Closed risayew closed 4 months ago
@risayew , did you find a solution to your problem? I guess I'm a little confused, as if you're running Ansible as a non-sudo user, then how are you changing to root
?
Does this step (or others that use become_user:
) run?
- name: PostgreSQL | Reset the cluster - drop the existing one | Debian
shell: pg_dropcluster {{ postgresql_version }} {{ postgresql_cluster_name }}
become: yes
become_user: "{{ postgresql_service_user }}"
when: ansible_os_family == "Debian" and postgresql_cluster_reset and pgdata_dir_exist.changed
This looks like a bit of an unconventional way of using this role.
It would help us if you let us know more about your environment.
su
instead of the default sudo
?The "problem" with su
as become_method
is that you need to know not only the ansible user's password (or have the NOPASSWD:
in the sudoers file), you also need to know the target user's passwords.
Also, it is not root
that switches to the postgresql_service_user
, it is the user ansible logs into the remote system with.
Is it possible for you to not use the become_method: su
? We have never tested the role that way, and it is a use case that is hard to maintain.
What I normally do, is to use a non privileged user for the ssh connection to a managed node, as we don't allow root
login in our environment. A typical playbook looks as follows. We run on Ubuntu {18, 20} in our environment. The acl
package is needed for the ANXS/postgresql role, so that we can log in with the non proviileged user and switch to postgresql
in the role.
---
- hosts: com-postgres-l01
become: true
tasks:
- name: Install packages for postgresql
apt: name={{item}} state=present
with_items:
- acl
tags:
- packages
- hosts: com-postgres-l01
become: true
roles:
- { role: "ANXS.postgresql" , tags: ["postgresql"] }
vars:
...
This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.
Hi, everybody! i'm connecting with non-sudo user, and in the playbook definition immidiately changing to root.
Until this step all was ok,
the script changes to su postgres user, but it's not possible to change out of non-sudo connection user. "msg": "Incorrect su password" Anybody can help, please?