"Privilege escalation" times out, even though the user can run the task in OS

clerambeau370 · June 21, 2026, 3:19pm

Hello. This excellent community has helped me a lot in the past. I can’t thank you enough. Lets see if we can make it happen again.
I am stuck. I have a playbook that is supposed to run a shell script locally, on the Ansible control node. The playbook is run by the “ansible_admin” OS (LINUX) user. It does some JIRA checks that all work fine. For example, it connects to a JIRA URL, checks if there are new tasks opened under a certain project called “DCR”. If it finds such tasks in any state other than “Done”, it executes them. Some tasks have Oracle scripts attached. The playbook downloads them all to a local directory /dcr_runtime. All of that works fine.
Here is what the downloaded and processed scripts look like before the error occurs:

[ansible_admin@ctrl dcr_runtime]$ ls -ltr
total 16
-rw-r--r--. 1 ansible_admin ansible_admin 141 Jun 21 10:37 DCR-5569_DCR_000.sql.603374.2026-06-21@10:37:28~
-rw-r--r--. 1 ansible_admin ansible_admin  76 Jun 21 10:37 DCR-5568_DCR_001.sql.603419.2026-06-21@10:37:28~
-rwxrwxrwx. 1 ansible_admin ansible_admin 195 Jun 21 10:37 DCR-5569_DCR_000.ssh
-rwxrwxrwx. 1 ansible_admin ansible_admin 130 Jun 21 10:37 DCR-5568_DCR_001.ssh

It then is supposed to “su” to another user “oracle” to actually execute them - again, locally, because there is an Oracle database client installed on the Ansible control node.
That is where the privilege escalation times out. The execution of such script works fine locally on the Ansible CTRL+ node by the “oracle” user.

Here is the playbook:

---
- name: Transition all Jira project issues to Done
  hosts: localhost
  gather_facts: true
  vars_files:
  - vars/main.yml

  tasks:
  - name: Search for all unresolved issues in the project
    community.general.jira:
      uri: "{{ jira_url }}"
      username: "{{ jira_user }}"
      password: "{{ jira_api_token }}"
      operation: search
      jql: "project = '{{ project_key }}' AND status != '{{ target_status }}'"
      maxresults: 1000
      cloud: true
    register: jira_search_results

  - name: Ensure attachment download directory exists
    ansible.builtin.file:
      path: "{{ scratchpad_dcr_runtime }}"
      state: directory
      mode: '0755'

  - name: Fetch full issue data (including attachments) for each issue
    community.general.jira:
      uri: "{{ jira_url }}"
      username: "{{ jira_user }}"
      password: "{{ jira_api_token }}"
      operation: fetch
      issue: "{{ item.key }}"
      cloud: true
    loop: "{{ jira_search_results.meta.issues }}"
    loop_control:
      label: "{{ item.key }}"
    when: jira_search_results.meta is defined and jira_search_results.meta.issues is defined
    register: jira_issue_details

  - name: Download SQL attachments for each issue
    ansible.builtin.get_url:
      url: "{{ item.1.content }}"
      dest: "{{ scratchpad_dcr_runtime }}/{{ item.0.item.key }}_{{ item.1.filename }}"
      url_username: "{{ jira_user }}"
      url_password: "{{ jira_api_token }}"
      force_basic_auth: yes
      mode: '0644'
    loop: "{{ jira_issue_details.results | subelements('meta.fields.attachment', skip_missing=True) }}"
    loop_control:
      label: "{{ item.0.item.key }}/{{ item.1.filename }}"
    when:
    - jira_issue_details.results is defined
    - item.1.filename | lower is match('.*\.sql$')
    register: download_results

  - name: 1. Find all Oracle database DCR scripts in the Scratchpad | dcr_jira {{ ansible_date_time.iso8601 }}
    ansible.builtin.find:
      paths: "{{ scratchpad_dcr_runtime }}"
      patterns: "*.sql"
      recurse: yes
      file_type: file
    register: directory_contents_check

  - name: Debug message if the Scratchpad is empty | dcr_jira {{ ansible_date_time.iso8601 }}
    ansible.builtin.debug:
      msg: "The DCR directory {{ scratchpad_dcr_runtime }} is empty."
    when: directory_contents_check.matched == 0

  - name: Debug message if the Scratchpad is NOT empty | dcr_jira {{ ansible_date_time.iso8601 }}
    ansible.builtin.debug:
      msg: "The DCR directory {{ scratchpad_dcr_runtime }} is NOT empty, ({{ directory_contents_check.matched }} Oracle DCR scripts found)."
    when: directory_contents_check.matched > 0

  ###############################################################

  - name: 2. Pass a list of DCR SQL scripts files to a variable array | dcr_jira {{ ansible_date_time.iso8601 }}
    ansible.builtin.find:
      paths: "{{ scratchpad_dcr_runtime }}"
      patterns: "*.sql"
      recurse: no
      file_type: file
    ignore_errors: true
    #        delegate_to: localhost
    register: loop_through_dcr_sql_files_out

  - name: 3. Insert the shell heading wrapper to the SQL scripts loop | dcr_jira {{ ansible_date_time.iso8601 }}
    ansible.builtin.lineinfile:
      dest: "{{ item.path }}"
      line: "{{ dcr_connect_credentials }}"
      insertbefore: BOF
      backup: true
    with_items: "{{ loop_through_dcr_sql_files_out.files }}"
    register: changed_header_out

  - name: 4. Insert the shell trailing wrapper to the SQL scripts loop | dcr_jira {{ ansible_date_time.iso8601 }}
    ansible.builtin.lineinfile:
      dest: "{{ item.path }}"
      line: "EOF"
      insertafter: EOF
    #                backup: true
    with_items: "{{ loop_through_dcr_sql_files_out.files }}"
    register: changed_trail

  - name: 5. Rename the wrapper-populated .SQL DCR files to .SH shell scripts using the shell module | dcr_jira {{ ansible_date_time.iso8601 }}
    ansible.builtin.shell:
      cmd: "mv {{ item.path }} {{ item.path | regex_replace(old_extension + '$', new_extension) }}"
    loop: "{{ loop_through_dcr_sql_files_out.files }}"
    loop_control:
      label: "Renaming {{ item.path }} to {{ item.path | regex_replace(old_extension + '$', new_extension) }}"

  - name: 6. Find all Oracle database DCR scripts in the Scratchpad | dcr_jira {{ ansible_date_time.iso8601 }}
    ansible.builtin.find:
      paths: "{{ scratchpad_dcr_runtime }}"
      patterns: "*.ssh"
      recurse: yes
      file_type: file
    register: loop_through_dcr_ssh_files_out

  - name: 7. Change ownership and group of DCR shell scripts to oracle-readable | dcr_jira {{ ansible_date_time.iso8601 }}
    ansible.builtin.file:
      path: "{{ item.path }}"
      mode: '0777'
    with_items: "{{ loop_through_dcr_ssh_files_out.files }}"
    register: changed_trail

  #################### 

#  - name: Running oracle script
#    #    command: "sqlplus / as sysdba @test.sql"
#    #    shell: echo exit |sqlplus "{{ oracle_username }}/ {{ oracle_pwd}} @(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(Host={{ oracle_hostname }} )(Port={{ oracle_port }}))(CONNECT_DATA=(SERVICE_NAME= {{ service_name }})))"@sqlfile.sql;
#    ansible.builtin.shell:
#      cmd: "/tmp/change_password.ssh"
#    become: yes
#    become_method: su
#    become_flags: "--login"
#    become_user: oracle
#    register: password_change_output

#  - name: Debug dcr output | dcr_jira {{ ansible_date_time.iso8601 }}
#    ansible.builtin.debug:
#      var: password_change_output.stdout_lines

  - name: 8. Run each DCR script in order | dcr_jira {{ ansible_date_time.iso8601 }}
    ansible.builtin.shell:
      cmd: "{{ item.path }} >> {{ item.path }}.log 2>&1"
    loop: "{{ loop_through_dcr_ssh_files_out.files }}"
    loop_control:
      label: "Running DCR script: {{ item.path }}"
    ignore_errors: true
    become: yes
    become_method: su
    become_flags: "--"
    become_user: oracle
    become_exe: sudo su -
    register: run_dcr_out
    delegate_to: localhost
#   when: directory_contents_check.matched > 0

  ############## TRANSITION #####################################    

#  - name: Transition issues to Done
#    community.general.jira:
#      uri: "{{ jira_url }}"
#      username: "{{ jira_user }}"
#      password: "{{ jira_api_token }}"
#      operation: transition
#      issue: "{{ item.key }}"
#      status: "{{ target_status }}"
#    loop: "{{ jira_search_results.meta.issues }}"
#    when: >
#      jira_search_results.meta is defined and  jira_search_results.meta.issues is defined and  jira_search_results.meta.issues | length > 0
#    register: transition_output

