Created
April 4, 2016 16:14
-
-
Save sherlockholmes/63607e10457d260c5d7c61bfc1f74fad to your computer and use it in GitHub Desktop.
Ansible become escalation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ➜ ~ cat become.yml | |
| --- | |
| - hosts: localhost | |
| user: vagrant | |
| tasks: | |
| - shell: whoami | |
| register: result | |
| - debug: var=result.stdout | |
| - name: become_root_user | |
| become: true | |
| become_user: root | |
| shell: whoami | |
| register: sudo_test_result | |
| - debug: var=sudo_test_result.stdout | |
| - name: creating_new_app_user | |
| become: true | |
| become_user: root | |
| become_method: sudo | |
| user: name=app_user password=Bzs310di86b6E groups="adm,sudo" system=yes state=present | |
| - name: become_app_user | |
| become: true | |
| become_user: app_user | |
| become_method: sudo | |
| shell: whoami | |
| register: app_user_test_result | |
| - debug: var=app_user_test_result.stdout | |
| ➜ ~ ansible-playbook -i realtime-automation/hosts-slaves become.yml -vvv --extra-vars='ansible_become_pass=4nsible' | |
| Using /etc/ansible/ansible.cfg as config file | |
| [WARNING]: provided hosts list is empty, only localhost is available | |
| 1 plays in become.yml | |
| ______ | |
| < PLAY > | |
| ------ | |
| \ ^__^ | |
| \ (oo)\_______ | |
| (__)\ )\/\ | |
| ||----w | | |
| || || | |
| ______________ | |
| < TASK [setup] > | |
| -------------- | |
| \ ^__^ | |
| \ (oo)\_______ | |
| (__)\ )\/\ | |
| ||----w | | |
| || || | |
| ESTABLISH LOCAL CONNECTION FOR USER: vagrant | |
| 127.0.0.1 EXEC ( umask 22 && mkdir -p "$( echo $HOME/.ansible/tmp/ansible-tmp-1459786340.21-197090646413082 )" && echo "$( echo $HOME/.ansible/tmp/ansible-tmp-1459786340.21-197090646413082 )" ) | |
| 127.0.0.1 PUT /tmp/tmpCbjAuD TO /home/vagrant/.ansible/tmp/ansible-tmp-1459786340.21-197090646413082/setup | |
| 127.0.0.1 EXEC LANG=C LC_ALL=C LC_MESSAGES=C /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1459786340.21-197090646413082/setup; rm -rf "/home/vagrant/.ansible/tmp/ansible-tmp-1459786340.21-197090646413082/" > /dev/null 2>&1 | |
| ok: [localhost] | |
| ________________ | |
| < TASK [command] > | |
| ---------------- | |
| \ ^__^ | |
| \ (oo)\_______ | |
| (__)\ )\/\ | |
| ||----w | | |
| || || | |
| task path: /home/vagrant/become.yml:5 | |
| ESTABLISH LOCAL CONNECTION FOR USER: vagrant | |
| 127.0.0.1 EXEC ( umask 22 && mkdir -p "$( echo $HOME/.ansible/tmp/ansible-tmp-1459786340.72-63664888608764 )" && echo "$( echo $HOME/.ansible/tmp/ansible-tmp-1459786340.72-63664888608764 )" ) | |
| 127.0.0.1 PUT /tmp/tmpkhRn8W TO /home/vagrant/.ansible/tmp/ansible-tmp-1459786340.72-63664888608764/command | |
| 127.0.0.1 EXEC LANG=C LC_ALL=C LC_MESSAGES=C /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1459786340.72-63664888608764/command; rm -rf "/home/vagrant/.ansible/tmp/ansible-tmp-1459786340.72-63664888608764/" > /dev/null 2>&1 | |
| changed: [localhost] => {"changed": true, "cmd": "whoami", "delta": "0:00:00.002035", "end": "2016-04-04 11:12:20.797767", "invocation": {"module_args": {"_raw_params": "whoami", "_uses_shell": true, "chdir": null, "creates": null, "executable": null, "removes": null, "warn": true}, "module_name": "command"}, "rc": 0, "start": "2016-04-04 11:12:20.795732", "stderr": "", "stdout": "vagrant", "stdout_lines": ["vagrant"], "warnings": []} | |
| ______________ | |
| < TASK [debug] > | |
| -------------- | |
| \ ^__^ | |
| \ (oo)\_______ | |
| (__)\ )\/\ | |
| ||----w | | |
| || || | |
| task path: /home/vagrant/become.yml:8 | |
| ok: [localhost] => { | |
| "result.stdout": "vagrant" | |
| } | |
| _________________________ | |
| < TASK [become_root_user] > | |
| ------------------------- | |
| \ ^__^ | |
| \ (oo)\_______ | |
| (__)\ )\/\ | |
| ||----w | | |
| || || | |
| task path: /home/vagrant/become.yml:10 | |
| ESTABLISH LOCAL CONNECTION FOR USER: vagrant | |
| 127.0.0.1 EXEC ( umask 22 && mkdir -p "$( echo $HOME/.ansible/tmp/ansible-tmp-1459786340.98-28464457805409 )" && echo "$( echo $HOME/.ansible/tmp/ansible-tmp-1459786340.98-28464457805409 )" ) | |
| 127.0.0.1 PUT /tmp/tmpS7xhoR TO /home/vagrant/.ansible/tmp/ansible-tmp-1459786340.98-28464457805409/command | |
| 127.0.0.1 EXEC /bin/sh -c 'sudo -H -S -p "[sudo via ansible, key=otcyhutloliufqcjvphapluoeaqgfmho] password: " -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-otcyhutloliufqcjvphapluoeaqgfmho; LANG=C LC_ALL=C LC_MESSAGES=C /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1459786340.98-28464457805409/command; rm -rf "/home/vagrant/.ansible/tmp/ansible-tmp-1459786340.98-28464457805409/" > /dev/null 2>&1'"'"'' | |
| changed: [localhost] => {"changed": true, "cmd": "whoami", "delta": "0:00:00.002590", "end": "2016-04-04 11:12:21.083501", "invocation": {"module_args": {"_raw_params": "whoami", "_uses_shell": true, "chdir": null, "creates": null, "executable": null, "removes": null, "warn": true}, "module_name": "command"}, "rc": 0, "start": "2016-04-04 11:12:21.080911", "stderr": "", "stdout": "root", "stdout_lines": ["root"], "warnings": []} | |
| ______________ | |
| < TASK [debug] > | |
| -------------- | |
| \ ^__^ | |
| \ (oo)\_______ | |
| (__)\ )\/\ | |
| ||----w | | |
| || || | |
| task path: /home/vagrant/become.yml:16 | |
| ok: [localhost] => { | |
| "sudo_test_result.stdout": "root" | |
| } | |
| ______________________________ | |
| < TASK [creating_new_app_user] > | |
| ------------------------------ | |
| \ ^__^ | |
| \ (oo)\_______ | |
| (__)\ )\/\ | |
| ||----w | | |
| || || | |
| task path: /home/vagrant/become.yml:18 | |
| ESTABLISH LOCAL CONNECTION FOR USER: vagrant | |
| 127.0.0.1 EXEC ( umask 22 && mkdir -p "$( echo $HOME/.ansible/tmp/ansible-tmp-1459786341.26-134368257733119 )" && echo "$( echo $HOME/.ansible/tmp/ansible-tmp-1459786341.26-134368257733119 )" ) | |
| 127.0.0.1 PUT /tmp/tmpp8ohfm TO /home/vagrant/.ansible/tmp/ansible-tmp-1459786341.26-134368257733119/user | |
| 127.0.0.1 EXEC /bin/sh -c 'sudo -H -S -p "[sudo via ansible, key=hyakgsdksttrdqbbstjpciyjhgkhwydl] password: " -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-hyakgsdksttrdqbbstjpciyjhgkhwydl; LANG=C LC_ALL=C LC_MESSAGES=C /usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1459786341.26-134368257733119/user; rm -rf "/home/vagrant/.ansible/tmp/ansible-tmp-1459786341.26-134368257733119/" > /dev/null 2>&1'"'"'' | |
| ok: [localhost] => {"append": false, "changed": false, "comment": "", "group": 996, "groups": "adm,sudo", "home": "/home/app_user", "invocation": {"module_args": {"append": false, "comment": null, "createhome": true, "expires": null, "force": false, "generate_ssh_key": null, "group": null, "groups": "adm,sudo", "home": null, "login_class": null, "move_home": false, "name": "app_user", "non_unique": false, "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "remove": false, "shell": null, "skeleton": null, "ssh_key_bits": "2048", "ssh_key_comment": "ansible-generated on vagrant", "ssh_key_file": null, "ssh_key_passphrase": null, "ssh_key_type": "rsa", "state": "present", "system": true, "uid": null, "update_password": "always"}, "module_name": "user"}, "move_home": false, "name": "app_user", "password": "NOT_LOGGING_PASSWORD", "shell": "", "state": "present", "uid": 997} | |
| ________________________ | |
| < TASK [become_app_user] > | |
| ------------------------ | |
| \ ^__^ | |
| \ (oo)\_______ | |
| (__)\ )\/\ | |
| ||----w | | |
| || || | |
| task path: /home/vagrant/become.yml:24 | |
| ESTABLISH LOCAL CONNECTION FOR USER: vagrant | |
| 127.0.0.1 EXEC ( umask 22 && mkdir -p "$( echo /tmp/ansible-tmp-1459786341.44-100095688149056 )" && echo "$( echo /tmp/ansible-tmp-1459786341.44-100095688149056 )" ) | |
| 127.0.0.1 PUT /tmp/tmpip4yk9 TO /tmp/ansible-tmp-1459786341.44-100095688149056/command | |
| 127.0.0.1 EXEC chmod a+r /tmp/ansible-tmp-1459786341.44-100095688149056/command | |
| 127.0.0.1 EXEC /bin/sh -c 'sudo -H -S -p "[sudo via ansible, key=pupzhzchihxbrtwmuubhapnpfpukyjyo] password: " -u app_user /bin/sh -c '"'"'echo BECOME-SUCCESS-pupzhzchihxbrtwmuubhapnpfpukyjyo; LANG=C LC_ALL=C LC_MESSAGES=C /usr/bin/python /tmp/ansible-tmp-1459786341.44-100095688149056/command'"'"'' | |
| 127.0.0.1 EXEC rm -f -r /tmp/ansible-tmp-1459786341.44-100095688149056/ > /dev/null 2>&1 | |
| changed: [localhost] => {"changed": true, "cmd": "whoami", "delta": "0:00:00.003000", "end": "2016-04-04 11:12:21.539930", "invocation": {"module_args": {"_raw_params": "whoami", "_uses_shell": true, "chdir": null, "creates": null, "executable": null, "removes": null, "warn": true}, "module_name": "command"}, "rc": 0, "start": "2016-04-04 11:12:21.536930", "stderr": "", "stdout": "app_user", "stdout_lines": ["app_user"], "warnings": []} | |
| ______________ | |
| < TASK [debug] > | |
| -------------- | |
| \ ^__^ | |
| \ (oo)\_______ | |
| (__)\ )\/\ | |
| ||----w | | |
| || || | |
| task path: /home/vagrant/become.yml:31 | |
| ok: [localhost] => { | |
| "app_user_test_result.stdout": "app_user" | |
| } | |
| ____________ | |
| < PLAY RECAP > | |
| ------------ | |
| \ ^__^ | |
| \ (oo)\_______ | |
| (__)\ )\/\ | |
| ||----w | | |
| || || | |
| localhost : ok=8 changed=3 unreachable=0 failed=0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment