I solved in a stupid way:
- name: copy configuration file
template:
mode: 0600
dest: /etc/monitrc
src: monitrc.j2
# validate: /usr/bin/sudo /usr/bin/monit -c %s -t
- name: validate configuration file
command: /usr/bin/monit -c /etc/monitrc -t
but I'd like to figure out what goes wrong with the validate attribute and
the sudo authentication,
so if so could enlighten it it would be appreciated
Il giorno martedì 5 marzo 2019 11:47:33 UTC+1, fusillator ha scritto:
>
> Hi all, I've a very simple role to copy and validate a monit configuration
> file
>
> cat roles/monit_install/tasks/main.yml
> - name: copy configuration file
> template:
> mode: 0600
> dest: /etc/monitrc
> src: monitrc.j2
> validate: /usr/bin/sudo /usr/bin/monit -c %s -t
>
> now if I validate the configuration on the target server works like a
> charm:
>
> [root@server2 ~]# monit -c /etc/monitrc -t
> Control file syntax OK
>
> and so if I launch the playbook with the user root (after having removed
> the configuration file on the target server)
>
> $ ansible-playbook monit_install.yml -u root -k
> SSH password:
>
> PLAY [server2]
> ****************************************************************************************************************************************************************************************************************************************************************
>
> TASK [Gathering Facts]
> ********************************************************************************************************************************************************************************************************************************************************
> ok: [server2]
>
> TASK [monit_install : copy configuration file]
> ********************************************************************************************************************************************************************************************************************************
> changed: [server2]
>
> TASK [monit_install : debug variable]
> *****************************************************************************************************************************************************************************************************************************************
> ok: [server2] => {
> ...
> }
>
> PLAY RECAP
> ********************************************************************************************************************************************************************************************************************************************************************
> server2 : ok=3 changed=1 unreachable=0
> failed=0
>
> but it fails when I try to launch it with sudo/become as follows:
> (after having removed the file monitrc on server2)
>
> $ ansible-playbook monit_install.yml --become --ask-become-pass
> SUDO password:
>
> PLAY [server2]
> ****************************************************************************************************************************************************************************************************************************************************************
>
> TASK [Gathering Facts]
> ********************************************************************************************************************************************************************************************************************************************************
> ok: [server2]
>
> TASK [monit_install : copy configuration file]
> ********************************************************************************************************************************************************************************************************************************
> fatal: [server2]: FAILED! => {"changed": false, "checksum":
> "435dbc73eaa2ccd4efd4c442e75e59e080088c02", "exit_status": 1, "msg":
> "failed to validate", "stderr": "The control file
> '/home/fusillator/.ansible/tmp/ansible-tmp-1551782364.37-11770304984221/source'
>
> must be owned by you.\n", "stderr_lines": ["The control file
> '/home/fusillator/.ansible/tmp/ansible-tmp-1551782364.37-11770304984221/source'
>
> must be owned by you."], "stdout": "", "stdout_lines": []}
> to retry, use: --limit
> @/home/fusillator/Code/ansible/monit_install.retry
>
> PLAY RECAP
> ********************************************************************************************************************************************************************************************************************************************************************
> server2 : ok=1 changed=0 unreachable=0
> failed=1
>
> I tried to add fusillator user in sudo configuration to allow the
> execution of /usr/bin/monit without password but it fails anyway.
> fusillator ALL=(ALL) NOPASSWD: /usr/bin/monit
>
> So I miss something.. isn't the validation program run as the become user?
> Any idea to resolve the issue?
>
> regards
>
> Luca
>
>
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/fc4dc9de-13a9-46d8-b351-c19f3c63a3b4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
