add users, groups, authorized_keys, and dot files #9

New issue

Closed

opened 2018-07-21 00:52:07 +00:00 by reelsense · 11 comments

reelsense commented 2018-07-21 00:52:07 +00:00 (Migrated from github.com)

Copy link

Overview

• Add/remove users, groups, and user variables like default shell.
  • With a caveats for built-in AMI/vagrant users like ubuntu, vagrant, or ec2-user.
• Add/remove or update if it doesn't exist; alias or strings in .bashrc or .cshrc. (Depending on OS and/or tag.) **
  • Maybe I should source or import (w/e the term is) a custom .shell_aliases file so I can cleanly update/replace it per user?
    • Could I still export environment variables from a custom .shell_aliases like this: export SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh?
• Add/remove or update ~/.ssh/config if it doesn't exist.
• Additional provision to add/remove future generic config file like above.
  • Permissions and owner variable so I can update/fix permissions if aliases contain secrets at some point.

Details

I always need to add the same users to my servers but I don't want to add an ubuntu user to a FreeBSD server. Nor do I want to add the default FreeBSD AMI user; "ec2-user", to an Ubuntu server. I want those default accounts to stay, but I still want to be able to update them like the other user accounts.

I need a stand-alone adduser playbook that I run against existing servers and new servers. Hopefully it will work in a sort of declarative fashion.

I want to be able to add and remove users and/or their variables from a list and run the playbook to match the list across all the hosts.

For example:

• I need to update all users on ~40 servers with the public key of their Yubikey. Use example pub keys I'll replace with the real ones.
• And add export SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh to their .bashrc, IF it's not already there.
• I need to fix the users shell to use SHELL=/bin/bash if they are on Ubuntu/debian or /bin/csh if the playbook detects they are on FreeBSD and/or the ec2 tag is freebsd. ( ** Tags vs OS detection is your choice)

List of users:
remember
direct
degree
sand
grief
jam
king

This is what I tried to work with but gave up trying to debug my errors:
https://github.com/ANXS/generic-users

I started to make this little shell script to produce the ~/.ssh/config I wanted each user to run. But I decided since I'll be doing things this way for a long long time I might as well make it part of my custom add user playbook. This playbook should add the ~/.ssh/config to existing servers if it doesn't exist, or update the existing one to match the playbook.

I don't know the best way to achieve what I want. Maybe the task will have a bunch of variable files for each user and I update the config files for each user and re-run the playbook to update across all the servers.

---

I hope this makes sense.

# Overview * Add/remove **users, groups, and user variables** like default shell. * With a caveats for built-in AMI/vagrant users like `ubuntu`, `vagrant`, or `ec2-user`. * Add/remove or update if it doesn't exist; **_alias_ or _strings_ in `.bashrc` or `.cshrc`**. _(Depending on OS and/or tag.)_ ** * Maybe I should source or import _(w/e the term is)_ a _custom `.shell_aliases` file_ so I can cleanly update/replace it **per user?** * Could I _still `export` environment variables_ from a custom `.shell_aliases` like this: `export SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh`? * Add/remove or **update `~/.ssh/config`** if it doesn't exist. * Additional provision to add/remove future generic config file like above. * Permissions _and_ owner variable so I can update/fix permissions if aliases contain secrets at some point. ## Details I always need to add the same users to my servers but I don't want to add an `ubuntu` user to a _FreeBSD_ server. Nor do I want to add the default _FreeBSD AMI_ user; _"`ec2-user`"_, to an _Ubuntu_ server. _I want those default accounts to stay_, but _I still want to be able to update them_ like the other user accounts. I need a stand-alone adduser playbook that I run against existing servers and new servers. Hopefully it will work in a sort of declarative fashion. I want to be able to add and remove users and/or their variables from a list and run the playbook to match the list across all the hosts. For example: * I need to update all users on ~40 servers with the public key of their Yubikey. Use example pub keys I'll replace with the real ones. * And add `export SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh` to their `.bashrc`, _IF_ it's not already there. * I need to **fix the users shell** to use `SHELL=/bin/bash` if they are on **Ubuntu/debian** or `/bin/csh` if the playbook detects they are on FreeBSD and/or the ec2 tag is `freebsd`. _( ** Tags vs OS detection is your choice)_ List of users: `remember` `direct` `degree` `sand` `grief` `jam` `king` This is what I tried to work with but gave up trying to debug _my errors_: https://github.com/ANXS/generic-users I started to make [this little shell script](https://github.com/stationgroup/gpg-agent-forward ) to produce the `~/.ssh/config` I wanted each user to run. But I decided since I'll be doing things this way for a long long time I might as well make it part of my custom add user playbook. This playbook should add the `~/.ssh/config` to existing servers if it doesn't exist, or update the existing one to match the playbook. I don't know the best way to achieve what I want. Maybe the task will have a bunch of variable files for each user and I update the config files for each user and re-run the playbook to update across all the servers. --- I hope this makes sense.

vincentvdk commented 2018-08-11 12:40:23 +00:00 (Migrated from github.com)

Copy link

Hi, I'm helping @srgvg with this and have aquestion.

Could someone elaborate a bit on the ssh config? When I look at the shell script it looks like it's being used for a local config. How would this look like when configured on all targeted servers? Thanks

Hi, I'm helping @srgvg with this and have aquestion. Could someone elaborate a bit on the ssh config? When I look at the [shell script](https://github.com/stationgroup/gpg-agent-forward) it looks like it's being used for a local config. How would this look like when configured on all targeted servers? Thanks

reelsense commented 2018-08-12 09:30:20 +00:00 (Migrated from github.com)

Copy link

Hello again Vincent,

I would have a bunch of pre done configs that I would like the playbook
to distribute. If there is an existing config with a non-matching checksum
in the users account on the remote system I would like it move to a file
name with the date appended and a .bak extension.

The shell script ended up being a dead end. But someone might find it
useful so I published it anyway. The script produces a simple shortcut for
a user to ssh with agent forwarding enabled every time. Agent forwarding is
great for keeping ssh keys off remote servers in a ssh bastion server
scenario. I ssh to the bastion with forwarding, and then forward the key to
the next server from there. That basic config file is what I want to
distribute. So agent forwarding works for each user. That shell script
isn’t really important.

On Sat, Aug 11, 2018 at 05:40 Vincent Van der Kussen <
notifications@github.com> wrote:

Hi, I'm helping @srgvg https://github.com/srgvg with this and have
aquestion.

Could someone elaborate a bit on the ssh config? When I look at the shell
script https://github.com/stationgroup/gpg-agent-forward it looks like
it's being used for a local config. How would this look like when
configured on all targeted servers? Thanks

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
https://github.com/stationgroup/ansible-experiments/issues/9#issuecomment-412272623,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AFYisSCY-BbotyB_QnZO4EVbyD9tDLL4ks5uPtC3gaJpZM4VZbPR
.

Hello again Vincent, I would have a bunch of pre done configs that I would like the playbook to distribute. If there is an existing config with a non-matching checksum in the users account on the remote system I would like it move to a file name with the date appended and a .bak extension. The shell script ended up being a dead end. But someone might find it useful so I published it anyway. The script produces a simple shortcut for a user to ssh with agent forwarding enabled every time. Agent forwarding is great for keeping ssh keys off remote servers in a ssh bastion server scenario. I ssh to the bastion with forwarding, and then forward the key to the next server from there. That basic config file is what I want to distribute. So agent forwarding works for each user. That shell script isn’t really important. On Sat, Aug 11, 2018 at 05:40 Vincent Van der Kussen < notifications@github.com> wrote: > Hi, I'm helping @srgvg <https://github.com/srgvg> with this and have > aquestion. > > Could someone elaborate a bit on the ssh config? When I look at the shell > script <https://github.com/stationgroup/gpg-agent-forward> it looks like > it's being used for a local config. How would this look like when > configured on all targeted servers? Thanks > > — > You are receiving this because you authored the thread. > Reply to this email directly, view it on GitHub > <https://github.com/stationgroup/ansible-experiments/issues/9#issuecomment-412272623>, > or mute the thread > <https://github.com/notifications/unsubscribe-auth/AFYisSCY-BbotyB_QnZO4EVbyD9tDLL4ks5uPtC3gaJpZM4VZbPR> > . >

vincentvdk commented 2018-08-13 13:56:21 +00:00 (Migrated from github.com)

Copy link

Hi,
So basically you want to add lines to both ~/.ssh/config and ~/.bashrc or ~/.cshrc?

Hi, So basically you want to add lines to both `~/.ssh/config` and `~/.bashrc` or `~/.cshrc`?

reelsense commented 2018-08-13 14:14:10 +00:00 (Migrated from github.com)

Copy link

Ya. Basically.

I want to maintain the configs in my ansible playbook repo. So I can add and remove config options and rerun the playbook to update every users dot files. Same with the authorized_keys file.

On Aug 13, 2018, at 06:56, Vincent Van der Kussen notifications@github.com wrote:

Hi,
So basically you want to add lines to both ~/.ssh/config and ~/.bashrc or ~/.cshrc?

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or mute the thread.

Ya. Basically. I want to maintain the configs in my ansible playbook repo. So I can add and remove config options and rerun the playbook to update every users dot files. Same with the authorized_keys file. > On Aug 13, 2018, at 06:56, Vincent Van der Kussen <notifications@github.com> wrote: > > Hi, > So basically you want to add lines to both ~/.ssh/config and ~/.bashrc or ~/.cshrc? > > — > You are receiving this because you authored the thread. > Reply to this email directly, view it on GitHub, or mute the thread.

srgvg commented 2018-08-19 19:15:19 +00:00 (Migrated from github.com)

Copy link

Hi Bryan,

We prepared a first PR/MR for you, let us know what you think of it.

