How does sudo work in ansible?

O

Oleg Aksenov2019-10-25 00:42:34

linux

Oleg Aksenov, 2019-10-25 00:42:34

Good day, colleagues, please tell me how sudo works in ansible and what is its difference, if I use sudo directly in the console, I
execute in the console
[[email protected] opt]$ sudo mkdir /opt/test
It runs successfully, but when using the command directly with ansible:

[[email protected] opt]$ ansible servers -m file -a "dest=/opt/test  mode=755" -k -u user -b

An error occurs

"module_stdout": "Sorry, user user is not allowed to execute '/bin/sh -c echo BECOME-SUCCESS-qvlcsrrsgixvikeamiollrbbnyxljoxl

I do have limited sudo to /bin/sh and /bin/bash commands, the question is,
what is the difference between my local sudo and ansible?
sudo rights

sudo -l
    (ALL) NOPASSWD: ALL, !/bin/sh, !/bin/tcsh, !/bin/csh, !/bin/zsh, !/bin/ksh, !/bin/bash, !/usr/bin/sudo, !/bin/su, !/usr/bin/mc
    (root) NOPASSWD: ALL
    (root) NOPASSWD: ALL, !/bin/sh, !/bin/tcsh, !/bin/csh, !/bin/zsh, !/bin/ksh, !/bin/bash, !/usr/bin/sudo, !/bin/su, !/usr/bin/mc, !/usr/bin/chattr, !/usr/bin/screen, !/usr/bin/tmux

Reply

Answer the question

In order to leave comments, you need to log in

[[+comments_count]] answer(s)

N

neol, 2019-10-25
@neol

Before running your command, ansible checks that sudo actually works. And this test fails. Matter does not reach mkdir at all.

N

noute, 2019-10-25
@noute

It is better to throw ansible ssh key from under root.
You go into ubuntu, do su - or sudo -s become root and shove the ansible key. There will be less headaches.

O

OnYourLips, 2019-10-25
@OnYourLips

You can disable sudo in ansible and run as that user.
Or enable sudo, but give this user sudo rights.

M

MaxKozlov, 2019-10-31
@MaxKozlov

Such an error can occur if the user does not have all rights via sudo , but only to run certain commands, ansible creates a temporary file with its commands in / tmp and runs it, and not directly / bin / sh