By popular request, sudo with a password now works! Previously, sudo had to be configured passwordless.
I am going to be updating the documentation soon, but it looks like this if you want to try it:
For /usr/bin/ansible :
ansible hosts -m ping -u nonRootUserName -K
For playbooks:
- user: nonRootUserName
sudo: True
And run it with:
ansible-playbook /path/to/playbook.yml -K
(And of course if you need to NOT use an ssh key, you can still also use “-k” to not do that, though you’d have to enter two passwords, obviously)
For the API, just pass “sudo_pass” to the constructor to Runner().
Just as the sudo implementation is a bit slower than direct root login (due to the timing magic involved), sudo w/ password is about 0.2 seconds slower
than that per operation. We are going to be doing some cleanup to reduce the amount of operations ansible executes per task, but I don’t think it’s that excessive.
Testing for this is VERY welcome. If you see any hanging, there are two things that could happen. (A) is you got the password wrong and left of -K (–ask-sudo-pass). (B) is my timing logic in connection.py is insufficiently short, and we’ll have to increase the sleep values.
It should be possible to fine tune the paramiko code to remove the sleep logic, if someone wants to fiddle with it, but I think this is workable.
Anyway, please test, and we should be pretty excited for this… it should open up one of the last remaining hurdles to people using ansible, namely that
they do not allow root logins AND sudo to root always requires a password. For users in this scenario, you now have a solution. w00t.
Thanks and have a good weekend!
–Michael