I tried and it worked, obviously, because the task is actually run with
root (instead of my user with sudo access) which is not what I wanted.
That's why I'm using "become_user" (equivalent of the now deprecated
"sudo_user"), in order to use sudo with my user and not root.
Below the Ansible output :
$ ansible-playbook -K -i test site.yml -vvvv
SUDO password:
PLAY [all]
********************************************************************
GATHERING FACTS
***************************************************************
<[the server name]> ESTABLISH CONNECTION FOR USER: [the user name]
<[the server name]> REMOTE_MODULE setup
<[the server name]> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o
ControlPersist=60s -o
ControlPath="/home/kevin/.ansible/cp/ansible-ssh-%h-%p-%r" -o
KbdInteractiveAuthentication=no -o
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o User=[the user name] -o ConnectTimeout=10
[the server name] /bin/sh -c 'mkdir -p
$HOME/.ansible/tmp/ansible-tmp-1445011786.98-96385272343300 && chmod a+rx
$HOME/.ansible/tmp/ansible-tmp-1445011786.98-96385272343300 && echo
$HOME/.ansible/tmp/ansible-tmp-1445011786.98-96385272343300'
<[the server name]> PUT /tmp/tmpzsyZR5 TO /home/[the user
name]/.ansible/tmp/ansible-tmp-1445011786.98-96385272343300/setup
<[the server name]> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o
ControlPersist=60s -o
ControlPath="/home/kevin/.ansible/cp/ansible-ssh-%h-%p-%r" -o
KbdInteractiveAuthentication=no -o
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o User=[the user name] -o ConnectTimeout=10
[the server name] /bin/sh -c 'sudo -k && sudo -H -S -p "[sudo via ansible,
key=xlkvnygczvuuuxouqlysjwveacqafobo] password: " -u root /bin/sh -c
'"'"'echo BECOME-SUCCESS-xlkvnygczvuuuxouqlysjwveacqafobo; LANG=C
LC_CTYPE=C /usr/bin/python /home/[the user
name]/.ansible/tmp/ansible-tmp-1445011786.98-96385272343300/setup; rm -rf
/home/[the user
name]/.ansible/tmp/ansible-tmp-1445011786.98-96385272343300/ >/dev/null
2>&1'"'"''
ok: [[the server name]]
TASK: [Install useful system tools]
*******************************************
<[the server name]> ESTABLISH CONNECTION FOR USER: [the user name]
<[the server name]> REMOTE_MODULE apt
name=vim,nano,htop,git,subversion,tig,ncdu,nodejs-legacy,npm,mesa-utils
state=present
<[the server name]> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o
ControlPersist=60s -o
ControlPath="/home/kevin/.ansible/cp/ansible-ssh-%h-%p-%r" -o
KbdInteractiveAuthentication=no -o
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o User=[the user name] -o ConnectTimeout=10
[the server name] /bin/sh -c 'mkdir -p
$HOME/.ansible/tmp/ansible-tmp-1445011796.4-117959804841916 && chmod a+rx
$HOME/.ansible/tmp/ansible-tmp-1445011796.4-117959804841916 && echo
$HOME/.ansible/tmp/ansible-tmp-1445011796.4-117959804841916'
<[the server name]> PUT /tmp/tmpDRxOC1 TO /home/[the user
name]/.ansible/tmp/ansible-tmp-1445011796.4-117959804841916/apt
<[the server name]> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o
ControlPersist=60s -o
ControlPath="/home/kevin/.ansible/cp/ansible-ssh-%h-%p-%r" -o
KbdInteractiveAuthentication=no -o
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o User=[the user name] -o ConnectTimeout=10
[the server name] /bin/sh -c 'sudo -k && sudo -H -S -p "[sudo via ansible,
key=zkgarkbubgpvcowmyibknwzfzyeoksnf] password: " -u root /bin/sh -c
'"'"'echo BECOME-SUCCESS-zkgarkbubgpvcowmyibknwzfzyeoksnf; LANG=C
LC_CTYPE=C /usr/bin/python /home/[the user
name]/.ansible/tmp/ansible-tmp-1445011796.4-117959804841916/apt; rm -rf
/home/[the user
name]/.ansible/tmp/ansible-tmp-1445011796.4-117959804841916/ >/dev/null
2>&1'"'"''
changed: [[the server name]] =>
Le vendredi 16 octobre 2015 17:57:21 UTC+2, Santosh Jambhlikar a écrit :
>
> Try removing all parameters and add "sudo: yes" only ( like below)
>
> ---
> - hosts: all
> sudo: yes
>
>
> tasks:
>
>
> - name: Install useful system tools
> apt: name={{ item }} state=present
> with_items:
> - vim
> - nano
>
>
>
> Sent with MailTrack
> <https://mailtrack.io/install?source=signature&lang=en&[email protected]&idSignature=22>
>
> On Fri, Oct 16, 2015 at 8:25 PM, Kevin Jaquier <[email protected]
> <javascript:>> wrote:
>
>> That's what I'm doing here, as the "sudo" option have been deprecated in
>> favor of "become".
>> And my user also have all the privileges (see the output of "sudo -l").
>> At least if I understand correctly. Anyway it do have the required
>> privilege I can "sudo apt-get install" something with this user and it
>> works.
>>
>> Le vendredi 16 octobre 2015 10:08:32 UTC+2, Santosh Jambhlikar a écrit :
>>>
>>> I use following which works for me
>>>
>>> sudo: yes
>>>
>>> but user has sudo to ALL prilvilges
>>>
>>> On Thursday, 15 October 2015 21:20:21 UTC+5:30, Kevin Jaquier wrote:
>>>>
>>>> I'm having trouble executing my script from a user with sudo access
>>>> instead of root.
>>>>
>>>> I'm getting "permission denied" errors when playing the playbook, but
>>>> if I execute the commands manually on the server it works just fine.
>>>> I did use "become" to execute the tasks with sudo and the right user.
>>>>
>>>> The (relevant part of the) playbook :
>>>>
>>>> ---
>>>> - hosts: all
>>>> remote_user: "{{ user }}"
>>>> become: yes
>>>> become_user: "{{ user }}"
>>>> become_method: sudo
>>>>
>>>>
>>>> tasks:
>>>>
>>>>
>>>> - name: Install useful system tools
>>>> apt: name={{ item }} state=present
>>>> with_items:
>>>> - vim
>>>> - nano
>>>> - htop
>>>> - git
>>>> - subversion
>>>> - tig
>>>> - ncdu
>>>> - nodejs-legacy
>>>> - npm
>>>> - mesa-utils
>>>>
>>>>
>>>>
>>>> Ansible output :
>>>>
>>>> $ ansible-playbook -K -i test site.yml -vvvv
>>>> SUDO password:
>>>>
>>>>
>>>> PLAY [all]
>>>> ********************************************************************
>>>>
>>>>
>>>> GATHERING FACTS
>>>> ***************************************************************
>>>> <[the server address]> ESTABLISH CONNECTION FOR USER: [the user name]
>>>> <[the server address]> REMOTE_MODULE setup
>>>> <[the server address]> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o
>>>> ControlPersist=60s -o ControlPath=
>>>> "/home/kevin/.ansible/cp/ansible-ssh-%h-%p-%r" -o
>>>> KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with
>>>> -mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o
>>>> User=[the user name] -o ConnectTimeout=10 [the server address] /bin/sh
>>>> -c 'mkdir
>>>> -p /tmp/ansible-tmp-1444921321.94-213782579685333 && chmod a+rx
>>>> /tmp/ansible-tmp-1444921321.94-213782579685333 && echo
>>>> /tmp/ansible-tmp-1444921321.94-213782579685333'
>>>> <[the server address]> PUT /tmp/tmpk_hOEu TO /tmp/ansible-tmp-
>>>> 1444921321.94-213782579685333/setup
>>>> <[the server address]> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o
>>>> ControlPersist=60s -o ControlPath=
>>>> "/home/kevin/.ansible/cp/ansible-ssh-%h-%p-%r" -o
>>>> KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with
>>>> -mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o
>>>> User=[the user name] -o ConnectTimeout=10 [the server address] /bin/sh
>>>> -c 'chmod a+r /tmp/ansible-tmp-1444921321.94-213782579685333/setup'
>>>> <[the server address]> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o
>>>> ControlPersist=60s -o ControlPath=
>>>> "/home/kevin/.ansible/cp/ansible-ssh-%h-%p-%r" -o
>>>> KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with
>>>> -mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o
>>>> User=[the user name] -o ConnectTimeout=10 [the server address] /bin/sh
>>>> -c 'sudo
>>>> -k && sudo -H -S -p "[sudo via ansible,
>>>> key=upzdhdqqnkqtecoipruvaisazfdvjubv] password: " -u [the user name]
>>>> /bin/sh -c '"'"'echo BECOME-SUCCESS-upzdhdqqnkqtecoipruvaisazfdvjubv;
>>>> LANG=C LC_CTYPE=C /usr/bin/python
>>>> /tmp/ansible-tmp-1444921321.94-213782579685333/setup'"'"''
>>>> <[the server address]> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o
>>>> ControlPersist=60s -o ControlPath=
>>>> "/home/kevin/.ansible/cp/ansible-ssh-%h-%p-%r" -o
>>>> KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with
>>>> -mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o
>>>> User=[the user name] -o ConnectTimeout=10 [the server address] /bin/sh
>>>> -c 'rm -rf /tmp/ansible-tmp-1444921321.94-213782579685333/ >/dev/null
>>>> 2>&1'
>>>> ok: [[the server address]]
>>>>
>>>>
>>>> TASK: [Install useful system tools]
>>>> *******************************************
>>>> <[the server address]> ESTABLISH CONNECTION FOR USER: [the user name]
>>>> <[the server address]> REMOTE_MODULE apt name=vim,nano,htop,git,
>>>> subversion,tig,ncdu,nodejs-legacy,npm state=present
>>>> <[the server address]> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o
>>>> ControlPersist=60s -o ControlPath=
>>>> "/home/kevin/.ansible/cp/ansible-ssh-%h-%p-%r" -o
>>>> KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with
>>>> -mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o
>>>> User=[the user name] -o ConnectTimeout=10 [the server address] /bin/sh
>>>> -c 'mkdir
>>>> -p /tmp/ansible-tmp-1444921350.8-23676536
>>>> ...
>>>
>>> --
>> You received this message because you are subscribed to a topic in the
>> Google Groups "Ansible Project" group.
>> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/ansible-project/qKc091c74Kc/unsubscribe
>> .
>> To unsubscribe from this group and all its topics, send an email to
>> [email protected] <javascript:>.
>> To post to this group, send email to [email protected]
>> <javascript:>.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/0cedfb66-db4b-4a6c-8a6d-8d4614fdd9ad%40googlegroups.com
>>
>> <https://groups.google.com/d/msgid/ansible-project/0cedfb66-db4b-4a6c-8a6d-8d4614fdd9ad%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/415de419-b341-4bce-b31a-0031af9d3adf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
