search

semaphoreui / semaphore

Modern UI and powerful API for Ansible, Terraform, OpenTofu, PowerShell and other DevOps tools.
https://semaphoreui.com
MIT License
10.62k stars 1.07k forks source link

No sudo permissions #2200

Open sonor3000 opened 3 months ago

sonor3000 commented 3 months ago

Issue

I have the latest stable Semaphore version installed vie docker and ssh connections to my remote machines with a dedicated ansible user are working fine. But for tasks where sudo permissions are needed switching to sudo does not work. I've added the ssh key needed for connections to the key store of Semaphore, the key requires no password. Also I've addes the sudo credentials, user and password, to the key store of Semaphore and for my inventory and the tasks those vault entries are selected. Everything is fine, only sudo on remote machines does not work.

What am I missing? Is sudo with a password possible with Semaphore? How can I debug this problem? Is it possible to execute the ansible commands that are used by Semaphore manualy somehow in a shell? In the debug output of the tasks I can only see that on the remote machines switching to sudo does not work, but I can't see the ansible commands that are used.

If I execute the same tasks stored in a playbook, that does not work with Semaphore, with ansible on another machine manualy everything is fine, there sudo is working without problems. So it must be a problem with Semaphore but I do not know how to debug the problem :-(.

Any idea how to solve or how to debug this issue would be great! Tahnks for any hint and thanks for Semaphore which seems to be exactly the tool we'd need to run automated tasks in our environment!

Impact

Ansible (task execution)

Installation method

Docker

Database

MySQL

Browser

No response

Semaphore Version

Latest stable version

Ansible Version

No response

Logs & errors

No response

Manual installation - system information

No response

Configuration

No response

Additional information

No response

Chrisd204 commented 3 months ago

any updates on this yet?

sonor3000 commented 3 months ago

@Chrisd204 Yes, I got the problem solved. In the keystore of Semaphore I've created a new item with the type login/password and entered only the sudo password, but no username. This item I selected for my inventory as the information to switch to sudo.

simonvdv commented 2 months ago

Hi,

I've found this solution to be working as well :

You can create a list of servers you want to connect to and select the option for user credentials and sudo credentials. Typically, these are the same, so I used the same username and password for my sudo_user.

In my Ansible playbooks, I've used the following configuration, and it’s working for me. You might want to try it or troubleshoot further for your specific case :

hosts: all remote_user: sudo_user become: true become_method: sudo become_user: root