Im trying to use synchronize with ansible and it uses rsync.
I have this task :
- name: Synchronization of src on the control machine to dest on the remote hosts become: yes ansible.posix.synchronize: src: ./ dest: "{{ var_app_path }}/"
I get this error :
fatal: [ip_adress]: FAILED! => {"changed": false, "cmd": "/usr/bin/rsync --delay-updates -F --compress --archive --rsh=/usr/bin/ssh -S none -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null --rsync-path=sudo rsync --out-format=<<CHANGED>>%i %n%L /builds/nickname/spa2023/ debian@ip_adress:/app/", "msg": "Warning: Permanently added 'ip_adress' (ECDSA) to the list of known hosts.rnsudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helpernsudo: a password is requirednrsync: connection unexpectedly closed (0 bytes received so far) [sender]nrsync error: error in rsync protocol data stream (code 12) at io.c(228) [sender=3.2.3]n", "rc": 12}
Apparently, the command asks for a password but doesnt get the terminal to give the sudo password?
How do you resolve this? I am now using copy which is very very slow.
The command is run in a pipeline ci/cid:
ansible-playbook -u $LOGIN -i "$SERVER_IP," –extra-vars
"ansible_sudo_pass=$SUDO_PASSWORD" playbook.yml
Thank you
I have tried to run manully with ask-become
2
Answers
So you could try to force the terminal.
As can be seen in the SSH man page:
The way to apply that on an Ansible SSH connection is managed in ansible.builtin.ssh_connection.
We can use the
ssh_args
option. It’s default isssh_args = -C -o ControlMaster=auto -o ControlPersist=60s
so let’s just add out-t
. You can start by testing it using your command.ansible-playbook -u $LOGIN -i "$SERVER_IP," --extra-vars "ansible_sudo_pass=$SUDO_PASSWORD ansible_ssh_common_args=' -C -o ControlMaster=auto -o ControlPersist=60s -t'" playbook.yml
The easiest method to avoid messing with passwords in an automated filetransfer/sync is to setup an account on the remote machine with SSH publickey based access. (Plenty of howto’s available on how to set this up.)
If you don’t want to allow publickey based access permanently you can also use Ansible to store the pubkey into the destination before the transfer and remove the (key) file after.
If you don’t want to setup another account for this you might be able to piggybag on the Ansible account to do this. Usually this account is already using keybased SSH logins.
Once this has been setup, you can synchronice/rsync without issues.
An alternative (and even faster method) is using a git to pull the files from the repo on the remote machine.