'Using ansible become with Oracle Linux "sudo -s"

I need to log into an Oracle Linux system and run a command as root for a vendor application. Having testing SSHing and running the process manually, I am now using Ansible for orchestration.

I have to log in as another user "admin" using a certificate and then, as per the vendor instructions, type "sudo -s" to become root before I can run the shell script. Because I am using a certificate, I do not need to type the password to elevate

I have discovered that "become: yes" does not work for "sudo -s".

I've tried using the "raw", "shell" and "command" ansible modules to bypass the issue but they time out as they might be expecting an answer.

Here is the output

TASK [run bash system status] **************************************************
fatal: [server-sandpit]: FAILED! => {"changed": true, "msg": "non-zero return code", "rc": 3, "stderr": "Shared connection to server-sandpit closed.\r\n", "stderr_lines": ["Shared connection to server-sandpit closed."], "stdout": "This script cannot be run under sudo, try running under 'sudo -s'\r\n", "stdout_lines": ["This script cannot be run under sudo, try running under 'sudo -s'"]}

Here is the playbook:

---
- hosts: sl-aio-sandpit

  tasks:
    - name: run bash system status
      script: system_status.sh
      args:
        executable: bash
      become: yes

Note that I cannot run the script using just sudo in ssh:

[admin@server-sandpit tmp]$ sudo ./system_status.sh
This script cannot be run under sudo, try running under 'sudo -s'

I either get the error above or, for some workarounds like using "shell" or "command" the playbook never resolves and needs to be cancelled.

ansiblesudo


Solution 1:[1]

I'm not aware of any way to control the options passed to sudo when using become: true and become_method: sudo (default).

Since you need to sudo -s first then run your script in a second command, you can try the following solution

---
- hosts: sl-aio-sandpit
  remote_user: admin

  tasks:

    - name: copy script to remote machine
      copy:
        src: system_status.sh
        dest: /path/to/your/system_status.sh
        mode: 0750

    - name: run bash system status with sudo -s
      shell: |
        sudo -s
        /path/to/your/system_status.sh

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1

Related Questions

"sudo: gcloud: command not found" when running Google Cloud SDK

Terminate sudo python script when the terminal closes

How to sudo on powershell on Windows

Copy multiple files with Ansible

How to share handlers?

How to get domain zone of the DNS A record using Ansible dig

Ansible is there a modify-volume task?

Ansible Tower - Module lineinfile - Issue: Missing lines

How can I get a list of child groups in Ansible?

Is it possible to increase the timeout for apt_repository module?

How can I get the installed YUM packages with Ansible?

Create Ansibles remote_tmp from config file variable

How to chain two Ansible module in one task

Ansible: To use the 'ssh' connection type with passwords, you must install the sshpass program"

Ansible is being run in a world writable directory (/vagrant), ignoring it as an ansible.cfg source