sudo using local connection

[step...@dupille.org]

Hello,

I've a problem using local connections and delegates.

Let's take that inventory :

[local]

local ansible_connection=local

[remote]

ahost ansible_host=ahost.example.com

Now, if I execute this playbook :

---

- hosts: local

  gather_facts: false

  tasks:

    - name: purely local

      file: dest=kikakikoo state=touch

- hosts: ahost

  gather_facts: false

  tasks:

    - name: delegate to local

      file: dest=kikoolol state=touch

      delegate_to: local

$ ansible-playbook -i inventory test.yml -vvv

No config file found; using defaults

2 plays in test.yml

PLAY ***************************************************************************

TASK [purely local] ************************************************************

task path: /Users/dust/ansible-encrypt/test.yml:5

ESTABLISH LOCAL CONNECTION FOR USER: dust

local EXEC /bin/sh -c '( umask 22 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1457605205.13-12915262102059 `" && echo "` echo $HOME/.ansible/tmp/ansible-tmp-1457605205.13-12915262102059 `" )'

local PUT /var/folders/9g/4_76mx817zv_dr0s_wtk8v180000gn/T/tmp3voD48 TO /Users/dust/.ansible/tmp/ansible-tmp-1457605205.13-12915262102059/file

local EXEC /bin/sh -c 'LANG=fr_FR.UTF-8 LC_ALL=fr_FR.UTF-8 LC_MESSAGES=fr_FR.UTF-8 /usr/bin/python /Users/dust/.ansible/tmp/ansible-tmp-1457605205.13-12915262102059/file; rm -rf "/Users/dust/.ansible/tmp/ansible-tmp-1457605205.13-12915262102059/" > /dev/null 2>&1'

changed: [local] => {"changed": true, "dest": "foobar", "gid": 20, "group": "staff", "invocation": {"module_args": {"backup": null, "content": null, "delimiter": null, "dest": "foobar", "diff_peek": null, "directory_mode": null, "follow": false, "force": false, "group": null, "mode": null, "original_basename": null, "owner": null, "path": "foobar", "recurse": false, "regexp": null, "remote_src": null, "selevel": null, "serole": null, "setype": null, "seuser": null, "src": null, "state": "touch", "validate": null}, "module_name": "file"}, "mode": "0644", "owner": "dust", "size": 0, "state": "file", "uid": 501}

First play is working fine, a file is touched in the current directory, created as the user who launched ansible-playbook. OK, everything works as expected.

Now, the second play :

PLAY ***************************************************************************

TASK [delegate to local] *******************************************************

task path: /Users/dust/ansible-encrypt/test.yml:11

ESTABLISH LOCAL CONNECTION FOR USER: dust

local EXEC /bin/sh -c '( umask 22 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1457605205.33-20084718120867 `" && echo "` echo $HOME/.ansible/tmp/ansible-tmp-1457605205.33-20084718120867 `" )'

local PUT /var/folders/9g/4_76mx817zv_dr0s_wtk8v180000gn/T/tmpZKCPnB TO /Users/dust/.ansible/tmp/ansible-tmp-1457605205.33-20084718120867/file

local EXEC /bin/sh -c 'sudo -H -S -n -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-awfsqcsliubjnjwozhtjcopnnjwmzxno; /bin/sh -c '"'"'"'"'"'"'"'"'LANG=fr_FR.UTF-8 LC_ALL=fr_FR.UTF-8 LC_MESSAGES=fr_FR.UTF-8 /usr/bin/python /Users/dust/.ansible/tmp/ansible-tmp-1457605205.33-20084718120867/file; rm -rf "/Users/dust/.ansible/tmp/ansible-tmp-1457605205.33-20084718120867/" > /dev/null 2>&1'"'"'"'"'"'"'"'"''"'"''

fatal: [ahost -> local]: FAILED! => {"changed": false, "failed": true, "invocation": {"module_name": "file"}, "module_stderr": "sudo: a password is required\n", "module_stdout": "", "msg": "MODULE FAILURE", "parsed": false}

It fails because it wants to sudo root.

Now the questions :

1) Why these two plays do not behave the same way ? Is it a bug ?

2) Where do this sudo comes from ?

3) How can I avoid that sudo ?

And, by the way :

$ ansible --version

ansible 2.0.1.0

  config file =

  configured module search path = Default w/o overrides

Many thanks !

[step...@dupille.org]

Le jeudi 10 mars 2016 15:21:39 UTC+1, step...@dupille.org a écrit :

Now the questions :

1) Why these two plays do not behave the same way ? Is it a bug ?

2) Where do this sudo comes from ?

3) How can I avoid that sudo ?

 

I have investigated a bit, and found this issue, which seems related :

https://github.com/ansible/ansible/issues/14720

But what I found is that I can use the same workaround, so this is working :

- hosts: ahost

  gather_facts: false

  tasks:

    - name: delegate to local

      file: dest=kikoolol state=touch

      delegate_to: local

      vars:

        ansible_become: no