Re: [ansible-project] Solaris and pfexec, not working?

[Thomas Willert]

Yes, ping works fine without the Privilege Escalation "pfexec":

[willert@localhost ~]$ ansible dbservere4 -m ping -vvvv
Using /home/willert/.ansible.cfg as config file
Loaded callback minimal of type stdout, v2.0
<dbservere4> ESTABLISH SSH CONNECTION FOR USER: None
<dbservere4> SSH: EXEC ssh -C -vvv -o ControlMaster=auto -o 
ControlPersist=60s -o StrictHostKeyChecking=no -o 
KbdInteractiveAuthentication=no -o 
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey 
-o PasswordAuthentication=no -o ConnectTimeout=10 -o 
ControlPath=/home/willert/.ansible/cp/ansible-ssh-%h-%p-%r -tt dbservere4 
(umask 22 && mkdir -p "$(echo 
/tmp/.ansible/tmp/ansible-tmp-1447659206.06-120147812768677)" && echo 
"$(echo /tmp/.ansible/tmp/ansible-tmp-1447659206.06-120147812768677)")
<dbservere4> PUT /tmp/tmprmOes7 TO 
/tmp/.ansible/tmp/ansible-tmp-1447659206.06-120147812768677/ping
<dbservere4> SSH: EXEC sftp -b - -C -vvv -o ControlMaster=auto -o 
ControlPersist=60s -o StrictHostKeyChecking=no -o 
KbdInteractiveAuthentication=no -o 
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey 
-o PasswordAuthentication=no -o ConnectTimeout=10 -o 
ControlPath=/home/willert/.ansible/cp/ansible-ssh-%h-%p-%r [dbservere4]
<dbservere4> ESTABLISH SSH CONNECTION FOR USER: None
<dbservere4> SSH: EXEC ssh -C -vvv -o ControlMaster=auto -o 
ControlPersist=60s -o StrictHostKeyChecking=no -o 
KbdInteractiveAuthentication=no -o 
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey 
-o PasswordAuthentication=no -o ConnectTimeout=10 -o 
ControlPath=/home/willert/.ansible/cp/ansible-ssh-%h-%p-%r -tt dbservere4 
LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 LC_MESSAGES=en_US.UTF-8 /usr/bin/python 
/tmp/.ansible/tmp/ansible-tmp-1447659206.06-120147812768677/ping; rm -rf 
"/tmp/.ansible/tmp/ansible-tmp-1447659206.06-120147812768677/" > /dev/null 
2>&1
dbservere4 | SUCCESS => {
    "changed": false,
    "invocation": {
        "module_args": {},
        "module_name": "ping"
    },
    "ping": "pong"
}



