![]() Sep 18 21:18:31 myhost systemd-logind: New session 21148 of user foo. It is quite simple to resolve by configuring sudoers. Sep 18 21:18:31 myhost sshd: pam_unix(sshd:session): session opened for user foo by (uid=0) But my user 'deploy' is authorized into sudoers configuration to send the following commands without password: sudo systemctl status myapplication sudo systemctl start myapplication sudo systemctl stop myapplication sudo systemctl restart myapplication. As already mentioned within the comments this is nothing related to Ansible itself, but to Managing sudo access. The weak protection here is that no one on the host can become specialuser without been a root, and only ansible controller has access. The sudoers.d snippet would looks like this: specialuser ALL (ALL) NOPASSWD: ALL. ![]() Sep 18 21:18:31 myhost sshd: Accepted publickey for foo from myIP port 33766 ssh2: ED25519 SHA256:FfrBJTV5NjTZwI0rMRPotXIz0KVUJxYtXBH4bQnQlXY Its pretty easy: create a user with ssh-only access via ssh key (no password), and allow this user to have passwordless sudo. Problem: Every time I run my ansible-playbook command I am prompted for a ssh and become password. This way I dont need to type them in when using the parameters -ask-become-pass or the ssh password. Issue is on ansible 2.9.7 SUMMARY Issue is you cant become root if connecting to a host via a non root user. I would like to use ansible vault passwords for the ssh and become passwords when running ansible-playbook. Sep 18 21:18:31 myhost sshd: Postponed publickey for foo from myIP port 33766 ssh2 Found similar issues but the fixes does not fix my issue. What should I do to match the password on the server?īelow is the content of auth.log when the error occurs: Sep 18 21:18:30 myhost sshd: Connection from myIP port 33766 on serverIP port 22 ![]() I double checked the password and I can confirm that I'm using the same one on the server, I can normally sudo on the server. 1.ansible Missing sudo password 1.1-kK ansible-playbook mail.yml -kK SSH password: BECOME passworddefaults to SSH password. Now I'm trying to make the change on my playbook but no luck, I get Incorrect sudo password when gathering facts. Password: ''Įverything worked perfectly until the server prompted me to change the password after many months, I was in a rush so I manually changed it. storing the values in inventory is a really bad idea for security unless you encrypt it with vault. Probably you will need to give a read at this too. Ansible can also store the password in the ansiblepassword variable on a per-host basis. There is no problem writing a file in /var/www using fileputcontents(msgfname,msg). The docs say you can specify the password via the command line: -k, -ask-pass. Consider this simplified ansible task where I create a user with a salted password: // vars sudo systemctl restart apache2 OR sudo systemctl restart httpd.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |