I have a remote user without sudo and servers with forbidden ssh for root. So I try to use next approach for privilege escalation:
- block:
- name: Get hardware password
shell: |
slcli --format json hardware detail --passwords {{ hostname }}
register: json_answer
delegate_to: localhost
- name: set hardwareInfo variable
set_fact:
hardwareInfo: "{{ json_answer.stdout|from_json }}"
- name: set password variable
set_fact:
ansible_become_pass: "{{ hardwareInfo | to_json | from_json | json_query(password_query) }}"
vars:
password_query: "users[?username==`root`].password"
no_log: true
- name: Install repository deb
shell: |
dpkg -i {{ deb_repo_url }}
become: yes
become_method: su
become_user: root
But I get error:
{ "msg": "Incorrect su password", "_ansible_no_log": false }
I checked out ansible_become_pass variable and it has correct password.
Found that my variable was in wrong format (array instead of string).
{
"changed": false,
"ansible_facts": {
"ansible_become_pass": [
"my_password"
]
},
"_ansible_no_log": false
}
Changed set_fact to this and now it's works
- name: set password variable
set_fact:
ansible_become_pass: "{{ hardwareInfo | to_json | from_json | json_query(password_query) | join('') }}"