Missing sudo password in Ansible

ansible

Ansible asks for sudo password from following code, it tries to create a new postgres user.

Error message:

fatal: [xxx.xxx.xxx.xxx] => Missing sudo password

main.yml

- name: 'Provision a PostgreSQL server'
  hosts: "dbservers"
  sudo: yes
  sudo_user: postgres
  roles:
    - postgres

create_db.yml

- name: Make sure the PostgreSQL users are present
  postgresql_user: name=rails password=secret role_attr_flags=CREATEDB,NOSUPERUSER
  sudo_user: postgres
  sudo: yes

The remote_user that used to login to this machine is a non-root user, it has no password, and can only login using key auth.

For user postgres, this account doesn't have the password as well, because the database was just installed.

Since I logged in as non-root user, of course it will ask for password when switch to postgress account in order to create database user. But it won't be need for password if switch to postgres from root account. So, I wonder if there is a way to switch to root, and then switch to user postgres.

Note: the root account has no public key, no password, and cannot login from SSH.


Try with the option -kK. It will prompt for password.

$ ansible-playbook mail.yml -kK 
SSH password: 
BECOME password[defaults to SSH password]:
  • -k, --ask-pass: ask for connection password
  • -K, --ask-become-pass: ask for privilege escalation password

You can specificy the sudo password when running the Ansible playbook:

ansible-playbook playbook.yml -i inventory.ini --extra-vars "ansible_sudo_pass=yourPassword"

Add a file to the /etc/sudoers.d directory on the target machine called postgres with the following contents:

postgres ALL=(ALL) NOPASSWD:ALL

This ensures that the postgres user (provided you are using that as your sudo user) will not be asked for a password when it attempts sudo commands.

If you are using a different user to connect to the target machine, then you'll have to amend the above to give the NOPASSWD permission to that user instead.

See here for further details.


You would need to modify /etc/sudoers file or command visudo to allow user with which you connect to the remove server to switch to another user without password prompt.

Related

cannot write mode RGBA as JPEG
What is "The Best" U.S. Currency RegEx?
Why is 'dir()' named 'dir' in python?
How to check if property setter is public
How do header and source files in C work?
Android Checkable Menu Item
"Unbalanced calls to begin/end appearance transitions for DetailViewController" when pushing more than one detail view controller
Bootstrap 3 scrollable div for table
Hibernate, iBatis, Java EE or other Java ORM tool
How to call the constructor with call_user_func_array in PHP
javax.persistence.NoResultException: No entity found for query
how to get coordinates of the center of the viewed area in google maps using Google Maps JavaScript API v3