-
Notifications
You must be signed in to change notification settings - Fork 27
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
become
privilege escalation issues
#16
Comments
I don't think this is an issue with become. Ansible doesn't use ~/.ssh/config, so I don't think it should work as described here. |
@cognifloyd Here are some scenarios I've tested. Let me know if I can run any further tests to narrow down where the issue is...
|
Found that adding "Defaults always_set_home" in sudoers config seems to have had the desired effect. I'm at a loss to how this condition is triggered. |
Hi there, this is definetely still an issue. Ansible can and does use ~/.ssh/config as per ansible docs see netconf_ssh_config parameter. I use ssh keys with a bastion host. I can get the stackstorm ansible pack to run only with the following:
So being able to run stackstorm as a user instead of root would be great. I've tried putting the ssh config under root but then start getting ssh protocol banner errors. Here is the config I'm using:
Here you can see that become_user is being passed to the playbook whereas it should run the playbook as the specified user - not root.
|
Okay, so yup, I didn't have the config file correct. Got this working by putting ssh config under /root/.ssh/config. Not ideal running as root. I had to modify the proxy command to pass the user. The "become user" setting is not necessary.
|
(Copied from StackStorm/st2contrib#330)
Running Ansible via StackStorm pack with privilege escalation options like
become
doesn't work (?).When running Ansible pack with command equivalent:
Ansible can't read
~/.ssh/config
ofubuntu
user.Reported by @vikrantpogula:
The text was updated successfully, but these errors were encountered: