request help with configuration issue: 'sudo: True' has no effect.

56 views
Skip to first unread message

Joel Hughes

unread,
Apr 13, 2014, 2:18:29 AM4/13/14
to ansible...@googlegroups.com
sudo: True has no effect
This is a configuration issue; hoping someone can spot my mistake.

Tested against Ansible versions: 1.4.5, 1.5.0 through 1.5.4, and devel branch; so I'm quite certain it is not an ansible issue.
Host OS: Ubuntu 12.04.4 fully patched
both ssh and sudo are passwordless  

cat /etc/sudoers.d/admin
jhughes ALL=(ALL) NOPASSWD:ALL

ansible.cfg changes from default
hostfile           = /srv/ansible/playbook/hosts                    #NOTE: tested against two nodes, only one listed below for brevity.
sudo_user      = jhughes
log_path         = /var/log/ansible/ansible.log
private_key_file = /srv/ansible/playbook/files/ssl/id_rsa    #NOTE: this matches the private key of jhughes
pipelining       = True                                                      #NOTE:  testing with pipelining on and off

Notice in the output below there is no reference to 'sudo'. I'm expecting to see something similar to:
...'grolsch', u'/bin/sh -c \'sudo -k && sudo -H -S -p "[sudo via ansible, key=l...

Test playbook (below): test_sudo.yml
Invoked with:
  1. ansible-playbook -vvvv playbook/test_sudo.yml
  2. ansible-playbook -vvvv playbook/test_sudo.yml --sudo -K

file: test_sudo.yml

---
- name: test sudo
  hosts: grolsch
  gather_facts: No
  sudo_user: jhughes
 
  tasks:
  - name: sudo test | sudo whoami
    shell: sudo whoami
    register: sudo_test_result

  - name: sudo test | whoami with sudo True
    sudo: True
    shell: whoami
    register: sudo_test_result

  - name: debug
    debug: var=sudo_test_result

  - name: sudo test check
    fail: msg="sudo didn't change to the correct user"
    when: sudo_test_result.stdout != root

output:
PLAY [test sudo] **************************************************************


TASK: [sudo test | sudo whoami] ***********************************************
<grolsch> ESTABLISH CONNECTION FOR USER: jhughes
<grolsch> REMOTE_MODULE command sudo whoami #USE_SHELL
<grolsch> EXEC ['ssh', '-C', '-vvv', '-o', 'ControlMaster=auto', '-o', 'ControlP
ersist=60s', '-o', 'ControlPath=/data/home/jhughes/.ansible/cp/ansible-ssh-%h-%p
-%r', '-o', 'Port=22', '-o', 'IdentityFile=/srv/ansible/playbook/files/ssl/id_rs
a', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gss
api-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no
', '-o', 'ConnectTimeout=10', 'grolsch', '/bin/sh -c /usr/bin/python']
changed: [grolsch] => {"changed": true, "cmd": "sudo whoami ", "delta": "0:00:00.005624", "end": "2014-04-13 02:03:57.611076", "rc": 0, "start": "2014-04-13 02:03:57.605452", "stderr": "", "stdout": "root"}


TASK: [sudo test | whoami with sudo True] *************************************
<grolsch> ESTABLISH CONNECTION FOR USER: jhughes
<grolsch> REMOTE_MODULE command whoami #USE_SHELL
<grolsch> EXEC ['ssh', '-C', '-vvv', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/data/home/jhughes/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'Port=22', '-o', 'IdentityFile=/srv/ansible/playbook/files/ssl/id_rsa', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', 'ConnectTimeout=10', 'grolsch', '/bin/sh -c /usr/bin/python']
changed: [grolsch] => {"changed": true, "cmd": "whoami ", "delta": "0:00:00.002535", "end": "2014-04-13 02:03:58.674758", "rc": 0, "start": "2014-04-13 02:03:58.672223", "stderr": "", "stdout": "jhughes"}


TASK: [debug] *****************************************************************
<grolsch> ESTABLISH CONNECTION FOR USER: jhughes
ok: [grolsch] => {
    "sudo_test_result": {
        "changed": true,
        "cmd": "whoami ",
        "delta": "0:00:00.002535",
        "end": "2014-04-13 02:03:58.674758",
        "invocation": {
            "module_args": "whoami",
            "module_name": "shell"
        },
        "rc": 0,
        "start": "2014-04-13 02:03:58.672223",
        "stderr": "",
        "stdout": "jhughes",
        "stdout_lines": [
            "jhughes"
        ]
    }
}


TASK: [sudo test check] *******************************************************
fatal: [grolsch] => error while evaluating conditional: sudo_test_result.stdout != root

Expected Output
I'm expecting to see a reference to sudo, similar to:
...'grolsch', u'/bin/sh -c \'sudo -k && sudo -H -S -p "[sudo via ansible, key=l...

Thanks for any help.
Joel

Adam Morris

unread,
Apr 14, 2014, 4:39:24 PM4/14/14
to ansible...@googlegroups.com


On Saturday, April 12, 2014 11:18:29 PM UTC-7, Joel Hughes wrote:

  sudo_user: jhughes
 


This is working exactly as directed...  I would remove sudo_user: myself but you could alternately set it to sudo_user: root.

The default for sudo is for it to switch to root, but if you set sudo_user it's the equivalent of running sudo -u <user_name> which runs the command as the provided <user_name>.  

I hope that this helps,

Adam
 

Joel Hughes

unread,
Apr 14, 2014, 5:04:27 PM4/14/14
to ansible...@googlegroups.com
The issue was the setting of sudo_user, as you described. I had set it in ansible.cfg and then was adding/removing in the playbook during troubleshooting.  With sudo_user set to the default or 'root' in ansible.cfg, 'sudo: True' operations are behaving as expected. 
Thanks for leading me in the correct direction. 
Joel 
Reply all
Reply to author
Forward
0 new messages