I do not think that this is right. The sudo does not work for the first example.
Is there any documentation please for basic Ansible user configuration for initiating Ansible instructions between a local and remote server using several different user examples. This is not something that I have been able to find. It is easy if using the same user accounts and particularly just root but confusing if using several accounts. On Friday, 16 January 2015 17:59:52 UTC, Stuart Budd wrote: > > Thanks for your reply, taking the first example, > > first example > ========= > logs in as *foo *and runs command as bar (uses foo's privlege to sudo to > bar) > > *ansible_ssh_user=fooansible_sudo_user=bar* > > > ansible server server1 > --------------------- ----------- > foo --> ssh --> foo > bar > > The Ansible session is initiated on the Ansible server as user *root*. * > ( or should I use foo ? )* > Ansible uses user *foo *for the SSH session between the Ansible server > and the remote server, server1 > > On server1, user *foo *is given access to run commands as user bar via > the */etc/suders* file > > /etc/sudoers > ----------------------------------------------- > foo ALL=(bar) NOPASSWD: ALL > > > > Second example > ============ > logs in as *foo *and runs commands as foo user (this is actually a sudo > noop) > > *ansible_ssh_user=fooansible_sudo_user=foo* > > > ansible server server1 > --------------------- ----------- > foo --> ssh --> foo > > The Ansible session is initiated on the Ansible server as user root. > Ansible uses user *foo *for the SSH session between the Ansible server > and the remote server, server1 > > On server1, user *foo *runs commands on server1 > > No changed to the */etc/suders* file are required. > > > > Third example > ========== > logs in as *foo *and runs commands as root user (for this you need to > modify the sudoers) > > *ansible_ssh_user=fooansible_sudo_user=root* > > > ansible server server1 > --------------------- ----------- > foo --> ssh --> foo > root > > The Ansible session is initiated on the Ansible server as user *root*. > Ansible uses user foo for the SSH session between the Ansible server and > the remote server, server1 > > On server1, user foo runs commands on server1 as the root user. > > /etc/sudoers > ----------------------------------------------- > foo ALL=(ALL) NOPASSWD: ALL > > > Do I have this right now? > Is this documented anywhere. I have looked for something like this but can > not find it. > > Thank you. > > > On Friday, 16 January 2015 16:26:28 UTC, Brian Coca wrote: >> >> No, sudo_user is not the user allowed to sudo, but the user you are >> allowed to sudo as. >> >> logs in as foo and runs command as bar (uses foo's privlege to sudo to >> bar) >> ansible_ssh_user=foo >> ansible_sudo_user=bar >> >> logs in as foo and runs commands as foo user (this is actually a sudo >> noop) >> ansible_ssh_user=foo >> ansible_sudo_user=foo >> >> logs in as foo and runs commands as root user (for this you need to >> modify the sudoers) >> ansible_ssh_user=foo >> ansible_sudo_user=root >> >> ---- >> Brian Coca >> > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/d7e8ee8b-046b-4a17-aa3f-531d864e7c93%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
