ansible sudo_user hangs for a few minutes and then fails (in a centos6.5.1 vagrant vm)

Question

I have these two simple tasks :

- name: I am 
  shell: "echo `id`"

- name: say hello
  shell: echo "postgres saying hello"
  sudo_user: postgres

The second task fails after a long pause, the output is below (it's runing with vagrant with the verbose level vvv) (yes I have verified that the user postgres exists, I can do a sudo su postgres from inside the VM)

TASK: [postgresql | I am] ***************************************************** 
changed: [192.168.78.6] => {"changed": true, "cmd": "echo `id` ", "delta": "0:00:00.002511", "end": "2014-01-23 22:49:14.161249", "item": "", "rc": 0, "start": "2014-01-23 22:49:14.158738", "stderr": "", "stdout": "uid=0(root) gid=0(root) groups=0(root)"}

TASK: [postgresql | say hello] ************************************************ 
fatal: [192.168.78.6] => failed to parse: [sudo via ansible, key=fnfgfnxabemrzbfixwgoksvgjrfzplxf] password: 


FATAL: all hosts have already failed -- aborting

The thing runs in a centos6.5.1 vagrant vm

Answer 1

It doesn't work apparently for Centos6.5. The supposition is that it is unable to get past a prompt for the postgres system user password, though that is speculation.

In answer to the question how to overcome the inability of ansible to sudo to postgres (which in turn would use peer authentication via the default pg_hba.conf configuration) during the postgresql_* commands, here is a workaround:

- hosts: all
  sudo: yes
  gather_facts: no

  tasks:
    - lineinfile: dest='/var/lib/pgsql/9.3/data/pg_hba.conf' regexp="^local\s+all\s+all\s+peer$" line="local    all        all                      trust" backrefs=yes

    - name: restart after line change
      action: shell sudo /etc/init.d/postgresql-9.3 restart

    - name: create database
      postgresql_db: name=acme
      sudo: no                         # NB!!
      sudo_user: postgres

We are changing local access from peer to trust which needs to be removed after the required operations are performed either by another lineinfile or replacing the file using md5 or whatever the desired configuration is followed by a restart. The above is clearly for demonstration only. This is a massive hack but will allow you to issue ansible postgresql module commands that work under Centos6. Note that we set sudo off for the postgresql task.

I confirmed the problem exists and the hack works for this vm box:

https://github.com/2creatives/vagrant-centos/releases/download/v6.5.1/centos65-x86_64-20131205.box

Answer 2

The issue may be in the sudoers configuration. I was having a problem identical to this one on a Debian 7.6 box that had the following line in /etc/sudoers:

%sudo   ALL=(ALL:ALL) NOPASSWD: ALL

After I changed that line to the following:

%sudo   ALL=(ALL) NOPASSWD: ALL

Ansible started working as expected, i.e. it was able to execute tasks as the postgres user using sudo.