On 1/15/21 8:16 AM, Ramakrishna Veeragandham wrote: > After adding 'become: true' also no use, its not working. >
You need to tell Ansible the sudo password: https://docs.ansible.com/ansible/latest/user_guide/become.html Regards Racke > My use case is to add sudo while running playbooks ( to run sudo comamnds, no > password is required ) . > > > [root@sgdlvapp03infra splunk_forwarder]# ssh -q [email protected] "touch > /opt/testfile" --> without sudo, command is > fialining > Password: > touch: cannot change times on /opt/testfile: Permission denied > [root@sgdlvapp03infra splunk_forwarder]# > [root@sgdlvapp03infra splunk_forwarder]# > [root@sgdlvapp03infra splunk_forwarder]# ssh -q [email protected] "sudo > touch /opt/testfile" --> with sudo, command is > wokring. No password is required. > Password: > [root@sgdlvapp03infra splunk_forwarder]# > [root@sgdlvapp03infra splunk_forwarder]# > [root@sgdlvapp03infra splunk_forwarder]# ssh -q [email protected] "ls > /opt/testfile" > Password: > /opt/testfile > [root@sgdlvapp03infra splunk_forwarder]# > > PLaybook > > > [root@sgdlvapp03infra splunk_forwarder]# cat sudo_test_solaris.yml > --- > - hosts: dev > gather_facts: yes > #become: yes > become_method: sudo > ignore_errors: true > > vars_files: > - /var/lib/ansible_playbooks/inventory/password.yml > #- /var/lib/ansible_playbooks/inventory/auth.yml > > tasks: > - name: ping > ping: > > - name: touch file '/opt/testfile' using file module > file: > path: /opt/testfile > state: touch > register: output > > - name: Print status > debug: var=output > [root@sgdlvapp03infra splunk_forwarder]# > > > > > On Friday, 15 January 2021 at 14:23:44 UTC+8 [email protected] wrote: > > On 1/15/21 6:08 AM, Ramakrishna Veeragandham wrote: > > Hi Ansible team, > > > > I am Ram. We need some help in running the Ansible playbook ( > specifically how to add sudo while running > playbooks ). > > in your environment, we can run all admin related commands with sudo > acess ( by adding sudo in front of command . > For > > example, sudo vgs or sudo vi /etc/sudoers ). We don't have root access > and hence we don't wanted to run the playbooks > > with direct root access . > > > > Most of our servers ( Redhat / Solaris / Aix ) doesn't have root > access. The possibility of running all admin > activities > > are by running sudo <command> as admin ( sysunx ) user. > > > > I mean, after logging to the server with sysunx account, we run the > admin related command as sudo <command>. How to > > simulate this in Ansible. > > > > > > You need to add "become: yes" to the touch task (or to the whole > playbook): > > Regards > Rackd > > > > > > #Playbook code > > > > [root@sgdlvapp03infra splunk_forwarder]# cat sudo_test_solaris.yml > > > > --- > > > > - hosts: dev > > > > gather_facts: yes > > > > #become: yes > > > > become_user: sysunx > > > > become_method: sudo > > > > ignore_errors: true > > > > > > > > vars_files: > > > > - /var/lib/ansible_playbooks/inventory/password.yml > > > > #- /var/lib/ansible_playbooks/inventory/auth.yml > > > > > > > > tasks: > > > > - name: ping > > > > ping: > > > > > > > > - name: touch file '/opt/testfile' > > > > shell: touch /opt/testfile > > > > args: > > > > warn: false > > > > register: shell_output > > > > > > > > - name: Print status > > > > debug: var=shell_output > > > > > > > > - name: touch file '/opt/testfile' using file module > > > > file: > > > > path: /opt/testfile > > > > state: touch > > > > register: output > > > > > > > > - name: Print status > > > > debug: var=output > > > > > > > > - name: remove file '/opt/testfile' > > > > file: > > > > path: /opt/testfile > > > > state: absent > > > > register: deleted > > > > > > > > - name: Print status after deletion > > > > debug: var=deleted > > > > [root@sgdlvapp03infra splunk_forwarder]# > > > > > > > > > > > > [root@sgdlvapp03infra splunk_forwarder]# ansible-playbook > sudo_test_solaris.yml --ask-vault-pass -i > ../../inventory/test_INV > > > > Vault password: > > > > > > > > PLAY [dev] > > > > ***************************************************************************************************************************************************************** > > > > > > > > > TASK [Gathering Facts] > > > > ***************************************************************************************************************************************************** > > > > > ok: [10.4.67.141] > > > > > > > > TASK [ping] > > > > **************************************************************************************************************************************************************** > > > > > ok: [10.4.67.141] > > > > > > > > TASK [touch file '/opt/testfile'] > > > > ****************************************************************************************************************************************** > > > > > fatal: [10.4.67.141]: FAILED! => {"changed": true, "cmd": "touch > /opt/testfile", "delta": "0:00:00.016422", "end": > > "2021-01-15 12:53:02.654437", "msg": "non-zero return code", "rc": 1, > "start": "2021-01-15 12:53:02.638015", > "stderr": > > "touch: cannot create /opt/testfile: Permission denied", > "stderr_lines": ["touch: cannot create /opt/testfile: > > Permission denied"], "stdout": "", "stdout_lines": []} > > > > ...ignoring > > > > > > > > TASK [Print status] > > > > ******************************************************************************************************************************************************** > > > > > ok: [10.4.67.141] => { > > > > "shell_output": { > > > > "changed": true, > > > > "cmd": "touch /opt/testfile", > > > > "delta": "0:00:00.016422", > > > > "end": "2021-01-15 12:53:02.654437", > > > > "failed": true, > > > > "msg": "non-zero return code", > > > > "rc": 1, > > > > "start": "2021-01-15 12:53:02.638015", > > > > "stderr": "touch: cannot create /opt/testfile: Permission > denied", > > > > "stderr_lines": [ > > > > "touch: cannot create /opt/testfile: Permission denied" > > > > ], > > > > "stdout": "", > > > > "stdout_lines": [] > > > > } > > > > } > > > > > > > > TASK [touch file '/opt/testfile' using file module] > > > > ************************************************************************************************************************ > > > > > fatal: [10.4.67.141]: FAILED! => {"changed": false, "msg": "Error, > could not touch target: [Errno 13] Permission > denied: > > '/opt/testfile'", "path": "/opt/testfile"} > > > > ...ignoring > > > > > > > > TASK [Print status] > > > > ******************************************************************************************************************************************************** > > > > > ok: [10.4.67.141] => { > > > > "output": { > > > > "changed": false, > > > > "failed": true, > > > > "msg": "Error, could not touch target: [Errno 13] Permission > denied: '/opt/testfile'", > > > > "path": "/opt/testfile" > > > > } > > > > } > > > > > > > > TASK [remove file '/opt/testfile'] > > > > **************************************************************************************************************************************** > > > > > ok: [10.4.67.141] > > > > > > > > TASK [Print status after deletion] > > > > ***************************************************************************************************************************************** > > > > > ok: [10.4.67.141] => { > > > > "deleted": { > > > > "changed": false, > > > > "failed": false, > > > > "path": "/opt/testfile", > > > > "state": "absent" > > > > } > > > > } > > > > > > > > PLAY RECAP > > > > ***************************************************************************************************************************************************************** > > > > > 10.4.67.141 : ok=8 changed=1 unreachable=0 > failed=0 skipped=0 rescued=0 ignored=2 > > > > > > > > [root@sgdlvapp03infra splunk_forwarder]# > > > > [root@sgdlvapp03infra splunk_forwarder]# > > > > [root@sgdlvapp03infra splunk_forwarder]# cat ../../inventory/test_INV > > > > [dev] > > > > #sgdlvapp03infra ansible_ssh_user=root ansible_ssh_pass='{{ > root_password }}' > > > > 10.4.67.141 > > > > > > > > [dev:vars] > > > > ansible_ssh_user=sysunx > > > > ansible_ssh_pass='{{ password }}' > > > > ansible_become_pass='{{ password }}' > > > > ansible_python_interpreter=/usr/bin/python > > > > [root@sgdlvapp03infra splunk_forwarder]# > > > > > > > > For example, How I am running sudo commands manually on target machine > access is shown below. > > > > > > > > sysunx@dvsun25b:~$ > > > > sysunx@dvsun25b:~$ touch /opt/test_file > > > > touch: cannot create /opt/test_file: Permission denied > > > > sysunx@dvsun25b:~$ > > > > sysunx@dvsun25b:~$ sudo touch /opt/test_file > > > > sysunx@dvsun25b:~$ ls -lrt /opt/test_file > > > > -rw-r----- 1 root root 0 Jan 15 12:51 /opt/test_file > > > > sysunx@dvsun25b:~$ > > > > sysunx@dvsun25b:~$ sudo cat /etc/sudoers | grep sysunx > > > > %sysunxg ALL=(ALL) NOPASSWD: ADMIN01, ADMIN02, ADMIN03, ADMIN04, > ADMIN05, ADMIN06, ADMIN12,!ID02, !FILE01, !FILE02, > > !FILE03, !FILE04, !FILE07, !FILE08, !FILE09, !FILE11, !FILE12 > > > > > > > > -- > > You received this message because you are subscribed to the Google > Groups "Ansible Project" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to > > [email protected] > <mailto:[email protected]>. > > To view this discussion on the web visit > > > https://groups.google.com/d/msgid/ansible-project/0572d911-3458-436e-831d-f4403f3c5a57n%40googlegroups.com > > <https://groups.google.com/d/msgid/ansible-project/0572d911-3458-436e-831d-f4403f3c5a57n%40googlegroups.com> > > > > <https://groups.google.com/d/msgid/ansible-project/0572d911-3458-436e-831d-f4403f3c5a57n%40googlegroups.com?utm_medium=email&utm_source=footer > > <https://groups.google.com/d/msgid/ansible-project/0572d911-3458-436e-831d-f4403f3c5a57n%40googlegroups.com?utm_medium=email&utm_source=footer>>. > > > > -- > Ecommerce and Linux consulting + Perl and web application programming. > Debian and Sympa administration. Provisioning with Ansible. > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to > [email protected] > <mailto:[email protected]>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/b355b073-a1de-48d1-af52-f174769d5e26n%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/b355b073-a1de-48d1-af52-f174769d5e26n%40googlegroups.com?utm_medium=email&utm_source=footer>. -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/ac2704e6-c3df-248a-88ea-af8561e542c9%40linuxia.de.
OpenPGP_signature
Description: OpenPGP digital signature
