I am working on an ansible playbook which copies my tasks.tar.gz
file to remote servers and uncompress it into a particular directory on remote servers.
I am running my playbook on machineA
as user david
so I added public key of david
user from machineA
to all the remote servers authorized_key
file so that I can ssh without typing my password because I want to run my ansible playbook passwordless.
---
- hosts: ALL
serial: 3
tasks:
- name: copy and untar latest tasks.tar.gz file
unarchive: src=tasks.tar.gz dest=/data/files/tasks/
- name: sleep for few seconds
pause: seconds=20
Now problem I am having is since this "/data/files/tasks/" directory on remote servers belongs to some other user (goldy)
so it can't copy and uncompress tasks.tar.gz
file because I am running my playbook as david
user I guess.
ansible-playbook -e 'host_key_checking=False' test2.yml
I want to run my ansible playbook as user david
passwordless but it should be able to copy files into all the remote servers in a directory which belongs to user goldy. I tried playing with become
and become_user
but it didn't worked for me. Is there anything else I need to do?
- name: copy and untar latest tasks.tar.gz file
unarchive: src=tasks.tar.gz dest=/data/files/tasks/
become: true
become_user: goldy
become_method: sudo
This is the error I am getting:
"msg": "Failed to set permissions on the temporary files Ansible needs to create when becoming an unprivileged user (rc: 1, err: chown: changing ownership of ‘/tmp/ansible-tmp-1518323151.21-195554555527544/’: Operation not permitted\nchown: changing ownership of ‘/tmp/ansible-tmp-1518323151.21-195554555527544/stat.py’: Operation not permitted\n}).
Since you hint on having sudo configured for your connecting user
david
, the simplest thing you can do is use elevated permissions to copy the file and set its an ownership togoldy
throughowner
parameter of theunarchive
module:For the question of how to configure sudoers to allow for executing commands on behalf of a user other than
root
, you need to learn howsudo
andsudoers
actually work (see the manual).