Ansible reports "permission denied" when issuing command on remote host

Ansible 2.1
Ansible host: Ubuntu 16.04
Remote host: CentOS 6.5

I'm quite new to Ansible. I have a simple ansible project:

├── hosts
├── roles
│   └── setup
│   ├── defaults
│   │   └── main.yml
│   ├── tasks
│   │   └── main.yml
│   └── templates
│   └── automation-agent.config.j2
└── site.yml

Command I used to run playbook:

ansible-playbook -i hosts site.yml --user admin --ask-pass

On the remote host, I have set up user admin with root priviledge:

root ALL=(ALL) ALL
admin ALL=(ALL) ALL

However, one of the playbook tasks ran into issue:

- name: Back up Automation Agent config file if exists command: mv /etc/mongodb-mms/automation-agent.config /etc/mongodb-mms/automation-agent.config.bak

Ansible reports:

TASK [setup : Back up Automation Agent config file if exists] ******************
fatal: [192.168.241.135]: FAILED! => {"changed": true, "cmd": ["mv", "/etc/mongodb-mms/automation-agent.config", "/etc/mongodb-mms/automation-agent.config.bak"], "delta": "0:00:00.002588", "end": "2016-06-01 22:57:55.577158", "failed": true, "rc": 1, "start": "2016-06-01 22:57:55.574570", "stderr": "mv: cannot move `/etc/mongodb-mms/automation-agent.config' to `/etc/mongodb-mms/automation-agent.config.bak': Permission denied", "stdout": "", "stdout_lines": [], "warnings": []}

Noted that permission setting on /etc/mongodb-mms/automation-agent.config is 0600

-rw-------. 1 mongod mongod 313 Jun 1 04:48 automation-agent.config

Apparently one would need sudo priviledge to make changes to this file. I have tried Ansible's --become and --become-user, but not having success.

ansible-playbook -i hosts site.yml --user admin --ask-pass --become --become-user admin

What should I do in Ansible to gain sudo and make changes to that file?

1 Answer

You're using --become-user admin, so you're essentially doing sudo -u admin, but you intend to become root (sudo -u root).

Don't specify --become-user admin or use --become-user root, and Ansible by default will try to become root.

If you need to specify a password for becoming root, use the --ask-become-pass flag.

If you don't want to be prompted for a sudo password when using sudo, your sudoers entry for the admin user should read as follows instead:

admin ALL=(ALL) NOPASSWD:ALL
2

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

You Might Also Like