BECOME password:
409 views
Skip to first unread message
Roy Wright
Nov 12, 2019, 3:11:21 PM11/12/19
to Ansible Project
Howdy,
I have a Jenkins job that SSHes to a VM that has ansible installed. The job creates an LXC container on the VM then populates the container with the test environment.
Can some kind soul please point me to the magic incantation for running ansible-playback without prompting for the BECOME password?
When ansible-playback -vvv is ran I always get:
ansible-playbook 2.9.0
config file = /home/myuser/projects/test-ansible/ansible.cfg
configured module search path = [u'/home/myuser/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible-playbook
python version = 2.7.15+ (default, Oct 7 2019, 17:39:04) [GCC 7.4.0]
Using /home/myuser/projects/test-ansible/ansible.cfg as config file
BECOME password:
and the job hangs until timeout.
I've tried:
* /etc/sudoers: ALL=(ALL:ALL) NOPASSWD: ALL
for root + the user account
* ansible-playback ... --extra-vars=ansible_sudo_pass={user-container-password}
* ansible-playback ... --extra-vars=ansible_sudo_pass={host-vm-password}
* ansible-playback ... --extra-vars=ansible_become_pass={user-container-password}
* ansible-playback ... --extra-vars=ansible_become_pass={host-vm-password}
* ansible-playback ... --extra-vars=private-key=$HOME/.ssh/id_pub
# note this is after copying $HOME/.ssh to the container
All of the above with and without: -b
In the playbook:
...
hosts:
{host-vm-ipaddr}:
ansible_password: {user-container-password}
ansible_ssh_pass: {user-container-password}
ansible_become_password: {user-container-password}
ansible_sudo_password: {user-container-password}
ansible_sudo_flags: -H -S
* several permutations of sudo when running ansible-playback, no joy.
Thank you,
Roy
Sam Doran
Nov 13, 2019, 2:02:51 PM11/13/19
to ansible...@googlegroups.com
Roy,
Check the settings in /home/myuser/projects/test-ansible/ansible.cfg. Always being prompted for the become password seems to indicate become_ask_pass=True is set in the configuration.
You can also see the current configuration by running ansible-config dump --only-changed.
---
Sam
Check the settings in /home/myuser/projects/test-ansible/ansible.cfg. Always being prompted for the become password seems to indicate become_ask_pass=True is set in the configuration.
You can also see the current configuration by running ansible-config dump --only-changed.
---
Sam
Roy Wright
Nov 18, 2019, 11:57:35 AM11/18/19
to Ansible Project
Thank you for the suggestions, alas no joy:
➤ cat ansible.cfg
[defaults]
# On our servers, root does not have access to users' network-mounted home directories. So we cannot rely on ansible's
# default `~/.ansible/tmp/...` location for temporary files. The user you use to connect to the target server must also
# have write access to this directory.
remote_tmp = /tmp
➤ ansible-config dump | grep BECOME
AGNOSTIC_BECOME_PROMPT(default) = True
BECOME_ALLOW_SAME_USER(default) = False
BECOME_PLUGIN_PATH(default) = [u'/home/myuser/.ansible/plugins/become', u'/usr/share/ansible/plugins/become']
DEFAULT_BECOME(default) = False
DEFAULT_BECOME_ASK_PASS(default) = False
DEFAULT_BECOME_EXE(default) = None
DEFAULT_BECOME_FLAGS(default) =
DEFAULT_BECOME_METHOD(default) = sudo
DEFAULT_BECOME_USER(default) = root
I ended up going ugly and just wrapping the ansible call with expect to handle the BECOME password prompt.
Thank you,
Roy
Reply all
Reply to author
Forward
0 new messages