pamd module does not process authselect template files

[pfuntner]

Summary

The pamd module is unable to parse authselect templates for pamd files.

If authselect is used on an RedHat 8 or CentOS 8 (EL8) target system, files such as /etc/pam.d/system-auth are not supposed to be updated directly. /etc/pam.d/system-auth is generated by authselect and updates should be done to a template such as /usr/share/authselect/default/sssd/system-auth. The templates use a meta-language to include or exclude statements based on features selected when authselect is used to generate files in /etc/pam.d/:

{imply "with-smartcard" if "with-smartcard-required"}
auth        required                                     pam_env.so
auth        required                                     pam_faildelay.so delay=2000000
auth        required                                     pam_faillock.so preauth silent                         {include if "with-faillock"}
.
.
.

Updating the templates allows the administrator to easily switch between profiles and features.

This is essentially the same problem as Ansible issue #65659 which was closed in preparation for collections restructuring.

Issue Type

Bug Report

Component Name

pamd

Ansible Version

ansible 2.10.6
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/ubuntu/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/ubuntu/sto/cloud9-playbooks/jumphost/venv/lib/python3.8/site-packages/ansible
  executable location = /home/ubuntu/sto/cloud9-playbooks/jumphost/venv/bin/ansible
  python version = 3.8.5 (default, Jul 28 2020, 12:59:40) [GCC 9.3.0]

Configuration

$ ansible-config dump --only-changed
DEFAULT_CALLBACK_WHITELIST(/etc/ansible/ansible.cfg) = ['profile_tasks', 'timer']
$

# playbook: pamd-and-authselect.yml
- name: Demonstrate pamd module with an authselect template file
  hosts: all
  tasks:
  - block:
    - name: Get authselect information
      shell: "authselect current; authselect check"
      register: output

    - name: Display authselect information
      debug:
        var: output.stdout_lines

    - name: Get contents of /etc/pam.d/system-auth
      command: cat /etc/pam.d/system-auth
      register: output

    - name: Display contents of /etc/pam.d/system-auth
      debug:
        var: output.stdout_lines

    - name: Get contents of /usr/share/authselect/default/sssd/system-auth
      command: cat /usr/share/authselect/default/sssd/system-auth
      register: output

    - name: Display contents of /usr/share/authselect/default/sssd/system-auth
      debug:
        var: output.stdout_lines

    - name: Invoke pamd module to assure "auth required pam_env.so" rule is present
      pamd:
        name: system-auth
        path: /usr/share/authselect/default/sssd
        type: auth
        control: required
        module_path: pam_env.so
      notify: Regenerate pamd files

  become: true

  handlers:
  - name: Regenerate pamd files
    command: authselect apply-changes
    become: true

OS / Environment

CentOS 8.2

kernel: 4.18.0-193.6.3.el8_2.x86_64

Steps To Reproduce

1. Create a CentOS8 AWS EC2 instance
2. ansible-playbook pamd-and-authselect.yml

Expected Results

1. The instance should start with the authselect sssd profile selected with no features
2. The instance should have a valid authselect configuration (no changes to /etc/pam.d files)
3. The pamd module should run successfully but should make no change to the template since the rule is already present

Actual Results

ansible-playbook 2.10.6
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/ubuntu/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/ubuntu/sto/cloud9-playbooks/jumphost/venv/lib/python3.8/site-packages/ansible
  executable location = /home/ubuntu/sto/cloud9-playbooks/jumphost/venv/bin/ansible-playbook
  python version = 3.8.5 (default, Jul 28 2020, 12:59:40) [GCC 9.3.0]
Using /etc/ansible/ansible.cfg as config file
setting up inventory plugins
host_list declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
script declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
auto declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
Parsed /etc/ansible/hosts inventory source with ini plugin
redirecting (type: modules) ansible.builtin.pamd to community.general.pamd
Loading collection community.general from /home/ubuntu/.ansible/collections/ansible_collections/community/general
Loading callback plugin default of type stdout, v2.0 from /home/ubuntu/sto/cloud9-playbooks/jumphost/venv/lib/python3.8/site-packages/ansible/plugins/callback/default.py
redirecting (type: callback) ansible.builtin.profile_tasks to ansible.posix.profile_tasks
Loading collection ansible.posix from /home/ubuntu/.ansible/collections/ansible_collections/ansible/posix
redirecting (type: callback) ansible.builtin.timer to ansible.posix.timer
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.
Loading callback plugin ansible.posix.profile_tasks of type aggregate, v2.0 from /home/ubuntu/.ansible/collections/ansible_collections/ansible/posix/plugins/callback/profile_tasks.py
Loading callback plugin ansible.posix.timer of type aggregate, v2.0 from /home/ubuntu/.ansible/collections/ansible_collections/ansible/posix/plugins/callback/timer.py

PLAYBOOK: pamd-and-authselect.yml **********************************************
Positional arguments: pamd-and-authselect.yml
verbosity: 4
connection: smart
timeout: 10
become_method: sudo
tags: ('all',)
inventory: ('/etc/ansible/hosts',)
forks: 5
1 plays in pamd-and-authselect.yml

