skip to Main Content
TASK [Gathering Facts] *********************************************************
task path: /opt/playbook/site.yml:1
Using module file /usr/local/lib/python3.10/dist-packages/ansible/modules/setup.py
Pipelining is enabled.
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: slurm
<localhost> EXEC /bin/sh -c 'sudo -H -S -n  -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-mvloemssulwwmnnhtatxivyevcbshjsb ; /usr/bin/python3'"'"' && sleep 0'
fatal: [localhost]: FAILED! => {
    "ansible_facts": {},
    "changed": false,
    "failed_modules": {
        "ansible.legacy.setup": {
            "failed": true,
            "module_stderr": "sudo: a password is requiredn",
            "module_stdout": "",
            "msg": "MODULE FAILUREnSee stdout/stderr for the exact error",
            "rc": 1
        }
    },
    "msg": "The following modules failed to execute: ansible.legacy.setupn"
}

A playbook is executed by the slurm user on node startup. However, it fails while gathering facts and I am unsure what the issue is. Apparently something is wrong with sudo. I am looking for ways to debug this more efficiently.

The playbook runs without issues under the regular ubuntu user.

Simplified host File

vpn:
  children:
    master:
      hosts:
        localhost:
          ansible_connection: local
          ansible_python_interpreter: /usr/bin/python3
          ansible_user: ubuntu
          ip: localhost

2

Answers


  1. Chosen as BEST ANSWER

    I was using local in my host file and therefore it was trying to run all scripts within the playbook on the master as the slurm user.

    By changing local to ssh it now connects to the master as the ubuntu user and by that has no privilege issue later on.


  2. @natan — I think it would probably be better if you didn’t try to invoke sudo quite so directly. Also you probably don’t need to be root just to execute setup.

    Here’s what the header looks like in a lot of my playbooks:

    - name: Initial node setup
      hosts: localhost
      connection: local
      gather_facts: yes
    
      tasks:
      - name: Configure the machine...
    

    Key things:

    1. hosts: localhost — this is the only machine you’re working on.
    2. connection: local — avoids using ssh to connect to the machine it’s already executing on anyway.
    3. gather_facts: yes — you can just get your setup facts using this and you shouldn’t need to be root.

    This still leaves the problem of how to become root for subsequent operations.
    Traditionally, connection parameters (including passwords, if unavoidable) have been provided in the inventory file.
    You can set the ansible_become_password in your inventory or in your playbook, but you should never have your password in plain text.
    Then, for tasks that need to be root to succeed, you can use:

    become: yes
    

    I’d recommend this Ansible page for more info: Ansible: Understanding privilege escalation

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search