Getting Past Ansible Password Required Issues
source link: https://fuzzyblog.io/blog/ansible/2020/06/03/getting-past-ansible-password-required-issues.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Getting Past Ansible Password Required Issues
Jun 3, 2020
I recently had the situation where I needed to run an Ansible task on a user which I sudo su'd into i.e.:
sudo su jenkins
I then ran my Ansible task and I repeatedly got this error:
TASK [zzet.rbenv : update apt cache] ****************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "module_stderr": "sudo: a password is required\n",
"module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}
The underlying issue was that most of the tasks in the playbook used:
become: true
which says to Ansible "run this as a sudo operation" and, given that I was already sudo'd into this account, that proved to be a failure. I puzzled over this for a bit and then realized that all I needed to do was grant the jenkins account passwordless sudo access via the command:
sudo visudo
by adding this line to the end of the sudoers file that visudo edits:
jenkins ALL=(ALL) NOPASSWD:ALL
Note: I made sure to remove the jenkins account from visudo after this was done to prevent any issues related to sudo exploits and this user.
Posted In: #ansible
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK