ansible error fpr sudo user

[visar]

Hello Experts,

I had a working playbook in my test environment, where my user was root user itslef and didnt have any issue.

When i moved my playbook to staging environment , there my login user account is "admin" which is sudo user. But all of my playbooks are failing in this environment.

---

- name: Replace the silent-install-server_ file to each Application Servers

  hosts: localhost,CCM,RM

  vars: 

    jts_file: /etc/ansible/roles/IBM2/files/silent-install-server_JTS.xml

    ccm_file: /etc/ansible/roles/IBM2/files/silent-install-server_CCM.xml

    rm_file: /etc/ansible/roles/IBM2/files/silent-install-server_RM.xml

    dest_dir: /opt/CLM-Web-Installer-Linux-6.0.5/im/linux.gtk.x86_64

  tasks:

    - name: check the folder existance

      stat: path=/opt/CLM-Web-Installer-Linux-6.0.5/im/linux.gtk.x86_64

      register: folder_exist

    - name: JTS Server

      copy:

        src: "{{ jts_file }}"

        dest: "{{ dest_dir }}/"

        mode: 777

        backup: yes

      delegate_to: localhost

      when: folder_exist.stat.exists == True

    - name: CCM Server

      copy:

        src: "{{ ccm_file }}"

        dest: "{{ dest_dir }}/"

        mode: 777

        backup: yes

      delegate_to: 10.170.3.12

      when: folder_exist.stat.exists == True

    - name: RM Server

      copy:

        src: "{{ rm_file }}"

        dest: "{{ dest_dir }}/"

        mode: 777

        backup: yes

      delegate_to: 10.170.3.15

      when: folder_exist.stat.exists == True

getting below error.

PLAY [Replace the silent-install-server_ file to each Application Servers] **********************************************************************************

TASK [Gathering Facts] **************************************************************************************************************************************

ok: [localhost]

fatal: [10.16.24.102]: FAILED! => {"msg": "Timeout (12s) waiting for privilege escalation prompt: "}

fatal: [10.165.240.103]: FAILED! => {"msg": "Timeout (12s) waiting for privilege escalation prompt: "}

TASK [check the folder existance] ***************************************************************************************************************************

ok: [localhost]

TASK [JTS Server] *******************************************************************************************************************************************

ok: [localhost -> localhost]

TASK [CCM Server] *******************************************************************************************************************************************

fatal: [localhost]: FAILED! => {"msg": "Failed to get information on remote file (/opt/CLM-Web-Installer-Linux-6.0.5/im/linux.gtk.x86_64/silent-install-server_CCM.xml): Shared connection to 10.16.24.102 closed.\r\n"}

        to retry, use: --limit @/etc/ansible/roles/IBM2/tasks/best/silentiInstallerfile.retry

PLAY RECAP **************************************************************************************************************************************************

10.16.24.102             : ok=0    changed=0    unreachable=0    failed=1

10.16.24.103             : ok=0    changed=0    unreachable=0    failed=1

localhost                  : ok=3    changed=0    unreachable=0    failed=1

my hostfile is as below

[IHS]

10.16.24.100

[JTS]

10.16.24.101

[CCM]

10.16.24.102

[RM]

10.16.24.103

[Sudheer S]

On 22/02/19 6:58 PM, visar wrote:
> Hello Experts,
>
> I had a working playbook in my test environment, where my user was
> root user itslef and didnt have any issue.
> When i moved my playbook to staging environment , there my login user
> account is "admin" which is sudo user. But all of my playbooks are
> failing in this environment.

Have this in your playbook:

become: true

-

Sudheer S

[visar]

Hello Sudeer.. No luck.

---

- name: Replace the silent-install-server_ file to each Application Servers

  hosts: localhost,CCM,RM

  become: true

  vars:

    jts_file: /etc/ansible/roles/IBM2/files/silent-install-server_JTS.xml

    ccm_file: /etc/ansible/roles/IBM2/files/silent-install-server_CCM.xml

    rm_file: /etc/ansible/roles/IBM2/files/silent-install-server_RM.xml

    dest_dir: /opt/CLM-Web-Installer-Linux-6.0.5/im/linux.gtk.x86_64

  tasks:

