Hi
from ansible 1.9 till 2.2.2.0 on centos 7 privilege escalation works
really fine. I could access a server with a non privileged user and a
ssh key authentication and use as last step the privilege escalation
with su.
But with 2.3 I found this doesn't work any more.
The ssh connection to the server works, I see the server accepts the
public key for user "ansible", but after this ansible tries to do the
privilege escalation to user root and hangs. I think it waits for the
password. If I start the last code manual, it asks for it as the next step.
Other point:
Ansible ignores the host configuration for become and become_method if I
don't set them at ansible.cfg.
Paramiko doesn't work too. I tried it, same effect. There I have
additionally the problem that paramiko has it's own key storage and
stops (no input possible to the quest if want to add the key) if the key
is not there (I know the option "host_key_auto_add").
I think the handling should be optimized.
ansible.cfg (all other options after this are remarked):
[privilege_escalation]
become=True
#become_method=sudo
become_method=su
#become_user=root
#become_ask_pass=False
host configuration:
ansible_become: yes
ansible_become_user: root
ansible_become_pass: XXXXX
ansible_become_methode: su
ansible_connection: ssh
here the logs:
[root@ansible host_vars]# ansible kronos.cac.local -m ping -vvvvv
Using /etc/ansible/ansible.cfg as config file
Loading callback plugin minimal of type stdout, v2.0 from
/usr/lib/python2.7/site-packages/ansible/plugins/callback/__init__.pyc
META: ran handlers
Using module file
/usr/lib/python2.7/site-packages/ansible/modules/system/ping.py
<kronos.cac.local> ESTABLISH SSH CONNECTION FOR USER: ansible
<kronos.cac.local> SSH: ansible.cfg set ssh_args:
(-C)(-o)(ControlMaster=auto)(-o)(ControlPersist=60s)
<kronos.cac.local> SSH: ansible_password/ansible_ssh_pass not set:
(-o)(KbdInteractiveAuthentication=no)(-o)(PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey)(-o)(PasswordAuthentication=no)
<kronos.cac.local> SSH:
ANSIBLE_REMOTE_USER/remote_user/ansible_user/user/-u set: (-o)(User=ansible)
<kronos.cac.local> SSH: ANSIBLE_TIMEOUT/timeout set: (-o)(ConnectTimeout=10)
<kronos.cac.local> SSH: PlayContext set ssh_common_args: ()
<kronos.cac.local> SSH: PlayContext set ssh_extra_args: ()
<kronos.cac.local> SSH: found only ControlPersist; added ControlPath:
(-o)(ControlPath=/root/.ansible/cp/25edd394cf)
<kronos.cac.local> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o
ControlPersist=60s -o KbdInteractiveAuthentication=no -o
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o User=ansible -o ConnectTimeout=10 -o
ControlPath=/root/.ansible/cp/25edd394cf kronos.cac.local '/bin/sh -c
'"'"'echo ~ && sleep 0'"'"''
<kronos.cac.local> (0, '/home/ansible\n', 'OpenSSH_6.6.1, OpenSSL
1.0.1e-fips 11 Feb 2013\r\ndebug1: Reading configuration data
/etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 56: Applying
options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug1:
Control socket "/root/.ansible/cp/25edd394cf" does not exist\r\ndebug2:
ssh_connect: needpriv 0\r\ndebug1: Connecting to kronos.cac.local
[192.168.76.22] port 22.\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug1:
fd 3 clearing O_NONBLOCK\r\ndebug1: Connection established.\r\ndebug3:
timeout: 10000 ms remain after connect\r\ndebug1: permanently_set_uid:
