Hi guys, I have two different versions of ansible in my systems. One of them is ansible 1.2 and the other one is 1.4.1. (I'm trying to update the systems from 1.2 to 1.4)
I'm using a private key and certificates in order to get ansible sudocommands running without passwords. When I run the same command in both installations the system whose ansibleversion is 1.4 doesn't work. The command hangs The ansible command I'm running is: ansible XXX.XXX.XXX.XXX -vvv -s -m shell -a "uptime" Command with ansible 1.2 <XXX.XXX.XXX.XXX> ESTABLISH CONNECTION FOR USER: myuser <XXX.XXX.XXX.XXX> EXEC ['ssh', '-tt', '-q', '-o', 'StrictHostKeyChecking=no', '-o', 'PasswordAuthentication=no', '-o', 'StrictHostKeyChecking=no', '-o', 'Port=22', '-o', 'IdentityFile=mycert.pem', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PasswordAuthentication=no', '-o', 'ConnectTimeout=10', 'XXX.XXX.XXX.XXX', "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-1387539732.06-150122069933302 && chmod a+rx $HOME/.ansible/tmp/ansible-1387539732.06-150122069933302 && echo $HOME/.ansible/tmp/ansible-1387539732.06-150122069933302'"] <XXX.XXX.XXX.XXX> REMOTE_MODULE command uptime #USE_SHELL <XXX.XXX.XXX.XXX> PUT /tmp/tmpf1tkYz TO /home/myuser/.ansible/tmp/ansible -1387539732.06-150122069933302/command <XXX.XXX.XXX.XXX> EXEC ['ssh', '-tt', '-q', '-o', 'StrictHostKeyChecking=no', '-o', 'PasswordAuthentication=no', '-o', 'StrictHostKeyChecking=no', '-o', 'Port=22', '-o', 'IdentityFile=mycert.pem', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PasswordAuthentication=no', '-o', 'ConnectTimeout=10', 'XXX.XXX.XXX.XXX', '/bin/sh -c \'sudo -k && sudo -H -S -p "[sudo via ansible,key=gfgeicunrdbbmktjrauegdbvbdjdazhc] password: " -u root /bin/sh -c \'"\'"\'/usr/bin/python /home/myuser/.ansible/tmp/ansible-1387539732.06-150122069933302/command; rm-rf /home/myuser/.ansible/tmp/ansible-1387539732.06-150122069933302/ >/dev/null 2>&1\'"\'"\'\''] XXX.XXX.XXX.XXX | success | rc=0 >> 12:42:12 up 25 min, 4 users, load average: 0.00, 0.02, 0.07 The same command with ansible 1.4.1: <XXX.XXX.XXX.XXX> ESTABLISH CONNECTION FOR USER: myuser <XXX.XXX.XXX.XXX> EXEC ['ssh', '-tt', '-vvv', '-o', 'StrictHostKeyChecking=no', '-o', 'PasswordAuthentication=no', '-o', 'StrictHostKeyChecking=no', '-o', 'Port=22', '-o', 'IdentityFile=mycert.pem', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', 'ConnectTimeout=10', 'XXX.XXX.XXX.XXX', "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-1387539725.72-214926055344642 && chmod a+rx $HOME/.ansible/tmp/ansible-1387539725.72-214926055344642 && echo $HOME/.ansible/tmp/ansible-1387539725.72-214926055344642'"] <XXX.XXX.XXX.XXX> REMOTE_MODULE command uptime #USE_SHELL <XXX.XXX.XXX.XXX> PUT /tmp/tmp6B6Ewf TO /home/myuser/.ansible/tmp/ansible -1387539725.72-214926055344642/command <XXX.XXX.XXX.XXX> EXEC ['ssh', '-tt', '-vvv', '-o', 'StrictHostKeyChecking=no', '-o', 'PasswordAuthentication=no', '-o', 'StrictHostKeyChecking=no', '-o', 'Port=22', '-o', 'IdentityFile=mycert.pem', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', 'ConnectTimeout=10', 'XXX.XXX.XXX.XXX', '/bin/sh -c \'sudo -k && sudo -H -S -p "[sudo via ansible, key=pgsdnkquhwjufslqsipwaonzwmgwahog] password: " -u root /bin/sh -c \'"\'"\'echo SUDO-SUCCESS-pgsdnkquhwjufslqsipwaonzwmgwahog; /usr/bin/python /home/myuser/.ansible/tmp/ansible-1387539725.72-214926055344642/command; rm-rf /home/myuser/.ansible/tmp/ansible-1387539725.72-214926055344642/ >/dev/null 2>&1\'"\'"\'\''] Command hangs Looking in both logs I've found that the command are differents: '/bin/sh -c \'sudo -k && sudo -H -S -p "[sudo via ansible, key=gfgeicunrdbbmktjrauegdbvbdjdazhc] password: " -u root /bin/sh -c \'"\'"\'/usr/bin/python /home/myuser/.ansible/tmp/ansible-1387539732.06-150122069933302/command; rm -rf /home/myuser/.ansible/tmp/ansible-1387539732.06-150122069933302/ >/dev/null 2>&1\'"\'"\'\'' '/bin/sh -c \'sudo -k && sudo -H -S -p "[sudo via ansible, key=pgsdnkquhwjufslqsipwaonzwmgwahog] password: " -u root /bin/sh -c \'"\'"\'*echo SUDO-SUCCESS-pgsdnkquhwjufslqsipwaonzwmgwahog; */usr/bin/python /home/myuser/.ansible/tmp/ansible-1387539725.72-214926055344642/command; rm -rf /home/myuser/.ansible/tmp/ansible-1387539725.72-214926055344642/ >/dev/null 2>&1\'"\'"\'\'' How can I solve this issue? I think maybe this is an issue in the make_sudo_cmd (https://github.com/ansible/ansible/commit/ea2ec6237aa97e6c434ccf4af124f0632747ef06) or maybe I should change something in my configuration. My ansible configuration is: *# config file for ansible -- http://ansible.github.com* *# nearly all