password not being accepted for sudo user with ansible
I am running an ansible playbook as a sudo user (forcing the sudo password) - however, I am getting a response stating that the su password is incorrect even though I can do the following on the remote server (with the same password that I tried with ansible):
sudo su - root
error message
fatal: [testserver]: FAILED! => {"failed": true, "msg": "Incorrect su password"}
hosts
[webservers]
testserver ansible_ssh_host=ec2-52-87-166-241.compute-1.amazonaws.com ansible_ssh_port=9876
ansible command
ansible-playbook test_playbook.yml -i hosts --ask-become-pass -vvv
test_playbook
---
- hosts: all
gather_facts: no
remote_user: testuser
become: yes
become_method: su
become_user: root
any_errors_fatal: true
tasks:
- group:
name: devops
state: present
- name: create devops user with admin privileges
user:
name: devops
comment: "Devops User"
uid: 2001
groups: devops
Any thoughts on what I might be doing wrong?
Answer
In 'sudo su - root' the root privilege is gained by sudo rather than su (that is why the latter doesn't ask for the root password, since it is invoked by a process already in the role of the root user).
However, in your setup you have specified become_method: su, which expects root's password.
So the fix will be to change become_method to sudo (or, if you know root's password, enter that one instead of your user's password).