/ Thomas




On Friday, November 13, 2015 at 5:11:10 PM UTC+1, Brian Coca wrote:
>
> does ping work w/o pfexec? 
>
> On Fri, Nov 13, 2015 at 1:12 AM, Thomas Willert 
> <thomas....@berenberg.de <javascript:>> wrote: 
> > Hi Brian, 
> > thanks for the 'pfexec' hints. I tried both changing my Ansible 1.9 
> files 
> > and also tried using Ansible 2.0.0 0.4.beta2. The error messages I now 
> get 
> > are similiar although not quiet identical. They both contain "No such 
> file 
> > or directory": 
> > 
> > Ansible 1.9.4 
> > ------------- 
> > 
> > [willert@ws-willert ~]$ ANSIBLE_BECOME=True ANSIBLE_BECOME_METHOD=pfexec 
> > ansible dbservere4 -m ping -vvvv 
> > <dbservere4> ESTABLISH CONNECTION FOR USER: willert 
> > <dbservere4> REMOTE_MODULE ping 
> > <dbservere4> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o 
> > ControlPersist=60s -o 
> > ControlPath="/home/willert/.ansible/cp/ansible-ssh-%h-%p-%r" -o 
> > StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o 
> > 
> PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey 
> -o 
> > PasswordAuthentication=no -o ConnectTimeout=10 dbservere4 /bin/sh -c 
> 'mkdir 
> > -p /tmp/.ansible/tmp/ansible-tmp-1447400745.5-223125700098523 && chmod 
> a+rx 
> > /tmp/.ansible/tmp/ansible-tmp-1447400745.5-223125700098523 && echo 
> > /tmp/.ansible/tmp/ansible-tmp-1447400745.5-223125700098523' 
> > <dbservere4> PUT /tmp/tmpXcrm98 TO 
> > /tmp/.ansible/tmp/ansible-tmp-1447400745.5-223125700098523/ping 
> > <dbservere4> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o 
> > ControlPersist=60s -o 
> > ControlPath="/home/willert/.ansible/cp/ansible-ssh-%h-%p-%r" -o 
> > StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o 
> > 
> PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey 
> -o 
> > PasswordAuthentication=no -o ConnectTimeout=10 dbservere4 /bin/sh -c 
> 'pfexec 
> > "'"'"'echo BECOME-SUCCESS-tnjzhxjycfjdyelcvpbxjdjxndkcfkfo; 
> LANG=en_US.UTF-8 
> > LC_CTYPE=en_US.UTF-8 /usr/bin/python 
> > /tmp/.ansible/tmp/ansible-tmp-1447400745.5-223125700098523/ping; rm -rf 
> > /tmp/.ansible/tmp/ansible-tmp-1447400745.5-223125700098523/ >/dev/null 
> > 2>&1'"'"'"' 
> > dbservere4 | FAILED >> { 
> >     "failed": true, 
> >     "msg": "'echo BECOME-SUCCESS-tnjzhxjycfjdyelcvpbxjdjxndkcfkfo; 
> > LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python 
> > /tmp/.ansible/tmp/ansible-tmp-1447400745.5-223125700098523/ping; rm -rf 
> > /tmp/.ansible/tmp/ansible-tmp-1447400745.5-223125700098523/ >/dev/null 
> > 2>&1': No such file or directory\r\nOpenSSH_6.6.1, OpenSSL 1.0.1e-fips 
> 11 
> > Feb 2013\r\ndebug1: Reading configuration data 
> > /home/willert/.ssh/config\r\ndebug1: /home/willert/.ssh/config line 1: 
> > Applying options for *\r\ndebug1: Reading configuration data 
> > /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 56: Applying 
> options 
> > for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 
> setting 
> > O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 
> 4\r\ndebug3: 
> > mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: 
> > mux_client_request_session: entering\r\ndebug3: 
> mux_client_request_alive: 
> > entering\r\ndebug3: mux_client_request_alive: done pid = 3625\r\ndebug3: 
> > mux_client_request_session: session request sent\r\ndebug1: 
> > mux_client_request_session: master session id: 2\r\ndebug3: 
> > mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: 
> Received 
> > exit status from master 1\r\nShared connection to dbservere4 
> closed.\r\n", 
> >     "parsed": false 
> > 
> > 
> > Ansible 2.0.0 0.4.beta2 
> > ----------------------- 
> > 
> > $ ANSIBLE_BECOME=True ANSIBLE_BECOME_METHOD=pfexec ansible dbservere4 -m 
> > ping -vvvv 
> > Using /home/willert/.ansible.cfg as config file 
> > Loaded callback minimal of type stdout, v2.0 
> > <dbservere4> ESTABLISH SSH CONNECTION FOR USER: None 
> > <dbservere4> SSH: EXEC ssh -C -vvv -o ControlMaster=auto -o 
> > ControlPersist=60s -o StrictHostKeyChecking=no -o 
> > KbdInteractiveAuthentication=no -o 
> > 
> PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey 
> -o 
> > PasswordAuthentication=no -o ConnectTimeout=10 -o 
> > ControlPath=/home/willert/.ansible/cp/ansible-ssh-%h-%p-%r -tt 
> dbservere4 
> > (umask 22 && mkdir -p "$(echo 
> > /tmp/.ansible/tmp/ansible-tmp-1447405023.72-289756827788)" && echo 
> "$(echo 
> > /tmp/.ansible/tmp/ansible-tmp-1447405023.72-289756827788)") 
> > <dbservere4> PUT /tmp/tmpUF3jFS TO 
> > /tmp/.ansible/tmp/ansible-tmp-1447405023.72-289756827788/ping 
