Hello, I have added that step intentionally. So that all the tasks are executed under "user" privileges. So that directory/file permission, etc will be proper.
On Sat, 20 Jun 2020 at 23:10, <[email protected]> wrote: > remove > become_user: '{{ username }}' > > By default become_user is root. [1] > > [1] https://docs.ansible.com/ansible/latest/user_guide/become.html > > > > On Sat, Jun 20, 2020 at 12:22 PM Mukuntha rajaa <[email protected]> > wrote: > >> Hello, >> >> *Problem:* >> Via inventory, I am logging as "vagrant" user. I am trying to switch to >> another-user and then create .ssh directory with owner and group as this >> another-user. It is failing saying permission denied. >> >> TASK [Ensure dot-ssh directory exists] >> ********************************************************************************************* >> fatal: [192.168.99.105]: FAILED! => {"changed": false, "msg": "There was >> an issue creating /home/mrajaa/.ssh as requested: [Errno 13] *Permission >> denied*: b'/home/mrajaa/.ssh'", "path": "/home/mrajaa/.ssh/"} >> >> "vagrant" user has sudo permission in the target cluster. >> >> sudo cat /etc/sudoers.d/vagrant-nopasswd >> vagrant ALL=(ALL) NOPASSWD: ALL >> >> >> *Problem in detail:* >> I am trying to run a playbook on vagrant-provisioned-virtualbox, like >> >> ap -i inventory-ansible main.yml --ask-vault-pass >> >> Inventory is like this, >> >> [vagrant-demo] >> 192.168.99.105 >> >> >> [vagrant-demo:vars] >> ansible_user=vagrant >> ansible_ssh_private_key_file=~/.vagrant.d/insecure_private_key >> >> >> $ cat main.yml >> --- >> - import_playbook: provision.yml >> - import_playbook: configure.yml >> >> >> >> And I am swithching to another user at playbook level, so that all the >> further install and configure goes as expected. >> >> $ head -20 configure.yml >> --- >> - hosts: all >> become: true >> become_user: '{{ username }}' >> become_method: sudo >> - import_playbook: ../../main.yml >> >> >> head -30 ../../main.yml >> --- >> - hosts: all >> >> vars_files: >> - vars/vars.yml >> - vars/repos.yml >> - vars/curlrepos.yml >> - vars/token.yml >> - vars/gitrepos.yml >> >> pre_tasks: >> - import_tasks: tasks/sshkeys.yml >> >> >> >> And it is failing, while executing sshkeys task. >> >> $ cat ../../tasks/sshkeys.yml >> --- >> - name: Ensure dot-ssh directory exists >> file: >> path: "{{ ssh_dir }}" >> state: directory >> mode: 700 >> owner: "{{ username }}" >> group: "{{ username }}" >> >> >> Can you please clarify, how to get this right. >> >> Thanks and regards, >> Mukuntha Rajaa. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/e02c741c-7f07-4644-a538-cb7af711248fo%40googlegroups.com >> <https://groups.google.com/d/msgid/ansible-project/e02c741c-7f07-4644-a538-cb7af711248fo%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> > > > -- > Asif Iqbal > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Ansible Project" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/ansible-project/V7eoLQ-V3cc/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CAOHBbgV4Wa7biQq2YJYR3Gba%2BoQ_8eRVCTAuRV%3DN-CfeZg6rEw%40mail.gmail.com > <https://groups.google.com/d/msgid/ansible-project/CAOHBbgV4Wa7biQq2YJYR3Gba%2BoQ_8eRVCTAuRV%3DN-CfeZg6rEw%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAD2erzfT0Lu%2B9HEz-cgazAuY2VvpYBW9bzwXWB_6O6WwjsCrpQ%40mail.gmail.com.
