Authenticate with testuser's password: THIS .. you had to authenticate .. the ansible playbook is also "waiting to authenticate" the sudo for testuser (become: true).
That is timing out because it expects to have sudo rights without requiring a password. Walter -- Walter Rowe, Division Chief Infrastructure Services, OISM Mobile: 202.355.4123 On Jan 23, 2023, at 7:20 AM, saravanan jothilingam <[email protected]> wrote: Hi, I get this output when I run 'sudo -l'. I used ansible_user=testuser in the host inventory file to connect to the remote server. testhost> sudo -l Subject to Corporate's Global Employee and Global Contingent Worker Privacy Notices (see https://employeecontent.Corporate.com/content/corp/Global_Employee_and_Global_Contingent_Worker_Privacy.html<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Femployeecontent.corporate.com%2Fcontent%2Fcorp%2FGlobal_Employee_and_Global_Contingent_Worker_Privacy.html&data=05%7C01%7Cwalter.rowe%40nist.gov%7C90ae18cfc9314b2d7d9208dafd3c5295%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638100732776461616%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=3%2Fgp3Q6JZXTeXFLr340VW9amNA71cez2wfsWn%2Bd94rQ%3D&reserved=0> ) all system access and delegated/privileged activity on the Corporate network may be logged for auditing and security purposes, including your username and commands used. Log records may be retained for up to 1 year. We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. Remember you may use 'sudo -l' to review a list of authorized commands. Authenticate with testuser's password: Matching Defaults entries for testuser on testhost: syslog=local3, !set_home, !targetpw, !insults, mailto=alert-sudo, !mail_always, ignore_dot, timestamp_timeout=5, listpw=always, !lecture_file, passprompt="Authenticate with %u's password: ", always_set_home, !env_reset, umask_override, !root_sudo, !tty_tickets, fqdn, listpw=always, env_delete+=USER_ITOOLS, env_delete+=PROJECT_ITOOLS, env_delete+=KRB5CCNAME, env_delete+=XAUTHORITY, lecture=always, lecture_file=/nfs/site/gen/adm/ec_global/sudo.lecture, passprompt="Authenticate with %u's password: ", always_set_home, !env_reset, umask_override, !root_sudo, !tty_tickets, fqdn, listpw=always, env_delete+=USER_ITOOLS, env_delete+=PROJECT_ITOOLS, env_delete+=KRB5CCNAME User testuser may run the following commands on testhost: (root) /usr/Corporate/bin/rootsh, /usr/Corporate/bin/rootsh2, /usr/Corporate/bin/rootsh1 (root) NOPASSWD: /usr/Corporate/common/pkgs/vas-helper/1.0/exe/*/idchange (root) NOPASSWD: /usr/Corporate/common/pkgs/vas-helper/1.0/bin/krb-helper (root) /bin/cat /var/log/messages, /usr/bin/cat /var/log/messages, /bin/dmesg (kerberostest) NOPASSWD: /usr/bin/sudo /bin/date, /usr/bin/sudo -l, /usr/Corporate/bin/sudo /bin/date, /usr/Corporate/bin/sudo -l (root) NOPASSWD: /nfs/iil/gen/adm/netbatch/util/nbconfig/nbconfig (root) NOPASSWD: /nfs/iil/gen/adm/nbtools/bin/nblock.pl<https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fnblock.pl%2F&data=05%7C01%7Cwalter.rowe%40nist.gov%7C90ae18cfc9314b2d7d9208dafd3c5295%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638100732776461616%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2B%2BkHUc82PzFnmGcYW1AWu4Ii6IRiVxdrHlG2yNoGg2A%3D&reserved=0> (root) NOPASSWD: /nfs/iil/local/common/bin/lsdir.amd (root) NOPASSWD: /usr/local/common/bin/lsdir.amd (profusr) NOPASSWD: /nfs/site/gen/itec/profiling/utils/profiler/profiler_post, /nfs/site/gen/itec/profiling/utils/profiler/benchmarking_post (root) NOPASSWD: /usr/Corporate/common/pkgs/acctusers/CURRENT/bin/acctusers (root) NOPASSWD: /usr/Corporate/common/pkgs/acctusers/1.1/bin/acctusers (root) /nfs/site/gen/adm/ec_global/customerSudo/SLES12SP2upgrader.sh (root) NOPASSWD: /nfs/site/gen/adm/emulation/Global/scripts/virt_modules/startVirt.sh, /p/emulation/virt_modules/startVirt.sh, /p/emulation/virt_modules/start_virt (root) NOPASSWD: /usr/Corporate/common/pkgs/vas-helper/1.0/bin/krb-helper (root) NOPASSWD: /usr/Corporate/common/pkgs/vas-helper/1.0/exe/*/idchange testhost> On Mon, Jan 23, 2023 at 5:25 PM Todd Lewis <[email protected]<mailto:[email protected]>> wrote: What's the output from sudo -l on that host (as per the task "Get current user on remote" message)? On 1/23/23 1:10 AM, saravanan jothilingam wrote: No luck :-( I tried this use case with 2 attempts. For both the cases, the password is not taken at the ansible playbook execution time. i get the below error msg. Note - In the ansible.cfg, i have set timeout = 300. Are there any extra parameters which I need to set here ? Attempt-1: cat testroot.yaml --- - hosts: '{{ host }}' gather_facts: yes tasks: - name: Get current user on remote ansible.builtin.shell: | whoami become: true register: out - debug: msg: "{{ out }}" vmansible01:/home/testuser/access_audit_automation_jan172023 # ansible-playbook -i hosts testroot.yaml -e "host=hostname.corp.domain.com<https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fhostname.corp.domain.com%2F&data=05%7C01%7Cwalter.rowe%40nist.gov%7C90ae18cfc9314b2d7d9208dafd3c5295%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638100732776461616%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=k%2BsOegsjI%2FkXvTazFfnkUpn5paozekqipPjqcAaRB9Y%3D&reserved=0>" --ask-become-pass -k [DEPRECATION WARNING]: Ansible will require Python 3.8 or newer on the controller starting with Ansible 2.12. Current version: 3.6.15 (default, Sep 15 2021, 14:20:42) [GCC]. This feature will be removed from ansible-core in version 2.12. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. SSH password: BECOME password[defaults to SSH password]: PLAY [hostname.corp.domain.com<https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fhostname.corp.domain.com%2F&data=05%7C01%7Cwalter.rowe%40nist.gov%7C90ae18cfc9314b2d7d9208dafd3c5295%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638100732776461616%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=k%2BsOegsjI%2FkXvTazFfnkUpn5paozekqipPjqcAaRB9Y%3D&reserved=0>] ************************************************************************************************ TASK [Gathering Facts] ****************************************************************************************************** [WARNING]: Platform linux on host hostname.corp.domain.com<https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fhostname.corp.domain.com%2F&data=05%7C01%7Cwalter.rowe%40nist.gov%7C90ae18cfc9314b2d7d9208dafd3c5295%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638100732776461616%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=k%2BsOegsjI%2FkXvTazFfnkUpn5paozekqipPjqcAaRB9Y%3D&reserved=0> is using the discovered Python interpreter at /usr/bin/python, but future installation of another Python interpreter could change the meaning of that path. See https://docs.ansible.com/ansible-core/2.11/reference_appendices/interpreter_discovery.html<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.ansible.com%2Fansible-core%2F2.11%2Freference_appendices%2Finterpreter_discovery.html&data=05%7C01%7Cwalter.rowe%40nist.gov%7C90ae18cfc9314b2d7d9208dafd3c5295%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638100732776461616%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Vson5jDECDsxc4gh9q7GSl2LtEsgP02QoVmqpVhJOJU%3D&reserved=0> for more information. ok: [hostname.corp.domain.com<https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fhostname.corp.domain.com%2F&data=05%7C01%7Cwalter.rowe%40nist.gov%7C90ae18cfc9314b2d7d9208dafd3c5295%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638100732776461616%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=k%2BsOegsjI%2FkXvTazFfnkUpn5paozekqipPjqcAaRB9Y%3D&reserved=0>] TASK [Get current user on remote] ******************************************************************************************* fatal: [hostname.corp.domain.com<https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fhostname.corp.domain.com%2F&data=05%7C01%7Cwalter.rowe%40nist.gov%7C90ae18cfc9314b2d7d9208dafd3c5295%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638100732776461616%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=k%2BsOegsjI%2FkXvTazFfnkUpn5paozekqipPjqcAaRB9Y%3D&reserved=0>]: FAILED! => {"changed": false, "module_stderr": "Shared connection to hostname.corp.domain.com<https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fhostname.corp.domain.com%2F&data=05%7C01%7Cwalter.rowe%40nist.gov%7C90ae18cfc9314b2d7d9208dafd3c5295%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638100732776461616%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=k%2BsOegsjI%2FkXvTazFfnkUpn5paozekqipPjqcAaRB9Y%3D&reserved=0> closed.