Search code examples
ansiblerootrhel

This command has to be run under the root user. But I am root only

I have a simple playbook that tries to install packages. My task is failing(see output).

I can ping the host, and manually I can run the command as the super user(tco).

my ansible.cfg

[defaults]
inventory = /Users/<myuser>/<automation>/ansible/inventory
remote_user = tco

packages

packages:
  - yum-utils
  - sshpass

playbook

---
- hosts: all
  vars_files:
    - vars/packages.yml
  tasks:
    - name: testing connection
      ping:
      remote_user: tco

    - name: Installing packages
      yum:
        name: "{{ packages }}"
        state: present

Running playbook: ansible-playbook my-playbook.yml --limit master --become --ask-become-pass --become-user=tco --become-method=sudo

Output:

ansible-playbook register_sys_rh.yml --limit master --become --ask-become-pass --become-user=tco --become-method=sudo
BECOME password: 

PLAY [all] ******************************************************************************************************************************************************************

TASK [Gathering Facts] ******************************************************************************************************************************************************
ok: [xx.xxx.13.105]

TASK [testing connection] ***************************************************************************************************************************************************
ok: [xx.xxx.13.105]

TASK [Installing packages] **************************************************************************************************************************************************
fatal: [xx.xxx.13.105]: FAILED! => {"changed": false, "msg": "This command has to be run under the root user.", "results": []}

PLAY RECAP ******************************************************************************************************************************************************************
xx.xxx.13.105              : ok=2    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

inventory:

ansible-inventory --list | jq '.master'
{
  "hosts": [
    "xx.xxx.13.105"
  ]
}

I have copied my id_rsa.pub to the host already. I cannot loging to the host without a password. I can log in and do sudo su or run any other command that needs root privilege.

[tco@control-plane-0 ~]$ whoami
tco
[tco@control-plane-0 ~]$ hostname -I
xx.xxx.13.105 192.168.122.1 
[tco@control-plane-0 ~]$ sudo su
[sudo] password for tco: 
[root@control-plane-0 tco]#

I explicitly override user, sudo_method through ansible_cli, no idea what I am doing wrong here.

Thanks in advance.

Solution

  • Fixed it. But, I need to understand the Ansible concept better.

    I changed ansible.cfg to this(changed become_user to root)

    [defaults]
inventory = <my-inventory-path>
remote_user = tco

[privilege_escalation]
become=True
become_method=sudo
become_ask_pass=False
become_user=root
become_pass=<password>

    And, running it like this:

    ansible-playbook my-playbook.yml --limit master this gives me an error:

    FAILED! => {"msg": "Missing sudo password"}

    So, I run like this:

    ansible-playbook my-playbook.yml --limit master --ask-become-pass and when a password is prompted I provide tco password not sure what is the password for the root user is.

    And this works.

    Not sure why cfg file password is not working, even though I provide the same password when prompted.

    As per my understanding, when I say become_user and become_pass that is what ansible uses to run privilege commands. But, here I am saying remote_user: tco and become_user:root