#  - name: Show transition results
#    ansible.builtin.debug:
#      msg: "Transitioned {{ item.item.key }} to {{ target_status }}"
##    loop: "{{ transition_output.results }}"
#    when: transition_output.results is defined

Here is the output. Basically, when it is time to run each *.ssh script downloaded by “ansible_admin” user by the “oracle” OS user, the playbook waits for 12 seconds, then errors out with a "“Timeout (12s) waiting for privilege escalation prompt”

[ansible_admin@ctrl ansible]$ ansible-playbook ./playbooks_remote/dcr_2.0.yml
[WARNING]: Collection community.general does not support Ansible version 2.16.3
[WARNING]: Skipping callback plugin 'ansible.posix.log_plays', unable to load

PLAY [Transition all Jira project issues to Done] *********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
Sunday 21 June 2026  10:44:03 -0400 (0:00:00.010)       0:00:00.010 *********** 
Sunday 21 June 2026  10:44:03 -0400 (0:00:00.009)       0:00:00.009 *********** 

TASK [Gathering Facts] ************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]
Sunday 21 June 2026  10:44:04 -0400 (0:00:01.918)       0:00:01.929 *********** 
Sunday 21 June 2026  10:44:04 -0400 (0:00:01.918)       0:00:01.928 *********** 

TASK [Search for all unresolved issues in the project] ****************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]
Sunday 21 June 2026  10:44:06 -0400 (0:00:01.044)       0:00:02.973 *********** 
Sunday 21 June 2026  10:44:06 -0400 (0:00:01.044)       0:00:02.972 *********** 

TASK [Ensure attachment download directory exists] ********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]
Sunday 21 June 2026  10:44:06 -0400 (0:00:00.465)       0:00:03.438 *********** 
Sunday 21 June 2026  10:44:06 -0400 (0:00:00.465)       0:00:03.438 *********** 

TASK [Fetch full issue data (including attachments) for each issue] ***************************************************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost] => (item=DCR-5569)
ok: [localhost] => (item=DCR-5568)
Sunday 21 June 2026  10:44:07 -0400 (0:00:01.312)       0:00:04.751 *********** 
Sunday 21 June 2026  10:44:07 -0400 (0:00:01.312)       0:00:04.750 *********** 

TASK [Download SQL attachments for each issue] ************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
changed: [localhost] => (item=DCR-5569/DCR_000.sql)
changed: [localhost] => (item=DCR-5568/DCR_001.sql)
Sunday 21 June 2026  10:44:09 -0400 (0:00:01.982)       0:00:06.733 *********** 
Sunday 21 June 2026  10:44:09 -0400 (0:00:01.982)       0:00:06.732 *********** 

TASK [1. Find all Oracle database DCR scripts in the Scratchpad | dcr_jira 2026-06-21T14:44:04Z] **********************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]
Sunday 21 June 2026  10:44:10 -0400 (0:00:00.818)       0:00:07.551 *********** 
Sunday 21 June 2026  10:44:10 -0400 (0:00:00.818)       0:00:07.550 *********** 

TASK [Debug message if the Scratchpad is empty | dcr_jira 2026-06-21T14:44:04Z] ***************************************************************************************************************************************************************************************************************************************************************************************************************************************
skipping: [localhost]
Sunday 21 June 2026  10:44:10 -0400 (0:00:00.031)       0:00:07.583 *********** 
Sunday 21 June 2026  10:44:10 -0400 (0:00:00.031)       0:00:07.582 *********** 

TASK [Debug message if the Scratchpad is NOT empty | dcr_jira 2026-06-21T14:44:04Z] ***********************************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost] => {
    "msg": "The DCR directory /dcr_runtime is NOT empty, (2 Oracle DCR scripts found)."
}
Sunday 21 June 2026  10:44:10 -0400 (0:00:00.018)       0:00:07.602 *********** 
Sunday 21 June 2026  10:44:10 -0400 (0:00:00.018)       0:00:07.601 *********** 

TASK [2. Pass a list of DCR SQL scripts files to a variable array | dcr_jira 2026-06-21T14:44:04Z] ********************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]
Sunday 21 June 2026  10:44:10 -0400 (0:00:00.337)       0:00:07.940 *********** 
Sunday 21 June 2026  10:44:10 -0400 (0:00:00.337)       0:00:07.939 *********** 

TASK [3. Insert the shell heading wrapper to the SQL scripts loop | dcr_jira 2026-06-21T14:44:04Z] ********************************************************************************************************************************************************************************************************************************************************************************************************************
changed: [localhost] => (item={'path': '/dcr_runtime/DCR-5569_DCR_000.sql', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 54322, 'gid': 54331, 'size': 141, 'inode': 379700, 'dev': 64512, 'nlink': 1, 'atime': 1782053048.85041, 'mtime': 1782053048.84741, 'ctime': 1782053048.85041, 'gr_name': 'ansible_admin', 'pw_name': 'ansible_admin', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False})
changed: [localhost] => (item={'path': '/dcr_runtime/DCR-5568_DCR_001.sql', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 54322, 'gid': 54331, 'size': 76, 'inode': 379703, 'dev': 64512, 'nlink': 1, 'atime': 1782053049.7064157, 'mtime': 1782053049.7034156, 'ctime': 1782053049.7064157, 'gr_name': 'ansible_admin', 'pw_name': 'ansible_admin', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False})
Sunday 21 June 2026  10:44:11 -0400 (0:00:00.930)       0:00:08.870 *********** 
Sunday 21 June 2026  10:44:11 -0400 (0:00:00.929)       0:00:08.869 *********** 

TASK [4. Insert the shell trailing wrapper to the SQL scripts loop | dcr_jira 2026-06-21T14:44:04Z] *******************************************************************************************************************************************************************************************************************************************************************************************************************
changed: [localhost] => (item={'path': '/dcr_runtime/DCR-5569_DCR_000.sql', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 54322, 'gid': 54331, 'size': 141, 'inode': 379700, 'dev': 64512, 'nlink': 1, 'atime': 1782053048.85041, 'mtime': 1782053048.84741, 'ctime': 1782053048.85041, 'gr_name': 'ansible_admin', 'pw_name': 'ansible_admin', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False})
changed: [localhost] => (item={'path': '/dcr_runtime/DCR-5568_DCR_001.sql', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 54322, 'gid': 54331, 'size': 76, 'inode': 379703, 'dev': 64512, 'nlink': 1, 'atime': 1782053049.7064157, 'mtime': 1782053049.7034156, 'ctime': 1782053049.7064157, 'gr_name': 'ansible_admin', 'pw_name': 'ansible_admin', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False})
Sunday 21 June 2026  10:44:12 -0400 (0:00:00.751)       0:00:09.621 *********** 
Sunday 21 June 2026  10:44:12 -0400 (0:00:00.751)       0:00:09.620 *********** 

TASK [5. Rename the wrapper-populated .SQL DCR files to .SH shell scripts using the shell module | dcr_jira 2026-06-21T14:44:04Z] *************************************************************************************************************************************************************************************************************************************************************************************
changed: [localhost] => (item=Renaming /dcr_runtime/DCR-5569_DCR_000.sql to /dcr_runtime/DCR-5569_DCR_000.ssh)
changed: [localhost] => (item=Renaming /dcr_runtime/DCR-5568_DCR_001.sql to /dcr_runtime/DCR-5568_DCR_001.ssh)
Sunday 21 June 2026  10:44:13 -0400 (0:00:00.829)       0:00:10.450 *********** 
Sunday 21 June 2026  10:44:13 -0400 (0:00:00.829)       0:00:10.449 *********** 

TASK [6. Find all Oracle database DCR scripts in the Scratchpad | dcr_jira 2026-06-21T14:44:04Z] **********************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]
Sunday 21 June 2026  10:44:13 -0400 (0:00:00.355)       0:00:10.805 *********** 
Sunday 21 June 2026  10:44:13 -0400 (0:00:00.355)       0:00:10.804 *********** 

