Hi Tim, I am a newbee to Ansible and I am facing the same problem. Did you resolve this?
Regards Deepak On Monday, 21 March 2016 08:24:46 UTC+5:30, TJG wrote: > > Hi John, > > I very much appreciate your attention. > > When I run "sudo systemctl restart httpd" directly, when logged in as my > 'apps' user, I am not prompted for a password. > > Bizarre, eh? > > My guess is my httpd configuration... perhaps how Ansible is telling it > to restart or how it's choosing to restart. I'll play with its service > config and report back. > > Tim > > > > On Sunday, March 20, 2016, John Favorite <[email protected] > <javascript:>> wrote: > >> What happens when you run the command as that user? If it still asks for >> a password either your sudoers file is an issue or user/group might be. >> >> On Sun, Mar 20, 2016, 7:37 PM TJG <[email protected]> wrote: >> >>> Hi John; >>> >>> Thanks for the suggestion, but nope: with that line commented out in >>> sudoers (so that only the one with NOPASSWD is in effect", the error is the >>> same. >>> >>> "Failed to stop httpd.service: Interactive authentication required." >>> >>> Besides, I'd have thought that the latter statement would have >>> overridden the former statement anyways, in a top-to-bottom processing. >>> >>> So, still scratching my head... >>> >>> Tim >>> >>> >>> On Sunday, March 20, 2016 at 5:31:39 PM UTC-4, John Favorite wrote: >>> >>>> comment out >>>> >>>> #%wheel ALL=(ALL) ALL >>>> >>>> ## Same thing without a password >>>> %wheel ALL=(ALL) NOPASSWD: ALL >>>> >>>> On Sun, Mar 20, 2016 at 4:11 PM, TJG <[email protected]> wrote: >>>> > Hi all; >>>> > >>>> > Just looking for a little help to spot what I might be missing. >>>> Against a >>>> > Centos 7 box, using Ansible 2.1.0, this task: >>>> > >>>> > - name: restart httpd >>>> > service: >>>> > name: httpd >>>> > state: restarted >>>> > >>>> > is giving me an "Interactive authentication required." error when run >>>> under >>>> > Ansible 2.1.0 via: >>>> > >>>> > ansible-playbook -i inventory test.yml --sudo --ask-sudo-pass >>>> > --ask-become-pass --sudo -vvvv >>>> > >>>> > >>>> > My playbook is set with: >>>> > >>>> > # The user that logs into the machine >>>> > remote_user: apps >>>> > >>>> > # Indicates that we also want to be become the user we log in as, >>>> for >>>> > running tasks >>>> > # (otherwise the user defaults to root) >>>> > become: yes >>>> > become_user: apps >>>> > >>>> > >>>> > and on the Centos 7 box, my "apps" user is in the "wheel" group, and >>>> the >>>> > wheel group is covered with sudoer permissions as follows: >>>> > >>>> > ## Allows people in group wheel to run all commands >>>> > %wheel ALL=(ALL) ALL >>>> > >>>> > ## Same thing without a password >>>> > %wheel ALL=(ALL) NOPASSWD: ALL >>>> > >>>> > >>>> > I understood that with my playbook set to use "become", and >>>> "become_user", >>>> > that this task would run as sudo? >>>> > >>>> > So, why the "Interactive authentication required" error? >>>> > >>>> > Of course, I can resort to: >>>> > >>>> > - name: Restart apache >>>> > shell: sudo systemctl restart httpd >>>> > >>>> > >>>> > which doesn't prompt me, but I'd like to understand why the advocated >>>> method >>>> > isn't observing that I'm running under sudo? >>>> > >>>> > Many thanks, >>>> > Tim >>>> > >>>> > -- >>>> > You received this message because you are subscribed to the Google >>>> Groups >>>> > "Ansible Project" group. >>>> > To unsubscribe from this group and stop receiving emails from it, >>>> send an >>>> >>> > email to [email protected]. >>>> > To post to this group, send email to [email protected]. >>>> >>> > To view this discussion on the web visit >>>> > >>>> https://groups.google.com/d/msgid/ansible-project/3946a8b4-7869-499f-b139-d33c8478ca30%40googlegroups.com. >>>> >>>> >>>> > For more options, visit https://groups.google.com/d/optout. >>>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Ansible Project" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To post to this group, send email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/ansible-project/fe9501e5-8c46-41b9-a9c2-ab961430d8de%40googlegroups.com >>> >>> <https://groups.google.com/d/msgid/ansible-project/fe9501e5-8c46-41b9-a9c2-ab961430d8de%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> For more options, visit https://groups.google.com/d/optout. >>> >> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "Ansible Project" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/ansible-project/NHM3zEiRWxU/unsubscribe >> . >> To unsubscribe from this group and all its topics, send an email to >> [email protected]. >> To post to this group, send email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/CAKsMCESoL%2B-qTtMiAbAS8itAQHuW7Ak0vp8CYDa3m7UfYb715A%40mail.gmail.com >> >> <https://groups.google.com/d/msgid/ansible-project/CAKsMCESoL%2B-qTtMiAbAS8itAQHuW7Ak0vp8CYDa3m7UfYb715A%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/db8a02b7-9a66-49ff-8c6a-98412f81e9b1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
