1

I am trying to setup ansible (2.0) for installing software on a linux box enter image description here

ies-iesd-jktools is the machine with ansible. ies-iesd-git-06 is the target. User account is iesdgrid that can do sudo on target machine.

Following command hangs on remote:-

    ies-iesd-jktools:~/ansible$ ansible ies-iesd-git-06  \
           -i inventory  -m raw \
           -a "sudo yum install -y python-simplejson"   -vvvv

Using /usr/src/ansible/ansible.cfg as config file

SUDO password: <I type password here>

Loaded callback minimal of type stdout, v2.0
<ies-iesd-git-06> ESTABLISH CONNECTION FOR USER: None on PORT 22 TO ies-iesd-git-06
<ies-iesd-git-06> EXEC sudo yum install -y python-simplejson

This starts a sudo on target machine, but does not proceed as if it is waiting for password

$ hostname
ies-iesd-git-06
$
$ ps -ef| grep su
root       583   582  0 09:01 pts/1    00:00:00 sudo yum install -y python-simplejson
iesdgrid   811   771  0 09:05 pts/2    00:00:00 grep su

What is the mistake?

After a while I got

sudo: pam_authenticate: Conversation error

(manually login to the target machine and sudo there works. )

Jayan
  • 18,003
  • 15
  • 89
  • 143

2 Answers2

4

You need to specify the --become --become-user root --ask-become-pass parameters so ansible will sudo su to root prior to executing the command.

ansible -m raw -a "yum install python-simplejson" testserver --ask-become-pass --become-user root --become
SUDO password:
testserver | SUCCESS | rc=0 >>

Loaded plugins: security
Setting up Install Process
Static_ol6_UEK2_latest                                   | 2.3 kB     00:00
Static_ol6_latest                                        | 2.3 kB     00:00
Package python-simplejson-2.0.9-3.1.el6.x86_64 already installed and latest version
Nothing to do
piojo
  • 6,351
  • 1
  • 26
  • 36
Dave Snigier
  • 2,574
  • 3
  • 21
  • 29
2

sudo, by design, requires an interactive shell so a password can be entered.

The cleanest way of fully automating calls to sudo is giving the user NOPASSWD access to all or only the necessary commands, although this potentially poses a security risk.

Detailed information about the /etc/sudoers configuration file can be found at http://www.sudo.ws/man/1.8.15/sudoers.man.html.

There are several threads on stackexchange dealing with the problem of automated elevated execution on linux:

Cobra_Fast
  • 15,671
  • 8
  • 57
  • 102
  • Thanks. I am using ansible in an interactive fashion. ansible asks for "sudo" password, I type it in. (edited question for this detail) – Jayan Feb 03 '16 at 10:20