Ansible Playbook freezes on running a remote shell script having sudo

Question

NOTE: This is scenario with vitualbox running a minimal ubuntu image used as a remote host being accessed from ubuntu 16.04

I am a beginner using ansible to run a shell script on a remote server, but it seems to freeze, i dont recieve any logs even after using "-vvv" in arguments. After a little debugging i figured that the problem was with sudo apt-get update used in the shell script.

If i pass the password as an argument from ansible plabook to the shell file and later use it as echo "$PASS" | sudo -S apt-get update , the script seems to work.

How do i configure my ansible Playbook so that it doesnot freeze on the password prompt on executing sudo apt-get update inside the shell file.

and i need to use a specific user account and password instead of root.

I am passing host, user and pass as --extra-vars to the playbook,

{{ host }} is the ip address of the remote host.

{{ user }} is a user account on the remote machine.

{{ pass }} is the password of the user account on the remote machine.

Here is my ansible playbook -


---
- hosts: "{{ host }}"
  remote_user: "{{ user }}"
  vars:
    ansible_become_pass: "{{ pass }}"
  tasks:
    - name: Move test.sh file to remote
      copy: 
        src: ./../scripts/test.sh
        dest: /home/{{ user }}/new/test.sh

    - name: Executing the test.sh script
      command: sh test.sh
      args:
        chdir: /home/{{ user }}/new/
      become: yes
      become_user: "{{ user }}"

On the server where you are running your script you need to configure sudo without password. So that whenever you run sudo it wouldn't ask for password. — getashu1, Sep 14 '18 at 10:10
https://stackoverflow.com/questions/21870083/specify-sudo-password-for-ansible — Vignajeth, Sep 14 '18 at 11:01
@getashu1 i cant do that as it would pose a big security risk, as anybody could run commands remotely on my server without being asked for password. — thakurnikk, Sep 14 '18 at 12:17

score 0 · Answer 1 · answered Sep 15 '18 at 22:25

I can see two things here:

As per your comments:

I need to use a specific user account and password instead of root.

In Ubuntu, apt-get update must to be run as ID 0 (root), isn't it? so when you add:

become: yes

Means that you expect your user be able to do the operation you require.

In this case apt-get update needs root access to lock /var/lib/apt/lists/ among others.

I guess it is not your case so you need to do:

---
- hosts: "{{ host }}"
  remote_user: "{{ user }}"
  vars:
    ansible_become_pass: "{{ pass }}"
  tasks:
    - name: Move test.sh file to remote
      copy: 
        src: ./../scripts/test.sh
        dest: /home/{{ user }}/new/test.sh

    - name: Executing the test.sh script
      command: sh test.sh
      args:
        chdir: /home/{{ user }}/new/
      become: yes

Removing the become_user: "{{ user }}". I guess also the user has sudo access to run apt-get update so the password will work.

In the other hand, you won't need to run sudp apt-get update inside your script, a simple apt-get update will be enough.

Here the first thing.

For the second, I recommend you splitting actions. If you are going to update your system, do first:

apt-get update with become

And other tasks with the user (If that is required). Also, use ansible modules as much as possible. Don't run apt-get updatewhen you have:

- name: apt-get example
  apt:
    name: package
    update_cache: yes

Or even package.

BTW, I'm running the example as:

ansible-playbook test.yml -e "host=ubuntu-1.vagrant.local pass=ansible user=ansible"

using just `become : yes` would run the script as user root, though `sudo apt-get update` would work without freezing in the password prompt, it would hinder complex tasks in the bash script, the commands that were to operate in a specific user workspace using specific user account would not execute successfully using "root". — thakurnikk, Sep 21 '18 at 06:37
What will be the value of $HOME and $USER in the bash script being run by ansible as root account and in another case being run as a normal user account. — thakurnikk, Sep 23 '18 at 05:55
But why doing with a bash script if you can do it with Ansible? I'm trying to give you some tips to fully control your execution with Ansible and not only using it as Script runner. It is much more than that and you will realise that the best option is not creating a bash script but managing it with Ansible. That's why I'm asking. BTW: Sorry for the delay I was on holidays :P — imjoseangel, Sep 29 '18 at 16:54

Ansible Playbook freezes on running a remote shell script having sudo

1 Answers1