That is correct, ansible is hard (or impossible) to use with such a restrictive environment:
https://docs.ansible.com/ansible/latest/user_guide/become.html#id13 On Thu, 12 Sep 2019 at 14:19, 'Torsten Lorenz' via Ansible Project < [email protected]> wrote: > Hi, thanks for your answer. > > > the user is allowed to use sudo. If i change my playbook to: > > tasks: > > - name: restart Filebeat per Command > shell: "sudo /usr/bin/systemctl start filebeat.service > filebeat.service" > > > its working, but thats not more than a workarround.... > > I think the problem is, that the sudo-template exactly contains the > command "/usr/bin/systemctl * filebeat.service filebeat.service" an > ansible uses any other command to start/stop the service > > > greetz > > > > Am Donnerstag, 12. September 2019 13:47:40 UTC+2 schrieb Torsten Lorenz: >> >> Hi @ all, >> >> i try to start/stop a service with ansible adn need to execute the comand >> with sudo: >> >> executing >> "sudo /usr/bin/systemctl start filebeat.service" >> >> works pretty fine, but i would like to use the service-modul. >> >> My playbook looks like this: >> >> >> - >> name: testplay >> hosts: hostname >> >> tasks: >> - name: stop filebeat >> become: true >> become_method: sudo >> become_user: root >> service: >> name: filebeat.service >> state: stopped >> >> >> >> i get this error: >> >> ASK [stop filebeat] >> ************************************************************************************************************************************************************************************************************************ >> fatal: [vlq23007]: FAILED! => {"changed": false, "module_stderr": "Shared >> connection to hostname closed.\r\n", "module_stdout": "Sorry, user sudouser >> is not allowed to execute '/bin/sh -c echo >> BECOME-SUCCESS-sodoffndzuoxshzljbtmzwmyfysryhkf; /usr/bin/python >> /home/sudouser/.ansible/tmp/ansible-tmp-1568288715.75-4453183611448/systemd.py; >> rm -rf >> \"/home/sudouser/.ansible/tmp/ansible-tmp-1568288715.75-4453183611448/\" > >> /dev/null 2>&1' as root on hostname.\r\n", "msg": "MODULE FAILURE", "rc": 1} >> >> >> >> Are there any ideas how to fix it? >> >> greetz >> >> Torsten >> > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/73be629f-8e1b-48c6-b213-58cd4688d0ff%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/73be629f-8e1b-48c6-b213-58cd4688d0ff%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- Sent from a mobile device - please excuse the brevity, spelling and punctuation. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAL8fbwPmUR0HXCipbkpOsdNqKED-Bp-wk-Dg8%3DLZ3YK7eR03Ng%40mail.gmail.com.
