On 2020-06-21 23:55, Stuart Henderson wrote:
On 2020-06-21, Gregory Edigarov <ediga...@qarea.com> wrote:
Trying to run ansible-playbook with localhost.
Playbook:
---
- hosts: localhost
become: true
become_method: doas
roles:
- wrkstpkgs
Expected behaviour - Ansible asks for the become pass only once, then
execution of tasks require no intervention.
Observed behaviour:
run ansible-playbook:
ansible-playbook -K site.yml
BECOME password:
[WARNING]: provided hosts list is empty, only localhost is available.
Note that the implicit localhost does not match 'all'
PLAY [localhost]
******************************************************************************************************************************************************************************************************************************
TASK [Gathering Facts]
************************************************************************************************************************************************************************************************************************
doas (g...@lbld12.duckdns.org) password:
ok: [localhost]
TASK [wrkstpkgs : ensure vital packages are present]
******************************************************************************************************************************************************************************************
doas (g...@lbld12.duckdns.org) password:
ok: [localhost]
TASK [wrkstpkgs : ensure versioned packages are present]
**************************************************************************************************************************************************************************************
doas (g...@lbld12.duckdns.org) password:
doas.conf only contains this line:
permit persist greg
Am I missing anything? Thanks a lot in advance.
I think it's like the problem with using doas in ports.
"persist" uses the TIOCSETVERAUTH/TIOCCHKVERAUTH tty(4) ioctls which
were added specifically for doas, the authentication can't be passed
around very far:
TIOCCHKVERAUTH void
Check the verified auth status of this session. The calling
process must have the same real user ID and parent process as
the process which called TIOCSETVERAUTH. A zero return
indicates success.
Chances are the second doas call does not have the same parent process.
Hello Stuart.
Yes, it's definitely the case. But are there any workarounds? of course
I can install sudo from packages, but I'm always willing to stick with
the base as much as possible. And completely preventing the prompting
for password using permit nopass doesn't seem to me like a good solution
either.
--
With best regards,
Gregory Edigarov