Bug 1461922 - become_method=su fails waiting for privilege escalation prompt
Summary: become_method=su fails waiting for privilege escalation prompt
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Ansible Engine
Classification: Red Hat
Component: ansible
Version: unspecified
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Pavel Cahyna
QA Contact: Leos Pol
URL:
Whiteboard:
Depends On: 1445712 1461920
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-06-15 15:44 UTC by Pavel Cahyna
Modified: 2018-04-18 14:59 UTC (History)
1 user (show)

Fixed In Version: ansible-2.3.1.0-2.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1445712
Environment:
Last Closed: 2017-08-02 00:19:51 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github ansible ansible issues 23689 0 None closed 'become' tasks fail (with a timeout msg) in 2.3.0 2020-03-31 20:46:40 UTC
Red Hat Product Errata RHEA-2017:2366 0 normal SHIPPED_LIVE new package: ansible 2017-08-08 22:54:16 UTC

Description Pavel Cahyna 2017-06-15 15:44:12 UTC 
+++ This bug was initially created as a clone of Bug #1445712 +++

Description of problem:
It's impossible to connect to hosts with become_method=su

It always fails with a timeout error:

TASK [Gathering Facts] ***************************************************************************************************************************************
fatal: [192.168.150.77]: FAILED! => {"failed": true, "msg": "Timeout (12s) waiting for privilege escalation prompt: "}


Version-Release number of selected component (if applicable):
ansible-2.3.0.0-3.fc25.noarch

Additional info:
I think it is upstream bug 23710: https://github.com/ansible/ansible/pull/23710

--- Additional comment from Juan Orti on 2017-04-26 07:13:27 EDT ---

Ansible issue 23689

--- Additional comment from Fedora Update System on 2017-06-01 19:06:50 EDT ---

ansible-2.3.1.0-1.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-5279a157d2

--- Additional comment from Fedora Update System on 2017-06-01 19:07:09 EDT ---

ansible-2.3.1.0-1.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-b316d2bb3b

--- Additional comment from Fedora Update System on 2017-06-02 22:50:31 EDT ---

ansible-2.3.1.0-1.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-5279a157d2

--- Additional comment from Fedora Update System on 2017-06-02 22:56:25 EDT ---

ansible-2.3.1.0-1.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-b316d2bb3b

--- Additional comment from Juan Orti on 2017-06-11 15:17:36 EDT ---

This is an example playbook which timeouts for all the remote hosts with ansible-2.3.1.0-1.fc26.noarch.

It works for localhost, which has defined ansible_connection: local

- name: become_method=su test
  hosts: all
  become: yes
  become_method: su
  remote_user: juan
  tasks:
      - ping:


$ ansible-playbook playbooks/su-test.yml                                                                                                                                                            

PLAY [become_method=su test] **************************************************************************************************************************************************************************************

TASK [Gathering Facts] ********************************************************************************************************************************************************************************************
ok: [localhost]
fatal: [remotehost1]: FAILED! => {"failed": true, "msg": "Timeout (12s) waiting for privilege escalation prompt: "}
fatal: [remotehost2]: FAILED! => {"failed": true, "msg": "Timeout (12s) waiting for privilege escalation prompt: "}

TASK [ping] *******************************************************************************************************************************************************************************************************
ok: [localhost]

PLAY RECAP ********************************************************************************************************************************************************************************************************
remotehost1                      : ok=0    changed=0    unreachable=0    failed=1   
remotehost2                      : ok=0    changed=0    unreachable=0    failed=1   
localhost                      : ok=2    changed=0    unreachable=0    failed=0

--- Additional comment from Juan Orti on 2017-06-11 16:29:29 EDT ---

Sorry, after introducing the become password with -K, this test playbook works in Fedora and epel7.

Tomorrow I'll check some complex playbooks we have at work which were failing these days.

--- Additional comment from Juan Orti on 2017-06-12 06:29:20 EDT ---

After a more detailed review, I can confirm this issue is fixed in Fedora.

Thank you.
Comment 1 Pavel Cahyna 2017-06-15 15:56:30 UTC 
The simplest way to reproduce seems to be: ansible -a : localhost, -b --become-method=su --become-user=root -K
Comment 4 errata-xmlrpc 2017-08-02 00:19:51 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:2366
Note You need to log in before you can comment on or make changes to this bug.