Hi
Thanks for the reply. Sorry though, I do not understand. Perhaps I am just
being thick.
I have read the documentation here:
http://docs.ansible.com/intro_inventory.html
but can not get it to work.
I can setup Ansible to perform tasks using the root user account to SSH
directly as root and then run commands on a remote server using the root
user.
I can setup Ansible to perform tasks using a non-root user account to SSH
directly and then run commands on the remote server as the same user if
sudo is setup to run as root either with a password or without.
However, I do not understand how to use Ansible to run commands on a remote
server if the account used for SSH and the account with sudo as root on the
remote server are different.
For example, this is the setup,
User foo can ssh to server1 without a password
User bar is setup in sudo to run root commands on server1 but does not
allow ssh from the Ansible server.
Ansible Server server1
---------------------- -----------
foo ----> ssh ---> foo
bar - sudo as root
user
Configuration: server1 - /etc/sudoers
-----------------------------------------------------
foo ALL=(bar) ALL
bar ALL=(ALL) NOPASSWD: ALL
Configuration - Ansible server - /etc/ansible/hosts
-----------------------------------------------------------------------------
# Ansible Inventory file
[clients]
server1 ansible_sudo=true ansible_ssh_user=foo ansible_sudo_user=bar
Command used (run as user foo) on the Ansible server
----------------------------------------------------------------------------------------
[foo@server-01 ~]$ ansible client-01 -m raw -a "touch /var/tmp/testfile"
--ask-sudo-pass
sudo password:
client-01 | success | rc=0 >>
[foo@server-01 ~]$ ansible client-01 -m raw -a "touch /var/testfile"
--ask-sudo-pass
sudo password:
client-01 | FAILED | rc=1 >>
touch: cannot touch `/var/testfile': Permission denied
On Thursday, 15 January 2015 17:14:44 UTC, Brian Coca wrote:
>
> first, the following line shows you should not need a password for
> doing sudo as 'foo'
> >foo ALL=(bar) NOPASSWD: ALL
>
> In your command you are implying a double sudo while ansible only does
> one.
>
> ansible can connect as a remote user 'foo' and then use sudo to run a
> command as another user 'bar', to have that command also be sudo, you
> need to add that yourself, or allow 'foo' to sudo as root.
>
> for example, i believe this is what you want (with your inventory
> configured for remote user being 'foo' and sudo user being 'bar':
>
> ansible client-01 -m raw -a "sudo touch /etc/testfile"
>
> except it won't work, as ansible won't prompt you for the sudo
> password for 'bar' only for 'foo', which does not need one, but the
> reverse would work.
>
> foo ALL=(bar) ALL
> bar ALL=(ALL) NOPASSWD: ALL
>
> with this ansible can use the password prompt for 'foo' and then you
> can sudo to root from bar w/o a password.
>
> --
> Brian Coca
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/ff0bbdbf-0471-4f3b-ab62-76ddb575ec8b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