    - name: check the folder existance

      stat: path=/opt/CLM-Web-Installer-Linux-6.0.5/im/linux.gtk.x86_64

      register: folder_exist

    - name: JTS Server

      copy:

        src: "{{ jts_file }}"

        dest: "{{ dest_dir }}/"

        mode: 777

        backup: yes

      delegate_to: localhost

      when: folder_exist.stat.exists == True

    - name: CCM Server

      copy:

        src: "{{ ccm_file }}"

        dest: "{{ dest_dir }}/"

        mode: 777

        backup: yes

      delegate_to: 10.16.24.102

      when: folder_exist.stat.exists == True

    - name: RM Server

      copy:

        src: "{{ rm_file }}"

        dest: "{{ dest_dir }}/"

        mode: 777

        backup: yes

      delegate_to: 10.16.24.103

      when: folder_exist.stat.exists == True

Output

________

PLAY [Replace the silent-install-server_ file to each Application Servers] **********************************************************************************

TASK [Gathering Facts] **************************************************************************************************************************************

fatal: [10.16.24.102]: FAILED! => {"changed": false, "module_stderr": "Shared connection to 10.16.24.102 closed.\r\n", "module_stdout": "sudo: a password is required\r\n", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

fatal: [10.16.24.103]: FAILED! => {"changed": false, "module_stderr": "Shared connection to 10.16.24.103 closed.\r\n", "module_stdout": "sudo: a password is required\r\n", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

ok: [localhost]

TASK [check the folder existance] ***************************************************************************************************************************

ok: [localhost]

TASK [JTS Server] *******************************************************************************************************************************************

ok: [localhost -> localhost]

TASK [CCM Server] *******************************************************************************************************************************************

fatal: [localhost]: FAILED! => {"msg": "Failed to get information on remote file (/opt/CLM-Web-Installer-Linux-6.0.5/im/linux.gtk.x86_64/silent-install-server_CCM.xml): Shared connection to 10.16.24.102 closed.\r\n"}

        to retry, use: --limit @/etc/ansible/roles/IBM2/tasks/best/silentiInstallerfile1.retry

PLAY RECAP **************************************************************************************************************************************************

10.16.24.102             : ok=0    changed=0    unreachable=0    failed=1

10.16.24.103             : ok=0    changed=0    unreachable=0    failed=1

localhost                  : ok=3    changed=0    unreachable=0    failed=1

[Sudheer S]

On 22/02/19 7:19 PM, visar wrote:

Hello Sudeer.. No luck.

Logon to the server manually as admin and try doing something like `sudo ls`.  See if password is required on the server.

-

Sudheer

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/b2c2673b-9961-4e53-b22a-7f72c4548e25%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[visar]

Hello Sudheer,

Yes, Password required for any action . because my user "admin" is created and added to sudoers group in staging environment where the playbook is failing.

 Whereas in my development environment the playbook was working as there i jhad root user password.

[Georg Großmann]

Have you tried the -K flag? 

Try

ansible-playbook -K yourplaybook.yaml

--

Georg Großmann

[visar]

Hello Georg,

Yes, tried.

Please find the error below.

ansible-playbook silentiInstallerfile1.yml -k

SSH password:

PLAY [Replace the silent-install-server_ file to each Application Servers] **********************************************************************************

TASK [Gathering Facts] **************************************************************************************************************************************

fatal: [10.16.24.103]: FAILED! => {"changed": false, "module_stderr": "Shared connection to 10.16.24.103 closed.\r\n", "module_stdout": "sudo: a password is required\r\n", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

fatal: [10.16.24.102]: FAILED! => {"changed": false, "module_stderr": "Shared connection to 10.16.24.102 closed.\r\n", "module_stdout": "sudo: a password is required\r\n", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

ok: [localhost]

TASK [check the folder existance] ***************************************************************************************************************************

ok: [localhost]

TASK [JTS Server] *******************************************************************************************************************************************

ok: [localhost -> localhost]

TASK [CCM Server] *******************************************************************************************************************************************

fatal: [localhost]: FAILED! => {"msg": "Failed to get information on remote file (/opt/CLM-Web-Installer-Linux-6.0.5/im/linux.gtk.x86_64/silent-install-server_CCM.xml): Shared connection to 10.16.24.102 closed.\r\n"}

        to retry, use: --limit @/etc/ansible/roles/IBM2/tasks/best/silentiInstallerfile1.retry

PLAY RECAP **************************************************************************************************************************************************

10.16.24.102             : ok=0    changed=0    unreachable=0    failed=1

10.16.24.103             : ok=0    changed=0    unreachable=0    failed=1

localhost                  : ok=3    changed=0    unreachable=0    failed=1

[Sudheer S]

On 22/02/19 7:29 PM, visar wrote:

Hello Sudheer,

Yes, Password required for any action . because my user "admin" is created and added to sudoers group in staging environment where the playbook is failing.

 Whereas in my development environment the playbook was working as there i jhad root user password.

For such situations, I would enable the 'admin' user to escalate privileges with sudo without specifying password. You can configure sudoer's to escalate privilege without password.

Would that resolve your problem?

-

Sudheer

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/8fd0dcb3-5fd7-4ab2-b92d-30a2de58e4cd%40googlegroups.com.

[Keif Gwinn]

it looks like it needs a password to escalate, have a look at https://docs.ansible.com/ansible/latest/user_guide/become.html#connection-variables to set an escalation password.

[vivek vijayan]

Hello sudeer, 

Yes. I had added the user admin to sudoers and made password less as same as given for  root user in the sudoers file.

But still no luck

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/615d68d9-0db6-5a7e-46c8-c65679258404%40techchorus.net.

[vivek vijayan]

Hello kief,

I already tried with different options of become as given in the link

 But couldn't resolve . I am not sure that which part of the playbook which I need to modify inorder to make it run for admin user. 

Where this playbook is working fine in another environmental where using root user 

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAMTXzjVZ-RjCHCuhESU6gkJ%3DA0TBLS8X7pacpKB2fnMSzH5UxA%40mail.gmail.com.

[Sudheer S]

On 22/02/19 8:16 PM, vivek vijayan wrote:
> Hello sudeer,
>
> Yes. I had added the user admin to sudoers and made password less as
> same as given for  root user in the sudoers file.
>
> But still no luck
>

I would first make sure that sudoer configuration is correct on the
target server. So, logon to server manually and make sure you can use
sudo without password.

-

Sudheer S

[Keif Gwinn]

> But couldn't resolve . I am not sure that which part of the playbook which I need to modify inorder to make it run for admin user. 

I've been doing a lot of become work the last day, I found it's designed to work on a task level in roles but does this work?

- name: Replace the silent-install-server_ file to each Application Servers

  hosts: localhost,CCM,RM

  vars: 

    jts_file: /etc/ansible/roles/IBM2/files/silent-install-server_JTS.xml

    ccm_file: /etc/ansible/roles/IBM2/files/silent-install-server_CCM.xml

    rm_file: /etc/ansible/roles/IBM2/files/silent-install-server_RM.xml

    dest_dir: /opt/CLM-Web-Installer-Linux-6.0.5/im/linux.gtk.x86_64

  ansible_become: yes

  ansible_become_user: root

  ansible_become_pass: "{{rootpass}}"

  tasks:

    - name: check the folder existance

      stat: path=/opt/CLM-Web-Installer-Linux-6.0.5/im/linux.gtk.x86_64

      register: folder_exist

    - name: JTS Server

      copy:

        src: "{{ jts_file }}"

        dest: "{{ dest_dir }}/"

        mode: 777

        backup: yes

      delegate_to: localhost

      when: folder_exist.stat.exists == True

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAJztPtS7vuGq%2Bs9Y%2BY_iMm21ZYhMS2rmFj8pVt-abZW%2BZU6p6w%40mail.gmail.com.

[visar]

Hello Sudheer,

Verified in all the servers and this was enabled already.

## Allow root to run any commands anywhere

root ALL=(ALL) NOPASSWD: ALL

admin ALL=(ALL) NOPASSWD: ALL

[visar]

ansible-playbook -k silentiInstallerfile1.yml

SSH password:

ERROR! 'ansible_become_user' is not a valid attribute for a Play

The error appears to have been in '/etc/ansible/roles/IBM2/tasks/best/silentiInstallerfile1.yml': line 3, column 3, but may

be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

- name: Replace the silent-install-server_ file to each Application Servers

  ^ here

[Sudheer S]

On 22/02/19 8:16 PM, vivek vijayan wrote:

Hello sudeer, 

Yes. I had added the user admin to sudoers and made password less as same as given for  root user in the sudoers file.

But still no luck

Are you both representing the same organization and hence the same problem?

I am confused by multiple situations:

"Yes. I had added the user admin to sudoers and made password less as same as given for  root user in the sudoers file." - vivu...@gmail.com

"Yes, Password required for any action . because my user "admin" is created and added to sudoers group in staging environment where the playbook is failing." - visar <vivu...@gmail.com>

-

Sudheer

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAJztPtTZ-hJvjtwqtVEuns7rp5Xfn76dkpXKZrgO6SgYur%2B5FQ%40mail.gmail.com.

[Jean-Yves LENHOF]

One more point to verify :

Are you connected with admin user on the controller-server (where you play your playbook) ?

If not you should use remote_user to admin...

Perhaps a verbose log error could help.... use -vvvv when playing ansible-playbook

Regards,

JYL

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/f94e51ee-2e4c-4663-b49d-8c831c629b7d%40googlegroups.com.