flyingfish
Reputation: 335
MODULE FAILURE while using 'become' in ansible
I want to run a specific Ansible task as a different user(webadmin) than the one who connect to the remote machine(root). Therefore, I use 'become' module to change the user in my task:
---
- name: Git clone
git:
repo: '{{ repository }}'
dest: '{{ workcopypath }}/{{ project_group }}'
become: yes
become_user: '{{ myuser }}'However, there are something wrong while I running my playbook:
Using module file /usr/lib/python2.7/site-packages/ansible/modules/source_control/git.py
<10.122.2.20> cmd|/bin/sh -c '( umask 77 && mkdir -p "` echo /var/tmp/ansible-tmp-1542694736.75-69768062845781 `" && echo ansible-tmp-1542694736.75-69768062845781="` echo /var/tmp/ansible-tmp-1542694736.75-69768062845781 `" ) && sleep 0'|False|None
<10.122.2.20> put_file|/root/.ansible/tmp/ansible-local-13654yyClbh/tmpTL422C|/var/tmp/ansible-tmp-1542694736.75-69768062845781/git.py
<10.122.2.20> cmd|/bin/sh -c 'setfacl -m u:webadmin:r-x /var/tmp/ansible-tmp-1542694736.75-69768062845781/ /var/tmp/ansible-tmp-1542694736.75-69768062845781/git.py && sleep 0'|False|None
<10.122.2.20> cmd|/bin/sh -c 'sudo -H -S -n -u webadmin /bin/sh -c '"'"'echo BECOME-SUCCESS-ozfqbfexlaybkeimxrmuyppdrzmrhxxu; /usr/bin/python /var/tmp/ansible-tmp-1542694736.75-69768062845781/git.py'"'"' && sleep 0'|True|None
<10.122.2.20> cmd|/bin/sh -c 'rm -f -r /var/tmp/ansible-tmp-1542694736.75-69768062845781/ > /dev/null 2>&1 && sleep 0'|False|Non
fatal: [10.122.2.20]: FAILED! => {
"changed": false,
"module_stderr": "",
"module_stdout": "ERROR: invalid timeout value of BECOME-SUCCESS-ozfqbfexlaybkeimxrmuyppdrzmrhxxu\n/usr/bin/python: can't open file '/var/tmp/ansible-tmp-1542694736.75-69768062845781/git.py\"' && sleep 0'': [Errno 2] No such file or directory",
"msg": "MODULE FAILURE",
"rc": 512
}Upvotes: 1
Views: 1826
Answers (2)
Chu-Siang Lai
Reputation: 2728
Thanks @JGK feedback.
I also write this sample playbook to check become_user method.
Playbook
---
- name: Check become_user of postgres
hosts: server
tasks:
- name: Run with root.
command: whoami
become: true
register: root_rc
- name: Run with postgres.
command: whoami
become: true
become_user: postgres
register: postgres_rc
- name: print result
debug:
msg: "[ root_rc: {{ root_rc.stdout }}, postgres_rc: {{ postgres_rc.stdout }}]"
Run before change: FAILED
[ chusiang@banshee ~/playbooks ] - 17:33
ssh server "sudo -H -S -n -u postgres /bin/sh -c /bin/uname"
sudo: a password is required
[ chusiang@banshee ~/playbooks ] - 17:35
(cmd)$ ANSIBLE_NOCOWS=0 ansible-playbook check_become_user.yml
______________________________________
< PLAY [Check become_user of postgres] >
--------------------------------------
\
\ \_\_ _/_/
\ \__/
(oo)\_______
(__)\ )\/\
||----w |
|| ||
________________________
< TASK [Gathering Facts] >
------------------------
\
\ \_\_ _/_/
\ \__/
(oo)\_______
(__)\ )\/\
||----w |
|| ||
ok: [server]
_______________________
< TASK [Run with root.] >
-----------------------
\
\ \_\_ _/_/
\ \__/
(oo)\_______
(__)\ )\/\
||----w |
|| ||
changed: [server]
___________________________
< TASK [Run with postgres.] >
---------------------------
\
\ \_\_ _/_/
\ \__/
(oo)\_______
(__)\ )\/\
||----w |
|| ||
fatal: [server]: FAILED! => {
"changed": false,
"rc": 1
}
MSG:
MODULE FAILURE
See stdout/stderr for the exact error
____________
< PLAY RECAP >
------------
\
\ \_\_ _/_/
\ \__/
(oo)\_______
(__)\ )\/\
||----w |
|| ||
server : ok=2 changed=1 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
Add sudo no password setting of postgres
Please replace the username of chusiang to yourself.
[root@server ~]# sudo vim /etc/sudoers.d/postgres
+ chusiang ALL=(postgres) NOPASSWD:ALL
Run after change: PASS
[ chusiang@banshee ~/playbooks ] - 17:35
ssh server "sudo -H -S -n -u postgres /bin/sh -c /bin/uname"
Linux
[ jonny@banshee ~/vcs/lw/jonny.lai/lw-cloud.ansible.M2 ] (feature/support_only_offic) - 17:36
(cmd)$ ANSIBLE_NOCOWS=0 ansible-playbook check_become_user.yml
______________________________________
< PLAY [Check become_user of postgres] >
--------------------------------------
\
\ \_\_ _/_/
\ \__/
(oo)\_______
(__)\ )\/\
||----w |
|| ||
________________________
< TASK [Gathering Facts] >
------------------------
\
\ \_\_ _/_/
\ \__/
(oo)\_______
(__)\ )\/\
||----w |
|| ||
ok: [server]
_______________________
< TASK [Run with root.] >
-----------------------
\
\ \_\_ _/_/
\ \__/
(oo)\_______
(__)\ )\/\
||----w |
|| ||
changed: [server]
___________________________
< TASK [Run with postgres.] >
---------------------------
\
\ \_\_ _/_/
\ \__/
(oo)\_______
(__)\ )\/\
||----w |
|| ||
changed: [server]
_____________________
< TASK [print result] >
---------------------
\
\ \_\_ _/_/
\ \__/
(oo)\_______
(__)\ )\/\
||----w |
|| ||
ok: [server] => {}
MSG:
[ root_rc: root, postgres_rc: postgres]
____________
< PLAY RECAP >
------------
\
\ \_\_ _/_/
\ \__/
(oo)\_______
(__)\ )\/\
||----w |
|| ||
server : ok=4 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Upvotes: 0
JGK
Reputation: 4168
You have to edit the /etc/sudoers file on the remote system, so that there is the following line:
ANSIBLE_SSH_USER ALL=(ALL) NOPASSWD:ALL
You can test it with:
your_user@ansible-server:~$ ssh ANSIBLE_SSH_USER@remote_system "sudo -H -S -n -u webadmin /bin/sh -c /bin/uname"
This should return Linux or whatever your remote system is. If there is something with sudo: a password is required then you /etc/sudoers is still not fine. If it works, try it with you ansible script.
Upvotes: 2
Related Questions
- Ansible: using "become" with "import_role"
- ansible: git module is hanging
- become_user not working in Ansible when specifying become: true
- How to import a module hosted in a git repo in ANSIBLE?
- Ansible with Git module
- sudo error even after using "become: yes" in Ansible
- Ansible: "Permission denied (publickey)" when using git module
- Synchronize module fails with become
- Ansible git module not checking out a branch
- ansible command: module returning error