I just don't know what else to try. I've beat my head on this for 3 days now and it's becoming obvious that either Ansible 2.3 is a complete disaster, or the CentOS 7 package is a complete cluster. Here's my problem. I am working on getting an ansible server to manage about 100 or so CentOS 6 servers. All have an unprivileged user account setup (up to 3 years before I got here in April) but that user account isn't setup with sudo access. The way to get to root is 'su'. I'm not a newbie with Ansible as I used it extensively in my previous position to manage ~70 or so Ubuntu servers. The Ansible is CentOS 7. I'm working on getting Ansible to play nice with privilege escalation using SU and NAFT has worked. Here's an example (very simple) playbook: Because I'm having to use 'su' I have to either add the user password to the inventory file or use the --ask-become-pass parameter to the command line. Every time I do, I get this: [root at ansible ~]# ansible-playbook playbooks/radtest.yml --ask-become-pass SUDO password: It bombs timing out on privilege escalation. Every single time. I'm absolutely frustrated and am almost ready to throw ansible to the curb for something that doesn't suck so bad. But before I do, I'm asking the list, anyone seen anything like this before? I could post to the ansible list, but it's a google group and God knows when I might get a reply. BTW, setting up root with key-only auth is an option, but would be a real PITA to configure 100+ external servers by hand with the keys and reconfig sshd for it.
Gordon Messmer
2017-Jun-05 18:02 UTC
[CentOS] C7 ansible 2.3 become_method: su not working
On 06/05/2017 10:40 AM, Mark Haney wrote:> [root at ansible ~]# ansible-playbook playbooks/radtest.yml > --ask-become-pass > SUDO password:ansible-playbook --become-method su --ask-become-pass playbooks/radtest.yml
Well, it turns out, after 4 days of digging, that the become_method: su option has a catastrophic bug in it that makes it fail when the method is SU. At least for version 2.3.0 of Ansible. I just found v2.3.1 in EPEL testing that I may pull just to see if that fixes the problem. I can't believe that bug managed to get overlooked when released. Ah well. On 06/05/2017 02:02 PM, Gordon Messmer wrote:> On 06/05/2017 10:40 AM, Mark Haney wrote: >> [root at ansible ~]# ansible-playbook playbooks/radtest.yml >> --ask-become-pass >> SUDO password: > > > ansible-playbook --become-method su --ask-become-pass > playbooks/radtest.yml > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos