Ansible become_user not picking up path correctly
5,727
This is normal and expected behavior.
Remember that sudo sanitizes the environment when switching users, which is why you end up with a minimal default PATH.
The remainder of the items in the PATH come from shell startup scripts, which are not being run when you (or rather Ansible) call sudo <command>, because it is not asking for an interactive or login shell.
If you have to run a command which isn't in a default location, supply its path explicitly.
Related videos on Youtube
06 : 51
Part 2: Ansible Configuration Host and SSH
50 : 24
Let's Install and Configure Java and Tomcat using Ansible-Playbook | Hands-on Lab
09 : 11
Ansible Hosts File Example // How to change it's location! Ansible Inventory file.
02 : 20
DevOps & SysAdmins: Ansible become_user not picking up path correctly
17 : 59
Privilege Escalation and Remote User in Ansible | #Ansible #FullCourse | techbeatly
11 : 46
Use Windows PowerShell with Ansible
49 : 29
Troubleshooting Thursdays #1 - How to fix issues with Ansible Playbooks
Author by
Joshua Grigonis
Bay Area DevOps. No, I don't need a new job, thanks for asking.
Updated on September 18, 2022Comments
-
Joshua Grigonis over 1 year
Here's the code showing what I believe is a problem:
# Debugging path problems with sudo --- - hosts: webservers remote_user: root tasks: - name: echo path command: echo $PATH register: output changed_when: False - name: display root path output debug: "msg={{ output.stdout }}" # Now try as apache - name: echo path command: echo $PATH become: true become_user: apache become_method: sudo register: output changed_when: False - name: display wrong output debug: "msg={{ output.stdout }}" # This is the fix - name: echo path command: echo $PATH environment: PATH: "{{ ansible_env.PATH }}" become: true become_user: apache become_method: sudo register: output changed_when: False - name: display fixed output debug: "msg={{ output.stdout }}"Here's the output, you can see that the path is not complete without adding "the fix".
TASK [echo path] *************************************************************** ok: [webapp] TASK [display root path output] ************************************************ ok: [webapp] => { "changed": false, "msg": "/usr/lib64/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin" } TASK [echo path] *************************************************************** ok: [webapp] TASK [display wrong output] **************************************************** ok: [webapp] => { "changed": false, "msg": "/sbin:/bin:/usr/sbin:/usr/bin" } TASK [echo path] *************************************************************** ok: [webapp] TASK [display fixed output] **************************************************** ok: [webapp] => { "changed": false, "msg": "/usr/lib64/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin" }Why is this fix necessary, is this a bug?
This is on CentOS 6.7 and using Ansible 2.0