Thanks for the very quick response Brian. I see that it's trying to execute
sudo -k && sudo -H -S -p "[sudo via ansible, key=abcdefghijk] password: " *-u root /bin/sh* -c '"'"'echo BECOME-SUCCESS-abcdefghijk; LANG=C LC_CTYPE=C /usr/bin/python /home/aneesh/.ansible/tmp/ansible-tmp-1433392081.2-227386081264121/setup; rm -rf /home/aneesh/.ansible/tmp/ansible-tmp-1433392081.2-227386081264121/ >/dev/null 2>&1'"'" Is there a way to make Ansible use */bin/bash* instead of */bin/sh* *sudo -l * tells me that I have *(root) NOPASSWD: /bin/bash* So I'm guessing that it should work if I'm able to change the shell using some config? On Thursday, June 4, 2015 at 8:22:49 AM UTC+5:30, Brian Coca wrote: > > use -vvvv to show the exact things being run, the message you are > seeing implies you need to provide a sudo password > > On Wed, Jun 3, 2015 at 10:27 PM, Aneesh Joseph <[email protected] > <javascript:>> wrote: > > Thanks Brian :) > > I do have access to execute certain sudo commands without chaining > privilege > > escalation methods. > > > > sudo -l > > gives me a list of what I can execute. > > > > But Ansible seems to be executing something other than this. For example > I > > get the below error while running a playbook which has 'sudo: yes' set > > > > and it fails with the below error > > > > PLAY [ui] > > ********************************************************************* > > > > GATHERING FACTS > > *************************************************************** > > fatal: [myhost] => Missing become password > > > > > > Is there a way to find out what sudo command is being executed in the > > background? > > > > Thanks, > > Aneesh > > > > > > On Thursday, May 28, 2015 at 5:57:55 PM UTC+5:30, Brian Coca wrote: > >> > >> ansible cannot chain privilege escalation methods, it can either use > >> pbrun or su, but not both. pbrun should be able to allow you to > >> execute all commands as a user w/o needing su. > >> > >> On Wed, May 27, 2015 at 1:19 PM, Aneesh Joseph <[email protected]> > >> wrote: > >> > I'm trying to find the equivalent of > >> > > >> > > >> > ansible dev -a "/opt/pb/bin/pbrun su tomcat -c echo hi" -u aneesh > >> > > >> > > >> > > >> > > >> > (this works) > >> > > >> > I tried with > >> > > >> > ansible dev -a "echo hi" -u aneesh > >> > --become-user=tomcat--become-method=pbrun -b > >> > > >> > > >> > > >> > but it gave me the response > >> > > >> > "failed": true, > >> > "msg": "/bin/sh: pbrun: command not found\r\nOpenSSH_5.3p1, > OpenSSL > >> > 1.0.1e-fips 11 Feb 2013\ndebug1: Reading configuration data > >> > /etc/ssh/ssh_config\r\ndebug1: Applying options for *\r\ndebug1: > >> > auto-mux: > >> > Trying existing master\r\ndebug1: mux_client_request_session: master > >> > session > >> > id:................ > >> > > >> > > >> > so I moved pbrun on the dev host to /bin/pbrun > >> > > >> > and now it shows the error > >> > > >> > "failed": true, > >> > "msg": "usage: pbrun [-D level] -h | -K | -k | -V\r\nusage: pbrun > -v > >> > [-AknS] [-D level] [-g groupname|#gid] [-p prompt] [-u user\r\n > >> > name|#uid]\r\nusage: pbrun -l[l] [-AknS] [-D level] [-g > groupname|#gid] > >> > [-p > >> > prompt] [-U user\r\n name] [-u user name|#uid] [-g > >> > groupname|#gid] [command]\r\n....... > >> > > >> > > >> > Any idea how I can get this working? > >> > > >> > > >> > basically this is what I'm trying to do : > >> > > >> > ansible@ansible>ssh aneesh@dev > >> > aneesh@dev. pbrun su tomcat > >> > tomcat@dev> echo hi > >> > > >> > Thanks, > >> > Aneesh > >> > > >> > -- > >> > You received this message because you are subscribed to the Google > >> > Groups > >> > "Ansible Project" group. > >> > To unsubscribe from this group and stop receiving emails from it, > send > >> > an > >> > email to [email protected]. > >> > To post to this group, send email to [email protected]. > >> > To view this discussion on the web visit > >> > > >> > > https://groups.google.com/d/msgid/ansible-project/fd5bd3d8-a734-41e1-8345-bec23c94a0e7%40googlegroups.com. > > > >> > For more options, visit https://groups.google.com/d/optout. > >> > >> > >> > >> -- > >> Brian Coca > > > > -- > > You received this message because you are subscribed to the Google > Groups > > "Ansible Project" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > To post to this group, send email to [email protected] > <javascript:>. > > To view this discussion on the web visit > > > https://groups.google.com/d/msgid/ansible-project/651e7878-a39c-4ab9-8331-32357bfce819%40googlegroups.com. > > > > > > For more options, visit https://groups.google.com/d/optout. > > > > -- > Brian Coca > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/12d93399-f489-4587-8223-60d20381aabb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
