[ansible-project] Ansible become_user failing while logging-in as vagrant user

Sat, 20 Jun 2020 09:22:48 -0700 

Hello,

*Problem:*
Via inventory, I am logging as "vagrant" user. I am trying to switch to 
another-user and then create .ssh directory with owner and group as this 
another-user. It is failing saying permission denied.

TASK [Ensure dot-ssh directory exists] 
*********************************************************************************************
fatal: [192.168.99.105]: FAILED! => {"changed": false, "msg": "There was an 
issue creating /home/mrajaa/.ssh as requested: [Errno 13] *Permission 
denied*: b'/home/mrajaa/.ssh'", "path": "/home/mrajaa/.ssh/"}

"vagrant" user has sudo permission in the target cluster.

sudo cat /etc/sudoers.d/vagrant-nopasswd
vagrant ALL=(ALL) NOPASSWD: ALL


*Problem in detail:*
I am trying to run a playbook on vagrant-provisioned-virtualbox, like

ap -i inventory-ansible main.yml --ask-vault-pass

Inventory is like this,

[vagrant-demo]
192.168.99.105


[vagrant-demo:vars]
ansible_user=vagrant
ansible_ssh_private_key_file=~/.vagrant.d/insecure_private_key


$ cat main.yml
---
- import_playbook: provision.yml
- import_playbook: configure.yml



And I am swithching to another user at playbook level, so that all the 
further install and configure goes as expected.

$ head -20 configure.yml
---
- hosts: all
  become: true
  become_user: '{{ username }}'
  become_method: sudo
- import_playbook: ../../main.yml


 head -30 ../../main.yml
---
- hosts: all

  vars_files:
    - vars/vars.yml
    - vars/repos.yml
    - vars/curlrepos.yml
    - vars/token.yml
    - vars/gitrepos.yml

  pre_tasks:
  - import_tasks: tasks/sshkeys.yml



And it is failing, while executing sshkeys task.

$ cat ../../tasks/sshkeys.yml
---
  - name: Ensure dot-ssh directory exists
    file:
      path: "{{ ssh_dir }}"
      state: directory
      mode: 700
      owner: "{{ username }}"
      group: "{{ username }}"


Can you please clarify, how to get this right.

Thanks and regards,
Mukuntha Rajaa.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/e02c741c-7f07-4644-a538-cb7af711248fo%40googlegroups.com.

Reply via email to