10:26 PM Ansible Escalate to a nologin Account on Linux |
So you are trying to execute a task escalating to a user and getting "This account is currently not available." error in your Ansible log. Chances are that user is set to /sbin/nologin. You can check that with grep
On Ansible 2.4+ that "This account is currently not available." error is considered a "feature", meaning it behaves just as a remote terminal would do. There is an example in Ansible become docs with become_flags: '-s /bin/bash', but that did not work in my case calling command: some_script.pl. The root cause is in Ansible's default sudo trying to establish home for the user we are escalating to. That is Ansible calling sudo with become_flags: set as -H -S -n. And man sudo reveals that -H "requests that the security policy set the HOME environment variable to the home directory of the target user (root by default) as specified by the password database. Depending on the policy, this may be the default behavior.". So all we really need is to drop that -H in the sudo call. Here how we can do it:
- name: "Escalate to nologin"
become: yes become_user: apache become_flags: '-S -n' command: ... |
|
|
| Total comments: 0 | |