Ansible Playbook freezes on running a remote shell script having sudo

0
votes

NOTE: This is scenario with vitualbox running a minimal ubuntu image used as a remote host being accessed from ubuntu 16.04

I am a beginner using ansible to run a shell script on a remote server, but it seems to freeze, i dont recieve any logs even after using "-vvv" in arguments. After a little debugging i figured that the problem was with sudo apt-get update used in the shell script.

If i pass the password as an argument from ansible plabook to the shell file and later use it as echo "$PASS" | sudo -S apt-get update , the script seems to work.

How do i configure my ansible Playbook so that it doesnot freeze on the password prompt on executing sudo apt-get update inside the shell file.

and i need to use a specific user account and password instead of root.

I am passing host, user and pass as --extra-vars to the playbook,

{{ host }} is the ip address of the remote host.

{{ user }} is a user account on the remote machine.

{{ pass }} is the password of the user account on the remote machine.

Here is my ansible playbook -


---
- hosts: "{{ host }}"
  remote_user: "{{ user }}"
  vars:
    ansible_become_pass: "{{ pass }}"
  tasks:
    - name: Move test.sh file to remote
      copy: 
        src: ./../scripts/test.sh
        dest: /home/{{ user }}/new/test.sh

    - name: Executing the test.sh script
      command: sh test.sh
      args:
        chdir: /home/{{ user }}/new/
      become: yes
      become_user: "{{ user }}"
1
shellansible
On the server where you are running your script you need to configure sudo without password. So that whenever you run sudo it wouldn't ask for password.getashu1
stackoverflow.com/questions/21870083/…Vignajeth
@getashu1 i cant do that as it would pose a big security risk, as anybody could run commands remotely on my server without being asked for password.thakurnikk

1 Answers

0
votes

I can see two things here:

As per your comments:

I need to use a specific user account and password instead of root.

In Ubuntu, apt-get update must to be run as ID 0 (root), isn't it? so when you add:

become: yes

Means that you expect your user be able to do the operation you require.

In this case apt-get update needs root access to lock /var/lib/apt/lists/ among others.

I guess it is not your case so you need to do:

---
- hosts: "{{ host }}"
  remote_user: "{{ user }}"
  vars:
    ansible_become_pass: "{{ pass }}"
  tasks:
    - name: Move test.sh file to remote
      copy: 
        src: ./../scripts/test.sh
        dest: /home/{{ user }}/new/test.sh

    - name: Executing the test.sh script
      command: sh test.sh
      args:
        chdir: /home/{{ user }}/new/
      become: yes

Removing the become_user: "{{ user }}". I guess also the user has sudo access to run apt-get update so the password will work.

In the other hand, you won't need to run sudp apt-get update inside your script, a simple apt-get update will be enough.

Here the first thing.

For the second, I recommend you splitting actions. If you are going to update your system, do first:

apt-get update with become

And other tasks with the user (If that is required). Also, use ansible modules as much as possible. Don't run apt-get updatewhen you have:

- name: apt-get example
  apt:
    name: package
    update_cache: yes

Or even package.

BTW, I'm running the example as:

ansible-playbook test.yml -e "host=ubuntu-1.vagrant.local pass=ansible user=ansible"