Ansible become "command not allowed"

0
votes

I use ansible 2.1.1.0 on redhat 6.2 OS.

I try to launch playbooks with Become method but it does'nt work. On my ansible host, the task messages display is :

fatal: [hostname]: FAILED! => {"changed": false, "failed": true, "module_stderr": "", "module_stdout": "sudo: a password is required\r\n", "msg": "MODULE FAILURE", "parsed": false}

There is no password on the remote host, and, when i go to the secure log, there is this error : 

Aug 17 16:02:04 hostname sudo:   user : command not allowed ; TTY=pts/1 ; PWD=/home/user ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-dwxvazrobemucw; LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 LC_MESSAGES=en_US.UTF-8 /usr/bin/python /users/user/.ansible/tmp/ansible-tmp-1502978523.81-254571587064931/command; rm -rf "/users/user/.ansible/tmp/ansible-tmp-1502978523.81-254571587064931/" > /dev/null 2>&1

When I try to launch playbook without become method but with sudo in command line, there is no error, the command works and this message appears in /var/log/secure :

Aug 17 16:03:02 hostname sudo:   user : TTY=pts/1 ; PWD=/home/user ; USER=root ; COMMAND=command_I_used

I use RSA key method, without passphrase and this problem appears with all module I had test.

Thanks for reading,
Valentin.

1
ansible
Can you execute sudo /bin/sh -c 'echo test' on remote host?Konstantin Suvorov
OK, when i tried to exec this command, system ask me for sudo password. So, when i want to use become method, I need to allow my user to do this command ?Valentin
You have to allow /bin/sh.Konstantin Suvorov
thanks for your helpValentin

1 Answers

1
votes

Answer from the comment:

You have to allow /bin/sh command to be executed with sudo.