On Tue, 14 Jun 2022 at 12:20, 'Shivakumar Venkataswamy' via Ansible Project <[email protected]> wrote:
> what is mean by IMHO > > how can i execute all commands through playbook by a normal user with root > access. > You don't seem to understand the concept of privilege escalation. Hopefully this will enough to help you: https://docs.ansible.com/ansible/latest/user_guide/become.html On Tuesday, 14 June 2022 at 14:14:33 UTC+5:30 [email protected] wrote: > >> On 14/06/2022 10:21, 'Shivakumar Venkataswamy' via Ansible Project wrote: >> > ansible is user account we created and member of sudor's ( >> /etc/sudoers) with full privileges' same as root. >> > >> IMHO the privileges are only the same when using the "sudo" command. >> >> Regards >> >> Racke >> >> >> > >> > On Tuesday, 14 June 2022 at 13:16:48 UTC+5:30 [email protected] wrote: >> > >> > On 14/06/2022 09:16, 'Shivakumar Venkataswamy' via Ansible Project >> wrote: >> > > Hi team, >> > > look at my playbook >> > > --- >> > > - hosts: all >> > > become: true >> > > become_user: ansible >> > > tasks: >> > > - name: add a user to the list of AllowUsers if not present >> > > vars: >> > > usernames: >> > > - shivakumar.venkataswamy >> > > - karthik.reddy >> > > - aman.saxena >> > > lineinfile: >> > > path: /etc/ssh/sshd_config >> > > backrefs: yes >> > > backup: yes >> > > state: absent >> > > regexp: '^AllowUsers((?:(?:\s+\S+(?!\S))(?<!\s{{ usernames >> }}))+\s*?)(\n?)$' >> > > line: 'AllowUsers\1 shivakumar.venkataswamy karthik.reddy >> aman.saxena\2' >> > > validate: /usr/sbin/sshd -t -f %s >> > > >> > Permission denied: '/etc/ssh/sshd_config' >> > >> > The ansible user can't edit the file, so try "become_user: root" in >> your task. >> > >> > Regards >> > Racke >> > >> > > I'm facing below error, >> > > SSH password: >> > > 1 >> > > BECOME password[defaults to SSH password]: >> > > 2 >> > > 3 >> > > PLAY [all] >> *********************************************************************12:45:29 >> >> > > 4 >> > > 5 >> > > TASK [Gathering Facts] >> *********************************************************12:45:29 >> > > 6 >> > > ok: [172.16.13.254] >> > > 7 >> > > 8 >> > > TASK [add a user to the list of AllowUsers if not present] >> *********************12:45:31 >> > > 9 >> > > An exception occurred during task execution. To see the full >> traceback, use -vvv. The error was: IOError: [Errno 13] Permission denied: >> '/etc/ssh/sshd_config' >> > > 10 >> > > fatal: [172.16.13.254]: FAILED! => {"changed": false, >> "module_stderr": "Shared connection to 172.16.13.254 closed.\r\n", >> "module_stdout": "Traceback (most recent call last):\r\n File >> \"/home/ansible/.ansible/tmp/ansible-tmp-1655190931.6542027-6944-29566285149733/AnsiballZ_lineinfile.py\", >> line 102, in <module>\r\n _ansiballz_main()\r\n File >> \"/home/ansible/.ansible/tmp/ansible-tmp-1655190931.6542027-6944-29566285149733/AnsiballZ_lineinfile.py\", >> line 94, in _ansiballz_main\r\n invoke_module(zipped_mod, temp_path, >> ANSIBALLZ_PARAMS)\r\n File >> \"/home/ansible/.ansible/tmp/ansible-tmp-1655190931.6542027-6944-29566285149733/AnsiballZ_lineinfile.py\", >> line 40, in invoke_module\r\n >> runpy.run_module(mod_name='ansible.modules.files.lineinfile', >> init_globals=None, run_name='__main__', alter_sys=True)\r\n File >> \"/usr/lib64/python2.7… >> > > 11 >> > > 12 >> > > PLAY RECAP >> *********************************************************************12:45:32 >> >> > > 13 >> > > 172.16.13.254 : ok=1 changed=0 unreachable=0 failed=1 skipped=0 >> rescued=0 ignored=0 >> > > -- >> > > You received this message because you are subscribed to the Google >> Groups "Ansible Project" group. >> > > To unsubscribe from this group and stop receiving emails from it, >> send an email to [email protected]. >> > > To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/551f8529-2fc7-409c-bac9-06216fb7c6d5n%40googlegroups.com >> < >> https://groups.google.com/d/msgid/ansible-project/551f8529-2fc7-409c-bac9-06216fb7c6d5n%40googlegroups.com?utm_medium=email&utm_source=footer >> < >> https://groups.google.com/d/msgid/ansible-project/551f8529-2fc7-409c-bac9-06216fb7c6d5n%40googlegroups.com?utm_medium=email&utm_source=footer>>. >> >> > >> > >> > -- >> > Automation expert - Ansible and friends >> > Linux administrator & Debian maintainer >> > Perl Dancer & conference hopper >> > >> > -- >> > You received this message because you are subscribed to the Google >> Groups "Ansible Project" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> an email to [email protected]. >> > > To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/2ea9555c-aa77-4f44-8ef7-e68946e80917n%40googlegroups.com >> < >> https://groups.google.com/d/msgid/ansible-project/2ea9555c-aa77-4f44-8ef7-e68946e80917n%40googlegroups.com?utm_medium=email&utm_source=footer>. >> >> >> >> -- >> Automation expert - Ansible and friends >> Linux administrator & Debian maintainer >> Perl Dancer & conference hopper >> >> -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/e23fbbb0-68a3-4554-8b06-8c24787d0392n%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/e23fbbb0-68a3-4554-8b06-8c24787d0392n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- Sent from Gmail Mobile -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAF8BbLZ-jfCiZVbKHmXzR2y%3DWiX-2DNMLrrnYO4550rXfwz7gg%40mail.gmail.com.
