[ansible-project] apt module fails with non-root sudoer ("Permission denied")

Kevin Jaquier Thu, 15 Oct 2015 08:50:08 -0700

I'm having trouble executing my script from a user with sudo access instead 
of root.


I'm getting "permission denied" errors when playing the playbook, but if I 
execute the commands manually on the server it works just fine.
I did use "become" to execute the tasks with sudo and the right user.

The (relevant part of the) playbook :

---
- hosts: all
  remote_user: "{{ user }}"
  become: yes
  become_user: "{{ user }}"
  become_method: sudo

  tasks:

    - name: Install useful system tools
      apt: name={{ item }} state=present
      with_items:
        - vim
        - nano
        - htop
        - git
        - subversion
        - tig
        - ncdu
        - nodejs-legacy
        - npm
        - mesa-utils

Ansible output :

$ ansible-playbook -K -i test site.yml -vvvv
SUDO password:

PLAY [all] 
********************************************************************

GATHERING FACTS 
***************************************************************
<[the server address]> ESTABLISH CONNECTION FOR USER: [the user name]
<[the server address]> REMOTE_MODULE setup
<[the server address]> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o 
ControlPersist=60s -o 
ControlPath="/home/kevin/.ansible/cp/ansible-ssh-%h-%p-%r" -o 
KbdInteractiveAuthentication=no -o 
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey 
-o PasswordAuthentication=no -o User=[the user name] -o ConnectTimeout=10 
[the server address] /bin/sh -c 'mkdir
 -p /tmp/ansible-tmp-1444921321.94-213782579685333 && chmod a+rx
 /tmp/ansible-tmp-1444921321.94-213782579685333 && echo
/tmp/ansible-tmp-1444921321.94-213782579685333'
<[the server address]> PUT /tmp/tmpk_hOEu TO 
/tmp/ansible-tmp-1444921321.94-213782579685333/setup
<[the server address]> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o 
ControlPersist=60s -o 
ControlPath="/home/kevin/.ansible/cp/ansible-ssh-%h-%p-%r" -o 
KbdInteractiveAuthentication=no -o 
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey 
-o PasswordAuthentication=no -o User=[the user name] -o ConnectTimeout=10 
[the server address] /bin/sh -c 'chmod a+r 
/tmp/ansible-tmp-1444921321.94-213782579685333/setup'
<[the server address]> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o 
ControlPersist=60s -o 
ControlPath="/home/kevin/.ansible/cp/ansible-ssh-%h-%p-%r" -o 
KbdInteractiveAuthentication=no -o 
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey 
-o PasswordAuthentication=no -o User=[the user name] -o ConnectTimeout=10 
[the server address] /bin/sh -c 'sudo
 -k && sudo -H -S -p "[sudo via ansible,
key=upzdhdqqnkqtecoipruvaisazfdvjubv] password: " -u [the user name]
/bin/sh -c '"'"'echo BECOME-SUCCESS-upzdhdqqnkqtecoipruvaisazfdvjubv;
LANG=C LC_CTYPE=C /usr/bin/python
/tmp/ansible-tmp-1444921321.94-213782579685333/setup'"'"''
<[the server address]> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o 
ControlPersist=60s -o 
ControlPath="/home/kevin/.ansible/cp/ansible-ssh-%h-%p-%r" -o 
KbdInteractiveAuthentication=no -o 
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey 
-o PasswordAuthentication=no -o User=[the user name] -o ConnectTimeout=10 
[the server address] /bin/sh -c 'rm -rf 
/tmp/ansible-tmp-1444921321.94-213782579685333/ >/dev/null 2>&1'
ok: [[the server address]]

