Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1461922

Summary: become_method=su fails waiting for privilege escalation prompt
Product: Red Hat Ansible Engine Reporter: Pavel Cahyna <pcahyna>
Component: ansibleAssignee: Pavel Cahyna <pcahyna>
Status: CLOSED ERRATA QA Contact: Leos Pol <lpol>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: kevin
Target Milestone: ---Keywords: Extras
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ansible-2.3.1.0-2.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1445712 Environment:
Last Closed: 2017-08-02 00:19:51 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1445712, 1461920    
Bug Blocks:    

Description Pavel Cahyna 2017-06-15 15:44:12 UTC 
+++ This bug was initially created as a clone of Bug #1445712 +++

Description of problem:
It's impossible to connect to hosts with become_method=su

It always fails with a timeout error:

TASK [Gathering Facts] ***************************************************************************************************************************************
fatal: [192.168.150.77]: FAILED! => {"failed": true, "msg": "Timeout (12s) waiting for privilege escalation prompt: "}


Version-Release number of selected component (if applicable):
ansible-2.3.0.0-3.fc25.noarch

Additional info:
I think it is upstream bug 23710: https://github.com/ansible/ansible/pull/23710

--- Additional comment from Juan Orti on 2017-04-26 07:13:27 EDT ---

Ansible issue 23689

--- Additional comment from Fedora Update System on 2017-06-01 19:06:50 EDT ---

ansible-2.3.1.0-1.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-5279a157d2

--- Additional comment from Fedora Update System on 2017-06-01 19:07:09 EDT ---

ansible-2.3.1.0-1.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-b316d2bb3b

--- Additional comment from Fedora Update System on 2017-06-02 22:50:31 EDT ---

ansible-2.3.1.0-1.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-5279a157d2

--- Additional comment from Fedora Update System on 2017-06-02 22:56:25 EDT ---

ansible-2.3.1.0-1.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-b316d2bb3b

--- Additional comment from Juan Orti on 2017-06-11 15:17:36 EDT ---

This is an example playbook which timeouts for all the remote hosts with ansible-2.3.1.0-1.fc26.noarch.

It works for localhost, which has defined ansible_connection: local

- name: become_method=su test
  hosts: all
  become: yes
  become_method: su
  remote_user: juan
  tasks:
      - ping:


$ ansible-playbook playbooks/su-test.yml                                                                                                                                                            

PLAY [become_method=su test] **************************************************************************************************************************************************************************************

TASK [Gathering Facts] ********************************************************************************************************************************************************************************************
ok: [localhost]
fatal: [remotehost1]: FAILED! => {"failed": true, "msg": "Timeout (12s) waiting for privilege escalation prompt: "}
fatal: [remotehost2]: FAILED! => {"failed": true, "msg": "Timeout (12s) waiting for privilege escalation prompt: "}

TASK [ping] *******************************************************************************************************************************************************************************************************
ok: [localhost]

PLAY RECAP ********************************************************************************************************************************************************************************************************
remotehost1                      : ok=0    changed=0    unreachable=0    failed=1   
remotehost2                      : ok=0    changed=0    unreachable=0    failed=1   
localhost                      : ok=2    changed=0    unreachable=0    failed=0

--- Additional comment from Juan Orti on 2017-06-11 16:29:29 EDT ---

Sorry, after introducing the become password with -K, this test playbook works in Fedora and epel7.

Tomorrow I'll check some complex playbooks we have at work which were failing these days.

--- Additional comment from Juan Orti on 2017-06-12 06:29:20 EDT ---

After a more detailed review, I can confirm this issue is fixed in Fedora.

Thank you.
Comment 1 Pavel Cahyna 2017-06-15 15:56:30 UTC 
The simplest way to reproduce seems to be: ansible -a : localhost, -b --become-method=su --become-user=root -K
Comment 4 errata-xmlrpc 2017-08-02 00:19:51 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:2366