If you combine become_user with sudo: yes it will do what you want. You can
leave sudo_user out.
On Friday, 16 October 2015 18:37:43 UTC+2, Kevin Jaquier wrote:
>
> I tried and it worked, obviously, because the task is actually run with
> root (instead of my user with sudo access) which is not what I wanted.
>
> That's why I'm using "become_user" (equivalent of the now deprecated
> "sudo_user"), in order to use sudo with my user and not root.
>
> Below the Ansible output :
>
> $ ansible-playbook -K -i test site.yml -vvvv
> SUDO password:
>
> PLAY [all]
> ********************************************************************
>
> GATHERING FACTS
> ***************************************************************
> <[the server name]> ESTABLISH CONNECTION FOR USER: [the user name]
> <[the server name]> REMOTE_MODULE setup
> <[the server name]> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o
> ControlPersist=60s -o
> ControlPath="/home/kevin/.ansible/cp/ansible-ssh-%h-%p-%r" -o
> KbdInteractiveAuthentication=no -o
> PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
> -o PasswordAuthentication=no -o User=[the user name] -o ConnectTimeout=10
> [the server name] /bin/sh -c 'mkdir -p
> $HOME/.ansible/tmp/ansible-tmp-1445011786.98-96385272343300 && chmod a+rx
> $HOME/.ansible/tmp/ansible-tmp-1445011786.98-96385272343300 && echo
> $HOME/.ansible/tmp/ansible-tmp-1445011786.98-96385272343300'
> <[the server name]> PUT /tmp/tmpzsyZR5 TO /home/[the user
> name]/.ansible/tmp/ansible-tmp-1445011786.98-96385272343300/setup
> <[the server name]> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o
> ControlPersist=60s -o
> ControlPath="/home/kevin/.ansible/cp/ansible-ssh-%h-%p-%r" -o
> KbdInteractiveAuthentication=no -o
> PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
> -o PasswordAuthentication=no -o User=[the user name] -o ConnectTimeout=10
> [the server name] /bin/sh -c 'sudo -k && sudo -H -S -p "[sudo via ansible,
> key=xlkvnygczvuuuxouqlysjwveacqafobo] password: " -u root /bin/sh -c
> '"'"'echo BECOME-SUCCESS-xlkvnygczvuuuxouqlysjwveacqafobo; LANG=C
> LC_CTYPE=C /usr/bin/python /home/[the user
> name]/.ansible/tmp/ansible-tmp-1445011786.98-96385272343300/setup; rm -rf
> /home/[the user
> name]/.ansible/tmp/ansible-tmp-1445011786.98-96385272343300/ >/dev/null
> 2>&1'"'"''
> ok: [[the server name]]
>
> TASK: [Install useful system tools]
> *******************************************
> <[the server name]> ESTABLISH CONNECTION FOR USER: [the user name]
> <[the server name]> REMOTE_MODULE apt
> name=vim,nano,htop,git,subversion,tig,ncdu,nodejs-legacy,npm,mesa-utils
> state=present
> <[the server name]> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o
> ControlPersist=60s -o
> ControlPath="/home/kevin/.ansible/cp/ansible-ssh-%h-%p-%r" -o
> KbdInteractiveAuthentication=no -o
> PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
> -o PasswordAuthentication=no -o User=[the user name] -o ConnectTimeout=10
> [the server name] /bin/sh -c 'mkdir -p
> $HOME/.ansible/tmp/ansible-tmp-1445011796.4-117959804841916 && chmod a+rx
> $HOME/.ansible/tmp/ansible-tmp-1445011796.4-117959804841916 && echo
> $HOME/.ansible/tmp/ansible-tmp-1445011796.4-117959804841916'
> <[the server name]> PUT /tmp/tmpDRxOC1 TO /home/[the user
> name]/.ansible/tmp/ansible-tmp-1445011796.4-117959804841916/apt
> <[the server name]> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o
> ControlPersist=60s -o
> ControlPath="/home/kevin/.ansible/cp/ansible-ssh-%h-%p-%r" -o
