Hi John, I very much appreciate your attention.
When I run "sudo systemctl restart httpd" directly, when logged in as my 'apps' user, I am not prompted for a password. Bizarre, eh? My guess is my httpd configuration... perhaps how Ansible is telling it to restart or how it's choosing to restart. I'll play with its service config and report back. Tim On Sunday, March 20, 2016, John Favorite <[email protected]> wrote: > What happens when you run the command as that user? If it still asks for a > password either your sudoers file is an issue or user/group might be. > > On Sun, Mar 20, 2016, 7:37 PM TJG <[email protected] > <javascript:_e(%7B%7D,'cvml','[email protected]');>> wrote: > >> Hi John; >> >> Thanks for the suggestion, but nope: with that line commented out in >> sudoers (so that only the one with NOPASSWD is in effect", the error is the >> same. >> >> "Failed to stop httpd.service: Interactive authentication required." >> >> Besides, I'd have thought that the latter statement would have overridden >> the former statement anyways, in a top-to-bottom processing. >> >> So, still scratching my head... >> >> Tim >> >> >> On Sunday, March 20, 2016 at 5:31:39 PM UTC-4, John Favorite wrote: >> >>> comment out >>> >>> #%wheel ALL=(ALL) ALL >>> >>> ## Same thing without a password >>> %wheel ALL=(ALL) NOPASSWD: ALL >>> >>> On Sun, Mar 20, 2016 at 4:11 PM, TJG <[email protected]> wrote: >>> > Hi all; >>> > >>> > Just looking for a little help to spot what I might be missing. >>> Against a >>> > Centos 7 box, using Ansible 2.1.0, this task: >>> > >>> > - name: restart httpd >>> > service: >>> > name: httpd >>> > state: restarted >>> > >>> > is giving me an "Interactive authentication required." error when run >>> under >>> > Ansible 2.1.0 via: >>> > >>> > ansible-playbook -i inventory test.yml --sudo --ask-sudo-pass >>> > --ask-become-pass --sudo -vvvv >>> > >>> > >>> > My playbook is set with: >>> > >>> > # The user that logs into the machine >>> > remote_user: apps >>> > >>> > # Indicates that we also want to be become the user we log in as, >>> for >>> > running tasks >>> > # (otherwise the user defaults to root) >>> > become: yes >>> > become_user: apps >>> > >>> > >>> > and on the Centos 7 box, my "apps" user is in the "wheel" group, and >>> the >>> > wheel group is covered with sudoer permissions as follows: >>> > >>> > ## Allows people in group wheel to run all commands >>> > %wheel ALL=(ALL) ALL >>> > >>> > ## Same thing without a password >>> > %wheel ALL=(ALL) NOPASSWD: ALL >>> > >>> > >>> > I understood that with my playbook set to use "become", and >>> "become_user", >>> > that this task would run as sudo? >>> > >>> > So, why the "Interactive authentication required" error? >>> > >>> > Of course, I can resort to: >>> > >>> > - name: Restart apache >>> > shell: sudo systemctl restart httpd >>> > >>> > >>> > which doesn't prompt me, but I'd like to understand why the advocated >>> method >>> > isn't observing that I'm running under sudo? >>> > >>> > Many thanks, >>> > Tim >>> > >>> > -- >>> > You received this message because you are subscribed to the Google >>> Groups >>> > "Ansible Project" group. >>> > To unsubscribe from this group and stop receiving emails from it, send >>> an >>> >> > email to [email protected]. >>> > To post to this group, send email to [email protected]. >>> >> > To view this discussion on the web visit >>> > >>> https://groups.google.com/d/msgid/ansible-project/3946a8b4-7869-499f-b139-d33c8478ca30%40googlegroups.com. >>> >>> > For more options, visit https://groups.google.com/d/optout. >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] >> <javascript:_e(%7B%7D,'cvml','ansible-project%[email protected]');> >> . >> To post to this group, send email to [email protected] >> <javascript:_e(%7B%7D,'cvml','[email protected]');>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/fe9501e5-8c46-41b9-a9c2-ab961430d8de%40googlegroups.com >> <https://groups.google.com/d/msgid/ansible-project/fe9501e5-8c46-41b9-a9c2-ab961430d8de%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > -- > You received this message because you are subscribed to a topic in the > Google Groups "Ansible Project" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/ansible-project/NHM3zEiRWxU/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected] > <javascript:_e(%7B%7D,'cvml','ansible-project%[email protected]');> > . > To post to this group, send email to [email protected] > <javascript:_e(%7B%7D,'cvml','[email protected]');>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CAKsMCESoL%2B-qTtMiAbAS8itAQHuW7Ak0vp8CYDa3m7UfYb715A%40mail.gmail.com > <https://groups.google.com/d/msgid/ansible-project/CAKsMCESoL%2B-qTtMiAbAS8itAQHuW7Ak0vp8CYDa3m7UfYb715A%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAAnEMzRJVwDoZq-Qie9np9XQQ9Ohu5ac0ojvmrU0u9r%3DqbwUbw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
