWD: ALL -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/ac9a350b-b78b-40f8-8b00-94c583de3442%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