I noticed you migrated your repo to gitlab, just to be sure I prepared two
PR/MR for this, let us know on which repo's you want to move on.

• https://github.com/stationgroup/ansible-experiments/pull/10
• https://gitlab.com/stationgroup/ansible-experiments/merge_requests/6

Cheers,

Serge & Vincent

On 13 August 2018 at 16:14, Bryan Black notifications@github.com wrote:

Ya. Basically.

I want to maintain the configs in my ansible playbook repo. So I can add
and remove config options and rerun the playbook to update every users dot
files. Same with the authorized_keys file.

On Aug 13, 2018, at 06:56, Vincent Van der Kussen <
notifications@github.com> wrote:

Hi,
So basically you want to add lines to both ~/.ssh/config and ~/.bashrc
or ~/.cshrc?

—
You are receiving this because you authored the thread.

Reply to this email directly, view it on GitHub, or mute the thread.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/stationgroup/ansible-experiments/issues/9#issuecomment-412532675,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAXVH_AAmyDRPrbH6f8z81fibOCx2NeXks5uQYmygaJpZM4VZbPR
.

Hi Bryan, We prepared a first PR/MR for you, let us know what you think of it. I noticed you migrated your repo to gitlab, just to be sure I prepared two PR/MR for this, let us know on which repo's you want to move on. - https://github.com/stationgroup/ansible-experiments/pull/10 - https://gitlab.com/stationgroup/ansible-experiments/merge_requests/6 Cheers, Serge & Vincent On 13 August 2018 at 16:14, Bryan Black <notifications@github.com> wrote: > Ya. Basically. > > I want to maintain the configs in my ansible playbook repo. So I can add > and remove config options and rerun the playbook to update every users dot > files. Same with the authorized_keys file. > > > On Aug 13, 2018, at 06:56, Vincent Van der Kussen < > notifications@github.com> wrote: > > > > Hi, > > So basically you want to add lines to both ~/.ssh/config and ~/.bashrc > or ~/.cshrc? > > > > — > > You are receiving this because you authored the thread. > > > Reply to this email directly, view it on GitHub, or mute the thread. > > — > You are receiving this because you were mentioned. > Reply to this email directly, view it on GitHub > <https://github.com/stationgroup/ansible-experiments/issues/9#issuecomment-412532675>, > or mute the thread > <https://github.com/notifications/unsubscribe-auth/AAXVH_AAmyDRPrbH6f8z81fibOCx2NeXks5uQYmygaJpZM4VZbPR> > . >

reelsense commented 2018-08-19 19:34:49 +00:00 (Migrated from github.com)

Copy link

Thank you!

I’ll review it tomorrow at work. I know it says I moved to GitLab, but I’ll do the review in GitHub until I’m more familiar with the GitLab workflow.

On Aug 19, 2018, at 12:15, Serge van Ginderachter notifications@github.com wrote:

Hi Bryan,

We prepared a first PR/MR for you, let us know what you think of it.

I noticed you migrated your repo to gitlab, just to be sure I prepared two
PR/MR for this, let us know on which repo's you want to move on.

• https://github.com/stationgroup/ansible-experiments/pull/10
• https://gitlab.com/stationgroup/ansible-experiments/merge_requests/6

Cheers,

Serge & Vincent

On 13 August 2018 at 16:14, Bryan Black notifications@github.com wrote:

Ya. Basically.

I want to maintain the configs in my ansible playbook repo. So I can add
and remove config options and rerun the playbook to update every users dot
files. Same with the authorized_keys file.

On Aug 13, 2018, at 06:56, Vincent Van der Kussen <
notifications@github.com> wrote:

Hi,
So basically you want to add lines to both ~/.ssh/config and ~/.bashrc
or ~/.cshrc?

—
You are receiving this because you authored the thread.

Reply to this email directly, view it on GitHub, or mute the thread.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/stationgroup/ansible-experiments/issues/9#issuecomment-412532675,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAXVH_AAmyDRPrbH6f8z81fibOCx2NeXks5uQYmygaJpZM4VZbPR
.

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or mute the thread.