0/0\r\ndebug3: Incorrect RSA1 identifier\r\ndebug3: Could not load
"/root/.ssh/id_rsa" as a RSA1 public key\r\ndebug1: identity file
/root/.ssh/id_rsa type 1\r\ndebug1:
identity file /root/.ssh/id_rsa-cert type -1\r\ndebug1: identity file
/root/.ssh/id_dsa type -1\r\ndebug1: identity file
/root/.ssh/id_dsa-cert type -1\r\ndebug1: identity file
/root/.ssh/id_ecdsa type -1\r\ndebug1: identity file
/root/.ssh/id_ecdsa-cert type -1\r\ndebug1: identity file
/root/.ssh/id_ed25519 type -1\r\ndebug1: identity file
/root/.ssh/id_ed25519-cert type -1\r\ndebug1: Enabling compatibility
mode for protocol 2.0\r\ndebug1: Local version string
SSH-2.0-OpenSSH_6.6.1\r\ndebug1: Remote protocol version 2.0, remote
software version OpenSSH_6.6.1\r\ndebug1: match: OpenSSH_6.6.1 pat
OpenSSH_6.6.1* compat 0x04000000\r\ndebug2: fd 3 setting
O_NONBLOCK\r\ndebug3: load_hostkeys: loading entries for host
"kronos.cac.local" from file "/root/.ssh/known_hosts"\r\ndebug3:
load_hostkeys: found key type ECDSA in file
/root/.ssh/known_hosts:13\r\ndebug3: load_hostkeys: loaded 1
keys\r\ndebug3: order_hostkeyalgs: prefer hostkeyalgs:
ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521\r\ndebug1:
SSH2_MSG_KEXINIT sent\r\ndebug1: SSH2_MSG_KEXINIT received\r\ndebug2:
kex_parse_kexinit:
curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1\r\ndebug2:
kex_parse_kexinit:
ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-ed25519,ssh-rsa,ssh-dss\r\ndebug2:
kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se\r\ndebug2:
kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se\r\ndebug2:
kex_parse_kexinit:
hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96\r\ndebug2:
kex_parse_kexinit:
hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96\r\ndebug2:
kex_parse_kexinit: zlib@openssh.com,zlib,none\r\ndebug2:
kex_parse_kexinit: zlib@openssh.com,zlib,none\r\ndebug2:
kex_parse_kexinit: \r\ndebug2: kex_parse_kexinit: \r\ndebug2:
kex_parse_kexinit: first_kex_follows 0 \r\ndebug2: kex_parse_kexinit:
reserved 0 \r\ndebug2: kex_parse_kexinit:
curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1\r\ndebug2:
kex_parse_kexinit: ssh-rsa,ecdsa-sha2-nistp256\r\ndebug2:
kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se\r\ndebug2:
kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se\r\ndebug2:
kex_parse_kexinit:
hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96\r\ndebug2:
kex_parse_kexinit:
hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96\r\ndebug2:
kex_parse_kexinit: none,zlib@openssh.com\r\ndebug2: kex_parse_kexinit:
none,zlib@openssh.com\r\ndebug2: kex_parse_kexinit: \r\ndebug2:
kex_parse_kexinit: \r\ndebug2: kex_parse_kexinit: first_kex_follows 0
\r\ndebug2: kex_parse_kexinit: reserved 0 \r\ndebug2: mac_setup: setup
hmac-md5-etm@openssh.com\r\ndebug1: kex: server->client aes128-ctr
hmac-md5-etm@openssh.com zlib@openssh.com\r\ndebug2: mac_setup: setup
hmac-md5-etm@openssh.com\r\ndebug1: kex: client->server aes128-ctr
hmac-md5-etm@openssh.com zlib@openssh.com\r\ndebug1: kex:
curve25519-sha256@libssh.org need=16 dh_need=16\r\ndebug1: kex:
curve25519-sha256@libssh.org need=16 dh_need=16\r\ndebug1: sending
SSH2_MSG_KEX_ECDH_INIT\r\ndebug1: expecting
SSH2_MSG_KEX_ECDH_REPLY\r\ndebug1: Server host key: ECDSA
XX:XX:XX:XX:XX:XX:XX:XX:XX:XX\r\ndebug3: load_hostkeys: loading entries
