CentOS Question posted in
The official documentation can be found here.

Ansible Become reports success but command fails due to lack of privilege – CentOS

I am running a simple playbook to test setting up K8s, step one is to turn off swap, which requires elevation to succeed. I have ansible installed on one ubuntu docker container, trying to run the play on another centos container, both on my local windows machine.

My playbook

---
- hosts: local
  become: yes
  become_method: sudo
  roles:
    - kubernetes

The failing task

---
- name: turn off swap
  shell: |
    swapoff -a

Resulting output snipped to the relevant portion

ok: [centosbox]
<172.66.2.66> SSH: EXEC ssh -C -q -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=config -o ConnectTimeout=10 -o ControlPath=/home/config/.ansible/cp/ansible-ssh-%h-%p-%r -tt 172.66.2.66 '/bin/sh -c '"'"'sudo -H -S -n -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-hvrarwhvnbwtveklbinfwigmrapurugb; LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 LC_MESSAGES=en_US.UTF-8 /usr/bin/python /home/config/.ansible/tmp/ansible-tmp-1572951151.19-42546213906525/command; rm -rf "/home/config/.ansible/tmp/ansible-tmp-1572951151.19-42546213906525/" > /dev/null 2>&1'"'"'"'"'"'"'"'"''"'"''

fatal: [centosbox]: FAILED! => {"changed": true, "cmd": "swapoff -a", "delta": "0:00:00.119504", "end": "2019-11-05 10:52:31.431316", "failed": true, "invocation": {"module_args": {"_raw_params": "swapoff -a", 
"_uses_shell": true, "chdir": null, "creates": null, "executable": null, "removes": null, "warn": true}, "module_name": "command"}, "rc": 1, "start": "2019-11-05 10:52:31.311812", "stderr": "swapoff: Not superuser.", "stdout": "", "stdout_lines": [], "warnings": []}

The output swapoff: Not superuser. is exactly what you would expect running the command as a non-elevated user. The user is set for paswordless sudo on the target machine and its the same user running the playbook.

[local]
centosbox ansible_host=172.66.2.66 ansible_user=config

I have tried varying the setup, adding become at different levels and all result in this same error. I also tried running the swapoff command using different methods in the playbook, same results.
Any suggestions greatly appreciated.

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    Found the problem and solution in this article - https://forums.docker.com/t/docker-swap-space/3908 I added privileged: true to my compose file and it works at last. Thanks everyone who helped lead me to this answer.


  2. 0

    My first guess would be that the user ‘config’ which you use to SSH from your ubuntu container into your target container is not having the same UID across both containers.

    Since the uid/gid space is shared between containers and their host system, you want to ensure that when using the ‘config’ user from your ubuntu container, it translates to the same user on your destination container. This could be done by ensuring these users have the same UID when creating your docker image, e.g. in your Dockerfile:

    RUN useradd -r -u 1001 -g config config

    Good read: https://medium.com/@mccode/understanding-how-uid-and-gid-work-in-docker-containers-c37a01d01cf

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search