Passing sudo password to ansible (remote) provisioner

53 views
Skip to first unread message

Valentin Leon

unread,
Nov 18, 2019, 1:18:55 PM11/18/19
to Packer
Hello,

I am trying to provision a host using ansible (remote). The host is a clean ubuntu 18.04 install, but I am blocked running a simple ansible cookbook that requires root privileges.

I can run simple shell commands such as:
echo '{{user `ssh_password`}}' | sudo -S shutdown -P now

But I need a way to feed the sudo password into ansible, otherwise it fails:
    ubuntu-18.04: fatal: [default]: FAILED! => {"cache_update_time": 1574096255, "cache_updated": false, "changed": false, "msg": "'/usr/bin/apt-get
 -y -o \"Dpkg::Options::=--force-confdef\" -o
\"Dpkg::Options::=--force-confold\"      install 'mariadb-server''
failed: E: Could not open lock file /var/lib/dpkg/lock-frontend - open
(13: Permission denied)\nE: Unable to acquire the dpkg frontend lock
(/var/lib/dpkg/lock-frontend), are you root?\n", "rc": 100, "stderr": "E:
 Could not open lock file /var/lib/dpkg/lock-frontend - open (13:
Permission denied)\nE: Unable to acquire the dpkg frontend lock
(/var/lib/dpkg/lock-frontend), are you root?\n", "stderr_lines": ["E: Could not open lock file /var/lib/dpkg/lock-frontend - open (13: Permission denied)", "E: Unable to acquire the dpkg frontend lock (/var/lib/dpkg/lock-frontend), are you root?"], "stdout": "", "stdout_lines": []}

I have tried to tell ansible to use become:
    ubuntu-18.04: fatal: [default]: FAILED! => {"msg": "Missing sudo password"}

I have tried to pass the password as input:
"provisioners": [

            "type": "ansible",                                                            
            "command": "bash -c \"echo '{{user `ssh_password`}}' | ansible-playbook $@\"",
            "extra_arguments":
            [
                "--ask-become-pass"
            ],

however, this fails as it seems we cannot pass a commands with arguments:

* Error running "bash -c "echo '<sensitive>' | ansible-playbook $@" --version": exec: "bash -c \"echo '<sensitive>' | ansible-playbook $@\"": executable file not found in $PATH

I have tried to use the user root directly:
"provisioners": [
            "type": "ansible",                                                            
            "user": "root",

however this fails because I imagine ubuntu does not allow root to SSH directly:

    ubuntu-18.04: fatal: [default]: UNREACHABLE! => {"changed": false, "msg": "Authentication or permission failure. In some cases, you may have been able to authenticate and did not have permissions on the target directory. Consider changing the remote tmp path in ansible.cfg to a path rooted in \"/tmp\". Failed command was: ( umask 77 && mkdir -p \"` echo /root/.ansible/tmp/ansible-tmp-1574094286.5371425-44623893214428 `\" && echo ansible-tmp-1574094286.5371425-44623893214428=\"` echo /root/.ansible/tmp/ansible-tmp-1574094286.5371425-44623893214428 `\" ), exited with result 1", "unreachable": true}

I would like to find a solution that does not requires lowering the security of my host, such as allowing root SSH, or passwordless sudo. This seem like a pretty basic scenario, and I am surprised that I could not fine anyone explaining how to solve this issue. The only reference I found is this post: https://github.com/hashicorp/packer/issues/4263#issuecomment-280103496 but it got shutdown and the poster did not created a ticket.

Any ideas or help would be very welcome.

Thanks

Val

Valentin Leon

unread,
Nov 18, 2019, 1:20:21 PM11/18/19
to Packer
Apologies for the double posting, I kept seeing Google Groups errors.. some days nothing works.

An error (#847) occurred while communicating with the server.
RELOAD

Rickard von Essen

unread,
Nov 23, 2019, 10:16:01 AM11/23/19
to packe...@googlegroups.com

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/827f4b20-b10e-4090-83de-5dac7e641ca8%40googlegroups.com.

Valentin Leon

unread,
Nov 26, 2019, 6:20:02 PM11/26/19
to Packer
Thanks Rickard, that did the trick.

For clarity on this thread, the solution is to use the following:

"provisioners": [

            "type": "ansible",                                                            
            "extra_arguments":
            [
                "--extra-vars",
                "ansible_become_pass={{user `pass`}}"
            ],
To unsubscribe from this group and stop receiving emails from it, send an email to packe...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages