Privilege escalation error when running a sudo command on AWS Ubuntu machine

38 views
Skip to first unread message

lovesh harchandani

unread,
Aug 7, 2020, 4:53:09 PM8/7/20
to Ansible Project
Hi. 
I am trying to install a package on an AWS Ubuntu machine using ansible and getting error 

FAILED! => {"msg": "Timeout (42s) waiting for privilege escalation prompt: "} 

I have tried with high timeouts as suggested online. The package I am trying to install is docker and so it should take much time. 
Moreover, I am watching the file /var/log/auth.log while I run the playbook but cannot see any activity. 
I am able to do non-sudo actions however.

My ansible playbook is as follows

- hosts: '{{ host }}'
  tasks:
  - name: run lsb_releaset to check SSH works
     shell: lsb_release -a
   - name: Install docker if not already
     become: yes
     become_method: su
     package:
          name: "docker-ce"
          state: present

And my hosts file is as

[node]
<IP of the machine>

[node:vars]
ansible_ssh_user=ubuntu
ansible_ssh_private_key_file=<my pem file location> 

I am running ansible as 

ansible-playbook -i hosts playbook.yml --extra-vars "host=node" -T 40 -v

lovesh harchandani

unread,
Aug 7, 2020, 7:18:32 PM8/7/20
to Ansible Project
Resolved by changing su to sudo in become_method, i.e. changing become_method:su to become_method: sudo. The docs mention su however. Is this a bug in Ansible itself where it say in the error message that su is not acceptable or are su and sudo meant to do different things?

Jean-Yves LENHOF

unread,
Aug 8, 2020, 2:50:54 AM8/8/20
to ansible...@googlegroups.com

Hi,

su and sudo are two ways to become another user. So both method are available in ansible. Very often indeed in public cloud, this is the sudo way which is used during the provisionning of the server and assigning ssh key

"man su" and "man sudo" should help you to understand differences.

Regards,

JYL

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/1c6fde35-f469-4da6-9d84-bf44db250194n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages