Ansible needs to be able to run 'ALL' commands... so:
xxxx ALL=(ALL) ALL As it doesn't run su or anything directly, but runs python which exec's stuff later. Mark On Thu, Mar 10, 2016 at 1:11 AM, Juan Roman <[email protected]> wrote: > Sorry is this has been posted and answered by I find nothing while > searching. I'm attempting to connect to my AIX server but can't sudo. > > Here's my sudo setup. > > xxxxx ALL=(ALL) /usr/bin/su -,/usr/bin/su - > > > > > GATHERING FACTS > *************************************************************** > <aixserver.com> ESTABLISH CONNECTION FOR USER: userXX > <aixserver.com> REMOTE_MODULE setup CHECKMODE=True > <aixserver.com> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o > ControlPersist=60s -o > ControlPath="/home/userXX/.ansible/cp/ansible-ssh-%h-%p-%r" -o > KbdInteractiveAuthentication=no -o > PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey > -o PasswordAuthentication=no -o ConnectTimeout=10 aixserver.com /bin/sh > -c 'mkdir -p /tmp/ansible-tmp-1457568234.68-267839190034318 && chmod a+rx > /tmp/ansible-tmp-1457568234.68-267839190034318 && echo > /tmp/ansible-tmp-1457568234.68-267839190034318' > <aixserver.com> PUT /tmp/tmpMNXTOm TO > /tmp/ansible-tmp-1457568234.68-267839190034318/setup > <aixserver.com> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o > ControlPersist=60s -o > ControlPath="/home/userXX/.ansible/cp/ansible-ssh-%h-%p-%r" -o > KbdInteractiveAuthentication=no -o > PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey > -o PasswordAuthentication=no -o ConnectTimeout=10 aixserver.com /bin/sh > -c 'sudo -k && sudo -H -S -p "[sudo via ansible, > key=stujpsrxsgjiigrjvzefkwkrkuvaxyhs] password: " -u root /bin/sh -c > '"'"'echo BECOME-SUCCESS-stujpsrxsgjiigrjvzefkwkrkuvaxyhs; LANG=C > LC_CTYPE=C /usr/bin/python > /tmp/ansible-tmp-1457568234.68-267839190034318/setup; rm -rf > /tmp/ansible-tmp-1457568234.68-267839190034318/ >/dev/null 2>&1'"'"'' > failed: [aixserver.com] => {"failed": true, "parsed": false} > > Sorry, user userXX is not allowed to execute '/bin/sh -c echo > BECOME-SUCCESS-stujpsrxsgjiigrjvzefkwkrkuvaxyhs; LANG=C LC_CTYPE=C > /usr/bin/python /tmp/ansible-tmp-1457568234.68-267839190034318/setup; rm > -rf /tmp/ansible-tmp-1457568234.68-267839190034318/ >/dev/null 2>&1' as > root on ti1wps2. > debug1: mux_client_request_session: master session id: 2 > debug3: mux_client_read_packet: read header failed: Broken pipe > debug2: Received exit status from master 1 > Shared connection to aixserver.com closed. > > > TASK: [iib-bin | Change Directory to $IIB_ROOT_INSTALL] > *********************** > FATAL: no hosts matched or all hosts have already failed -- aborting > > > PLAY RECAP > ******************************************************************** > to retry, use: --limit @/home/userXX/site.retry > > aixserver.com : ok=0 changed=0 unreachable=0 failed=1 > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/cac9d97c-3cd5-41b4-acfc-68fe75a072ca%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/cac9d97c-3cd5-41b4-acfc-68fe75a072ca%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- Mark Janssen -- maniac(at)maniac.nl Unix / Linux Open-Source and Internet Consultant Maniac.nl Sig-IO.nl Vps.Stoned-IT.com -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAKs9msjRrwR5hezAVyugup%2BCx7w3D6pqBO36QidpywAdBXMGjQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
