Hi Team,
we have developed playbook for oracle backup, but we are having big
roadblock to use privilege escalation.
we are using become_user mentod for privilege escalation but in our env for
security reason unix team has added script which prompts ticket number
after switching user.
so i can handle this in become_user method.
existing setput in my env.
login to redhat server using my person id
username:hitesh
..
..connected.
linux>dzdo su - oracle
Please enter ticket number: INC00000
connected..
below is code which i have developed.
- name: Get oracle user from oracledb
shell: ps -ef| grep pmon|grep -v 'grep'|grep {{ db_list[0] }}|awk '{print
$1}'
register: oracleuser
- name: Get the oracle_group
shell: id -gn "{{ oracleuser.stdout_lines[0] }}"
register: oraclegroup
- name : create permafrost directory
file :
path : /tmp/permafrost/
state: directory
mode: "u+rwx,g+rwx,o+rwx"
become: true
become_user: "{{ oracleuser.stdout_lines[0] }}"
#owner: "{{ oracleuser.stdout_lines[0] }}"
#group: "{{ oraclegroup.stdout_lines[0] }}"
- name: Copy script file to dbserver
copy:
src: runme.sh
dest: /tmp/permafrost/
mode: "u+rwx,g+rwx,o+rwx"
- name: Run the permafrost script for each databases
#ga_db_sid: "{{ item_permafrost }}"
command: /bin/ksh runme.sh "{{ item_permafrost }}" "{{
gac_permafrost_path }}" "{{ gac_test_mount_only }}"
args:
chdir: /tmp/permafrost/
become: true
become_user: "{{ oracleuser.stdout_lines[0] }}"
register: permafrostscript_output
with_items: "{{ db_list }}"
loop_control:
loop_var: item_permafrost
*please help me on this.*
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/0fea6a4c-0f7f-403a-af95-97ec14ef27b3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
