Question 224942 in Debian Question posted in
The oficial documentation can be found here.

Debian – ansible rsync with sudo passworded on remote host

Im trying to use synchronize with ansible and it uses rsync.

I have this task :

- name: Synchronization of src on the control machine to dest on the remote hosts become: yes ansible.posix.synchronize: src: ./ dest: "{{ var_app_path }}/"

I get this error :

fatal: [ip_adress]: FAILED! => {"changed": false, "cmd": "/usr/bin/rsync --delay-updates -F --compress --archive --rsh=/usr/bin/ssh -S none -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null --rsync-path=sudo rsync --out-format=<<CHANGED>>%i %n%L /builds/nickname/spa2023/ debian@ip_adress:/app/", "msg": "Warning: Permanently added 'ip_adress' (ECDSA) to the list of known hosts.rnsudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helpernsudo: a password is requirednrsync: connection unexpectedly closed (0 bytes received so far) [sender]nrsync error: error in rsync protocol data stream (code 12) at io.c(228) [sender=3.2.3]n", "rc": 12}

Apparently, the command asks for a password but doesnt get the terminal to give the sudo password?

How do you resolve this? I am now using copy which is very very slow.

The command is run in a pipeline ci/cid:

ansible-playbook -u $LOGIN -i "$SERVER_IP," –extra-vars
"ansible_sudo_pass=$SUDO_PASSWORD" playbook.yml

Thank you

I have tried to run manully with ask-become

Tags:

2

Answers


  1. 0

    So you could try to force the terminal.

    As can be seen in the SSH man page:

    -t Force pseudo-terminal allocation. This can be used to
    execute arbitrary screen-based programs on a remote
    machine, which can be very useful, e.g. when implementing
    menu services. Multiple -t options force tty allocation,
    even if ssh has no local tty.

    The way to apply that on an Ansible SSH connection is managed in ansible.builtin.ssh_connection.
    We can use the ssh_args option. It’s default is ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s so let’s just add out -t. You can start by testing it using your command.

    ansible-playbook -u $LOGIN -i "$SERVER_IP," --extra-vars "ansible_sudo_pass=$SUDO_PASSWORD ansible_ssh_common_args=' -C -o ControlMaster=auto -o ControlPersist=60s -t'" playbook.yml

    Login or Signup to reply.
  2. 0

    The easiest method to avoid messing with passwords in an automated filetransfer/sync is to setup an account on the remote machine with SSH publickey based access. (Plenty of howto’s available on how to set this up.)

    If you don’t want to allow publickey based access permanently you can also use Ansible to store the pubkey into the destination before the transfer and remove the (key) file after.

    If you don’t want to setup another account for this you might be able to piggybag on the Ansible account to do this. Usually this account is already using keybased SSH logins.

    Once this has been setup, you can synchronice/rsync without issues.

    An alternative (and even faster method) is using a git to pull the files from the repo on the remote machine.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search