Explore Courses Blog Tutorials Interview Questions
0 votes
in DevOps and Agile by (29.3k points)

I have taken over a Ubuntu 14.04 server. It has a user called "deployer" (used with Capistrano), and as such, it needs sudo privileges. With this setup, I can log into the server and do stuff like:

workstation> ssh deployer@myserver

myserver>  sudo apt-get install git

myserver> exit


I am trying to figure out how to use Ansible (version and python 2.7.3) to create a user called "deployer" and be able to log into the server with that id and then so sudo-ish things like "apt-get install". My playbook looks like this:

- hosts: example
  become: yes
  - name: Update apt cache
      update_cache: yes
      cache_valid_time: 3600
  - group: name=sudo state=present
  - name: Add deployer user and add it to sudo
    user: name=deployer
    become: yes
    become_method: "sudo"
  - name: Set up authorized keys for the deployer user
    authorized_key: user=deployer key="{{item}}"
      - /home/jaygodse/.ssh/
After running this playbook, I am able to ssh into the machine as "deployer", (e.g. ssh deployer@myserver) but if I run a sudo command, it always asks me for my sudo password.
I understand that the "deployer" user ultimately has to find its way into the visudo users file, but I cannot figure out which magical Ansible incantations to invoke so that I can ssh into the machine as deployer and then run a sudo command (e.g. sudo apt-get install git") without being prompted for a sudo password.
I have searched high and low, and I can't seem to find an Ansible playbook fragment which puts the user "deployer" into the sudo group without requiring a password. How is this done?

1 Answer

0 votes
by (50.2k points)

For this problem, you need to make some changes to your play-book which will help you can do ssh into the server as deployed. Changes are given below

- name: Make sure we have a 'wheel' group


    name: wheel

    state: present

- name: Allow 'wheel' group to have passwordless sudo


    dest: /etc/sudoers

    state: present

    regexp: '^%wheel'

    line: '%wheel ALL=(ALL) NOPASSWD: ALL'

    validate: 'visudo -cf %s'

- name: Add sudoers users to wheel group

  user: name=deployer groups=wheel append=yes state=present createhome=yes

- name: Set up authorized keys for the deployer user

  authorized_key: user=deployer key="{{item}}"


    - /home/railsdev/.ssh/

Here in the above code, there is a line that helps you to access 


To /etc/sudoders. After executing this play in a subsequent time then you will be able to ssh into the server as a deployer.

You can read more about Ansible, a DevOps configuration management tool, and you can also refer to Ansible Tutorial for better understanding.

Welcome to Intellipaat Community. Get your technical queries answered by top developers!

30.5k questions

32.6k answers


108k users

Browse Categories