You are reading the article How Does Ansible Sudo Work? Examples updated in September 2023 on the website Cersearch.com. We hope that the information we have shared is helpful to you. If you find the content interesting and meaningful, please share it with your friends and continue to follow and support us for the latest updates. Suggested October 2023 How Does Ansible Sudo Work? ExamplesIntroduction to Ansible Sudo
The following article provides an outline for Ansible Sudo. In Ansible, we work on remote target machines by using playbooks which have plays and tasks. The playbook will run on remote target machines as same user as on Ansible controller machine, unless specified otherwise. But there are times when the requirement is to run a task as some other user on remote target nodes. In such cases, we need become plugins like sudo, which stands for substitute user do. This enables the remote user to execute commands as another user or privileged user. There are few other options in this plugin which make it more flexible to use.
Start Your Free Software Development Course
Web development, programming languages, Software testing & othersWhat is Ansible Sudo?
In Ansible, we can use become to make use to Linux system’s sudo feature. This makes one user to execute commands on system as another user for the moment of command execution. There are various ways to tell Ansible about the privileged user, password and other related options. These ways include defining variables, making entries in inventory file or in imported file.
Ansible uses parameters like become_exe, become_flag, become_pass, become_user to achieve same.
Given below is the detail of such parameters:
1. become_exe: To set the sudo.
Possible ini entries:
[privilege_escalation] executable = sudo
[sudo_become_plugin] become_exe = sudo
[privilege_escalation] become_flags = -H -S -n
[sudo_become_plugin] flags = -H -S -n
3. become_pass: To set the Password to pass to sudo for sudo user.
[sudo_become_plugin] password = value
4. become_user: To set the sudo user.
var: ansible_become_userHow does Ansible Sudo work?
To use become methods, we can mention the specific parameters in playbook, in static inventory files or in imported files.
The syntax will be like below when we use it is playbook:
Similarly, the become variables can be mentioned in inventory files to defined sudo user. This can be done against a group of hosts or a special host. That way it becomes easy to work on a special host or host group.Examples of Ansible Sudo
Given below are the examples mentioned:
Here we have an Ansible control server named ansible-controller and two remotes hosts named host-one and host-two. We will create playbooks and run Ansible commands on ansible-controller node and see the results on remote hosts.Example #1
In this example, we have a playbook with content like below, here we are running this playbook with root user, but as we mentioned become parameters in the playbook. We are trying to run command as ec2-user. In the output we will see that command ran as ec2-user.
Please note, this user must exist on target machine, else playbook will fail.
Running this playbook like below:
Here we can see in the output that id of ec2-user was shown though we ran this playbook as root user. As we switched from root to non-root user it did not ask for password.Example #2
Running this playbook like below with non-root user named ec2-user:
We get the output like below, where it failed, as the user do not have permission to do the task.
Now if we update the playbook like below and mention become: yes in it. We are giving this user, the sudo power.
Now running this playbook like below, we can see that it ran successfully.
In this example, we have a playbook with content like below, when we are running this playbook as ec2-user with become parameters, then actually we are running simple command on remote target machines as another non-root user named testuser after switching to it. Also this user ec2-user have entries in sudoer file of target machines, so we will not be required to enter password for testuser user to switch to it.
Running this playbook like below:
We get the output like below where we can see that user identified is the testuser, as we used become parameter to run the command as testuser.
Running this playbook like below, note the –ask-become-pass option used in command.
ansible-playbook ansible_sudo_nonroot_to_nonroot.yaml --ask-become-pass
Here we can see that the command ran as ec2-user, because we used become parameter to switch to it and passed password on asking by –ask-become-pass option.Conclusion
As we saw in this article, using become is very important aspect of using Ansible in your environment, as on target remote servers, we always have some restrictions on non-root users. To overcome this, we need escalated privileges for time being, that is only possible by sudo methods.Recommended Articles
This is a guide to Ansible Sudo. Here we discuss what is ansible sudo, how does ansible sudo work, and examples respectively. You may also have a look at the following articles to learn more –
You're reading How Does Ansible Sudo Work? Examples
Update the detailed information about How Does Ansible Sudo Work? Examples on the Cersearch.com website. We hope the article's content will meet your needs, and we will regularly update the information to provide you with the fastest and most accurate information. Have a great day!