I'm having trouble executing my script from a user with sudo access instead
of root.
I'm getting "permission denied" errors when playing the playbook, but if I
execute the commands manually on the server it works just fine.
I did use "become" to execute the tasks with sudo and the right user.
The (relevant part of the) playbook :
---
- hosts: all
remote_user: "{{ user }}"
become: yes
become_user: "{{ user }}"
become_method: sudo
tasks:
- name: Install useful system tools
apt: name={{ item }} state=present
with_items:
- vim
- nano
- htop
- git
- subversion
- tig
- ncdu
- nodejs-legacy
- npm
- mesa-utils
Ansible output :
$ ansible-playbook -K -i test site.yml -vvvv
SUDO password:
PLAY [all]
********************************************************************
GATHERING FACTS
***************************************************************
<[the server address]> ESTABLISH CONNECTION FOR USER: [the user name]
<[the server address]> REMOTE_MODULE setup
<[the server address]> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o
ControlPersist=60s -o
ControlPath="/home/kevin/.ansible/cp/ansible-ssh-%h-%p-%r" -o
KbdInteractiveAuthentication=no -o
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o User=[the user name] -o ConnectTimeout=10
[the server address] /bin/sh -c 'mkdir
-p /tmp/ansible-tmp-1444921321.94-213782579685333 && chmod a+rx
/tmp/ansible-tmp-1444921321.94-213782579685333 && echo
/tmp/ansible-tmp-1444921321.94-213782579685333'
<[the server address]> PUT /tmp/tmpk_hOEu TO
/tmp/ansible-tmp-1444921321.94-213782579685333/setup
<[the server address]> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o
ControlPersist=60s -o
ControlPath="/home/kevin/.ansible/cp/ansible-ssh-%h-%p-%r" -o
KbdInteractiveAuthentication=no -o
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o User=[the user name] -o ConnectTimeout=10
[the server address] /bin/sh -c 'chmod a+r
/tmp/ansible-tmp-1444921321.94-213782579685333/setup'
<[the server address]> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o
ControlPersist=60s -o
ControlPath="/home/kevin/.ansible/cp/ansible-ssh-%h-%p-%r" -o
KbdInteractiveAuthentication=no -o
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o User=[the user name] -o ConnectTimeout=10
[the server address] /bin/sh -c 'sudo
-k && sudo -H -S -p "[sudo via ansible,
key=upzdhdqqnkqtecoipruvaisazfdvjubv] password: " -u [the user name]
/bin/sh -c '"'"'echo BECOME-SUCCESS-upzdhdqqnkqtecoipruvaisazfdvjubv;
LANG=C LC_CTYPE=C /usr/bin/python
/tmp/ansible-tmp-1444921321.94-213782579685333/setup'"'"''
<[the server address]> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o
ControlPersist=60s -o
ControlPath="/home/kevin/.ansible/cp/ansible-ssh-%h-%p-%r" -o
KbdInteractiveAuthentication=no -o
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o User=[the user name] -o ConnectTimeout=10
[the server address] /bin/sh -c 'rm -rf
/tmp/ansible-tmp-1444921321.94-213782579685333/ >/dev/null 2>&1'
ok: [[the server address]]
TASK: [Install useful system tools]
*******************************************
<[the server address]> ESTABLISH CONNECTION FOR USER: [the user name]
<[the server address]> REMOTE_MODULE apt
name=vim,nano,htop,git,subversion,tig,ncdu,nodejs-legacy,npm state=present
<[the server address]> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o
ControlPersist=60s -o
ControlPath="/home/kevin/.ansible/cp/ansible-ssh-%h-%p-%r" -o
KbdInteractiveAuthentication=no -o
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o User=[the user name] -o ConnectTimeout=10
[the server address] /bin/sh -c 'mkdir
-p /tmp/ansible-tmp-1444921350.8-236765363664782 && chmod a+rx
/tmp/ansible-tmp-1444921350.8-236765363664782 && echo
/tmp/ansible-tmp-1444921350.8-236765363664782'
<[the server address]> PUT /tmp/tmpTE3idg TO
/tmp/ansible-tmp-1444921350.8-236765363664782/apt
<[the server address]> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o
ControlPersist=60s -o
ControlPath="/home/kevin/.ansible/cp/ansible-ssh-%h-%p-%r" -o
KbdInteractiveAuthentication=no -o
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o User=[the user name] -o ConnectTimeout=10
[the server address] /bin/sh -c 'chmod a+r
/tmp/ansible-tmp-1444921350.8-236765363664782/apt'
<[the server address]> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o
ControlPersist=60s -o
ControlPath="/home/kevin/.ansible/cp/ansible-ssh-%h-%p-%r" -o
KbdInteractiveAuthentication=no -o
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o User=[the user name] -o ConnectTimeout=10
[the server address] /bin/sh -c 'sudo
-k && sudo -H -S -p "[sudo via ansible,
key=puwtzrscvqsbjbiqrhkjwxdxmszgeduz] password: " -u [the user name]
/bin/sh -c '"'"'echo BECOME-SUCCESS-puwtzrscvqsbjbiqrhkjwxdxmszgeduz;
LANG=C LC_CTYPE=C /usr/bin/python
/tmp/ansible-tmp-1444921350.8-236765363664782/apt'"'"''
<[the server address]> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o
ControlPersist=60s -o
ControlPath="/home/kevin/.ansible/cp/ansible-ssh-%h-%p-%r" -o
KbdInteractiveAuthentication=no -o
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o User=[the user name] -o ConnectTimeout=10
[the server address] /bin/sh -c 'rm -rf
/tmp/ansible-tmp-1444921350.8-236765363664782/ >/dev/null 2>&1'
failed: [[the server address]] =>
(item=vim,nano,htop,git,subversion,tig,ncdu,nodejs-legacy,npm,mesa-utils)
=> {"failed": true, "item":
"vim,nano,htop,git,subversion,tig,ncdu,nodejs-legacy,npm,mesa-utils"}
stderr: E: Could not open lock file /var/lib/dpkg/lock - open (13:
Permission denied)
E: Unable to lock the administration directory (/var/lib/dpkg/), are you
root?
msg: '/usr/bin/apt-get -y -o "Dpkg::Options::=--force-confdef" -o
"Dpkg::Options::=--force-confold" install 'htop' 'subversion' 'tig'
'ncdu' 'nodejs-legacy' 'npm' 'mesa-utils'' failed: E: Could not open lock
file /var/lib/dpkg/lock - open (13: Permission denied)
E: Unable to lock the administration directory (/var/lib/dpkg/), are you
root?
FATAL: all hosts have already failed -- aborting
(Note : i'm still providing sudo password for other tasks that also don't
work without root)
Also relevant :
$ ansible --version
ansible 1.9.4
configured module search path = None
$ ssh [the user name]@[the server address]
Welcome to Ubuntu 14.04.3 LTS (GNU/Linux 3.19.0-30-generic x86_64)
...
[the user name]@[the server name]:~$ sudo -l
Matching Defaults entries for [the user name] on [the server name]:
env_reset, mail_badpass,
secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin,
env_keep+=SSH_AUTH_SOCK
User [the user name] may run the following commands on vm02:
(ALL : ALL) ALL
(ALL : ALL) NOPASSWD: ALL
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/ba1daf32-5080-4fc5-9624-3d6213623c02%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
