Comments (9)
Should be live on Ansible Galaxy now as version 2.0.3 @soloradish @pjattke
from ansible-sudoers.
Can confirm that the version released on ansible-galaxy also works flawless. Thank you!
from ansible-sudoers.
I also faced the same issue – I think local sudo privileges are not needed anyway. I would be happy to see this change integrated into master. Would that be possible @ahuffman?
from ansible-sudoers.
-
Would changing the default
sudoers_backup_path
to~/sudoers_backups
resolve the issue if we setbecome: False
on this task? I believe we have the become in there because the backup path is relative to the local ansible control node playbook directory, and would require privilege to write there if running as a non-root user. -
Another solution we could add is a
sudoer_backup_become
var and you can configure as you wish.
Let me know what makes more sense, but I think I'm probably leaning towards option 2.
from ansible-sudoers.
@soloradish @pjattke can you test out https://github.com/ahuffman/ansible-sudoers/tree/sudoers_backup_become and let me know if this works for you?
from ansible-sudoers.
@ahuffman Thanks for looking into that! The solution that I have applied so far is simply setting become: False
in the respective task that keeps failing (of course, on a local copy of your role):
- name: "Ensure local backup directory exists"
file:
state: "directory"
path: "{{ sudoers_backup_path }}"
mode: "0755"
delegate_to: "localhost"
connection: "local"
+ become: False <<< added line
when:
- "sudoers_backup | bool"
- "sudoers_backup_path != ''"
However, I can see that this makes things less flexible and thus I think that your proposed solution 2) would be better suited. I have tested the sudoers_backup_become
branch. However, I get the following error message even though I have defined sudoer_backup_become: False
:
fatal: [hostA]: FAILED! => {
"msg": "failed to transfer file to /etc/sudoers /Users/patrick/git/<redacted>/ansible/backups/host123/sudoers-backups/host123/etc/sudoers:
dd: failed to open '/etc/sudoers': Permission denied"
}
I think this is because you also use this variable to define become
in the task named Backup sudoers file. On the remote, however, sudo permissions are always required to allow reading the sudoers file. Therefore, I think that the change in this line should be reverted.
I would be happy to test again after you made this change. Thanks a lot!
from ansible-sudoers.
@pjattke give it a shot now, restored the backup task (fetch module) to become: True
.
from ansible-sudoers.
@ahuffman Works now — thanks a lot for fixing. Will this change also be available on ansible-galaxy?
from ansible-sudoers.
yes, going to get everything fixed up shortly. Thanks for validating for me.
from ansible-sudoers.
Related Issues (17)
- Last merged PR erase previous change HOT 2
- "--check"-mode run fails due to undefined existing_sudoer_spec_list
- Role fails with "AnsibleUndefinedVariable: 'dict object' has no attribute 'iteritems'" HOT 2
- Role nuked my /etc/sudoers.d, yet doco states it shouldn't have HOT 1
- "--check"-mode run fails due to undefined sudoers_includes_separate_specs.stdout HOT 1
- "Ensure the sudoers file is valid and up to date (specs all in one)" fails when using become HOT 6
- Ansible 2.5 slice filter error HOT 5
- Error while running playbook
- Defining roles in different files HOT 3
- sudoer_remove_unauthorized_specs should default to False
- command and user aliases are not created inside sudoers.d HOT 1
- Builds fail in Travis, and we should move the testing to molecule
- Feature request - Would love to do this in reverse HOT 3
- ownership of local backup directory
- Provide dependencies information
- Semantic versioning HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ansible-sudoers.