Quantcast
Channel: Recent Questions - Stack Overflow
Viewing all articles
Browse latest Browse all 12231

Ansibe - Using sudo after switching user

$
0
0

I've an environment where you have a personal user with you can connect to the servers. (i.e. connectuser). With that user you have the permission (%connectusers ALL=(root) NOPASSWD: /bin/su - techuser) to do this: 'sudo su - techuser'. Another option is to use 'su', but in this case you have to provide the techuser's password.You don't have any other sudo permission with the connectuser. If you want to install a package you have to switch to the techuser. The techuser have this permission, only for test for now: (techuser ALL=(root) NOPASSWD: ALL)

I would like to use ansible to install packages, but there is a problem described below.

I can switch to the techuser and install with this command:

ansible --private-key ./testkey -m shell -a "sudo dnf install httpd -y" -u connectuser --become-user techuser -b --become-method ansible.builtin.su -K server

Since i know it's not optimal to do this with the shell module, i would like to do this with a playbook.

Command executed: "ansible-playbook -K playbook_name.yaml"

Playbook content:

---- hosts: server  gather_facts: true  become: true  remote_user: connectuser  become_user: techuser  become_method: ansible.builtin.su  vars:    ansible_ssh_private_key_file: /home/mgtuser/testkey  tasks:    - name: Install httpd      ansible.builtin.dnf:        name: httpd        state: present

But i get this error:

FAILED! => {"changed": false, "msg": "This command has to be run under the root user.", "results": []}

I know that dnf module need become to install package, but the become statement already used whith the ansible.builtin.su method. I also know that you can't chain connection methods, but is there any option to solve this problem?


Viewing all articles
Browse latest Browse all 12231

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>