Thank you! I’ll review it tomorrow at work. I know it says I moved to GitLab, but I’ll do the review in GitHub until I’m more familiar with the GitLab workflow. > On Aug 19, 2018, at 12:15, Serge van Ginderachter <notifications@github.com> wrote: > > Hi Bryan, > > We prepared a first PR/MR for you, let us know what you think of it. > > I noticed you migrated your repo to gitlab, just to be sure I prepared two > PR/MR for this, let us know on which repo's you want to move on. > > > - https://github.com/stationgroup/ansible-experiments/pull/10 > - https://gitlab.com/stationgroup/ansible-experiments/merge_requests/6 > > > > Cheers, > > > Serge & Vincent > > > > On 13 August 2018 at 16:14, Bryan Black <notifications@github.com> wrote: > > > Ya. Basically. > > > > I want to maintain the configs in my ansible playbook repo. So I can add > > and remove config options and rerun the playbook to update every users dot > > files. Same with the authorized_keys file. > > > > > > > > > On Aug 13, 2018, at 06:56, Vincent Van der Kussen < > > notifications@github.com> wrote: > > > > > > Hi, > > > So basically you want to add lines to both ~/.ssh/config and ~/.bashrc > > or ~/.cshrc? > > > > > > — > > > You are receiving this because you authored the thread. > > > > > Reply to this email directly, view it on GitHub, or mute the thread. > > > > — > > You are receiving this because you were mentioned. > > Reply to this email directly, view it on GitHub > > <https://github.com/stationgroup/ansible-experiments/issues/9#issuecomment-412532675>, > > or mute the thread > > <https://github.com/notifications/unsubscribe-auth/AAXVH_AAmyDRPrbH6f8z81fibOCx2NeXks5uQYmygaJpZM4VZbPR> > > . > > > — > You are receiving this because you authored the thread. > Reply to this email directly, view it on GitHub, or mute the thread.

reelsense commented 2018-08-23 21:48:53 +00:00 (Migrated from github.com)

Copy link

This PR is fantastic. Despite the subjectivity of this project you did everything exactly how I wanted. I really appreciate how well you guys read my mind. Every time I thought I had a question, I thought "I should see if they explain this is the documentation before I ask them..." sure enough, the doc had the answer or referenced the solution.

I'm really grateful.

This PR is fantastic. Despite the subjectivity of this project you did everything exactly how I wanted. I really appreciate how well you guys read my mind. Every time I thought I had a question, I thought _"I should see if they explain this is the documentation before I ask them..."_ sure enough, the doc had the answer or referenced the solution. I'm really grateful.

reelsense commented 2018-08-23 21:59:30 +00:00 (Migrated from github.com)

Copy link

There is one user option that I didn't realize I will need a toggle for. I need to be able to turn a users custom sudoer file on and off individually. There are different methods to adding a user to sudo. The one we currently use on Ubuntu is adding a users sudoer file to /etc/sudoers.d/.

Example on Ubuntu:

vagrant@ubuntu3:~$ sudo cat /etc/sudoers.d/vagrant

vagrant ALL=(ALL) NOPASSWD:ALL

It looks like this method can work on FreeBSD as well: https://forums.freebsd.org/threads/sudoers-file-location-scripting-entries.60436/

Can you add an option for me to add/remove sudo for a user and place the sudoer file in the appropriate directory with the correct permission, based on whether it's Ubuntu or FreeBSD? Then I can add or revoke a users sudo across servers whether the user is on Ubuntu or FreeBSD.

There is one user option that I didn't realize I will need a toggle for. I need to be able to turn a users custom _sudoer_ file on and off individually. There are different methods to adding a user to `sudo`. The one we currently use on Ubuntu is adding a users sudoer file to `/etc/sudoers.d/`. Example on Ubuntu: `vagrant@ubuntu3:~$ sudo cat /etc/sudoers.d/vagrant` ``` vagrant ALL=(ALL) NOPASSWD:ALL ``` It looks like this method can work on FreeBSD as well: https://forums.freebsd.org/threads/sudoers-file-location-scripting-entries.60436/ Can you add an option for me to add/remove `sudo` for a user and place the sudoer file in the appropriate directory with the correct permission, based on whether it's Ubuntu or FreeBSD? Then I can add or revoke a users sudo across servers whether the user is on Ubuntu or FreeBSD.

reelsense commented 2018-09-02 11:08:47 +00:00 (Migrated from github.com)

Copy link

I did seem to hit a bug with the initial [GATHER FACTS] stage.

Maybe it's a dependency I'm missing on FreeBSD (10.0.0.219 aka lab3). I only did a pkg install sudo python to satisfy the dependencies.

 

(Click to expand -vvv console output)