TASK [7. Change ownership and group of DCR shell scripts to oracle-readable | dcr_jira 2026-06-21T14:44:04Z] **********************************************************************************************************************************************************************************************************************************************************************************************************
changed: [localhost] => (item={'path': '/dcr_runtime/DCR-5569_DCR_000.ssh', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 54322, 'gid': 54331, 'size': 195, 'inode': 379700, 'dev': 64512, 'nlink': 1, 'atime': 1782053052.2534323, 'mtime': 1782053052.2534323, 'ctime': 1782053053.0594375, 'gr_name': 'ansible_admin', 'pw_name': 'ansible_admin', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False})
changed: [localhost] => (item={'path': '/dcr_runtime/DCR-5568_DCR_001.ssh', 'mode': '0644', 'isdir': False, 'ischr': False, 'isblk': False, 'isreg': True, 'isfifo': False, 'islnk': False, 'issock': False, 'uid': 54322, 'gid': 54331, 'size': 130, 'inode': 379704, 'dev': 64512, 'nlink': 1, 'atime': 1782053052.6074347, 'mtime': 1782053052.6074347, 'ctime': 1782053053.44844, 'gr_name': 'ansible_admin', 'pw_name': 'ansible_admin', 'wusr': True, 'rusr': True, 'xusr': False, 'wgrp': False, 'rgrp': True, 'xgrp': False, 'woth': False, 'roth': True, 'xoth': False, 'isuid': False, 'isgid': False})
Sunday 21 June 2026  10:44:14 -0400 (0:00:00.800)       0:00:11.606 *********** 
Sunday 21 June 2026  10:44:14 -0400 (0:00:00.800)       0:00:11.605 *********** 
 
TASK [8. Run each DCR script in order | dcr_jira 2026-06-21T14:44:04Z] ************************************************************************************************************************************************************************************************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"msg": "Timeout (12s) waiting for privilege escalation prompt: \r\nWe trust you have received the usual lecture from the local System\r\nAdministrator. It usually boils down to these three things:\r\n\r\n    #1) Respect the privacy of others.\r\n    #2) Think before you type.\r\n    #3) With great power comes great responsibility.\r\n\r\r\n"}
...ignoring

PLAY RECAP ************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
localhost                  : ok=14   changed=5    unreachable=0    failed=0    skipped=1    rescued=0    ignored=1   


TASKS RECAP ***********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
Sunday 21 June 2026  10:44:28 -0400 (0:00:13.599)       0:00:25.206 *********** 
=============================================================================== 
8. Run each DCR script in order | dcr_jira 2026-06-21T14:44:04Z ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 13.60s
Download SQL attachments for each issue ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 1.98s
Gathering Facts ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 1.92s
Fetch full issue data (including attachments) for each issue --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.31s
Search for all unresolved issues in the project ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.04s
3. Insert the shell heading wrapper to the SQL scripts loop | dcr_jira 2026-06-21T14:44:04Z -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.93s
5. Rename the wrapper-populated .SQL DCR files to .SH shell scripts using the shell module | dcr_jira 2026-06-21T14:44:04Z ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.83s
1. Find all Oracle database DCR scripts in the Scratchpad | dcr_jira 2026-06-21T14:44:04Z ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.82s
7. Change ownership and group of DCR shell scripts to oracle-readable | dcr_jira 2026-06-21T14:44:04Z ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.80s
4. Insert the shell trailing wrapper to the SQL scripts loop | dcr_jira 2026-06-21T14:44:04Z ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.75s
Ensure attachment download directory exists -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.47s
6. Find all Oracle database DCR scripts in the Scratchpad | dcr_jira 2026-06-21T14:44:04Z ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.36s
2. Pass a list of DCR SQL scripts files to a variable array | dcr_jira 2026-06-21T14:44:04Z -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.34s
Debug message if the Scratchpad is empty | dcr_jira 2026-06-21T14:44:04Z --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.03s
Debug message if the Scratchpad is NOT empty | dcr_jira 2026-06-21T14:44:04Z ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.02s

PLAYBOOK RECAP ********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
Playbook run took 0 days, 0 hours, 0 minutes, 25 seconds


ROLES RECAP ***********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
Sunday 21 June 2026  10:44:28 -0400 (0:00:13.600)       0:00:25.206 *********** 
=============================================================================== 
ansible.builtin.shell -------------------------------------------------- 14.43s
community.general.jira -------------------------------------------------- 2.36s
ansible.builtin.get_url ------------------------------------------------- 1.98s
gather_facts ------------------------------------------------------------ 1.92s
ansible.builtin.lineinfile ---------------------------------------------- 1.68s
ansible.builtin.find ---------------------------------------------------- 1.51s
ansible.builtin.file ---------------------------------------------------- 1.27s
ansible.builtin.debug --------------------------------------------------- 0.05s
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
total ------------------------------------------------------------------ 25.20s
[ansible_admin@ctrl ansible]$

Here are the checks done outside of the playbook. The ping of the local server performed as “ansible_admin” with changing user to “oracle” works:

[ansible_admin@ctrl dcr_runtime]$ ansible localhost -m ping -kKu oracle -b --become-method=su --become-user=oracle
SSH password:
BECOME password[defaults to SSH password]:
[WARNING]: Skipping callback plugin 'ansible.posix.log_plays', unable to load
[WARNING]: Collection community.general does not support Ansible version 2.16.3
Sunday 21 June 2026  10:39:55 -0400 (0:00:00.026)       0:00:00.026 ***********
Sunday 21 June 2026  10:39:55 -0400 (0:00:00.025)       0:00:00.025 ***********
localhost | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3.12"
    },
    "changed": false,
    "ping": "pong"
}

TASKS RECAP ***************************************************************************************************************************************************
Sunday 21 June 2026  10:39:57 -0400 (0:00:02.384)       0:00:02.410 ***********
===============================================================================
ping --------------------------------------------------------------------------------------------------------------------------------------------------- 2.38s

PLAYBOOK RECAP ************************************************************************************************************************************************
Playbook run took 0 days, 0 hours, 0 minutes, 2 seconds


ROLES RECAP ***************************************************************************************************************************************************
Sunday 21 June 2026  10:39:57 -0400 (0:00:02.384)       0:00:02.409 ***********
===============================================================================
ping -------------------------------------------------------------------- 2.38s
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
total ------------------------------------------------------------------- 2.38s
[ansible_admin@ctrl dcr_runtime]$

In addition, the shell script execution works if executed by “oracle”. In this example it gets the data back from the remote server, while run locally from an Oracle client:

[ansible_admin@ctrl dcr_runtime]$ su - oracle
Password:
[oracle@ctrl ~]$ /dcr_runtime/DCR-5569_DCR_000.ssh

SQL*Plus: Release 21.0.0.0.0 - Production on Sun Jun 21 11:10:38 2026
Version 21.3.0.0.0

Copyright (c) 1982, 2021, Oracle.  All rights reserved.

Last Successful login time: Sun Jun 21 2026 10:39:04 -04:00

Connected to:
Oracle Database 21c Enterprise Edition Release 21.0.0.0.0 - Production
Version 21.3.0.0.0

SQL> SQL>
Session altered.

SQL>
REPLACE(CURRENT_SCN,'','')
----------------------------------------
6030540

SQL> Disconnected from Oracle Database 21c Enterprise Edition Release 21.0.0.0.0 - Production
Version 21.3.0.0.0
[oracle@ctrl ~]$

Please help overcome this error. I suppose I could overcome this error by transferring the Oracle script to the remote server and running it there as “oracle” user, but I would much rather to handle everything locally , on the Ansible CTRL+ node since its “oracle” user is perfectly capable of running the scripts by itself, outside of Ansible.

Thank you for your time and effort, much appreciated.

Nestor Kandisky-Clerambeau.

bvitnik · June 21, 2026, 5:31pm

Hi @clerambeau370

It’s a little bit confusing. You are mixing sudo (via become_exe) and su (via become_method) which are different and independent privilege escalation methods. Better to stick to only one of them.

First a question. Do your sudoers rules allow for ansible_admin to run any command as oracle user without authentication (NOPASSWD option)? If not…

… it looks to me that you are just missing a become password when running your playbook. I don’t see it specified in the command line, nor the playbook itself, and I don’t see a prompt where Ansible asked you for one. Either su or sudo is asking for the password in the background (not seen by the user) but Ansible has none to provide. It hangs until timeout.

My advice for you is to set sudoers rules for ansible_admin user so that it can run commands as oracle user without authentication.

clerambeau370 · June 21, 2026, 9:59pm

Thank you, Bojan. That solved it (plus a couple of changes in ansible.cfg)

Topic		Replies	Views
Unable to execute script on remote system as another user Ansible Project ee	8	47	December 2, 2022
how to handle user prompt in privilege escalation Ansible Project	1	22	March 16, 2019
Using "shell" with a switch Ansible Project	29	115	December 5, 2018
Making use of Ansible Privilege Escalation Ansible Project	8	41	June 4, 2015
Ansible not becoming super user Ansible Project	9	45	March 22, 2016

"Privilege escalation" times out, even though the user can run the task in OS

Related topics