Timeout (12s) waiting for privilege escalation prompt WITH PIPELINING

Hey all - I’m hitting the infamous Timeout (12s) waiting for privilege escalation prompt error but only under specific conditions. The task that fails is a loop:

  • name: copy files from blob
    shell: “{{ blob_ssodba_download_working_dir }}/blob_ssodba_download.py {{ item }} {{ blob_ssodba_download_dest_dir | default(blob_ssodba_download_working_dir) }}”
    with_items: “{{ blob_ssodba_download_keys }}”
    become: “{{ blob_ssodba_become | bool }}”

And blob_ssodba_download_keys contains for items. So the shell command is running four times. The failure always occurs during the 4th iteration of the loop. The error message with -vvv isn’t useful:

Using module file /sso/sfw/virtualenv/ansible29/lib/python2.7/site-packages/ansible-2.9.9-py2.7.egg/ansible/modules/commands/command.py
Pipelining is enabled.
<azuseoracle01.vsp.sas.com> ESTABLISH SSH CONNECTION FOR USER: None
<azuseoracle01.vsp.sas.com> SSH: EXEC ssh -C -o ControlMaster=no -o StrictHostKeyChecking=no -o GSSAPIAuthentication=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 azuseoracle01.vsp.sas.com ‘/etc/ansible-wrapper -c ‘"’“'sudo -H -S -p “[sudo via ansible, key=yjyrdwfgvmqyevbiotnpzymsreknqtrd] password:” -u root /etc/ansible-wrapper -c '”’“'”‘"’“'”‘"’“‘echo BECOME-SUCCESS-yjyrdwfgvmqyevbiotnpzymsreknqtrd ; /usr/bin/python’”‘"’“'”‘"’“'”‘"’ && sleep 0’“'”‘’
fatal: [azuseoracle01.vsp.sas.com]: FAILED! => {
“msg”: "Timeout (12s) waiting for privilege escalation prompt: "
}

When I watch journalctl -f on the target, I notice a connection is not even attempted during the fourth iteration of the loop. And the error only occurs when pipelining is on.

Any idea what might be going on?

Rob

Without knowing anything about those scripts, I would try
adding/removing items to blob_ssodba_download_keys (so with 3 or 5
items).
This can reveal if the issue is with the 4th item - or with the last item.

What is the privilege escalation method? I see the string 'oracle' -
can it be some enterprise/corporate security measure that kicks in?

Hey Dick - thanks for your response. I’m using sudo. I bumped timeout to 20s in ansible.cfg and now the playbook completes even with pipelining. While watching the -vvv output, I noticed “Escalation succeeded” after ~12 seconds, so I think I was just barely hitting the timeout. I still don’t understand why it’s timing out without attempting a connection (journalctl output), but honestly, I don’t understand the state machine in ssh.py! Back in business though.

Rob