*Setup Requirements: *local user=goagent1 (ansible kicked off from GoCD),
remote user=myadmin. myadmin is a sudoer.
*Problem: *The playbook seems to stop after ~5 tasks have been executed.
*Details: *I am running locally as goagent. We are using 'become' to gain
sudo access which seems to work for the first several tasks, then stalls
and timeouts. If I re-order the tasks or add new ones, it still runs about
5 tasks then times-out. The below is a very simple example for
demonstration purposes. We are using ansible-vault for encrypting
important data, but that wasn't needed for this example.
Also, I can run the following playbook with my remote user in the remote
sudoers with NOPASSWD and it runs successfully as expected.
$ ansible-playbook -i inventory test.yml
*inventory.yml*
[servers]
172.99.999.99
[all:vars]
ansible_become_pass=bees
*test.yml*
---
- hosts: all
become: yes
remote_user: myadmin
tasks:
- name: test connection
ping:
- name: Install pip
local_action: easy_install name=pip
- name: Install httplib2
local_action: pip name=httplib2
- name: Install Docker service
yum: name=docker-engine state=present
- name: Make Docker Service start at boot time
service: name=docker enabled=yes
- name: Restart Docker service
service: name=docker state=started
- name: Install Docker-py
pip: name=docker-py version=1.7.2
*Results*
$ ansible-playbook -i inventory test.yml
PLAY
***************************************************************************
TASK [setup]
*******************************************************************
ok: [172.99.999.99]
TASK [test connection]
*********************************************************
ok: [172.99.999.99]
TASK [Install pip]
*************************************************************
ok: [172.99.999.99 -> localhost]
TASK [Install httplib2]
********************************************************
ok: [172.99.999.99 -> localhost]
TASK [Install Docker service]
**************************************************
ok: [172.99.999.99]
TASK [Make Docker Service start at boot time]
**********************************
ok: [172.99.999.99]
TASK [Restart Docker service]
**************************************************
ok: [172.99.999.99]
TASK [Install Docker-py]
*******************************************************
fatal: [172.99.999.99]: FAILED! => {"failed": true, "msg": "ERROR! Timeout
(12s) waiting for privilege escalation prompt: "}
PLAY RECAP
*********************************************************************
172.99.999.99 : ok=7 changed=0 unreachable=0 failed=1
Again... if I move the "Install Docker-py" to the top, it will be
successful but then the "Make Docker Service" will fail, because it will be
~ the 5th item in the list.
Here is a more verbose output of the failing task...
TASK [Install Docker-py]
*******************************************************
task path: /var/go/goagent1/test.yml:28
<172.99.999.99> ESTABLISH SSH CONNECTION FOR USER: myadmin
<172.99.999.99> SSH: EXEC ssh -C -q -o ControlMaster=auto -o
ControlPersist=60s -o KbdInteractiveAuthentication=no -o
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o User=myadmin -o ConnectTimeout=10 -o
ControlPath=/var/go/goagent1/.ansible/cp/ansible-ssh-%h-%p-%r -tt
172.99.999.99 '( umask 22 && mkdir -p "$( echo
$HOME/.ansible/tmp/ansible-tmp-1456349404.79-52370618484737 )" && echo "$(
echo $HOME/.ansible/tmp/ansible-tmp-1456349404.79-52370618484737 )" )'
<172.99.999.99> PUT /tmp/tmpuo8lhl TO
/home/myadmin/.ansible/tmp/ansible-tmp-1456349404.79-52370618484737/pip
<172.99.999.99> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o
ControlPersist=60s -o KbdInteractiveAuthentication=no -o
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o User=myadmin -o ConnectTimeout=10 -o
ControlPath=/var/go/goagent1/.ansible/cp/ansible-ssh-%h-%p-%r
'[172.99.999.99]'
<172.99.999.99> ESTABLISH SSH CONNECTION FOR USER: myadmin
<172.99.999.99> SSH: EXEC ssh -C -q -o ControlMaster=auto -o
ControlPersist=60s -o KbdInteractiveAuthentication=no -o
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o User=myadmin -o ConnectTimeout=10 -o
ControlPath=/var/go/goagent1/.ansible/cp/ansible-ssh-%h-%p-%r -tt
172.99.999.99 '/bin/sh -c '"'"'sudo -H -S -p "[sudo via ansible,
key=vfouorexlwbppfjsnwtyvinismqdsqxw] password: " -u root /bin/sh -c
'"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-vfouorexlwbppfjsnwtyvinismqdsqxw;
LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 LC_MESSAGES=en_US.UTF-8 /usr/bin/python
/home/myadmin/.ansible/tmp/ansible-tmp-1456349404.79-52370618484737/pip; rm
-rf "/home/myadmin/.ansible/tmp/ansible-tmp-1456349404.79-52370618484737/"
> /dev/null 2>&1'"'"'"'"'"'"'"'"''"'"''
fatal: [172.99.999.99]: FAILED! => {"failed": true, "msg": "ERROR! Timeout
(12s) waiting for privilege escalation prompt: "}
PLAY RECAP
*********************************************************************
172.99.999.99 : ok=8 changed=0 unreachable=0 failed=1
I tried commenting out the requiretty in the sudoers and setting
pipelining=True in the ansible.cfg. Still fails. We didn't change any
other default settings in the ansible.cfg. This happens in Ansible 1.9.4
and we recently upgraded to 2.0.0.2 and it's still occurring. What am I
missing? Ugh.
Thanks.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/62fae1db-f7d0-4c7d-b0df-1377be6a1e57%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