for host "kronos.cac.local" from file
"/root/.ssh/known_hosts"\r\ndebug3: load_hostkeys: found
key type ECDSA in file /root/.ssh/known_hosts:13\r\ndebug3:
load_hostkeys: loaded 1 keys\r\ndebug3: load_hostkeys: loading entries
for host "192.168.76.22" from file "/root/.ssh/known_hosts"\r\ndebug3:
load_hostkeys: found key type ECDSA in file
/root/.ssh/known_hosts:3\r\ndebug3: load_hostkeys: loaded 1
keys\r\ndebug1: Host \'kronos.cac.local\' is known and matches the ECDSA
host key.\r\ndebug1: Found key in /root/.ssh/known_hosts:13\r\ndebug1:
ssh_ecdsa_verify: signature correct\r\ndebug2: kex_derive_keys\r\ndebug2:
set_newkeys: mode 1\r\ndebug1: SSH2_MSG_NEWKEYS sent\r\ndebug1:
expecting SSH2_MSG_NEWKEYS\r\ndebug2: set_newkeys: mode 0\r\ndebug1:
SSH2_MSG_NEWKEYS received\r\ndebug1: SSH2_MSG_SERVICE_REQUEST
sent\r\ndebug2: service_accept: ssh-userauth\r\ndebug1:
SSH2_MSG_SERVICE_ACCEPT received\r\ndebug2: key: /root/.ssh/id_rsa
(0x7f6c8c9e4f30),\r\ndebug2: key: /root/.ssh/id_dsa ((nil)),\r\ndebug2:
key: /root/.ssh/id_ecdsa ((nil)),\r\ndebug2: key: /root/.ssh/id_ed25519
((nil)),\r\ndebug1: Authentications that can continue:
publickey,gssapi-keyex,gssapi-with-mic,password\r\ndebug3: start over,
passed a different list
publickey,gssapi-keyex,gssapi-with-mic,password\r\ndebug3: preferred
gssapi-with-mic,gssapi-keyex,hostbased,publickey\r\ndebug3:
authmethod_lookup gssapi-with-mic\r\ndebug3:
remaining preferred: gssapi-keyex,hostbased,publickey\r\ndebug3:
authmethod_is_enabled gssapi-with-mic\r\ndebug1: Next authentication
method: gssapi-with-mic\r\ndebug1: Unspecified GSS failure. Minor code
may provide more information\nNo Kerberos credentials available (default
cache: KEYRING:persistent:0)\n\r\ndebug1: Unspecified GSS failure.
Minor code may provide more information\nNo Kerberos credentials
available (default cache: KEYRING:persistent:0)\n\r\ndebug2: we did not
send a packet, disable method\r\ndebug3: authmethod_lookup
gssapi-keyex\r\ndebug3: remaining preferred:
hostbased,publickey\r\ndebug3: authmethod_is_enabled
gssapi-keyex\r\ndebug1: Next authentication method:
gssapi-keyex\r\ndebug1: No valid Key exchange context\r\ndebug2: we did
not send a packet, disable method\r\ndebug3: authmethod_lookup
publickey\r\ndebug3: remaining preferred: ,publickey\r\ndebug3:
authmethod_is_enabled publickey\r\ndebug1: Next authentication method:
publickey\r\ndebug1: Offering RSA public key:
/root/.ssh/id_rsa\r\ndebug3: send_pubkey_test\r\ndebug2: we sent a
publickey packet, wait for reply\r\ndebug1: Server accepts key: pkalg
ssh-rsa blen 279\r\ndebug2: input_userauth_pk_ok: fp
be:f1:a1:1c:0f:fb:3a:ff:f2:7a:80:8e:d9:94:7c:a0\r\ndebug3:
sign_and_send_pubkey: RSA XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX\r\ndebug1:
key_parse_private2: missing begin marker\r\ndebug1: read PEM private key
done: type RSA\r\ndebug1: Enabling compression at level 6.\r\ndebug1:
Authentication succeeded (publickey).\r\nAuthenticated to
kronos.cac.local ([192.168.76.22]:22).\r\ndebug1: setting up multiplex
master socket\r\ndebug3: muxserver_listen: temporary control path
/root/.ansible/cp/25edd394cf.zeNNJ0Eut3wdd1A6\r\ndebug2: fd 4 setting
O_NONBLOCK\r\ndebug3: fd 4 is O_NONBLOCK\r\ndebug3: fd 4 is
O_NONBLOCK\r\ndebug1: channel 0: new
[/root/.ansible/cp/25edd394cf]\r\ndebug3: muxserver_listen: mux listener
