6

Ansible 2.1
Ansible host: Ubuntu 16.04
Remote host: CentOS 6.5

I'm quite new to Ansible. I have a simple ansible project:

├── hosts
├── roles
│   └── setup
│       ├── defaults
│       │   └── main.yml
│       ├── tasks
│       │   └── main.yml
│       └── templates
│           └── automation-agent.config.j2
└── site.yml

Command I used to run playbook:

ansible-playbook -i hosts site.yml --user admin --ask-pass

On the remote host, I have set up user admin with root priviledge:

root    ALL=(ALL)       ALL
admin   ALL=(ALL)       ALL

However, one of the playbook tasks ran into issue:

- name: Back up Automation Agent config file if exists
  command: mv /etc/mongodb-mms/automation-agent.config /etc/mongodb-mms/automation-agent.config.bak

Ansible reports:

TASK [setup : Back up Automation Agent config file if exists] ******************
fatal: [192.168.241.135]: FAILED! => {"changed": true, "cmd": ["mv", "/etc/mongodb-mms/automation-agent.config", "/etc/mongodb-mms/automation-agent.config.bak"], "delta": "0:00:00.002588", "end": "2016-06-01 22:57:55.577158", "failed": true, "rc": 1, "start": "2016-06-01 22:57:55.574570", "stderr": "mv: cannot move `/etc/mongodb-mms/automation-agent.config' to `/etc/mongodb-mms/automation-agent.config.bak': Permission denied", "stdout": "", "stdout_lines": [], "warnings": []}

Noted that permission setting on /etc/mongodb-mms/automation-agent.config is 0600

-rw-------. 1 mongod mongod 313 Jun 1 04:48 automation-agent.config

Apparently one would need sudo priviledge to make changes to this file. I have tried Ansible's --become and --become-user, but not having success.

ansible-playbook -i hosts site.yml --user admin --ask-pass --become --become-user admin

What should I do in Ansible to gain sudo and make changes to that file?

Improve this question

1 Answer 1

Reset to default
5

You're using --become-user admin, so you're essentially doing sudo -u admin, but you intend to become root (sudo -u root).

Don't specify --become-user admin or use --become-user root, and Ansible by default will try to become root.

If you need to specify a password for becoming root, use the --ask-become-pass flag.

If you don't want to be prompted for a sudo password when using sudo, your sudoers entry for the admin user should read as follows instead:

admin   ALL=(ALL)       NOPASSWD:ALL
Improve this answer
2
  • 1
    ask-become-pass works. The whole command I use now is ansible-playbook -i hosts site.yml --user admin --ask-pass --become --ask-become-pass
    – Howard Lee
    Commented Jun 3, 2016 at 16:45
  • ansible -i 10.0.250.74, --user admin --ask-pass --become --ask-become-pass all -m ansible.builtin.user -a "append=yes groups=wheel name=ansible" worked for me too. Managed node CentOS release 6.10 (Final) 2.6.32-754.27.1.el6.i686 #1 SMP Tue Jan 28 14:40:29 UTC 2020 i686 with Python 2.6.6, control node macOS Catalina 10.15.7 BuildVersion: 19H2 ansible 2.10.2 python version = 3.8.6 (default, Oct 8 2020, 14:06:32) [Clang 12.0.0 (clang-1200.0.32.2)]
    – user7568519
    Commented Oct 27, 2020 at 10:42

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .