Ansible sudo_user hangs for a few minutes and then fails (in centos6.5.1 vagrant vm)

Question

Ansible sudo_user hangs for a few minutes and then fails (in centos6.5.1 vagrant vm)

I have two simple tasks:

- name: I am shell: "echo `id`" - name: say hello shell: echo "postgres saying hello" sudo_user: postgres

The second task ends after a long pause, the output is lower (it works with a tramp with a detailed level of vvv) (yes, I checked that the postgres user exists, I can make sudo su postgres from inside the virtual machine)

 TASK: [postgresql | I am] ***************************************************** changed: [192.168.78.6] => {"changed": true, "cmd": "echo `id` ", "delta": "0:00:00.002511", "end": "2014-01-23 22:49:14.161249", "item": "", "rc": 0, "start": "2014-01-23 22:49:14.158738", "stderr": "", "stdout": "uid=0(root) gid=0(root) groups=0(root)"} TASK: [postgresql | say hello] ************************************************ fatal: [192.168.78.6] => failed to parse: [sudo via ansible, key=fnfgfnxabemrzbfixwgoksvgjrfzplxf] password: FATAL: all hosts have already failed -- aborting

Thing works in centos6.5.1 vagrant vm

+4

vagrant ansible

Max L. Jan 23 '14 at 23:02

source share

2 answers

The problem may be in the configuration of sudoers. I had a problem identical to this in a Debian 7.6 field that had the following line in /etc/sudoers :

 %sudo ALL=(ALL:ALL) NOPASSWD: ALL

After I changed this line to the following:

 %sudo ALL=(ALL) NOPASSWD: ALL

Ansible began to work as expected, i.e. was able to perform tasks as a postgres user using sudo .

+2

Joseph S. Jul 28 '14 at 10:22

source share

Paul wolf · Accepted Answer · 2014-04-13T09:13:12+0000

This does not work, obviously for Centos6.5. It is assumed that he cannot ignore the password prompt for the postgres system user, although this is an assumption.

In response to a question on how to overcome the inability to use sudo for postgres (which, in turn, will use peer authentication through the default pg_hba.conf configuration) during postgresql_ * commands, this is a workaround:

 - hosts: all sudo: yes gather_facts: no tasks: - lineinfile: dest='/var/lib/pgsql/9.3/data/pg_hba.conf' regexp="^local\s+all\s+all\s+peer$" line="local all all trust" backrefs=yes - name: restart after line change action: shell sudo /etc/init.d/postgresql-9.3 restart - name: create database postgresql_db: name=acme sudo: no # NB!! sudo_user: postgres

We change the local access from peer to trust , which must be deleted after performing the required operations either with another lineinfile , or by replacing the file with md5, or after rebooting. The foregoing is clear only for demonstration. This is a massive hack, but will allow you to issue available postgresql module commands that work under Centos6. Note that we set sudo off for the postgresql task.

I confirmed that the problem exists, and hacking works for this vm block:

 https://github.com/2creatives/vagrant-centos/releases/download/v6.5.1/centos65-x86_64-20131205.box

Ansible sudo_user hangs for a few minutes and then fails (in centos6.5.1 vagrant vm)

More articles: