Hey Dick - thanks for your response. I'm using sudo. I bumped timeout to 20s in ansible.cfg and now the playbook completes even with pipelining. While watching the -vvv output, I noticed "Escalation succeeded" after ~12 seconds, so I think I was just barely hitting the timeout. I still don't understand why it's timing out without attempting a connection (journalctl output), but honestly, I don't understand the state machine in ssh.py! Back in business though.
Rob On Thursday, September 17, 2020 at 11:29:11 AM UTC-4 [email protected] wrote: > Without knowing anything about those scripts, I would try > adding/removing items to blob_ssodba_download_keys (so with 3 or 5 > items). > This can reveal if the issue is with the 4th item - or with the last item. > > What is the privilege escalation method? I see the string 'oracle' - > can it be some enterprise/corporate security measure that kicks in? > > > On Thu, 17 Sep 2020 at 16:48, Rob Wagner <[email protected]> wrote: > > > > Hey all - I'm hitting the infamous Timeout (12s) waiting for privilege > escalation prompt error but only under specific conditions. The task that > fails is a loop: > > > > - name: copy files from blob > > shell: "{{ blob_ssodba_download_working_dir }}/blob_ssodba_download.py > {{ item }} {{ blob_ssodba_download_dest_dir | > default(blob_ssodba_download_working_dir) }}" > > with_items: "{{ blob_ssodba_download_keys }}" > > become: "{{ blob_ssodba_become | bool }}" > > > > And blob_ssodba_download_keys contains for items. So the shell command > is running four times. The failure always occurs during the 4th iteration > of the loop. The error message with -vvv isn't useful: > > > > Using module file > /sso/sfw/virtualenv/ansible29/lib/python2.7/site-packages/ansible-2.9.9-py2.7.egg/ansible/modules/commands/command.py > > Pipelining is enabled. > > <azuseoracle01.vsp.sas.com> ESTABLISH SSH CONNECTION FOR USER: None > > <azuseoracle01.vsp.sas.com> SSH: EXEC ssh -C -o ControlMaster=no -o > StrictHostKeyChecking=no -o GSSAPIAuthentication=no -o > KbdInteractiveAuthentication=no -o > PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey > -o PasswordAuthentication=no -o ConnectTimeout=10 > azuseoracle01.vsp.sas.com '/etc/ansible-wrapper -c '"'"'sudo -H -S -p > "[sudo via ansible, key=yjyrdwfgvmqyevbiotnpzymsreknqtrd] password:" -u > root /etc/ansible-wrapper -c '"'"'"'"'"'"'"'"'echo > BECOME-SUCCESS-yjyrdwfgvmqyevbiotnpzymsreknqtrd ; > /usr/bin/python'"'"'"'"'"'"'"'"' && sleep 0'"'"'' > > fatal: [azuseoracle01.vsp.sas.com]: FAILED! => { > > "msg": "Timeout (12s) waiting for privilege escalation prompt: " > > } > > > > When I watch journalctl -f on the target, I notice a connection is not > even attempted during the fourth iteration of the loop. And the error only > occurs when pipelining is on. > > > > Any idea what might be going on? > > > > Rob > > > > > > -- > > You received this message because you are subscribed to the Google > Groups "Ansible Project" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected]. > > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CAMc-rNNmPoxp_-0KPXRywGSXE-y14b9uOeFA70xg%2Ban%2B6Tx4ZA%40mail.gmail.com > . > > > > -- > Dick Visser > Trust & Identity Service Operations Manager > GÉANT > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/abdc5f22-7dbe-4229-a860-312ec8be4de0n%40googlegroups.com.
