Installing Apache through Ansible
49 views
Skip to first unread message
Perry Hoekstra
May 20, 2016, 8:45:13 AM5/20/16
to Ansible Project
I am attempting to create an EC2 instance in one role and installing Apache on it in the next role.
The pertinent playbook entry looks like this:
# Configure and deploy Apache
- hosts: localhost
connection: local
remote_user: ec2-user
gather_facts: false
roles:
- ec2_apache
- apache
The 'ec2_apache' role allocates an ec2 instance and the first task within the apache/main.yml looks like this:
- name: confirm using the latest Apache server
become: yes
become_method: sudo
yum:
name: httpd
state: latest
This is where the error message "sudo: a password is required" is returned which leads me to believe I have somehow horked up with security. When it fails, I can SSH into that newly created EC2 instance and do a 'sudo ls /etc" command.
Thoughts on what I am doing wrong?
Kai Stian Olstad
May 20, 2016, 12:08:14 PM5/20/16
to ansible...@googlegroups.com
On 19. mai 2016 19:46, Perry Hoekstra wrote:
> The 'ec2_apache' role allocates an ec2 instance and the first task within
> the apache/main.yml looks like this:
>
> - name: confirm using the latest Apache server
> become: yes
> become_method: sudo
> yum:
> name: httpd
> state: latest
>
> This is where the error message "sudo: a password is required" is returned
> which leads me to believe I have somehow horked up with security. When it
> fails, I can SSH into that newly created EC2 instance and do a 'sudo ls
> /etc" command.
>
> Thoughts on what I am doing wrong?
You need to add the option --ask-become-pass to ansible-playbook or set
> The 'ec2_apache' role allocates an ec2 instance and the first task within
> the apache/main.yml looks like this:
>
> - name: confirm using the latest Apache server
> become: yes
> become_method: sudo
> yum:
> name: httpd
> state: latest
>
> This is where the error message "sudo: a password is required" is returned
> which leads me to believe I have somehow horked up with security. When it
> fails, I can SSH into that newly created EC2 instance and do a 'sudo ls
> /etc" command.
>
> Thoughts on what I am doing wrong?
ask_become_pass = true in ansible.cfg or the inventory.
--
Kai Stian Olstad
Perry Hoekstra
May 20, 2016, 12:44:30 PM5/20/16
to Ansible Project, ansible-pr...@olstad.com
Kai:
Thanks for the response but the issue with that solution is this is all dynamic and automated so there would be no person to respond. I have had to do some ENV things in order for each of the processes that need it to see the *.pem file generated at the beginning of the Ansible process that builds the AWS environment.
---
Perry Hoekstra
Kai Stian Olstad
May 20, 2016, 1:18:38 PM5/20/16
to ansible...@googlegroups.com
On 20. mai 2016 18:44, Perry Hoekstra wrote:
> Thanks for the response but the issue with that solution is this is all
> dynamic and automated so there would be no person to respond.
You could set ansible_become_pass if you can have the sudo password in
> Thanks for the response but the issue with that solution is this is all
> dynamic and automated so there would be no person to respond.
clear text or add "ec2-user ALL=(ALL) NOPASSWD:ALL" to your sudoers file.
--
Kai Stian Olstad
Dick Davies
May 21, 2016, 5:30:20 AM5/21/16
to ansible list
Unless I'm reading that wrong (and I may be, still on my first
coffee), you're applying the apache
role to 'localhost' - don't you want to run that on the ec2 instance
that ec2_apache created instead?
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/57ffdb69-f3f8-460f-8759-6bd1e85da9e8%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
coffee), you're applying the apache
role to 'localhost' - don't you want to run that on the ec2 instance
that ec2_apache created instead?
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/57ffdb69-f3f8-460f-8759-6bd1e85da9e8%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages