I tried, same result.
Thanks!
On Friday, 28 September 2018 20:56:23 UTC+3, Karthik Chandrashekar wrote:
>
> Can you try to change your playbook a little bit.
>
> Just below hosts mention:
>
> remote_user: < username >
>
> remove become_method option ( I assume you are using ansible version =>
> 1.9 )
>
> I don't think ansible in the backed uses below syntax for any task
> executions as root:
>
> *sudo /bin/bash -c 'cp /tmp/a > /etc/yum.repos.d/a'*
>
>
>
> On Friday, September 28, 2018 at 11:09:24 PM UTC+5:30, Nicola Apicella
> wrote:
>>
>> It does have sudo access, but it is restricted, namely it cannot use exec
>> */bin/sh.*
>> So if I do:
>> *napicella@localhost > ssh blablahost*
>> *napicella@blalahost> sudo cp /tmp/a > /etc/yum.repos.d/a *
>>
>> This works as expected, what it does not work is:
>>
>> *napicella@blalahost> sudo /bin/bash -c 'cp /tmp/a > /etc/yum.repos.d/a'*
>> *Sorry user napicella is not allowed to execute /bin/bash .....*
>>
>> which appears to be exactly what Ansible does when the *become* property
>> is set in the playbook task
>>
>> On Friday, 28 September 2018 20:32:25 UTC+3, Karthik Chandrashekar wrote:
>>>
>>> Well, is that user been given sudo rights on remote machine if so, Could
>>> you check if you are able to login as that user and execute the same task
>>> manually without ansible.
>>>
>>> On Friday, September 28, 2018 at 10:58:44 PM UTC+5:30, Nicola Apicella
>>> wrote:
>>>>
>>>> I am running the playbook without specifying an user:
>>>>
>>>>
>>>> *ansible-playbook --ask-become-pass -vvv test-playbook*
>>>> Running the command with -u flag does not change the error:
>>>>
>>>> *ansible-playbook -u napicella --ask-become-pass -vvv test-playbook*
>>>>
>>>> where *napicella *is an user on both the local machine and the remote
>>>> one
>>>>
>>>> On Friday, 28 September 2018 20:08:28 UTC+3, Karthik Chandrashekar
>>>> wrote:
>>>>>
>>>>> What is the username you are trying to connect as ?
>>>>>
>>>>> On Friday, September 28, 2018 at 10:06:32 PM UTC+5:30, Nicola Apicella
>>>>> wrote:
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I am sorry for the newbie question, I ve just started looking into
>>>>>> Ansible but I did not find any info in the docs or anywhere else that
>>>>>> could
>>>>>> help me find a resolution.
>>>>>> I have a bunch of hosts on which I have sudo access.
>>>>>> *>sudo whoami*
>>>>>> *root*
>>>>>>
>>>>>> But I do not have permission to run
>>>>>> *> sudo /bin/sh -c echo "Hello!"*
>>>>>> *Sorry, user some-user is not allowed to execute '/bin/sh -c echo
>>>>>> Hello world' as root on blabahost.*
>>>>>>
>>>>>> This is blocking me from executing a simple playbook which copies
>>>>>> files under */etc/yum.repos.d*
>>>>>> The playbook like this:
>>>>>>
>>>>>> *---*
>>>>>> *- name: test-pl*
>>>>>> * hosts: blablahost*
>>>>>>
>>>>>> * tasks:*
>>>>>> * - name: test*
>>>>>> * become: yes*
>>>>>> * become_method: sudo*
>>>>>> * copy:*
>>>>>> * content: ""*
>>>>>> * dest: /etc/yum.repos.d/a*
>>>>>> * force: no*
>>>>>> * group: root*
>>>>>> * owner: root*
>>>>>> * mode: 0555*
>>>>>>
>>>>>> The error I get is basically the same one mentioned above. My user is
>>>>>> not allowed to execute */bin/sh *as root.
>>>>>>
>>>>>> blablahost | FAILED! => {
>>>>>> "changed": false,
>>>>>> "module_stderr": "Shared connection to blablahost closed.\r\n",
>>>>>> "module_stdout": "\r\nSorry, user some-user is not allowed to
>>>>>> execute '/bin/sh -c echo
>>>>>> BECOME-SUCCESS-rhzefxcamynrooqcpyqppdiqvzlqbmyt;
>>>>>> /usr/bin/python
>>>>>> /home/some-user/.ansible/tmp/ansible-tmp-1538151353.33-57836367165837/command.py'
>>>>>>
>>>>>> as root on blablahost.\r\n",
>>>>>> "msg": "MODULE FAILURE",
>>>>>> "rc": 1
>>>>>> }
>>>>>>
>>>>>> The problem could be fixed if Ansible would allow to start the bash
>>>>>> as a normal user and then run the copy command with *sudo.*
>>>>>> Basically, avoiding executing */bin/sh *as root.
>>>>>> Are you aware of a workaround for this case? Or am I missing
>>>>>> something?
>>>>>>
>>>>>>
>>>>>> Thanks in advance.
>>>>>> -Nicola
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/3c4c02d2-9980-4833-af83-dcc9e1a89753%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