channel 0 fd 4\r\ndebug2: fd 3 setting TCP_NODELAY\r\ndebug3:
packet_set_tos: set IP_TOS 0x08\r\ndebug1: control_persist_detach:
backgrounding master process\r\ndebug2: control_persist_detach:
background process is 20385\r\ndebug2: fd 4 setting
O_NONBLOCK\r\ndebug1: forking to background\r\ndebug1: Entering
interactive session.\r\ndebug2: set_control_persist_exit_time: schedule
exit in 60 seconds\r\ndebug1: multiplexing control connection\r\ndebug2:
fd 5 setting O_NONBLOCK\r\ndebug3: fd 5 is O_NONBLOCK\r\ndebug1: channel
1: new [mux-control]\r\ndebug3: channel_post_mux_listener: new mux
channel 1 fd 5\r\ndebug3: mux_master_read_cb: channel 1: hello
sent\r\ndebug2: set_control_persist_exit_time: cancel scheduled
exit\r\ndebug3: mux_master_read_cb: channel 1 packet type 0x00000001 len
4\r\ndebug2: process_mux_master_hello: channel 1 slave version
4\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3:
mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3:
mux_client_request_session: entering\r\ndebug3:
mux_client_request_alive: entering\r\ndebug3: mux_master_read_cb:
channel 1 packet type 0x10000004 len 4\r\ndebug2:
process_mux_alive_check: channel 1: alive check\r\ndebug3:
mux_client_request_alive: done pid = 20387\r\ndebug3:
mux_client_request_session: session request sent\r\ndebug3:
mux_master_read_cb: channel 1 packet type 0x10000002 len 91\r\ndebug2:
process_mux_new_session: channel 1: request tty 0, X 0, agent 0, subsys
0, term "xterm", cmd "/bin/sh -c \'echo ~ && sleep 0\'", env
1\r\ndebug3: process_mux_new_session: got fds stdin 6, stdout 7, stderr
8\r\ndebug2: fd 7 setting O_NONBLOCK\r\ndebug2: fd 8 setting
O_NONBLOCK\r\ndebug1: channel 2: new [client-session]\r\ndebug2:
process_mux_new_session: channel_new: 2 linked to control channel
1\r\ndebug2: channel 2: send open\r\ndebug2: callback start\r\ndebug2:
client_session2_setup: id 2\r\ndebug1: Sending environment.\r\ndebug1:
Sending env LANG = de_DE.UTF-8\r\ndebug2: channel 2: request env confirm
0\r\ndebug1: Sending command: /bin/sh -c \'echo ~ && sleep
0\'\r\ndebug2: channel 2: request exec confirm 1\r\ndebug3:
mux_session_confirm: sending success reply\r\ndebug2: callback
done\r\ndebug2: channel 2: open confirm rwindow 0 rmax 32768\r\ndebug1:
mux_client_request_session: master session id: 2\r\ndebug2: channel 2:
rcvd adjust 2097152\r\ndebug2: channel_input_status_confirm:
type 99 id 2\r\ndebug2: exec request accepted on channel 2\r\ndebug1:
client_input_channel_req: channel 2 rtype exit-status reply 0\r\ndebug3:
mux_exit_message: channel 2: exit message, exitval 0\r\ndebug1:
client_input_channel_req: channel 2 rtype eow@openssh.com reply
0\r\ndebug2: channel 2: rcvd eow\r\ndebug2: channel 2:
close_read\r\ndebug2: channel 2: input open -> closed\r\ndebug2: channel
2: rcvd eof\r\ndebug2: channel 2: output open -> drain\r\ndebug2:
channel 2: obuf empty\r\ndebug2: channel 2: close_write\r\ndebug2:
channel 2: output drain -> closed\r\ndebug2: channel 2: rcvd
close\r\ndebug3: channel 2: will not send data after close\r\ndebug2:
channel 2: send close\r\ndebug2: channel 2: is dead\r\ndebug2: channel
2: gc: notify user\r\ndebug3: mux_master_session_cleanup_cb: entering
for channel 2\r\ndebug2: channel 1: rcvd close\r\ndebug2: channel 1:
output open -> drain\r\ndebug2: channel 1: close_read\r\ndebug2: channel
1: input open -> closed\r\ndebug2: channel 2: gc: user
detached\r\ndebug2: channel 2: is dead\r\ndebug2: channel 2: garbage
collecting\r\ndebug1: channel 2: free: client-session, nchannels
3\r\ndebug3: channel 2: status: The following connections are open:\r\n
#2 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cc -1)\r\n\r\ndebug2:
channel 1: obuf empty\r\ndebug2: channel 1: close_write\r\ndebug2:
channel 1: output drain -> closed\r\ndebug2: channel 1: is dead
(local)\r\ndebug2: channel 1: gc: notify user\r\ndebug3:
mux_master_control_cleanup_cb: entering for channel 1\r\ndebug2: channel
1: gc: user detached\r\ndebug2: channel 1: is dead (local)\r\ndebug2:
channel 1: garbage collecting\r\ndebug1: channel 1: free: mux-control,
nchannels 2\r\ndebug3: channel 1: status: The following connections are
open:\r\n\r\ndebug2: set_control_persist_exit_time: schedule exit in 60
seconds\r\ndebug3: mux_client_read_packet: read header failed: Broken
pipe\r\ndebug2: Received exit status from master 0\r\n')
<kronos.cac.local> ESTABLISH SSH CONNECTION FOR USER: ansible
<kronos.cac.local> SSH: ansible.cfg set ssh_args:
(-C)(-o)(ControlMaster=auto)(-o)(ControlPersist=60s)
<kronos.cac.local> SSH: ansible_password/ansible_ssh_pass not set:
(-o)(KbdInteractiveAuthentication=no)(-o)(PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey)(-o)(PasswordAuthentication=no)
<kronos.cac.local> SSH:
ANSIBLE_REMOTE_USER/remote_user/ansible_user/user/-u set: (-o)(User=ansible)
<kronos.cac.local> SSH: ANSIBLE_TIMEOUT/timeout set: (-o)(ConnectTimeout=10)
<kronos.cac.local> SSH: PlayContext set ssh_common_args: ()
<kronos.cac.local> SSH: PlayContext set ssh_extra_args: ()
<kronos.cac.local> SSH: found only ControlPersist; added ControlPath:
(-o)(ControlPath=/root/.ansible/cp/25edd394cf)
<kronos.cac.local> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o
ControlPersist=60s -o KbdInteractiveAuthentication=no -o
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o User=ansible -o ConnectTimeout=10 -o
ControlPath=/root/.ansible/cp/25edd394cf kronos.cac.local '/bin/sh -c
'"'"'( umask 77 && mkdir -p "` echo
/home/ansible/.ansible/tmp/ansible-tmp-1492441677.22-196285430121983 `"
&& echo ansible-tmp-1492441677.22-196285430121983="` echo
/home/ansible/.ansible/tmp/ansible-tmp-1492441677.22-196285430121983 `"
) && sleep 0'"'"''
<kronos.cac.local> (0,
'ansible-tmp-1492441677.22-196285430121983=/home/ansible/.ansible/tmp/ansible-tmp-1492441677.22-196285430121983\n',
'OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013\r\ndebug1: Reading
configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config
line 56: Applying options for *\r\ndebug1: auto-mux: Trying existing
master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2:
mux_client_hello_exchange: master version 4\r\ndebug3:
mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3:
mux_client_request_session: entering\r\ndebug3:
mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive:
done pid =
20387\r\ndebug3: mux_client_request_session: session request
sent\r\ndebug1: mux_client_request_session: master session id:
2\r\ndebug3: mux_client_read_packet: read header failed: Broken
pipe\r\ndebug2: Received exit status from master 0\r\n')
<kronos.cac.local> PUT /tmp/tmpuQPp6j TO
/home/ansible/.ansible/tmp/ansible-tmp-1492441677.22-196285430121983/ping.py