\r\n", "module_stdout": "Subject to Corp's Global Employee and Global Contingent Worker Privacy Notices\r\n(see https://employeecontent.corp.com/content/corp/Global_Employee_and_Global_Contingent_Worker_Privacy.html<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Femployeecontent.corp.com%2Fcontent%2Fcorp%2FGlobal_Employee_and_Global_Contingent_Worker_Privacy.html&data=05%7C01%7Cwalter.rowe%40nist.gov%7C90ae18cfc9314b2d7d9208dafd3c5295%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638100732776461616%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=CgErwXeSjtdmv061qw32NZWg7DxZn9gQhoAbEqBaGos%3D&reserved=0> )\r\nall system access and delegated/privileged activity on the Corp network\r\nmay be logged for auditing and security purposes, including your username \r\nand commands used. Log records may be retained for up to 1 year.\r\n\r\nWe trust you have received the usual lecture from the local System\r\nAdministrator. It usually boils down to these three things:\r\n\r\n #1) Respect the privacy of others.\r\n #2) Think before you type.\r\n #3) With great power comes great responsibility.\r\n\r\nRemember you may use 'sudo -l' to review a list of authorized commands.\r\n\r\n\r\n", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1} PLAY RECAP ****************************************************************************************************************** hostname.corp.domain.com<https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fhostname.corp.domain.com%2F&data=05%7C01%7Cwalter.rowe%40nist.gov%7C90ae18cfc9314b2d7d9208dafd3c5295%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638100732776461616%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=k%2BsOegsjI%2FkXvTazFfnkUpn5paozekqipPjqcAaRB9Y%3D&reserved=0> : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Attempt-2: --- - hosts: '{{ host }}' gather_facts: yes tasks: - name: Get current user on remote ansible.builtin.shell: | whoami become: true become_method: sudo become_exe: "sudo rootsh" become_flags: -i register: out - debug: msg: "{{ out }}" ansible-playbook -i hosts testroot.yaml -e "host=hostname.corp.domain.com<https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fhostname.corp.domain.com%2F&data=05%7C01%7Cwalter.rowe%40nist.gov%7C90ae18cfc9314b2d7d9208dafd3c5295%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638100732776461616%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=k%2BsOegsjI%2FkXvTazFfnkUpn5paozekqipPjqcAaRB9Y%3D&reserved=0>" --ask-become-pass -k [DEPRECATION WARNING]: Ansible will require Python 3.8 or newer on the controller starting with Ansible 2.12. Current version: 3.6.15 (default, Sep 15 2021, 14:20:42) [GCC]. This feature will be removed from ansible-core in version 2.12. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. SSH password: BECOME password[defaults to SSH password]: PLAY [hostname.corp.domain.com<https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fhostname.corp.domain.com%2F&data=05%7C01%7Cwalter.rowe%40nist.gov%7C90ae18cfc9314b2d7d9208dafd3c5295%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638100732776461616%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=k%2BsOegsjI%2FkXvTazFfnkUpn5paozekqipPjqcAaRB9Y%3D&reserved=0>] ************************************************************************************************ TASK [Get current user on remote] ******************************************************************************************* fatal: [hostname.corp.domain.com<https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fhostname.corp.domain.com%2F&data=05%7C01%7Cwalter.rowe%40nist.gov%7C90ae18cfc9314b2d7d9208dafd3c5295%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638100732776461616%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=k%2BsOegsjI%2FkXvTazFfnkUpn5paozekqipPjqcAaRB9Y%3D&reserved=0>]: FAILED! => {"changed": false, "module_stderr": "Shared connection to hostname.corp.domain.com<https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fhostname.corp.domain.com%2F&data=05%7C01%7Cwalter.rowe%40nist.gov%7C90ae18cfc9314b2d7d9208dafd3c5295%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638100732776461616%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=k%2BsOegsjI%2FkXvTazFfnkUpn5paozekqipPjqcAaRB9Y%3D&reserved=0> closed.