Ansible ad-hoc

TKH

New Member
Joined
Feb 12, 2020
Messages
5
Reaction score
0
Credits
0
Hi,

Im trying to update my servers using ansible ad-hoc command but its not working, see below


ansible all -m apt -a 'update_cache=yes' --become


external | FAILED! => {
"changed": false,
"module_stderr": "Shared connection to external closed.\r\n",
"module_stdout": "sudo: a password is required\r\n",
"msg": "MODULE FAILURE",
"rc": 1
}
svn | FAILED! => {
"changed": false,
"module_stderr": "Shared connection to svn closed.\r\n",
"module_stdout": "sudo: a password is required\r\n",
"msg": "MODULE FAILURE",
"rc": 1
}
dns | FAILED! => {
"changed": false,
"module_stderr": "Shared connection to dns closed.\r\n",
"module_stdout": "sudo: a password is required\r\n",
"msg": "MODULE FAILURE",
"rc": 1

not sure what im missing here.

Thank you in advance.
 


What happens if you to try to append
—ask-become to your ad-hoc command?

/oelsner
 
What linux flavor? You should install openssh-askpass. (redhat OS's)
Also you should edit your ansible.cfg to accept ssh keys.
 
Im using Centos6. ssh is working and I can run other ansible commands with no issues. I edited ansible.cfg to make the sudo user myuser instead of root... could the issue here be with the user account? as im not signed in as root but the my user has sudo access root.

Can I still do that with a user account "other than root" with a sudo permission?
does myuser password have to be same on all machines ?
 
There are a few ways to do that. Some of it depends on whether they all have common ssh keys, or a common root password.

The beginning of your playbook file could look like this...

---
- name: Write Hosts
hosts: 192.168.3.226, 192.168.3.45
become: yes
become_user: root
become_method: sudo
vars:
validate_certs: "no"
tasks:
- name: Add host entries
blockinfile:
path: /etc/hosts
block: | (blah, blah, blah )
...

This works if the keys are the same, and have already been accepted.

Also be sure to add this line in your ansible.cfg

host_key_auto_add = True

============================

The second way, is to put the root password in on the command line.

ansible-playbook myplaybook.yml -u root --ask-pass

This isn't the best option, but it's OK, because the root password doesn't show up in the history.

============================

The next option is have a "vars file".

---
vcenter_provider:
hostname: 192.168.1.7
username: root
password: mySecretPassword
validate_certs: no
datacenter: bedrock
cluster: fred
folder: /bedrock/vm
source_vm:
name: 'redhat8.1srv'
network_name: 'VM Network'
new_hosts:
- hostname: clonematic1
ip_addr: 192.168.1.12
ip_netmask: 255.255.255.0
ip_gateway: 192.168.1.1

(blah, blah, do other stuff )

...

This is a little more secure, because it just reads the creds from another file.

==============================

The safest (recommended method) is to use an ansible password vault.

That;s a little more complicated and beyond the scope of this post.
 
  • Like
Reactions: TKH
Thank you dos2unix I will investigate the best solution and post back.
 

Members online


Top