Executing playbook site.yaml
1 plays in site.yaml

- Manage user configuration -
Gathering Facts...
<10.0.0.43> ESTABLISH SSH CONNECTION FOR USER: ubuntu
<10.0.0.43> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ubuntu -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/64b3290a6a 10.0.0.43 '/bin/sh -c '"'"'echo ~ubuntu && sleep 0'"'"''
<10.0.0.79> ESTABLISH SSH CONNECTION FOR USER: ubuntu
<10.0.0.79> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ubuntu -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/4ce48e5d3b 10.0.0.79 '/bin/sh -c '"'"'echo ~ubuntu && sleep 0'"'"''
<10.0.0.219> ESTABLISH SSH CONNECTION FOR USER: ec2-user
<10.0.0.219> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ec2-user -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/1df682868a 10.0.0.219 '/bin/sh -c '"'"'echo ~ec2-user && sleep 0'"'"''
<10.0.0.79> (0, '/home/ubuntu\n', '')
<10.0.0.79> ESTABLISH SSH CONNECTION FOR USER: ubuntu
<10.0.0.79> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ubuntu -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/4ce48e5d3b 10.0.0.79 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /home/ubuntu/.ansible/tmp/ansible-tmp-1535885638.64-109226280241970 `" && echo ansible-tmp-1535885638.64-109226280241970="` echo /home/ubuntu/.ansible/tmp/ansible-tmp-1535885638.64-109226280241970 `" ) && sleep 0'"'"''
<10.0.0.79> (0, 'ansible-tmp-1535885638.64-109226280241970=/home/ubuntu/.ansible/tmp/ansible-tmp-1535885638.64-109226280241970\n', '')
<10.0.0.219> (0, '/home/ec2-user\n', '')
<10.0.0.219> ESTABLISH SSH CONNECTION FOR USER: ec2-user
<10.0.0.219> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ec2-user -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/1df682868a 10.0.0.219 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /home/ec2-user/.ansible/tmp/ansible-tmp-1535885638.66-224377437392201 `" && echo ansible-tmp-1535885638.66-224377437392201="` echo /home/ec2-user/.ansible/tmp/ansible-tmp-1535885638.66-224377437392201 `" ) && sleep 0'"'"''
<10.0.0.219> (0, 'ansible-tmp-1535885638.66-224377437392201=/home/ec2-user/.ansible/tmp/ansible-tmp-1535885638.66-224377437392201\n', '')
<10.0.0.43> (0, '/home/ubuntu\n', '')
<10.0.0.43> ESTABLISH SSH CONNECTION FOR USER: ubuntu
<10.0.0.43> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ubuntu -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/64b3290a6a 10.0.0.43 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /home/ubuntu/.ansible/tmp/ansible-tmp-1535885638.63-223868975218887 `" && echo ansible-tmp-1535885638.63-223868975218887="` echo /home/ubuntu/.ansible/tmp/ansible-tmp-1535885638.63-223868975218887 `" ) && sleep 0'"'"''
<10.0.0.43> (0, 'ansible-tmp-1535885638.63-223868975218887=/home/ubuntu/.ansible/tmp/ansible-tmp-1535885638.63-223868975218887\n', '')
Using module file /usr/lib/python2.7/dist-packages/ansible/modules/system/setup.py
<10.0.0.79> PUT /home/ubuntu/.ansible/tmp/ansible-local-13021fJfPcK/tmpPp9zlN TO /home/ubuntu/.ansible/tmp/ansible-tmp-1535885638.64-109226280241970/setup.py
<10.0.0.79> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ubuntu -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/4ce48e5d3b '[10.0.0.79]'
Using module file /usr/lib/python2.7/dist-packages/ansible/modules/system/setup.py
Using module file /usr/lib/python2.7/dist-packages/ansible/modules/system/setup.py
<10.0.0.219> PUT /home/ubuntu/.ansible/tmp/ansible-local-13021fJfPcK/tmpz95CqP TO /home/ec2-user/.ansible/tmp/ansible-tmp-1535885638.66-224377437392201/setup.py
<10.0.0.219> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ec2-user -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/1df682868a '[10.0.0.219]'
<10.0.0.43> PUT /home/ubuntu/.ansible/tmp/ansible-local-13021fJfPcK/tmpw1wbsW TO /home/ubuntu/.ansible/tmp/ansible-tmp-1535885638.63-223868975218887/setup.py
<10.0.0.43> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ubuntu -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/64b3290a6a '[10.0.0.43]'
<10.0.0.79> (0, 'sftp> put /home/ubuntu/.ansible/tmp/ansible-local-13021fJfPcK/tmpPp9zlN /home/ubuntu/.ansible/tmp/ansible-tmp-1535885638.64-109226280241970/setup.py\n', '')
<10.0.0.79> ESTABLISH SSH CONNECTION FOR USER: ubuntu
<10.0.0.79> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ubuntu -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/4ce48e5d3b 10.0.0.79 '/bin/sh -c '"'"'chmod u+x /home/ubuntu/.ansible/tmp/ansible-tmp-1535885638.64-109226280241970/ /home/ubuntu/.ansible/tmp/ansible-tmp-1535885638.64-109226280241970/setup.py && sleep 0'"'"''
<10.0.0.219> (0, 'sftp> put /home/ubuntu/.ansible/tmp/ansible-local-13021fJfPcK/tmpz95CqP /home/ec2-user/.ansible/tmp/ansible-tmp-1535885638.66-224377437392201/setup.py\n', '')
<10.0.0.219> ESTABLISH SSH CONNECTION FOR USER: ec2-user
<10.0.0.219> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ec2-user -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/1df682868a 10.0.0.219 '/bin/sh -c '"'"'chmod u+x /home/ec2-user/.ansible/tmp/ansible-tmp-1535885638.66-224377437392201/ /home/ec2-user/.ansible/tmp/ansible-tmp-1535885638.66-224377437392201/setup.py && sleep 0'"'"''
<10.0.0.43> (0, 'sftp> put /home/ubuntu/.ansible/tmp/ansible-local-13021fJfPcK/tmpw1wbsW /home/ubuntu/.ansible/tmp/ansible-tmp-1535885638.63-223868975218887/setup.py\n', '')
<10.0.0.43> ESTABLISH SSH CONNECTION FOR USER: ubuntu
<10.0.0.43> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ubuntu -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/64b3290a6a 10.0.0.43 '/bin/sh -c '"'"'chmod u+x /home/ubuntu/.ansible/tmp/ansible-tmp-1535885638.63-223868975218887/ /home/ubuntu/.ansible/tmp/ansible-tmp-1535885638.63-223868975218887/setup.py && sleep 0'"'"''
<10.0.0.219> (0, '', '')
<10.0.0.219> ESTABLISH SSH CONNECTION FOR USER: ec2-user
<10.0.0.219> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ec2-user -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/1df682868a -tt 10.0.0.219 '/bin/sh -c '"'"'sudo -H -S -n -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-fnbzczdkmpduusbtdiwebeylucnseaed; /usr/local/bin/python /home/ec2-user/.ansible/tmp/ansible-tmp-1535885638.66-224377437392201/setup.py'"'"'"'"'"'"'"'"' && sleep 0'"'"''
<10.0.0.43> (0, '', '')
<10.0.0.43> ESTABLISH SSH CONNECTION FOR USER: ubuntu
<10.0.0.43> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ubuntu -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/64b3290a6a -tt 10.0.0.43 '/bin/sh -c '"'"'sudo -H -S -n -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-xdikddcndxpznqafybnqgiapaxwukvdp; /usr/bin/python3 /home/ubuntu/.ansible/tmp/ansible-tmp-1535885638.63-223868975218887/setup.py'"'"'"'"'"'"'"'"' && sleep 0'"'"''
<10.0.0.219> (1, 'sudo: a password is required\r\n', 'Shared connection to 10.0.0.219 closed.\r\n')
<10.0.0.219> ESTABLISH SSH CONNECTION FOR USER: ec2-user
<10.0.0.219> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ec2-user -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/1df682868a 10.0.0.219 '/bin/sh -c '"'"'rm -f -r /home/ec2-user/.ansible/tmp/ansible-tmp-1535885638.66-224377437392201/ > /dev/null 2>&1 && sleep 0'"'"''
Escalation succeeded
<10.0.0.219> (0, '', '')
  lab3 failed | msg: MODULE FAILURE

