Reputation: 1602
Unable to escalate privileges for a task in ansible even after using become
I am trying to automate a scenario using ansible.
- name: Copy NRPE Upgrade script
template: src=nagiosclient.sh.j2 dest=/var/tmp/nagiosclient.sh
- name: Add Execute permissions of the script
file: dest=/var/tmp/nagiosclient.sh mode=a+x
- name: Execute the NRPE script
script: /var/tmp/nagiosclient.sh
become: true
tags: test
This is an excerpt of my playbook. This playbooks successfully runs the copy and add execute permissions tasks.
But when I try to run , the execute one it fails.
Because ansible is trying to login as 'gparasha' user, this path /var/tmp is unavailable for this user as expected.
But even if i add a "become:true" in the task as done above, and even after using --become in the ansible playbook task, i.e. "ansible-playbook -i hosts tltd.yml --become --tags test"
I am getting a permission denied error..
Can anyone suggest as to what is wrong here and how to rectify it?
gparasha-macOS:TLTD gparasha$ ansible-playbook -i hosts tltd.yml --become --tags test
PLAY [Run tasks on Author] **************************************************************************************************************************************************************
TASK [Gathering Facts] ******************************************************************************************************************************************************************
ok: [13.229.22.58]
fatal: [34.198.174.78]: UNREACHABLE! => {"changed": false, "msg": "Authentication failure.", "unreachable": true}
TASK [author : Execute the NRPE script] *************************************************************************************************************************************************
fatal: [13.229.22.58]: FAILED! => {"changed": false, "failed": true, "msg": "Could not find or access '/var/tmp/nagiosclient.sh'"}
[WARNING]: Could not create retry file '/opt/ansible/TLTD/tltd.retry'. [Errno 13] Permission denied: u'/opt/ansible/TLTD/tltd.retry'
PLAY RECAP ******************************************************************************************************************************************************************************
13.229.22.58 : ok=1 changed=0 unreachable=0 failed=1
34.198.174.78 : ok=0 changed=0 unreachable=1 failed=0
Upvotes: 0
Views: 714
Answers (1)
Reputation: 68629
It doesn’t matter if you use become or not, because script module reads the script file from the control machine, transfers it to the target and executes there (with become privileges in your case).
The error comes from the fact that the script does not exist at /var/tmp/nagiosclient.sh on the control machine.
If you want to execute it on the target, you should use shell module and run /var/tmp/nagiosclient.sh.
Moreover, the permission denied problem is completely unrelated and it is a warning that a retry-file could not be created; also on the control machine.
Upvotes: 0
Related Questions
- Ansible sudo su - user privilege escalation issue
- Becoming non root user in ansible fails
- Ansible non-root sudo user and "become" privilege escalation
- Ansible privilege escalation become with sudo -i
- Ansible privilege escalation prompt problem
- Ansible privilege escalation --become
- Ansible playbook does not run tasks in roles
- ansible playbook failed: Timeout (12s) waiting for privilege escalation prompt: "}
- Ansible playbook does not run tasks from roles
- ansible privilege issue on remote server