How to run a playbook as normal user in the remote machine
For this example you need to create the following directories as best practices
For example
root
|
---- group_vars
|
-----roles
| |
| ----common
|-- site.yml
|-- hosts
Create the root directory in this example named ansible
#mkdir ansible
create the group_var and roles directories
#mkdir group_vars
#mkdir roles
Create the files site.yml and hosts
# touch site.yml
# touch hosts
Too create the common directory change to the directory roles and execute the following command
ansible-galaxy init common
this command create the standard infrastructure directories for use with ansible playbook
For this example i would like to put the sudoers files in some machines to get this result we need to go into the common directory and there go into the tasks directory you are going to find a file named main.yml open it and copy the following
remember start the file with 3 --- this indicate the beginning of the YAML file
---
- name: Sudo file
template: src=sudoers.j2 dest=/etc/sudoers
After this we change to the directory template and create a new file sudoers .j2 that include the following
Defaults requiretty
Defaults !visiblepw
Defaults always_set_home
Defaults env_reset
Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
root ALL=(ALL) ALL
test ALL=(ALL) ALL
Now go back to the root directory in this case ansible and edit site.yml and include the following:
---
- name: apply common configuration to all nodes
hosts: all
remote_user: test
roles:
- common
remote user = is the user that is going to connect to the machine and already have sudo access in the macchine
After this edit the hosts files for example
[TEST] <-- title of the group
10.0.0.1 <--ip or hostname
test.example.com
To run our playbook exeucte the following command
#ansible-playbook -i hosts site.yml -b --become-user=root -kK
This command is going to ask the username password in this case test password user and the sudo password normally the same or can be different
in case you get the following error
Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host.
Run the following command to get the inventory of the hosts and add the ssh keys locally
#ansible -m ping -i hosts
After all the keys has been saved in the local machine you can re-run the command ansible-playbook and is going to works as normal
For example
root
|
---- group_vars
|
-----roles
| |
| ----common
|-- site.yml
|-- hosts
Create the root directory in this example named ansible
#mkdir ansible
create the group_var and roles directories
#mkdir group_vars
#mkdir roles
Create the files site.yml and hosts
# touch site.yml
# touch hosts
Too create the common directory change to the directory roles and execute the following command
ansible-galaxy init common
this command create the standard infrastructure directories for use with ansible playbook
For this example i would like to put the sudoers files in some machines to get this result we need to go into the common directory and there go into the tasks directory you are going to find a file named main.yml open it and copy the following
remember start the file with 3 --- this indicate the beginning of the YAML file
---
- name: Sudo file
template: src=sudoers.j2 dest=/etc/sudoers
After this we change to the directory template and create a new file sudoers .j2 that include the following
Defaults requiretty
Defaults !visiblepw
Defaults always_set_home
Defaults env_reset
Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
root ALL=(ALL) ALL
test ALL=(ALL) ALL
Now go back to the root directory in this case ansible and edit site.yml and include the following:
---
- name: apply common configuration to all nodes
hosts: all
remote_user: test
roles:
- common
remote user = is the user that is going to connect to the machine and already have sudo access in the macchine
After this edit the hosts files for example
[TEST] <-- title of the group
10.0.0.1 <--ip or hostname
test.example.com
To run our playbook exeucte the following command
#ansible-playbook -i hosts site.yml -b --become-user=root -kK
This command is going to ask the username password in this case test password user and the sudo password normally the same or can be different
in case you get the following error
Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host.
Run the following command to get the inventory of the hosts and add the ssh keys locally
#ansible -m ping -i hosts
After all the keys has been saved in the local machine you can re-run the command ansible-playbook and is going to works as normal
Comments
Post a Comment