Error, when connecting with non-sudo users.

[risayew]

Hi, everybody! i'm connecting with non-sudo user, and in the playbook definition immidiately changing to root.

- hosts: my-host
  become: yes
  become_method: su
  vars_files:
    - ./values.yml
  roles:
    - { role: ANXS.postgresql }

Until this step all was ok,

- name: PostgreSQL | Check binary version
  shell: >
    psql --version | sed 's/^psql (//' | sed 's/)//' | awk '{print $1, $2}'
  become: yes
  become_user: "{{ postgresql_service_user }}"
  changed_when: false
  failed_when: postgresql_binary_version.stdout == ""
  register: postgresql_binary_version
  check_mode: no``

the script changes to su postgres user, but it's not possible to change out of non-sudo connection user. "msg": "Incorrect su password" Anybody can help, please?

[gclough]

@risayew , did you find a solution to your problem? I guess I'm a little confused, as if you're running Ansible as a non-sudo user, then how are you changing to root?

Does this step (or others that use become_user: ) run?

- name: PostgreSQL | Reset the cluster - drop the existing one | Debian
  shell: pg_dropcluster {{ postgresql_version }} {{ postgresql_cluster_name }}
  become: yes
  become_user: "{{ postgresql_service_user }}"
  when: ansible_os_family == "Debian" and postgresql_cluster_reset and pgdata_dir_exist.changed

[maglub]

This looks like a bit of an unconventional way of using this role.

It would help us if you let us know more about your environment.

• Which distro are you running it on (managed node)?
• Which version of the distro?
• Why do you want to use su instead of the default sudo?

The "problem" with su as become_method is that you need to know not only the ansible user's password (or have the NOPASSWD: in the sudoers file), you also need to know the target user's passwords.

Also, it is not root that switches to the postgresql_service_user, it is the user ansible logs into the remote system with.

Is it possible for you to not use the become_method: su? We have never tested the role that way, and it is a use case that is hard to maintain.

What I normally do, is to use a non privileged user for the ssh connection to a managed node, as we don't allow root login in our environment. A typical playbook looks as follows. We run on Ubuntu {18, 20} in our environment. The acl package is needed for the ANXS/postgresql role, so that we can log in with the non proviileged user and switch to postgresql in the role.

---
- hosts: com-postgres-l01
  become: true
  tasks:
    - name: Install packages for postgresql
      apt: name={{item}} state=present
      with_items:
        - acl
  tags:
    - packages

- hosts: com-postgres-l01
  become: true
  roles:
    - { role: "ANXS.postgresql" , tags: ["postgresql"] }
  vars:
...

[github-actions[bot]]

This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!

[github-actions[bot]]

This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.