Ansible playbook: Requires sudo password [duplicate]

问题

This question already has an answer here:

How can a user with SSH keys authentication have sudo powers in Ansible? [duplicate] (1 answer)

Closed last year.

I am currently working with ansible and I want to automate dumping of my Remote DB and import the dumped file to my local DB. Now, I encountered some problem for using sudo to switch user.

playbook.yml

  ---
  - hosts: remoteserver
    vars:
      remote_db_name: dbname
      remote_filename: dbname_{{ lookup('pipe', 'date +%m-%d-%Y') }}
      local_folder: /home/alde/database_backups/

    tasks:
      - name: Dump database
        become: yes
        become_user: postgres
        shell: pg_dump -d {{remote_db_name}} > "{{remote_filename}}"

when I try to run ansible-playbook playbook.yml it returns: "sudo: a password is required"

---

What I have tried so far.

1) I tried this solution by adding sudo_flags.

ansible.cfg

[defaults]
sudo_flags = -H -S

then I got a different error when I execute my playbook: "Timeout (12s) waiting for privilege escalation prompt: "

2) I increased the timeout up to 30.

3) I added the default remote user to sudoers file

It's strange because there's no password prompt when I try to access my remote server using ssh and switch from default_user to postgres using sudo su - postgres

---

• ansible 2.3.0.0
• Python 2.7
• Ubuntu 14.04

回答1:

The linked glossary says:

The default is ‘-H -S -n’ which sets the HOME environment variable, prompts for passwords via STDIN, and avoids prompting the user for input of any kind. Note that ‘-n’ will conflict with using password-less sudo auth, such as pam_ssh_agent_auth. In some situations you may wish to add or remove flags, but in general most users will not need to change this setting::

So I think that trying the -n flag as well would at least change something since it seems like you've changed it to waiting on authentication rather than there is no authentication with your last modification.

回答2:

Try to add your root user under the host.

 ---
  - hosts: remoteserver
    remote_user: root
    become: yes
    become_user: root
    become_method: sudo
    vars:
      remote_db_name: dbname
      remote_filename: dbname_{{ lookup('pipe', 'date +%m-%d-%Y') }}
      local_folder: /home/alde/database_backups/

    tasks:
      - name: Dump database
        become: yes
        become_user: postgres
        shell: pg_dump -d {{remote_db_name}} > "{{remote_filename}}"

You can try to add the line to sudoer file (sudo visudo) <ssh user> ALL=(ALL) NOPASSWD:ALL and test it, maybe something is wrong there.

来源：https://stackoverflow.com/questions/43928545/ansible-playbook-requires-sudo-password