Elevating user to root with Ansible

Kęstutis asked:

How to elevate Ansible to root for running playbooks? The thing is that the server I want to provision has root access disabled and the only user that has login access has absolutely no permissions to do anything except elavating to other users.

So when I login to server manually I would do something like this – ssh lgus11@vdom7.intrn and then if I need to install something I would either do sudo - myuser or in some rare occasions sudo - and then enter the respective users password.

Unfortunately if I run my Ansible playbook I can’t seem to be able to elevate the user to root.

I have a line like this in my /etc/ansible/hosts file:

vdom7.intrn ansible_become=true ansible_become_user="root" ansible_become_password="<root_user_password>"

And the result I get from running the playbook is as follows:

PLAY [vault_server] ********************************************************* 

GATHERING FACTS *************************************************************** 
fatal: [vdom7.intrn] => Incorrect become password

PLAY RECAP ******************************************************************** 
           to retry, use: --limit @/home/user/main.retry

vdom7.intrn                : ok=0    changed=0    unreachable=1    failed=0   

I know ansible_become_password does have some effect because previously I used to get Missing become password for an error but at the same time I know that the password I provide is correct for the user because when I use it manually it works like a charm and so I’m not really aware what am I doing wrong and how should I change playbook’s run user.

My answer:

become defaults to using sudo (see become_method). So you need to use the user’s password as you would provide to sudo, not the root password.

Or you can change the become_method, e.g. to su.

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.