On 2020-06-21, Gregory Edigarov <ediga...@qarea.com> wrote: > Trying to run ansible-playbook with localhost. > Playbook: > > --- > - hosts: localhost > become: true > become_method: doas > > roles: > - wrkstpkgs > > > Expected behaviour - Ansible asks for the become pass only once, then > execution of tasks require no intervention. > Observed behaviour: > > run ansible-playbook: > > ansible-playbook -K site.yml > BECOME password: > [WARNING]: provided hosts list is empty, only localhost is available. > Note that the implicit localhost does not match 'all' > > PLAY [localhost] > ****************************************************************************************************************************************************************************************************************************** > > TASK [Gathering Facts] > ************************************************************************************************************************************************************************************************************************ > doas (g...@lbld12.duckdns.org) password: > ok: [localhost] > > TASK [wrkstpkgs : ensure vital packages are present] > ****************************************************************************************************************************************************************************************** > doas (g...@lbld12.duckdns.org) password: > ok: [localhost] > > TASK [wrkstpkgs : ensure versioned packages are present] > ************************************************************************************************************************************************************************************** > doas (g...@lbld12.duckdns.org) password: > > doas.conf only contains this line: > permit persist greg > > Am I missing anything? Thanks a lot in advance.
I think it's like the problem with using doas in ports. "persist" uses the TIOCSETVERAUTH/TIOCCHKVERAUTH tty(4) ioctls which were added specifically for doas, the authentication can't be passed around very far: TIOCCHKVERAUTH void Check the verified auth status of this session. The calling process must have the same real user ID and parent process as the process which called TIOCSETVERAUTH. A zero return indicates success. Chances are the second doas call does not have the same parent process.