It's a generic FreeBSD 11 AMI from the AWS Marketplace in EC2. Maybe there is a dependency or something simple I'm missing. But it prevents me from progressing at all on FreeBSD.

The console log above is cropped to the point where FreeBSD fails. The rest of the playbook continues and works on Ubuntu.

I did seem to hit a bug with the initial `[GATHER FACTS]` stage. Maybe it's a dependency I'm missing on _FreeBSD_ _(`10.0.0.219` aka `lab3`)_. I only did a `pkg install sudo python` to satisfy the dependencies. <details>   <summary>(Click to expand -vvv console output)</summary> ```yaml Executing playbook site.yaml 1 plays in site.yaml - Manage user configuration - Gathering Facts... <10.0.0.43> ESTABLISH SSH CONNECTION FOR USER: ubuntu <10.0.0.43> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ubuntu -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/64b3290a6a 10.0.0.43 '/bin/sh -c '"'"'echo ~ubuntu && sleep 0'"'"'' <10.0.0.79> ESTABLISH SSH CONNECTION FOR USER: ubuntu <10.0.0.79> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ubuntu -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/4ce48e5d3b 10.0.0.79 '/bin/sh -c '"'"'echo ~ubuntu && sleep 0'"'"'' <10.0.0.219> ESTABLISH SSH CONNECTION FOR USER: ec2-user <10.0.0.219> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ec2-user -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/1df682868a 10.0.0.219 '/bin/sh -c '"'"'echo ~ec2-user && sleep 0'"'"'' <10.0.0.79> (0, '/home/ubuntu\n', '') <10.0.0.79> ESTABLISH SSH CONNECTION FOR USER: ubuntu <10.0.0.79> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ubuntu -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/4ce48e5d3b 10.0.0.79 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /home/ubuntu/.ansible/tmp/ansible-tmp-1535885638.64-109226280241970 `" && echo ansible-tmp-1535885638.64-109226280241970="` echo /home/ubuntu/.ansible/tmp/ansible-tmp-1535885638.64-109226280241970 `" ) && sleep 0'"'"'' <10.0.0.79> (0, 'ansible-tmp-1535885638.64-109226280241970=/home/ubuntu/.ansible/tmp/ansible-tmp-1535885638.64-109226280241970\n', '') <10.0.0.219> (0, '/home/ec2-user\n', '') <10.0.0.219> ESTABLISH SSH CONNECTION FOR USER: ec2-user <10.0.0.219> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ec2-user -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/1df682868a 10.0.0.219 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /home/ec2-user/.ansible/tmp/ansible-tmp-1535885638.66-224377437392201 `" && echo ansible-tmp-1535885638.66-224377437392201="` echo /home/ec2-user/.ansible/tmp/ansible-tmp-1535885638.66-224377437392201 `" ) && sleep 0'"'"'' <10.0.0.219> (0, 'ansible-tmp-1535885638.66-224377437392201=/home/ec2-user/.ansible/tmp/ansible-tmp-1535885638.66-224377437392201\n', '') <10.0.0.43> (0, '/home/ubuntu\n', '') <10.0.0.43> ESTABLISH SSH CONNECTION FOR USER: ubuntu <10.0.0.43> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ubuntu -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/64b3290a6a 10.0.0.43 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /home/ubuntu/.ansible/tmp/ansible-tmp-1535885638.63-223868975218887 `" && echo ansible-tmp-1535885638.63-223868975218887="` echo /home/ubuntu/.ansible/tmp/ansible-tmp-1535885638.63-223868975218887 `" ) && sleep 0'"'"'' <10.0.0.43> (0, 'ansible-tmp-1535885638.63-223868975218887=/home/ubuntu/.ansible/tmp/ansible-tmp-1535885638.63-223868975218887\n', '') Using module file /usr/lib/python2.7/dist-packages/ansible/modules/system/setup.py <10.0.0.79> PUT /home/ubuntu/.ansible/tmp/ansible-local-13021fJfPcK/tmpPp9zlN TO /home/ubuntu/.ansible/tmp/ansible-tmp-1535885638.64-109226280241970/setup.py <10.0.0.79> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ubuntu -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/4ce48e5d3b '[10.0.0.79]' Using module file /usr/lib/python2.7/dist-packages/ansible/modules/system/setup.py Using module file /usr/lib/python2.7/dist-packages/ansible/modules/system/setup.py <10.0.0.219> PUT /home/ubuntu/.ansible/tmp/ansible-local-13021fJfPcK/tmpz95CqP TO /home/ec2-user/.ansible/tmp/ansible-tmp-1535885638.66-224377437392201/setup.py <10.0.0.219> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ec2-user -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/1df682868a '[10.0.0.219]' <10.0.0.43> PUT /home/ubuntu/.ansible/tmp/ansible-local-13021fJfPcK/tmpw1wbsW TO /home/ubuntu/.ansible/tmp/ansible-tmp-1535885638.63-223868975218887/setup.py <10.0.0.43> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ubuntu -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/64b3290a6a '[10.0.0.43]' <10.0.0.79> (0, 'sftp> put /home/ubuntu/.ansible/tmp/ansible-local-13021fJfPcK/tmpPp9zlN /home/ubuntu/.ansible/tmp/ansible-tmp-1535885638.64-109226280241970/setup.py\n', '') <10.0.0.79> ESTABLISH SSH CONNECTION FOR USER: ubuntu <10.0.0.79> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ubuntu -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/4ce48e5d3b 10.0.0.79 '/bin/sh -c '"'"'chmod u+x /home/ubuntu/.ansible/tmp/ansible-tmp-1535885638.64-109226280241970/ /home/ubuntu/.ansible/tmp/ansible-tmp-1535885638.64-109226280241970/setup.py && sleep 0'"'"'' <10.0.0.219> (0, 'sftp> put /home/ubuntu/.ansible/tmp/ansible-local-13021fJfPcK/tmpz95CqP /home/ec2-user/.ansible/tmp/ansible-tmp-1535885638.66-224377437392201/setup.py\n', '') <10.0.0.219> ESTABLISH SSH CONNECTION FOR USER: ec2-user <10.0.0.219> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ec2-user -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/1df682868a 10.0.0.219 '/bin/sh -c '"'"'chmod u+x /home/ec2-user/.ansible/tmp/ansible-tmp-1535885638.66-224377437392201/ /home/ec2-user/.ansible/tmp/ansible-tmp-1535885638.66-224377437392201/setup.py && sleep 0'"'"'' <10.0.0.43> (0, 'sftp> put /home/ubuntu/.ansible/tmp/ansible-local-13021fJfPcK/tmpw1wbsW /home/ubuntu/.ansible/tmp/ansible-tmp-1535885638.63-223868975218887/setup.py\n', '') <10.0.0.43> ESTABLISH SSH CONNECTION FOR USER: ubuntu <10.0.0.43> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ubuntu -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/64b3290a6a 10.0.0.43 '/bin/sh -c '"'"'chmod u+x /home/ubuntu/.ansible/tmp/ansible-tmp-1535885638.63-223868975218887/ /home/ubuntu/.ansible/tmp/ansible-tmp-1535885638.63-223868975218887/setup.py && sleep 0'"'"'' <10.0.0.219> (0, '', '') <10.0.0.219> ESTABLISH SSH CONNECTION FOR USER: ec2-user <10.0.0.219> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ec2-user -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/1df682868a -tt 10.0.0.219 '/bin/sh -c '"'"'sudo -H -S -n -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-fnbzczdkmpduusbtdiwebeylucnseaed; /usr/local/bin/python /home/ec2-user/.ansible/tmp/ansible-tmp-1535885638.66-224377437392201/setup.py'"'"'"'"'"'"'"'"' && sleep 0'"'"'' <10.0.0.43> (0, '', '') <10.0.0.43> ESTABLISH SSH CONNECTION FOR USER: ubuntu <10.0.0.43> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ubuntu -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/64b3290a6a -tt 10.0.0.43 '/bin/sh -c '"'"'sudo -H -S -n -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-xdikddcndxpznqafybnqgiapaxwukvdp; /usr/bin/python3 /home/ubuntu/.ansible/tmp/ansible-tmp-1535885638.63-223868975218887/setup.py'"'"'"'"'"'"'"'"' && sleep 0'"'"'' <10.0.0.219> (1, 'sudo: a password is required\r\n', 'Shared connection to 10.0.0.219 closed.\r\n') <10.0.0.219> ESTABLISH SSH CONNECTION FOR USER: ec2-user <10.0.0.219> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ec2-user -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/1df682868a 10.0.0.219 '/bin/sh -c '"'"'rm -f -r /home/ec2-user/.ansible/tmp/ansible-tmp-1535885638.66-224377437392201/ > /dev/null 2>&1 && sleep 0'"'"'' Escalation succeeded <10.0.0.219> (0, '', '') lab3 failed | msg: MODULE FAILURE ``` </details> It's a generic FreeBSD 11 AMI from the _AWS Marketplace_ in _EC2_. Maybe there is a dependency or something simple I'm missing. But it prevents me from progressing at all on _FreeBSD_. The console log above is cropped to the point where FreeBSD fails. The rest of the playbook continues and works on Ubuntu.

