I’ll preface this by saying I’m novice to ansible and certainly not a linux expert so I might need extra details if you ask me to do anything, so please be specific with instructions. This has been working flawlessly in the past. I believe last week apt-get update and upgrade were run on the affected jss-01 server, this is the only change I can think of that could have caused this. There were no issues on the jss-02 server which is a similarly built system. We are attempting to push a new user key to our linux boxes and it fails only on one system as seen in the following. The playbook continues on and completes on all the servers but the failed one.
[ansible@cm-01 ~]$ ansible-playbook /home/ansible/ansible-manage-ssh-keys.yml
[WARNING]: log file at /var/log/ansible.log is not writeable and we cannot create it, aborting
statically included: /home/ansible/roles/ansible-manage-ssh-keys/tasks/manage_ssh_keys.yml
PLAY [all] *********************************************************************
TASK [setup] *******************************************************************
ok: [smtp-01]
ok: [icin-02]
ok: [adweb-02]
ok: [nat-01]
ok: [icin-01]
fatal: [jss-01]: FAILED! => {“changed”: false, “failed”: true, “module_stderr”: “”, “module_stdout”: “sudo: a password is required\r\n”, “msg”: “MODULE FAILURE”}
ok: [rad-01]
ok: [cm-01]
ok: [jds-01]
ok: [jss-02]
.
.
.
After combing around the settings on Ansible, I couldn’t find any thing to try so I began looking at the target server. I found the following in auth.log
Feb 5 10:45:32 jss-01 sshd[24893]: Accepted publickey for ansible from 10.8.5.5 port 53490 ssh2: RSA e4:cc:13:42:b8:4b:1e:74:2b:68:3f:3a:9f:ad:36:f5
Feb 5 10:45:32 jss-01 sshd[24893]: pam_unix(sshd:session): session opened for user ansible by (uid=0)
Feb 5 10:45:35 -jss-01 sudo: ansible : user NOT in sudoers ; TTY=pts/0 ; PWD=/home/ansible ; USER=root ; COMMAND=/bin/bash -c echo BECOME-SUCCESS-czuqnnlgkgxdielnqutvrxodyiwwzgid; LANG=C LC_ALL=C LC_MESSAGES=C /usr/bin/python /home/ansible/.ansible/ansible-tmp-1517856376.69-76104663663977/setup; rm -rf “/home/ansible/.ansible/ansible-tmp-1517856376.69-76104663663977/” > /dev/null 2>&1
Feb 5 10:46:35 jss-01 sshd[25013]: Received disconnect from 10.8.5.51: 11: disconnected by user
So I ran the following on jss-01: usermod -aG sudo ansible
Then tailed the authlog while running the playbook again and now I’m getting:
Feb 7 15:49:01 jss-01 sshd[2805]: Accepted publickey for ansible from 10.8.5.5 port 51642 ssh2: RSA e4:cc:13:42:b8:4b:1e:74:2b:68:3f:3a:9f:ad:36:f5
Feb 7 15:49:01 -jss-01 sshd[2805]: pam_unix(sshd:session): session opened for user ansible by (uid=0)
Feb 7 15:49:02 it-jss-01 sudo: ansible : a password is required ; TTY=pts/0 ; PWD=/home/ansible ; USER=root ; COMMAND=/bin/bash -c echo BECOME-SUCCESS-eaiqfcczbkrxsfvznzbppfywmfxtikce; LANG=C LC_ALL=C LC_MESSAGES=C /usr/bin/python /home/ansible/.ansible/ansible-tmp-1518047386.27-104994896662402/setup; rm -rf “/home/ansible/.ansible/ansible-tmp-1518047386.27-104994896662402/” > /dev/null 2>&1
I’m not sure where to go from here. There shouldn’t be any password required from my understanding. I probably shouldn’t have even added the ansible user to the sudoers, since that’s not how it’s configured elsewhere. Any help would be appreciated. Thanks!