I haven’t been able to get doas on OpenBSD to work. Ansible is running on a Linux Mint 17.3 host, and the remote host (“testhost”) is OpenBSD 5.9, fully patched. The remote host is connected via password-less ssh.
$ ansible --version
ansible 2.0.1.0
config file = /etc/ansible/ansible.cfg
configured module search path = Default w/o overrides
$ ansible testhost -i hosts -a “touch /testfile” --become --become-method=doas --ask-become-pass
DOAS password:
testhost | FAILED | rc=0 >>
Timeout (12s) waiting for privilege escalation prompt:
This is the /etc/doas.conf on testhost
permit keepenv :wheel
Python version on testhost:
Python 2.7.11
Here it is again, this time with verbose output:
$ ansible -vvvv testhost -i hosts -a “touch /testfile” --become --become-method=doas --ask-become-pass
Using /etc/ansible/ansible.cfg as config file
DOAS password:
Loaded callback minimal of type stdout, v2.0
ESTABLISH SSH CONNECTION FOR USER: None
SSH: EXEC ssh -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/me/.ansible/cp/ansible-ssh-%h-%p-%r -tt testhost ‘/bin/sh -c ‘"’"’( umask 22 && mkdir -p “echo $HOME/.ansible/tmp/ansible-tmp-1464044553.85-229779171952967” && echo “echo $HOME/.ansible/tmp/ansible-tmp-1464044553.85-229779171952967” )‘"’“‘’
PUT /tmp/tmpgAeklK TO /home/me/.ansible/tmp/ansible-tmp-1464044553.85-229779171952967/command
SSH: EXEC sftp -b - -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/me/.ansible/cp/ansible-ssh-%h-%p-%r ‘[testhost]’
ESTABLISH SSH CONNECTION FOR USER: None
SSH: EXEC ssh -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/me/.ansible/cp/ansible-ssh-%h-%p-%r -tt testhost '/bin/sh -c '”‘“'doas -u root /bin/sh -c '”’“'”‘"’“'”‘"’“'echo BECOME-SUCCESS-ncepxastuenhdslngrhywykynqaiclzg; /bin/sh -c '”‘"’“'”‘"’“'”‘"’“'”‘"’“'”‘"’“'”‘"’“'”‘"’“'”‘"’“'”‘“‘LANG=en_CA.UTF-8 LC_ALL=en_CA.UTF-8 LC_MESSAGES=en_CA.UTF-8 /usr/local/bin/python2.7 /home/me/.ansible/tmp/ansible-tmp-1464044553.85-229779171952967/command; rm -rf “/home/me/.ansible/tmp/ansible-tmp-1464044553.85-229779171952967/” > /dev/null 2>&1’”’“'”‘"’“'”‘"’“'”‘"’“'”‘"’“'”‘"’“'”‘"’“'”‘"’“'”‘"’“‘’”‘"’“'”‘"’“'”‘"’‘"’"‘’
testhost | FAILED | rc=0 >>
Timeout (12s) waiting for privilege escalation prompt:
I can get doas working with password-less root. Also, sudo works when prompting for password, but I would prefer to not install sudo.
Am I doing something wrong?
Thank you.