Hi there,
Can someone give me some pointers as to why an ansible role using sudo_user
below would complain about *missing sudo passwords, when I'm able to: *
1. *ssh in as one non-root user (in this case, chris)*
2. *use `sudo su deploy_user` to switch to that deploy user*
3. *call `sudo ls` to run a command with sudo, without needing to
provide a password*
I'm using Ansible 1.8.2, and deploying to an Ubuntu machine on Google Cloud
Platform, and below is the relevant task I'm trying to run as well as my
sudoers file.
If I want to log in with one non-root user, then run other commands as a
deploy user, how else should I be doing this?
The best workaround I can think of at present is to execute the tasks as a
login user, but make sure I set the owner and group as extra parameters for
`file` or `template` tasks.
Many thanks,
Chris
tasks.yml
```
- name: put envdirs directory in place
file: >
path=~/path/to/envdir/
state=directory
mode=775
sudo: yes
sudo_user: "{{ deploy_user }}"
tags:
- debug
- name: drop envdir vars in directory
template: >
src=envdir_var.j2
dest=~/path/to/envdir//{{ item.env_var }}
with_items:
- { env_var: AWS_ACCESS_KEY_ID, env_val: "{{ aws_access_key }}" }
- { env_var: AWS_SECRET_ACCESS_KEY, env_val: "{{ aws_secret_key }}" }
- { env_var: AWS_DEFAULT_REGION, env_val: "{{ aws_region }}" }
- { env_var: PGUSER, env_val: "{{ app }}" }
- { env_var: PGPASSWORD, env_val: "{{ app }}" }
sudo: yes
sudo_user: "{{ deploy_user }}"
```
sudoers
```
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults
secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
chris ALL=NOPASSWD: ALL
# this gives more access than I'd like to deploy_user, but ansible is
# still bitching about the deploy_user not having a sudo password
deploy_user ALL=NOPASSWD: ALL
```
Full gist - https://gist.github.com/mrchrisadams/56ca925a3df414cd36f0
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/7efa5e05-0953-4745-9864-6fe77b9d2856%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
