Loading...

Type: Bug
Resolution: Unresolved
Priority: Undefined
Fix Version/s: None
Affects Version/s: Unspecified
Component/s: cloud-content, Public Cloud
Labels:
- aws
- github

Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Intelligence Requested:
Market:

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

https://github.com/ansible-collections/community.aws/issues/1980

1. 1. Summary

community.aws.aws_ssm do not change user to ubuntu.
It successfully change user to root, www-data, nobody.
In logs clearly visible that it does not apply sudo -u ubuntu as It should.

1. 1. Issue Type

Bug Report

1. 1. Component Name

community.aws.aws_ssm

1. 1. Ansible Version

```console (paste below)
$ ansible --version

ansible [core 2.15.5]
config file = /home/ubuntu/actions-runner/_work/ansible/ansible/ansible.cfg
configured module search path = ['/home/ubuntu/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/ubuntu/.local/lib/python3.10/site-packages/ansible
ansible collection location = /home/ubuntu/.ansible/collections:/usr/share/ansible/collections
executable location = /home/ubuntu/.local/bin/ansible
python version = 3.10.12 (main, Jun 11 20[23](https://github.com/saage-tech/ansible/actions/runs/6627761312/job/18003466387#step:6:24), 05:[26](https://github.com/saage-tech/ansible/actions/runs/6627761312/job/18003466387#step:6:27):[28](https://github.com/saage-tech/ansible/actions/runs/6627761312/job/18003466387#step:6:29)) [GCC 11.4.0] (/usr/bin/python3)
jinja version = 3.0.3
libyaml = True
```

1. 1. Collection Versions

```console (paste below)
$ ansible-galaxy collection list

/home/ubuntu/.ansible/collections/ansible_collections
Collection Version
- - - - -------
        amazon.aws 6.5.0
        community.aws 6.4.0
        community.docker 3.4.3
        community.grafana 1.5.4
        community.postgresql 2.3.2

/home/ubuntu/.local/lib/python3.10/site-packages/ansible_collections
Collection Version
- - - - -------
        amazon.aws 6.5.0
        ansible.netcommon 5.2.0
        ansible.posix 1.5.4
        ansible.utils 2.11.0
        ansible.windows 1.14.0
        arista.eos 6.1.2
        awx.awx 22.7.0
        azure.azcollection 1.18.1
        check_point.mgmt 5.1.1
        chocolatey.chocolatey 1.5.1
        cisco.aci 2.7.0
        cisco.asa 4.0.2
        cisco.dnac 6.7.5
        cisco.intersight 1.0.27
        cisco.ios 4.6.1
        cisco.iosxr 5.0.3
        cisco.ise 2.5.16
        cisco.meraki 2.16.5
        cisco.mso 2.5.0
        cisco.nso 1.0.3
        cisco.nxos 4.4.0
        cisco.ucs 1.10.0
        cloud.common 2.1.4
        cloudscale_ch.cloud 2.3.1
        community.aws 6.3.0
        community.azure 2.0.0
        community.ciscosmb 1.0.6
        community.crypto 2.15.1
        community.digitalocean 1.24.0
        community.dns 2.6.2
        community.docker 3.4.9
        community.fortios 1.0.0
        community.general 7.5.0
        community.google 1.0.0
        community.grafana 1.5.4
        community.hashi_vault 5.0.0
        community.hrobot 1.8.1
        community.libvirt 1.3.0
        community.mongodb 1.6.3
        community.mysql 3.7.2
        community.network 5.0.0
        community.okd 2.3.0
        community.postgresql 2.4.3
        community.proxysql 1.5.1
        community.rabbitmq 1.2.3
        community.routeros 2.10.0
        community.sap 1.0.0
        community.sap_libs 1.4.1
        community.skydive 1.0.0
        community.sops 1.6.6
        community.vmware 3.10.0
        community.windows 1.13.0
        community.zabbix 2.1.0
        containers.podman 1.10.3
        cyberark.conjur 1.2.2
        cyberark.pas 1.0.23
        dellemc.enterprise_sonic 2.2.0
        dellemc.openmanage 7.6.1
        dellemc.powerflex 1.9.0
        dellemc.unity 1.7.1
        f5networks.f5_modules 1.26.0
        fortinet.fortimanager 2.2.1
        fortinet.fortios 2.3.2
        frr.frr 2.0.2
        gluster.gluster 1.0.2
        google.cloud 1.2.0
        grafana.grafana 2.2.3
        hetzner.hcloud 1.16.0
        hpe.nimble 1.1.4
        ibm.qradar 2.1.0
        ibm.spectrum_virtualize 1.12.0
        infinidat.infinibox 1.3.12
        infoblox.nios_modules 1.5.0
        inspur.ispim 1.3.0
        inspur.sm 2.3.0
        junipernetworks.junos 5.3.0
        kubernetes.core 2.4.0
        lowlydba.sqlserver 2.2.1
        microsoft.ad 1.3.0
        netapp.aws 21.7.0
        netapp.azure 21.10.0
        netapp.cloudmanager 21.22.0
        netapp.elementsw 21.7.0
        netapp.ontap 22.7.0
        netapp.storagegrid 21.11.1
        netapp.um_info 21.8.0
        netapp_eseries.santricity 1.4.0
        netbox.netbox 3.14.0
        ngine_io.cloudstack 2.3.0
        ngine_io.exoscale 1.1.0
        ngine_io.vultr 1.1.3
        openstack.cloud 2.1.0
        openvswitch.openvswitch 2.1.1
        ovirt.ovirt 3.2.0
        purestorage.flasharray 1.21.0
        purestorage.flashblade 1.14.0
        purestorage.fusion 1.6.0
        sensu.sensu_go 1.14.0
        servicenow.servicenow 1.0.6
        splunk.es 2.1.0
        t_systems_mms.icinga_director 1.[33](https://github.com/saage-tech/ansible/actions/runs/6627761312/job/18003466387#step:6:34).1
        telekom_mms.icinga_director 1.[34](https://github.com/saage-tech/ansible/actions/runs/6627761312/job/18003466387#step:6:35).1
        theforeman.foreman 3.14.0
        vmware.vmware_rest 2.3.1
        vultr.cloud 1.10.0
        vyos.vyos 4.1.0
        wti.remote 1.0.5

/usr/lib/python3/dist-packages/ansible_collections
Collection Version
- - - - -------
        amazon.aws 1.4.0
        ansible.netcommon 1.5.0
        ansible.posix 1.1.1
        ansible.windows 1.4.0
        arista.eos 1.3.0
        awx.awx 14.1.0
        azure.azcollection 1.4.0
        check_point.mgmt 1.0.6
        chocolatey.chocolatey 1.0.2
        cisco.aci 1.1.1
        cisco.asa 1.0.4
        cisco.intersight 1.0.10
        cisco.ios 1.3.0
        cisco.iosxr 1.2.1
        cisco.meraki 2.2.0
        cisco.mso 1.1.0
        cisco.nso 1.0.3
        cisco.nxos 1.4.0
        cisco.ucs 1.6.0
        cloudscale_ch.cloud 1.3.1
        community.aws 1.3.0
        community.azure 1.0.0
        community.crypto 1.4.0
        community.digitalocean 1.0.0
        community.docker 1.2.2
        community.fortios 1.0.0
        community.general 1.3.6
        community.google 1.0.0
        community.grafana 1.1.0
        community.hashi_vault 1.1.0
        community.hrobot 1.1.0
        community.kubernetes 1.1.1
        community.kubevirt 1.0.0
        community.libvirt 1.0.0
        community.mongodb 1.2.0
        community.mysql 1.2.0
        community.network 1.3.2
        community.okd 1.0.0
        community.postgresql 1.1.1
        community.proxysql 1.0.0
        community.rabbitmq 1.0.1
        community.routeros 1.1.0
        community.skydive 1.0.0
        community.vmware 1.7.0
        community.windows 1.3.0
        community.zabbix 1.2.0
        containers.podman 1.4.1
        cyberark.conjur 1.1.0
        cyberark.pas 1.0.5
        dellemc.os10 1.0.2
        dellemc.os6 1.0.6
        dellemc.os9 1.0.3
        f5networks.f5_modules 1.7.1
        fortinet.fortimanager 1.0.5
        fortinet.fortios 1.1.8
        frr.frr 1.0.3
        gluster.gluster 1.0.1
        google.cloud 1.0.2
        hetzner.hcloud 1.2.1
        ibm.qradar 1.0.3
        infinidat.infinibox 1.2.4
        junipernetworks.junos 1.3.0
        mellanox.onyx 1.0.0
        netapp.aws 20.9.0
        netapp.elementsw 20.11.0
        netapp.ontap 20.12.0
        netapp_eseries.santricity 1.1.0
        netbox.netbox 1.2.1
        ngine_io.cloudstack 1.2.0
        ngine_io.exoscale 1.0.0
        ngine_io.vultr 1.1.0
        openstack.cloud 1.2.1
        openvswitch.openvswitch 1.1.0
        ovirt.ovirt 1.3.0
        purestorage.flasharray 1.6.2
        purestorage.flashblade 1.4.0
        servicenow.servicenow 1.0.4
        splunk.es 1.0.2
        theforeman.foreman 1.5.1
        vyos.vyos 1.1.1
        wti.remote 1.0.1
```

1. 1. AWS SDK versions

```console (paste below)
$ pip show boto boto3 botocore
Name: boto
Version: 2.49.0
Summary: Amazon Web Services Library
Home-page: https://github.com/boto/boto/
Author: Mitch Garnaat
Author-email: mitch@garnaat.com
License: MIT
Location: /usr/local/lib/python3.10/dist-packages
Requires:
Required-by:
—
Name: boto3
Version: 1.28.69
Summary: The AWS SDK for Python
Home-page: https://github.com/boto/boto3
Author: Amazon Web Services
Author-email:
License: Apache License 2.0
Location: /home/ubuntu/.local/lib/python3.10/site-packages
Requires: botocore, jmespath, s3transfer
Required-by:
—
Name: botocore
Version: 1.31.69
Summary: Low-level, data-driven core of boto 3.
Home-page: https://github.com/boto/botocore
Author: Amazon Web Services
Author-email:
License: Apache License 2.0
Location: /home/ubuntu/.local/lib/python3.10/site-packages
Requires: jmespath, python-dateutil, urllib3
Required-by: boto3, s3transfer
```

1. 1. Configuration

```console (paste below)
$ ansible-config dump --only-changed
CONFIG_FILE() = /home/ubuntu/actions-runner/_work/ansible/ansible/ansible.cfg
DEFAULT_ROLES_PATH(/home/ubuntu/actions-runner/_work/ansible/ansible/ansible.cfg) = ['/home/ubuntu/actions-runner/_work/ansible/ansible/roles']
HOST_KEY_CHECKING(/home/ubuntu/actions-runner/_work/ansible/ansible/ansible.cfg) = False
INTERPRETER_PYTHON(/home/ubuntu/actions-runner/_work/ansible/ansible/ansible.cfg) = auto
```

1. 1. OS / Environment

Operating System: Ubuntu 22.04.3 LTS
Kernel: Linux 5.19.0-1025-aws
Architecture: x86-64

1. 1. Steps to Reproduce

```yaml (paste below)

name: "Check names"
hosts: sentries
gather_facts: no

tasks:

name: Test 1
become: true
become_user: "{{ bin_username }}"
ansible.builtin.command: "whoami"

name: Test 1.2
become: true
become_user: "{{ bin_username }}"
ansible.builtin.command: "echo {{ bin_username }}"

name: Test 2
become: true
become_user: root
ansible.builtin.command: "whoami"

name: Test 3
become: true
become_user: ubuntu
ansible.builtin.command: "whoami"

name: Test 4
become: true
become_user: nobody
ansible.builtin.command: "whoami"

name: Test 4
become: true
become_user: www-data
ansible.builtin.command: "whoami"
```

1. 1. Expected Results

TASK [Test 1] ******************************************************************
changed: [sentry_1] => {
"changed": true,
"cmd": [
"whoami"
],
"delta": "0:00:00.004309",
"end": "2023-10-24 14:03:28.813178",
"invocation": {
"module_args":

{ "_raw_params": "whoami", "_uses_shell": false, "argv": null, "chdir": null, "creates": null, "executable": null, "removes": null, "stdin": null, "stdin_add_newline": true, "strip_empty_ends": true }

},
"msg": "",
"rc": 0,
"start": "2023-10-24 14:03:28.808869",
"stderr": "",
"stderr_lines": [],
"stdout": "ssm-user",
"stdout_lines": [
"ubuntu"
]
}