PLAY [Demonstrate pamd module with an authselect template file] ****************

TASK [Gathering Facts] *********************************************************
task path: /home/ubuntu/sto/issues/CCC-1527/ansible-issue/pamd-and-authselect.yml:1
Wednesday 03 March 2021  13:50:56 -0500 (0:00:00.013)       0:00:00.013 ******* 
<3.94.101.241> ESTABLISH SSH CONNECTION FOR USER: centos
<3.94.101.241> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/home/ubuntu/.ssh/pfuntner-aws.pem"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/8a80c85447 3.94.101.241 '/bin/sh -c '"'"'echo ~centos && sleep 0'"'"''
<3.94.101.241> (0, b'/home/centos\n', b'OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020\r\ndebug1: Reading configuration data /home/ubuntu/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug2: resolve_canonicalize: hostname 3.94.101.241 is address\r\ndebug1: auto-mux: Trying existing master\r\ndebug1: Control socket "/home/ubuntu/.ansible/cp/8a80c85447" does not exist\r\ndebug2: ssh_connect_direct\r\ndebug1: Connecting to 3.94.101.241 [3.94.101.241] port 22.\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug1: fd 3 clearing O_NONBLOCK\r\ndebug1: Connection established.\r\ndebug3: timeout: 9990 ms remain after connect\r\ndebug1: identity file /home/ubuntu/.ssh/pfuntner-aws.pem type -1\r\ndebug1: identity file /home/ubuntu/.ssh/pfuntner-aws.pem-cert type -1\r\ndebug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.1\r\ndebug1: Remote protocol version 2.0, remote software version OpenSSH_8.0\r\ndebug1: match: OpenSSH_8.0 pat OpenSSH* compat 0x04000000\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug1: Authenticating to 3.94.101.241:22 as \'centos\'\r\ndebug3: hostkeys_foreach: reading file "/home/ubuntu/.ssh/known_hosts"\r\ndebug3: record_hostkey: found key type ECDSA in file /home/ubuntu/.ssh/known_hosts:26\r\ndebug3: load_hostkeys: loaded 1 keys from 3.94.101.241\r\ndebug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521\r\ndebug3: send packet: type 20\r\ndebug1: SSH2_MSG_KEXINIT sent\r\ndebug3: receive packet: type 20\r\ndebug1: SSH2_MSG_KEXINIT received\r\ndebug2: local client KEXINIT proposal\r\ndebug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c\r\ndebug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa\r\ndebug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\r\ndebug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\r\ndebug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1\r\ndebug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1\r\ndebug2: compression ctos: zlib@openssh.com,zlib,none\r\ndebug2: compression stoc: zlib@openssh.com,zlib,none\r\ndebug2: languages ctos: \r\ndebug2: languages stoc: \r\ndebug2: first_kex_follows 0 \r\ndebug2: reserved 0 \r\ndebug2: peer server KEXINIT proposal\r\ndebug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1\r\ndebug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519\r\ndebug2: ciphers ctos: aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc\r\ndebug2: ciphers stoc: aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc\r\ndebug2: MACs ctos: hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512\r\ndebug2: MACs stoc: hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512\r\ndebug2: compression ctos: none,zlib@openssh.com\r\ndebug2: compression stoc: none,zlib@openssh.com\r\ndebug2: languages ctos: \r\ndebug2: languages stoc: \r\ndebug2: first_kex_follows 0 \r\ndebug2: reserved 0 \r\ndebug1: kex: algorithm: curve25519-sha256\r\ndebug1: kex: host key algorithm: ecdsa-sha2-nistp256\r\ndebug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: zlib@openssh.com\r\ndebug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: zlib@openssh.com\r\ndebug3: send packet: type 30\r\ndebug1: expecting SSH2_MSG_KEX_ECDH_REPLY\r\ndebug3: receive packet: type 31\r\ndebug1: Server host key: ecdsa-sha2-nistp256 SHA256:y7W3i+GOcW05zxEom+GHKGbrUDz3D39TItpk1NCJfJY\r\ndebug3: hostkeys_foreach: reading file "/home/ubuntu/.ssh/known_hosts"\r\ndebug3: record_hostkey: found key type ECDSA in file /home/ubuntu/.ssh/known_hosts:26\r\ndebug3: load_hostkeys: loaded 1 keys from 3.94.101.241\r\ndebug1: Host \'3.94.101.241\' is known and matches the ECDSA host key.\r\ndebug1: Found key in /home/ubuntu/.ssh/known_hosts:26\r\ndebug3: send packet: type 21\r\ndebug2: set_newkeys: mode 1\r\ndebug1: rekey out after 134217728 blocks\r\ndebug1: SSH2_MSG_NEWKEYS sent\r\ndebug1: expecting SSH2_MSG_NEWKEYS\r\ndebug3: receive packet: type 21\r\ndebug1: SSH2_MSG_NEWKEYS received\r\ndebug2: set_newkeys: mode 0\r\ndebug1: rekey in after 134217728 blocks\r\ndebug1: Will attempt key: /home/ubuntu/.ssh/pfuntner-aws.pem  explicit\r\ndebug2: pubkey_prepare: done\r\ndebug3: send packet: type 5\r\ndebug3: receive packet: type 7\r\ndebug1: SSH2_MSG_EXT_INFO received\r\ndebug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>\r\ndebug3: receive packet: type 6\r\ndebug2: service_accept: ssh-userauth\r\ndebug1: SSH2_MSG_SERVICE_ACCEPT received\r\ndebug3: send packet: type 50\r\ndebug3: receive packet: type 51\r\ndebug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic\r\ndebug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic\r\ndebug3: preferred gssapi-with-mic,gssapi-keyex,hostbased,publickey\r\ndebug3: authmethod_lookup gssapi-with-mic\r\ndebug3: remaining preferred: gssapi-keyex,hostbased,publickey\r\ndebug3: authmethod_is_enabled gssapi-with-mic\r\ndebug1: Next authentication method: gssapi-with-mic\r\ndebug1: Unspecified GSS failure.  Minor code may provide more information\nNo Kerberos credentials available (default cache: FILE:/tmp/krb5cc_1000)\n\n\r\ndebug1: Unspecified GSS failure.  Minor code may provide more information\nNo Kerberos credentials available (default cache: FILE:/tmp/krb5cc_1000)\n\n\r\ndebug2: we did not send a packet, disable method\r\ndebug3: authmethod_lookup gssapi-keyex\r\ndebug3: remaining preferred: hostbased,publickey\r\ndebug3: authmethod_lookup publickey\r\ndebug3: remaining preferred: ,publickey\r\ndebug3: authmethod_is_enabled publickey\r\ndebug1: Next authentication method: publickey\r\ndebug1: Trying private key: /home/ubuntu/.ssh/pfuntner-aws.pem\r\ndebug3: sign_and_send_pubkey: RSA SHA256:l/0DNgv4i/6QVMlBJQ+IsRkPsQObhVJlcvA5U/dZ1tc\r\ndebug3: sign_and_send_pubkey: signing using rsa-sha2-512 SHA256:l/0DNgv4i/6QVMlBJQ+IsRkPsQObhVJlcvA5U/dZ1tc\r\ndebug3: send packet: type 50\r\ndebug2: we sent a publickey packet, wait for reply\r\ndebug3: receive packet: type 52\r\ndebug1: Enabling compression at level 6.\r\ndebug1: Authentication succeeded (publickey).\r\nAuthenticated to 3.94.101.241 ([3.94.101.241]:22).\r\ndebug1: setting up multiplex master socket\r\ndebug3: muxserver_listen: temporary control path /home/ubuntu/.ansible/cp/8a80c85447.5DOkuwhg1j7kogno\r\ndebug2: fd 4 setting O_NONBLOCK\r\ndebug3: fd 4 is O_NONBLOCK\r\ndebug3: fd 4 is O_NONBLOCK\r\ndebug1: channel 0: new [/home/ubuntu/.ansible/cp/8a80c85447]\r\ndebug3: muxserver_listen: mux listener channel 0 fd 4\r\ndebug2: fd 3 setting TCP_NODELAY\r\ndebug3: ssh_packet_set_tos: set IP_TOS 0x08\r\ndebug1: control_persist_detach: backgrounding master process\r\ndebug2: control_persist_detach: background process is 3587219\r\ndebug2: fd 4 setting O_NONBLOCK\r\ndebug1: forking to background\r\ndebug1: Entering interactive session.\r\ndebug1: pledge: id\r\ndebug2: set_control_persist_exit_time: schedule exit in 60 seconds\r\ndebug1: multiplexing control connection\r\ndebug2: fd 5 setting O_NONBLOCK\r\ndebug3: fd 5 is O_NONBLOCK\r\ndebug1: channel 1: new [mux-control]\r\ndebug3: channel_post_mux_listener: new mux channel 1 fd 5\r\ndebug3: mux_master_read_cb: channel 1: hello sent\r\ndebug2: set_control_persist_exit_time: cancel scheduled exit\r\ndebug3: mux_master_read_cb: channel 1 packet type 0x00000001 len 4\r\ndebug2: mux_master_process_hello: channel 1 slave version 4\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_master_read_cb: channel 1 packet type 0x10000004 len 4\r\ndebug2: mux_master_process_alive_check: channel 1: alive check\r\ndebug3: mux_client_request_alive: done pid = 3587221\r\ndebug3: mux_client_request_session: session request sent\r\ndebug3: mux_master_read_cb: channel 1 packet type 0x10000002 len 93\r\ndebug2: mux_master_process_new_session: channel 1: request tty 0, X 0, agent 0, subsys 0, term "xterm", cmd "/bin/sh -c \'echo ~centos && sleep 0\'", env 1\r\ndebug3: mux_master_process_new_session: got fds stdin 6, stdout 7, stderr 8\r\ndebug2: fd 7 setting O_NONBLOCK\r\ndebug2: fd 8 setting O_NONBLOCK\r\ndebug1: channel 2: new [client-session]\r\ndebug2: mux_master_process_new_session: channel_new: 2 linked to control channel 1\r\ndebug2: channel 2: send open\r\ndebug3: send packet: type 90\r\ndebug3: receive packet: type 80\r\ndebug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0\r\ndebug3: receive packet: type 4\r\ndebug1: Remote: /home/centos/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding\r\ndebug3: receive packet: type 91\r\ndebug2: channel_input_open_confirmation: channel 2: callback start\r\ndebug2: client_session2_setup: id 2\r\ndebug1: Sending environment.\r\ndebug1: Sending env LANG = C.UTF-8\r\ndebug2: channel 2: request env confirm 0\r\ndebug3: send packet: type 98\r\ndebug1: Sending command: /bin/sh -c \'echo ~centos && sleep 0\'\r\ndebug2: channel 2: request exec confirm 1\r\ndebug3: send packet: type 98\r\ndebug3: mux_session_confirm: sending success reply\r\ndebug2: channel_input_open_confirmation: channel 2: callback done\r\ndebug2: channel 2: open confirm rwindow 0 rmax 32768\r\ndebug2: channel 2: rcvd adjust 2097152\r\ndebug3: receive packet: type 99\r\ndebug2: channel_input_status_confirm: type 99 id 2\r\ndebug2: exec request accepted on channel 2\r\ndebug3: receive packet: type 96\r\ndebug2: channel 2: rcvd eof\r\ndebug2: channel 2: output open -> drain\r\ndebug2: channel 2: obuf empty\r\ndebug2: channel 2: chan_shutdown_write (i0 o1 sock -1 wfd 7 efd 8 [write])\r\ndebug2: channel 2: output drain -> closed\r\ndebug3: receive packet: type 98\r\ndebug1: client_input_channel_req: channel 2 rtype exit-status reply 0\r\ndebug3: mux_exit_message: channel 2: exit message, exitval 0\r\ndebug3: receive packet: type 98\r\ndebug1: client_input_channel_req: channel 2 rtype eow@openssh.com reply 0\r\ndebug2: channel 2: rcvd eow\r\ndebug2: channel 2: chan_shutdown_read (i0 o3 sock -1 wfd 6 efd 8 [write])\r\ndebug2: channel 2: input open -> closed\r\ndebug3: receive packet: type 97\r\ndebug2: channel 2: rcvd close\r\ndebug3: channel 2: will not send data after close\r\ndebug2: channel 2: send close\r\ndebug3: send packet: type 97\r\ndebug2: channel 2: is dead\r\ndebug2: channel 2: gc: notify user\r\ndebug3: mux_master_session_cleanup_cb: entering for channel 2\r\ndebug2: channel 1: rcvd close\r\ndebug2: channel 1: output open -> drain\r\ndebug2: channel 1: chan_shutdown_read (i0 o1 sock 5 wfd 5 efd -1 [closed])\r\ndebug2: channel 1: input open -> closed\r\ndebug2: channel 2: gc: user detached\r\ndebug2: channel 2: is dead\r\ndebug2: channel 2: garbage collecting\r\ndebug1: channel 2: free: client-session, nchannels 3\r\ndebug3: channel 2: status: The following connections are open:\r\n  #1 mux-control (t16 nr0 i3/0 o1/16 e[closed]/0 fd 5/5/-1 sock 5 cc -1)\r\n  #2 client-session (t4 r0 i3/0 o3/0 e[write]/0 fd -1/-1/8 sock -1 cc -1)\r\n\r\ndebug2: channel 1: obuf empty\r\ndebug2: channel 1: chan_shutdown_write (i3 o1 sock 5 wfd 5 efd -1 [closed])\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\ndebug2: channel 1: output drain -> closed\r\ndebug2: channel 1: is dead (local)\r\ndebug2: channel 1: gc: notify user\r\ndebug3: mux_master_control_cleanup_cb: entering for channel 1\r\ndebug2: channel 1: gc: user detached\r\ndebug2: channel 1: is dead (local)\r\ndebug2: channel 1: garbage collecting\r\ndebug1: channel 1: free: mux-control, nchannels 2\r\ndebug3: channel 1: status: The following connections are open:\r\n  #1 mux-control (t16 nr0 i3/0 o3/0 e[closed]/0 fd 5/5/-1 sock 5 cc -1)\r\n\r\ndebug2: set_control_persist_exit_time: schedule exit in 60 seconds\r\n')
<3.94.101.241> ESTABLISH SSH CONNECTION FOR USER: centos
<3.94.101.241> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/home/ubuntu/.ssh/pfuntner-aws.pem"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/8a80c85447 3.94.101.241 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /home/centos/.ansible/tmp `"&& mkdir "` echo /home/centos/.ansible/tmp/ansible-tmp-1614797458.0119333-3587217-271942784260232 `" && echo ansible-tmp-1614797458.0119333-3587217-271942784260232="` echo /home/centos/.ansible/tmp/ansible-tmp-1614797458.0119333-3587217-271942784260232 `" ) && sleep 0'"'"''
<3.94.101.241> (0, b'ansible-tmp-1614797458.0119333-3587217-271942784260232=/home/centos/.ansible/tmp/ansible-tmp-1614797458.0119333-3587217-271942784260232\n', b'OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020\r\ndebug1: Reading configuration data /home/ubuntu/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug2: resolve_canonicalize: hostname 3.94.101.241 is address\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 3587221\r\ndebug3: mux_client_request_session: session request sent\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
<aws-centos8> Attempting python interpreter discovery
<3.94.101.241> ESTABLISH SSH CONNECTION FOR USER: centos
<3.94.101.241> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/home/ubuntu/.ssh/pfuntner-aws.pem"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/8a80c85447 3.94.101.241 '/bin/sh -c '"'"'echo PLATFORM; uname; echo FOUND; command -v '"'"'"'"'"'"'"'"'/usr/bin/python'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.7'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.6'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.5'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python2.7'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python2.6'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'/usr/libexec/platform-python'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'/usr/bin/python3'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python'"'"'"'"'"'"'"'"'; echo ENDFOUND && sleep 0'"'"''
<3.94.101.241> (0, b'PLATFORM\nLinux\nFOUND\n/usr/libexec/platform-python\nENDFOUND\n', b'OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020\r\ndebug1: Reading configuration data /home/ubuntu/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug2: resolve_canonicalize: hostname 3.94.101.241 is address\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 3587221\r\ndebug3: mux_client_request_session: session request sent\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
<3.94.101.241> ESTABLISH SSH CONNECTION FOR USER: centos
<3.94.101.241> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/home/ubuntu/.ssh/pfuntner-aws.pem"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/8a80c85447 3.94.101.241 '/bin/sh -c '"'"'/usr/libexec/platform-python && sleep 0'"'"''
<3.94.101.241> (0, b'{"platform_dist_result": ["centos", "8.2.2004", "Core"], "osrelease_content": "NAME=\\"CentOS Linux\\"\\nVERSION=\\"8 (Core)\\"\\nID=\\"centos\\"\\nID_LIKE=\\"rhel fedora\\"\\nVERSION_ID=\\"8\\"\\nPLATFORM_ID=\\"platform:el8\\"\\nPRETTY_NAME=\\"CentOS Linux 8 (Core)\\"\\nANSI_COLOR=\\"0;31\\"\\nCPE_NAME=\\"cpe:/o:centos:centos:8\\"\\nHOME_URL=\\"https://www.centos.org/\\"\\nBUG_REPORT_URL=\\"https://bugs.centos.org/\\"\\n\\nCENTOS_MANTISBT_PROJECT=\\"CentOS-8\\"\\nCENTOS_MANTISBT_PROJECT_VERSION=\\"8\\"\\nREDHAT_SUPPORT_PRODUCT=\\"centos\\"\\nREDHAT_SUPPORT_PRODUCT_VERSION=\\"8\\"\\n\\n"}\n', b'OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020\r\ndebug1: Reading configuration data /home/ubuntu/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug2: resolve_canonicalize: hostname 3.94.101.241 is address\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 3587221\r\ndebug3: mux_client_request_session: session request sent\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
Using module file /home/ubuntu/sto/cloud9-playbooks/jumphost/venv/lib/python3.8/site-packages/ansible/modules/setup.py
<3.94.101.241> PUT /home/ubuntu/.ansible/tmp/ansible-local-3587209y185bfjx/tmp6emp6yxa TO /home/centos/.ansible/tmp/ansible-tmp-1614797458.0119333-3587217-271942784260232/AnsiballZ_setup.py
<3.94.101.241> SSH: EXEC sftp -b - -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/home/ubuntu/.ssh/pfuntner-aws.pem"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/8a80c85447 '[3.94.101.241]'
<3.94.101.241> (0, b'sftp> put /home/ubuntu/.ansible/tmp/ansible-local-3587209y185bfjx/tmp6emp6yxa /home/centos/.ansible/tmp/ansible-tmp-1614797458.0119333-3587217-271942784260232/AnsiballZ_setup.py\n', b'OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020\r\ndebug1: Reading configuration data /home/ubuntu/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug2: resolve_canonicalize: hostname 3.94.101.241 is address\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 3587221\r\ndebug3: mux_client_request_session: session request sent\r\ndebug2: Remote version: 3\r\ndebug2: Server supports extension "posix-rename@openssh.com" revision 1\r\ndebug2: Server supports extension "statvfs@openssh.com" revision 2\r\ndebug2: Server supports extension "fstatvfs@openssh.com" revision 2\r\ndebug2: Server supports extension "hardlink@openssh.com" revision 1\r\ndebug2: Server supports extension "fsync@openssh.com" revision 1\r\ndebug2: Server supports extension "lsetstat@openssh.com" revision 1\r\ndebug3: Sent message fd 3 T:16 I:1\r\ndebug3: SSH_FXP_REALPATH . -> /home/centos size 0\r\ndebug3: Looking up /home/ubuntu/.ansible/tmp/ansible-local-3587209y185bfjx/tmp6emp6yxa\r\ndebug3: Sent message fd 3 T:17 I:2\r\ndebug3: Received stat reply T:101 I:2\r\ndebug1: Couldn\'t stat remote file: No such file or directory\r\ndebug3: Sent message SSH2_FXP_OPEN I:3 P:/home/centos/.ansible/tmp/ansible-tmp-1614797458.0119333-3587217-271942784260232/AnsiballZ_setup.py\r\ndebug3: Sent message SSH2_FXP_WRITE I:4 O:0 S:32768\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop, ack for 4 32768 bytes at 0\r\ndebug3: Sent message SSH2_FXP_WRITE I:5 O:32768 S:32768\r\ndebug3: Sent message SSH2_FXP_WRITE I:6 O:65536 S:32768\r\ndebug3: Sent message SSH2_FXP_WRITE I:7 O:98304 S:32768\r\ndebug3: Sent message SSH2_FXP_WRITE I:8 O:131072 S:32768\r\ndebug3: Sent message SSH2_FXP_WRITE I:9 O:163840 S:32768\r\ndebug3: Sent message SSH2_FXP_WRITE I:10 O:196608 S:32768\r\ndebug3: Sent message SSH2_FXP_WRITE I:11 O:229376 S:32768\r\ndebug3: Sent message SSH2_FXP_WRITE I:12 O:262144 S:5442\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop, ack for 5 32768 bytes at 32768\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop, ack for 6 32768 bytes at 65536\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop, ack for 7 32768 bytes at 98304\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop, ack for 8 32768 bytes at 131072\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop, ack for 9 32768 bytes at 163840\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop, ack for 10 32768 bytes at 196608\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop, ack for 11 32768 bytes at 229376\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop, ack for 12 5442 bytes at 262144\r\ndebug3: Sent message SSH2_FXP_CLOSE I:4\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
<3.94.101.241> ESTABLISH SSH CONNECTION FOR USER: centos
<3.94.101.241> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/home/ubuntu/.ssh/pfuntner-aws.pem"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/8a80c85447 3.94.101.241 '/bin/sh -c '"'"'chmod u+x /home/centos/.ansible/tmp/ansible-tmp-1614797458.0119333-3587217-271942784260232/ /home/centos/.ansible/tmp/ansible-tmp-1614797458.0119333-3587217-271942784260232/AnsiballZ_setup.py && sleep 0'"'"''
<3.94.101.241> (0, b'', b'OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020\r\ndebug1: Reading configuration data /home/ubuntu/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug2: resolve_canonicalize: hostname 3.94.101.241 is address\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 3587221\r\ndebug3: mux_client_request_session: session request sent\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
<3.94.101.241> ESTABLISH SSH CONNECTION FOR USER: centos
<3.94.101.241> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/home/ubuntu/.ssh/pfuntner-aws.pem"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/8a80c85447 -tt 3.94.101.241 '/bin/sh -c '"'"'sudo -H -S -n  -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-ilcwiccqspoasochfvfvflvoglkbifyc ; /usr/libexec/platform-python /home/centos/.ansible/tmp/ansible-tmp-1614797458.0119333-3587217-271942784260232/AnsiballZ_setup.py'"'"'"'"'"'"'"'"' && sleep 0'"'"''
Escalation succeeded
<3.94.101.241> (0, b'\r\n{"ansible_facts": {"ansible_fibre_channel_wwn": [], "ansible_user_id": "root", "ansible_user_uid": 0, "ansible_user_gid": 0, "ansible_user_gecos": "root", "ansible_user_dir": "/root", "ansible_user_shell": "/bin/bash", "ansible_real_user_id": 0, "ansible_effective_user_id": 0, "ansible_real_group_id": 0, "ansible_effective_group_id": 0, "ansible_system_capabilities_enforced": "True", "ansible_system_capabilities": ["cap_chown", "cap_dac_override", "cap_dac_read_search", "cap_fowner", "cap_fsetid", "cap_kill", "cap_setgid", "cap_setuid", "cap_setpcap", "cap_linux_immutable", "cap_net_bind_service", "cap_net_broadcast", "cap_net_admin", "cap_net_raw", "cap_ipc_lock", "cap_ipc_owner", "cap_sys_module", "cap_sys_rawio", "cap_sys_chroot", "cap_sys_ptrace", "cap_sys_pacct", "cap_sys_admin", "cap_sys_boot", "cap_sys_nice", "cap_sys_resource", "cap_sys_time", "cap_sys_tty_config", "cap_mknod", "cap_lease", "cap_audit_write", "cap_audit_control", "cap_setfcap", "cap_mac_override", "cap_mac_admin", "cap_syslog", "cap_wake_alarm", "cap_block_suspend", "cap_audit_read+ep"], "ansible_local": {}, "ansible_date_time": {"year": "2021", "month": "03", "weekday": "Wednesday", "weekday_number": "3", "weeknumber": "09", "day": "03", "hour": "18", "minute": "50", "second": "59", "epoch": "1614797459", "date": "2021-03-03", "time": "18:50:59", "iso8601_micro": "2021-03-03T18:50:59.089463Z", "iso8601": "2021-03-03T18:50:59Z", "iso8601_basic": "20210303T185059089463", "iso8601_basic_short": "20210303T185059", "tz": "UTC", "tz_offset": "+0000"}, "ansible_dns": {"search": ["ec2.internal"], "nameservers": ["172.31.0.2"]}, "ansible_virtualization_type": "xen", "ansible_virtualization_role": "guest", "ansible_ssh_host_key_rsa_public": "AAAAB3NzaC1yc2EAAAADAQABAAABgQDB2xPOwMmC23+58ow0kbPNhw8/mKS4Rvhi54TmnhURZzQY2JCwmqj3QdP6e+vxIwlLHT/6vuaEl6bfWRYROC4gA6zqFta/6iKQzIM6B96EWa3DXYoUCisbgiG9CtIlww6Mn6ArY7pRvYYZOBlVGiPsNRerIsYWDXaBAgM3+DnAoUUUkndJwkFabaJPKCpfHloEpMTR6RoRUe5plJVEKtrr0vQ6xEbV/jITkJq7iqztJqbhoQTvtjG3qV9zegELHCSJVuVJ1cU9c3WWiR3NhTkTwk+aVsxOC3mEzaxw1nJHyDbPpkLJWKPq8ZQ+/Le/JhlKvD2/wOSpNCKmf6LN1WpWUqa3zVTOH0ylF8XyxOf7n34TvHjPg3wPr1n3/MctPVpDpLyZZOZ8rjWUC2+KOV8w7nBD3VG81WXoDYmmxAIvCZqNliBGYWaDvqLs7ElAis1qvTc8yc36hPQCxjAMKjHARfZu+8MHWqghIRGuOpXl7o7UHh2Wm51YdQMpsr3mFJ8=", "ansible_ssh_host_key_rsa_public_keytype": "ssh-rsa", "ansible_ssh_host_key_ecdsa_public": "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK2lgkyCnzkpHGn4A0W7cXd5KynIVk3MKem3g5ouvTwvz9XkvvvuswThA+CZ/iyXXVG4cgIyOnONU+5lmDezL50=", "ansible_ssh_host_key_ecdsa_public_keytype": "ecdsa-sha2-nistp256", "ansible_ssh_host_key_ed25519_public": "AAAAC3NzaC1lZDI1NTE5AAAAINgQm+6oRi98RCQ1m9jf5eyznxd7eNQzUkFCNvEm5xZC", "ansible_ssh_host_key_ed25519_public_keytype": "ssh-ed25519", "ansible_python": {"version": {"major": 3, "minor": 6, "micro": 8, "releaselevel": "final", "serial": 0}, "version_info": [3, 6, 8, "final", 0], "executable": "/usr/libexec/platform-python", "has_sslcontext": true, "type": "cpython"}, "ansible_env": {"LS_COLORS": "rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.zst=01;31:*.tzst=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.wim=01;31:*.swm=01;31:*.dwm=01;31:*.esd=01;31:*.jpg=01;35:*.jpeg=01;35:*.mjpg=01;35:*.mjpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=01;36:*.au=01;36:*.flac=01;36:*.m4a=01;36:*.mid=01;36:*.midi=01;36:*.mka=01;36:*.mp3=01;36:*.mpc=01;36:*.ogg=01;36:*.ra=01;36:*.wav=01;36:*.oga=01;36:*.opus=01;36:*.spx=01;36:*.xspf=01;36:", "LANG": "C.UTF-8", "SUDO_GID": "1000", "SUDO_COMMAND": "/bin/sh -c echo BECOME-SUCCESS-ilcwiccqspoasochfvfvflvoglkbifyc ; /usr/libexec/platform-python /home/centos/.ansible/tmp/ansible-tmp-1614797458.0119333-3587217-271942784260232/AnsiballZ_setup.py", "USER": "root", "PWD": "/home/centos", "HOME": "/root", "SUDO_USER": "centos", "SUDO_UID": "1000", "MAIL": "/var/mail/root", "SHELL": "/bin/bash", "TERM": "xterm", "SHLVL": "1", "LOGNAME": "root", "PATH": "/sbin:/bin:/usr/sbin:/usr/bin", "_": "/usr/libexec/platform-python"}, "ansible_distribution": "CentOS", "ansible_distribution_release": "Core", "ansible_distribution_version": "8.2", "ansible_distribution_major_version": "8", "ansible_distribution_file_path": "/etc/redhat-release", "ansible_distribution_file_variety": "RedHat", "ansible_distribution_file_parsed": true, "ansible_os_family": "RedHat", "ansible_selinux_python_present": true, "ansible_selinux": {"status": "enabled", "policyvers": 31, "config_mode": "enforcing", "mode": "enforcing", "type": "targeted"}, "ansible_system": "Linux", "ansible_kernel": "4.18.0-193.6.3.el8_2.x86_64", "ansible_kernel_version": "#1 SMP Wed Jun 10 11:09:32 UTC 2020", "ansible_machine": "x86_64", "ansible_python_version": "3.6.8", "ansible_fqdn": "ip-172-31-55-240.ec2.internal", "ansible_hostname": "ip-172-31-55-240", "ansible_nodename": "ip-172-31-55-240.ec2.internal", "ansible_domain": "ec2.internal", "ansible_userspace_bits": "64", "ansible_architecture": "x86_64", "ansible_userspace_architecture": "x86_64", "ansible_machine_id": "f6396eab1fff4366a275b20816d61f8d", "ansible_processor": ["0", "GenuineIntel", "Intel(R) Xeon(R) CPU E5-2676 v3 @ 2.40GHz", "1", "GenuineIntel", "Intel(R) Xeon(R) CPU E5-2676 v3 @ 2.40GHz"], "ansible_processor_count": 1, "ansible_processor_cores": 2, "ansible_processor_threads_per_core": 1, "ansible_processor_vcpus": 2, "ansible_processor_nproc": 2, "ansible_memtotal_mb": 3775, "ansible_memfree_mb": 3282, "ansible_swaptotal_mb": 0, "ansible_swapfree_mb": 0, "ansible_memory_mb": {"real": {"total": 3775, "used": 493, "free": 3282}, "nocache": {"free": 3559, "used": 216}, "swap": {"total": 0, "free": 0, "used": 0, "cached": 0}}, "ansible_bios_date": "08/24/2006", "ansible_bios_vendor": "Xen", "ansible_bios_version": "4.2.amazon", "ansible_board_asset_tag": "NA", "ansible_board_name": "NA", "ansible_board_serial": "NA", "ansible_board_vendor": "NA", "ansible_board_version": "NA", "ansible_chassis_asset_tag": "NA", "ansible_chassis_serial": "NA", "ansible_chassis_vendor": "Xen", "ansible_chassis_version": "NA", "ansible_form_factor": "Other", "ansible_product_name": "HVM domU", "ansible_product_serial": "ec205585-d3f9-6b61-2f6c-0ee3db689f59", "ansible_product_uuid": "ec205585-d3f9-6b61-2f6c-0ee3db689f59", "ansible_product_version": "4.2.amazon", "ansible_system_vendor": "Xen", "ansible_devices": {"xvda": {"virtual": 1, "links": {"ids": [], "uuids": [], "labels": [], "masters": []}, "vendor": null, "model": null, "sas_address": null, "sas_device_handle": null, "removable": "0", "support_discard": "0", "partitions": {"xvda2": {"links": {"ids": [], "uuids": ["b437cbaa-8fe5-49e4-8537-0895c219037a"], "labels": [], "masters": []}, "start": "4096", "sectors": "20967391", "sectorsize": 512, "size": "10.00 GB", "uuid": "b437cbaa-8fe5-49e4-8537-0895c219037a", "holders": []}, "xvda1": {"links": {"ids": [], "uuids": [], "labels": [], "masters": []}, "start": "2048", "sectors": "2048", "sectorsize": 512, "size": "1.00 MB", "uuid": null, "holders": []}}, "rotational": "0", "scheduler_mode": "mq-deadline", "sectors": "20971520", "sectorsize": "512", "size": "10.00 GB", "host": "", "holders": []}}, "ansible_device_links": {"ids": {}, "uuids": {"xvda2": ["b437cbaa-8fe5-49e4-8537-0895c219037a"]}, "labels": {}, "masters": {}}, "ansible_uptime_seconds": 1161, "ansible_mounts": [{"mount": "/", "device": "/dev/xvda2", "fstype": "xfs", "options": "rw,seclabel,relatime,attr2,inode64,noquota", "size_total": 10724814848, "size_available": 9321046016, "block_size": 4096, "block_total": 2618363, "block_available": 2275646, "block_used": 342717, "inode_total": 5241840, "inode_available": 5207277, "inode_used": 34563, "uuid": "b437cbaa-8fe5-49e4-8537-0895c219037a"}], "ansible_is_chroot": false, "ansible_apparmor": {"status": "disabled"}, "ansible_interfaces": ["lo", "eth0"], "ansible_eth0": {"device": "eth0", "macaddress": "12:66:01:54:78:3b", "mtu": 9001, "active": true, "module": "xen_netfront", "type": "ether", "pciid": "vif-0", "promisc": false, "ipv4": {"address": "172.31.55.240", "broadcast": "172.31.63.255", "netmask": "255.255.240.0", "network": "172.31.48.0"}, "ipv6": [{"address": "fe80::1066:1ff:fe54:783b", "prefix": "64", "scope": "link"}], "features": {"rx_checksumming": "on [fixed]", "tx_checksumming": "on", "tx_checksum_ipv4": "on [fixed]", "tx_checksum_ip_generic": "off [fixed]", "tx_checksum_ipv6": "off [requested on]", "tx_checksum_fcoe_crc": "off [fixed]", "tx_checksum_sctp": "off [fixed]", "scatter_gather": "on", "tx_scatter_gather": "on", "tx_scatter_gather_fraglist": "off [fixed]", "tcp_segmentation_offload": "on", "tx_tcp_segmentation": "on", "tx_tcp_ecn_segmentation": "off [fixed]", "tx_tcp_mangleid_segmentation": "off", "tx_tcp6_segmentation": "off [requested on]", "generic_segmentation_offload": "on", "generic_receive_offload": "on", "large_receive_offload": "off [fixed]", "rx_vlan_offload": "off [fixed]", "tx_vlan_offload": "off [fixed]", "ntuple_filters": "off [fixed]", "receive_hashing": "off [fixed]", "highdma": "off [fixed]", "rx_vlan_filter": "off [fixed]", "vlan_challenged": "off [fixed]", "tx_lockless": "off [fixed]", "netns_local": "off [fixed]", "tx_gso_robust": "on [fixed]", "tx_fcoe_segmentation": "off [fixed]", "tx_gre_segmentation": "off [fixed]", "tx_gre_csum_segmentation": "off [fixed]", "tx_ipxip4_segmentation": "off [fixed]", "tx_ipxip6_segmentation": "off [fixed]", "tx_udp_tnl_segmentation": "off [fixed]", "tx_udp_tnl_csum_segmentation": "off [fixed]", "tx_gso_partial": "off [fixed]", "tx_sctp_segmentation": "off [fixed]", "tx_esp_segmentation": "off [fixed]", "tx_udp_segmentation": "off [fixed]", "tls_hw_rx_offload": "off [fixed]", "fcoe_mtu": "off [fixed]", "tx_nocache_copy": "off", "loopback": "off [fixed]", "rx_fcs": "off [fixed]", "rx_all": "off [fixed]", "tx_vlan_stag_hw_insert": "off [fixed]", "rx_vlan_stag_hw_parse": "off [fixed]", "rx_vlan_stag_filter": "off [fixed]", "l2_fwd_offload": "off [fixed]", "hw_tc_offload": "off [fixed]", "esp_hw_offload": "off [fixed]", "esp_tx_csum_hw_offload": "off [fixed]", "rx_udp_tunnel_port_offload": "off [fixed]", "tls_hw_tx_offload": "off [fixed]", "rx_gro_hw": "off [fixed]", "tls_hw_record": "off [fixed]"}, "timestamping": ["rx_software", "software"], "hw_timestamp_filters": []}, "ansible_lo": {"device": "lo", "mtu": 65536, "active": true, "type": "loopback", "promisc": false, "ipv4": {"address": "127.0.0.1", "broadcast": "", "netmask": "255.0.0.0", "network": "127.0.0.0"}, "ipv6": [{"address": "::1", "prefix": "128", "scope": "host"}], "features": {"rx_checksumming": "on [fixed]", "tx_checksumming": "on", "tx_checksum_ipv4": "off [fixed]", "tx_checksum_ip_generic": "on [fixed]", "tx_checksum_ipv6": "off [fixed]", "tx_checksum_fcoe_crc": "off [fixed]", "tx_checksum_sctp": "on [fixed]", "scatter_gather": "on", "tx_scatter_gather": "on [fixed]", "tx_scatter_gather_fraglist": "on [fixed]", "tcp_segmentation_offload": "on", "tx_tcp_segmentation": "on", "tx_tcp_ecn_segmentation": "on", "tx_tcp_mangleid_segmentation": "on", "tx_tcp6_segmentation": "on", "generic_segmentation_offload": "on", "generic_receive_offload": "on", "large_receive_offload": "off [fixed]", "rx_vlan_offload": "off [fixed]", "tx_vlan_offload": "off [fixed]", "ntuple_filters": "off [fixed]", "receive_hashing": "off [fixed]", "highdma": "on [fixed]", "rx_vlan_filter": "off [fixed]", "vlan_challenged": "on [fixed]", "tx_lockless": "on [fixed]", "netns_local": "on [fixed]", "tx_gso_robust": "off [fixed]", "tx_fcoe_segmentation": "off [fixed]", "tx_gre_segmentation": "off [fixed]", "tx_gre_csum_segmentation": "off [fixed]", "tx_ipxip4_segmentation": "off [fixed]", "tx_ipxip6_segmentation": "off [fixed]", "tx_udp_tnl_segmentation": "off [fixed]", "tx_udp_tnl_csum_segmentation": "off [fixed]", "tx_gso_partial": "off [fixed]", "tx_sctp_segmentation": "on", "tx_esp_segmentation": "off [fixed]", "tx_udp_segmentation": "off [fixed]", "tls_hw_rx_offload": "off [fixed]", "fcoe_mtu": "off [fixed]", "tx_nocache_copy": "off [fixed]", "loopback": "on [fixed]", "rx_fcs": "off [fixed]", "rx_all": "off [fixed]", "tx_vlan_stag_hw_insert": "off [fixed]", "rx_vlan_stag_hw_parse": "off [fixed]", "rx_vlan_stag_filter": "off [fixed]", "l2_fwd_offload": "off [fixed]", "hw_tc_offload": "off [fixed]", "esp_hw_offload": "off [fixed]", "esp_tx_csum_hw_offload": "off [fixed]", "rx_udp_tunnel_port_offload": "off [fixed]", "tls_hw_tx_offload": "off [fixed]", "rx_gro_hw": "off [fixed]", "tls_hw_record": "off [fixed]"}, "timestamping": ["tx_software", "rx_software", "software"], "hw_timestamp_filters": []}, "ansible_default_ipv4": {"gateway": "172.31.48.1", "interface": "eth0", "address": "172.31.55.240", "broadcast": "172.31.63.255", "netmask": "255.255.240.0", "network": "172.31.48.0", "macaddress": "12:66:01:54:78:3b", "mtu": 9001, "type": "ether", "alias": "eth0"}, "ansible_default_ipv6": {}, "ansible_all_ipv4_addresses": ["172.31.55.240"], "ansible_all_ipv6_addresses": ["fe80::1066:1ff:fe54:783b"], "ansible_hostnqn": "", "ansible_pkg_mgr": "dnf", "ansible_fips": false, "ansible_cmdline": {"BOOT_IMAGE": "(hd0,msdos2)/boot/vmlinuz-4.18.0-193.6.3.el8_2.x86_64", "root": "UUID=b437cbaa-8fe5-49e4-8537-0895c219037a", "ro": true, "console": "ttyS0,115200n8", "no_timer_check": true, "net.ifnames": "0", "nvme_core.io_timeout": "4294967295", "nvme_core.max_retries": "10", "crashkernel": "auto"}, "ansible_proc_cmdline": {"BOOT_IMAGE": "(hd0,msdos2)/boot/vmlinuz-4.18.0-193.6.3.el8_2.x86_64", "root": "UUID=b437cbaa-8fe5-49e4-8537-0895c219037a", "ro": true, "console": "ttyS0,115200n8", "no_timer_check": true, "net.ifnames": "0", "nvme_core.io_timeout": "4294967295", "nvme_core.max_retries": "10", "crashkernel": "auto"}, "ansible_lsb": {}, "ansible_iscsi_iqn": "", "ansible_service_mgr": "systemd", "gather_subset": ["all"], "module_setup": true}, "invocation": {"module_args": {"gather_subset": ["all"], "gather_timeout": 10, "filter": "*", "fact_path": "/etc/ansible/facts.d"}}}\r\n', b'OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020\r\ndebug1: Reading configuration data /home/ubuntu/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug2: resolve_canonicalize: hostname 3.94.101.241 is address\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 3587221\r\ndebug3: mux_client_request_session: session request sent\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\nShared connection to 3.94.101.241 closed.\r\n')
<3.94.101.241> ESTABLISH SSH CONNECTION FOR USER: centos
<3.94.101.241> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/home/ubuntu/.ssh/pfuntner-aws.pem"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/8a80c85447 3.94.101.241 '/bin/sh -c '"'"'rm -f -r /home/centos/.ansible/tmp/ansible-tmp-1614797458.0119333-3587217-271942784260232/ > /dev/null 2>&1 && sleep 0'"'"''
<3.94.101.241> (0, b'', b'OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020\r\ndebug1: Reading configuration data /home/ubuntu/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug2: resolve_canonicalize: hostname 3.94.101.241 is address\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 3587221\r\ndebug3: mux_client_request_session: session request sent\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
ok: [aws-centos8]
META: ran handlers

TASK [Get authselect information] **********************************************
task path: /home/ubuntu/sto/issues/CCC-1527/ansible-issue/pamd-and-authselect.yml:5
Wednesday 03 March 2021  13:50:59 -0500 (0:00:02.795)       0:00:02.809 ******* 
<3.94.101.241> ESTABLISH SSH CONNECTION FOR USER: centos
<3.94.101.241> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/home/ubuntu/.ssh/pfuntner-aws.pem"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/8a80c85447 3.94.101.241 '/bin/sh -c '"'"'echo ~centos && sleep 0'"'"''
<3.94.101.241> (0, b'/home/centos\n', b'OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020\r\ndebug1: Reading configuration data /home/ubuntu/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug2: resolve_canonicalize: hostname 3.94.101.241 is address\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 3587221\r\ndebug3: mux_client_request_session: session request sent\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
<3.94.101.241> ESTABLISH SSH CONNECTION FOR USER: centos
<3.94.101.241> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/home/ubuntu/.ssh/pfuntner-aws.pem"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/8a80c85447 3.94.101.241 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /home/centos/.ansible/tmp `"&& mkdir "` echo /home/centos/.ansible/tmp/ansible-tmp-1614797459.4383395-3587234-200625823243908 `" && echo ansible-tmp-1614797459.4383395-3587234-200625823243908="` echo /home/centos/.ansible/tmp/ansible-tmp-1614797459.4383395-3587234-200625823243908 `" ) && sleep 0'"'"''
<3.94.101.241> (0, b'ansible-tmp-1614797459.4383395-3587234-200625823243908=/home/centos/.ansible/tmp/ansible-tmp-1614797459.4383395-3587234-200625823243908\n', b'OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020\r\ndebug1: Reading configuration data /home/ubuntu/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug2: resolve_canonicalize: hostname 3.94.101.241 is address\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 3587221\r\ndebug3: mux_client_request_session: session request sent\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
Using module file /home/ubuntu/sto/cloud9-playbooks/jumphost/venv/lib/python3.8/site-packages/ansible/modules/command.py
<3.94.101.241> PUT /home/ubuntu/.ansible/tmp/ansible-local-3587209y185bfjx/tmpm7v7kxt8 TO /home/centos/.ansible/tmp/ansible-tmp-1614797459.4383395-3587234-200625823243908/AnsiballZ_command.py
<3.94.101.241> SSH: EXEC sftp -b - -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/home/ubuntu/.ssh/pfuntner-aws.pem"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/8a80c85447 '[3.94.101.241]'
<3.94.101.241> (0, b'sftp> put /home/ubuntu/.ansible/tmp/ansible-local-3587209y185bfjx/tmpm7v7kxt8 /home/centos/.ansible/tmp/ansible-tmp-1614797459.4383395-3587234-200625823243908/AnsiballZ_command.py\n', b'OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020\r\ndebug1: Reading configuration data /home/ubuntu/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug2: resolve_canonicalize: hostname 3.94.101.241 is address\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 3587221\r\ndebug3: mux_client_request_session: session request sent\r\ndebug2: Remote version: 3\r\ndebug2: Server supports extension "posix-rename@openssh.com" revision 1\r\ndebug2: Server supports extension "statvfs@openssh.com" revision 2\r\ndebug2: Server supports extension "fstatvfs@openssh.com" revision 2\r\ndebug2: Server supports extension "hardlink@openssh.com" revision 1\r\ndebug2: Server supports extension "fsync@openssh.com" revision 1\r\ndebug2: Server supports extension "lsetstat@openssh.com" revision 1\r\ndebug3: Sent message fd 3 T:16 I:1\r\ndebug3: SSH_FXP_REALPATH . -> /home/centos size 0\r\ndebug3: Looking up /home/ubuntu/.ansible/tmp/ansible-local-3587209y185bfjx/tmpm7v7kxt8\r\ndebug3: Sent message fd 3 T:17 I:2\r\ndebug3: Received stat reply T:101 I:2\r\ndebug1: Couldn\'t stat remote file: No such file or directory\r\ndebug3: Sent message SSH2_FXP_OPEN I:3 P:/home/centos/.ansible/tmp/ansible-tmp-1614797459.4383395-3587234-200625823243908/AnsiballZ_command.py\r\ndebug3: Sent message SSH2_FXP_WRITE I:4 O:0 S:32768\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop, ack for 4 32768 bytes at 0\r\ndebug3: Sent message SSH2_FXP_WRITE I:5 O:32768 S:32768\r\ndebug3: Sent message SSH2_FXP_WRITE I:6 O:65536 S:32768\r\ndebug3: Sent message SSH2_FXP_WRITE I:7 O:98304 S:21110\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop, ack for 5 32768 bytes at 32768\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop, ack for 6 32768 bytes at 65536\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop, ack for 7 21110 bytes at 98304\r\ndebug3: Sent message SSH2_FXP_CLOSE I:4\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
<3.94.101.241> ESTABLISH SSH CONNECTION FOR USER: centos
<3.94.101.241> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/home/ubuntu/.ssh/pfuntner-aws.pem"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/8a80c85447 3.94.101.241 '/bin/sh -c '"'"'chmod u+x /home/centos/.ansible/tmp/ansible-tmp-1614797459.4383395-3587234-200625823243908/ /home/centos/.ansible/tmp/ansible-tmp-1614797459.4383395-3587234-200625823243908/AnsiballZ_command.py && sleep 0'"'"''
<3.94.101.241> (0, b'', b'OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020\r\ndebug1: Reading configuration data /home/ubuntu/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug2: resolve_canonicalize: hostname 3.94.101.241 is address\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 3587221\r\ndebug3: mux_client_request_session: session request sent\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
<3.94.101.241> ESTABLISH SSH CONNECTION FOR USER: centos
<3.94.101.241> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/home/ubuntu/.ssh/pfuntner-aws.pem"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/8a80c85447 -tt 3.94.101.241 '/bin/sh -c '"'"'sudo -H -S -n  -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-azegohotqlhbotnvjofznfonuayuefpl ; /usr/libexec/platform-python /home/centos/.ansible/tmp/ansible-tmp-1614797459.4383395-3587234-200625823243908/AnsiballZ_command.py'"'"'"'"'"'"'"'"' && sleep 0'"'"''
Escalation succeeded
<3.94.101.241> (0, b'\r\n{"cmd": "authselect current; authselect check", "stdout": "Profile ID: sssd\\nEnabled features: None\\nCurrent configuration is valid.", "stderr": "", "rc": 0, "start": "2021-03-03 18:51:00.039044", "end": "2021-03-03 18:51:00.047495", "delta": "0:00:00.008451", "changed": true, "invocation": {"module_args": {"_raw_params": "authselect current; authselect check", "_uses_shell": true, "warn": true, "stdin_add_newline": true, "strip_empty_ends": true, "argv": null, "chdir": null, "executable": null, "creates": null, "removes": null, "stdin": null}}}\r\n', b'OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020\r\ndebug1: Reading configuration data /home/ubuntu/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug2: resolve_canonicalize: hostname 3.94.101.241 is address\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 3587221\r\ndebug3: mux_client_request_session: session request sent\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\nShared connection to 3.94.101.241 closed.\r\n')
<3.94.101.241> ESTABLISH SSH CONNECTION FOR USER: centos
<3.94.101.241> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/home/ubuntu/.ssh/pfuntner-aws.pem"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/8a80c85447 3.94.101.241 '/bin/sh -c '"'"'rm -f -r /home/centos/.ansible/tmp/ansible-tmp-1614797459.4383395-3587234-200625823243908/ > /dev/null 2>&1 && sleep 0'"'"''
<3.94.101.241> (0, b'', b'OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020\r\ndebug1: Reading configuration data /home/ubuntu/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug2: resolve_canonicalize: hostname 3.94.101.241 is address\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 3587221\r\ndebug3: mux_client_request_session: session request sent\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
changed: [aws-centos8] => {
    "changed": true,
    "cmd": "authselect current; authselect check",
    "delta": "0:00:00.008451",
    "end": "2021-03-03 18:51:00.047495",
    "invocation": {
        "module_args": {
            "_raw_params": "authselect current; authselect check",
            "_uses_shell": true,
            "argv": null,
            "chdir": null,
            "creates": null,
            "executable": null,
            "removes": null,
            "stdin": null,
            "stdin_add_newline": true,
            "strip_empty_ends": true,
            "warn": true
        }
    },
    "rc": 0,
    "start": "2021-03-03 18:51:00.039044",
    "stderr": "",
    "stderr_lines": [],
    "stdout": "Profile ID: sssd\nEnabled features: None\nCurrent configuration is valid.",
    "stdout_lines": [
        "Profile ID: sssd",
        "Enabled features: None",
        "Current configuration is valid."
    ]
}

TASK [Display authselect information] ******************************************
task path: /home/ubuntu/sto/issues/CCC-1527/ansible-issue/pamd-and-authselect.yml:9
Wednesday 03 March 2021  13:51:00 -0500 (0:00:00.755)       0:00:03.564 ******* 
ok: [aws-centos8] => {
    "output.stdout_lines": [
        "Profile ID: sssd",
        "Enabled features: None",
        "Current configuration is valid."
    ]
}

TASK [Get contents of /etc/pam.d/system-auth] **********************************
task path: /home/ubuntu/sto/issues/CCC-1527/ansible-issue/pamd-and-authselect.yml:13
Wednesday 03 March 2021  13:51:00 -0500 (0:00:00.040)       0:00:03.605 ******* 
<3.94.101.241> ESTABLISH SSH CONNECTION FOR USER: centos
<3.94.101.241> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/home/ubuntu/.ssh/pfuntner-aws.pem"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/8a80c85447 3.94.101.241 '/bin/sh -c '"'"'echo ~centos && sleep 0'"'"''
<3.94.101.241> (0, b'/home/centos\n', b'OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020\r\ndebug1: Reading configuration data /home/ubuntu/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug2: resolve_canonicalize: hostname 3.94.101.241 is address\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 3587221\r\ndebug3: mux_client_request_session: session request sent\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
<3.94.101.241> ESTABLISH SSH CONNECTION FOR USER: centos
<3.94.101.241> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/home/ubuntu/.ssh/pfuntner-aws.pem"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/8a80c85447 3.94.101.241 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /home/centos/.ansible/tmp `"&& mkdir "` echo /home/centos/.ansible/tmp/ansible-tmp-1614797460.230901-3587245-8103965057616 `" && echo ansible-tmp-1614797460.230901-3587245-8103965057616="` echo /home/centos/.ansible/tmp/ansible-tmp-1614797460.230901-3587245-8103965057616 `" ) && sleep 0'"'"''
<3.94.101.241> (0, b'ansible-tmp-1614797460.230901-3587245-8103965057616=/home/centos/.ansible/tmp/ansible-tmp-1614797460.230901-3587245-8103965057616\n', b'OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020\r\ndebug1: Reading configuration data /home/ubuntu/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug2: resolve_canonicalize: hostname 3.94.101.241 is address\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 3587221\r\ndebug3: mux_client_request_session: session request sent\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
Using module file /home/ubuntu/sto/cloud9-playbooks/jumphost/venv/lib/python3.8/site-packages/ansible/modules/command.py
<3.94.101.241> PUT /home/ubuntu/.ansible/tmp/ansible-local-3587209y185bfjx/tmpfot5oe7g TO /home/centos/.ansible/tmp/ansible-tmp-1614797460.230901-3587245-8103965057616/AnsiballZ_command.py
<3.94.101.241> SSH: EXEC sftp -b - -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/home/ubuntu/.ssh/pfuntner-aws.pem"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/8a80c85447 '[3.94.101.241]'
<3.94.101.241> (0, b'sftp> put /home/ubuntu/.ansible/tmp/ansible-local-3587209y185bfjx/tmpfot5oe7g /home/centos/.ansible/tmp/ansible-tmp-1614797460.230901-3587245-8103965057616/AnsiballZ_command.py\n', b'OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020\r\ndebug1: Reading configuration data /home/ubuntu/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug2: resolve_canonicalize: hostname 3.94.101.241 is address\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 3587221\r\ndebug3: mux_client_request_session: session request sent\r\ndebug2: Remote version: 3\r\ndebug2: Server supports extension "posix-rename@openssh.com" revision 1\r\ndebug2: Server supports extension "statvfs@openssh.com" revision 2\r\ndebug2: Server supports extension "fstatvfs@openssh.com" revision 2\r\ndebug2: Server supports extension "hardlink@openssh.com" revision 1\r\ndebug2: Server supports extension "fsync@openssh.com" revision 1\r\ndebug2: Server supports extension "lsetstat@openssh.com" revision 1\r\ndebug3: Sent message fd 3 T:16 I:1\r\ndebug3: SSH_FXP_REALPATH . -> /home/centos size 0\r\ndebug3: Looking up /home/ubuntu/.ansible/tmp/ansible-local-3587209y185bfjx/tmpfot5oe7g\r\ndebug3: Sent message fd 3 T:17 I:2\r\ndebug3: Received stat reply T:101 I:2\r\ndebug1: Couldn\'t stat remote file: No such file or directory\r\ndebug3: Sent message SSH2_FXP_OPEN I:3 P:/home/centos/.ansible/tmp/ansible-tmp-1614797460.230901-3587245-8103965057616/AnsiballZ_command.py\r\ndebug3: Sent message SSH2_FXP_WRITE I:4 O:0 S:32768\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop, ack for 4 32768 bytes at 0\r\ndebug3: Sent message SSH2_FXP_WRITE I:5 O:32768 S:32768\r\ndebug3: Sent message SSH2_FXP_WRITE I:6 O:65536 S:32768\r\ndebug3: Sent message SSH2_FXP_WRITE I:7 O:98304 S:21075\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop, ack for 5 32768 bytes at 32768\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop, ack for 6 32768 bytes at 65536\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop, ack for 7 21075 bytes at 98304\r\ndebug3: Sent message SSH2_FXP_CLOSE I:4\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
<3.94.101.241> ESTABLISH SSH CONNECTION FOR USER: centos
<3.94.101.241> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/home/ubuntu/.ssh/pfuntner-aws.pem"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/8a80c85447 3.94.101.241 '/bin/sh -c '"'"'chmod u+x /home/centos/.ansible/tmp/ansible-tmp-1614797460.230901-3587245-8103965057616/ /home/centos/.ansible/tmp/ansible-tmp-1614797460.230901-3587245-8103965057616/AnsiballZ_command.py && sleep 0'"'"''
<3.94.101.241> (0, b'', b'OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020\r\ndebug1: Reading configuration data /home/ubuntu/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug2: resolve_canonicalize: hostname 3.94.101.241 is address\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 3587221\r\ndebug3: mux_client_request_session: session request sent\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
<3.94.101.241> ESTABLISH SSH CONNECTION FOR USER: centos
<3.94.101.241> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/home/ubuntu/.ssh/pfuntner-aws.pem"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/8a80c85447 -tt 3.94.101.241 '/bin/sh -c '"'"'sudo -H -S -n  -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-mtoybfrwbjhwcknjvqigfflxxzebyflv ; /usr/libexec/platform-python /home/centos/.ansible/tmp/ansible-tmp-1614797460.230901-3587245-8103965057616/AnsiballZ_command.py'"'"'"'"'"'"'"'"' && sleep 0'"'"''
Escalation succeeded
<3.94.101.241> (0, b'\r\n{"cmd": ["cat", "/etc/pam.d/system-auth"], "stdout": "# Generated by authselect on Thu Jun 11 02:39:41 2020\\n# Do not modify this file manually.\\n\\nauth        required                                     pam_env.so\\nauth        required                                     pam_faildelay.so delay=2000000\\nauth        [default=1 ignore=ignore success=ok]         pam_succeed_if.so uid >= 1000 quiet\\nauth        [default=1 ignore=ignore success=ok]         pam_localuser.so\\nauth        sufficient                                   pam_unix.so nullok try_first_pass\\nauth        requisite                                    pam_succeed_if.so uid >= 1000 quiet_success\\nauth        sufficient                                   pam_sss.so forward_pass\\nauth        required                                     pam_deny.so\\n\\naccount     required                                     pam_unix.so\\naccount     sufficient                                   pam_localuser.so\\naccount     sufficient                                   pam_succeed_if.so uid < 1000 quiet\\naccount     [default=bad success=ok user_unknown=ignore] pam_sss.so\\naccount     required                                     pam_permit.so\\n\\npassword    requisite                                    pam_pwquality.so try_first_pass local_users_only\\npassword    sufficient                                   pam_unix.so sha512 shadow nullok try_first_pass use_authtok\\npassword    sufficient                                   pam_sss.so use_authtok\\npassword    required                                     pam_deny.so\\n\\nsession     optional                                     pam_keyinit.so revoke\\nsession     required                                     pam_limits.so\\n-session    optional                                     pam_systemd.so\\nsession     [success=1 default=ignore]                   pam_succeed_if.so service in crond quiet use_uid\\nsession     required                                     pam_unix.so\\nsession     optional                                     pam_sss.so", "stderr": "", "rc": 0, "start": "2021-03-03 18:51:00.702749", "end": "2021-03-03 18:51:00.705577", "delta": "0:00:00.002828", "changed": true, "invocation": {"module_args": {"_raw_params": "cat /etc/pam.d/system-auth", "warn": true, "_uses_shell": false, "stdin_add_newline": true, "strip_empty_ends": true, "argv": null, "chdir": null, "executable": null, "creates": null, "removes": null, "stdin": null}}}\r\n', b'OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020\r\ndebug1: Reading configuration data /home/ubuntu/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug2: resolve_canonicalize: hostname 3.94.101.241 is address\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 3587221\r\ndebug3: mux_client_request_session: session request sent\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\nShared connection to 3.94.101.241 closed.\r\n')
<3.94.101.241> ESTABLISH SSH CONNECTION FOR USER: centos
<3.94.101.241> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/home/ubuntu/.ssh/pfuntner-aws.pem"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/8a80c85447 3.94.101.241 '/bin/sh -c '"'"'rm -f -r /home/centos/.ansible/tmp/ansible-tmp-1614797460.230901-3587245-8103965057616/ > /dev/null 2>&1 && sleep 0'"'"''
<3.94.101.241> (0, b'', b'OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020\r\ndebug1: Reading configuration data /home/ubuntu/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug2: resolve_canonicalize: hostname 3.94.101.241 is address\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 3587221\r\ndebug3: mux_client_request_session: session request sent\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
changed: [aws-centos8] => {
    "changed": true,
    "cmd": [
        "cat",
        "/etc/pam.d/system-auth"
    ],
    "delta": "0:00:00.002828",
    "end": "2021-03-03 18:51:00.705577",
    "invocation": {
        "module_args": {
            "_raw_params": "cat /etc/pam.d/system-auth",
            "_uses_shell": false,
            "argv": null,
            "chdir": null,
            "creates": null,
            "executable": null,
            "removes": null,
            "stdin": null,
            "stdin_add_newline": true,
            "strip_empty_ends": true,
            "warn": true
        }
    },
    "rc": 0,
    "start": "2021-03-03 18:51:00.702749",
    "stderr": "",
    "stderr_lines": [],
    "stdout": "# Generated by authselect on Thu Jun 11 02:39:41 2020\n# Do not modify this file manually.\n\nauth        required                                     pam_env.so\nauth        required                                     pam_faildelay.so delay=2000000\nauth        [default=1 ignore=ignore success=ok]         pam_succeed_if.so uid >= 1000 quiet\nauth        [default=1 ignore=ignore success=ok]         pam_localuser.so\nauth        sufficient                                   pam_unix.so nullok try_first_pass\nauth        requisite                                    pam_succeed_if.so uid >= 1000 quiet_success\nauth        sufficient                                   pam_sss.so forward_pass\nauth        required                                     pam_deny.so\n\naccount     required                                     pam_unix.so\naccount     sufficient                                   pam_localuser.so\naccount     sufficient                                   pam_succeed_if.so uid < 1000 quiet\naccount     [default=bad success=ok user_unknown=ignore] pam_sss.so\naccount     required                                     pam_permit.so\n\npassword    requisite                                    pam_pwquality.so try_first_pass local_users_only\npassword    sufficient                                   pam_unix.so sha512 shadow nullok try_first_pass use_authtok\npassword    sufficient                                   pam_sss.so use_authtok\npassword    required                                     pam_deny.so\n\nsession     optional                                     pam_keyinit.so revoke\nsession     required                                     pam_limits.so\n-session    optional                                     pam_systemd.so\nsession     [success=1 default=ignore]                   pam_succeed_if.so service in crond quiet use_uid\nsession     required                                     pam_unix.so\nsession     optional                                     pam_sss.so",
    "stdout_lines": [
        "# Generated by authselect on Thu Jun 11 02:39:41 2020",
        "# Do not modify this file manually.",
        "",
        "auth        required                                     pam_env.so",
        "auth        required                                     pam_faildelay.so delay=2000000",
        "auth        [default=1 ignore=ignore success=ok]         pam_succeed_if.so uid >= 1000 quiet",
        "auth        [default=1 ignore=ignore success=ok]         pam_localuser.so",
        "auth        sufficient                                   pam_unix.so nullok try_first_pass",
        "auth        requisite                                    pam_succeed_if.so uid >= 1000 quiet_success",
        "auth        sufficient                                   pam_sss.so forward_pass",
        "auth        required                                     pam_deny.so",
        "",
        "account     required                                     pam_unix.so",
        "account     sufficient                                   pam_localuser.so",
        "account     sufficient                                   pam_succeed_if.so uid < 1000 quiet",
        "account     [default=bad success=ok user_unknown=ignore] pam_sss.so",
        "account     required                                     pam_permit.so",
        "",
        "password    requisite                                    pam_pwquality.so try_first_pass local_users_only",
        "password    sufficient                                   pam_unix.so sha512 shadow nullok try_first_pass use_authtok",
        "password    sufficient                                   pam_sss.so use_authtok",
        "password    required                                     pam_deny.so",
        "",
        "session     optional                                     pam_keyinit.so revoke",
        "session     required                                     pam_limits.so",
        "-session    optional                                     pam_systemd.so",
        "session     [success=1 default=ignore]                   pam_succeed_if.so service in crond quiet use_uid",
        "session     required                                     pam_unix.so",
        "session     optional                                     pam_sss.so"
    ]
}

TASK [Display contents of /etc/pam.d/system-auth] ******************************
task path: /home/ubuntu/sto/issues/CCC-1527/ansible-issue/pamd-and-authselect.yml:17
Wednesday 03 March 2021  13:51:00 -0500 (0:00:00.613)       0:00:04.218 ******* 
ok: [aws-centos8] => {
    "output.stdout_lines": [
        "# Generated by authselect on Thu Jun 11 02:39:41 2020",
        "# Do not modify this file manually.",
        "",
        "auth        required                                     pam_env.so",
        "auth        required                                     pam_faildelay.so delay=2000000",
        "auth        [default=1 ignore=ignore success=ok]         pam_succeed_if.so uid >= 1000 quiet",
        "auth        [default=1 ignore=ignore success=ok]         pam_localuser.so",
        "auth        sufficient                                   pam_unix.so nullok try_first_pass",
        "auth        requisite                                    pam_succeed_if.so uid >= 1000 quiet_success",
        "auth        sufficient                                   pam_sss.so forward_pass",
        "auth        required                                     pam_deny.so",
        "",
        "account     required                                     pam_unix.so",
        "account     sufficient                                   pam_localuser.so",
        "account     sufficient                                   pam_succeed_if.so uid < 1000 quiet",
        "account     [default=bad success=ok user_unknown=ignore] pam_sss.so",
        "account     required                                     pam_permit.so",
        "",
        "password    requisite                                    pam_pwquality.so try_first_pass local_users_only",
        "password    sufficient                                   pam_unix.so sha512 shadow nullok try_first_pass use_authtok",
        "password    sufficient                                   pam_sss.so use_authtok",
        "password    required                                     pam_deny.so",
        "",
        "session     optional                                     pam_keyinit.so revoke",
        "session     required                                     pam_limits.so",
        "-session    optional                                     pam_systemd.so",
        "session     [success=1 default=ignore]                   pam_succeed_if.so service in crond quiet use_uid",
        "session     required                                     pam_unix.so",
        "session     optional                                     pam_sss.so"
    ]
}

TASK [Get contents of /usr/share/authselect/default/sssd/system-auth] **********
task path: /home/ubuntu/sto/issues/CCC-1527/ansible-issue/pamd-and-authselect.yml:21
Wednesday 03 March 2021  13:51:00 -0500 (0:00:00.037)       0:00:04.256 ******* 
<3.94.101.241> ESTABLISH SSH CONNECTION FOR USER: centos
<3.94.101.241> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/home/ubuntu/.ssh/pfuntner-aws.pem"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/8a80c85447 3.94.101.241 '/bin/sh -c '"'"'echo ~centos && sleep 0'"'"''
<3.94.101.241> (0, b'/home/centos\n', b'OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020\r\ndebug1: Reading configuration data /home/ubuntu/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug2: resolve_canonicalize: hostname 3.94.101.241 is address\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 3587221\r\ndebug3: mux_client_request_session: session request sent\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
<3.94.101.241> ESTABLISH SSH CONNECTION FOR USER: centos
<3.94.101.241> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/home/ubuntu/.ssh/pfuntner-aws.pem"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/8a80c85447 3.94.101.241 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /home/centos/.ansible/tmp `"&& mkdir "` echo /home/centos/.ansible/tmp/ansible-tmp-1614797460.8819623-3587259-61898767745064 `" && echo ansible-tmp-1614797460.8819623-3587259-61898767745064="` echo /home/centos/.ansible/tmp/ansible-tmp-1614797460.8819623-3587259-61898767745064 `" ) && sleep 0'"'"''
<3.94.101.241> (0, b'ansible-tmp-1614797460.8819623-3587259-61898767745064=/home/centos/.ansible/tmp/ansible-tmp-1614797460.8819623-3587259-61898767745064\n', b'OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020\r\ndebug1: Reading configuration data /home/ubuntu/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug2: resolve_canonicalize: hostname 3.94.101.241 is address\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 3587221\r\ndebug3: mux_client_request_session: session request sent\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
Using module file /home/ubuntu/sto/cloud9-playbooks/jumphost/venv/lib/python3.8/site-packages/ansible/modules/command.py
<3.94.101.241> PUT /home/ubuntu/.ansible/tmp/ansible-local-3587209y185bfjx/tmpd1sam6t6 TO /home/centos/.ansible/tmp/ansible-tmp-1614797460.8819623-3587259-61898767745064/AnsiballZ_command.py
<3.94.101.241> SSH: EXEC sftp -b - -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/home/ubuntu/.ssh/pfuntner-aws.pem"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/8a80c85447 '[3.94.101.241]'
<3.94.101.241> (0, b'sftp> put /home/ubuntu/.ansible/tmp/ansible-local-3587209y185bfjx/tmpd1sam6t6 /home/centos/.ansible/tmp/ansible-tmp-1614797460.8819623-3587259-61898767745064/AnsiballZ_command.py\n', b'OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020\r\ndebug1: Reading configuration data /home/ubuntu/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug2: resolve_canonicalize: hostname 3.94.101.241 is address\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 3587221\r\ndebug3: mux_client_request_session: session request sent\r\ndebug2: Remote version: 3\r\ndebug2: Server supports extension "posix-rename@openssh.com" revision 1\r\ndebug2: Server supports extension "statvfs@openssh.com" revision 2\r\ndebug2: Server supports extension "fstatvfs@openssh.com" revision 2\r\ndebug2: Server supports extension "hardlink@openssh.com" revision 1\r\ndebug2: Server supports extension "fsync@openssh.com" revision 1\r\ndebug2: Server supports extension "lsetstat@openssh.com" revision 1\r\ndebug3: Sent message fd 3 T:16 I:1\r\ndebug3: SSH_FXP_REALPATH . -> /home/centos size 0\r\ndebug3: Looking up /home/ubuntu/.ansible/tmp/ansible-local-3587209y185bfjx/tmpd1sam6t6\r\ndebug3: Sent message fd 3 T:17 I:2\r\ndebug3: Received stat reply T:101 I:2\r\ndebug1: Couldn\'t stat remote file: No such file or directory\r\ndebug3: Sent message SSH2_FXP_OPEN I:3 P:/home/centos/.ansible/tmp/ansible-tmp-1614797460.8819623-3587259-61898767745064/AnsiballZ_command.py\r\ndebug3: Sent message SSH2_FXP_WRITE I:4 O:0 S:32768\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop, ack for 4 32768 bytes at 0\r\ndebug3: Sent message SSH2_FXP_WRITE I:5 O:32768 S:32768\r\ndebug3: Sent message SSH2_FXP_WRITE I:6 O:65536 S:32768\r\ndebug3: Sent message SSH2_FXP_WRITE I:7 O:98304 S:21101\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop, ack for 5 32768 bytes at 32768\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop, ack for 6 32768 bytes at 65536\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop, ack for 7 21101 bytes at 98304\r\ndebug3: Sent message SSH2_FXP_CLOSE I:4\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
<3.94.101.241> ESTABLISH SSH CONNECTION FOR USER: centos
<3.94.101.241> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/home/ubuntu/.ssh/pfuntner-aws.pem"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/8a80c85447 3.94.101.241 '/bin/sh -c '"'"'chmod u+x /home/centos/.ansible/tmp/ansible-tmp-1614797460.8819623-3587259-61898767745064/ /home/centos/.ansible/tmp/ansible-tmp-1614797460.8819623-3587259-61898767745064/AnsiballZ_command.py && sleep 0'"'"''
<3.94.101.241> (0, b'', b'OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020\r\ndebug1: Reading configuration data /home/ubuntu/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug2: resolve_canonicalize: hostname 3.94.101.241 is address\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 3587221\r\ndebug3: mux_client_request_session: session request sent\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
<3.94.101.241> ESTABLISH SSH CONNECTION FOR USER: centos
<3.94.101.241> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/home/ubuntu/.ssh/pfuntner-aws.pem"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/8a80c85447 -tt 3.94.101.241 '/bin/sh -c '"'"'sudo -H -S -n  -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-pujyqqyddpzdehuyfysjjtyizmkinafb ; /usr/libexec/platform-python /home/centos/.ansible/tmp/ansible-tmp-1614797460.8819623-3587259-61898767745064/AnsiballZ_command.py'"'"'"'"'"'"'"'"' && sleep 0'"'"''
Escalation succeeded
<3.94.101.241> (0, b'\r\n{"cmd": ["cat", "/usr/share/authselect/default/sssd/system-auth"], "stdout": "{imply \\"with-smartcard\\" if \\"with-smartcard-required\\"}\\nauth        required                                     pam_env.so\\nauth        required                                     pam_faildelay.so delay=2000000\\nauth        required                                     pam_faillock.so preauth silent deny=4 unlock_time=1200 {include if \\"with-faillock\\"}\\nauth        [success=1 default=ignore]                   pam_succeed_if.so service notin login:gdm:xdm:kdm:xscreensaver:gnome-screensaver:kscreensaver quiet use_uid {include if \\"with-smartcard-required\\"}\\nauth        [success=done ignore=ignore default=die]     pam_sss.so require_cert_auth ignore_authinfo_unavail   {include if \\"with-smartcard-required\\"}\\nauth        sufficient                                   pam_fprintd.so                                         {include if \\"with-fingerprint\\"}\\nauth        sufficient                                   pam_u2f.so cue                                         {include if \\"with-pam-u2f\\"}\\nauth        required                                     pam_u2f.so cue nouserok                                {include if \\"with-pam-u2f-2fa\\"}\\nauth        [default=1 ignore=ignore success=ok]         pam_succeed_if.so uid >= 1000 quiet\\nauth        [default=1 ignore=ignore success=ok]         pam_localuser.so                                       {exclude if \\"with-smartcard\\"}\\nauth        [default=2 ignore=ignore success=ok]         pam_localuser.so                                       {include if \\"with-smartcard\\"}\\nauth        [success=done authinfo_unavail=ignore ignore=ignore default=die] pam_sss.so try_cert_auth           {include if \\"with-smartcard\\"}\\nauth        sufficient                                   pam_unix.so {if not \\"without-nullok\\":nullok} try_first_pass\\nauth        requisite                                    pam_succeed_if.so uid >= 1000 quiet_success\\nauth        sufficient                                   pam_sss.so forward_pass\\nauth        required                                     pam_faillock.so authfail deny=4 unlock_time=1200       {include if \\"with-faillock\\"}\\nauth        required                                     pam_deny.so\\n\\naccount     required                                     pam_access.so                                          {include if \\"with-pamaccess\\"}\\naccount     required                                     pam_faillock.so                                        {include if \\"with-faillock\\"}\\naccount     required                                     pam_unix.so\\naccount     sufficient                                   pam_localuser.so\\naccount     sufficient                                   pam_succeed_if.so uid < 1000 quiet\\naccount     [default=bad success=ok user_unknown=ignore] pam_sss.so\\naccount     required                                     pam_permit.so\\n\\npassword    requisite                                    pam_pwquality.so try_first_pass local_users_only\\npassword    sufficient                                   pam_unix.so sha512 shadow {if not \\"without-nullok\\":nullok} try_first_pass use_authtok\\npassword    sufficient                                   pam_sss.so use_authtok\\npassword    required                                     pam_deny.so\\n\\nsession     optional                                     pam_keyinit.so revoke\\nsession     required                                     pam_limits.so\\n-session    optional                                     pam_systemd.so\\nsession     optional                                     pam_oddjob_mkhomedir.so umask=0077                    {include if \\"with-mkhomedir\\"}\\nsession     [success=1 default=ignore]                   pam_succeed_if.so service in crond quiet use_uid\\nsession     required                                     pam_unix.so\\nsession     optional                                     pam_sss.so", "stderr": "", "rc": 0, "start": "2021-03-03 18:51:01.335654", "end": "2021-03-03 18:51:01.338455", "delta": "0:00:00.002801", "changed": true, "invocation": {"module_args": {"_raw_params": "cat /usr/share/authselect/default/sssd/system-auth", "warn": true, "_uses_shell": false, "stdin_add_newline": true, "strip_empty_ends": true, "argv": null, "chdir": null, "executable": null, "creates": null, "removes": null, "stdin": null}}}\r\n', b'OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020\r\ndebug1: Reading configuration data /home/ubuntu/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug2: resolve_canonicalize: hostname 3.94.101.241 is address\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 3587221\r\ndebug3: mux_client_request_session: session request sent\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\nShared connection to 3.94.101.241 closed.\r\n')
<3.94.101.241> ESTABLISH SSH CONNECTION FOR USER: centos
<3.94.101.241> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/home/ubuntu/.ssh/pfuntner-aws.pem"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/8a80c85447 3.94.101.241 '/bin/sh -c '"'"'rm -f -r /home/centos/.ansible/tmp/ansible-tmp-1614797460.8819623-3587259-61898767745064/ > /dev/null 2>&1 && sleep 0'"'"''
<3.94.101.241> (0, b'', b'OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020\r\ndebug1: Reading configuration data /home/ubuntu/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug2: resolve_canonicalize: hostname 3.94.101.241 is address\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 3587221\r\ndebug3: mux_client_request_session: session request sent\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
changed: [aws-centos8] => {
    "changed": true,
    "cmd": [
        "cat",
        "/usr/share/authselect/default/sssd/system-auth"
    ],
    "delta": "0:00:00.002801",
    "end": "2021-03-03 18:51:01.338455",
    "invocation": {
        "module_args": {
            "_raw_params": "cat /usr/share/authselect/default/sssd/system-auth",
            "_uses_shell": false,
            "argv": null,
            "chdir": null,
            "creates": null,
            "executable": null,
            "removes": null,
            "stdin": null,
            "stdin_add_newline": true,
            "strip_empty_ends": true,
            "warn": true
        }
    },
    "rc": 0,
    "start": "2021-03-03 18:51:01.335654",
    "stderr": "",
    "stderr_lines": [],
    "stdout": "{imply \"with-smartcard\" if \"with-smartcard-required\"}\nauth        required                                     pam_env.so\nauth        required                                     pam_faildelay.so delay=2000000\nauth        required                                     pam_faillock.so preauth silent deny=4 unlock_time=1200 {include if \"with-faillock\"}\nauth        [success=1 default=ignore]                   pam_succeed_if.so service notin login:gdm:xdm:kdm:xscreensaver:gnome-screensaver:kscreensaver quiet use_uid {include if \"with-smartcard-required\"}\nauth        [success=done ignore=ignore default=die]     pam_sss.so require_cert_auth ignore_authinfo_unavail   {include if \"with-smartcard-required\"}\nauth        sufficient                                   pam_fprintd.so                                         {include if \"with-fingerprint\"}\nauth        sufficient                                   pam_u2f.so cue                                         {include if \"with-pam-u2f\"}\nauth        required                                     pam_u2f.so cue nouserok                                {include if \"with-pam-u2f-2fa\"}\nauth        [default=1 ignore=ignore success=ok]         pam_succeed_if.so uid >= 1000 quiet\nauth        [default=1 ignore=ignore success=ok]         pam_localuser.so                                       {exclude if \"with-smartcard\"}\nauth        [default=2 ignore=ignore success=ok]         pam_localuser.so                                       {include if \"with-smartcard\"}\nauth        [success=done authinfo_unavail=ignore ignore=ignore default=die] pam_sss.so try_cert_auth           {include if \"with-smartcard\"}\nauth        sufficient                                   pam_unix.so {if not \"without-nullok\":nullok} try_first_pass\nauth        requisite                                    pam_succeed_if.so uid >= 1000 quiet_success\nauth        sufficient                                   pam_sss.so forward_pass\nauth        required                                     pam_faillock.so authfail deny=4 unlock_time=1200       {include if \"with-faillock\"}\nauth        required                                     pam_deny.so\n\naccount     required                                     pam_access.so                                          {include if \"with-pamaccess\"}\naccount     required                                     pam_faillock.so                                        {include if \"with-faillock\"}\naccount     required                                     pam_unix.so\naccount     sufficient                                   pam_localuser.so\naccount     sufficient                                   pam_succeed_if.so uid < 1000 quiet\naccount     [default=bad success=ok user_unknown=ignore] pam_sss.so\naccount     required                                     pam_permit.so\n\npassword    requisite                                    pam_pwquality.so try_first_pass local_users_only\npassword    sufficient                                   pam_unix.so sha512 shadow {if not \"without-nullok\":nullok} try_first_pass use_authtok\npassword    sufficient                                   pam_sss.so use_authtok\npassword    required                                     pam_deny.so\n\nsession     optional                                     pam_keyinit.so revoke\nsession     required                                     pam_limits.so\n-session    optional                                     pam_systemd.so\nsession     optional                                     pam_oddjob_mkhomedir.so umask=0077                    {include if \"with-mkhomedir\"}\nsession     [success=1 default=ignore]                   pam_succeed_if.so service in crond quiet use_uid\nsession     required                                     pam_unix.so\nsession     optional                                     pam_sss.so",
    "stdout_lines": [
        "{imply \"with-smartcard\" if \"with-smartcard-required\"}",
        "auth        required                                     pam_env.so",
        "auth        required                                     pam_faildelay.so delay=2000000",
        "auth        required                                     pam_faillock.so preauth silent deny=4 unlock_time=1200 {include if \"with-faillock\"}",
        "auth        [success=1 default=ignore]                   pam_succeed_if.so service notin login:gdm:xdm:kdm:xscreensaver:gnome-screensaver:kscreensaver quiet use_uid {include if \"with-smartcard-required\"}",
        "auth        [success=done ignore=ignore default=die]     pam_sss.so require_cert_auth ignore_authinfo_unavail   {include if \"with-smartcard-required\"}",
        "auth        sufficient                                   pam_fprintd.so                                         {include if \"with-fingerprint\"}",
        "auth        sufficient                                   pam_u2f.so cue                                         {include if \"with-pam-u2f\"}",
        "auth        required                                     pam_u2f.so cue nouserok                                {include if \"with-pam-u2f-2fa\"}",
        "auth        [default=1 ignore=ignore success=ok]         pam_succeed_if.so uid >= 1000 quiet",
        "auth        [default=1 ignore=ignore success=ok]         pam_localuser.so                                       {exclude if \"with-smartcard\"}",
        "auth        [default=2 ignore=ignore success=ok]         pam_localuser.so                                       {include if \"with-smartcard\"}",
        "auth        [success=done authinfo_unavail=ignore ignore=ignore default=die] pam_sss.so try_cert_auth           {include if \"with-smartcard\"}",
        "auth        sufficient                                   pam_unix.so {if not \"without-nullok\":nullok} try_first_pass",
        "auth        requisite                                    pam_succeed_if.so uid >= 1000 quiet_success",
        "auth        sufficient                                   pam_sss.so forward_pass",
        "auth        required                                     pam_faillock.so authfail deny=4 unlock_time=1200       {include if \"with-faillock\"}",
        "auth        required                                     pam_deny.so",
        "",
        "account     required                                     pam_access.so                                          {include if \"with-pamaccess\"}",
        "account     required                                     pam_faillock.so                                        {include if \"with-faillock\"}",
        "account     required                                     pam_unix.so",
        "account     sufficient                                   pam_localuser.so",
        "account     sufficient                                   pam_succeed_if.so uid < 1000 quiet",
        "account     [default=bad success=ok user_unknown=ignore] pam_sss.so",
        "account     required                                     pam_permit.so",
        "",
        "password    requisite                                    pam_pwquality.so try_first_pass local_users_only",
        "password    sufficient                                   pam_unix.so sha512 shadow {if not \"without-nullok\":nullok} try_first_pass use_authtok",
        "password    sufficient                                   pam_sss.so use_authtok",
        "password    required                                     pam_deny.so",
        "",
        "session     optional                                     pam_keyinit.so revoke",
        "session     required                                     pam_limits.so",
        "-session    optional                                     pam_systemd.so",
        "session     optional                                     pam_oddjob_mkhomedir.so umask=0077                    {include if \"with-mkhomedir\"}",
        "session     [success=1 default=ignore]                   pam_succeed_if.so service in crond quiet use_uid",
        "session     required                                     pam_unix.so",
        "session     optional                                     pam_sss.so"
    ]
}

