Running Ansible Playbooks as non-root users from Red Hat Satellite 6

Solution Verified - Updated

Environment

  • Red Hat Satellite 6.4

Issue

  • Running Ansible Playbooks as non-root users from Red Hat Satellite 6
  • How to run Ansible Jobs from Red Hat Satellite without distributing SSH Keys or setting NOPASSWD option in sudoers file?

Resolution

  • This issue is fixed in Red Hat Satellite 6.5 version with errata RHSA-2019:1222.

    For Red Hat Satellite 6.4, follow below workaround

  • Ansible Job execution through Red Hat Satellite 6.4 leverages Remote Execution feature in the background.

  • Create a non-root user on the target host and create a sudoers entry for it. In this example, non-root user is called as rexuser with a password of changeme.

    # useradd rexuser
# echo 'rexuser    ALL=(ALL)       ALL' | tee -a /etc/sudoers.d/rexuser

  • Set up SSH user on the Satellite server either globally or per host basis.

    • To set up SSH user globally run the following hammer command
 # hammer settings set --name remote_execution_ssh_user --value rexuser
  • To setup per host
    • Satellite 6 webUI >> Hosts >> All Hosts >> click Edit button against the target host
    • On Parameters tab >> click Add Parameter and set as per below table
NameValue
remote_execution_ssh_userrexuser
  - click on **Submit**.


- Add the following parameter which is required for privilege escalation
NameValue
remote_execution_sudo_passwordchangeme
- select **Hidden Value** checkbox to hide it.
  • To run the Ansible Playbooks/Roles as a non-root user
    • Monitor >> Jobs >> click Run Job
    • Select Ansible Playbook under Job Category which would automatically switch Job template to Ansible Roles - Ansible Default
    • Add a search query for example name = test.example.com >> click Refresh icon to resolve the host, which should show 1 Host
      NOTE : All scoped-search parameters available in Hosts >> All Hosts page can be used in the search query.
    • Click on Display advanced fields
    • Set both Password and Sudo password and click on Submit.
SBR
Product(s)
Components
Category
Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.