wait_for and local_action comes back with an error about sudo

Hi List,

I’m trying to reboot a server from a playlist and then have the playlist wait for the server to come back before continuing with it’s next action.

So this is the playbook part:

---

• hosts: 10.137.0.145

user: mark

sudo: true

vars:

hostname: servername01

sid: ABC2

tasks:

• name: Make /etc/hostname/ correct

action: lineinfile dest=/etc/hostname backup=true state=present regexp=^ line=‘$hostname’

• name: Reboot

action: command /sbin/reboot

• name: Wait for it to come back

local_action: wait_for host=10.137.0.145 port=22 delay=5 timeout=300

And this is the error it gives me:

sudo password:

PLAY [10.137.0.145] *********************

GATHERING FACTS *********************

ok: [10.137.0.145]

TASK: [Make /etc/hostname/ correct] *********************

ok: [10.137.0.145] => {“changed”: false, “msg”: “”}

TASK: [Reboot] *********************

changed: [10.137.0.145] => {“changed”: true, “cmd”: [“/sbin/reboot”], “delta”: “0:00:00.069021”, “end”: “2012-11-07 14:51:07.350678”, “rc”: 0, “start”: “2012-11-07 14:51:07.281657”, “stderr”: “”, “stdout”: “”}

TASK: [Wait for it to come back] *********************

fatal: [10.137.0.145] => sudo with password is presently only supported on the ‘paramiko’ (SSH) and native ‘ssh’ connection types

FATAL: all hosts have already failed – aborting

PLAY RECAP *********************

10.137.0.145 : ok=3 changed=1 unreachable=1 failed=0

So I’m doing something wrong here. Any idea’s?

Thanks,
Mark

You're not doing anything wrong, but the local connection plugin
doesn't yet support sudo with a password:

https://github.com/ansible/ansible/blob/devel/lib/ansible/runner/connection_plugins/local.py

Suggestion is to allow passwordless sudo or to patch the module.

--Michael

Ah that’s why… Makes sense.

Can I make the assumption that a lot of you are just running ansible from the root user?

Nope.

local_action is a corner case, and many of us *do* have sudo
configured to not require a password, or are not using local_action.

You may wish to do "delegate_to: localhost" instead.

I think for a while we didn't assume localhost was "-c local" but it's
a bit of a damned if we do, damned if we don't scenario -- you get
equal questions either way. (why do I need to be able to SSH into
myself, etc).

Not really,

I have encountered this issue also, I’m looking at how to solve this in a way that works for others and that makes sense to integrate into ansible.

Don’t get me wrong, I still think ansible is a beautifull tool in mijn toolkit. The quirks are more or less obvious and are easily solvable all from the main “ansible” server.

NOPASSWD is on it’s way.

Mark

@bcoca -- thanks -- I figure if you can get this figured out, we may
be able to support the --ask-sudo-pass for -c ssh as well.

Michael DeHaan wrote:

@bcoca -- thanks -- I figure if you can get this figured out, we may
be able to support the --ask-sudo-pass for -c ssh as well.

It is already supported. Regular passwords are what aren't.

Daniel

Mark Maas wrote:

Hi List,

I'm trying to reboot a server from a playlist and then have the playlist
wait for the server to come back before continuing with it's next action.

So this is the playbook part:

---
- hosts: 10.137.0.145
  user: mark
  sudo: true
  vars:
   hostname: servername01
   sid: ABC2
  tasks:
  - name: Make /etc/hostname/ correct
    action: lineinfile dest=/etc/hostname backup=true state=present
regexp=^ line='$hostname'
  - name: Reboot
    action: command /sbin/reboot
  - name: Wait for it to come back
    local_action: wait_for host=10.137.0.145 port=22 delay=5 timeout=300

What you want here is a
    sudo: False
to disable sudo for this task.

Daniel

Not neccessarily, suppose you want to sudo.

Indeed, the only thing that seems to work with wait_for is to use NOPASSWD on ALL the servers which is a big no-no in my book.
NOPASSWD on the ansible server is one thing, but on all of them…

Is there another way I can do this without resorting to that?

mmaas@pmgtansible:~/playbooks/binck$ cat ./test.yml

Fix the local connection module to make it support taking the password.

Excellent, except you may not want my code Still learning simple lists and dictionaries. It’l be a while.

temporary workaround:

delegate_to: 127.0.0.2
(versus local_action)

will almost definitely make it not use the local connection

Excellent! Thanks!