Do you need root for ansible?

S

speedvm2018-10-25 08:18:51

Ansible

speedvm, 2018-10-25 08:18:51

Good day!
I'm starting to use ansible and I can't understand the essence of privilege escalation for administering systems through playbooks on ansible. In short, do I need a root account on the systems I'm going to configure with ansible?
1. If not, then poke your nose at the sudo example of the same user who connects via ssh to configure the system, because this user is in the sudo (wheel) group and can administer systems.
2. If so, how to enable the root account USING ANSIBLE on systems where the root account is disabled? After all, to enable root, you need privilege escalation, and privileges are elevated using the root account, and it is disabled, and to enable it ... well, you understand me.

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

S

speedvm, 2018-10-25
@speedvm

You need to specify ONLY the following variables:

ansible_connection=ssh
ansible_ssh_user=user
ansible_ssh_pass=user
ansible_become=yes
ansible_become_method=sudo

S

Sanes, 2018-10-25
@Sanes

sudo user is needed, not necessarily root
https://docs.ansible.com/ansible/2.5/user_guide/be...
- become

S

Saboteur, 2018-10-25
@saboteur_kiev

2. If so, how to enable the root account USING ANSIBLE on systems where the root account is disabled? After all, to enable root, you need privilege escalation, and privileges are elevated using the root account, and it is disabled, and to enable it ... well, you understand me.

The root account cannot be disabled - it runs Linux services, including the kernel.
Another issue is that interactive root login can be disabled - and this is normal, because for many years instead of login as root, the sudo command has been used to "inherit" root rights. Naturally, sudo must be configured for the user on the system (or another tool for privilege escalation).

P

Puma Thailand, 2018-10-25
@opium

just elevate via sudo