Re: [ansible-project] Re: "Timeout (17s) waiting for privilege escalation prompt: "

189 views
Skip to first unread message

Matt Martz

unread,
Feb 24, 2022, 4:23:04 PM2/24/22
to ansible...@googlegroups.com
It sounds like your inventory states `ansible_become=true` which forces become for every execution, but your inventory does not include `ansible_become_password`.

When specifying the same user for `--become-user` that you are logging in as, effectively disables become, and doesn't require a password.

On Thu, Feb 24, 2022 at 3:18 PM Anthony Cygne <ant...@gmail.com> wrote:
If i do a "--become-user MYUSERNAME it does not time out and executes properly.
ie.
MYUSERNAME@ANSIBLESERVER ~]$ ansible TARGETHOSTGROUP -b -k -K -i /etc/ansible/inventory/  -m ping --become-user MYUSERNAME

I exist on both systems. and authenticate via ldap.


somebody explain why I have to become myself.

On Wednesday, February 23, 2022 at 12:49:48 PM UTC-6 Anthony Cygne wrote:
tail -f messages secure


{with ansible}
==> messages <==
Feb 23 18:46:31 alcp-im1 sshd[30107]: rexec line 141: Deprecated option RhostsRSAAuthentication

==> secure <==
Feb 23 18:46:31 alcp-im1 sshd[30107]: rexec line 141: Deprecated option RhostsRSAAuthentication
Feb 23 18:46:31 alcp-im1 sshd[30107]: FIPS mode initialized
Feb 23 18:46:31 alcp-im1 sshd[30107]: reprocess config line 141: Deprecated option RhostsRSAAuthentication
Feb 23 18:46:31 alcp-im1 sshd[30107]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=alip-util1.nrtio.com user=acygne-admin
Feb 23 18:46:31 alcp-im1 sshd[30107]: Accepted password for acygne-admin from 172.20.60.30 port 54870 ssh2

==> messages <==
Feb 23 18:46:31 alcp-im1 systemd-logind: New session 7242 of user acygne-admin.

==> secure <==
Feb 23 18:46:31 alcp-im1 systemd-logind: New session 7242 of user acygne-admin.

==> messages <==
Feb 23 18:46:31 alcp-im1 systemd: Started Session 7242 of user acygne-admin.

==> secure <==
Feb 23 18:46:31 alcp-im1 sshd[30107]: pam_unix(sshd:session): session opened for user acygne-admin by (uid=0)






{manual ssh and elevate}
Feb 23 18:47:49 alcp-im1 sshd[30112]: Received disconnect from 172.20.60.30 port 54870:11: disconnected by user
Feb 23 18:47:49 alcp-im1 sshd[30112]: Disconnected from 172.20.60.30 port 54870
Feb 23 18:47:49 alcp-im1 sshd[30107]: pam_unix(sshd:session): session closed for user acygne-admin

==> messages <==
Feb 23 18:47:49 alcp-im1 systemd-logind: Removed session 7242.

==> secure <==
Feb 23 18:47:49 alcp-im1 systemd-logind: Removed session 7242.

==> messages <==
Feb 23 18:47:54 alcp-im1 sshd[30301]: rexec line 141: Deprecated option RhostsRSAAuthentication

==> secure <==
Feb 23 18:47:54 alcp-im1 sshd[30301]: rexec line 141: Deprecated option RhostsRSAAuthentication
Feb 23 18:47:54 alcp-im1 sshd[30301]: FIPS mode initialized
Feb 23 18:47:54 alcp-im1 sshd[30301]: reprocess config line 141: Deprecated option RhostsRSAAuthentication
Feb 23 18:47:57 alcp-im1 sshd[30301]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=alip-util1.nrtio.com user=acygne-admin
Feb 23 18:47:57 alcp-im1 sshd[30301]: Accepted password for acygne-admin from 172.20.60.30 port 55028 ssh2

==> messages <==
Feb 23 18:47:57 alcp-im1 systemd-logind: New session 7243 of user acygne-admin.

==> secure <==
Feb 23 18:47:57 alcp-im1 systemd-logind: New session 7243 of user acygne-admin.

==> messages <==
Feb 23 18:47:57 alcp-im1 systemd: Started Session 7243 of user acygne-admin.

==> secure <==
Feb 23 18:47:57 alcp-im1 sshd[30301]: pam_unix(sshd:session): session opened for user acygne-admin by (uid=0)
Feb 23 18:48:04 alcp-im1 sudo: pam_sss(sudo:auth): authentication success; logname=acygne-admin uid=1208001658 euid=0 tty=/dev/pts/1 ruser=acygne-admin rhost= user=acygne-admin
Feb 23 18:48:04 alcp-im1 sudo: acygne-admin : TTY=pts/1 ; PWD=/home/acygne-admin ; USER=root ; COMMAND=/bin/su
Feb 23 18:48:04 alcp-im1 sudo: pam_unix(sudo:session): session opened for user root by acygne-admin(uid=0)

==> messages <==
Feb 23 18:48:04 alcp-im1 su: (to root) acygne-admin on pts/1

==> secure <==
Feb 23 18:48:04 alcp-im1 su: (to root) acygne-admin on pts/1
Feb 23 18:48:04 alcp-im1 su: pam_unix(su:session): session opened for user root by acygne-admin(uid=0)




On Wednesday, February 23, 2022 at 9:48:16 AM UTC-6 Anthony Cygne wrote:
 | FAILED! => {
    "msg": "Timeout (17s) waiting for privilege escalation prompt: "
}

I can manually elevate with the correct same password. But not with ansible. Same playbook works fine for others.

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/4b3df1b0-fa08-4a96-8a31-b3e29843ec25n%40googlegroups.com.


--
Matt Martz
@sivel
sivel.net
Reply all
Reply to author
Forward
0 new messages