5

I have 9 servers and i am trying to install a package using ansible, i am able to ssh into 5 of the servers using a password and other 4 does not ask any password while ssh'ng into them.

However i have copied id_rsa.pub key to all the 9 servers.

Now the ansible script is working fine for 5 server but w remaining 4 i am getting the following error message.

fatal: [xxx0?]: FAILED! => {"changed": false, "failed": true, "module_stderr": "Connection to xxx0? closed.\r\n", "module_stdout": "sudo: a password is required\r\n", "msg": "MODULE FAILURE", "rc": 1}

My Ansible.cfg

[defaults]
filter_plugins =./filter_plugins
roles_path = ./roles
sudo_user = root
host_key_checking = False
retry_files_enabled = False
password = ~/password.txt
timeout = 25

[ssh_connection]
ssh_args = -F ~/.ssh/config -o ControlMaster=no -o ControlPersist=30m
control_path = ~/.ssh/ansible-%%r@%%h:%%p

~/.ssh/config

Host xx0? xx0? xx0? xx0? xx0? xx0? xx0? xx0? xx0? .xyz.com
  User yyy
  Port 22

ansible version = ansible 2.3.1.0

How can i solve this error ?

techraf
  • 64,883
  • 27
  • 193
  • 198
user6826691
  • 1,813
  • 9
  • 37
  • 74
  • Perhaps you have permissions errors on .pub file on the 4 servers that are failing. – Difster Jul 11 '17 at 20:56
  • where can i see the .pub file? – user6826691 Jul 11 '17 at 21:28
  • It's in the directory you copied it to. There's no way for me to know that. Also, sorry for that other comment, it was meant for another question. It's been deleted. – Difster Jul 11 '17 at 21:32
  • i copied my id_rsa key to the authorized keys file on the server, but there is no .pub file – user6826691 Jul 11 '17 at 21:33
  • The point is, you want to check the file permissions of whichever files your script needs to access to ensure that they can be used. Read, where you need that, execute where you need that etc. But I have way of knowing what you need where. – Difster Jul 11 '17 at 21:34

2 Answers2

7

You get an error:

sudo: a password is required

It doesn't mean you can't connect to the target machine it means you need to provide a password to run a command with elevated permissions (or that you can't run a command with elevated permissions altogether).

On the contrary, it means the connection is being established with no problems.

Fix your sudoers configuration on the affected machines.

techraf
  • 64,883
  • 27
  • 193
  • 198
6

The main issue is that for ansible task needs the password of 4 servers, so i did export ask sudo password and it worked. It was failing because of the password.

export ANSIBLE_ASK_SUDO_PASS=true
user6826691
  • 1,813
  • 9
  • 37
  • 74
  • 1
    `[DEPRECATION WARNING]: DEFAULT_ASK_SUDO_PASS option, In favor of become which is a generic framework . This feature will be removed in version 2.8. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.` – gies0r Mar 05 '18 at 10:40
  • 2
    To satisfy the deprecation warning for ansible processes run from the command line, add the flag `--ask-become-pass` (ie a full command might look like this `ansible all --ask-become-pass -b --become-user=root -m shell -a 'pwd'`) – olisteadman Jan 16 '19 at 16:42