I am attempting to create an EC2 instance in one role and installing Apache on it in the next role.
The pertinent playbook entry looks like this:
Configure and deploy Apache
- hosts: localhost
connection: local
remote_user: ec2-user
gather_facts: false
roles:
- ec2_apache
- apache
The ‘ec2_apache’ role allocates an ec2 instance and the first task within the apache/main.yml looks like this:
- name: confirm using the latest Apache server
become: yes
become_method: sudo
yum:
name: httpd
state: latest
This is where the error message “sudo: a password is required” is returned which leads me to believe I have somehow horked up with security. When it fails, I can SSH into that newly created EC2 instance and do a 'sudo ls /etc" command.
Thoughts on what I am doing wrong?
You need to add the option --ask-become-pass to ansible-playbook or set ask_become_pass = true in ansible.cfg or the inventory.
Kai:
Thanks for the response but the issue with that solution is this is all dynamic and automated so there would be no person to respond. I have had to do some ENV things in order for each of the processes that need it to see the *.pem file generated at the beginning of the Ansible process that builds the AWS environment.
You could set ansible_become_pass if you can have the sudo password in clear text or add "ec2-user ALL=(ALL) NOPASSWD:ALL" to your sudoers file.
Unless I'm reading that wrong (and I may be, still on my first
coffee), you're applying the apache
role to 'localhost' - don't you want to run that on the ec2 instance
that ec2_apache created instead?