Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

password not being accepted for sudo user with ansible

Tags:

ansible

ansible-playbook

ansible-2.x

I am running an ansible playbook as a sudo user (forcing the sudo password) - however, I am getting a response stating that the su password is incorrect even though I can do the following on the remote server (with the same password that I tried with ansible):

sudo su - root

error message

 fatal: [testserver]: FAILED! => {"failed": true, "msg": "Incorrect su password"}

hosts

[webservers]
testserver ansible_ssh_host=ec2-52-87-166-241.compute-1.amazonaws.com ansible_ssh_port=9876

ansible command

ansible-playbook test_playbook.yml -i hosts --ask-become-pass -vvv

test_playbook

---
- hosts: all
  gather_facts: no
  remote_user: testuser
  become: yes
  become_method: su
  become_user: root
  any_errors_fatal: true

  tasks: 
  - group: 
       name: devops
       state: present
  - name: create devops user with admin privileges

    user: 
      name: devops
      comment: "Devops User"
      uid: 2001
      groups: devops

Any thoughts on what I might be doing wrong?

like image 457
ali haider Avatar asked Jul 08 '16 17:07

ali haider

People also ask

How do you pass the sudo password in ansible-playbook?

Providing the sudo Password If the remote user needs to provide a password in order to run sudo commands, you can include the option --ask-become-pass to your Ansible command. This will prompt you to provide the remote user sudo password: ansible all -m ping --ask-become-pass.

How do I bypass sudo password in ansible Tower?

You can pass variable on the command line via --extra-vars "name=value". You need to use the Sudo password variable named ansible_sudo_pass as shown below.

Does ansible sudo need Passwordless?

Ansible is intended for automating administrative tasks, so generally needs top-level (root) level access hence "passwordless sudo". If you only need it to run a subset of the commands available on your system though, you can lock it down to just those commands with a more detailed sudo configuration.

1 Answers

In 'sudo su - root' the root privilege is gained by sudo rather than su (that is why the latter doesn't ask for the root password, since it is invoked by a process already in the role of the root user).

However, in your setup you have specified become_method: su, which expects root's password.

So the fix will be to change become_method to sudo (or, if you know root's password, enter that one instead of your user's password).

like image 77
Leon Avatar answered Sep 18 '22 13:09

Leon
Sign in to Comment

Related questions

Jinja: variable inside string inside if statement
How to filter dictionaries in Jinja?
How to get just the version of the software when using ansible_facts.packages["zabbix-agent"]
How can i run ansible command if certain file changed
How to start Docker containers on boot, managed with Ansible (Tower)
Ansible - how to concatenate files contents into a variable
Getting the IP address/attributes of the AWS instance created using Ansible
How to keep local roles separated from the ones loaded from ansible-galaxy?
Ansible find object in list by value of object field
Ansible check if key/value pair exists in list of dictionaries
Installing PHP Pear packages via Ansible with idempotency
Ansible escape * in regex
Becoming non root user in ansible fails
How to enforce the order of with_dict in Ansible?
How to stop the playbook if one play fails
Ansible timezone module fails (different reasons on different OSes)
best way to modify json in ansible
copy files to server from relative path in ansible
Call ssh-copy-id in an Ansible playbook - How to handle password prompt?
Ansible update user password

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!