Hi everyone,
I have the latest Ansible Tower
installed on a RHEL 8.9
When I run specific ansible tasks, I always get this error message:
{
"module_stdout": "",
"module_stderr": "sudo: /etc/sudo.conf is owned by uid 65534, should be 0\nsudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set\n",
"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
"rc": 1,
"_ansible_no_log": false,
"changed": false
}
Example of tasks would be:
- name: Install cx_Oracle Python module
pip:
name: cx_Oracle
state: present
- name: Execute SQL to get Schemas from DB
ibre5041.ansible_oracle_modules.oracle_sql:
username: "{{ db_username }}"
password: "{{ db_password }}"
mode: "{{ 'sysdba' if ar_orcl_db_sql_user|upper == 'SYS' else 'normal' }}"
hostname: "{{ db_host }}"
service_name: "{{ db_service_name }}"
port: "{{ db_port }}"
#sql: "SELECT username FROM dba_users"
sql: "SELECT NAME FROM v$database"
delegate_to: 127.0.0.1
register: schema_result
Note that, when I comment either one of the tasks, it always triggers the error.
I’ve confirmed that both file’s owner is root, and I believe the setuid has been set.
Here’s the proof:
$ ls -la /usr/bin/sudo
---s--x--x. 1 root root 165528 Dec 7 2021 /usr/bin/sudo
$ stat /usr/bin/sudo
File: /usr/bin/sudo
Size: 165528 Blocks: 328 IO Block: 4096 regular file
Device: ca02h/51714d Inode: 9184962 Links: 1
Access: (4111/---s--x--x) Uid: ( 0/ root) Gid: ( 0/ root)
Context: system_u:object_r:sudo_exec_t:s0
Access: 2024-02-23 12:17:03.876558806 +0000
Modify: 2021-12-07 12:02:43.000000000 +0000
Change: 2022-11-21 19:52:23.879128352 +0000
Birth: 2022-11-21 19:47:26.179931860 +0000
$ stat /etc/sudo.conf
File: /etc/sudo.conf
Size: 1786 Blocks: 8 IO Block: 4096 regular file
Device: ca02h/51714d Inode: 8619263 Links: 1
Access: (0640/-rw-r-----) Uid: ( 0/ root) Gid: ( 0/ root)
Context: system_u:object_r:etc_t:s0
Access: 2024-02-23 12:17:03.883558691 +0000
Modify: 2021-12-07 11:57:12.000000000 +0000
Change: 2022-11-21 19:52:23.873128307 +0000
Birth: 2022-11-21 19:47:26.165931757 +0000
What did I miss here?