I still do not understand this.
Example 1:
Ansible Local Server Remote server
*local-01* remote-01
------------------- --------------------
Local user *foo *--> ssh --> Remote user *foo*
I do not understand how Ansible knows what user account to use on the local
and remote servers for the purposes of the SSH connection if no user
account is specified within the command line ( *ansible_ssh_user=foo* ) or
*/etc/ansible/hosts* file.
I will ask a new separate question.
Example 2:
Ansible Local Server Remote server
*local-01* * remote-01*
------------------- --------------------
Local user *foo *--> ssh --> Remote user *foo*
bar
(foo user uses sudo to run command as bar)
I still can not get this to work. The SSH connection is working fine for
user foo and if the foo user uses sudo to run a command as user bar on the
remote server it works fine but I still can not get Ansible to glue it
together.
I will ask a separate question about this.
This was my main question really. I have one non-root user that allows SSH,
but can not use sudo for root access.
So I can not use the same example as above.
On Tuesday, 20 January 2015 15:42:17 UTC, Stuart Budd wrote:
>
> Ans thanks tkuratomi
>
>
> On Thursday, 15 January 2015 16:53:04 UTC, Stuart Budd wrote:
>>
>> I am having trouble with configuring Ansible and sudo to allow me to SSH
>> into a server and run a command as another user.
>> I have gone through the questions / answers below and the Ansible
>> documentation here: http://docs.ansible.com/intro_inventory.html
>>
>> But I still can not get it to work. Please can someone put me on the
>> right track.
>>
>> References:
>>
>> http://stackoverflow.com/questions/24743085/ansible-ssh-as-one-user-and-sudo-as-another
>>
>> http://serverfault.com/questions/559154/ansible-using-different-sudo-user-for-different-hosts
>>
>>
>> *I am trying to do this:*
>>
>> server-01 client-01
>> -------------- ---------
>> foo ----> ssh ---> foo
>> bar - sudo as root user
>>
>> Using Ansible,
>> connect from: server-01
>> to: client-01
>>
>> using the user foo
>> and then use sudo to run a command as user bar
>>
>> User bar is setup to be able to run any command.
>>
>>
>> However, I am not sure where the problem is, with sudo or Ansible.
>> I think the problem is with sudo but I am not sure where.
>>
>>
>>
>> *This ansible command works:*
>>
>> [foo@server-01 ~]$ *ansible client-01 -m raw -a "touch
>> /var/tmp/testfile" --ask-sudo-pass*
>>
>> sudo password: ********* ( password for foo user )
>> client-01 | success | rc=0 >>
>>
>>
>>
>> *This one does not:*
>> *ansible client-01 -m raw -a "touch /etc/testfile" --ask-sudo-pass*
>>
>> sudo password: ********* ( password for foo user )
>> client-01 | FAILED | rc=1 >>
>> touch: cannot touch `/etc/testfile': Permission denied
>>
>>
>> I have SSH authentication without a password setup between server-01 and
>> client-01 for user foo and it works OK.
>>
>> [foo@server-01 ~]$ id
>> uid=96(foo) gid=96(foo) groups=96(foo)
>> [foo@server-01 ~]$ su - foo
>> Password:
>> [foo@server-01 ~]$
>> [foo@server-01 ~]$
>> [foo@server-01 ~]$ ssh client-01
>> Last login: Thu Jan 15 16:32:05 2015 from server-01.voodooit.co.uk
>> [foo@client-01 ~]$
>>
>>
>>
>> *This is my setup:*
>>
>>
>> server-01: /etc/ansible/hosts
>> -------------------------------------
>> # Ansible Inventory file
>>
>> [clients]
>> client-01 ansible_sudo=true ansible_ssh_user=foo ansible_sudo_user=bar
>>
>>
>>
>> client-01: /etc/sudoers
>> -------------------------------------
>> [root@client-01 ~]# cat /etc/sudoers
>>
>> ## root can run any command anywhere
>> root ALL=(ALL) ALL
>> bar ALL=(ALL) ALL
>> foo ALL=(bar) NOPASSWD: ALL
>>
>>
>>
>>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/3aa22549-94f5-4df1-a15b-c5bd92a1b3d6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