parameters can be overridden in ansible-playbook or with command line flags* *# ansible will read ~/.ansible.cfg or /etc/ansible/ansible.cfg, whichever it finds first* *[defaults]* *# location of inventory file, eliminates need to specify -i* *hostfile = /etc/ansible/hosts* *host_key_checking = False* *# location of ansible library, eliminates need to specify --module-path* *library = /path/to/my/library* *# default module name used in /usr/bin/ansible when -m is not specified* *module_name = command* *# home directory where temp files are stored on remote systems. Should* *# almost always contain $HOME or be a directory writeable by all users* *remote_tmp = $HOME/.ansible/tmp* *# the default pattern for ansible-playbooks ("hosts:")* *pattern = ** *# the default number of forks (parallelism) to be used. Usually you* *# can crank this up.* *forks=1* *# the timeout used by various connection types. Usually this corresponds* *# to an SSH timeout* *# A bug in ansible leads to failures when this option is active.* *# Keep it commented until ansible devs fix it.* *# timeout=5* *# when using --poll or "poll:" in an ansible playbook, and not specifying* *# an explicit poll interval, use this interval* *poll_interval=15* *# when specifying --sudo to /usr/bin/ansible or "sudo:" in a playbook,* *# and not specifying "--sudo-user" or "sudo_user" respectively, sudo* *# to this user account* *sudo_user=root* *# the following forces ansible to always ask for the sudo password (instead of having* *# to add -K to the commandline). Or you can use the environment variable (ANSIBLE_ASK_SUDO_PASS)* *ask_sudo_pass=False* *# the following forces ansible to always ask for the ssh-password (-k)* *# can also be set by the environment variable ANSIBLE_ASK_PASS* *#ask_pass=True* *# connection to use when -c <connection_type> is not specified* *transport=ssh* *# remote SSH port to be used when --port or "port:" or an equivalent inventory* *# variable is not specified.* *remote_port=22* *# if set, always run /usr/bin/ansible commands as this user, and assume this value* *# if "user:" is not set in a playbook. If not set, use the current Unix user* *# as the default* *remote_user=myuser* *# the default sudo executable. If a sudo alternative with a sudo-compatible interface* *# is used, specify its executable name as the default* *sudo_exe=sudo* *# the default flags passed to sudo* *# sudo_flags=-H* *# how to handle hash defined in several places* *# hash can be merged, or replaced* *# if you use replace, and have multiple hashes named 'x', the last defined* *# will override the previously defined one* *# if you use merge here, hash will cumulate their keys, but keys will still* *# override each other* *# replace is the default value, and is how ansible always handled hash variables* *#* *# hash_behaviour=replace* *# if you need to use jinja2 extensions, you can list them here* *# use a coma to separate extensions, e.g. :* *# jinja2_extensions=jinja2.ext.do,jinja2.ext.i18n* *# no extensions are loaded by default* *#jinja2_extensions=* *# if set, always use this private key file for authentication, same as if passing* *# --private-key to ansible or ansible-playbook* *private_key_file=mycert.pem* *# format of string $ansible_managed available within Jinja2 templates, replacing* *# {file}, {host} and {uid} with template filename, host and owner respectively.* *# The resulting string is passed through strftime(3) so it may contain any* *# time-formatting specifiers.* *#* *# Example: ansible_managed = DONT TOUCH {file}: call {uid} at {host} for changes* *ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host}* *# additional plugin paths for non-core plugins* *action_plugins = /usr/share/ansible_plugins/action_plugins* *callback_plugins = /usr/share/ansible_plugins/callback_plugins* *connection_plugins = /usr/share/ansible_plugins/connection_plugins* *lookup_plugins = /usr/share/ansible_plugins/lookup_plugins* *vars_plugins = /usr/share/ansible_plugins/vars_plugins* *filter_plugins = /usr/share/ansible_plugins/filter_plugins* *[paramiko_connection]* *# nothing to configure yet* *[ssh_connection]* *# if uncommented, sets the ansible ssh arguments to the following. Leaving off ControlPersist* *# will result in poor performance, so use transport=paramiko on older platforms rather than* *# removing it* *ssh_args=-o StrictHostKeyChecking=no -o PasswordAuthentication=no* *# the following makes ansible use scp if the connection type is ssh (default is sftp)* *#scp_if_ssh=True* Thanks in advance. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
