use -vvvv to show the exact things being run, the message you are seeing implies you need to provide a sudo password
On Wed, Jun 3, 2015 at 10:27 PM, Aneesh Joseph <[email protected]> wrote: > Thanks Brian :) > I do have access to execute certain sudo commands without chaining privilege > escalation methods. > > sudo -l > gives me a list of what I can execute. > > But Ansible seems to be executing something other than this. For example I > get the below error while running a playbook which has 'sudo: yes' set > > and it fails with the below error > > PLAY [ui] > ********************************************************************* > > GATHERING FACTS > *************************************************************** > fatal: [myhost] => Missing become password > > > Is there a way to find out what sudo command is being executed in the > background? > > Thanks, > Aneesh > > > On Thursday, May 28, 2015 at 5:57:55 PM UTC+5:30, Brian Coca wrote: >> >> ansible cannot chain privilege escalation methods, it can either use >> pbrun or su, but not both. pbrun should be able to allow you to >> execute all commands as a user w/o needing su. >> >> On Wed, May 27, 2015 at 1:19 PM, Aneesh Joseph <[email protected]> >> wrote: >> > I'm trying to find the equivalent of >> > >> > >> > ansible dev -a "/opt/pb/bin/pbrun su tomcat -c echo hi" -u aneesh >> > >> > >> > >> > >> > (this works) >> > >> > I tried with >> > >> > ansible dev -a "echo hi" -u aneesh >> > --become-user=tomcat--become-method=pbrun -b >> > >> > >> > >> > but it gave me the response >> > >> > "failed": true, >> > "msg": "/bin/sh: pbrun: command not found\r\nOpenSSH_5.3p1, OpenSSL >> > 1.0.1e-fips 11 Feb 2013\ndebug1: Reading configuration data >> > /etc/ssh/ssh_config\r\ndebug1: Applying options for *\r\ndebug1: >> > auto-mux: >> > Trying existing master\r\ndebug1: mux_client_request_session: master >> > session >> > id:................ >> > >> > >> > so I moved pbrun on the dev host to /bin/pbrun >> > >> > and now it shows the error >> > >> > "failed": true, >> > "msg": "usage: pbrun [-D level] -h | -K | -k | -V\r\nusage: pbrun -v >> > [-AknS] [-D level] [-g groupname|#gid] [-p prompt] [-u user\r\n >> > name|#uid]\r\nusage: pbrun -l[l] [-AknS] [-D level] [-g groupname|#gid] >> > [-p >> > prompt] [-U user\r\n name] [-u user name|#uid] [-g >> > groupname|#gid] [command]\r\n....... >> > >> > >> > Any idea how I can get this working? >> > >> > >> > basically this is what I'm trying to do : >> > >> > ansible@ansible>ssh aneesh@dev >> > aneesh@dev. pbrun su tomcat >> > tomcat@dev> echo hi >> > >> > Thanks, >> > Aneesh >> > >> > -- >> > You received this message because you are subscribed to the Google >> > Groups >> > "Ansible Project" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to [email protected]. >> > To post to this group, send email to [email protected]. >> > To view this discussion on the web visit >> > >> > https://groups.google.com/d/msgid/ansible-project/fd5bd3d8-a734-41e1-8345-bec23c94a0e7%40googlegroups.com. >> > For more options, visit https://groups.google.com/d/optout. >> >> >> >> -- >> Brian Coca > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/651e7878-a39c-4ab9-8331-32357bfce819%40googlegroups.com. > > For more options, visit https://groups.google.com/d/optout. -- Brian Coca -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAJ5XC8kwc5CzBdJ6WRen1bSnqEKKdsYgOfdb4ncPV3poHo%3DZmA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
