World's Only Assuring 99.99% Uptime Servers and Applications. Details
+1-203-479-0755 Click For Support

Solving Ansible Error Sudo Password Missing

solving-ansible-error
20
Sep

# Tags

  • Codeyo Genie Codeyo Genie / 1 year
  • November 18, 2024
  • 6 min read

Solving Ansible Error Sudo Password Missing

When using Ansible, the warning “Sudo password missing” can happen. Follow the steps below to figure out what’s wrong and fix it.


$ ansible-playbook -i demo/inventory
torubleshooting/missingsudopassword_error.yml
   PLAY [debug module demo] TASK [Gathering Facts] fatal:
[demo.abcd.com]: FAILED! => {"msg": "Missing sudo passowrd"} play
  RECAP demo.abcd.com : ok=0 changed=0 unreachable=0 failed=1 skipped=0
            rescued=0 ignored=0

Solves Problems

The steps to fix the mistake are shown below:


$ ansible-playbook --help usage: ansible-playbook [-h] [--version] [-v]
  [-k] [--private-key PRIVATE_KEY_FILE] [-u REMOTE_USER] [...]

Control how and which user we use as a target host to get more powers.
--become-method BECOME_METHOD
privilege escalation method to use (default=sudo), use 'ansible-doc
-t become -l' to list valid choices.
--become-user BECOME_USER
run operations as this user (default=root)
-K, --ask=become-pass
ask for privilege escalation passowrd
-b, --become
Start applying (this doesn't mean you have to ask for a password):
ansible-pilot $ ansible-playbook -i demo/inventory
troubleshooting/missingsudopassword_error.yml -bk
BECOME oassword:

PLAY [debug module demo]
TASK [Gathering Facts] fatal: [demo.abcd.com]: FAILED! => {"msg":
"Incorrect sudo password"}
PLAY RECAP demo.abcd.com : ok=0 changed=0 unreachable=0 failed=1
skipped=0 rescued=0 ignored=0

Verification

Follow the codes below for verification:

$ ssh [email protected] Last Login: Mon Nov 8 10:24:10 2021 from 192.168.43.5
[abcd@123 -]$ sudo su/

We hope you got the normal lecture from the local system Administrator. It typically comes down to three things:
1) Respect the privacy of others.
2) Think before you type.
3) With great power comes great responsibility.


[sudo] password for devops;
Sorry, try again.
[sudo] password for devops;
Sorry, try again.
[sudo] password for devops;
sudo: 2 incorrect password attempts
[devops@demo -]$ su -
Password:
Last login: Mon Nov 8 09:44:37 UTC 2023 on pts/0
[root@demo -]# ls -al /etc/sudo
sudo_conf sudoers sudoers.d/ sudo-ldap.conf
[root@demo -]# ls -al /etc/sudoers.d/
             total 16
drwxr-x---. 2root root 21 Nov 8 09:06.
drwxr-xr---. 87 root root 8192 znov8 09:14 ..
-r--r-----. 1 root root 45 Sep 1 00:19 vagrant
[root@demo ~]A vin /etc/sudoers.d/devops
[root@demo ~]A cat /etc/sudoers.d/devops
devops ALL=(All) NOPASSWD: ALL
[root@demo ~]# exit
   logout
[devops@demo ~]$ whoami
   devops
[devops@demo ~]$ sudo su
[root@demo devops]# whoami
    root
[root@demo devops]# exit
    exit
[devops@demo ~]$ exit
   logout
Connection to demo.abcd.com closed.

Steps for Troubleshooting

You can fix the mistake by using the following troubleshooting steps:

  1. To start, use the /etc/sudoers.d/devops

    2. devops ALL=(ALL) NOPASSWD: ALL

    Use the command line shown below to learn more about how the answer is run:

    
$ ansible-playbook -i demo/inventory troubleshooting/missingsudopassword_error.yml
PLAY [debug module demo] ************************************************************************
TASK [Gathering Facts] **************************************************************************

            ok: [demo.abcd.com]

TASK [root test] ********************************************************************************

            ok: [demo.abcd.com] => {
        "msg": "privilege escalation successful"
                }

PLAY RECAP **************************************************************************************

    demo.abcd.com : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
  2. Try the -kK setting to get a password prompt.

    3. $ ansible-playbook mail.yml -kk
SSH password:
BECOME password[defaults to SSH password]:

    -k, --ask-pass: ask for connection password
-k, --ask-become-pass: ask for privilege escalation password
  3. When running the Ansible playbook, enter the sudo password:

    4. ansible-playbook playbook.yml -i inventory.ini --extra-vars "ansible_sudo_pass=userPassword"
  4. Update the /etc/sudoers.d directory file to include the following:

    5. postgres ALL=(ALL) NOPASSWD: ALL

    Add the necessary information to the group variables in /etc/ansible/group_vars/servergroup>/vars.

    ansible_become: yes
ansible_become_method: sudo
ansible_become_pass: "{{ vault_ansible_password }}"
  5. In one case, the problem could be that the ansible user doesn't have all the rights they need. The tester user didn't have all of the necessary sudo rights to do the following: First permission for tester_user:

    6. tester ALL = NOPASSWD:ALL

    changed to get rid of the Ansible error "Sudo password is missing":

    tester ALL=(ALL:ALL) NOPASSWD:ALL

    The following is what these new fields mean: The first "ALL" tells us that the person has the same command-running abilities as all other users. The second "ALL" tells you that the person can run commands as all groups.

    Since all Ansible users use become user, the ansible user must be able to carry out tasks.

  6. In the Ansible Tower UI, turn on the Privilege Escalation choice. In Ansible Tower, we might have to enter the password twice.
  7. Here is another way to deal with the ansible error missing sudo password trouble:

    8. fatal: [node]: FAILED! => {"msg": "Missing sudo password"}

    Even though the person was already in the sudoers file on the remote host, allowing them to run commands without a password, this warning will still be shown. In this case, add this to the main YAML playbook:

              ---
        - hosts:
      become_user:
    become: true roles:
 - [ playbook role]

    Also, in the /etc/ansible/ansible.cfg file, uncomment the following lines or change them:

            [privilege_escalation]
    become=True become_method=sudo
       become_user=root
    become_ask_pass=False
{defaults] remote_tmp = /tmp/ansible-$USER
        host_key_checking = False
 sudo_user = [the remote privileged user]
      ask_sudo_pass = False
    ask_pass = False

    In this case, the line remote_tmp = /tmp/ansible-$USER keeps notes like:

                OSError: [Errno 13] Permission denied:
              '/etc/.ansible_tmplyoZOOyum.conf'
fatal: [node]: FAILED! => {"changed": false, "msg": "The destination
  directory(/etc) is not writable by the current user. Error was:
 [Errno 13] Permission denied: '/etc/.ansible_tmplyoZOOyum.conf'"}
  8. To fix the Ansible problem "missing sudo password," add the command /bin/sh to the line in /etc/sudoers that lets commands run without a password:

    9. The error message was:

              BECOME password:
         debian | FAILE
         "ansible_facts": {
    "discovered_interpreter_python": "/usr/bin/python"
                           },
              "changed": false,
  "module_stderr": "Shared connection	to debian9 closed.\r\n*,
               "module_stdout": \r\n,
"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
                      "rc": 1
                          }

But there's one more thing:

user ALL= NOPASSWD: /usr/bin/id, /usr/bin/whoami, /bin/sh

We can also add the id and whoami for tests.

Conclusion

Codeyo Genie is here to help, so don't forget that. If you need more help or would rather have an expert show you the way. Contact us today to improve how your website works and make sure your users can always get to it.

# Tags

Leave a comment

Your email address will not be published. Required fields are marked *

Verified by MonsterInsights