Ansible ad-hoc

TKH

New Member
Credits
0
Hi,

Im trying to update my servers using ansible ad-hoc command but its not working, see below


ansible all -m apt -a 'update_cache=yes' --become


external | FAILED! => {
"changed": false,
"module_stderr": "Shared connection to external closed.\r\n",
"module_stdout": "sudo: a password is required\r\n",
"msg": "MODULE FAILURE",
"rc": 1
}
svn | FAILED! => {
"changed": false,
"module_stderr": "Shared connection to svn closed.\r\n",
"module_stdout": "sudo: a password is required\r\n",
"msg": "MODULE FAILURE",
"rc": 1
}
dns | FAILED! => {
"changed": false,
"module_stderr": "Shared connection to dns closed.\r\n",
"module_stdout": "sudo: a password is required\r\n",
"msg": "MODULE FAILURE",
"rc": 1

not sure what im missing here.

Thank you in advance.
 


dos2unix

Well-Known Member
Credits
1,029
What linux flavor? You should install openssh-askpass. (redhat OS's)
Also you should edit your ansible.cfg to accept ssh keys.
 

TKH

New Member
Credits
0
Im using Centos6. ssh is working and I can run other ansible commands with no issues. I edited ansible.cfg to make the sudo user myuser instead of root... could the issue here be with the user account? as im not signed in as root but the my user has sudo access root.

Can I still do that with a user account "other than root" with a sudo permission?
does myuser password have to be same on all machines ?
 

dos2unix

Well-Known Member
Credits
1,029
There are a few ways to do that. Some of it depends on whether they all have common ssh keys, or a common root password.

The beginning of your playbook file could look like this...

---
- name: Write Hosts
hosts: 192.168.3.226, 192.168.3.45
become: yes
become_user: root
become_method: sudo
vars:
validate_certs: "no"
tasks:
- name: Add host entries
blockinfile:
path: /etc/hosts
block: | (blah, blah, blah )
...

This works if the keys are the same, and have already been accepted.

Also be sure to add this line in your ansible.cfg

host_key_auto_add = True

============================

The second way, is to put the root password in on the command line.

ansible-playbook myplaybook.yml -u root --ask-pass

This isn't the best option, but it's OK, because the root password doesn't show up in the history.

============================

The next option is have a "vars file".

---
vcenter_provider:
hostname: 192.168.1.7
username: root
password: mySecretPassword
validate_certs: no
datacenter: bedrock
cluster: fred
folder: /bedrock/vm
source_vm:
name: 'redhat8.1srv'
network_name: 'VM Network'
new_hosts:
- hostname: clonematic1
ip_addr: 192.168.1.12
ip_netmask: 255.255.255.0
ip_gateway: 192.168.1.1

(blah, blah, do other stuff )

...

This is a little more secure, because it just reads the creds from another file.

==============================

The safest (recommended method) is to use an ansible password vault.

That;s a little more complicated and beyond the scope of this post.
 
  • Like
Reactions: TKH


Members online


Latest posts

Top