Ansible via Vagrant Provisioner not Working with `become` (or `sudo`)
How can Ansible be used via Vagrant's ansible provider while working with actions that become a superuser? Every attempt I've made so far doesn't work for quite inexplicable reasons.
The scenario is annotating an apt action with become to give it the right permissions. The Ansible invocation, which is triggered with vagrant provision, is SSHing in via the vagrant user (which Vagrant now enforces by default via the ansible provider), a user that has passwordless sudo by default on two base boxes I've tried: ubuntu/trusty64 and debian/stretch64.
Despite passwordless sudo apparently being supported on the underlying VM, this doesn't work and yields the following error:
fatal: [default]: FAILED! => {"changed": false, "module_stderr": "sudo: a password is requiredn", "module_stdout": "", "msg": "MODULE FAILUREnSee stdout/stderr for the exact error", "rc": 1}
As Vagrant boxes use the vagrant/vagrant for username and passwords on boxes by default, I then update the Vagrantfile to ask for a sudo password explicitly:
config.vm.provision "ansible" do |ansible|
ansible.playbook = 'main.yml'
ansible.ask_become_pass = true
Which prompts for a password:
default: Running ansible-playbook...
SUDO password:
However, after entering vagrant it still fails, even though I can use vagrant ssh to enter the VM and confirm this is the correct password:
fatal: [default]: FAILED! => {"changed": false, "module_stderr": "Sorry, try again.n[sudo via ansible, key=XXXXXXXXXXXXXXXXXXX] password: nsudo: 1 incorrect password attemptn", "module_stdout": "", "msg": "MODULE FAILUREnSee stdout/stderr for the exact error", "rc": 1}
Interestingly, the ansible_local provider works fine for the ubuntu/trusty64 box but fails with debian/stretch64 for completely unrelated reasons. So it seems to be specifically to do with the interplay between Vagrant and Ansible over SSH with sudo.
Information on my Vagrant and Ansible installations:
$ ansible --version
ansible 2.7.1
config file = None
configured module search path = ['/Users/XXXXXX/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.7/site-packages/ansible
executable location = /usr/local/bin/ansible
python version = 3.7.1 (default, Nov 6 2018, 18:46:03) [Clang 10.0.0 (clang-1000.11.45.5)]
$ vagrant --version
Vagrant 2.2.2
What is the current recommended reliable way of using Vagrant's ansible provisioner with become? Thanks.
linux sudo vagrant ansible
asked Dec 19 '18 at 15:15
Louis Jackman
1011
add a comment |
How can Ansible be used via Vagrant's ansible provider while working with actions that become a superuser? Every attempt I've made so far doesn't work for quite inexplicable reasons.
The scenario is annotating an apt action with become to give it the right permissions. The Ansible invocation, which is triggered with vagrant provision, is SSHing in via the vagrant user (which Vagrant now enforces by default via the ansible provider), a user that has passwordless sudo by default on two base boxes I've tried: ubuntu/trusty64 and debian/stretch64.
Despite passwordless sudo apparently being supported on the underlying VM, this doesn't work and yields the following error:
fatal: [default]: FAILED! => {"changed": false, "module_stderr": "sudo: a password is requiredn", "module_stdout": "", "msg": "MODULE FAILUREnSee stdout/stderr for the exact error", "rc": 1}
As Vagrant boxes use the vagrant/vagrant for username and passwords on boxes by default, I then update the Vagrantfile to ask for a sudo password explicitly:
config.vm.provision "ansible" do |ansible|
ansible.playbook = 'main.yml'
ansible.ask_become_pass = true
Which prompts for a password:
default: Running ansible-playbook...
SUDO password:
However, after entering vagrant it still fails, even though I can use vagrant ssh to enter the VM and confirm this is the correct password:
fatal: [default]: FAILED! => {"changed": false, "module_stderr": "Sorry, try again.n[sudo via ansible, key=XXXXXXXXXXXXXXXXXXX] password: nsudo: 1 incorrect password attemptn", "module_stdout": "", "msg": "MODULE FAILUREnSee stdout/stderr for the exact error", "rc": 1}
Interestingly, the ansible_local provider works fine for the ubuntu/trusty64 box but fails with debian/stretch64 for completely unrelated reasons. So it seems to be specifically to do with the interplay between Vagrant and Ansible over SSH with sudo.
Information on my Vagrant and Ansible installations:
$ ansible --version
ansible 2.7.1
config file = None
configured module search path = ['/Users/XXXXXX/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.7/site-packages/ansible
executable location = /usr/local/bin/ansible
python version = 3.7.1 (default, Nov 6 2018, 18:46:03) [Clang 10.0.0 (clang-1000.11.45.5)]
$ vagrant --version
Vagrant 2.2.2
What is the current recommended reliable way of using Vagrant's ansible provisioner with become? Thanks.
linux sudo vagrant ansible
asked Dec 19 '18 at 15:15
Louis Jackman
1011
add a comment |
How can Ansible be used via Vagrant's ansible provider while working with actions that become a superuser? Every attempt I've made so far doesn't work for quite inexplicable reasons.
