Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Ansible: Consider using 'become', 'become_method', and 'become_user' rather than running sudo

When I run this:

ansible host -u myuser -a "sudo su - otheruser -s /bin/bash"

I get warning:

[WARNING]: Consider using 'become', 'become_method', and 'become_user' rather
than running sudo

host | SUCCESS | rc=0 >>

But what would be equivalent using become for sudo su - otheruser -s /bin/bash?

I tried:

ansible host -u myuser --become --become-user otheruser -a "/bin/echo hello"

But I get:

host | FAILED! => {
    "changed": false,
    "module_stderr": "Shared connection to host closed.\r\n",
    "module_stdout": "sudo: a password is required\r\n",
    "msg": "MODULE FAILURE",
    "rc": 1
}

P.S. Ansible version: 2.6.4

like image 570
Andrius Avatar asked Sep 22 '18 12:09

Andrius


People also ask

What is become and become_user in Ansible?

become_user. set to user with desired privileges — the user you 'become', NOT the user you login as. Does NOT imply become: yes , to allow it to be set at host level. become_method (at play or task level) overrides the default method set in ansible.cfg, set to sudo / su / pbrun / pfexec / doas / dzdo / ksu become_flags.

What is way to mention sudo privileges in Ansible?

To specify a password for sudo, run ansible-playbook with --ask-become-pass ( -K for short). If you run a playbook utilizing become and the playbook seems to hang, most likely it is stuck at the privilege escalation prompt. Stop it with CTRL-c , then execute the playbook with -K and the appropriate password.

How do I use the sudo command in Ansible?

Ansible Sudo or become is a method to run a particular task in a playbook with Special Privileges like root user or some other user. become and become_user both have to be used in a playbook in certain cases where you want your remote user to be non-root.it is more like doing sudo -u someuser before running a task.

What is Become_method in Ansible?

become_method (at play or task level) overrides the default method set in ansible.cfg, set to sudo / su / pbrun / pfexec / doas / dzdo / ksu / runas become_flags. (at play or task level) permit the use of specific flags for the tasks or role.


1 Answers

I had to specify --become_method su. Or more specifically ansible host -u myuser --become-method su --become-user otheruser -a "/bin/echo hello"

P.S. I'm passing -a "/bin/echo hello", because ansible expect to run some command after changing user.

like image 182
Andrius Avatar answered Sep 21 '22 07:09

Andrius