Reputation: 22663
Missing become password when sudoing
I'm seeing an error message when I try to run a task with sudo in my Ansible playbook.
Here's my playbook:
---
- hosts: production
gather_facts: no
remote_user: deployer
become: yes
become_method: sudo
become_user: root
tasks:
- name: Whoami
command: /usr/bin/whoami
I would expect whoami to be root but the task fails with the error message:
» ansible-playbook -i ansible_hosts sudo.yml --ask-sudo-pass
SUDO password: [I paste my sudo password here]
PLAY [production] *************************************************************
GATHERING FACTS ***************************************************************
fatal: [MY.IP] => Missing become password
TASK: [Whoami] ****************************************************************
FATAL: no hosts matched or all hosts have already failed -- aborting
When I manually ssh into the box and try to sudo it works as expected:
» ssh deployer@production
» sudo whoami
[I paste the same sudo password]
root
The deployer user password was set by Ansible as follows (in a different playbook):
- hosts: production
remote_user: root
# The {{ansible_become_pass}} comes from this file:
vars_files:
- ./config.yml
tasks:
- name: Create deployer user
user: name=deployer uid=1040 groups=sudo,deployer shell=/bin/bash password={{ansible_become_pass}}
Where {{ansible_become_pass}} is the password I desire hashed with the following python snippet:
python -c 'import crypt; print crypt.crypt("password I desire", "$1$SomeSalt$")'
"password I desire" is replace with a password and "$1$SomeSalt$" is a random salt.
I'm using Ansible version 1.9.4.
What's the problem?
Upvotes: 9
Views: 4704
Answers (1)
Reputation: 600
I have tried your version, and playbook, only with --ask-pass, which returns "stdout": "root" result.
You have to replace --ask-sudo-pass with --ask-pass. And make sure, your deployer user has root privileges.
$ ./bin/ansible --version
ansible 1.9.4
$ ./ansible/bin/ansible-playbook -vv pl.yml --ask-pass
SSH password:
PLAY [localhost] **************************************************************
TASK: [Whoami] ****************************************************************
<localhost> REMOTE_MODULE command /usr/bin/whoami
changed: [localhost] => {"changed": true, "cmd": ["/usr/bin/whoami"], "delta": "0:00:00.002555", "end": "2015-12-05 07:17:16.634485", "rc": 0, "start": "2015-12-05 07:17:16.631930", "stderr": "", "stdout": "root", "warnings": []}
PLAY RECAP ********************************************************************
localhost : ok=1 changed=1 unreachable=0 failed=0
Upvotes: 5
Related Questions
- Ansible become_user asks for password even though it is configured passwordless
- Missing sudo password in Ansible
- Ansible: sudo without password
- Specify sudo password for Ansible
- password not being accepted for sudo user with ansible
- Ansible: Cannot configure sudo command even become_user is a sudo user
- sudo error even after using "become: yes" in Ansible
- Why Ansible ignores ansible_become_password variable?
- Ansible 1.9.1 'become' and sudo issue
- Missing become password in ansible playbook