7

I'm using Ansible to provision a virtual machine started with Vagrant. I've used both the (preferred) VMware provider and VirtualBox to test, and am getting the same result with each.

I am using the following set of tasks in order to try and create a database called so, with and a user django with access. However, the database password doesn't appear to be getting set. If I manually set this I can connect, if I try beforehand I always get FATAL: password authentication failed for user "django".

I have posted the relevant section of the Ansible configuration below, and the relevant section of the debug below that (ansible.verbose = "vvv" in vagrant configuration). 

# Create Prostgres DB
- hosts: all
  sudo: True
  sudo_user: postgres

  vars:
    dbname: so
    dbuser: django
    dbpassword: 4967bKzCegrPxVH4tGgQe6kFn232t7KiFDXfedVi

  tasks: 
  - name: Ensure database exists
    postgresql_db: name={{ dbname }}

  - name: Ensure DB user has access to the DB
    postgresql_user: db={{ dbname }} name={{ dbuser }} password={{ dbpassword }} priv=ALL state=present

  # Leave user with ability to create databases. This prividge should be 
  # removed for production, but is required for running tests. 
    postgresql_user: name={{ dbuser }} role_attr_flags=NOSUPERUSER,CREATEDB

Verbose output:

TASK: [Ensure DB user has access to the DB] *********************************** 
<127.0.0.1> ESTABLISH CONNECTION FOR USER: vagrant
<127.0.0.1> EXEC ['ssh', '-tt', '-q', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/Users/danielsgroves/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'Port=2222', '-o', 'IdentityFile=/Users/danielsgroves/.vagrant.d/insecure_private_key', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', 'User=vagrant', '-o', 'ConnectTimeout=10', '127.0.0.1', "/bin/sh -c 'mkdir -p /tmp/ansible-1387481596.93-132175356393082 && chmod a+rx /tmp/ansible-1387481596.93-132175356393082 && echo /tmp/ansible-1387481596.93-132175356393082'"]
<127.0.0.1> REMOTE_MODULE postgresql_user name=django role_attr_flags=NOSUPERUSER,CREATEDB
<127.0.0.1> PUT /var/folders/2j/n8ng8fdd5gj125w5zswg9kj00000gn/T/tmpvnrb37 TO /tmp/ansible-1387481596.93-132175356393082/postgresql_user
<127.0.0.1> EXEC ['ssh', '-tt', '-q', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/Users/danielsgroves/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'Port=2222', '-o', 'IdentityFile=/Users/danielsgroves/.vagrant.d/insecure_private_key', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', 'User=vagrant', '-o', 'ConnectTimeout=10', '127.0.0.1', "/bin/sh -c 'chmod a+r /tmp/ansible-1387481596.93-132175356393082/postgresql_user'"]
<127.0.0.1> EXEC ['ssh', '-tt', '-q', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/Users/danielsgroves/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'Port=2222', '-o', 'IdentityFile=/Users/danielsgroves/.vagrant.d/insecure_private_key', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', 'User=vagrant', '-o', 'ConnectTimeout=10', '127.0.0.1', '/bin/sh -c \'sudo -k && sudo -H -S -p "[sudo via ansible, key=isnxrvycjudgazbgyciehbcpiiswfczx] password: " -u postgres /bin/sh -c \'"\'"\'echo SUDO-SUCCESS-isnxrvycjudgazbgyciehbcpiiswfczx; /usr/bin/python /tmp/ansible-1387481596.93-132175356393082/postgresql_user\'"\'"\'\'']
<127.0.0.1> EXEC ['ssh', '-tt', '-q', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/Users/danielsgroves/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'Port=2222', '-o', 'IdentityFile=/Users/danielsgroves/.vagrant.d/insecure_private_key', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', 'User=vagrant', '-o', 'ConnectTimeout=10', '127.0.0.1', "/bin/sh -c 'rm -rf /tmp/ansible-1387481596.93-132175356393082/ >/dev/null 2>&1'"]
ok: [server] => {"changed": false, "user": "django"}
Daniel Groves
  • 472
  • 2
  • 8
  • 21
  • Interestingly this seems to work on a physical box, just not on a Vagrant VM. Will investigate further when I get a minute. – Daniel Groves Jan 08 '14 at 10:14
  • Unfortunately not. The same command does however work in a different provisioner which is being used against a production box hosted with Digital Ocean. – Daniel Groves Jan 18 '14 at 15:21
  • See @eadmundo updated answer below. The last tasks of yours has two actions. Only the last action is executed, the first one is ignored. – udondan Jan 27 '16 at 03:37

1 Answers1

-1

The final task in that playbook will not be run by ansible - it doesn't have a hyphen in front of the module name. Change it to either:

- postgresql_user:
    name: "{{ dbuser }}"
    role_attr_flags: "NOSUPERUSER,CREATEDB"

or (I prefer to name all tasks)

- name: Set roles for DB user
  postgresql_user:
    name: "{{ dbuser }}"
    role_attr_flags: "NOSUPERUSER,CREATEDB"

and you should then be able to login as the django user with

$ psql -U django -h localhost so

Without any roles set, the user can't login. I think that the 'LOGIN' role must be implicit in the roles that are specified there, although I haven't confirmed that in the PostgreSQL docs.

Garrett Hyde
  • 5,409
  • 8
  • 49
  • 55
eadmundo
  • 1,209
  • 1
  • 9
  • 4
  • This question is asking about how to do this with ansible, not the command line. Could you provide an ansible task to add the host? – adeady Jan 07 '16 at 18:25