0

using the new "become" syntax, how do you configure your playbook to log in to a host as a regular user, switch to the root user and ask for a password?

I tried:

---
- hosts: foo
  gather_facts: no
  remote_user: martin
  become: yes
  become_method: su

  tasks:
  - name: update
    yum: name=tree state=latest

This playbook just hands in the TASK phase. I also tried removing the become_method and using ansible-playbook book.yml --ask-become-pass but that also didn't work. Any ideas?

mart1n
  • 173
  • 2
  • 2
  • 7
  • did you try to use `sudo`? – Jakuje Feb 09 '16 at 16:17
  • @Jakuje I know how to make it work with `sudo` and `su` but I'm looking for how to do this with the `become` directives. I do not use sudo on the target machine, only a plain root account. – mart1n Feb 09 '16 at 19:34
  • Please post the error message otherwise it is not possible to tell what is going wrong. Is the user `martin` able to use the `su` command? – Henrik Pingel Feb 10 '16 at 08:33
  • @knowhy There is no error, it just hangs after `TASK: [update]`. Running it with `-vvvv` shows that it tries to execute `-c 'su root -c "/bin/sh -c ` but it needs to ask a password for that to succeed, which never happens. – mart1n Feb 10 '16 at 10:12
  • 1
    So `sudo: yes` is working but `become: yes` is not? But @Jakuje has a point, with "did you try `sudo`?" - not as `sudo: yes` but as `become_method: sudo` (which is the default if omitted) – udondan Feb 12 '16 at 03:28
  • 1
    I believe if you set `become_method: su` you need to provide root password with `--ask-become-pass` as Ansible will login with `remote_user` and gain privilege with `su`. Maybe adding `become_user: root` will solve your problem. – Henrik Pingel Feb 12 '16 at 10:10

1 Answers1

2

I think I hit something similar to this recently and ended up putting these lines in ansible.cfg:

[privilege_escalation]
become=Yes
become_method=sudo
become_user=root
become_ask_pass=True

I think the become_user directive is unnecessary as thats also the default, but I think it was the become_ask_pass that made the difference and stopped it hanging.

Hope that helps.

robrant
  • 121
  • 2