From amorenoz at redhat.com Tue May 18 13:23:20 2021 From: amorenoz at redhat.com (Adrian Moreno) Date: Tue, 18 May 2021 15:23:20 +0200 Subject: [sos-devel] sos collect: becoming root without password Message-ID: Hi, I'm trying to run "sos collect" (4.1) to ssh into my node and gather the logs as root. I'm doing so by running: sos collect --become --ssh-user heat-admin --nopasswd-sudo --nodes ${NODE_IP} But sos prompts me for the root password of user "head-admin" in the node: sos-collector ASSUMES that SSH keys are installed on all nodes unless the --password option is provided. User heat-admin will attempt to become root. Provide root password: Isn't "--nopasswd-sudo" supposed to mean "I don't need password to use sudo" (which is my case)? I'm sure I'm missing something, can someone help me out? Thanks -- Adri?n Moreno From jhunsake at redhat.com Tue May 18 13:57:57 2021 From: jhunsake at redhat.com (Jake Hunsaker) Date: Tue, 18 May 2021 09:57:57 -0400 Subject: [sos-devel] sos collect: becoming root without password In-Reply-To: References: Message-ID: <91ce7e68-e778-5a36-f030-64be4019fa67@redhat.com> --become means "once on the node, actually become the root user, don't use sudo". Akin to running "su - " yourself. It's for scenarios where sudo is not configured for the ssh-user. If you drop --become, then collect will use sudo for the commands requiring root privileges, and the `--nopasswd-sudo` option is used to skip the prompt for the sudo password. On 5/18/21 9:23 AM, Adrian Moreno wrote: > Hi, > > I'm trying to run "sos collect" (4.1) to ssh into my node and gather the logs as > root. > > I'm doing so by running: > > sos collect --become --ssh-user heat-admin --nopasswd-sudo --nodes ${NODE_IP} > > But sos prompts me for the root password of user "head-admin" in the node: > > sos-collector ASSUMES that SSH keys are installed on all nodes unless the > --password option is provided. > > User heat-admin will attempt to become root. Provide root password: > > Isn't "--nopasswd-sudo" supposed to mean "I don't need password to use sudo" > (which is my case)? > > I'm sure I'm missing something, can someone help me out? > > Thanks -- Jake Hunsaker RHCA Cloud Specialist Senior Software Engineer, CEE Engineering Red Hat From amorenoz at redhat.com Tue May 18 14:51:25 2021 From: amorenoz at redhat.com (Adrian Moreno) Date: Tue, 18 May 2021 16:51:25 +0200 Subject: [sos-devel] sos collect: becoming root without password In-Reply-To: <91ce7e68-e778-5a36-f030-64be4019fa67@redhat.com> References: <91ce7e68-e778-5a36-f030-64be4019fa67@redhat.com> Message-ID: On 5/18/21 3:57 PM, Jake Hunsaker wrote: > --become means "once on the node, actually become the root user, don't use > sudo". Akin to running "su - " yourself. It's for scenarios where sudo is not > configured for the ssh-user. > I knew I was missing something! Thank you very much Jake. > If you drop --become, then collect will use sudo for the commands requiring root > privileges, and the `--nopasswd-sudo` option is used to skip the prompt for the > sudo password. > > On 5/18/21 9:23 AM, Adrian Moreno wrote: >> Hi, >> >> I'm trying to run "sos collect" (4.1) to ssh into my node and gather the logs as >> root. >> >> I'm doing so by running: >> >> sos collect --become --ssh-user heat-admin --nopasswd-sudo --nodes ${NODE_IP} >> >> But sos prompts me for the root password of user "head-admin" in the node: >> >> sos-collector ASSUMES that SSH keys are installed on all nodes unless the >> --password option is provided. >> >> User heat-admin will attempt to become root. Provide root password: >> >> Isn't "--nopasswd-sudo" supposed to mean "I don't need password to use sudo" >> (which is my case)? >> >> I'm sure I'm missing something, can someone help me out? >> >> Thanks > -- Adri?n Moreno