Why is Ansible not Running Pip as sudo user?

Question

I have a playbook that ensures all requirements are installed locally. I am using ansible 2.0.0

ansible-playbook site.yml -i staging

site.yml:

---
  - hosts: localhost
    become: yes
    become_user: "{{ sudo_user }}"
    connection: local

    vars_files:
      - vars/main.yml

    roles:
      - do

sudo_user is surfer190 in vars.

do/tasks/main.yml:

- name: make sure everything is installed
  apt: name={{item}} state=installed
  with_items:
    - python-apt
    - python-pycurl
    - python-pip
    - python-setuptools

- name: Install dopy
  pip: name={{ item }}
  with_items:
    - virtualenv
    - dopy
    - passlib

I get the following error:

failed: [localhost] => (item=passlib) => {"cmd": "/usr/local/bin/pip install passlib", "failed": true, "invocation": {"module_args": {"name": "passlib"}, "module_name": "pip"}, "item": "passlib", "msg": "stdout: Collecting passlib\n  Using cached passlib-1.6.5-py2.py3-none-any.whl\nInstalling collected packages: passlib\n\n:stderr: Exception:\nTraceback (most recent call last):\n  File \"/usr/local/lib/python2.7/dist-packages/pip/basecommand.py\", line 211, in main\n    status = self.run(options, args)\n  File \"/usr/local/lib/python2.7/dist-packages/pip/commands/install.py\", line 311, in run\n    root=options.root_path,\n  File \"/usr/local/lib/python2.7/dist-packages/pip/req/req_set.py\", line 646, in install\n    **kwargs\n  File \"/usr/local/lib/python2.7/dist-packages/pip/req/req_install.py\", line 803, in install\n    self.move_wheel_files(self.source_dir, root=root)\n  File \"/usr/local/lib/python2.7/dist-packages/pip/req/req_install.py\", line 998, in move_wheel_files\n    isolated=self.isolated,\n  File \"/usr/local/lib/python2.7/dist-packages/pip/wheel.py\", line 339, in move_wheel_files\n    clobber(source, lib_dir, True)\n  File \"/usr/local/lib/python2.7/dist-packages/pip/wheel.py\", line 310, in clobber\n    ensure_dir(destdir)\n  File \"/usr/local/lib/python2.7/dist-packages/pip/utils/__init__.py\", line 71, in ensure_dir\n    os.makedirs(path)\n  File \"/usr/lib/python2.7/os.py\", line 157, in makedirs\n    mkdir(name, mode)\nOSError: [Errno 13] Permission denied: '/usr/local/lib/python2.7/dist-packages/passlib'\n"}

Which is basically a permission denied. So it is not running the command with sudo. As I try sudo pip install passlib and it works.

Even if I run with -k and enter the sudo password it does not work. Take note that the surfer190 user requires a password to sudo.

What am I doing wrong?

Answer 1

Add 'sudo: yes' to Install dopy task

- name: make sure everything is installed
  apt: name={{item}} state=installed
  with_items:
    - python-apt
    - python-pycurl
    - python-pip
    - python-setuptools

- name: Install dopy
  pip: name={{ item }}
  with_items:
    - virtualenv
    - dopy
    - passlib
  sudo: yes

If you notice that the execution of the playbook hangs while executing the task then it is likely that ansible waits for the sudo passoword but there is no way you can enter the password. There is a way to get around that. Update the below specified section in your sudoers file located at '/etc/sudoers'

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL
yourusername  ALL=NOPASSWD: ALL

Be careful while editing /etc/sudoers, having the incorrect entries might prevent you from logging on to the server ever again.