On 27/10/2021 17:11, dulhaver via Ansible Project wrote:
I figured out that apparently using ansible_become_user: root in the defaults.yml is meesing things upChanging ansible_become_user: root to ansible_root_user: root in the defaults file and the playbok makes this issue going away. Apparently the term ansible_become_user is more then just a string and overwrites all other become_user occurences.
I think there is actually no need to set these variables at all as "root" is the default. Regards Racke
If I remember correctly it may be even workable to skip the become_user: xyz (and just say become: yes) in the playbook if I do not want to become anyone else then root and likewise share me this sort of troubleOn 10/27/2021 4:45 PM Jorge Rúa <jruarive...@gmail.com> wrote: Hey! We can't access the playbook here - https://pastebin.com/edit/9Uvjdupe <https://pastebin.com/edit/9Uvjdupe> at least I can't. pastebin redirects me to the login page. I can however access default_postgres.yml file I'm going to assume you are using sudo as become_method. I am also going to assume selinux is not part of the issue here, nor standard unix permissions or posix acls. When you run the task manually: /opt/db/postgres/postgresql/bin/initdb -D /opt/db/data/postgres/data/ on the target as user postgres ... say you login as root to the machine then you run su - postgres, right? At this point you are running commands as postgres. I'm wondering if you can mimic that very same behaviour adding become_flags to the equation: - name: configure postgres - create database command: "{{ postgres_home }}/bin/initdb -D {{ postgres_data }}" args: creates: "{{ postgres_data }}/PG_VERSION" become: yes become_flags: "su - {{ ansible_postgres_user }} -c" become_user: "{{ ansible_postgres_user }}" Please let me know if that works, Regards, El mié, 27 oct 2021 a las 14:32, dulhaver via Ansible Project (<ansible-project@googlegroups.com <mailto:ansible-project@googlegroups.com>>) escribió: __ * here is the entire playbook <https://pastebin.com/edit/9Uvjdupe> * here is the defaults_postgres.yml <https://pastebin.com/ZKjis1BA> I refer to in it I am wondering whether the use of a ... * ansible_become_user: root * ansbile_postgres_user: postgres ... in the same context may be related to my problemOn 10/27/2021 1:55 PM dulhaver via Ansible Project <ansible-project@googlegroups.com <mailto:ansible-project@googlegroups.com>> wrote: I have a playbook to install postgresql on a rhel8 target one TASK should start the initdb process ... \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ - name: configure postgres - create database command: "{{ postgres_home }}/bin/initdb -D {{ postgres_data }}" args: creates: "{{ postgres_data }}/PG_VERSION" become: yes become_user: postgres \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ but fails with an "initdb: error: cannot be run as root" error *details below \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ TASK [configure postgres - create database] ********************************************************************** fatal: [vm-51150-0180.step.zrz.dvz.cn-mv.de <http://vm-51150-0180.step.zrz.dvz.cn-mv.de>]: FAILED! => changed=true cmd: - /opt/db/postgres/postgresql/bin/initdb - -D - /opt/db/data/postgres/data delta: '0:00:00.009346' end: '2021-10-27 11:54:25.210944' msg: non-zero return code rc: 1 start: '2021-10-27 11:54:25.201598' stderr: |- initdb: error: cannot be run as root Please log in (using, e.g., "su") as the (unprivileged) user that will own the server process. stderr_lines: <omitted> stdout: '' stdout_lines: <omitted> \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ the TASK however has a particular become_user: postgresspecified. Furthermore Selinux is set to @permissive in an erlier TASK. Manually running /opt/db/postgres/postgresql/bin/initdb -D /opt/db/data/postgres/data/on the target as user postgres works, so I can not make much sense of this. It's kind of obvious the become process does not work, but I can't figure out why. Plaid a bit with indentation, but did not find any solution that works-- You received this message because you are subscribed to the Google Groups "Ansible Project" group.To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com <mailto:ansible-project+unsubscr...@googlegroups.com>. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/776382835.43477.1635335720976%40office.mailbox.org <https://groups.google.com/d/msgid/ansible-project/776382835.43477.1635335720976%40office.mailbox.org?utm_medium=email&utm_source=footer>.-- You received this message because you are subscribed to the Google Groups "Ansible Project" group.To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com <mailto:ansible-project+unsubscr...@googlegroups.com>. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/206501226.44462.1635341565280%40office.mailbox.org <https://groups.google.com/d/msgid/ansible-project/206501226.44462.1635341565280%40office.mailbox.org?utm_medium=email&utm_source=footer>. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com <mailto:ansible-project+unsubscr...@googlegroups.com>. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAFtje5MX0gxwDrsuitrabPQKh%2B_%3DboD%3DWnyGxXx9e7B6vsmFdw%40mail.gmail.com <https://groups.google.com/d/msgid/ansible-project/CAFtje5MX0gxwDrsuitrabPQKh%2B_%3DboD%3DWnyGxXx9e7B6vsmFdw%40mail.gmail.com?utm_medium=email&utm_source=footer>.-- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com <mailto:ansible-project+unsubscr...@googlegroups.com>. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/1721630239.45743.1635347508491%40office.mailbox.org <https://groups.google.com/d/msgid/ansible-project/1721630239.45743.1635347508491%40office.mailbox.org?utm_medium=email&utm_source=footer>.
-- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/7260e1ad-e1e7-075b-1299-30e34c2fae36%40linuxia.de.
OpenPGP_signature
Description: OpenPGP digital signature