Workaround improved:
$ cat roles/monit_install/tasks/main.yml
- name: copy configuration file
template:
mode: 0600
dest: /etc/monitrc
src: monitrc.j2
# validate: /usr/bin/sudo /usr/bin/monit -c %s -t
- name: validate configuration file
command: /usr/bin/monit -c /etc/monitrc -t
register: validate_result
ignore_errors: true
- name: remove monit configuration file if validation fails
file:
path: /etc/monitrc
state: absent
when: validate_result.rc > 0
- name: exit when monit validation fails
fail:
msg: monit validation failed
when: validate_result.rc > 0
Il giorno martedì 5 marzo 2019 12:03:58 UTC+1, fusillator ha scritto:
>
> I solved in a stupid way:
>
> - name: copy configuration file
> template:
> mode: 0600
> dest: /etc/monitrc
> src: monitrc.j2
> # validate: /usr/bin/sudo /usr/bin/monit -c %s -t
>
> - name: validate configuration file
> command: /usr/bin/monit -c /etc/monitrc -t
>
> but I'd like to figure out what goes wrong with the validate attribute and
> the sudo authentication,
> so if so could enlighten it it would be appreciated
>
>
>
> Il giorno martedì 5 marzo 2019 11:47:33 UTC+1, fusillator ha scritto:
>>
>> Hi all, I've a very simple role to copy and validate a monit
>> configuration file
>>
>> cat roles/monit_install/tasks/main.yml
>> - name: copy configuration file
>> template:
>> mode: 0600
>> dest: /etc/monitrc
>> src: monitrc.j2
>> validate: /usr/bin/sudo /usr/bin/monit -c %s -t
>>
>> now if I validate the configuration on the target server works like a
>> charm:
>>
>> [root@server2 ~]# monit -c /etc/monitrc -t
>> Control file syntax OK
>>
>> and so if I launch the playbook with the user root (after having removed
>> the configuration file on the target server)
>>
>> $ ansible-playbook monit_install.yml -u root -k
>> SSH password:
>>
>> PLAY [server2]
>> ****************************************************************************************************************************************************************************************************************************************************************
>>
>> TASK [Gathering Facts]
>> ********************************************************************************************************************************************************************************************************************************************************
>> ok: [server2]
>>
>> TASK [monit_install : copy configuration file]
>> ********************************************************************************************************************************************************************************************************************************
>> changed: [server2]
>>
>> TASK [monit_install : debug variable]
>> *****************************************************************************************************************************************************************************************************************************************
>> ok: [server2] => {
>> ...
>> }
>>
>> PLAY RECAP
>> ********************************************************************************************************************************************************************************************************************************************************************
>> server2 : ok=3 changed=1 unreachable=0
>> failed=0
>>
>> but it fails when I try to launch it with sudo/become as follows:
>> (after having removed the file monitrc on server2)
>>
>> $ ansible-playbook monit_install.yml --become --ask-become-pass
>> SUDO password:
>>
>> PLAY [server2]
>> ****************************************************************************************************************************************************************************************************************************************************************
>>
>> TASK [Gathering Facts]
>> ********************************************************************************************************************************************************************************************************************************************************
>> ok: [server2]
>>
>> TASK [monit_install : copy configuration file]
>> ********************************************************************************************************************************************************************************************************************************
>> fatal: [server2]: FAILED! => {"changed": false, "checksum":
>> "435dbc73eaa2ccd4efd4c442e75e59e080088c02", "exit_status": 1, "msg":
>> "failed to validate", "stderr": "The control file
>> '/home/fusillator/.ansible/tmp/ansible-tmp-1551782364.37-11770304984221/source'
>>
>> must be owned by you.\n", "stderr_lines": ["The control file
>> '/home/fusillator/.ansible/tmp/ansible-tmp-1551782364.37-11770304984221/source'
>>
>> must be owned by you."], "stdout": "", "stdout_lines": []}
>> to retry, use: --limit
>> @/home/fusillator/Code/ansible/monit_install.retry
>>
>> PLAY RECAP
>> ********************************************************************************************************************************************************************************************************************************************************************
>> server2 : ok=1 changed=0 unreachable=0
>> failed=1
>>
>> I tried to add fusillator user in sudo configuration to allow the
>> execution of /usr/bin/monit without password but it fails anyway.
>> fusillator ALL=(ALL) NOPASSWD: /usr/bin/monit
>>
>> So I miss something.. isn't the validation program run as the become user?
>> Any idea to resolve the issue?
>>
>> regards
>>
>> Luca
>>
>>
>>
>>
>>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/7dcee70d-b89c-4efc-aae3-4a90b27fced4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