\r\n", "module_stdout": "Subject to Corp's Global Employee and Global Contingent Worker Privacy Notices\r\n(see https://employeecontent.corp.com/content/corp/Global_Employee_and_Global_Contingent_Worker_Privacy.html<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Femployeecontent.corp.com%2Fcontent%2Fcorp%2FGlobal_Employee_and_Global_Contingent_Worker_Privacy.html&data=05%7C01%7Cwalter.rowe%40nist.gov%7C90ae18cfc9314b2d7d9208dafd3c5295%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638100732776461616%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=CgErwXeSjtdmv061qw32NZWg7DxZn9gQhoAbEqBaGos%3D&reserved=0> )\r\nall system access and delegated/privileged activity on the Corp network\r\nmay be logged for auditing and security purposes, including your username \r\nand commands used. Log records may be retained for up to 1 year.\r\n\r\nWe trust you have received the usual lecture from the local System\r\nAdministrator. It usually boils down to these three things:\r\n\r\n #1) Respect the privacy of others.\r\n #2) Think before you type.\r\n #3) With great power comes great responsibility.\r\n\r\nRemember you may use 'sudo -l' to review a list of authorized commands.\r\n\r\nAuthenticate with testuser's password: \r\nsudo: timed out reading password\r\n", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1} PLAY RECAP ****************************************************************************************************************** hostname.corp.domain.com<https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fhostname.corp.domain.com%2F&data=05%7C01%7Cwalter.rowe%40nist.gov%7C90ae18cfc9314b2d7d9208dafd3c5295%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638100732776617783%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=xUXxkclz%2Fdrr5Yizl%2FHreg3QDfU7l%2FdhRh0Pld8%2BClY%3D&reserved=0> : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0 On Fri, Jan 20, 2023 at 7:17 PM 'Rowe, Walter P. (Fed)' via Ansible Project <[email protected]<mailto:[email protected]>> wrote: Try leaving off become_exe. If you can run sudo rootsh then your task can use sudo. When you run sudo rootsh at a command prompt does it ask for your password? If so, the ansible task also will have to respond to a password prompt. That is causing your timeout. Walter -- Walter Rowe, Division Chief Infrastructure Services, OISM Mobile: 202.355.4123 On Jan 20, 2023, at 8:31 AM, saravanan jothilingam <[email protected]<mailto:[email protected]>> wrote: Thanks for your input. In the remote machine, i dont have any permission to edit any files under /etc. In this case, how to achieve the remote node execution using 'sudo rootsh' cmd. On Fri, Jan 20, 2023 at 6:33 PM 'Rowe, Walter P. (Fed)' via Ansible Project <[email protected]<mailto:[email protected]>> wrote: In ansible if you have become: true on a task, that task will run with elevated privileges. On Linux the default is to try sudo. You don't need to specify become_exe. Any command given to your shell task will run in a root privileged shell. The user ID you run the playbook as must have login access to the remote system and sudo privilege on the remote system via /etc/sudoers or a file in /etc/sudoers.d. In our environment we have some common files we populate in /etc/sudoers.d based on server function. For example, all servers we manage have a server mgmt id we use for remote mgmt and a special group for our own user IDs when we remote into those machines. We place a file in /etc/sudoers.d that grants our mgmt ID and mgmt group the rights we need. For all database servers our DBA group requires some privileges so we add an /etc/sudoers.d/dba file that controls their privileged access for members of the DBA group members. In your testroot.yaml file you can remove the become_exe line. testroot.yaml --- - hosts: '{{ host }}' gather_facts: yes tasks: - name: Get current user on remote ansible.builtin.shell: | whoami become: true register: out - debug: msg: "{{ out }}" Next you need to make sure your user ID that makes the connection to the remote machine has sudo access that does not require a password. I imagine your sudo command was waiting on a response to a password prompt that was never going to be answered. Walter -- Walter Rowe, Division Chief Infrastructure Services, OISM Mobile: 202.355.4123 On Jan 20, 2023, at 1:40 