sudo via ansible not working

34 views
Skip to first unread message

Shan Mugarajan

unread,
Apr 25, 2019, 10:27:49 AM4/25/19
to Ansible Project
ansible-playbook playbooks/install/fim/VERIFICATION.yml --ask-become-pass -vvv


Playbook:
---
 - name: WAS Verification
   hosts: fim-server 
   sudo: yes
   sudo_user: was
   gather_facts: no
   roles:
     - AMU_WAS_VERIFICATION



Output:
---------
<clsadanan06> ESTABLISH LOCAL CONNECTION FOR USER: iambuild
<clsadanan06> EXEC /bin/sh -c 'echo ~iambuild && sleep 0'
<clsadanan06> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /var/tmp/ansible-tmp-1556201421.43-108601847029782 `" && echo ansible-tmp-1556201421.43-10860184702
9782="` echo /var/tmp/ansible-tmp-1556201421.43-108601847029782 `" ) && sleep 0'
Using module file /u/ibm/iambuild/buildenv/lib/python2.7/site-packages/ansible/modules/commands/command.py
<clsadanan06> PUT /u/ibm/iambuild/.ansible/tmp/ansible-local-58559hOE1P/tmpfXbA8L TO /var/tmp/ansible-tmp-1556201421.43-108601847029782/command.py
<clsadanan06> EXEC /bin/sh -c 'setfacl -m u:was:r-x /var/tmp/ansible-tmp-1556201421.43-108601847029782/ /var/tmp/ansible-tmp-1556201421.43-108601847029782/comman
d.py && sleep 0'
<clsadanan06> EXEC /bin/sh -c 'sudo -H -S  -p "[sudo via ansible, key=tjlmchdjrdkjehshmuxleufecypcusam] password: " -u was /bin/sh -c '"'"'echo BECOME-SUCCESS-tj
lmchdjrdkjehshmuxleufecypcusam; /usr/bin/env python /var/tmp/ansible-tmp-1556201421.43-108601847029782/command.py'"'"' && sleep 0'
<clsadanan06> EXEC /bin/sh -c 'rm -f -r /var/tmp/ansible-tmp-1556201421.43-108601847029782/ > /dev/null 2>&1 && sleep 0'
fatal: [clsadanan06]: FAILED! => {
    "changed": false, 

    "module_stderr": "Sorry, try again.\n[sudo via ansible, key=tjlmchdjrdkjehshmuxleufecypcusam] password: \nsudo: 1 incorrect password attempt\n", 
    "module_stdout": "Error: account is locked.\nError: account is locked.\n", 

    "msg": "MODULE FAILURE", 
    "rc": 1
}


ansible --version
ansible 2.6.4
  config file = /GIT/SST/git/iam/internal/playbook-iam/ansible.cfg
  configured module search path = [u'/u/ibm/iambuild/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /u/ibm/iambuild/buildenv/lib/python2.7/site-packages/ansible
  executable location = /u/ibm/iambuild/buildenv/bin/ansible
  python version = 2.7.13 (default, Feb  8 2017, 06:30:30) [GCC 4.4.7 20120313 (Red Hat 4.4.7-16)]


 sudo -V
Sudo version 1.8.6p3
Sudoers policy plugin version 1.8.6p3
Sudoers file grammar version 42
Sudoers I/O plugin version 1.8.6p3


Distributor ID: RedHatEnterpriseServer
Description:    Red Hat Enterprise Linux Server release 6.7 (Santiago)
Release:        6.7
Codename:       Santiago

Can you please help?

Rui Moreira

unread,
Apr 25, 2019, 10:29:45 AM4/25/19
to ansible...@googlegroups.com
sudo requires password for was user ... and the account seems to be locked too 



--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/350554ca-ade7-482b-9e78-f7ecdd599ed7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Shankar Pentyala

unread,
Apr 25, 2019, 10:30:03 AM4/25/19
to ansible...@googlegroups.com
It says wrong password .You can use become: yes instead of sudo 

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/350554ca-ade7-482b-9e78-f7ecdd599ed7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--

Rui Moreira

unread,
Apr 25, 2019, 10:32:24 AM4/25/19
to ansible...@googlegroups.com
become: yes will have the same problem.
the account is locked .


To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAKLj9CLnHAMR8mJmZ61hMTo83zmvmBXjiSW%3DvEmAGCRXgEtveQ%40mail.gmail.com.

Shan Mugarajan

unread,
Apr 25, 2019, 10:50:11 AM4/25/19
to Ansible Project
Account is maintained in Active directory and it is not locked, just verified via ssh login and same password .
 
fatal: [clsadanan06]: FAILED! => {
    "changed": false, 
    "module_stderr": "Sorry, try again.\n[sudo via ansible, key=uxyrqcanlkxagtwldkpxkohaghqxxqei] password: \nsudo: 1 incorrect password attempt\n", 
    "module_stdout": "Error: account is locked.\nError: account is locked.\n", 
    "msg": "MODULE FAILURE", 
    "rc": 1
}

PLAY RECAP ******************************************************************************************************************************************************

clsadanan06                : ok=0    changed=0    unreachable=0    failed=1   

(buildenv)[iambuild@clsadamgt01 playbook-iam]$ ssh was@clsadanan06
Last login: Thu Apr 25 15:44:40 2019 from 10.22.11.236
*******************************************************************************


On Thursday, 25 April 2019 20:02:24 UTC+5:30, Rui Moreira wrote:
become: yes will have the same problem.
the account is locked .


On Thu, Apr 25, 2019 at 3:30 PM Shankar Pentyala <shankar...@gmail.com> wrote:
It says wrong password .You can use become: yes instead of sudo 
To unsubscribe from this group and stop receiving emails from it, send an email to ansible...@googlegroups.com.
--

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages