Ansible 2.1.0: "Interactive authentication required." when operating with sudo ?

Hi all;

Just looking for a little help to spot what I might be missing. Against a Centos 7 box, using Ansible 2.1.0, this task:

`

  • name: restart httpd
    service:
    name: httpd
    state: restarted

`

is giving me an “Interactive authentication required.” error when run under Ansible 2.1.0 via:

`
ansible-playbook -i inventory test.yml --sudo --ask-sudo-pass --ask-become-pass --sudo -vvvv

`

My playbook is set with:

`

The user that logs into the machine

remote_user: apps

Indicates that we also want to be become the user we log in as, for running tasks

(otherwise the user defaults to root)

become: yes
become_user: apps
`

and on the Centos 7 box, my “apps” user is in the “wheel” group, and the wheel group is covered with sudoer permissions as follows:

`

Allows people in group wheel to run all commands

%wheel ALL=(ALL) ALL

Same thing without a password

%wheel ALL=(ALL) NOPASSWD: ALL

`

I understood that with my playbook set to use “become”, and “become_user”, that this task would run as sudo?

So, why the “Interactive authentication required” error?

Of course, I can resort to:

`

  • name: Restart apache
    shell: sudo systemctl restart httpd

`

which doesn’t prompt me, but I’d like to understand why the advocated method isn’t observing that I’m running under sudo?

Many thanks,
Tim

comment out

#%wheel ALL=(ALL) ALL

## Same thing without a password
%wheel ALL=(ALL) NOPASSWD: ALL

Hi John;

Thanks for the suggestion, but nope: with that line commented out in sudoers (so that only the one with NOPASSWD is in effect", the error is the same.

“Failed to stop httpd.service: Interactive authentication required.”

Besides, I’d have thought that the latter statement would have overridden the former statement anyways, in a top-to-bottom processing.

So, still scratching my head…

Tim

What happens when you run the command as that user? If it still asks for a password either your sudoers file is an issue or user/group might be.

Hi John,

I very much appreciate your attention.

When I run “sudo systemctl restart httpd” directly, when logged in as my ‘apps’ user, I am not prompted for a password.

Bizarre, eh?

My guess is my httpd configuration… perhaps how Ansible is telling it to restart or how it’s choosing to restart. I’ll play with its service config and report back.

Tim

Try adding

Defaults:username !requiretty

to /etc/sudoers.

Hi Tim,

I am a newbee to Ansible and I am facing the same problem. Did you resolve this?

Regards
Deepak

No, Sorry Deepak; I was also working on RHEL SELinux and that environment, I’m sure was complicating things. I had to abandon my efforts with Ansible.

T

Deepak, its already been a year. But I ran into this issue. Adding the following lines resoved:

FAILED:

  • name: PostgreSQL service stop
    service:

name: postgresql-9.5
state: stopped

RESOLVED:

  • name: PostgreSQL service stop
    sudo: yes
    sudo_user: root
    service:
    name: postgresql-9.5
    state: stopped

adding a become and become_user in the playbook has resolved our issue.

handlers:

  • name: restart apache
    become: yes
    become_user: root
    service: name=httpd state=restarted