solved! At the end it was something simple (isn't it always...) On the client machines, /etc/sudoers had this fateful line:
Defaults requiretty That has been commented out. And no issues. But I feel ambivalent about the security side of things. Is there no way for ansible to log with a tty??? On Friday, 21 March 2014 08:45:40 UTC, Makimoto Marakatti wrote: > > Same result unfortunately. :( > paramiko is a no go for me though, as I've got a number of boxes behind a > jumpbox. And I use ssh config to get direct access to those. > I'll try to think out of the box and see what happens... > > On Thursday, 20 March 2014 18:30:50 UTC, Makimoto Marakatti wrote: >> >> that's a good point. haven't tried. >> Will try tomorrow at work and report back. >> >> thanks! >> >> On Thursday, 20 March 2014 17:58:45 UTC, James Cammarata wrote: >>> >>> I see you've set you're setting the transport to ssh rather than smart, >>> when you're using EL 5/6, does the same issue occur if you set the >>> transport to paramiko or smart? >>> >>> >>> On Thu, Mar 20, 2014 at 11:25 AM, Makimoto Marakatti >>> <[email protected]>wrote: >>> >>>> Hi >>>> >>>> Last working one was 1.5.1. >>>> And yes few changes to the cfg. Here the comments stripped version: >>>> >>>> [defaults] >>>> hostfile = /ansible/etc/hosts >>>> library = /usr/share/ansible >>>> remote_tmp = /tmp >>>> pattern = * >>>> forks = 5 >>>> poll_interval = 15 >>>> sudo_user = root >>>> transport = ssh >>>> remote_port = 22 >>>> connection = ssh >>>> timeout = 30 >>>> log_path = /ansible/log/ansible.log >>>> ansible_managed = Mantained by Ansible. Please refer to {host} to make >>>> changes in {file}. Direct edits to this file WILL BE overwritten. >>>> display_skipped_hosts = True >>>> error_on_undefined_vars = True >>>> action_plugins = /usr/share/ansible_plugins/action_plugins >>>> callback_plugins = /usr/share/ansible_plugins/callback_plugins >>>> connection_plugins = /usr/share/ansible_plugins/connection_plugins >>>> lookup_plugins = /usr/share/ansible_plugins/lookup_plugins >>>> vars_plugins = /usr/share/ansible_plugins/vars_plugins >>>> filter_plugins = /usr/share/ansible_plugins/filter_plugins >>>> [paramiko_connection] >>>> [ssh_connection] >>>> ssh_args = -o PasswordAuthentication=no -o ControlMaster=auto -o >>>> ControlPath=~/tmp/ansible-ssh-%h-%p-%r >>>> scp_if_ssh = True >>>> [accelerate] >>>> >>>> Normally pipelining is there also, but I just disabled it per advice on >>>> this thread. >>>> >>>> >>>> >>>> On Thursday, 20 March 2014 15:49:21 UTC, James Cammarata wrote: >>>> >>>>> What was the last official release that worked for you? Also, are >>>>> there any other ansible.cfg settings you've changed from their defaults? >>>>> >>>>> >>>>> On Thu, Mar 20, 2014 at 10:11 AM, Makimoto Marakatti < >>>>> [email protected]> wrote: >>>>> >>>>>> By the way, I did forget to mention that I tried to give a >>>>>> passwordless sudo access to the 'ansible' user. >>>>>> And did not work. Got the same output. >>>>>> Which leads me to think that sudo does not get called properly. >>>>>> Just speculating thou.... >>>>>> >>>>>> >>>>>> On Thursday, 20 March 2014 14:35:19 UTC, Makimoto Marakatti wrote: >>>>>>> >>>>>>> For the record I do have this on ansible.cfg: >>>>>>> >>>>>>> remote_tmp = /tmp >>>>>>> >>>>>>> >>>>>>> On Thursday, 20 March 2014 14:34:06 UTC, Makimoto Marakatti wrote: >>>>>>>> >>>>>>>> Hi >>>>>>>> >>>>>>>> Pipelining is most definitely on. The speed advantage is great. I >>>>>>>> tried disabling it and see, but the end result is the same. >>>>>>>> >>>>>>>> with pipelining on: >>>>>>>> >>>>>>>> $ ansible commando -sKom ping -vvvv >>>>>>>> >>>>>>>> sudo password: >>>>>>>> <commando> ESTABLISH CONNECTION FOR USER: ansible >>>>>>>> <commando> REMOTE_MODULE ping >>>>>>>> <commando> EXEC ['ssh', '-C', '-vvv', '-o', >>>>>>>> 'PasswordAuthentication=no', '-o', 'ControlMaster=auto', '-o', >>>>>>>> 'ControlPath=~/tmp/ansible-ssh-%h-%p-%r', '-o', 'Port=22', '-o', >>>>>>>> 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications= >>>>>>>> gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', >>>>>>>> 'PasswordAuthentication=no', '-o', 'ConnectTimeout=30', 'commando', >>>>>>>> '/bin/sh >>>>>>>> -c \'sudo -k && sudo -H -S -p "[sudo via ansible, key= >>>>>>>> eitjzleioedwxwlkwhlcyyraqeqvqzxk] password: " -u root /bin/sh -c >>>>>>>> \'"\'"\'echo SUDO-SUCCESS-eitjzleioedwxwlkwhlcyyraqeqvqzxk; >>>>>>>> /usr/bin/python\'"\'"\'\''] >>>>>>>> EXEC previous known host file not found for commando >>>>>>>> commando | FAILED => ssh connection closed waiting for sudo or su >>>>>>>> password prompt >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> without pipelining: >>>>>>>> >>>>>>>> $ ansible commando -sKom ping -vvvvv >>>>>>>> sudo password: >>>>>>>> <commando> ESTABLISH CONNECTION FOR USER: ansible >>>>>>>> <commando> REMOTE_MODULE ping >>>>>>>> <commando> EXEC ['ssh', '-C', '-tt', '-vvv', '-o', >>>>>>>> 'PasswordAuthentication=no', '-o', 'ControlMaster=auto', '-o', >>>>>>>> 'ControlPath=~/tmp/ansible-ssh-%h-%p-%r', '-o', 'Port=22', '-o', >>>>>>>> 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications= >>>>>>>> gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', >>>>>>>> 'PasswordAuthentication=no', '-o', 'ConnectTimeout=30', 'commando', >>>>>>>> "/bin/sh >>>>>>>> -c 'mkdir -p /tmp/ansible-tmp-1395325848.27-139028944178673 && >>>>>>>> chmod a+rx /tmp/ansible-tmp-1395325848.27-139028944178673 && echo >>>>>>>> /tmp/ansible-tmp-1395325848.27-139028944178673'"] >>>>>>>> EXEC previous known host file not found for commando >>>>>>>> commando | FAILED => Authentication or permission failure. Insome >>>>>>>> cases >>>>>>>> , you may have been able to authenticate and did not have >>>>>>>> permissions on the remote directory. Consider changing the remote >>>>>>>> temp path in ansible.cfg to a path rooted in "/tmp". Failedcommand was >>>>>>>> : mkdir -p /tmp/ansible-tmp-1395325848.27-139028944178673 && chmod >>>>>>>> a+rx /tmp/ansible-tmp-1395325848.27-139028944178673 && echo /tmp/ >>>>>>>> ansible-tmp-1395325848.27-139028944178673, exited with result 1:mkdir >>>>>>>> : cannot create directory >>>>>>>> `/tmp/ansible-tmp-1395325848.27-139028944178673': >>>>>>>> Permission denied >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Thursday, 20 March 2014 14:29:07 UTC, Matt Martz wrote: >>>>>>>>> >>>>>>>>> Makimoto, >>>>>>>>> >>>>>>>>> Have you enabled 'pipelining = True' in your ansible.cfg file? >>>>>>>>> >>>>>>>>> If so, this is potentially the cause. Regardless, it would be >>>>>>>>> nice to see the output of ansible -vvvv as that would help identify >>>>>>>>> if >>>>>>>>> pipelining is being used or not, or