I am getting an error trying to run my ansible playbook and I have tracked it down to the ‘-u’ flag being added by Ansible when it attempts to sudo.
Here is the error I get:
fatal: [server]: FAILED! => {“changed”: false, “failed”: true, “module_stderr”: “sudo: unknown user: su_root\nsudo: unable to initialize policy plugin\n”, “module_stdout”: “”, “msg”: “MODULE FAILURE”}
I was getting an additional message that mentioned 3 ways to fix this. Once I added the pipeline option to my ansible.cfg file I stopped getting that message and now only get the message you see above.
Here is my relevant task:
- name: Add Docker YUM Repo
remote_user: sshuser
become: true
become_user: su_root
command: yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
When I ran my script with -vvvv flag I noticed ansible was doing this for sudo:
sudo -H -S -n -u su_root /bin/sh -c
I don’t have a root account named ‘root’ on this box I am SSHing to. Instead the root account is actually ‘su_root’. This is not my choice but I have to live with it.
All the SSH and SUDO stuff is done password-less via certs.
So without ansible I can SSH as ‘sshusr’ to my box and I can type: ‘sudo su_root’ and get switched to the root account without a problem. I experimented removing flags until the command worked and it turned out the offending flag is the ‘-u’ flag. So running:
sudo -H -S -n su_root /bin/sh -c
works.
I have tried specifying flags in my task with ‘become_flags’ and in the ansible.cfg [defaults] ‘sudo_flags’ in hopes of overriding those flags but regardless of what I have in either location ansible goes ahead and puts in the ‘-u’ flag.
Am I doing something wrong? I can remove any of the other flags but not the -u flag.
JB