password not being accepted for sudo user with ansible

ali haider picture ali haider · Jul 8, 2016 · Viewed 9.1k times · Source

I am running an ansible playbook as a sudo user (forcing the sudo password) - however, I am getting a response stating that the su password is incorrect even though I can do the following on the remote server (with the same password that I tried with ansible):

sudo su - root

error message

 fatal: [testserver]: FAILED! => {"failed": true, "msg": "Incorrect su password"}

hosts

[webservers]
testserver ansible_ssh_host=ec2-52-87-166-241.compute-1.amazonaws.com ansible_ssh_port=9876

ansible command

ansible-playbook test_playbook.yml -i hosts --ask-become-pass -vvv

test_playbook

---
- hosts: all
  gather_facts: no
  remote_user: testuser
  become: yes
  become_method: su
  become_user: root
  any_errors_fatal: true

  tasks: 
  - group: 
       name: devops
       state: present
  - name: create devops user with admin privileges

    user: 
      name: devops
      comment: "Devops User"
      uid: 2001
      groups: devops

Any thoughts on what I might be doing wrong?

Answer

Leon picture Leon · Jul 8, 2016

In 'sudo su - root' the root privilege is gained by sudo rather than su (that is why the latter doesn't ask for the root password, since it is invoked by a process already in the role of the root user).

However, in your setup you have specified become_method: su, which expects root's password.

So the fix will be to change become_method to sudo (or, if you know root's password, enter that one instead of your user's password).