Description of problem: Ansible job template shows fatal: [client.example.com]: FAILED! => {"changed": false, "module_stderr": "Shared connection to client.example.com closed.\r\n", "module_stdout": "sudo: a password is required\r\n", "msg": "MODULE FAILURE", "rc": 1} even though Sudo password is defined in Administer > settings > Remote Execution This works if we use any other template except ansible (eg - Run command - SSH template) Version-Release number of selected component (if applicable): satellite 6.4 Steps to Reproduce: 1. Create user demo on the client system and add it in the sudoers file 2. On satellite in Administer > settings > Remote Execution. SSH User = demo Sudo password = password of Demo Effective User = test 3. Run job from satellite to client using any ansible template. Actual results: Fails with error [client.example.com]: FAILED! => {"changed": false, "module_stderr": "Shared connection to client.example.com closed.\r\n", "module_stdout": "sudo: a password is required\r\n", "msg": "MODULE FAILURE", "rc": 1} Expected results: Should successfully execute.
Upstream bug assigned to aruzicka
Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/25764 has been resolved.
VERIFIED. @satellite-6.5.0-11.el7sat.noarch tfm-rubygem-foreman_ansible-2.2.14-2.el7sat.noarch by extending the manual reproducer described in comment#0: 1. @HOST: Create user demo and add it in the sudoers file # adduser demo # passwd demo --stdin <<<demo # echo 'demo ALL=(ALL) ALL' >> /etc/sudoers 2. @SAT: Change Administer > Settings > Remote Execution settingd SSH User [ demo ] Sudo password [ demo ] Effective User [ root ] 3. Run the REX job using any ansible template. ---- 1: 2: PLAY [all] ********************************************************************* 3: 4: TASK [Gathering Facts] ********************************************************* 5: ok: [host1.example.com] 6: 7: TASK [shell] ******************************************************************* 8: changed: [host1.example.com] 9: 10: TASK [debug] ******************************************************************* 11: ok: [host1.example.com] => { 12: "out": { 13: "changed": true, 14: "cmd": "id", 15: "delta": "0:00:00.005761", 16: "end": "2019-04-23 12:17:28.547989", 17: "failed": false, 18: "rc": 0, 19: "start": "2019-04-23 12:17:28.542228", 20: "stderr": "", 21: "stderr_lines": [], 22: "stdout": "uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023", 23: "stdout_lines": [ 24: "uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023" 25: ] 26: } 27: } 28: 29: PLAY RECAP ********************************************************************* 30: host1.example.com : ok=3 changed=1 unreachable=0 failed=0 31: 32: Exit status: 0 ---- >>> ansible job run successfully
4. @SAT: Change Administer > Settings > Remote Execution settings SSH User [ demo ] Sudo password [ badbadbad ] Effective User [ root ] 5. Run the REX job using any ansible template. ---- 1: 2: PLAY [all] ********************************************************************* 3: 4: TASK [Gathering Facts] ********************************************************* 5: fatal: [host1.example.com]: FAILED! => {"msg": "Incorrect sudo password"} 6: to retry, use: --limit @/tmp/foreman-playbook-227311a0-64b8-432a-96ac-447985733195.retry 7: 8: PLAY RECAP ********************************************************************* 9: host1.example.com : ok=0 changed=0 unreachable=0 failed=1 10: 11: Exit status: 2 ---- >>> ansible job fails correctly with reasonable message to the user
6. @SAT: Change Administer > Settings > Remote Execution settings SSH User [ demo ] Sudo password [ ] (empty) Effective User [ root ] 7. Run the REX job using any ansible template. ---- 1: 2: PLAY [all] ********************************************************************* 3: 4: TASK [Gathering Facts] ********************************************************* 5: fatal: [host1.example.com]: FAILED! => {"changed": false, "module_stderr": "Shared connection to host1.example.com closed.\r\n", "module_stdout": "sudo: a password is required\r\n", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1} 6: to retry, use: --limit @/tmp/foreman-playbook-2b28a84b-aaa9-49df-b1ea-e0d84dd74e38.retry 7: 8: PLAY RECAP ********************************************************************* 9: host1.example.com : ok=0 changed=0 unreachable=0 failed=1 10: 11: Exit status: 2 ---- >>> ansible job fails correctly with the same message as described in reproducer
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2019:1222