Not able to become a different sudo user using ansible in GCE

Question

• I have two GCE instances (say node1, node2).
• I have installed ansible in node1 and is running a script to start a service in node2.
• SSH as root is disabled in GCE instances, so I created a separate user (devops) in node1 and ran the script as devops user.
• There is no root password set in both instances, So I am able to become the root user and execute the whoami command successfully.
• But when i try same after creating a separate user it asks for "sudo: a password is required" but there is no root user password set.

My sample ansible playbook that i tried

https://gist.github.com/pavananms/a7a99a8b1f50ea3ab70e8dddbf4cb56c

I am running the above script as
ansible-playbook test.yml

Answer 1

If you are using devops user for ansible ssh login & trying to become a sudo then add below entry to /etc/sudoers file on target/remote server.

devops ALL=(ALL) NOPASSWD:ALL

Passing any password in command as a plain text is risky for an env, to pass in ansible playbook or command always use ansible vault.

Answer 2

If you don't want a password to become to the app_user, you need add this line into /etc/sudoers file:

app_user        ALL=(ALL:ALL) ALL

But if you see my test case here:

https://gist.github.com/sherlockholmes/63607e10457d260c5d7c61bfc1f74fad

The password is of the firt user, in my case the vagrant user. You could pass this password as an extra variable.

--extra-vars='ansible_become_pass=4nsible'