<kronos.cac.local> SSH: ansible.cfg set ssh_args:
(-C)(-o)(ControlMaster=auto)(-o)(ControlPersist=60s)
<kronos.cac.local> SSH: ansible_password/ansible_ssh_pass not set:
(-o)(KbdInteractiveAuthentication=no)(-o)(PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey)(-o)(PasswordAuthentication=no)
<kronos.cac.local> SSH:
ANSIBLE_REMOTE_USER/remote_user/ansible_user/user/-u set: (-o)(User=ansible)
<kronos.cac.local> SSH: ANSIBLE_TIMEOUT/timeout set: (-o)(ConnectTimeout=10)
<kronos.cac.local> SSH: PlayContext set ssh_common_args: ()
<kronos.cac.local> SSH: PlayContext set sftp_extra_args: ()
<kronos.cac.local> SSH: found only ControlPersist; added ControlPath:
(-o)(ControlPath=/root/.ansible/cp/25edd394cf)
<kronos.cac.local> SSH: EXEC sftp -b - -vvv -C -o ControlMaster=auto -o
ControlPersist=60s -o KbdInteractiveAuthentication=no -o
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o User=ansible -o ConnectTimeout=10 -o
ControlPath=/root/.ansible/cp/25edd394cf '[kronos.cac.local]'
<kronos.cac.local> (0, 'sftp> put /tmp/tmpuQPp6j
/home/ansible/.ansible/tmp/ansible-tmp-1492441677.22-196285430121983/ping.py\n',
'OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013\r\ndebug1: Reading
configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config
line 56: Applying options for *\r\ndebug1: auto-mux: Trying existing
master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2:
mux_client_hello_exchange: master version 4\r\ndebug3:
mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3:
mux_client_request_session: entering\r\ndebug3:
mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive:
done pid = 20387\r\ndebug3: mux_client_request_session: session request
sent\r\ndebug1: mux_client_request_session: master session id:
2\r\ndebug2: Remote version: 3\r\ndebug2: Server supports extension
"posix-rename@openssh.com" revision 1\r\ndebug2: Server supports
extension "statvfs@openssh.com" revision 2\r\ndebug2: Server supports
extension "fstatvfs@openssh.com" revision 2\r\ndebug2: Server supports
extension "hardlink@openssh.com" revision 1\r\ndebug2: Server supports
extension "fsync@openssh.com" revision 1\r\ndebug3: Sent message fd 6
T:16 I:1\r\ndebug3: SSH_FXP_REALPATH . -> /home/ansible size
0\r\ndebug3: Looking up /tmp/tmpuQPp6j\r\ndebug3: Sent message fd 6 T:17
I:2\r\ndebug3: Received stat reply T:101 I:2\r\ndebug1: Couldn\'t stat
remote file: No such file or directory\r\ndebug3: Sent message
SSH2_FXP_OPEN I:3
P:/home/ansible/.ansible/tmp/ansible-tmp-1492441677.22-196285430121983/ping.py\r\ndebug3:
Sent message SSH2_FXP_WRITE I:4 O:0 S:32768\r\ndebug3: SSH2_FXP_STATUS
0\r\ndebug3: In write loop, ack for 4 32768 bytes at 0\r\ndebug3: Sent
message SSH2_FXP_WRITE I:5 O:32768 S:23147\r\ndebug3: SSH2_FXP_STATUS
0\r\ndebug3: In write loop, ack for 5 23147 bytes at 32768\r\ndebug3:
Sent message SSH2_FXP_CLOSE I:4\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3:
mux_client_read_packet: read header failed: Broken pipe\r\ndebug2:
Received exit status from master 0\r\n')
<kronos.cac.local> ESTABLISH SSH CONNECTION FOR USER: ansible
<kronos.cac.local> SSH: ansible.cfg set ssh_args:
(-C)(-o)(ControlMaster=auto)(-o)(ControlPersist=60s)
<kronos.cac.local> SSH: ansible_password/ansible_ssh_pass not set:
(-o)(KbdInteractiveAuthentication=no)(-o)(PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey)(-o)(PasswordAuthentication=no)
