Ansible 2.1
Ansible host: Ubuntu 16.04
Remote host: CentOS 6.5

I'm quite new to Ansible. I have a simple ansible project:

├── hosts ├── roles │   └── setup │   ├── defaults │   │   └── main.yml │   ├── tasks │   │   └── main.yml │   └── templates │   └── automation-agent.config.j2 └── site.yml 

Command I used to run playbook:

ansible-playbook -i hosts site.yml --user admin --ask-pass

On the remote host, I have set up user admin with root priviledge:

root ALL=(ALL) ALL admin ALL=(ALL) ALL 

However, one of the playbook tasks ran into issue:

- name: Back up Automation Agent config file if exists command: mv /etc/mongodb-mms/automation-agent.config /etc/mongodb-mms/automation-agent.config.bak 

Ansible reports:

TASK [setup : Back up Automation Agent config file if exists] ****************** fatal: [192.168.241.135]: FAILED! => {"changed": true, "cmd": ["mv", "/etc/mongodb-mms/automation-agent.config", "/etc/mongodb-mms/automation-agent.config.bak"], "delta": "0:00:00.002588", "end": "2016-06-01 22:57:55.577158", "failed": true, "rc": 1, "start": "2016-06-01 22:57:55.574570", "stderr": "mv: cannot move `/etc/mongodb-mms/automation-agent.config' to `/etc/mongodb-mms/automation-agent.config.bak': Permission denied", "stdout": "", "stdout_lines": [], "warnings": []} 

Noted that permission setting on /etc/mongodb-mms/automation-agent.config is 0600

-rw-------. 1 mongod mongod 313 Jun 1 04:48 automation-agent.config

Apparently one would need sudo priviledge to make changes to this file. I have tried Ansible's --become and --become-user, but not having success.

ansible-playbook -i hosts site.yml --user admin --ask-pass --become --become-user admin

What should I do in Ansible to gain sudo and make changes to that file?

1 Answer

You're using --become-user admin, so you're essentially doing sudo -u admin, but you intend to become root (sudo -u root).

Don't specify --become-user admin or use --become-user root, and Ansible by default will try to become root.

If you need to specify a password for becoming root, use the --ask-become-pass flag.

If you don't want to be prompted for a sudo password when using sudo, your sudoers entry for the admin user should read as follows instead:

admin ALL=(ALL) NOPASSWD:ALL 
2

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy