I've an environment where you have a personal user with you can connect to the servers. (i.e. connectuser). With that user you have the permission (%connectusers ALL=(root) NOPASSWD: /bin/su - techuser) to do this: 'sudo su - techuser'. Another option is to use 'su', but in this case you have to provide the techuser's password.You don't have any other sudo permission with the connectuser. If you want to install a package you have to switch to the techuser. The techuser have this permission, only for test for now: (techuser ALL=(root) NOPASSWD: ALL)
I would like to use ansible to install packages, but there is a problem described below.
I can switch to the techuser and install with this command:
ansible --private-key ./testkey -m shell -a "sudo dnf install httpd -y" -u connectuser --become-user techuser -b --become-method ansible.builtin.su -K server
Since i know it's not optimal to do this with the shell module, i would like to do this with a playbook.
Command executed: "ansible-playbook -K playbook_name.yaml"
Playbook content:
---- hosts: server gather_facts: true become: true remote_user: connectuser become_user: techuser become_method: ansible.builtin.su vars: ansible_ssh_private_key_file: /home/mgtuser/testkey tasks: - name: Install httpd ansible.builtin.dnf: name: httpd state: present
But i get this error:
FAILED! => {"changed": false, "msg": "This command has to be run under the root user.", "results": []}
I know that dnf module need become to install package, but the become statement already used whith the ansible.builtin.su method. I also know that you can't chain connection methods, but is there any option to solve this problem?