Ansible version: 2.1.0.0
Platform : Centos 7.2 / RHEL 7.2
Hey everyone,
my first post to this group. I am very new to Ansible, so expect to be doing something foolish. I have RTFM’d and googled and phoned a friend and … well you get the idea, I’ll try not to waste everyone time.
So I want to do something simple. Specifically replace some text in etc/yum.conf
This is part of my play-book :-
`
- name: Replace the proxy= line in /etc/yum.conf
lineinfile:
dest: /etc/yum.conf
state: present
create: yes
mode: 0644
group: root
owner: root
regexp: “proxy=”
line: “proxy={{ cntlm_http_proxy }}”
tags: [cntlm]
`
That works just fine when executing locally, but when I point to a remote host, the task ‘hangs’ indefinitelyt and when I kill it, the remote host has become unavailable (i.e. I need to shut it down and restart, a reboot is not enough). Interestingly the change does appear to be applied, its just I can’t get any further in the playbook on this run at least.
The remote host is an AWS EC2 instance which I SSH into using a private key file using this setting in ansible.cfg (or I can override in host variables and other places) :-
private_key_file = /path-to-my-private-keypair-file.pem
I am using the standard remote user for EC2 (which has sudo access) :-
remote_user = ec2-user
and I am also using various privilege escalation settings :-
[privilege_escalation] become=yes become_method=sudo become_user=root
I think the sudo stuff is working correctly, evidenced by a couple of things. First using -vvvv I can see BECOME-SUCCESS in the output :-
<10.64.29.128> ESTABLISH SSH CONNECTION FOR USER: ec2-user <10.64.29.128> SSH: EXEC ssh -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/home/vagrant/docker_host_base_rhel_digital.pem"' -o KbdInter activeAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ec2-user -o ConnectTim eout=10 -o ControlPath=/home/vagrant/.ansible/cp/ansible-ssh-%h-%p-%r -tt 10.64.29.128 '/bin/sh -c '"'"'sudo -H -S -n -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo B ECOME-SUCCESS-cwfyzskesygnemhjjcknitvedjauarjx; LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 LC_MESSAGES=en_US.UTF-8 /usr/bin/python /home/ec2-user/.ansible/tmp/ansible- tmp-1465484583.17-135618197775808/blockinfile; rm -rf "/home/ec2-user/.ansible/tmp/ansible-tmp-1465484583.17-135618197775808/" > /dev/null 2>&1'"'"'"'"'"'"'"'"' && sleep 0'"'"'' ♥ [ERROR]: User interrupted execution
and secondly, if I substitute the lineinfile module with a simple shell command such as ‘sed’ (who needs idempotence … ok, yeah I do) that works quite happily and of course it too needs sudo access to edit the file :-
<10.64.29.128> ESTABLISH SSH CONNECTION FOR USER: ec2-user <10.64.29.128> SSH: EXEC ssh -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/home/vagrant/docker_host_base_rhel_digital.pem"' -o KbdInter activeAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ec2-user -o ConnectTim eout=10 -o ControlPath=/home/vagrant/.ansible/cp/ansible-ssh-%h-%p-%r 10.64.29.128 '/bin/sh -c '"'"'( umask 77 && mkdir -p " echo $HOME/.ansible/tmp/ansible-tm
p-1465484581.26-194884726770556 " && echo ansible-tmp-1465484581.26-194884726770556=" echo $HOME/.ansible/tmp/ansible-tmp-1465484581.26-194884726770556 `" ) &
& sleep 0’“'”‘’
<10.64.29.128> PUT /tmp/tmptGNPYB TO /home/ec2-user/.ansible/tmp/ansible-tmp-1465484581.26-194884726770556/command
<10.64.29.128> SSH: EXEC sftp -b - -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o ‘IdentityFile=“/home/vagrant/docker_host_base_rhel_digital.pem”’ -o Kb
dInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ec2-user -o Conn
ectTimeout=10 -o ControlPath=/home/vagrant/.ansible/cp/ansible-ssh-%h-%p-%r ‘[10.64.29.128]’
<10.64.29.128> ESTABLISH SSH CONNECTION FOR USER: ec2-user
<10.64.29.128> SSH: EXEC ssh -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o ‘IdentityFile=“/home/vagrant/docker_host_base_rhel_digital.pem”’ -o KbdInter
activeAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ec2-user -o ConnectTim
eout=10 -o ControlPath=/home/vagrant/.ansible/cp/ansible-ssh-%h-%p-%r -tt 10.64.29.128 ‘/bin/sh -c ‘"’“'sudo -H -S -n -u root /bin/sh -c '”’“'”‘"’“'”‘"’“‘echo B
ECOME-SUCCESS-snenagxqgfhxlrqldymhqaohlhntrwkn; LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 LC_MESSAGES=en_US.UTF-8 /usr/bin/python /home/ec2-user/.ansible/tmp/ansible-
tmp-1465484581.26-194884726770556/command; rm -rf “/home/ec2-user/.ansible/tmp/ansible-tmp-1465484581.26-194884726770556/” > /dev/null 2>&1’”‘"’“'”‘"’“'”‘"’ &&
sleep 0’“'”‘’
changed: [10.64.29.128] => {“changed”: true, “cmd”: “sed -i -e ‘s/uknp-obproxy.avivaaws.com:80/localhost:3128/g’ /etc/yum.conf”, “delta”: “0:00:00.006189”, “end
“: “2016-06-09 16:03:01.987442”, “invocation”: {“module_args”: {”_raw_params”: “sed -i -e ‘s/uknp-obproxy.avivaaws.com:80/localhost:3128/g’ /etc/yum.conf”, “_us
es_shell”: true, “chdir”: null, “creates”: null, “executable”: null, “removes”: null, “warn”: true}, “module_name”: “command”}, “rc”: 0, “start”: “2016-06-09 16
:03:01.981253”, “stderr”: “”, “stdout”: “”, “stdout_lines”: , “warnings”: [“Consider using template or lineinfile module rather than running sed”]}
[WARNING]: Consider using template or lineinfile module rather than running sed
`
Other modules used in the same playbook that also need sudo work OK. The only two that I’ve come across thus far that cause this problem are lineinefile and blockinfile. Same behaviour in both cases.
Just in case you were wondering, sudoers contains this :-
ec2-user ALL=(ALL) NOPASSWD: ALL
Any ideas what else I can check/try (I’m sure its something that I’m stupidly missing).
Note I have played around (a lot) with switching between the ‘become’ set of properties (which I prefer to use … so I don’t see that annoying deprecation notice) and the sudo ones (i.e. sudo = True and sudo_user=root) but neither work.
Any suggestion much appreciated
Kind Regards
Fraser.