Ansible Tower: Manage Nodes as a Non-Root User
In this video I set up a non-root user to manage nodes and escalate privileges via Sudo.
1) Add a user to your managed nodes (‘ansible’ user in this case)
1a) Create an Ansible hosts file with one server on each line (or IP):
1b) Create a text file containing the password you want this user to have, on a single line.
1c) Create a shell script that will read both of the above files, loop through the hosts, create the ansible user, and add them to the Sudo group.
user=root # logging into each host as root user
password=$(cat ansible_node_password.txt) # reading password from 1b
opensslPw=$(openssl passwd -1 $password) #creating hashed value for useradd
# creating the ansible user and adding them to the wheel (sudo) group
commands=”useradd -p ‘$opensslPw’ ansible; usermod -aG wheel ansible”
# looping through each host
for host in $(cat ansible_hosts.txt); do
# connecting to each host with ssh and running the commands
ssh -l $user $host $commands
# note, you will have to enter the root password of your managed nodes for this
# you can also set ssh public key authentication on your nodes to not use a password
2) With the ansible user created on the managed nodes, create a ‘Credential’ in Ansible Tower.
2a) Credential Type is ‘Machine’ and you enter the USERNAME, PASSWORD, and PRIVILEGE ESCALATION PASSWORD.
2b) Also set the PRIVILEGE ESCALATION METHOD to ‘sudo’.
3) Add ‘become: yes’ to the appropriate location in your playbook.
3a) See the Ansble documentation for more details:
4) Update the job template in the Templates section and change CREDENTIALS to the one you just created.
5) The playbook should be good to run as a non-root user.
Hello, great video it is quite useful, but I have a serious problem.
I need to lunch a playbook that will do security updates on more than 100 linux servers with all different passwords, that's were it gets tricky : I do not want to interact with anything once I started the job.
I've been looking into this for many days now but can seem to find anything.
Hope you might have some clues to my dilemma.