Skip to content

Instantly share code, notes, and snippets.

@kskmori

kskmori/00-debug.yml

Created August 26, 2019 06:45
Show Gist options
  • Save kskmori/08db4ddf511ed08fecff722eb60114d7 to your computer and use it in GitHub Desktop.
Save kskmori/08db4ddf511ed08fecff722eb60114d7 to your computer and use it in GitHub Desktop.
Download ZIP
osc2018tk-demo sudo install debug.yml
Raw
00-debug.yml
- hosts: 127.0.0.1
connection: local
become: true
max_fail_percentage: 0
tasks:
- name: debug
debug:
var: ansible_facts
- name: user
debug:
var: ansible_env.SUDO_USER
- name: home
debug:
var: ansible_env.HOME
@kskmori
Copy link
Author

kskmori commented Aug 26, 2019

=== OSX regular user

[ksk@Tomcat osc2018tk-demo (master)]$ sudo ansible-playbook 00-debug.yml 
Password:
(...)
TASK [debug : user] ************************************************************
ok: [127.0.0.1] => 
  ansible_env.SUDO_USER: ksk

TASK [debug : home] ************************************************************
ok: [127.0.0.1] => 
  ansible_env.HOME: /Users/ksk

PLAY RECAP *********************************************************************
127.0.0.1                  : ok=4    changed=0    unreachable=0    failed=0   

[ksk@Tomcat osc2018tk-demo (master)]$ ansible-playbook -K 00-debug.yml 
SUDO password: 
(...)
TASK [debug : user] ************************************************************
ok: [127.0.0.1] => 
  ansible_env.SUDO_USER: ksk

TASK [debug : home] ************************************************************
ok: [127.0.0.1] => 
  ansible_env.HOME: /var/root

PLAY RECAP *********************************************************************
127.0.0.1                  : ok=4    changed=0    unreachable=0    failed=0

@kskmori
Copy link
Author

kskmori commented Aug 26, 2019

=== Linux root (revised)

[root@tm200-1 osc2018tk-demo (master)]# sudo ansible-playbook  ./ansible-virtualbmc/dev/00-debug.yml 
(...)
TASK [user] ******************************************************************************************************************
ok: [127.0.0.1] => 
  ansible_env.SUDO_USER: root

TASK [home] ******************************************************************************************************************
ok: [127.0.0.1] => 
  ansible_env.HOME: /root

PLAY RECAP *******************************************************************************************************************
127.0.0.1                  : ok=4    changed=0    unreachable=0    failed=0   

[root@tm200-1 osc2018tk-demo (master)]# ansible-playbook -K ./ansible-virtualbmc/dev/00-debug.yml 
SUDO password: 
(...)
TASK [user] ******************************************************************************************************************
ok: [127.0.0.1] => 
  ansible_env.SUDO_USER: VARIABLE IS NOT DEFINED!

TASK [home] ******************************************************************************************************************
ok: [127.0.0.1] => 
  ansible_env.HOME: /root

PLAY RECAP *******************************************************************************************************************
127.0.0.1                  : ok=4    changed=0    unreachable=0    failed=0

@kskmori
Copy link
Author

kskmori commented Aug 26, 2019
edited
Loading

Summary: sudo vs. -K as ansible-playbook local privilege escalation methods

  • sudo ansible-playbook
    • HOME is different between Linux and OSX
      • Linux: root's home
      • OSX: regular user's home - this is OSX's default
  • ansible-playbook -K
    • HOME is different from the default sudo behavior on OSX, but behaves similar to Linux
    • SUDO Password is always asked even if already in root
    • SUDO_USER env var is not set if already in root

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment