semaphore
semaphore copied to clipboard
semaphoreui
How to become root in Semaphpore Task Templates ?
Playbook I'm trying to execute :
---
- hosts: ubuntu
become: yes
become_method: sudo
become_user: root
tasks:
- name: Update Repositories and Upgrade Packages [Ubuntu]
apt:
update_cache: yes
upgrade: "yes"
when: ansible_distribution == "Ubuntu"
Error I'm Getting :
Failed to lock apt for exclusive operation: Failed to lock directory /var/lib/apt/lists/: E:Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied)"
I've even edit sudoers file to not ask for password for escalating privileges, however I'm still getting the same error.
What else do I need to do to attain root privileges while execute a task template ?
I think your issue is with Ansible not semaphore have you tried your code outside of Semaphore ?
I'm usually just using become: true on task or playbook i want to run as root.
Maybe it's also a sudo issue but semaphore is not responsible imho.
Running the playbook via CLI doesn't bring up any error.
My issue is how to elevate privileges when running a playbook via Semaphore, then maybe I don't need become: true
I already have.
Still getting the same error ...
Can anyone post any of their playbooks requiring root ?
Hi,
I have the same problem with simple playbook Sudo password is added in credentials and set in inventory
---
- name: Check become success
hosts: all
tasks:
- name: Check whoami
command: whoami
register: whoami_out
- name: Check whoami become
command: whoami
become: true
become_method: sudo
become_user: root
register: whoami_become_out
# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04.5 LTS
Release: 20.04
Codename: focal
# ansible --version
ansible 2.9.6
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3/dist-packages/ansible
executable location = /usr/bin/ansible
python version = 3.8.10 (default, Nov 14 2022, 12:59:47) [GCC 9.4.0]
Hi,
I solved my problem. My scenario was:
- semaphore installed and running under user semaphore
- ansible connecting by default as user root
- userX was used to connecting to servers
Setting ansible_ssh_user to userX in inventory (or extra vars) and mentioned earlier credentials for sudo/become - solved my problem
I think ansible_ssh_user or ansible_user should be set to value from user credentials in semaphore inventory. Here is something broken https://github.com/ansible-semaphore/semaphore/blob/8d5ba2857d6b9501f0ca13f167080cd569ca5bb3/services/tasks/runner.go#L693
@emdepl Whrre exactly do I add ansible_ssh_user ? How do set it up in inventory ? Where are the extra vars declared ?
Help will be much appreciated.
Not working for me as well. Trying to debug for hours now. It works via cli but not with semaphore. I am running semaphore in docker
I had kind of the same issue. When creating the credentials you will use as Sudo credentials, make sure to specify the username to root or whatever user you need it. I had made the mistake to only specify the root password and assumed that become_user in my playbooks would make it, but no. You must both specify the sudo user and its password.
I hope this helps you guys. @talha5389 @drtech981
In my inventory I configured a key for User credentials and user:pass Sudo credentials.
Finally adding this in the Environment worked for me:
{
"ansible_become_user": "root"
}
In my inventory I configured a key for
User credentialsand user:passSudo credentials.
Can you please give the proper syntax for this ? I'm not being able to get it to work.
This is my playbook:
---
- name: Update and upgrade packages on Ubuntu
hosts: all
become: true
tasks:
- name: Update apt cache
apt:
update_cache: true
- name: Upgrade all packages
apt:
upgrade: dist
This is my Inventory:
User Credentials are ssh key: username: derek, private key generated on command line, then ssh-copy-id the key to all target servers.
Sudo credentials are user:pass derek:myspecialsecret...!
Update: I also tried with user:pass in both User and Sudo credentials and it works for me.
@dcolley Thanks for your reply, but I'm still not able to get it to work:
Here are my settings :
These are my credential stores :
I'm still getting :
6:56:13 PM
fatal: [oraclem01]: FAILED! => {"changed": false, "msg": "Failed to lock apt for exclusive operation: Failed to lock directory /var/lib/apt/lists/: E:Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied)"}
I also encountered this issue recently. Since I'm still learning Ansible might use case and solution might be pretty limited. While setting up the sudo credentials in semaphore, I entered the username and its sudo password, since this seemed just logically straight forward to me.
Turns out that was the problem: not entering the username (since it's optional anyway) for the sudo password key worked for me in the end. So I only use the username for the ssh private key in my case right now.
Since this still confuses me, maybe someone would be able to explain why it works this way. Or how it's supposed to work.