AM, saravanan jothilingam <[email protected]<mailto:[email protected]>> wrote: Any update on this? On Thu, Jan 19, 2023 at 8:05 PM saravanan jothilingam <[email protected]<mailto:[email protected]>> wrote: Hi, I am a novice to ansible and am practising to get more hands-on. I am trying one usecase where I need to connect to a remote SLES12 linux server using my id and then switch to root user and execute some tasks. While switching over to root user (cmd: sudo rootsh), it prompts for a root password. When I run this usecase using ansible playbook, it gives the below error. Could you please let me know what would be correct/valid directives (become_*) that I need to use to run the cmd using root user. Appreciate your help. I wrote this playboo testroot.yaml --- - hosts: '{{ host }}' gather_facts: yes tasks: - name: Get current user on remote ansible.builtin.shell: | whoami become: true become_exe: "sudo rootsh" register: out - debug: msg: "{{ out }}" ansible-playbook -i hosts testroot.yaml -e "host=host.iil.corp.com<https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fhost.iil.corp.com%2F&data=05%7C01%7Cwalter.rowe%40nist.gov%7C90ae18cfc9314b2d7d9208dafd3c5295%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638100732776617783%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=CSSrvENPJ9PkfbgDEMmtgygo1eKEeV9IG20kui8QcF4%3D&reserved=0>" --ask-become-pass -k [DEPRECATION WARNING]: Ansible will require Python 3.8 or newer on the controller starting with Ansible 2.12. Current version: 3.6.15 (default, Sep 15 2021, 14:20:42) [GCC]. This feature will be removed from ansible-core in version 2.12. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. SSH password: BECOME password[defaults to SSH password]: PLAY [host.iil.corp.com<https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fhost.iil.corp.com%2F&data=05%7C01%7Cwalter.rowe%40nist.gov%7C90ae18cfc9314b2d7d9208dafd3c5295%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638100732776617783%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=CSSrvENPJ9PkfbgDEMmtgygo1eKEeV9IG20kui8QcF4%3D&reserved=0>] ******************************************************************************************************************************************************************************** TASK [Get current user on remote] *************************************************************************************************************************************************************************** fatal: [host.iil.corp.com<https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fhost.iil.corp.com%2F&data=05%7C01%7Cwalter.rowe%40nist.gov%7C90ae18cfc9314b2d7d9208dafd3c5295%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638100732776617783%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=CSSrvENPJ9PkfbgDEMmtgygo1eKEeV9IG20kui8QcF4%3D&reserved=0>]: FAILED! => {"msg": "Timeout (12s) waiting for privilege escalation prompt: Subject to Company's Global Employee and Global Contingent Worker Privacy Notices\r\n(see https://employeecontent.corp.com/content/corp/Global_Employee_and_Global_Contingent_Worker_Privacy.html<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Femployeecontent.corp.com%2Fcontent%2Fcorp%2FGlobal_Employee_and_Global_Contingent_Worker_Privacy.html&data=05%7C01%7Cwalter.rowe%40nist.gov%7C90ae18cfc9314b2d7d9208dafd3c5295%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638100732776617783%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2FwpoqDSnFcvPz3YGxU325XHCh10Jj%2FAw%2FVU8F3Z8xtg%3D&reserved=0> )\r\nall system access and delegated/privileged activity on the corp network\r\nmay be logged for auditing and security purposes, including your username \r\nand commands used. Log records may be retained for up to 1 year.\r\n\r\nWe trust you have received the usual lecture from the local System\r\nAdministrator. It usually boils down to these three things:\r\n\r\n #1) Respect the privacy of others.\r\n #2) Think before you type.\r\n #3) With great power comes great responsibility.\r\n\r\nRemember you may use 'sudo -l' to review a list of authorized commands.