Ansible Pilot

Ansible troubleshooting - missing sudo password and incorrect sudo password

Access the Complete Video Course and Learn Quick Ansible by 200+ Practical Lessons

How to reproduce the fatal errors `missing sudo password` and `incorrect sudo password` and how to solve it!

Today we’re going to talk about Ansible troubleshooting, specifically about missing sudo password and incorrect sudo password. I’m Luca Berton and welcome to today’s episode of Ansible Pilot.

demo

The best way of talking about Ansible troubleshooting is to jump in a live demo to show you practically the missing sudo password and incorrect sudo password and how to solve it!

error code

---
- name: debug module demo
  hosts: all
  become: true
  tasks:
    - name: root test
      ansible.builtin.debug:
        msg: "privilege escalation successful"

error execution


$ ansible-playbook -i demo/inventory troubleshooting/missingsudopassword_error.yml

PLAY [debug module demo] *********************************************************************************

TASK [Gathering Facts] ***********************************************************************************
fatal: [demo.example.com]: FAILED! => {"msg": "Missing sudo password"}

PLAY RECAP ***********************************************************************************************
demo.example.com           : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

troubleshoot

$ ansible-playbook --help
usage: ansible-playbook [-h] [--version] [-v] [-k] [--private-key PRIVATE_KEY_FILE] [-u REMOTE_USER]
[...]
Privilege Escalation Options:
control how and which user you become as on target hosts

--become-method BECOME_METHOD
privilege escalation method to use (default=sudo), use `ansible-doc -t become
-l` to list valid choices.
--become-user BECOME_USER
run operations as this user (default=root)
-K, --ask-become-pass
ask for privilege escalation password
-b, --become          run operations with become (does not imply password prompting)
ansible-pilot $ ansible-playbook -i demo/inventory troubleshooting/missingsudopassword_error.yml -bK
BECOME password:

PLAY [debug module demo] *********************************************************************************

TASK [Gathering Facts] ***********************************************************************************
fatal: [demo.example.com]: FAILED! => {"msg": "Incorrect sudo password"}

PLAY RECAP ***********************************************************************************************
demo.example.com           : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

verification

$ ssh [email protected]
Last login: Mon Nov  8 10:24:10 2021 from 192.168.43.5
[[email protected] ~]$ sudo su

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.

[sudo] password for devops:
Sorry, try again.
[sudo] password for devops:
Sorry, try again.
[sudo] password for devops:
sudo: 2 incorrect password attempts
[[email protected] ~]$ su -
Password:
Last login: Mon Nov  8 09:44:37 UTC 2021 on pts/0
[[email protected] ~]# ls -al /etc/sudo
sudo.conf       sudoers         sudoers.d/      sudo-ldap.conf
[[email protected] ~]# ls -al /etc/sudoers.d/
total 16
drwxr-x---.  2 root root   21 Nov  8 09:06 .
drwxr-xr-x. 87 root root 8192 Nov  8 09:14 ..
-r--r-----.  1 root root   45 Sep  1 00:19 vagrant
[[email protected] ~]# vim /etc/sudoers.d/devops
[[email protected] ~]# cat /etc/sudoers.d/devops
devops ALL=(ALL) NOPASSWD: ALL
[[email protected] ~]# exit
logout
[[email protected] ~]$ whoami
devops
[[email protected] ~]$ sudo su
[[email protected] devops]# whoami
root
[[email protected] devops]# exit
exit
[[email protected] ~]$ exit
logout
Connection to demo.example.com closed.

fix

devops ALL=(ALL) NOPASSWD: ALL

fix execution


$ ansible-playbook -i demo/inventory troubleshooting/missingsudopassword_error.yml

PLAY [debug module demo] *********************************************************************************

TASK [Gathering Facts] ***********************************************************************************
ok: [demo.example.com]

TASK [root test] *****************************************************************************************
ok: [demo.example.com] => {
"msg": "privilege escalation successful"
}

PLAY RECAP ***********************************************************************************************
demo.example.com           : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

code with ❤️ in GitHub

Recap

Now you know how to troubleshoot themissing sudo password and incorrect sudo password fatal errors. Subscribe to the YouTube channel, Medium, Website and Twitter to not miss the next episode of the Ansible Pilot.

Academy

Learn the Ansible automation technology with some real-life examples in my

My book Ansible By Examples: 100+ Automation Examples For Linux and Windows System Administrator and DevOps

Access the Complete Book and Learn Quick Ansible by 200+ Examples

Want to keep this project going? Please donate

Access the Complete Video Course and Learn Quick Ansible by 200+ Practical Lessons
Trustpilot
Follow me

Subscribe not to miss any new releases

November 8, 2021

FREE Top 10 Best Practices

Top 10 Best Practices of Ansible Automation: save time, reduce errors and stress