Ansible version: 2.1.0.0
Platform : Centos 7.2 / RHEL 7.2
Hey everyone,
my first post to this group. I am very new to Ansible, so expect to be
doing something foolish. I have RTFM'd and googled and phoned a friend and
.. well you get the idea, I'll try not to waste everyone time.
So I want to do something simple. Specifically replace some text in
etc/yum.conf
This is part of my play-book :-
- name: Replace the proxy= line in /etc/yum.conf
lineinfile:
dest: /etc/yum.conf
state: present
create: yes
mode: 0644
group: root
owner: root
regexp: "proxy="
line: "proxy={{ cntlm_http_proxy }}"
tags: [cntlm]
That works just fine when executing locally, but when I point to a remote
host, the task 'hangs' indefinitelyt and when I kill it, the remote host
has become unavailable (i.e. I need to shut it down and restart, a reboot
is not enough). Interestingly the change *does* appear to be applied, its
just I can't get any further in the playbook on this run at least.
The remote host is an AWS EC2 instance which I SSH into using a private key
file using this setting in ansible.cfg (or I can override in host variables
and other places) :-
private_key_file = /path-to-my-private-keypair-file.pem
I am using the standard remote user for EC2 (which has sudo access) :-
remote_user = ec2-user
and I am also using various privilege escalation settings :-
[privilege_escalation]
become=yes
become_method=sudo
become_user=root
I think the sudo stuff is working correctly, evidenced by a couple of
things. First using -vvvv I can see BECOME-SUCCESS in the output :-
<10.64.29.128> ESTABLISH SSH CONNECTION FOR USER: ec2-user
<10.64.29.128> SSH: EXEC ssh -C -vvv -o ControlMaster=auto -o
ControlPersist=60s -o
'IdentityFile="/home/vagrant/docker_host_base_rhel_digital.pem"' -o KbdInter
activeAuthentication=no -o
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o User=ec2-user -o ConnectTim
eout=10 -o ControlPath=/home/vagrant/.ansible/cp/ansible-ssh-%h-%p-%r -tt
10.64.29.128 '/bin/sh -c '"'"'sudo -H -S -n -u root /bin/sh -c
'"'"'"'"'"'"'"'"'echo B
ECOME-SUCCESS-cwfyzskesygnemhjjcknitvedjauarjx; LANG=en_US.UTF-8
LC_ALL=en_US.UTF-8 LC_MESSAGES=en_US.UTF-8 /usr/bin/python
/home/ec2-user/.ansible/tmp/ansible-
tmp-1465484583.17-135618197775808/blockinfile; rm -rf
"/home/ec2-user/.ansible/tmp/ansible-tmp-1465484583.17-135618197775808/" >
/dev/null 2>&1'"'"'"'"'"'"'"'"'
&& sleep 0'"'"''
♥ [ERROR]: User interrupted execution
and secondly, if I substitute the lineinfile module with a simple shell
command such as 'sed' (who needs idempotence .. ok, yeah I do) that works
quite happily and of course it too needs sudo access to edit the file :-
<10.64.29.128> ESTABLISH SSH CONNECTION FOR USER: ec2-user
<10.64.29.128> SSH: EXEC ssh -C -vvv -o ControlMaster=auto -o
ControlPersist=60s -o
'IdentityFile="/home/vagrant/docker_host_base_rhel_digital.pem"' -o KbdInter
activeAuthentication=no -o
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o User=ec2-user -o ConnectTim
eout=10 -o ControlPath=/home/vagrant/.ansible/cp/ansible-ssh-%h-%p-%r
10.64.29.128 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo
$HOME/.ansible/tmp/ansible-tm
p-1465484581.26-194884726770556 `" && echo
ansible-tmp-1465484581.26-194884726770556="` echo
$HOME/.ansible/tmp/ansible-tmp-1465484581.26-194884726770556 `" ) &
& sleep 0'"'"''
<10.64.29.128> PUT /tmp/tmptGNPYB TO
/home/ec2-user/.ansible/tmp/ansible-tmp-1465484581.26-194884726770556/command
<10.64.29.128> SSH: EXEC sftp -b - -C -vvv -o ControlMaster=auto -o
ControlPersist=60s -o
'IdentityFile="/home/vagrant/docker_host_base_rhel_digital.pem"' -o Kb
dInteractiveAuthentication=no -o
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o User=ec2-user -o Conn
ectTimeout=10 -o ControlPath=/home/vagrant/.ansible/cp/ansible-ssh-%h-%p-%r
'[10.64.29.128]'
<10.64.29.128> ESTABLISH SSH CONNECTION FOR USER: ec2-user
<10.64.29.128> SSH: EXEC ssh -C -vvv -o ControlMaster=auto -o
ControlPersist=60s -o
'IdentityFile="/home/vagrant/docker_host_base_rhel_digital.pem"' -o KbdInter
activeAuthentication=no -o
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o User=ec2-user -o ConnectTim
eout=10 -o ControlPath=/home/vagrant/.ansible/cp/ansible-ssh-%h-%p-%r -tt
10.64.29.128 '/bin/sh -c '"'"'sudo -H -S -n -u root /bin/sh -c
'"'"'"'"'"'"'"'"'echo B
ECOME-SUCCESS-snenagxqgfhxlrqldymhqaohlhntrwkn; LANG=en_US.UTF-8
LC_ALL=en_US.UTF-8 LC_MESSAGES=en_US.UTF-8 /usr/bin/python
/home/ec2-user/.ansible/tmp/ansible-
tmp-1465484581.26-194884726770556/command; rm -rf
"/home/ec2-user/.ansible/tmp/ansible-tmp-1465484581.26-194884726770556/" >
/dev/null 2>&1'"'"'"'"'"'"'"'"' &&
sleep 0'"'"''
changed: [10.64.29.128] => {"changed": true, "cmd": "sed -i -e
's/uknp-obproxy.avivaaws.com:80/localhost:3128/g' /etc/yum.conf", "delta":
"0:00:00.006189", "end
": "2016-06-09 16:03:01.987442", "invocation": {"module_args":
{"_raw_params": "sed -i -e
's/uknp-obproxy.avivaaws.com:80/localhost:3128/g' /etc/yum.conf", "_us
es_shell": true, "chdir": null, "creates": null, "executable": null,
"removes": null, "warn": true}, "module_name": "command"}, "rc": 0,
"start": "2016-06-09 16
:03:01.981253", "stderr": "", "stdout": "", "stdout_lines": [], "warnings":
["Consider using template or lineinfile module rather than running sed"]}
[WARNING]: Consider using template or lineinfile module rather than
running sed
Other modules used in the same playbook that also need sudo work OK. The
only two that I've come across thus far that cause this problem are
lineinefile and blockinfile. Same behaviour in both cases.
Just in case you were wondering, sudoers contains this :-
ec2-user ALL=(ALL) NOPASSWD: ALL
Any ideas what else I can check/try (I'm sure its something that I'm
stupidly missing).
Note I have played around (a lot) with switching between the 'become' set
of properties (which I prefer to use .. so I don't see that annoying
deprecation notice) and the sudo ones (i.e. sudo = True and sudo_user=root)
but neither work.
Any suggestion much appreciated
Kind Regards
Fraser.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/3f4b18be-d310-4da6-bbb4-298e8e6f962f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
