I want to run ansible with user sa1 without sudo password:
First time OK:
[root@centos1 cp]# ansible cent2 -m shell -a "sudo yum -y install httpd"
cent2 | SUCCESS | rc=0 >>
Second time FAILED:
[root@centos1 cp]# ansible cent2 -s -m yum -a "name=httpd state=absent"
cent2 | FAILED! => {
"changed": false,
"failed": true,
"module_stderr": "",
"module_stdout": "sudo: a password is required\r\n",
"msg": "MODULE FAILURE",
"parsed": false
}
Please help!
It's not ansible it's your server's configuration. Make sure that sudo is allowed for the user ansible is using without password.
sudo visudocentos ALL=(ALL) NOPASSWD:ALLcentos with the your userYou can try from the server itself by running:
sudo -u [yourusername] sudo echo "success"
If this works it should work from ansible too.
[root@centos1 cp]# ansible cent2 -m shell -a "sudo yum -y install httpd" cent2 | SUCCESS | rc=0 >> i have already add sa1 ALL=(ALL) NOPASSWD: SOFTWARE , /bin/echo –
Ashjian SOFTWARE is a command alias. What do you have defined there? Can you try with ALL to see if that is the limiting factor? If you run ansible with -vvvv you can see what command it is trying to invoke. –
Filling Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum –
Ashjian -vvvv. It puts and calls a different yum file: PUT /var/folders/sr/hcg9zzm12jg28txszy7nnh0x721jx7/T/tmpLs5wbd TO /home/centos/.ansible/tmp/ansible-tmp-1464250141.88-48281030641080/yum and after that /usr/bin/python -tt /home/centos/.ansible/tmp/ansible-tmp-1464250141.88-48281030641080/yum so your alias is not matching with the command being executed with ansible module. –
Filling By default ansible runs sudo with the flags: -H -S -n to become root. Where --non-interactive would be the corresponding long form for option -n. This option seems to make sudo return the error message, without attempting to let the authentication modules do their thing.
I managed to get around the password error by creating a ~/.ansible.cfg containing lines as below, for the most relevant ansible version.
ansible 2.4
[defaults]
sudo_flags = --set-home --stdin
ansible 2.9
[sudo_become_plugin]
flags = -H -S
That was at least enough to allow pam_ssh_agent_auth.so to run and authenticate me.
Prior to version 2.8 the above example works, newer than 2.8 requires the second example. Documentation for the new style configuration can be found in the Ansible User Guide.
Here's the playbook in case you want ansible make it for you
wheel)- name: Make users passwordless for sudo in group wheel
lineinfile:
path: /etc/sudoers
state: present
regexp: '^%wheel'
line: '%wheel ALL=(ALL) NOPASSWD: ALL'
validate: 'visudo -cf %s'
##-----------------------
- name: sudo without password
become: true
copy:
dest: /etc/sudoers.d/dont-prompt-ubuntu_user-for-sudo-password
content: 'ubuntu ALL=(ALL) NOPASSWD:ALL'
It creates a file called /etc/sudoers.d/dont-prompt-ubuntu_user-for-sudo-password with the following contents:
ubuntu ALL=(ALL) NOPASSWD:ALL
This works because Debian's and Ubuntu's default /etc/sudoers file has this line:
@includedir /etc/sudoers.d
This helped me with Ansible installed in VENV with
rm -rf ~/.ansible/
SSH Session was hanging in cache
© 2022 - 2024 — McMap. All rights reserved.
-sswitch is deprecated in newer versions. Maybe try with-b(become). Also, try to explicitly set the login user via-u, does it work then? – Paratyphoid