vincentvdk commented 2018-09-02 12:51:25 +00:00 (Migrated from github.com)

Copy link

Hi,
I believe this is because the playbooks assume the remote user can become root via sudo. I just tested with a new BSD instance on AWS and got the same error. Using become_method: su solved this for me.
I tested initially with FreeBSD 11 which (not 100% sure because I might configured sude manually) allows the ec2-user passwordless sudo permissions.

How I tested with just the FreeBSD host.
---
- name: Manage user configuration
  # hosts: all
  hosts: 34.245.x.xx
  become_method: su
  # remote_user: root
  roles:
    - users
    - ssh-config

Hi, I believe this is because the playbooks assume the remote user can become root via sudo. I just tested with a new BSD instance on AWS and got the same error. Using `become_method: su` solved this for me. I tested initially with FreeBSD 11 which (not 100% sure because I might configured sude manually) allows the `ec2-user` passwordless sudo permissions. ``` How I tested with just the FreeBSD host. --- - name: Manage user configuration # hosts: all hosts: 34.245.x.xx become_method: su # remote_user: root roles: - users - ssh-config ```

reelsense commented 2018-09-02 19:10:14 +00:00 (Migrated from github.com)

Copy link

Oh ok. I encountered this earlier when I used part of base-setup.yml playbook from the ansible-experiments/package_updates project. I noticed become become_method=sudo in one of the ansible.cfg and change the method specifically for the FreeBSD tasks. So this instance has sudo installed because of base-setup.yml, but the ec2-user hasn't been configured for sudo, or password-less sudo yet. That makes more sense.

It's one of the small differences in FreeBSD between different VPS (EC2, Vultr, Digital Ocean) or even Vagrant.

---

7U635073SA163173U

Oh ok. I encountered this earlier when I used part of `base-setup.yml` playbook from the [ansible-experiments/package_updates](https://github.com/stationgroup/ansible-experiments/blob/master/package_updates/base-setup.yml) project. I noticed become `become_method=sudo` in one of the `ansible.cfg` and change the method specifically for the FreeBSD tasks. So this instance has `sudo` installed because of `base-setup.yml`, but the `ec2-user` hasn't been configured for `sudo`, or password-less sudo yet. That makes more sense. It's one of the small differences in FreeBSD between different VPS _(EC2, Vultr, Digital Ocean)_ or even _Vagrant_. --- `7U635073SA163173U`

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

No results found.

Labels

Clear labels   

bug

Something isn't working

  

duplicate

This issue or pull request already exists

  

enhancement

New feature or request

  

good first issue

Good for newcomers

  

help wanted

Extra attention is needed

  

invalid

This doesn't seem right

  

question

Further information is requested

  

todo

  

todo 🗒️

  

wontfix

This will not be worked on

No labels

bug

duplicate

enhancement

good first issue

help wanted

invalid

question

todo

todo 🗒️

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

stationgroup/ansible-experiments#9

No description provided.