TASK: [Install useful system tools] 
*******************************************
<[the server address]> ESTABLISH CONNECTION FOR USER: [the user name]
<[the server address]> REMOTE_MODULE apt 
name=vim,nano,htop,git,subversion,tig,ncdu,nodejs-legacy,npm state=present
<[the server address]> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o 
ControlPersist=60s -o 
ControlPath="/home/kevin/.ansible/cp/ansible-ssh-%h-%p-%r" -o 
KbdInteractiveAuthentication=no -o 
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey 
-o PasswordAuthentication=no -o User=[the user name] -o ConnectTimeout=10 
[the server address] /bin/sh -c 'mkdir
 -p /tmp/ansible-tmp-1444921350.8-236765363664782 && chmod a+rx
/tmp/ansible-tmp-1444921350.8-236765363664782 && echo
/tmp/ansible-tmp-1444921350.8-236765363664782'
<[the server address]> PUT /tmp/tmpTE3idg TO 
/tmp/ansible-tmp-1444921350.8-236765363664782/apt
<[the server address]> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o 
ControlPersist=60s -o 
ControlPath="/home/kevin/.ansible/cp/ansible-ssh-%h-%p-%r" -o 
KbdInteractiveAuthentication=no -o 
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey 
-o PasswordAuthentication=no -o User=[the user name] -o ConnectTimeout=10 
[the server address] /bin/sh -c 'chmod a+r 
/tmp/ansible-tmp-1444921350.8-236765363664782/apt'
<[the server address]> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o 
ControlPersist=60s -o 
ControlPath="/home/kevin/.ansible/cp/ansible-ssh-%h-%p-%r" -o 
KbdInteractiveAuthentication=no -o 
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey 
-o PasswordAuthentication=no -o User=[the user name] -o ConnectTimeout=10 
[the server address] /bin/sh -c 'sudo
 -k && sudo -H -S -p "[sudo via ansible,
key=puwtzrscvqsbjbiqrhkjwxdxmszgeduz] password: " -u [the user name]
/bin/sh -c '"'"'echo BECOME-SUCCESS-puwtzrscvqsbjbiqrhkjwxdxmszgeduz;
LANG=C LC_CTYPE=C /usr/bin/python
/tmp/ansible-tmp-1444921350.8-236765363664782/apt'"'"''
<[the server address]> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o 
ControlPersist=60s -o 
ControlPath="/home/kevin/.ansible/cp/ansible-ssh-%h-%p-%r" -o 
KbdInteractiveAuthentication=no -o 
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey 
-o PasswordAuthentication=no -o User=[the user name] -o ConnectTimeout=10 
[the server address] /bin/sh -c 'rm -rf 
/tmp/ansible-tmp-1444921350.8-236765363664782/ >/dev/null 2>&1'
failed: [[the server address]] => 
(item=vim,nano,htop,git,subversion,tig,ncdu,nodejs-legacy,npm,mesa-utils) 
=> {"failed": true, "item": 
"vim,nano,htop,git,subversion,tig,ncdu,nodejs-legacy,npm,mesa-utils"}
stderr: E: Could not open lock file /var/lib/dpkg/lock - open (13: 
Permission denied)
E: Unable to lock the administration directory (/var/lib/dpkg/), are you 
root?

msg: '/usr/bin/apt-get -y -o "Dpkg::Options::=--force-confdef" -o 
"Dpkg::Options::=--force-confold"   install 'htop' 'subversion' 'tig' 
'ncdu' 'nodejs-legacy' 'npm' 'mesa-utils'' failed: E: Could not open lock 
file /var/lib/dpkg/lock - open (13: Permission denied)
E: Unable to lock the administration directory (/var/lib/dpkg/), are you 
root?


FATAL: all hosts have already failed -- aborting
(Note : i'm still providing sudo password for other tasks that also don't 
work without root)

Also relevant :

$ ansible --version
ansible 1.9.4
  configured module search path = None
$ ssh [the user name]@[the server address]
Welcome to Ubuntu 14.04.3 LTS (GNU/Linux 3.19.0-30-generic x86_64)
...
[the user name]@[the server name]:~$ sudo -l
Matching Defaults entries for [the user name] on [the server name]:
    env_reset, mail_badpass, 
secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin, 
env_keep+=SSH_AUTH_SOCK

User [the user name] may run the following commands on vm02:
    (ALL : ALL) ALL
    (ALL : ALL) NOPASSWD: ALL

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/ba1daf32-5080-4fc5-9624-3d6213623c02%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] apt module fails with non-root sudoer ("Permission denied")

Reply via email to