adjoin -u <admin_account> dev.abc.plc.uk --zone Dev -s VC123.dev.abc.uk -c "OU=Computers,OU=Centrify,DC=dev,DC=abc,DC=uk"
I want to execute above command to join the server to active directory using ansible script with admin account which should prompt for the password.
This is for a new Linux server, running RedHat 6.1, ansible 2.6.2.
- name: 6.Join the server to Active Directory
shell:adjoin -u <admin_account> dev.abc.uk --zone Dev -s VC123.dev.abc.uk -c "OU=Computers,OU=Centrify,DC=dev,DC=abc,DC=uk"
You can use vars_prompt ansible module and capture the password.
Related
In my server I've a script that needs to be executed with the system user (user1). I've an SSH user (user2) who that one will connect to the server to run the script.
Do you know if it's possible to do it with SETUID, SETGUID? Or I don't have the choice to use:
su -c -s /bin/bassh {script} username
Net up passwordless sudo for user2 on the server
ssh user2#server sudo --non-interactive --user=user1 /path/to/script
When we issue a sudo request via ansible, ansible using the –p option of sudo to display a customized message (which is generated dynamically with each ansible run ) using the command
sudo -H -S -p "[sudo via ansible, key=vrioenmynjfokqgzjxywtayyaivnxspy] password: " <command Name>
This has been observed via -vvv mode.
The problem is we have a situation where the default custom sudo prompt is fixed and cannot be overriden using sudo -p option (beause sudo access is verified via third-party tool Active directory).
Say for example:
sudo ls -l:
use Window's password:
If I use sudo -p
sudo -p 'Enter your password:' ls -l
use Window's password:
When ansible tries to do sudo , it expects the custom prompt and then if the expected custom prompt matched with the thrown custom prompt ansible sends the password, otherwise not and results in error (timeout)
My question is is there any way
sudo -H -S -p "[sudo via ansible, key=vrioenmynjfokqgzjxywtayyaivnxspy]
the custom prompt using -p option in ansible can be made fixed for every ansible run using some configuration
Set the ansible_become_exe parameter for a task, play, or in the inventory.
For example:
- name: Check escalation
vars:
ansible_become: true
ansible_become_exe: 'sudo -p "[sudo via ansible, key=vrioenmynjfokqgzjxywtayyaivnxspy]"'
command: whoami
I have some tasks to do on a remote Ubuntu CLI-only server in our offices every 2 weeks. I usually type the commands one by one, but I am trying to find a way (write a script maybe?) to decrease the time I spend in repeating those first steps.
Here is what I do:
ssh my_username#my_local_server
# asks for my_username password
cd /path/to/particular/folder
su particular_user_on_local_server
# asks for particular_user_on_local_server password
And then I can do my tasks (run some Ruby script on Rails applications, copy/remove files, restart services, etc.)
I am trying to find a way to do this in a one-step script/command:
"ssh connect then cd to directory then su to this user"
I tried to use the following:
ssh username#server 'cd /some/path/to/folder ; su other_user'
# => does not keep my connection open to the server, just execute my `cd`
# and then tells me `su: must be run from terminal`
ssh username#server 'cd /some/path/to/folder ; bash ; su other_user'
# => keeps my connection open to the server but doesn't switch to user
# and I don't see the usual `username:~/current/folder` prefix in the CLI
Is there a way to open a terminal (keep connection) on a remote server via ssh and change directory + switch to particular in a automated way? (to make things harder, I'm using Yakuake)
You can force allocation of a pseudo-terminal with -t, change to the desired directory and then replace the shell with one where you are the desired user:
ssh -t username#server 'cd /some/path/to/folder && exec bash -c "su other_user"'
sudo -H keeps the current working directory, so you could do:
ssh -t login_user#host.com 'cd /path/to/dir/; sudo -H -u other_user bash'
The -t parameter of ssh is needed otherwise the second sudo won't be able to ask you for your password.
#!/bin/csh
ssh -o StrictHostKeyChecking=no xyz123#remotemachine.com
sudo -su rootuser
ksh
. /mydir/setup_env.ksh
ls -ltr
Above is the list of task i need to do.
Login into remote machine without password prompt
Run Sudo to get access to Root
Change shell to ksh
execute a script (setup_env.ksh)
List files using ls -ltr
When i execute this script from , lets say localunixmachine.com...
It ask me for password
once i enter password , it will transfer to remote machine but wont execute remaining commands
If i exit from remote session, it will execute remaining command.
Can you please Guide me whats the best way to accomplish what i am trying here.
first you can copy your ssh public key which you can generate ssh-keygen to authorized_keys to the remote server root/.ssh/authorized_keys
and then the script will be
ssh root#remotemachine.com "/bin/ksh mydir/setup_env.ksh"
I think this should work for executing multiple commands remotely:
#!/bin/bash
ssh -o StrictHostKeyChecking=no xyz123#remotemachine.com <<EOF
sudo -su rootuser
ksh
. /mydir/setup_env.ksh
ls -ltr
EOF
As for login to the server without password, you need to setup ssh authentication with keys.
I want to know if i can somehow or someway run a remote linux script stored in windows machine through putty which can contain:
#!/bin/bash
su
<password>
<some operation which needs root permissions>
exit
<some operation with normal user credentials>
Since i tried above script but it does ask root password and then give error of not able to run commands and needed root access. I ran this script from putty using command line:
putty -ssh normaluser#linuxhost -pw <password> -t -m C:\myRootScript.sh
Thanks for answers
Ashutosh
Either login as the root user (not recommended!) or add the user that you're login in with to the sudoers file
sudo visudo
myusername ALL=(ALL) NOPASSWD: ALL
That will let you run sudo without a password.