Issue encountered while running DARE-SeRP-Dev-Deployment Version: 43f688f (Thu Sep 14 17:15:42 2023 +0100) main branch.
$ ansible-playbook -i vmware-host.yaml 1-vm-setup-and-deploy.yaml -v
...
TASK [dare.common.vault_init_config : save the vault root token and unseal keys to a file] **********
fatal: [single_host -> localhost]: FAILED! => {"msg": "Failed to get information on remote file (/home/mjj/DARE-SeRP-Dev-Deployment/ansible/output/vault/root-unseal.json): sudo: a password is required\n"}
The user running Ansible on the control host needs to have password-less sudo enabled. For example:
$ sudo su -
# id <USER>
# echo "<USER> ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/<UID>-<USER>
# exit
However, if granting the user running Ansible password-less sudo access is not possible, then another fix is to the task itself.
The failure occurs within: ~/.ansible/collections/ansible_collections/dare/common/roles/vault_init_config/tasks/init.yml (file ansble/roles/vault_init_config/tasks/init.yml in this repository). A fix is to add become: false to the task:
- name: save the vault root token and unseal keys to a file
local_action: copy content="{{ vault_init }}" dest={{ vault_config_output_folder }}/root-unseal.json
become: false
If done, then a subsequent failure is:
TASK [dare.common.vault_init_config : gather all the policy files] *************
fatal: [single_host -> localhost]: FAILED! => {"changed": false, "module_stderr": "sudo: a password is required\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}
The failure occurs within: ~/.ansible/collections/ansible_collections/dare/common/roles/vault_init_config/tasks/main.yml (file ansble/roles/vault_init_config/tasks/main.yml in this repository). Again, add become: false to the task:
- name: gather all the policy files
find:
paths: "{{ vault_policy_directory }}"
patterns: "*.hcl"
register: all_policies
delegate_to: localhost
become: false
Issue encountered while running DARE-SeRP-Dev-Deployment Version: 43f688f (Thu Sep 14 17:15:42 2023 +0100)
mainbranch.The user running Ansible on the control host needs to have password-less sudo enabled. For example:
However, if granting the user running Ansible password-less sudo access is not possible, then another fix is to the task itself.
The failure occurs within:
~/.ansible/collections/ansible_collections/dare/common/roles/vault_init_config/tasks/init.yml(fileansble/roles/vault_init_config/tasks/init.ymlin this repository). A fix is to addbecome: falseto the task:If done, then a subsequent failure is:
The failure occurs within:
~/.ansible/collections/ansible_collections/dare/common/roles/vault_init_config/tasks/main.yml(fileansble/roles/vault_init_config/tasks/main.ymlin this repository). Again, addbecome: falseto the task:Suggested by Stackoverflow Why Ansible is ignoring my 'sudo: False'? and Stackoverflow Ansible - How to execute local commands with default user, not sudo?.