[ansible-project] Authorize nginx reload without providing become-pass and full sudo privileges

Thu, 26 Jan 2017 13:14:24 -0800 

Hi,

I am migrating to a new architecture and I have provisioned my servers with 
an ansible playbook. I am also using ansible to deploy my source code.

I want to be able to reload nginx when the configuration change without 
having to :

* give sudo rights on ALL commands to the deploy user
* having to pass a become-pass in the command line

In my previous installation, I was doing everything manually and I had 
added this settings to allow my deployment user to reload the nginx 
configuration : 

deploy ALL(ALL) NOPASSWD: /usr/local/sbin/nginx -t, /usr/local/sbin/nginx 
-s reload

How can I have the same feature with Ansible ? Or what is the command which 
is executed when we use the service module and the state reloaded ?

Right now, I have this error :

sshpass -d15 ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 
StrictHostKeyChecking=no -o User=deploy -o ConnectTimeout=10 -o 
ControlPath=/home/deploy/.ansible/cp/ansible-ssh-%h-%p-%r -tt 
x.x.x.x '/bin/bash -c '"'"'sudo -H -S -n -u root /bin/bash -c 
'"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-lttadeaqujrmkjjfqaswosxpazzwmsoj; 
/usr/bin/python 
/home/deploy/.ansible/tmp/ansible-tmp-1485445894.86-256748839860893/systemd.py; 
rm -rf 
"/home/deploy/.ansible/tmp/ansible-tmp-1485445894.86-256748839860893/" > 
/dev/null 2>&1'"'"'"'"'"'"'"'"' && sleep 0'"'"''

fatal: [x.x.x.x]: FAILED! => {
    "changed": false, 
    "failed": true, 
    "invocation": {
        "module_args": {
            "name": "nginx", 
            "state": "reloaded"
        }, 
        "module_name": "service"
    }, 
    "module_stderr": "Shared connection to x.x.x.x closed.\r\n", 
    "module_stdout": "sudo: a password is required\r\n", 
    "msg": "MODULE FAILURE"
}

Note that I am provisioning a CentOS 7.3 server with Ansible 2.2.1.

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/40e856bc-de0d-4a58-ac06-bc379025f728%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to