bentley:
Hello Ansible experts, your help is requested on this small script.
- name: ‘hosts’
hosts: all
become: yes
tasks:
- name: ‘Execute a script’
script: ‘install_script.sh’
Currently my user-id = student1 and execute the above program on server1
Manually, I can “ssh sudent1@server99” without any passwords (with ssl keys) and “sudo su - teacher1”
I want the above script statement to run as ID = teacher1 on server99
In other words, I want to connect as Student1 but run all tasks as teacher1
I guess I have to use the following but not successful
become_user: teacher1
become_method: su
in ansible,cfg file, I tried using become_exe=‘sudo su -’
============== below is from ansible documentation ================
For example, if you want to run all tasks as root on a server named webserver, but you can only connect as the manager user, you could use an inventory entry like this:
webserver ansible_user=manager ansible_become=yes
============================================================
Al West:
So become method should be sudo - this is that the user is checked so see if they can run commands (or certain commands) as root.
---
# playbook.yml
- name: 'Become'
become: true
become_method: sudo
become_user: teacher1
hosts: all
gather_facts: False
tasks:
- name: Run whoami
shell:
cmd: 'whoami'
register: who
- name: Print who I am
debug:
msg: "{{ who.stdout }}"
al@CORSAIRONE:~/kodekloud/ansible-become$ ansible-playbook -i tiny, playbook.yaml -K
BECOME password:
PLAY [Become] ***************************************************************************************
TASK [Run whoami] ***********************************************************************************
changed: [tiny]
TASK [Print who I am] *******************************************************************************
ok: [tiny] => {
"msg": "teacher1"
}
PLAY RECAP ******************************************************************************************
tiny : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
bentley:
Thanks. it worked for whoamI command as it looked for command in /bin/sh. But other commands that teacher1 can find in its path, it could not execute saying “stderr:”/bin/sh: db2level: not found." Means, it could source profile of teacher1. Could you kindly help me to achieve this? Thanks in advance.
Al West:
You can specify the full path, or add your cmd to the paths being search already.
Al West:
also I think you might be able to use this cmd: 'bash -ilc "db2level"'
bentley:
Thank you,. cmd: bash -ilc worked. Is there anyway to avoid this bash -ilc? The reason is , I will be writing many tasks and for every cmd, I have to use bash -ilc. When I could manually “ssh as ID student1” and “sudo su - teacher1” , the whole PATH and environment variables are available. I am trying to explore equivalent code in yaml. I guess, “become_method: sudo” is not exactly equival to “sudo su - teacher1”.
Al West:
If you have multiple commands put them into a shell script, upload it and execute it.
bentley:
Thank you. That would do it.