I have setup an ansible user that can login with a ssh-key and sudo su - with no password but this appears not to work.

22 views
Skip to first unread message

Steven Mething

unread,
Aug 13, 2019, 4:34:58 PM8/13/19
to Ansible Project
How do I fault find such an issue?

[svc_build@vuwunicorhsat01 ~]$ ansible-playbook site.yml 

PLAY [build] *****************************************************************************************************************************************************************

TASK [Gathering Facts] *******************************************************************************************************************************************************
fatal: [vuwunicopatch8a.ods.vuw.ac.nz]: FAILED! => {"changed": false, "module_stderr": "Shared connection to vuwunicopatch8a.ods.vuw.ac.nz closed.\r\n", "module_stdout": "sudo: a password is required\r\n", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}
to retry, use: --limit @/home/svc_build/site.retry

PLAY RECAP *******************************************************************************************************************************************************************
vuwunicopatch8a.ods.vuw.ac.nz : ok=0    changed=0    unreachable=0    failed=1   

[svc_build@vuwunicorhsat01 ~]$ ssh vuwunicopatch8a.ods.vuw.ac.nz -l svc_build
Activate the web console with: systemctl enable --now cockpit.socket

Last login: Wed Aug 14 08:26:56 2019 from 10.100.32.67
[svc_build@vuwunicopatch8a ~]$ sudo su -
Last login: Wed Aug 14 08:20:20 NZST 2019 on pts/0
[root@vuwunicopatch8a ~]# ^C
[root@vuwunicopatch8a ~]# logout
[svc_build@vuwunicopatch8a ~]$ logout
Connection to vuwunicopatch8a.ods.vuw.ac.nz closed.
[svc_build@vuwunicorhsat01 ~]$ more site.yml 
---
- hosts: build
  become_user: root
  become: yes
  tasks:
    - name: enable selinux
      command: /sbin/setenforce 1
[svc_build@vuwunicorhsat01 ~]$ 

Sebastian Meyer

unread,
Aug 13, 2019, 4:52:40 PM8/13/19
to ansible...@googlegroups.com
Hi Steven,

On 13.08.19 22:34, Steven Mething wrote:
> How do I fault find such an issue?
>

Ansible doesn't do sudo su -. It does sudo python
/ANSIBLETMP/CURRENTTASK.py or something like that.

Can you show us your sudoers config?

Sebastian

--
Sebastian Meyer
Linux Consultant & Trainer
Mail: me...@b1-systems.de

B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537


-- Deutsche OpenStack Tage 2019 -- 10% Rabatt auf den Ticketpreis ----
------------------------ https://openstack-tage.de (Code DOST-B1) ----

Thing

unread,
Aug 13, 2019, 8:18:37 PM8/13/19
to ansible...@googlegroups.com
Hi,

Thanks but I do not use a local sudoers file but sudo to root via Redhat's IPA. It works OK now the sssd setup was corrupted or an ongoing bug maybe.   Normally I'd expect something to appear in /var/log/secure but not in this case, hence confusion. 

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/c49a1a72-c40d-4019-6fba-9989901a88bd%40b1-systems.de.
Reply all
Reply to author
Forward
0 new messages