Ansible troubleshooting - missing sudo password and incorrect sudo password
How to reproduce the fatal errors `missing sudo password` and `incorrect sudo password` and how to solve it!
November 8, 2021
Today we’re going to talk about Ansible troubleshooting, specifically about missing sudo password and incorrect sudo password. I’m Luca Berton and welcome to today’s episode of Ansible Pilot.
The Best Resources For Ansible
Video Course
Printed Book
eBooks
- Ansible by Examples: 200+ Automation Examples For Linux and Windows System Administrator and DevOps
- Ansible For Windows By Examples: 50+ Automation Examples For Windows System Administrator And DevOps
- Ansible For Linux by Examples: 100+ Automation Examples For Linux System Administrator and DevOps
- Ansible Linux Filesystem By Examples: 40+ Automation Examples on Linux File and Directory Operation for Modern IT Infrastructure
- Ansible For Containers and Kubernetes By Examples: 20+ Automation Examples To Automate Containers, Kubernetes and OpenShift
- Ansible For Security by Examples: 100+ Automation Examples to Automate Security and Verify Compliance for IT Modern Infrastructure
- Ansible Tips and Tricks: 10+ Ansible Examples to Save Time and Automate More Tasks
- Ansible Linux Users & Groups By Examples: 20+ Automation Examples on Linux Users and Groups Operation for Modern IT Infrastructure
- Ansible For PostgreSQL by Examples: 10+ Examples To Automate Your PostgreSQL database
- Ansible For Amazon Web Services AWS By Examples: 10+ Examples To Automate Your AWS Modern Infrastructure
demo
The best way of talking about Ansible troubleshooting is to jump in a live demo to show you practically the missing sudo password and incorrect sudo password and how to solve it!
error code
- missingsudopassword_error.yml
---
- name: debug module demo
hosts: all
become: true
tasks:
- name: root test
ansible.builtin.debug:
msg: "privilege escalation successful"
error execution
$ ansible-playbook -i demo/inventory troubleshooting/missingsudopassword_error.yml
PLAY [debug module demo] *********************************************************************************
TASK [Gathering Facts] ***********************************************************************************
fatal: [demo.example.com]: FAILED! => {"msg": "Missing sudo password"}
PLAY RECAP ***********************************************************************************************
demo.example.com : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
troubleshoot
$ ansible-playbook --help
usage: ansible-playbook [-h] [--version] [-v] [-k] [--private-key PRIVATE_KEY_FILE] [-u REMOTE_USER]
[...]
Privilege Escalation Options:
control how and which user you become as on target hosts
--become-method BECOME_METHOD
privilege escalation method to use (default=sudo), use `ansible-doc -t become
-l` to list valid choices.
--become-user BECOME_USER
run operations as this user (default=root)
-K, --ask-become-pass
ask for privilege escalation password
-b, --become run operations with become (does not imply password prompting)
ansible-pilot $ ansible-playbook -i demo/inventory troubleshooting/missingsudopassword_error.yml -bK
BECOME password:
PLAY [debug module demo] *********************************************************************************
TASK [Gathering Facts] ***********************************************************************************
fatal: [demo.example.com]: FAILED! => {"msg": "Incorrect sudo password"}
PLAY RECAP ***********************************************************************************************
demo.example.com : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
verification
$ ssh [email protected]
Last login: Mon Nov 8 10:24:10 2021 from 192.168.43.5
[[email protected] ~]$ sudo su
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for devops:
Sorry, try again.
[sudo] password for devops:
Sorry, try again.
[sudo] password for devops:
sudo: 2 incorrect password attempts
[[email protected] ~]$ su -
Password:
Last login: Mon Nov 8 09:44:37 UTC 2021 on pts/0
[[email protected] ~]# ls -al /etc/sudo
sudo.conf sudoers sudoers.d/ sudo-ldap.conf
[[email protected] ~]# ls -al /etc/sudoers.d/
total 16
drwxr-x---. 2 root root 21 Nov 8 09:06 .
drwxr-xr-x. 87 root root 8192 Nov 8 09:14 ..
-r--r-----. 1 root root 45 Sep 1 00:19 vagrant
[[email protected] ~]# vim /etc/sudoers.d/devops
[[email protected] ~]# cat /etc/sudoers.d/devops
devops ALL=(ALL) NOPASSWD: ALL
[[email protected] ~]# exit
logout
[[email protected] ~]$ whoami
devops
[[email protected] ~]$ sudo su
[[email protected] devops]# whoami
root
[[email protected] devops]# exit
exit
[[email protected] ~]$ exit
logout
Connection to demo.example.com closed.
fix
- /etc/sudoers.d/devops
devops ALL=(ALL) NOPASSWD: ALL
fix execution
$ ansible-playbook -i demo/inventory troubleshooting/missingsudopassword_error.yml
PLAY [debug module demo] *********************************************************************************
TASK [Gathering Facts] ***********************************************************************************
ok: [demo.example.com]
TASK [root test] *****************************************************************************************
ok: [demo.example.com] => {
"msg": "privilege escalation successful"
}
PLAY RECAP ***********************************************************************************************
demo.example.com : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Recap
Now you know how to troubleshoot themissing sudo password and incorrect sudo password fatal errors.
Subscribe to the YouTube channel, Medium, Website, Twitter, and Substack to not miss the next episode of the Ansible Pilot.
Academy
Learn the Ansible automation technology with some real-life examples in my
My book Ansible By Examples: 200+ Automation Examples For Linux and Windows System Administrator and DevOps
Donate
Want to keep this project going? Please donate