\r\n\r\n"} PLAY RECAP ************************************************************************************************************************************************************************************************** host.iil.corp.com<https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fhost.iil.corp.com%2F&data=05%7C01%7Cwalter.rowe%40nist.gov%7C90ae18cfc9314b2d7d9208dafd3c5295%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638100732776617783%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=CSSrvENPJ9PkfbgDEMmtgygo1eKEeV9IG20kui8QcF4%3D&reserved=0> : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0 -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAE7H9qq05ZQ1YcytQQSQmTo_fn0Wo8UAN97WL5iNKtfVSo-uuQ%40mail.gmail.com<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2FCAE7H9qq05ZQ1YcytQQSQmTo_fn0Wo8UAN97WL5iNKtfVSo-uuQ%2540mail.gmail.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=05%7C01%7Cwalter.rowe%40nist.gov%7C90ae18cfc9314b2d7d9208dafd3c5295%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638100732776617783%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=SxoJ%2BRJMjZihfIKMXghBSJVJJB4DEqM7V%2FU%2BTHU9XZI%3D&reserved=0>. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/2F9FE7FD-B3CD-4E16-8CCD-44A6298F5825%40nist.gov<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2F2F9FE7FD-B3CD-4E16-8CCD-44A6298F5825%2540nist.gov%3Futm_medium%3Demail%26utm_source%3Dfooter&data=05%7C01%7Cwalter.rowe%40nist.gov%7C90ae18cfc9314b2d7d9208dafd3c5295%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638100732776617783%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=F37EFp4WVYdcQEl1tEbuItgZsxLL0j88tUFC1PGzuLs%3D&reserved=0>. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAE7H9qry8T6%2Bc3TE%3D8KiyU6E7Ooh1wAKgGzLztq3EGzsKijDKg%40mail.gmail.com<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2FCAE7H9qry8T6%252Bc3TE%253D8KiyU6E7Ooh1wAKgGzLztq3EGzsKijDKg%2540mail.gmail.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=05%7C01%7Cwalter.rowe%40nist.gov%7C90ae18cfc9314b2d7d9208dafd3c5295%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638100732776617783%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2BZga7AUnfQAsxT0xKSwMGp5qC3KCv0wixMzp9o4FR1g%3D&reserved=0>. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/B0AE6100-8F2D-43C7-A857-144EE740C535%40nist.gov<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2FB0AE6100-8F2D-43C7-A857-144EE740C535%2540nist.gov%3Futm_medium%3Demail%26utm_source%3Dfooter&data=05%7C01%7Cwalter.rowe%40nist.gov%7C90ae18cfc9314b2d7d9208dafd3c5295%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638100732776617783%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=FJ46qEH0n4PIv9m7iSn7Jxv85khcc87jdM2TUP2pR8c%3D&reserved=0>. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAE7H9qrQZGwNC1zEViaDkP5BX%3DcZRaZAoERTfUnyOuC3K6FJ5A%40mail.gmail.com<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2FCAE7H9qrQZGwNC1zEViaDkP5BX%253DcZRaZAoERTfUnyOuC3K6FJ5A%2540mail.gmail.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=05%7C01%7Cwalter.rowe%40nist.gov%7C90ae18cfc9314b2d7d9208dafd3c5295%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638100732776617783%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=SsBJNpvG40Eh64b8suzXRwsQd1TmLeFX7VbzuQ%2Fzg2U%3D&reserved=0>. -- Todd -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/5dc01924-a818-f2cd-fee7-8f91c4350b37%40gmail.com<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2F5dc01924-a818-f2cd-fee7-8f91c4350b37%2540gmail.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=05%7C01%7Cwalter.rowe%40nist.gov%7C90ae18cfc9314b2d7d9208dafd3c5295%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638100732776617783%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=7AYm9TAxtc5GggnLG%2B%2F6BwPb59%2FcWXJVNs%2B4sAhc1Hc%3D&reserved=0>. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAE7H9qqocg3-fz0t0KL6SUc%3Dgd4vhaxmTO%3DtkKLcUH9rjnrBkg%40mail.gmail.com<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fansible-project%2FCAE7H9qqocg3-fz0t0KL6SUc%253Dgd4vhaxmTO%253DtkKLcUH9rjnrBkg%2540mail.gmail.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=05%7C01%7Cwalter.rowe%40nist.gov%7C90ae18cfc9314b2d7d9208dafd3c5295%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C638100732776617783%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=MMVRKmrC%2B5KSR3rhRIvMPlfmayos2i3qwibyXZRy6%2FQ%3D&reserved=0>. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/E252445D-0709-42AF-9E0F-4CF63959CE47%40nist.gov.
