Ansible errros out when daemon_reload=yes with error failure 1 during daemon-reload: Failed to execute operation: Connection timed out

2
votes

My YAML file for the handler is as below: Yaml file location is as below

ansible_patching/ssm_agent.yml

---
- hosts: all
  gather_facts: true
  become: true

  roles:
  - ssm_agent

roles/ssm_agent/handlers/main.yml

# handlers file for ansible-role-ssm-agent
- name: systemctl_handler
  systemd:
    name: amazon-ssm-agent
    daemon_reload: yes
    state: "{{ ssm_agent_svc_state }}"
    enabled: yes

ansible_patching/roles/ssm_agent/tasks/main.yml

---
- name: Check required input parameters
  assert:
    that:
      - ({{ item }} is defined)
      - ({{ item }} is not none)
      - ({{ item }} | trim != '')
  with_items:
    - os_name
    - os_version
  loop_control:
          loop_var: item
- name: Include architecture specific
  include: "{{ ansible_architecture }}.yml"

- name: Include for centos 7
  include: install_{{ os_name }}_{{ os_version }}.yml
  when: ansible_distribution == "{{ os_name }}" and ansible_distribution_major_version == "{{ os_version }}"

The error I get is as below

RUNNING HANDLER [ansible_role_ssm_agent : systemctl_handler] ********************************************************
fatal: [13.236.87.146]: FAILED! => {"changed": false, "msg": "failure 1 during daemon-reload: Failed to execute operation: Connection timed out\n"}

However, I can restart service with the same remote user(ansible) on the remote host [ Public IP of Remote CentOS Host ]

Please find below output:

[ansible@ip-172-31-33-3 tmp]$ sudo systemctl status amazon-ssm-agent
[sudo] password for ansible:
● amazon-ssm-agent.service - amazon-ssm-agent
   Loaded: loaded (/etc/systemd/system/amazon-ssm-agent.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2020-06-25 01:22:40 UTC; 44min ago
 Main PID: 1978 (amazon-ssm-agen)
   CGroup: /system.slice/amazon-ssm-agent.service
           └─1978 /usr/bin/amazon-ssm-agent

[ansible@ip-172-31-33-3 tmp]$ sudo systemctl restart amazon-ssm-agent
[ansible@ip-172-31-33-3 tmp]$ sudo systemctl status amazon-ssm-agent
● amazon-ssm-agent.service - amazon-ssm-agent
   Loaded: loaded (/etc/systemd/system/amazon-ssm-agent.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2020-06-25 02:07:06 UTC; 2s ago
 Main PID: 2157 (amazon-ssm-agen)
   CGroup: /system.slice/amazon-ssm-agent.service
           └─2157 /usr/bin/amazon-ssm-agent

Note: The playbook (ansible ssm agent installation role) does work fine if I comment daemon_reload: yes

Any guidance shall be appreciated.

[ansible@ip-172-31-38-88 ~]$ sudo systemctl daemon-reload
[ansible@ip-172-31-38-88 ~]$ echo $?
0

Edit 2: Works fine on the remote host with sudo command

[ansible@ip-172-31-38-88 ~]$ sudo cat /etc/sudoers |grep ansible
[sudo] password for ansible:
ansible ALL=(ALL)       ALL
[ansible@ip-172-31-38-88 ~]$

Edit 4: Remote ansible user has identical permissions like root user.

1
ansible
Do you need the daemon-reload attribute? This should execute systemctl daemon-reload on the remote machine. Can you successful execute it as the ansible user?yabberth
The manual thing did not work Sir. I pasted the output after P.S. I don't know if I need that attribute. I added as a precautionary measure.learner
Sorry. You need to issue the command with sudo. Is this possible? sudo systemctl daemon-reloadyabberth

1 Answers

0
votes

From the details in your question, I can see that you are using ansible user to log in the remote machines.

In order to start-stop-restart or reload the system services, your ansible user has to have administrative rights, meaning the sudo rights.

From the output of systemctl daemon-reload we can clearly see that you don't have required permissions. So, in order to make it work,

  1. You need to give sudo rights to your ansible user,

In Ubuntu, (with root user or sudo): # usermod -aG sudo ansible

In CentOS (with root user or sudo): # usermod -aG wheel ansible

  1. You need to set become: true in your playbook,
---
- name: My playbook
  hosts: localhost
  become: true
  become_user: root
  become_method: sudo

  tasks:

and that's all!