Hi Chris, are you specifying the remote_user value, or does the current user running Ansible on the controller match the remote user on the target system?
On Mon, Feb 9, 2015 at 9:24 AM, Chris Adams <[email protected]> wrote: > Hi there, > > Can someone give me some pointers as to why an ansible role using > sudo_user below would complain about *missing sudo passwords, when I'm > able to: * > > > 1. *ssh in as one non-root user (in this case, chris)* > 2. *use `sudo su deploy_user` to switch to that deploy user* > 3. *call `sudo ls` to run a command with sudo, without needing to > provide a password* > > > I'm using Ansible 1.8.2, and deploying to an Ubuntu machine on Google > Cloud Platform, and below is the relevant task I'm trying to run as well as > my sudoers file. > > If I want to log in with one non-root user, then run other commands as a > deploy user, how else should I be doing this? > > The best workaround I can think of at present is to execute the tasks as a > login user, but make sure I set the owner and group as extra parameters for > `file` or `template` tasks. > > Many thanks, > > Chris > > > tasks.yml > ``` > - name: put envdirs directory in place > file: > > path=~/path/to/envdir/ > state=directory > mode=775 > sudo: yes > sudo_user: "{{ deploy_user }}" > tags: > - debug > > - name: drop envdir vars in directory > template: > > src=envdir_var.j2 > dest=~/path/to/envdir//{{ item.env_var }} > with_items: > - { env_var: AWS_ACCESS_KEY_ID, env_val: "{{ aws_access_key }}" } > - { env_var: AWS_SECRET_ACCESS_KEY, env_val: "{{ aws_secret_key }}" } > - { env_var: AWS_DEFAULT_REGION, env_val: "{{ aws_region }}" } > - { env_var: PGUSER, env_val: "{{ app }}" } > - { env_var: PGPASSWORD, env_val: "{{ app }}" } > sudo: yes > sudo_user: "{{ deploy_user }}" > ``` > > sudoers > > ``` > > > # This file MUST be edited with the 'visudo' command as root. > # > # Please consider adding local content in /etc/sudoers.d/ instead of > # directly modifying this file. > # > # See the man page for details on how to write a sudoers file. > # > Defaults env_reset > Defaults mail_badpass > Defaults > secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" > > # Host alias specification > > # User alias specification > > # Cmnd alias specification > > # User privilege specification > root ALL=(ALL:ALL) ALL > > # Members of the admin group may gain root privileges > %admin ALL=(ALL) ALL > > # Allow members of group sudo to execute any command > %sudo ALL=(ALL:ALL) ALL > > # See sudoers(5) for more information on "#include" directives: > > #includedir /etc/sudoers.d > chris ALL=NOPASSWD: ALL > > # this gives more access than I'd like to deploy_user, but ansible is > # still bitching about the deploy_user not having a sudo password > deploy_user ALL=NOPASSWD: ALL > ``` > > > > Full gist - https://gist.github.com/mrchrisadams/56ca925a3df414cd36f0 > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/7efa5e05-0953-4745-9864-6fe77b9d2856%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/7efa5e05-0953-4745-9864-6fe77b9d2856%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAMFyvFho_9db4dDnNU9S5vt_4e9NVOBFDf-_nCEmRmY59vzD%3DQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
