Ans thanks tkuratomi
On Thursday, 15 January 2015 16:53:04 UTC, Stuart Budd wrote: > > I am having trouble with configuring Ansible and sudo to allow me to SSH > into a server and run a command as another user. > I have gone through the questions / answers below and the Ansible > documentation here: http://docs.ansible.com/intro_inventory.html > > But I still can not get it to work. Please can someone put me on the right > track. > > References: > > http://stackoverflow.com/questions/24743085/ansible-ssh-as-one-user-and-sudo-as-another > > http://serverfault.com/questions/559154/ansible-using-different-sudo-user-for-different-hosts > > > *I am trying to do this:* > > server-01 client-01 > -------------- --------- > foo ----> ssh ---> foo > bar - sudo as root user > > Using Ansible, > connect from: server-01 > to: client-01 > > using the user foo > and then use sudo to run a command as user bar > > User bar is setup to be able to run any command. > > > However, I am not sure where the problem is, with sudo or Ansible. > I think the problem is with sudo but I am not sure where. > > > > *This ansible command works:* > > [foo@server-01 ~]$ *ansible client-01 -m raw -a "touch /var/tmp/testfile" > --ask-sudo-pass* > > sudo password: ********* ( password for foo user ) > client-01 | success | rc=0 >> > > > > *This one does not:* > *ansible client-01 -m raw -a "touch /etc/testfile" --ask-sudo-pass* > > sudo password: ********* ( password for foo user ) > client-01 | FAILED | rc=1 >> > touch: cannot touch `/etc/testfile': Permission denied > > > I have SSH authentication without a password setup between server-01 and > client-01 for user foo and it works OK. > > [foo@server-01 ~]$ id > uid=96(foo) gid=96(foo) groups=96(foo) > [foo@server-01 ~]$ su - foo > Password: > [foo@server-01 ~]$ > [foo@server-01 ~]$ > [foo@server-01 ~]$ ssh client-01 > Last login: Thu Jan 15 16:32:05 2015 from server-01.voodooit.co.uk > [foo@client-01 ~]$ > > > > *This is my setup:* > > > server-01: /etc/ansible/hosts > ------------------------------------- > # Ansible Inventory file > > [clients] > client-01 ansible_sudo=true ansible_ssh_user=foo ansible_sudo_user=bar > > > > client-01: /etc/sudoers > ------------------------------------- > [root@client-01 ~]# cat /etc/sudoers > > ## root can run any command anywhere > root ALL=(ALL) ALL > bar ALL=(ALL) ALL > foo ALL=(bar) NOPASSWD: ALL > > > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/71e61bc4-ac66-4fa5-8a2e-3a9bac76d4d9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
