9

When I run ansible against a host machine that has some commands I need to run as root, I can't run these with "become" because it runs the commands as root instead of just running them with sudo.

What I've been doing is just using command: sudo ... and then suppressing warnings with 

args: 
  warn: no

is there a better, more standardized, way to run a linux commandline with sudo sans password?

Peter Turner
  • 1,430
  • 4
  • 17
  • 35

2 Answers2

7

When I run ansible against a host machine that has some commands I need to run as root, I can't run these with "become" because it runs the commands as root instead of just running them with sudo.

That's not true; become uses a variety of methods for privilege escalation, and defaults to using sudo.

Are you perhaps running into one of the known limitations with the become module, like trying to limit sudo access to certain commands?

Xiong Chiamiov
  • 2,781
  • 1
  • 8
  • 29
  • Well this seems like one of the limitations of ansible, when I run -vvv it's doing sudo -H -S -n -u root /bin/sh -c 'bunch of stuff'. I figured it could just run the command I want to with sudo privileges, but I guess that's a little naive since it needs to run 1000 other types of commands with root in a more general way. – Peter Turner Dec 26 '17 at 19:22
  • Came across this post and Ansible limitation as we are only allowed to run limited commands with sudo, don't have full sudo access to run any commands. Are there any alternatives other than running the command(s) as 'sudo /opt/apache/bin/apachectl start' either in Ansible shell or command module? – cnu Mar 11 '21 at 21:01
  • @cnu You have three options: 1) Use the command module 2) Don't use sudo limitations in that way 3) Don't use ansible to trigger these commands. – Xiong Chiamiov Mar 15 '21 at 19:14
  • @XiongChiamiov, Yes. Testing Ansible scripts with command module and that appears to be working fine other than producing "[WARNING]: Consider using 'become', 'become_method', and 'become_user' rather than running sudo". – cnu Mar 15 '21 at 19:43
2

Did you try -K already? I always use this option and then a sudo password has to be entered

030
  • 13,235
  • 16
  • 74
  • 173
  • yeah, the problem is the ssh user I'm using doesn't have rights to start a shell as root, just to the commands I want to run via ansible. – Peter Turner Dec 26 '17 at 19:53
  • I do not think that it is possible to run commands as root if the user cannot start a shell as root as ansible is basically running commands via ssh. – 030 Dec 26 '17 at 21:30