Menu
Ansible asks for sudo password from following code, it tries to create a new postgres user.
Error message:
fatal: [xxx.xxx.xxx.xxx] => Missing sudo password
main.yml
- name: 'Provision a PostgreSQL server'
hosts: "dbservers"
sudo: yes
sudo_user: postgres
roles:
- postgres
create_db.yml
- name: Make sure the PostgreSQL users are present
postgresql_user: name=rails password=secret role_attr_flags=CREATEDB,NOSUPERUSER
sudo_user: postgres
sudo: yes
The remote_user that used to login to this machine is a non-root user, it has no password, and can only login using key auth.
For user postgres, this account doesn't have the password as well, because the database was just installed.
Since I logged in as non-root user, of course it will ask for password when switch to postgress account in order to create database user. But it won't be need for password if switch to postgres from root account. So, I wonder if there is a way to switch to root, and then switch to user postgres.
Note: the root account has no public key, no password, and cannot login from SSH.
270
Providing the sudo Password If the remote user needs to provide a password in order to run sudo commands, you can include the option --ask-become-pass to your Ansible command. This will prompt you to provide the remote user sudo password: ansible all -m ping --ask-become-pass.
You can pass variable on the command line via --extra-vars "name=value". You need to use the Sudo password variable named ansible_sudo_pass as shown below.
To create a user with sudo privileges is to put the user into /etc/sudoers , or make the user a member of a group specified in /etc/sudoers . And to make it password-less is to additionally specify NOPASSWD in /etc/sudoers . And instead of fiddling with /etc/sudoers file, we can create a new file in /etc/sudoers.
To specify a password for sudo, run ansible-playbook with --ask-become-pass ( -K for short). If you run a playbook utilizing become and the playbook seems to hang, most likely it is stuck at the privilege escalation prompt. Stop it with CTRL-c , then execute the playbook with -K and the appropriate password.
Try with the option -kK. It will prompt for password.
$ ansible-playbook mail.yml -kK
SSH password:
BECOME password[defaults to SSH password]:
You can specificy the sudo password when running the Ansible playbook:
ansible-playbook playbook.yml -i inventory.ini --extra-vars "ansible_sudo_pass=yourPassword"
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
