ansible-playbook fail with --ask-become-pass module to hp-ux
Jesus Vidal
I've create a simple playbook to test connectivity from my ansible server to an hp-ux with --ask-become-pass module, and seem not to work.
What I can see follows:
The playbook is:
ansible/playbooks $ cat TPAM.yml
---
- hosts: all
gather_facts: no
become: yes
become_method: su
become_user: root
tasks:
- name: test uptime
command: uptime
- name: test uname
shell: uname
register: salida
- debug: var=salida.stdout_lines
The output is:
test:/ansible/playbooks $ ansible-playbook -vvvv TPAM.yml --limit ignitep --ask-pass --ask-become-pass
/usr/lib64/python2.6/site-packages/pycrypto-2.6.1-py2.6-linux-x86_64.egg/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
Using /etc/ansible/ansible.cfg as config file
SSH password:
SUDO password[defaults to SSH password]:
Loaded callback default of type stdout, v2.0
1 plays in TPAM.yml
PLAY ***************************************************************************
TASK [test uptime] *************************************************************
task path: /root/home/ansible/playbooks/TPAM.yml:11
<ignitep> ESTABLISH SSH CONNECTION FOR USER: None
<ignitep> SSH: EXEC sshpass -d15 ssh -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o Port=22 -o ConnectTimeout=20 -o ControlPath=/root/home/.ansible/cp/ansible-ssh-%h-%p-%r -tt ignitep '/bin/sh -c '"'"'( umask 22 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1468485137.48-269929385646625 `" && echo "` echo $HOME/.ansible/tmp/ansible-tmp-1468485137.48-269929385646625 `" )'"'"''
<ignitep> PUT /tmp/tmpsDJSrg TO /root/home/hpjsplu/.ansible/tmp/ansible-tmp-1468485137.48-269929385646625/command
<ignitep> SSH: EXEC sshpass -d15 sftp -b - -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o Port=22 -o ConnectTimeout=20 -o ControlPath=/root/home/.ansible/cp/ansible-ssh-%h-%p-%r '[ignite1p]'
<ignitep> ESTABLISH SSH CONNECTION FOR USER: None
<ignitep> SSH: EXEC sshpass -d15 ssh -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o Port=22 -o ConnectTimeout=20 -o ControlPath=/root/home/.ansible/cp/ansible-ssh-%h-%p-%r -tt ignitep '/bin/sh -c '"'"'su root -c /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-whqzbeicifjsmstsilrycwbbceaxbbre; /bin/sh -c '"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'LANG=C LC_ALL=C LC_MESSAGES=C /opt/opsware/agent/bin/python /root/home/.ansible/tmp/ansible-tmp-1468485137.48-269929385646625/command; rm -rf "/root/home/.ansible/tmp/ansible-tmp-1468485137.48-269929385646625/" > /dev/null 2>&1'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"''"'"'"'"'"'"'"'"''"'"''
fatal: [ignitep]: FAILED! => {"failed": true, "msg": "Timeout (22s) waiting for privilege escalation prompt: \r\nLast successful login for root: Thu Jul 14 12:15:03 MET-1METDST 2016 on pts/0 \r\nLast unsuccessful login for root: Thu Jul 14 10:32:17 MET-1METDST 2016 \r\n"}
NO MORE HOSTS LEFT *************************************************************
to retry, use: --limit @TPAM.retry
PLAY RECAP *********************************************************************
ignitep : ok=0 changed=0 unreachable=0 failed=1
And on the hp-ux side:
[ignitep]/#ps -fu ansible
UID PID PPID C STIME TTY TIME COMMAND
ansible 20327 20326 0 10:31:21 pts/0 0:00 /bin/sh -c su root -c /bin/sh -c 'echo BECOME-SUCCESS-ctrcszwvfkamwueotlgrsljqrldakowe; /bin/sh -c '"'"'LANG=C LC_ALL=C LC_MES
ansible 3886 20317 0 12:15:03 pts/2 0:00 sh -c /bin/sh -c 'su root -c /bin/sh -c '"'"'echo BECOME-SUCCESS-uxzopavnkcvuttztadjubhvoaocplmmi; /bin/sh -c '"'"'"'"'"'"'"'"
ansible 20326 20317 0 10:31:21 pts/0 0:00 sh -c /bin/sh -c 'su root -c /bin/sh -c '"'"'echo BECOME-SUCCESS-ctrcszwvfkamwueotlgrsljqrldakowe; /bin/sh -c '"'"'"'"'"'"'"'"
ansible 4115 20317 0 12:16:22 pts/4 0:00 sh -c /bin/sh -c 'su root -c /bin/sh -c '"'"'echo BECOME-SUCCESS-lwftyetdxewykflocdwpogkoqaqlesux; /bin/sh -c '"'"'"'"'"'"'"'"
ansible 3911 3886 0 12:15:03 pts/2 0:00 /bin/sh -c su root -c /bin/sh -c 'echo BECOME-SUCCESS-uxzopavnkcvuttztadjubhvoaocplmmi; /bin/sh -c '"'"'LANG=C LC_ALL=C LC_MES
ansible 20332 20330 0 10:31:42 pts/1 0:00 -sh
ansible 4116 4115 0 12:16:22 pts/4 0:00 /bin/sh -c su root -c /bin/sh -c 'echo BECOME-SUCCESS-lwftyetdxewykflocdwpogkoqaqlesux; /bin/sh -c '"'"'LANG=C LC_ALL=C LC_MES
and is needed to kill all these processes.
ansible version:
:/ansible/playbooks $ ansible --version
/usr/lib64/python2.6/site-packages/pycrypto-2.6.1-py2.6-linux-x86_64.egg/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
ansible 2.0.1.0
config file = /etc/ansible/ansible.cfg
configured module search path = /usr/share/my_modules/
On ansible host:
Red Hat Enterprise Linux Server release 6.7 (Santiago)
On client side:
HP-UX ignite1p B.11.31 U ia64 0430496670 unlimited-user license
With ansible it works fine:
ansible/playbooks $ ansible ignitep -m shell -a 'uptime' --ask-pass --ask-become-pass
/usr/lib64/python2.6/site-packages/pycrypto-2.6.1-py2.6-linux-x86_64.egg/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
SSH password:
SUDO password[defaults to SSH password]:
ignitep | SUCCESS | rc=0 >>
12:25pm up 8 days, 16:44, 5 users, load average: 0.04, 0.04, 0.03
Any ideas ?
Thanks in advance.
Jesús