> KbdInteractiveAuthentication=no -o
> PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
> -o PasswordAuthentication=no -o User=[the user name] -o ConnectTimeout=10
> [the server name] /bin/sh -c 'sudo -k && sudo -H -S -p "[sudo via ansible,
> key=zkgarkbubgpvcowmyibknwzfzyeoksnf] password: " -u root /bin/sh -c
> '"'"'echo BECOME-SUCCESS-zkgarkbubgpvcowmyibknwzfzyeoksnf; LANG=C
> LC_CTYPE=C /usr/bin/python /home/[the user
> name]/.ansible/tmp/ansible-tmp-1445011796.4-117959804841916/apt; rm -rf
> /home/[the user
> name]/.ansible/tmp/ansible-tmp-1445011796.4-117959804841916/ >/dev/null
> 2>&1'"'"''
> changed: [[the server name]] =>
>
> Le vendredi 16 octobre 2015 17:57:21 UTC+2, Santosh Jambhlikar a écrit :
>>
>> Try removing all parameters and add "sudo: yes" only ( like below)
>>
>> ---
>> - hosts: all
>> sudo: yes
>>
>>
>> tasks:
>>
>>
>> - name: Install useful system tools
>> apt: name={{ item }} state=present
>> with_items:
>> - vim
>> - nano
>>
>>
>>
>> Sent with MailTrack
>> <https://mailtrack.io/install?source=signature&lang=en&[email protected]&idSignature=22>
>>
>> On Fri, Oct 16, 2015 at 8:25 PM, Kevin Jaquier <[email protected]>
>> wrote:
>>
>>> That's what I'm doing here, as the "sudo" option have been deprecated in
>>> favor of "become".
>>> And my user also have all the privileges (see the output of "sudo -l").
>>> At least if I understand correctly. Anyway it do have the required
>>> privilege I can "sudo apt-get install" something with this user and it
>>> works.
>>>
>>> Le vendredi 16 octobre 2015 10:08:32 UTC+2, Santosh Jambhlikar a écrit :
>>>>
>>>> I use following which works for me
>>>>
>>>> sudo: yes
>>>>
>>>> but user has sudo to ALL prilvilges
>>>>
>>>> On Thursday, 15 October 2015 21:20:21 UTC+5:30, Kevin Jaquier wrote:
>>>>>
>>>>> I'm having trouble executing my script from a user with sudo access
>>>>> instead of root.
>>>>>
>>>>> I'm getting "permission denied" errors when playing the playbook, but
>>>>> if I execute the commands manually on the server it works just fine.
>>>>> I did use "become" to execute the tasks with sudo and the right user.
>>>>>
>>>>> The (relevant part of the) playbook :
>>>>>
>>>>> ---
>>>>> - hosts: all
>>>>> remote_user: "{{ user }}"
>>>>> become: yes
>>>>> become_user: "{{ user }}"
>>>>> become_method: sudo
>>>>>
>>>>>
>>>>> tasks:
>>>>>
>>>>>
>>>>> - name: Install useful system tools
>>>>> apt: name={{ item }} state=present
>>>>> with_items:
>>>>> - vim
>>>>> - nano
>>>>> - htop
>>>>> - git
>>>>> - subversion
>>>>> - tig
>>>>> - ncdu
>>>>> - nodejs-legacy
>>>>> - npm
>>>>> - mesa-utils
>>>>>
>>>>>
>>>>>
>>>>> Ansible output :
>>>>>
>>>>> $ ansible-playbook -K -i test site.yml -vvvv
>>>>> SUDO password:
>>>>>
>>>>>
>>>>> PLAY [all]
>>>>> ********************************************************************
>>>>>
>>>>>
>>>>> GATHERING FACTS
>>>>> ***************************************************************
>>>>> <[the server address]> ESTABLISH CONNECTION FOR USER: [the user name]
>>>>> <[the server address]> REMOTE_MODULE setup
>>>>> <[the server address]> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o
>>>>> ControlPersist=60s -o ControlPath=
>>>>> "/home/kevin/.ansible/cp/ansible-ssh-%h-%p-%r" -o
>>>>> KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-
>>>>> with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no
>>>>> -o User=[the user name] -o ConnectTimeout=10 [the server address] /bin
>>>>> /sh -c 'mkdir
>>>>> -p /tmp/ansible-tmp-1444921321.94-213782579685333 && chmod a+rx
>>>>> /tmp/ansible-tmp-1444921321.94-213782579685333 && echo
>>>>> /tmp/ansible-tmp-1444921321.94-213782579685333'
>>>>> <[the server address]> PUT /tmp/tmpk_hOEu TO /tmp/ansible-tmp-
>>>>> 1444921321.94-213782579685333/setup
>>>>> <[the server address]> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o
>>>>> ControlPersist=60s -o ControlPath=
>>>>> "/home/kevin/.ansible/cp/ansible-ssh-%h-%p-%r" -o
>>>>> KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-
>>>>> with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no
>>>>> -o User=[the user name] -o ConnectTimeout=10 [the server address] /bin
>>>>> /sh -c 'chmod a+r
>>>>> /tmp/ansible-tmp-1444921321.94-213782579685333/setup'
>>>>> <[the server address]> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o
>>>>> ControlPersist=60s -o ControlPath=
>>>>> "/home/kevin/.ansible/cp/ansible-ssh-%h-%p-%r" -o
>>>>> KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-
>>>>> with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no
>>>>> -o User=[the user name] -o ConnectTimeout=10 [the server address] /bin
>>>>> /sh -c 'sudo
>>>>> -k && sudo -H -S -p "[sudo via ansible,
>>>>> key=upzdhdqqnkqtecoipruvaisazfdvjubv] password: " -u [the user name]
>>>>> /bin/sh -c '"'"'echo BECOME-SUCCESS-upzdhdqqnkqtecoipruvaisazfdvjubv;
>>>>> LANG=C LC_CTYPE=C /usr/bin/python
>>>>> /tmp/ansible-tmp-1444921321.94-213782579685333/setup'"'"''
>>>>> <[the server address]> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o
>>>>> ControlPersist=60s -o ControlPath=
>>>>> "/home/kevin/.ansible/cp/ansible-ssh-%h-%p-%r" -o
>>>>> KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-
>>>>> with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no
>>>>> -o User=[the user name] -o ConnectTimeout=10 [the server address] /bin
>>>>> /sh -c 'rm -rf /tmp/ansible-tmp-1444921321.94-213782579685333/
>>>>> >/dev/null 2>&1'
>>>>> ok: [[the server address]]
>>>>>
>>>>>
>>>>> TASK: [Install useful system tools]
>>>>> *******************************************
>>>>> <[the server address]> ESTABLISH CONNECTION FOR USER: [the user name]
>>>>> <[the server address]> REMOTE_MODULE apt name=vim,nano,htop,git,
>>>>> subversion,tig,ncdu,nodejs-legacy,npm state=present
>>>>> <[the server address]> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o
>>>>> ControlPersist=60s -o ControlPath=
>>>>> "/home/kevin/.ansible/cp/ansible-ssh-%h-%p-%r" -o
>>>>> KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-
>>>>> with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no
>>>>> -o User=[the user name] -o ConnectTimeout=10 [the server address] /bin
>>>>> /sh -c 'mkdir
>>>>> -p /tmp/ansible-tmp-1444921350.8-23676536
>>>>> ...
>>>>
>>>> --
>>> You received this message because you are subscribed to a topic in the
>>> Google Groups "Ansible Project" group.
>>> To unsubscribe from this topic, visit
>>> https://groups.google.com/d/topic/ansible-project/qKc091c74Kc/unsubscribe
>>> .
>>> To unsubscribe from this group and all its topics, send an email to
>>> [email protected].
>>> To post to this group, send email to [email protected].
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/0cedfb66-db4b-4a6c-8a6d-8d4614fdd9ad%40googlegroups.com
>>>
>>> <https://groups.google.com/d/msgid/ansible-project/0cedfb66-db4b-4a6c-8a6d-8d4614fdd9ad%40googlegroups.com?utm_medium=email&utm_source=footer>
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/31be1dcc-3656-4480-b5e5-d6eb1b2f4d58%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