The scenario is annotating an apt action with become to give it the right permissions. The Ansible invocation, which is triggered with vagrant provision, is SSHing in via the vagrant user (which Vagrant now enforces by default via the ansible provider), a user that has passwordless sudo by default on two base boxes I've tried: ubuntu/trusty64 and debian/stretch64.
Despite passwordless sudo apparently being supported on the underlying VM, this doesn't work and yields the following error:
fatal: [default]: FAILED! => {"changed": false, "module_stderr": "sudo: a password is requiredn", "module_stdout": "", "msg": "MODULE FAILUREnSee stdout/stderr for the exact error", "rc": 1}
As Vagrant boxes use the vagrant/vagrant for username and passwords on boxes by default, I then update the Vagrantfile to ask for a sudo password explicitly:
config.vm.provision "ansible" do |ansible|
ansible.playbook = 'main.yml'
ansible.ask_become_pass = true
Which prompts for a password:
default: Running ansible-playbook...
SUDO password:
However, after entering vagrant it still fails, even though I can use vagrant ssh to enter the VM and confirm this is the correct password:
fatal: [default]: FAILED! => {"changed": false, "module_stderr": "Sorry, try again.n[sudo via ansible, key=XXXXXXXXXXXXXXXXXXX] password: nsudo: 1 incorrect password attemptn", "module_stdout": "", "msg": "MODULE FAILUREnSee stdout/stderr for the exact error", "rc": 1}
Interestingly, the ansible_local provider works fine for the ubuntu/trusty64 box but fails with debian/stretch64 for completely unrelated reasons. So it seems to be specifically to do with the interplay between Vagrant and Ansible over SSH with sudo.
Information on my Vagrant and Ansible installations:
$ ansible --version
ansible 2.7.1
config file = None
configured module search path = ['/Users/XXXXXX/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.7/site-packages/ansible
executable location = /usr/local/bin/ansible
python version = 3.7.1 (default, Nov 6 2018, 18:46:03) [Clang 10.0.0 (clang-1000.11.45.5)]
$ vagrant --version
Vagrant 2.2.2
What is the current recommended reliable way of using Vagrant's ansible provisioner with become? Thanks.
linux sudo vagrant ansible
asked Dec 19 '18 at 15:15
Louis Jackman
1011
How can Ansible be used via Vagrant's ansible provider while working with actions that become a superuser? Every attempt I've made so far doesn't work for quite inexplicable reasons.
The scenario is annotating an apt action with become to give it the right permissions. The Ansible invocation, which is triggered with vagrant provision, is SSHing in via the vagrant user (which Vagrant now enforces by default via the ansible provider), a user that has passwordless sudo by default on two base boxes I've tried: ubuntu/trusty64 and debian/stretch64.
Despite passwordless sudo apparently being supported on the underlying VM, this doesn't work and yields the following error:
fatal: [default]: FAILED! => {"changed": false, "module_stderr": "sudo: a password is requiredn", "module_stdout": "", "msg": "MODULE FAILUREnSee stdout/stderr for the exact error", "rc": 1}
As Vagrant boxes use the vagrant/vagrant for username and passwords on boxes by default, I then update the Vagrantfile to ask for a sudo password explicitly:
config.vm.provision "ansible" do |ansible|
ansible.playbook = 'main.yml'
ansible.ask_become_pass = true
Which prompts for a password:
default: Running ansible-playbook...
SUDO password:
However, after entering vagrant it still fails, even though I can use vagrant ssh to enter the VM and confirm this is the correct password:
fatal: [default]: FAILED! => {"changed": false, "module_stderr": "Sorry, try again.n[sudo via ansible, key=XXXXXXXXXXXXXXXXXXX] password: nsudo: 1 incorrect password attemptn", "module_stdout": "", "msg": "MODULE FAILUREnSee stdout/stderr for the exact error", "rc": 1}
Interestingly, the ansible_local provider works fine for the ubuntu/trusty64 box but fails with debian/stretch64 for completely unrelated reasons. So it seems to be specifically to do with the interplay between Vagrant and Ansible over SSH with sudo.
Information on my Vagrant and Ansible installations:
$ ansible --version
ansible 2.7.1
config file = None
configured module search path = ['/Users/XXXXXX/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.7/site-packages/ansible
executable location = /usr/local/bin/ansible
python version = 3.7.1 (default, Nov 6 2018, 18:46:03) [Clang 10.0.0 (clang-1000.11.45.5)]
$ vagrant --version
Vagrant 2.2.2
What is the current recommended reliable way of using Vagrant's ansible provisioner with become? Thanks.
linux sudo vagrant ansible
linux sudo vagrant ansible
asked Dec 19 '18 at 15:15
Louis Jackman
1011
asked Dec 19 '18 at 15:15
Louis Jackman
1011
asked Dec 19 '18 at 15:15
Louis Jackman
1011
asked Dec 19 '18 at 15:15
Louis Jackman
1011
asked Dec 19 '18 at 15:15
Louis Jackman
1011
1011
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1385947%2fansible-via-vagrant-provisioner-not-working-with-become-or-sudo%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1385947%2fansible-via-vagrant-provisioner-not-working-with-become-or-sudo%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
