What happens when you run the command as that user? If it still asks for a password either your sudoers file is an issue or user/group might be.
On Sun, Mar 20, 2016, 7:37 PM TJG <[email protected]> wrote: > Hi John; > > Thanks for the suggestion, but nope: with that line commented out in > sudoers (so that only the one with NOPASSWD is in effect", the error is the > same. > > "Failed to stop httpd.service: Interactive authentication required." > > Besides, I'd have thought that the latter statement would have overridden > the former statement anyways, in a top-to-bottom processing. > > So, still scratching my head... > > Tim > > > On Sunday, March 20, 2016 at 5:31:39 PM UTC-4, John Favorite wrote: > >> comment out >> >> #%wheel ALL=(ALL) ALL >> >> ## Same thing without a password >> %wheel ALL=(ALL) NOPASSWD: ALL >> >> On Sun, Mar 20, 2016 at 4:11 PM, TJG <[email protected]> wrote: >> > Hi all; >> > >> > Just looking for a little help to spot what I might be missing. Against >> a >> > Centos 7 box, using Ansible 2.1.0, this task: >> > >> > - name: restart httpd >> > service: >> > name: httpd >> > state: restarted >> > >> > is giving me an "Interactive authentication required." error when run >> under >> > Ansible 2.1.0 via: >> > >> > ansible-playbook -i inventory test.yml --sudo --ask-sudo-pass >> > --ask-become-pass --sudo -vvvv >> > >> > >> > My playbook is set with: >> > >> > # The user that logs into the machine >> > remote_user: apps >> > >> > # Indicates that we also want to be become the user we log in as, for >> > running tasks >> > # (otherwise the user defaults to root) >> > become: yes >> > become_user: apps >> > >> > >> > and on the Centos 7 box, my "apps" user is in the "wheel" group, and >> the >> > wheel group is covered with sudoer permissions as follows: >> > >> > ## Allows people in group wheel to run all commands >> > %wheel ALL=(ALL) ALL >> > >> > ## Same thing without a password >> > %wheel ALL=(ALL) NOPASSWD: ALL >> > >> > >> > I understood that with my playbook set to use "become", and >> "become_user", >> > that this task would run as sudo? >> > >> > So, why the "Interactive authentication required" error? >> > >> > Of course, I can resort to: >> > >> > - name: Restart apache >> > shell: sudo systemctl restart httpd >> > >> > >> > which doesn't prompt me, but I'd like to understand why the advocated >> method >> > isn't observing that I'm running under sudo? >> > >> > Many thanks, >> > Tim >> > >> > -- >> > You received this message because you are subscribed to the Google >> Groups >> > "Ansible Project" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> an >> > > email to [email protected]. >> > To post to this group, send email to [email protected]. >> > > To view this discussion on the web visit >> > >> https://groups.google.com/d/msgid/ansible-project/3946a8b4-7869-499f-b139-d33c8478ca30%40googlegroups.com. >> >> > For more options, visit https://groups.google.com/d/optout. >> > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/fe9501e5-8c46-41b9-a9c2-ab961430d8de%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/fe9501e5-8c46-41b9-a9c2-ab961430d8de%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAKsMCESoL%2B-qTtMiAbAS8itAQHuW7Ak0vp8CYDa3m7UfYb715A%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
