Without knowing anything about those scripts, I would try adding/removing items to blob_ssodba_download_keys (so with 3 or 5 items). This can reveal if the issue is with the 4th item - or with the last item.
What is the privilege escalation method? I see the string 'oracle' - can it be some enterprise/corporate security measure that kicks in? On Thu, 17 Sep 2020 at 16:48, Rob Wagner <[email protected]> wrote: > > Hey all - I'm hitting the infamous Timeout (12s) waiting for privilege > escalation prompt error but only under specific conditions. The task that > fails is a loop: > > - name: copy files from blob > shell: "{{ blob_ssodba_download_working_dir }}/blob_ssodba_download.py {{ > item }} {{ blob_ssodba_download_dest_dir | > default(blob_ssodba_download_working_dir) }}" > with_items: "{{ blob_ssodba_download_keys }}" > become: "{{ blob_ssodba_become | bool }}" > > And blob_ssodba_download_keys contains for items. So the shell command is > running four times. The failure always occurs during the 4th iteration of > the loop. The error message with -vvv isn't useful: > > Using module file > /sso/sfw/virtualenv/ansible29/lib/python2.7/site-packages/ansible-2.9.9-py2.7.egg/ansible/modules/commands/command.py > Pipelining is enabled. > <azuseoracle01.vsp.sas.com> ESTABLISH SSH CONNECTION FOR USER: None > <azuseoracle01.vsp.sas.com> SSH: EXEC ssh -C -o ControlMaster=no -o > StrictHostKeyChecking=no -o GSSAPIAuthentication=no -o > KbdInteractiveAuthentication=no -o > PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o > PasswordAuthentication=no -o ConnectTimeout=10 azuseoracle01.vsp.sas.com > '/etc/ansible-wrapper -c '"'"'sudo -H -S -p "[sudo via ansible, > key=yjyrdwfgvmqyevbiotnpzymsreknqtrd] password:" -u root /etc/ansible-wrapper > -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-yjyrdwfgvmqyevbiotnpzymsreknqtrd ; > /usr/bin/python'"'"'"'"'"'"'"'"' && sleep 0'"'"'' > fatal: [azuseoracle01.vsp.sas.com]: FAILED! => { > "msg": "Timeout (12s) waiting for privilege escalation prompt: " > } > > When I watch journalctl -f on the target, I notice a connection is not even > attempted during the fourth iteration of the loop. And the error only occurs > when pipelining is on. > > Any idea what might be going on? > > Rob > > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CAMc-rNNmPoxp_-0KPXRywGSXE-y14b9uOeFA70xg%2Ban%2B6Tx4ZA%40mail.gmail.com. -- Dick Visser Trust & Identity Service Operations Manager GÉANT -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAL8fbwOGN%3DdmzbhPG08%2B%3DiEnxJ94E47Erh8n7u_hagkt4_7UyQ%40mail.gmail.com.
