TJG
(TJG)
March 20, 2016, 8:11pm
1
Hi all;
Just looking for a little help to spot what I might be missing. Against a Centos 7 box, using Ansible 2.1.0, this task:
`
name: restart httpd
service:
name: httpd
state: restarted
`
is giving me an “Interactive authentication required.” error when run under Ansible 2.1.0 via:
`
ansible-playbook -i inventory test.yml --sudo --ask-sudo-pass --ask-become-pass --sudo -vvvv
`
My playbook is set with:
`
The user that logs into the machine
remote_user: apps
Indicates that we also want to be become the user we log in as, for running tasks
(otherwise the user defaults to root)
become: yes
become_user: apps
`
and on the Centos 7 box, my “apps” user is in the “wheel” group, and the wheel group is covered with sudoer permissions as follows:
`
Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
Same thing without a password
%wheel ALL=(ALL) NOPASSWD: ALL
`
I understood that with my playbook set to use “become”, and “become_user”, that this task would run as sudo?
So, why the “Interactive authentication required” error?
Of course, I can resort to:
`
name: Restart apache
shell: sudo systemctl restart httpd
`
which doesn’t prompt me, but I’d like to understand why the advocated method isn’t observing that I’m running under sudo?
Many thanks,
Tim
comment out
#%wheel ALL=(ALL) ALL
## Same thing without a password
%wheel ALL=(ALL) NOPASSWD: ALL
TJG
(TJG)
March 20, 2016, 11:37pm
3
Hi John;
Thanks for the suggestion, but nope: with that line commented out in sudoers (so that only the one with NOPASSWD is in effect", the error is the same.
“Failed to stop httpd.service: Interactive authentication required.”
Besides, I’d have thought that the latter statement would have overridden the former statement anyways, in a top-to-bottom processing.
So, still scratching my head…
Tim
What happens when you run the command as that user? If it still asks for a password either your sudoers file is an issue or user/group might be.
Hi John,
I very much appreciate your attention.
When I run “sudo systemctl restart httpd” directly, when logged in as my ‘apps’ user, I am not prompted for a password.
Bizarre, eh?
My guess is my httpd configuration… perhaps how Ansible is telling it to restart or how it’s choosing to restart. I’ll play with its service config and report back.
Tim
Try adding
Defaults:username !requiretty
to /etc/sudoers.
Hi Tim,
I am a newbee to Ansible and I am facing the same problem. Did you resolve this?
Regards
Deepak
No, Sorry Deepak; I was also working on RHEL SELinux and that environment, I’m sure was complicating things. I had to abandon my efforts with Ansible.
T
Deepak, its already been a year. But I ran into this issue. Adding the following lines resoved:
FAILED:
name: PostgreSQL service stop
service:
name: postgresql-9.5
state: stopped
RESOLVED:
name: PostgreSQL service stop
sudo: yes
sudo_user: root
service:
name: postgresql-9.5
state: stopped
adding a become and become_user in the playbook has resolved our issue.
handlers:
name: restart apache
become: yes
become_user: root
service: name=httpd state=restarted