Back

Explore Courses Blog Tutorials Interview Questions
0 votes
1 view
in DevOps and Agile by (29.3k points)

I have taken over a Ubuntu 14.04 server. It has a user called "deployer" (used with Capistrano), and as such, it needs sudo privileges. With this setup, I can log into the server and do stuff like:

workstation> ssh [email protected]

myserver>  sudo apt-get install git

myserver> exit

workstation>

I am trying to figure out how to use Ansible (version 2.0.2.0 and python 2.7.3) to create a user called "deployer" and be able to log into the server with that id and then so sudo-ish things like "apt-get install". My playbook looks like this:

---
- hosts: example
  become: yes
  tasks:
  - name: Update apt cache
    apt:
      update_cache: yes
      cache_valid_time: 3600
  - group: name=sudo state=present
  - name: Add deployer user and add it to sudo
    user: name=deployer
          state=present
          createhome=yes
    become: yes
    become_method: "sudo"
  - name: Set up authorized keys for the deployer user
    authorized_key: user=deployer key="{{item}}"
    with_file:
      - /home/jaygodse/.ssh/id_rsa.pub
After running this playbook, I am able to ssh into the machine as "deployer", (e.g. ssh [email protected]) but if I run a sudo command, it always asks me for my sudo password.
I understand that the "deployer" user ultimately has to find its way into the visudo users file, but I cannot figure out which magical Ansible incantations to invoke so that I can ssh into the machine as deployer and then run a sudo command (e.g. sudo apt-get install git") without being prompted for a sudo password.
I have searched high and low, and I can't seem to find an Ansible playbook fragment which puts the user "deployer" into the sudo group without requiring a password. How is this done?

1 Answer

0 votes
by (50.2k points)

For this problem, you need to make some changes to your play-book which will help you can do ssh into the server as deployed. Changes are given below

- name: Make sure we have a 'wheel' group

  group:

    name: wheel

    state: present

- name: Allow 'wheel' group to have passwordless sudo

  lineinfile:

    dest: /etc/sudoers

    state: present

    regexp: '^%wheel'

    line: '%wheel ALL=(ALL) NOPASSWD: ALL'

    validate: 'visudo -cf %s'

- name: Add sudoers users to wheel group

  user: name=deployer groups=wheel append=yes state=present createhome=yes

- name: Set up authorized keys for the deployer user

  authorized_key: user=deployer key="{{item}}"

  with_file:

    - /home/railsdev/.ssh/id_rsa.pub

Here in the above code, there is a line that helps you to access 

%wheel ALL=(ALL) NOPASSWD: ALL

To /etc/sudoders. After executing this play in a subsequent time then you will be able to ssh into the server as a deployer.

You can read more about Ansible, a DevOps configuration management tool, and you can also refer to Ansible Tutorial for better understanding.

Welcome to Intellipaat Community. Get your technical queries answered by top developers!

28.4k questions

29.7k answers

500 comments

94.2k users

Browse Categories

...