Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tSkcx-001FBD-Ri for pgsql-general@arkaria.postgresql.org; Tue, 31 Dec 2024 22:22:16 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1tSkcw-005YvR-R2 for pgsql-general@arkaria.postgresql.org; Tue, 31 Dec 2024 22:22:14 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tSkcw-005YvH-F8 for pgsql-general@lists.postgresql.org; Tue, 31 Dec 2024 22:22:14 +0000 Received: from ageofdream.com ([45.33.21.21]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tSkct-002ZPa-61 for pgsql-general@lists.postgresql.org; Tue, 31 Dec 2024 22:22:13 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ageofdream.com; s=ageofdream; t=1735683728; bh=OjdrmBk0lL1bnFo9maHlwnRKBkjcTAI14jQV6SJHK6A=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=fjJ3Ts1ckRyM6RMk8c3gL4R9NeMLSFH5/ooHwpiYtzP3HNC7QcM5uI8iS13d2pu7N uG6R7ZG1UDmuvghRXrNIaOlZRtfIAnvSkwALcBmRXtX64gkRaJS+YPZmnGvw1qzeVN kHil3NYnktz+DjaDh7K/Il/55ma018MknxvKi9+JzgzaDsbXA8RZ77J/URDvYAdGel 141La6tL+0xFaREqx3p8Qz093j3TDsmh6H1o2Ot0qN5fwMnLQTiDD2u1bZmNObmrTA f3u2iG1NK0m5GU1xxcebFH7+bJbP9xIGEv+tqD9LJW2CtW/zBlpz2Haekygf2q5j+V Whx/9FQZZcfqA== Received: from [192.168.1.7] (unknown [72.255.194.227]) by ageofdream.com (Postfix) with ESMTPSA id CA85B278D7; Tue, 31 Dec 2024 17:22:08 -0500 (EST) Message-ID: Subject: Re: Initial Postgres admin account setup using Ansible? From: Nick To: Andreas 'ads' Scherbaum Cc: pgsql-general@lists.postgresql.org Date: Tue, 31 Dec 2024 17:22:08 -0500 In-Reply-To: References: <75b177a0f2627519419009a2134fe050f3f623cb.camel@ageofdream.com> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.46.4-2 MIME-Version: 1.0 X-Spam-Status: No, score=-1.2 required=5.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,URIBL_BLOCKED autolearn=ham autolearn_force=no version=4.0.0 X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on ageofdream.com List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Tue, 2024-12-31 at 23:16 +0100, Andreas 'ads' Scherbaum wrote: >=20 >=20 >=20 > Can you please provide an example of the task(s) which fail? > If you have passwordless "sudo" configured tor the user running > Ansible, > this works: >=20 > - name: Ping PostgreSQL > =C2=A0 postgresql_ping: > =C2=A0 db: postgres > =C2=A0 login_unix_socket: "/var/run/postgresql" > =C2=A0 login_user: postgres > =C2=A0 become: yes > =C2=A0 become_user: postgres > =C2=A0 > More examples and details: > https://andreas.scherbaum.la/writings/Managing_PostgreSQL_with_Ansible_-_= Percona_Live_2022.pdf >=20 >=20 When trying this: - name: Ping PostgreSQL postgresql_ping: db: postgres login_unix_socket: "/var/run/postgresql" login_user: postgres become: yes become_user: postgres I get: Ping PostgreSQL... xxx.xxx.xxx.xxx failed | msg: Failed to set permissions on the temporary files Ansible needs to create when becoming an unprivileged user (rc: 1, err: chmod: invalid mode: =E2=80=98A+user:postgres:rx:allow=E2= =80=99 Try 'chmod --help' for more information. }). For information on working around this, see https://docs.ansible.com/ansible-core/2.17/playbook_guide/playbooks_privile= ge_escalation.html#risks-of-becoming-an-unprivileged-user