stackoom
  简体   繁体   中英

Ansible: sudo without password

 原文  2016-05-25 10:37:02       linux/ ansible/ sudo

Question

I want to run ansible with user sa1 without sudo password:

First time OK:

[root@centos1 cp]# ansible cent2 -m shell -a "sudo yum -y install httpd"

cent2 | SUCCESS | rc=0 >>

Second time FAILED:

[root@centos1 cp]# ansible cent2 -s -m yum -a "name=httpd state=absent"

cent2 | FAILED! => {
    "changed": false,
    "failed": true,
    "module_stderr": "",
    "module_stdout": "sudo: a password is required\r\n",
    "msg": "MODULE FAILURE",
    "parsed": false
}

Please help!

3 answers

solution1
 13 ACCPTED  2016-05-25 11:48:28

It's not ansible it's your server's configuration. Make sure that sudo is allowed for the user ansible is using without password.

  1. To do that login to the server
  2. Open the sudoers file with sudo visudo
  3. Make sure you have a line something like this: centos ALL=(ALL) NOPASSWD:ALL
  4. Replace centos with the your user
  5. Save the file

You can try from the server itself by running:

sudo -u [yourusername] sudo echo "success"

If this works it should work from ansible too.

solution2
 6  2016-06-10 17:45:38

By default ansible runs sudo with the flags: -H -S -n to become root. Where --non-interactive would be the corresponding long form for option -n . This option seems to make sudo return the error message, without attempting to let the authentication modules do their thing.

I managed to get around the password error by creating a ~/.ansible.cfg containing lines as below, for the most relevant ansible version.

ansible 2.4

[defaults]
sudo_flags = --set-home --stdin

ansible 2.9

[sudo_become_plugin]
flags = -H -S

That was at least enough to allow pam_ssh_agent_auth.so to run and authenticate me.

Prior to version 2.8 the above example works, newer than 2.8 requires the second example. Documentation for the new style configuration can be found in the Ansible User Guide .

solution3
 0  2021-07-01 11:41:59

Here's the playbook in case you want ansible make it for you

  1. Add user to chosen group ( in my case wheel )
  2. Add this to your playbook
- name: Make users passwordless for sudo in group wheel
  lineinfile:
    path: /etc/sudoers
    state: present
    regexp: '^%wheel'
    line: '%wheel ALL=(ALL) NOPASSWD: ALL'
    validate: 'visudo -cf %s'

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Change linux password with Ansible playbook script when connecting as a non-root user without sudo privileges Use sudo without password INSIDE a script Execute commands as root without root password or sudo Ansible sudo default prompt Ansible sudo does not work Ansible adhoc command with sudo ansible: sudo and change user Autoupdating AIR apps on Linux without prompting for sudo password Changing fqdn in centos without prompting password from sudo user How to run sudo su from php script without password?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM