This is my playbook apache.yml
–become-method does not imply that ansible should actually “become”
You will also need to add --become
Matt,
Thanks
I now used this command
ansible-playbook -u dokuwa1 --ask-pass --become playbook/apache.yml
i get another error message
fatal: [192.168.85.129]: FAILED! => {“changed”: false, “failed”: true, “module_stderr”: “Shared connection to 192.168.85.129 closed.\r\n”, “module_stdout”: “sudo: a password is required\r\n”, “msg”: “MODULE FAILURE”, “rc”: 1}
[WARNING]: Could not create retry file ‘/etc/ansible/playbook/apache.retry’.
[Errno 13] Permission denied: u’/etc/ansible/playbook/apache.retry’
Is there anything i am doing wrong
Daley
You initially had --become-method=su and --ask-su-pass
You needed to additionally specify --become
So (using the newer param):
ansible-playbook -u dokuwa1 --ask-pass --become-method=su --ask-become-pass --become playbook/apache.yml
Hello Matt,
i now got this error message again
PLAY [all] *********************************************************************
TASK [Gathering Facts] *********************************************************
fatal: [192.168.85.129]: FAILED! => {“failed”: true, “msg”: "Timeout (12s) waiting for privilege escalation prompt: "}
[WARNING]: Could not create retry file ‘/etc/ansible/playbook/apache.retry’.
[Errno 13] Permission denied: u’/etc/ansible/playbook/apache.retry’
thanks
Dear Friends,
I am new to ansible, just started to get my hands dirty with the playbooks, I am trying to install apache on ubuntu client machine. I am facing same issue in the email chain.
[DEPRECATION WARNING]: DEFAULT_SUDO_USER option, In favor of Ansible Become, which is a generic framework.
See become_user. , use become instead. This feature will be removed in version 2.8. Deprecation warnings can
be disabled by setting deprecation_warnings=False in ansible.cfg.
PLAY [client] ***********************************************************************************************
TASK [Gathering Facts] **************************************************************************************
fatal: [x.x.x.x]: FAILED! => {“changed”: false, “module_stderr”: “Shared connection to x.x.x.x closed.\r\n”, “module_stdout”: “sudo: a password is required\r\n”, “msg”: “MODULE FAILURE\nSee stdout/stderr for the exact error”, “rc”: 1}
to retry, use: --limit @/home/ansible/playbooks/apache.retry
PLAY RECAP **************************************************************************************************
x.x.x.x : ok=0 changed=0 unreachable=0 failed=1
Can someone please clarify what is the issue?
here is my code :
— # Plyabook Apache install on client
- hosts: client
user: ansible
become: yes
become_method: sudo
connection: ssh
gather_facts: yes
tasks:
- name: install apache on client machine
yum:
name: apache2
state: present
update_cache: yes
First off, it looks like you have a sudo problem. Either you need to configure passwordless sudo on the target marchine, or you need to add a -K to the ansible-playbook command to have it prompt for the become password.
Also, you are using the yum module for what you say is a Ubuntu host. You should be using the apt module.
Thanks John for your reply
I did setup passwordless ssh connection to the client.
I added the below line on both ansible server and client in visudo file
ansible ALL=(ALL) NOPASSWD: ALL
Is that correct?
Thanks for correcting me about the yum statement. I will change.
Where do you want me to use -K to prompt for password in the playbook?
John might be able to rectify me if I am wrong. You can put it anywhere as long as its present after -K switch or --ask-become-pass.
Always good idea to execute ansible-playbook command to see different options/switches.
Kind Regards,
Ameya Agashe
thanks Ameya, I used it after ansible-playbook -K , it promoted for Sudo Password , so I entered my ‘ansible’ user password
but I get same error
DEPRECATION WARNING]: DEFAULT_SUDO_USER option, In favor of Ansible Become, which is a generic framework.
See become_user. , use become instead. This feature will be removed in version 2.8. Deprecation warnings can
be disabled by setting deprecation_warnings=False in ansible.cfg.
SUDO password:
PLAY [client] ***********************************************************************************************
TASK [Gathering Facts] **************************************************************************************
fatal: [x.x.x.x]: FAILED! => {“changed”: false, “module_stderr”: “Shared connection to x.x.x.x closed.\r\n”, “module_stdout”: “\r\nansible is not in the sudoers file. This incident will be reported.\r\n”, “msg”: “MODULE FAILURE\nSee stdout/stderr for the exact error”, “rc”: 1}
to retry, use: --limit @/home/ansible/playbooks/apache.retry
PLAY RECAP **************************************************************************************************
x.x.x.x : ok=0 changed=0 unreachable=0 failed=1
I am trying to install apache on client node 10.138.0.7
I have setup ansible user on both server and client
when it promoted for password I entered my ansible user password
I don’t think it is asking for the root password
here is the complete log -vvv debug option :
<10.138.0.7> ESTABLISH SSH CONNECTION FOR USER: None
<10.138.0.7> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/ansible/.ansible/cp/4a2f76bb9f 10.138.0.7 ‘/bin/sh -c ‘"’“‘echo ~ && sleep 0’”’"‘’
<10.138.0.7> (0, ‘/home/ansible\n’, ‘’)
<10.138.0.7> ESTABLISH SSH CONNECTION FOR USER: None
<10.138.0.7> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/ansible/.ansible/cp/4a2f76bb9f 10.138.0.7 ‘/bin/sh -c ‘"’"’( umask 77 && mkdir -p “echo /home/ansible/.ansible/tmp/ansible-tmp-1543279730.75-165337335093430” && echo ansible-tmp-1543279730.75-165337335093430=“echo /home/ansible/.ansible/tmp/ansible-tmp-1543279730.75-165337335093430” ) && sleep 0’“'”‘’
<10.138.0.7> (0, ‘ansible-tmp-1543279730.75-165337335093430=/home/ansible/.ansible/tmp/ansible-tmp-1543279730.75-165337335093430\n’, ‘’)
Using module file /usr/lib/python2.7/dist-packages/ansible/modules/system/setup.py
<10.138.0.7> PUT /home/ansible/.ansible/tmp/ansible-local-2063N2QcuU/tmpCbzUzB TO /home/ansible/.ansible/tmp/ansible-tmp-1543279730.75-165337335093430/AnsiballZ_setup.py
<10.138.0.7> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/ansible/.ansible/cp/4a2f76bb9f ‘[10.138.0.7]’
<10.138.0.7> (0, ‘sftp> put /home/ansible/.ansible/tmp/ansible-local-2063N2QcuU/tmpCbzUzB /home/ansible/.ansible/tmp/ansible-tmp-1543279730.75-165337335093430/AnsiballZ_setup.py\n’, ‘’)
<10.138.0.7> ESTABLISH SSH CONNECTION FOR USER: None
<10.138.0.7> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/ansible/.ansible/cp/4a2f76bb9f 10.138.0.7 ‘/bin/sh -c ‘"’“‘chmod u+x /home/ansible/.ansible/tmp/ansible-tmp-1543279730.75-165337335093430/ /home/ansible/.ansible/tmp/ansible-tmp-1543279730.75-165337335093430/AnsiballZ_setup.py && sleep 0’”’"‘’
<10.138.0.7> (0, ‘’, ‘’)
<10.138.0.7> ESTABLISH SSH CONNECTION FOR USER: None
<10.138.0.7> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/ansible/.ansible/cp/4a2f76bb9f -tt 10.138.0.7 ‘/bin/sh -c ‘"’“‘sudo -H -S -p “[sudo via ansible, key=fdpjpnhuuvzahtoagmnqvudarudpmuyd] password: " -u root /bin/sh -c '”’”’“'”‘"’“'”‘“‘echo BECOME-SUCCESS-fdpjpnhuuvzahtoagmnqvudarudpmuyd; /usr/bin/python /home/ansible/.ansible/tmp/ansible-tmp-1543279730.75-165337335093430/AnsiballZ_setup.py’”’“'”‘"’“'”‘"’“’ && sleep 0’”‘"’’
<10.138.0.7> (1, ‘\r\nansible is not in the sudoers file. This incident will be reported.\r\n’, ‘Shared connection to 10.138.0.7 closed.\r\n’)
<10.138.0.7> ESTABLISH SSH CONNECTION FOR USER: None
<10.138.0.7> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/ansible/.ansible/cp/4a2f76bb9f 10.138.0.7 ‘/bin/sh -c ‘"’“‘rm -f -r /home/ansible/.ansible/tmp/ansible-tmp-1543279730.75-165337335093430/ > /dev/null 2>&1 && sleep 0’”’"‘’
<10.138.0.7> (0, ‘’, ‘’)
fatal: [10.138.0.7]: FAILED! => {
“changed”: false,
“module_stderr”: “Shared connection to 10.138.0.7 closed.\r\n”,
“module_stdout”: “\r\nansible is not in the sudoers file. This incident will be reported.\r\n”,
“msg”: “MODULE FAILURE\nSee stdout/stderr for the exact error”,
“rc”: 1
}
to retry, use: --limit @/home/ansible/playbooks/apache.retry
PLAY RECAP **************************************************************************************************
10.138.0.7 : ok=0 changed=0 unreachable=0 failed=1
That should be an easy fix. The user “ansible” on the remote machine is not in the sudoers file, fix that and I think you should be fine.
How to update sudoers file:
https://www.digitalocean.com/community/tutorials/how-to-edit-the-sudoers-file-on-ubuntu-and-centos
Kindly let me know how you go.
Kind regards
Ameya Agashe
Thanks Ameya, for your quick help. Yes that was the issue for it. I was playing around with sudoers file and forgot to change the ansible1 user to ansible