Reputation: 913
Using Ansible to run sudo /bin/su - username
I am able to do the following manually -
From my ansible controller server ssh <> (using my userid) sudo /bin/su - <> .. now run commands as orafmw ...
When trying to do this same step using ansible -
My playbook has the following entry
- role: fmw-software
become: true
become_user: 'orafmw'
become_method: sudo
become_flags: '/bin/su'
This fails as follows -
ansible-playbook weblogic-fmw-domain.yml
PLAY [Configure Oracle Linux 7.1 with WebLogic 12c R2 domain] ******************
TASK [setup] ******************************************************************* ok: [weblogic]
TASK [fmw-software : Create installer directory] ******************************* fatal: [weblogic]: FAILED! => {"failed": true, "msg": "Timeout (12s) waiting for privilege escalation prompt: "} to retry, use: --limit @/tmp/ansible-weblogic-fmw-infra-12c-R2-master/weblogic-fmw-domain.retry
PLAY RECAP ********************************************************************* weblogic : ok=1 changed=0 unreachable=0 failed=1
Can anyone point what I might be doing wrong here ? The docs suggest - http://docs.ansible.com/ansible/become.html
" Only one method may be enabled per host Methods cannot be chained. You cannot use sudo /bin/su - to become a user, you need to have privileges to run the command as that user in sudo or be able to su directly to it (the same for pbrun, pfexec or other supported methods). "
Is this above section applicable for my usecase ?
Upvotes: 1
Views: 2519
Answers (1)
Reputation: 1026
The become_flags seem to be redundant to achieving your goal of running commands as the "orafmw" account. As a quick test if you do this:
- role: fmw-software
become: true
become_user: 'orafmw'
become_method: sudo
command: touch /tmp/whomadethis
Does the new file "/tmp/whomadethis" get created on the remote machine and owned by the orafmw account? If so, then replace the call that the command: module makes with the commands you need to run.
Better yet, don't use command: module, rather use built-in Ansible modules with the become_* options set as needed.
Upvotes: 1
Related Questions
- Ansible sudo su - user privilege escalation issue
- Unable to run Ansible with sudo user
- Switch to root ( using "sudo su -" ) before executing a command via Ansible
- Ansible with "sudo su - "
- Ansible and "sudo su - "
- Ansible: how can I use "sudo su -c <COMMAND> <USER>" to execute a command as another user?
- How to achieve sudo su - <user> and run all command in ansible
- How to run sudo -u username command in Ansible?
- Unable to execute "sudo su -" in Ansible
- Using Ansible with sudo su