Hello Experts,
I had a working playbook in my test environment, where my user was root user itslef and didnt have any issue.
When i moved my playbook to staging environment , there my login user account is “admin” which is sudo user. But all of my playbooks are failing in this environment.
`
Have this in your playbook:
become: true
Hello Sudeer… No luck.
`
Logon to the server manually as admin and try doing something like `sudo ls`. See if password is required on the server.
Hello Sudheer,
Yes, Password required for any action . because my user “admin” is created and added to sudoers group in staging environment where the playbook is failing.
Whereas in my development environment the playbook was working as there i jhad root user password.
Have you tried the -K flag?
Try
`
ansible-playbook -K yourplaybook.yaml
`
Hello Georg,
Yes, tried.
Please find the error below.
`
ansible-playbook silentiInstallerfile1.yml -k
SSH password:
PLAY [Replace the silent-install-server_ file to each Application Servers] **********************************************************************************
TASK [Gathering Facts] **************************************************************************************************************************************
fatal: [10.16.24.103]: FAILED! => {“changed”: false, “module_stderr”: “Shared connection to 10.16.24.103 closed.\r\n”, “module_stdout”: “sudo: a password is required\r\n”, “msg”: “MODULE FAILURE\nSee stdout/stderr for the exact error”, “rc”: 1}
fatal: [10.16.24.102]: FAILED! => {“changed”: false, “module_stderr”: “Shared connection to 10.16.24.102 closed.\r\n”, “module_stdout”: “sudo: a password is required\r\n”, “msg”: “MODULE FAILURE\nSee stdout/stderr for the exact error”, “rc”: 1}
ok: [localhost]
TASK [check the folder existance] ***************************************************************************************************************************
ok: [localhost]
TASK [JTS Server] *******************************************************************************************************************************************
ok: [localhost → localhost]
TASK [CCM Server] *******************************************************************************************************************************************
fatal: [localhost]: FAILED! => {“msg”: “Failed to get information on remote file (/opt/CLM-Web-Installer-Linux-6.0.5/im/linux.gtk.x86_64/silent-install-server_CCM.xml): Shared connection to 10.16.24.102 closed.\r\n”}
to retry, use: --limit @/etc/ansible/roles/IBM2/tasks/best/silentiInstallerfile1.retry
PLAY RECAP **************************************************************************************************************************************************
10.16.24.102 : ok=0 changed=0 unreachable=0 failed=1
10.16.24.103 : ok=0 changed=0 unreachable=0 failed=1
localhost : ok=3 changed=0 unreachable=0 failed=1
`
For such situations, I would enable the 'admin' user to escalate privileges with sudo without specifying password. You can configure sudoer's to escalate privilege without password.
Would that resolve your problem?
it looks like it needs a password to escalate, have a look at https://docs.ansible.com/ansible/latest/user_guide/become.html#connection-variables to set an escalation password.
Hello sudeer,
Yes. I had added the user admin to sudoers and made password less as same as given for root user in the sudoers file.
But still no luck
Hello kief,
I already tried with different options of become as given in the link
But couldn’t resolve . I am not sure that which part of the playbook which I need to modify inorder to make it run for admin user.
Where this playbook is working fine in another environmental where using root user
I would first make sure that sudoer configuration is correct on the target server. So, logon to server manually and make sure you can use sudo without password.
But couldn’t resolve . I am not sure that which part of the playbook which I need to modify inorder to make it run for admin user.
I’ve been doing a lot of become work the last day, I found it’s designed to work on a task level in roles but does this work?
name: Replace the silent-install-server_ file to each Application Servers
hosts: localhost,CCM,RM
vars:
jts_file: /etc/ansible/roles/IBM2/files/silent-install-server_JTS.xml
ccm_file: /etc/ansible/roles/IBM2/files/silent-install-server_CCM.xml
rm_file: /etc/ansible/roles/IBM2/files/silent-install-server_RM.xml
dest_dir: /opt/CLM-Web-Installer-Linux-6.0.5/im/linux.gtk.x86_64
ansible_become: yes
ansible_become_user: root
ansible_become_pass: “{{rootpass}}”
tasks:
name: check the folder existance
stat: path=/opt/CLM-Web-Installer-Linux-6.0.5/im/linux.gtk.x86_64
register: folder_exist
name: JTS Server
copy:
src: “{{ jts_file }}”
dest: “{{ dest_dir }}/”
mode: 777
backup: yes
delegate_to: localhost
when: folder_exist.stat.exists == True
Hello Sudheer,
Verified in all the servers and this was enabled already.
root ALL=(ALL) NOPASSWD: ALL
admin ALL=(ALL) NOPASSWD: ALL
`
ansible-playbook -k silentiInstallerfile1.yml
SSH password:
ERROR! ‘ansible_become_user’ is not a valid attribute for a Play
The error appears to have been in ‘/etc/ansible/roles/IBM2/tasks/best/silentiInstallerfile1.yml’: line 3, column 3, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
`
Are you both representing the same organization and hence the same problem?
I am confused by multiple situations:
"Yes. I had added the user admin to sudoers and made password less as same as given for root user in the sudoers file." - vivuu1989@gmail.com
"Yes, Password required for any action . because my user "admin" is created and added to sudoers group in staging environment where the playbook is failing." - visar <vivuu1989@gmail.com>
One more point to verify :
Are you connected with admin user on the controller-server (where you play your playbook) ?
If not you should use remote_user to admin…
Perhaps a verbose log error could help… use -vvvv when playing ansible-playbook
Regards,
JYL