<kronos.cac.local> SSH:
ANSIBLE_REMOTE_USER/remote_user/ansible_user/user/-u set: (-o)(User=ansible)
<kronos.cac.local> SSH: ANSIBLE_TIMEOUT/timeout set: (-o)(ConnectTimeout=10)
<kronos.cac.local> SSH: PlayContext set ssh_common_args: ()
<kronos.cac.local> SSH: PlayContext set ssh_extra_args: ()
<kronos.cac.local> SSH: found only ControlPersist; added ControlPath:
(-o)(ControlPath=/root/.ansible/cp/25edd394cf)
<kronos.cac.local> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o
ControlPersist=60s -o KbdInteractiveAuthentication=no -o
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o User=ansible -o ConnectTimeout=10 -o
ControlPath=/root/.ansible/cp/25edd394cf kronos.cac.local '/bin/sh -c
'"'"'chmod u+x
/home/ansible/.ansible/tmp/ansible-tmp-1492441677.22-196285430121983/
/home/ansible/.ansible/tmp/ansible-tmp-1492441677.22-196285430121983/ping.py
&& sleep 0'"'"''
<kronos.cac.local> (0, '', 'OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb
2013\r\ndebug1: Reading configuration data
/etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 56: Applying
options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd
3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master
version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local,
0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3:
mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive:
done pid = 20387\r\ndebug3: mux_client_request_session: session request
sent\r\ndebug1: mux_client_request_session: master
session id: 2\r\ndebug3: mux_client_read_packet: read header failed:
Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
<kronos.cac.local> ESTABLISH SSH CONNECTION FOR USER: ansible
<kronos.cac.local> SSH: ansible.cfg set ssh_args:
(-C)(-o)(ControlMaster=auto)(-o)(ControlPersist=60s)
<kronos.cac.local> SSH: ansible_password/ansible_ssh_pass not set:
(-o)(KbdInteractiveAuthentication=no)(-o)(PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey)(-o)(PasswordAuthentication=no)
<kronos.cac.local> SSH:
ANSIBLE_REMOTE_USER/remote_user/ansible_user/user/-u set: (-o)(User=ansible)
<kronos.cac.local> SSH: ANSIBLE_TIMEOUT/timeout set: (-o)(ConnectTimeout=10)
<kronos.cac.local> SSH: PlayContext set ssh_common_args: ()
<kronos.cac.local> SSH: PlayContext set ssh_extra_args: ()
<kronos.cac.local> SSH: found only ControlPersist; added ControlPath:
(-o)(ControlPath=/root/.ansible/cp/25edd394cf)
<kronos.cac.local> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o
ControlPersist=60s -o KbdInteractiveAuthentication=no -o
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o User=ansible -o ConnectTimeout=10 -o
ControlPath=/root/.ansible/cp/25edd394cf -tt kronos.cac.local '/bin/sh
-c '"'"'su -s /bin/sh root -c '"'"'"'"'"'"'"'"'/bin/sh -c
'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'echo
BECOME-SUCCESS-anvbpadyrpgikywkipnzmenksbuoyblm; /usr/bin/python
/home/ansible/.ansible/tmp/ansible-tmp-1492441677.22-196285430121983/ping.py;
rm -rf
"/home/ansible/.ansible/tmp/ansible-tmp-1492441677.22-196285430121983/"
/dev/null
2>&1'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"''"'"'"'"'"'"'"'"'
&& sleep 0'"'"''
kronos.cac.local | FAILED! => {
"failed": true,
"msg": "Timeout (12s) waiting for privilege escalation prompt: "
}
Regards
Stefan