1. 1. Actual Results

```console (paste below)
TASK [Test 1] ******************************************************************
<i-05cc610c9a2419e62> ESTABLISH SSM CONNECTION TO: i-05cc610c9a2419e62
<i-0574c0de0e7d4c9e9> ESTABLISH SSM CONNECTION TO: i-0574c0de0e7d4c9e9
<i-0574c0de0e7d4c9e9> EXEC: ( umask 77 && mkdir -p "` echo /tmp/.ansible/tmp/ `"&& mkdir "` echo /tmp/.ansible/tmp/ansible-tmp-1698156205.3669071-8343-231094560590991 `" && echo ansible-tmp-1698156205.3669071-8343-231094560590991="` echo /tmp/.ansible/tmp/ansible-tmp-1698156205.3669071-8343-231094560590991 `" )
<i-05cc610c9a2419e62> EXEC: ( umask 77 && mkdir -p "` echo /tmp/.ansible/tmp/ `"&& mkdir "` echo /tmp/.ansible/tmp/ansible-tmp-1698156205.3249717-8341-270228630598681 `" && echo ansible-tmp-1698156205.3249717-8341-270228630598681="` echo /tmp/.ansible/tmp/ansible-tmp-1698156205.3249717-8341-270228630598681 `" )
Using module file /home/ubuntu/.local/lib/python3.10/site-packages/ansible/modules/command.py
<i-0574c0de0e7d4c9e9> PUT /home/ubuntu/.ansible/tmp/ansible-local-8337duiu9xri/tmpz14vwcgu TO /tmp/.ansible/tmp/ansible-tmp-1698156205.3669071-8343-231094560590991/AnsiballZ_command.py
Using module file /home/ubuntu/.local/lib/python3.10/site-packages/ansible/modules/command.py
<i-05cc610c9a2419e62> PUT /home/ubuntu/.ansible/tmp/ansible-local-8337duiu9xri/tmpjak6wd0t TO /tmp/.ansible/tmp/ansible-tmp-1698156205.3249717-8341-270228630598681/AnsiballZ_command.py
<i-05cc610c9a2419e62> EXEC: curl -o '/tmp/.ansible/tmp/ansible-tmp-1698156205.3249717-8341-270228630598681/AnsiballZ_command.py' 'https://s3.amazonaws.com/sharedbucket-file-transfer-605891412207-us-east-1/i-05cc610c9a2419e62//tmp/.ansible/tmp/ansible-tmp-1698156205.3249717-8341-270228630598681/AnsiballZ_command.py?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=**%2F20231024%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20231024T140327Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Security-Token=**&X-Amz-Signature=3ea79f824063aa38a3a141e1050dfbdb2f92ade8b91d6ef688fb477cc87253d1'
<i-0574c0de0e7d4c9e9> EXEC: curl -o '/tmp/.ansible/tmp/ansible-tmp-1698156205.3669071-8343-231094560590991/AnsiballZ_command.py' 'https://s3.amazonaws.com/sharedbucket-file-transfer-605891412207-us-east-1/i-0574c0de0e7d4c9e9//tmp/.ansible/tmp/ansible-tmp-1698156205.3669071-8343-231094560590991/AnsiballZ_command.py?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=**%2F20231024%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20231024T140327Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Security-Token=**&X-Amz-Signature=cb2a93f16a5a0cc9ca806e7def30e202092f87e2a88e80b6d3b5741edfec2215'
<i-05cc610c9a2419e62> EXEC: touch '/tmp/.ansible/tmp/ansible-tmp-1698156205.3249717-8341-2702286[305](https://github.com/saage-tech/ansible/actions/runs/6627966176/job/18004043621#step:6:306)98681/AnsiballZ_command.py'
<i-05cc610c9a2419e62> EXEC: chmod u+x /tmp/.ansible/tmp/ansible-tmp-1698156205.3249717-8341-270228630598681/ /tmp/.ansible/tmp/ansible-tmp-1698156205.3249717-8341-270228630598681/AnsiballZ_command.py
<i-05cc610c9a2419e62> EXEC: /usr/bin/python3 /tmp/.ansible/tmp/ansible-tmp-1698156205.3249717-8341-270228630598681/AnsiballZ_command.py
<i-0574c0de0e7d4c9e9> EXEC: touch '/tmp/.ansible/tmp/ansible-tmp-1698156205.3669071-8343-2[310](https://github.com/saage-tech/ansible/actions/runs/6627966176/job/18004043621#step:6:311)94560590991/AnsiballZ_command.py'
<i-0574c0de0e7d4c9e9> EXEC: chmod u+x /tmp/.ansible/tmp/ansible-tmp-1698156205.3669071-8343-231094560590991/ /tmp/.ansible/tmp/ansible-tmp-1698156205.3669071-8343-231094560590991/AnsiballZ_command.py
<i-0574c0de0e7d4c9e9> EXEC: /usr/bin/python3 /tmp/.ansible/tmp/ansible-tmp-1698156205.3669071-8343-231094560590991/AnsiballZ_command.py
<i-05cc610c9a2419e62> EXEC: rm -f -r /tmp/.ansible/tmp/ansible-tmp-1698156205.3249717-8341-270228630598681/ > /dev/null 2>&1
<i-05cc610c9a2419e62> CLOSING SSM CONNECTION TO: i-05cc610c9a2419e62
changed: [sentry_1] => {
"changed": true,
"cmd": [
"whoami"
],
"delta": "0:00:00.004309",
"end": "2023-10-24 14:03:28.813178",
"invocation": {
"module_args":

{ "_raw_params": "whoami", "_uses_shell": false, "argv": null, "chdir": null, "creates": null, "executable": null, "removes": null, "stdin": null, "stdin_add_newline": true, "strip_empty_ends": true }

},
"msg": "",
"rc": 0,
"start": "2023-10-24 14:03:28.808869",
"stderr": "",
"stderr_lines": [],
"stdout": "ssm-user",
"stdout_lines": [
"ssm-user"
]
}
```

1. 1. Code of Conduct

[X] I agree to follow the Ansible Code of Conduct

Details

Description

Attachments

Easy Agile Planning Poker

Activity

People

Dates