Error creating group with ansible sudo/become

MattB

10/28/22, 4:50 PM

I'm trying to create a gropu with Ansible, which fails but works if I run it as an SSH command.

The Play

- name: Test error creating groups
  hosts: all
  become: yes
  become_method: sudo
  become_user: xdradmin
  tasks:
  - name: Ensure test group exists
    group:
      name: test
      state: present
      gid: 1001

Attempting to create the group fails with error.

$ ansible-playbook -i web, -u xdradmin test.yml 

PLAY [Test error creating groups] ********************************************************************************************

TASK [Gathering Facts] *******************************************************************************************************
ok: [web]

TASK [Ensure test group exists] **********************************************************************************************
fatal: [web]: FAILED! => {"changed": false, "msg": "groupadd: Permission denied.\ngroupadd: cannot lock /etc/group; try again later.\n", "name": "test"}

PLAY RECAP *******************************************************************************************************************
web                        : ok=1    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

However if I do essentially the same thing manually, it works fine.

 ssh xdradmin@web 'sudo groupadd -g 1001 test && tail -n1 /etc/group'
test:x:1001:

744

1 + 0

ansible

Score:1

Server

Michael Hampton

10/28/22, 5:05 PM

You have told ansible to become (sudo in this case) to the user xdradmin, which apparently has no permission to create groups. Most of the time you should become root as this is the administrative user that will do all the tasks that require root privilege. Indeed, it's what you did with your ssh command: you became root, not xdradmin. Thus the command worked.

Fix your become_user, e.g.:

become_user=root

The become user is different to the user that ansible connects to the remote system as. That is remote_user.

remote_user=xdradmin

With these two changes, ansible will ssh to the system as user xdradmin, then sudo to root and finally run your task.

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Error creating group with ansible sudo/become

TH: เกิดข้อผิดพลาดในการสร้างกลุ่มด้วย ansible sudo/become

RO: Eroare la crearea grupului cu ansible sudo/become

RU: Ошибка при создании группы с помощью ansible sudo/become

VI: Lỗi khi tạo nhóm với sudo/become ansible

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.