> > <dbservere4> SSH: EXEC sftp -b - -C -vvv -o ControlMaster=auto -o 
> > ControlPersist=60s -o StrictHostKeyChecking=no -o 
> > KbdInteractiveAuthentication=no -o 
> > 
> PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey 
> -o 
> > PasswordAuthentication=no -o ConnectTimeout=10 -o 
> > ControlPath=/home/willert/.ansible/cp/ansible-ssh-%h-%p-%r [dbservere4] 
> > <dbservere4> ESTABLISH SSH CONNECTION FOR USER: None 
> > <dbservere4> SSH: EXEC ssh -C -vvv -o ControlMaster=auto -o 
> > ControlPersist=60s -o StrictHostKeyChecking=no -o 
> > KbdInteractiveAuthentication=no -o 
> > 
> PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey 
> -o 
> > PasswordAuthentication=no -o ConnectTimeout=10 -o 
> > ControlPath=/home/willert/.ansible/cp/ansible-ssh-%h-%p-%r -tt 
> dbservere4 
> > /bin/sh -c 'pfexec  "'"'"'echo 
> > BECOME-SUCCESS-bodchmhbolxfaduxknexdrmbouogwbjj; LANG=en_US.UTF-8 
> > LC_ALL=en_US.UTF-8 LC_MESSAGES=en_US.UTF-8 /usr/bin/python 
> > /tmp/.ansible/tmp/ansible-tmp-1447405023.72-289756827788/ping; rm -rf 
> > "/tmp/.ansible/tmp/ansible-tmp-1447405023.72-289756827788/" > /dev/null 
> > 2>&1'"'"'"' 
> > dbservere4 | FAILED! => { 
> >     "changed": false, 
> >     "failed": true, 
> >     "invocation": { 
> >         "module_args": {}, 
> >         "module_name": "ping" 
> >     }, 
> >     "msg": "'echo BECOME-SUCCESS-bodchmhbolxfaduxknexdrmbouogwbjj; 
> > LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 LC_MESSAGES=en_US.UTF-8 
> /usr/bin/python 
> > /tmp/.ansible/tmp/ansible-tmp-1447405023.72-289756827788/ping; rm -rf 
> > /tmp/.ansible/tmp/ansible-tmp-1447405023.72-289756827788/ > /dev/null 
> 2>&1': 
> > No such file or directory\r\nOpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 
> > 2013\r\ndebug1: Reading configuration data 
> > /home/willert/.ssh/config\r\ndebug1: /home/willert/.ssh/config line 1: 
> > Applying options for *\r\ndebug1: Reading configuration data 
> > /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 56: Applying 
> options 
> > for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 
> setting 
> > O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 
> 4\r\ndebug3: 
> > mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: 
> > mux_client_request_session: entering\r\ndebug3: 
> mux_client_request_alive: 
> > entering\r\ndebug3: mux_client_request_alive: done pid = 6655\r\ndebug3: 
> > mux_client_request_session: session request sent\r\ndebug1: 
> > mux_client_request_session: master session id: 2\r\ndebug3: 
> > mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: 
> Received 
> > exit status from master 1\r\nShared connection to dbservere4 
> closed.\r\n", 
> >     "parsed": false 
> > } 
> > 
> > 
> > 
> > Trying to decipher the error message it seems like a file access 
> problem? If 
> > I read the outpout correctly the "rm -rf" can not find the directory to 
> > recursively remove? Logging into the remote Solaris server the excat 
> same 
> > directory and files are there? 
> > 
> > -bash-4.1$ ls -ld /tmp/.ansible \ 
> >> /tmp/.ansible/tmp \ 
> >> /tmp/.ansible/tmp/ansible-tmp-1447405023.72-289756827788 \ 
> >> /tmp/.ansible/tmp/ansible-tmp-1447405023.72-289756827788/ping 
> > 
> > drwxr-xr-x   3 willert  unixadm      177 Nov 13 08:44 /tmp/.ansible 
> > drwxr-xr-x   7 willert  unixadm      603 Nov 13 09:57 /tmp/.ansible/tmp 
> > drwxr-xr-x   2 willert  unixadm      178 Nov 13 09:57 
> > /tmp/.ansible/tmp/ansible-tmp-1447405023.72-289756827788 
> > -rw-------   1 willert  unixadm    72874 Nov 13 09:57 
> > /tmp/.ansible/tmp/ansible-tmp-1447405023.72-289756827788/ping 
> > 
> > 
> > I have set "remote_tmp" to "/tmp/.ansible/tmp" on the control machine. 
> > 
> > Does anyone have an idea of whats going wrong here? 
> > 
> > / Thomas 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups 
> > "Ansible Project" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an 
> > email to ansible-proje...@googlegroups.com <javascript:>. 
> > To post to this group, send email to ansible...@googlegroups.com 
> <javascript:>. 
> > To view this discussion on the web visit 
> > 
> https://groups.google.com/d/msgid/ansible-project/b600cacd-70ef-4d58-a530-a84db3a553fd%40googlegroups.com.
>  
>
> > 
> > For more options, visit https://groups.google.com/d/optout. 
>
>
>
> -- 
> Brian Coca 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/84ab88ca-eb9d-436f-9bc6-e07f179840f0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.