Ansible troubleshooting - missing sudo password and incorrect sudo password

How to reproduce the fatal errors `missing sudo password` and `incorrect sudo password` and how to solve it!

November 8, 2021

Access the Complete Video Course and Learn Quick Ansible by 200+ Practical Lessons

#ansible #troubleshooting #missing #sudo #error #fatal

Today we’re going to talk about Ansible troubleshooting, specifically about missing sudo password and incorrect sudo password. I’m Luca Berton and welcome to today’s episode of Ansible Pilot.

The Best Resources For Ansible

Video Course

Udemy: Learn Ansible Automation in 250+examples & practical lessons: Learn Ansible with some real-life examples of how to use the most common modules and Ansible Playbook

Printed Book

eBooks

demo

The best way of talking about Ansible troubleshooting is to jump in a live demo to show you practically the missing sudo password and incorrect sudo password and how to solve it!

error code

missingsudopassword_error.yml

---
- name: debug module demo
  hosts: all
  become: true
  tasks:
    - name: root test
      ansible.builtin.debug:
        msg: "privilege escalation successful"

error execution


$ ansible-playbook -i demo/inventory troubleshooting/missingsudopassword_error.yml

PLAY [debug module demo] *********************************************************************************

TASK [Gathering Facts] ***********************************************************************************
fatal: [demo.example.com]: FAILED! => {"msg": "Missing sudo password"}

PLAY RECAP ***********************************************************************************************
demo.example.com           : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

troubleshoot

$ ansible-playbook --help
usage: ansible-playbook [-h] [--version] [-v] [-k] [--private-key PRIVATE_KEY_FILE] [-u REMOTE_USER]
[...]
Privilege Escalation Options:
control how and which user you become as on target hosts

--become-method BECOME_METHOD
privilege escalation method to use (default=sudo), use `ansible-doc -t become
-l` to list valid choices.
--become-user BECOME_USER
run operations as this user (default=root)
-K, --ask-become-pass
ask for privilege escalation password
-b, --become          run operations with become (does not imply password prompting)
ansible-pilot $ ansible-playbook -i demo/inventory troubleshooting/missingsudopassword_error.yml -bK
BECOME password:

PLAY [debug module demo] *********************************************************************************

TASK [Gathering Facts] ***********************************************************************************
fatal: [demo.example.com]: FAILED! => {"msg": "Incorrect sudo password"}

PLAY RECAP ***********************************************************************************************
demo.example.com           : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

verification

$ ssh [email protected]
Last login: Mon Nov  8 10:24:10 2021 from 192.168.43.5
[devops@demo ~]$ sudo su

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.

[sudo] password for devops:
Sorry, try again.
[sudo] password for devops:
Sorry, try again.
[sudo] password for devops:
sudo: 2 incorrect password attempts
[devops@demo ~]$ su -
Password:
Last login: Mon Nov  8 09:44:37 UTC 2021 on pts/0
[root@demo ~]# ls -al /etc/sudo
sudo.conf       sudoers         sudoers.d/      sudo-ldap.conf
[root@demo ~]# ls -al /etc/sudoers.d/
total 16
drwxr-x---.  2 root root   21 Nov  8 09:06 .
drwxr-xr-x. 87 root root 8192 Nov  8 09:14 ..
-r--r-----.  1 root root   45 Sep  1 00:19 vagrant
[root@demo ~]# vim /etc/sudoers.d/devops
[root@demo ~]# cat /etc/sudoers.d/devops
devops ALL=(ALL) NOPASSWD: ALL
[root@demo ~]# exit
logout
[devops@demo ~]$ whoami
devops
[devops@demo ~]$ sudo su
[root@demo devops]# whoami
root
[root@demo devops]# exit
exit
[devops@demo ~]$ exit
logout
Connection to demo.example.com closed.

fix

/etc/sudoers.d/devops

devops ALL=(ALL) NOPASSWD: ALL

fix execution


$ ansible-playbook -i demo/inventory troubleshooting/missingsudopassword_error.yml

PLAY [debug module demo] *********************************************************************************

TASK [Gathering Facts] ***********************************************************************************
ok: [demo.example.com]

TASK [root test] *****************************************************************************************
ok: [demo.example.com] => {
"msg": "privilege escalation successful"
}

PLAY RECAP ***********************************************************************************************
demo.example.com           : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

code with ❤️ in GitHub

Recap

Now you know how to troubleshoot themissing sudo password and incorrect sudo password fatal errors. Subscribe to the YouTube channel, Medium, Website, Twitter, and Substack to not miss the next episode of the Ansible Pilot.