On Sun, 9 May 2021 at 19:35, Lomic Legone <[email protected]> wrote:
>
> Below are some details and commands I wrote.
>
> Before this, I
>
> had to create a "mala" user on ubuntu2 (the node) with sudo privilege (during
> the ubuntu installation)
> created a public/private kay pair on ubuntu1 (the node manager) and I copied
> the public key on ubunt2 with ssh-copy-id command; it works well since I
> succeded in making "ssh mala@ubuntu2" from ubuntu1
>
>
> I never knew root password on ubuntu2 (smae thing on ubuntu1).
>
> In next commands, I tried to create a "ansible-user" on ubuntu2, I know it's
> useless since mala on ubnutu2 already exists, but I'm just following a tuto
> with a remote user creation. The action is not important, this is the failure
> wich I don't understand.
You're using having problem with ansible and the privilege escalation,
and you're using a "tuto" that uses ansible to create
users/account/passwords/etc.
To me that sounds like adding more complexity to the mix rather than
reducing it.
Try to *manually* make sure the hosts meet the requirements and get
ansible to work.
>
> grag@ubuntu1:~/ansible$ ansible localhost -i grt.inv -m debug -a "msg={{
> 'passforce' | password_hash('sha512', 'secretsalt') }}"
> localhost | SUCCESS => {
> "msg":
> "$6$secretsalt$X5YDmUgDphPxnMkByvHbNaiP4T5Uk0WjEZ9TukWKQnXmXN81jG3DcGZnNJiSz9ltgPhplH92HOR/RqgmyS.zN1"
> }
> grag@ubuntu1:~/ansible$ ansible -i grt.inv -m user -a 'name=user-ansible
> password=$6$secretsalt$X5YDmUgDphPxnMkByvHbNaiP4T5Uk0WjEZ9TukWKQnXmXN81jG3DcGZnNJiSz9ltgPhplH92HOR/RqgmyS.zN1'
> --user root --ask-pass all
> SSH password:
> ubuntu2 | FAILED! => {
> "msg": "to use the 'ssh' connection type with passwords, you must install
> the sshpass program"
> }
You're setting a root password which is not needed. So this error is
also irrelevant.
> grag@ubuntu1:~/ansible$ ansible -i grt.inv -m user -a 'name=user-ansible
> password=$6$secretsalt$X5YDmUgDphPxnMkByvHbNaiP4T5Uk0WjEZ9TukWKQnXmXN81jG3DcGZnNJiSz9ltgPhplH92HOR/RqgmyS.zN1'
> --user mala --ask-pass all
> SSH password:
> ubuntu2 | FAILED! => {
> "msg": "to use the 'ssh' connection type with passwords, you must install
> the sshpass program"
> }
> grag@ubuntu1:~/ansible$ more grt.inv
> ubuntu2
> grag@ubuntu1:~/ansible$
>
>
>
> Note that for ssh password, I typed mala password on ubunt2.
>
>
>
> Le vendredi 7 mai 2021 à 12:01:20 UTC+2, [email protected] a écrit :
>>
>> Hii
>>
>> On Fri, 7 May 2021 at 11:40, Lomic Legone <[email protected]> wrote:
>> >
>> > Hi all, I'm a newbee on ansible and I follow online tutos.
>> >
>> > I installed 2 ubuntu VM (named ubunt1 and ubunt2), one as node manager
>> > (ubuntu1) and the second one as simple node (ubuntu2). The ssh connection
>> > is tested and ok.
>> >
>> > When I installed ubuntu, I've never been asked for a root password, but
>> > only for the name/password for a simple user. But this user belongs to
>> > sudoers group so it can make admin tasks. So all is ok.
>>
>> That is one thing. Depending on your config, you might also have to
>> provide the password to use sudo.
>>
>> > The pb is that as I try to execute root tasks from ubuntu1 to ubuntu2 with
>> > ansible,
>>
>> What are "root tasks"? Is this different from tasks that require sudo?
>>
>> > even if ubuntu2 user belongs to sudoers groups, ansible fails. And if I
>> > use the "-become" option, ansible asks me the ubuntu2 root password that I
>> > don't know of course.
>>
>> See above, this might be required on your config. Check the NOPASSWD
>> option in your sudoers configuration.
>>
>> I assume the same username is used on both machines.
>>
>>
>>
>>
>>
>> >
>> > In fact I feel that the fact that ubuntu2 user has sudo privilege is
>> > useless.
>> >
>> > So how to do ?
>> >
>> > Thanks for your responses.
>> >
>> > --
>> > You received this message because you are subscribed to the Google Groups
>> > "Ansible Project" group.
>> > To unsubscribe from this group and stop receiving emails from it, send an
>> > email to [email protected].
>> > To view this discussion on the web visit
>> > https://groups.google.com/d/msgid/ansible-project/bcf355f1-73a0-4228-ab02-75105617672bn%40googlegroups.com.
>>
>>
>>
>> --
>> Dick Visser
>> Trust & Identity Service Operations Manager
>> GÉANT
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/06140c20-ebdd-4c3a-812e-db7af5805ecen%40googlegroups.com.
--
Dick Visser
Trust & Identity Service Operations Manager
GÉANT
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAL8fbwNjQfMdQSDOO%2B3CDp-K5iAstuOxbdRQ-x6VM--w%3Df6jyQ%40mail.gmail.com.