any other potential issues. >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Matt Martz >>>>>>>>> [email protected] >>>>>>>>> >>>>>>>>> On March 20, 2014 at 9:05:26 AM, Makimoto Marakatti ( >>>>>>>>> [email protected]) wrote: >>>>>>>>> >>>>>>>>> >>>>>>>>> Hi all >>>>>>>>> >>>>>>>>> I had few sudo issues in the past, and those got solved. Now after >>>>>>>>> updating to latest release (1.5.3) the problem has resurfaced again. >>>>>>>>> My master box has an ansible user. Which connects through ssh >>>>>>>>> certs and has sudo rights to root on each of the remote boxes. >>>>>>>>> I've got 62 boxes that are failing if I sudo to them with ansible. >>>>>>>>> Those 62 are a mixture to rhel/centos 5.?/6.? 32/64. Nothing in >>>>>>>>> common. >>>>>>>>> Examples below are shown using a single box. >>>>>>>>> >>>>>>>>> So if I do not use sudo, it works: >>>>>>>>> >>>>>>>>> $ ansible commando -om ping >>>>>>>>> commando | success >> {"changed": false, "ping": "pong"} >>>>>>>>> >>>>>>>>> Now with sudo: >>>>>>>>> >>>>>>>>> $ ansible commando -sKom ping >>>>>>>>> sudo password: >>>>>>>>> commando | FAILED => ssh connection closed waiting for sudo or su >>>>>>>>> password prompt >>>>>>>>> >>>>>>>>> and yet: >>>>>>>>> >>>>>>>>> $ ssh commando >>>>>>>>> Last login: Thu Mar 20 12:02:12 2014 from ansible_master.passmark. >>>>>>>>> net >>>>>>>>> [ansible@commando ~]$ sudo su - >>>>>>>>> [sudo] password for ansible: >>>>>>>>> [root@commando ~]# id >>>>>>>>> uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4( >>>>>>>>> adm),6(disk),10(wheel) >>>>>>>>> >>>>>>>>> I actually updated to dev as I was told that my previous sudo >>>>>>>>> issues had been solved in the dev branch. Unfortunately no >>>>>>>>> difference. (It >>>>>>>>> got rid of the nagging "previous host file not found" message thou) >>>>>>>>> >>>>>>>>> Any help to try to clear this issue for once and for all would be >>>>>>>>> very welcome indeed. >>>>>>>>> >>>>>>>>> Thanks >>>>>>>>> >>>>>>>>> -- >>>>>>>>> You received this message because you are subscribed to the Google >>>>>>>>> Groups "Ansible Project" group. >>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>> send an email to [email protected]. >>>>>>>>> To post to this group, send email to [email protected]. >>>>>>>>> To view this discussion on the web visit >>>>>>>>> https://groups.google.com/d/msgid/ansible-project/74e9609c- >>>>>>>>> e50e-46ea-8d34-ae331d47f52e%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/74e9609c-e50e-46ea-8d34-ae331d47f52e%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>>>>> . >>>>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>>>> >>>>>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "Ansible Project" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> To post to this group, send email to [email protected]. >>>>>> To view this discussion on the web visit https://groups.google.com/d/ >>>>>> msgid/ansible-project/ed4c47a9-ec1f-4256-9bfc- >>>>>> 4d45a54bfa5f%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/ed4c47a9-ec1f-4256-9bfc-4d45a54bfa5f%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> >>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>> >>>>> >>>>> >>> -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/8b2569d8-6ead-4e6e-b45e-abf81d31fdbc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