TASK [Display contents of /usr/share/authselect/default/sssd/system-auth] ******
task path: /home/ubuntu/sto/issues/CCC-1527/ansible-issue/pamd-and-authselect.yml:25
Wednesday 03 March 2021  13:51:01 -0500 (0:00:00.596)       0:00:04.852 ******* 
ok: [aws-centos8] => {
    "output.stdout_lines": [
        "{imply \"with-smartcard\" if \"with-smartcard-required\"}",
        "auth        required                                     pam_env.so",
        "auth        required                                     pam_faildelay.so delay=2000000",
        "auth        required                                     pam_faillock.so preauth silent deny=4 unlock_time=1200 {include if \"with-faillock\"}",
        "auth        [success=1 default=ignore]                   pam_succeed_if.so service notin login:gdm:xdm:kdm:xscreensaver:gnome-screensaver:kscreensaver quiet use_uid {include if \"with-smartcard-required\"}",
        "auth        [success=done ignore=ignore default=die]     pam_sss.so require_cert_auth ignore_authinfo_unavail   {include if \"with-smartcard-required\"}",
        "auth        sufficient                                   pam_fprintd.so                                         {include if \"with-fingerprint\"}",
        "auth        sufficient                                   pam_u2f.so cue                                         {include if \"with-pam-u2f\"}",
        "auth        required                                     pam_u2f.so cue nouserok                                {include if \"with-pam-u2f-2fa\"}",
        "auth        [default=1 ignore=ignore success=ok]         pam_succeed_if.so uid >= 1000 quiet",
        "auth        [default=1 ignore=ignore success=ok]         pam_localuser.so                                       {exclude if \"with-smartcard\"}",
        "auth        [default=2 ignore=ignore success=ok]         pam_localuser.so                                       {include if \"with-smartcard\"}",
        "auth        [success=done authinfo_unavail=ignore ignore=ignore default=die] pam_sss.so try_cert_auth           {include if \"with-smartcard\"}",
        "auth        sufficient                                   pam_unix.so {if not \"without-nullok\":nullok} try_first_pass",
        "auth        requisite                                    pam_succeed_if.so uid >= 1000 quiet_success",
        "auth        sufficient                                   pam_sss.so forward_pass",
        "auth        required                                     pam_faillock.so authfail deny=4 unlock_time=1200       {include if \"with-faillock\"}",
        "auth        required                                     pam_deny.so",
        "",
        "account     required                                     pam_access.so                                          {include if \"with-pamaccess\"}",
        "account     required                                     pam_faillock.so                                        {include if \"with-faillock\"}",
        "account     required                                     pam_unix.so",
        "account     sufficient                                   pam_localuser.so",
        "account     sufficient                                   pam_succeed_if.so uid < 1000 quiet",
        "account     [default=bad success=ok user_unknown=ignore] pam_sss.so",
        "account     required                                     pam_permit.so",
        "",
        "password    requisite                                    pam_pwquality.so try_first_pass local_users_only",
        "password    sufficient                                   pam_unix.so sha512 shadow {if not \"without-nullok\":nullok} try_first_pass use_authtok",
        "password    sufficient                                   pam_sss.so use_authtok",
        "password    required                                     pam_deny.so",
        "",
        "session     optional                                     pam_keyinit.so revoke",
        "session     required                                     pam_limits.so",
        "-session    optional                                     pam_systemd.so",
        "session     optional                                     pam_oddjob_mkhomedir.so umask=0077                    {include if \"with-mkhomedir\"}",
        "session     [success=1 default=ignore]                   pam_succeed_if.so service in crond quiet use_uid",
        "session     required                                     pam_unix.so",
        "session     optional                                     pam_sss.so"
    ]
}

TASK [Invoke pamd module to assure "auth required pam_env.so" rule is present] ***
task path: /home/ubuntu/sto/issues/CCC-1527/ansible-issue/pamd-and-authselect.yml:29
Wednesday 03 March 2021  13:51:01 -0500 (0:00:00.039)       0:00:04.892 ******* 
<3.94.101.241> ESTABLISH SSH CONNECTION FOR USER: centos
<3.94.101.241> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/home/ubuntu/.ssh/pfuntner-aws.pem"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/8a80c85447 3.94.101.241 '/bin/sh -c '"'"'echo ~centos && sleep 0'"'"''
<3.94.101.241> (0, b'/home/centos\n', b'OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020\r\ndebug1: Reading configuration data /home/ubuntu/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug2: resolve_canonicalize: hostname 3.94.101.241 is address\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 3587221\r\ndebug3: mux_client_request_session: session request sent\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
<3.94.101.241> ESTABLISH SSH CONNECTION FOR USER: centos
<3.94.101.241> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/home/ubuntu/.ssh/pfuntner-aws.pem"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/8a80c85447 3.94.101.241 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /home/centos/.ansible/tmp `"&& mkdir "` echo /home/centos/.ansible/tmp/ansible-tmp-1614797461.5190372-3587270-231380546327789 `" && echo ansible-tmp-1614797461.5190372-3587270-231380546327789="` echo /home/centos/.ansible/tmp/ansible-tmp-1614797461.5190372-3587270-231380546327789 `" ) && sleep 0'"'"''
<3.94.101.241> (0, b'ansible-tmp-1614797461.5190372-3587270-231380546327789=/home/centos/.ansible/tmp/ansible-tmp-1614797461.5190372-3587270-231380546327789\n', b'OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020\r\ndebug1: Reading configuration data /home/ubuntu/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug2: resolve_canonicalize: hostname 3.94.101.241 is address\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 3587221\r\ndebug3: mux_client_request_session: session request sent\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
redirecting (type: modules) ansible.builtin.pamd to community.general.pamd
Using module file /home/ubuntu/.ansible/collections/ansible_collections/community/general/plugins/modules/pamd.py
<3.94.101.241> PUT /home/ubuntu/.ansible/tmp/ansible-local-3587209y185bfjx/tmpkvqixbs6 TO /home/centos/.ansible/tmp/ansible-tmp-1614797461.5190372-3587270-231380546327789/AnsiballZ_pamd.py
<3.94.101.241> SSH: EXEC sftp -b - -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/home/ubuntu/.ssh/pfuntner-aws.pem"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/8a80c85447 '[3.94.101.241]'
<3.94.101.241> (0, b'sftp> put /home/ubuntu/.ansible/tmp/ansible-local-3587209y185bfjx/tmpkvqixbs6 /home/centos/.ansible/tmp/ansible-tmp-1614797461.5190372-3587270-231380546327789/AnsiballZ_pamd.py\n', b'OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020\r\ndebug1: Reading configuration data /home/ubuntu/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug2: resolve_canonicalize: hostname 3.94.101.241 is address\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 3587221\r\ndebug3: mux_client_request_session: session request sent\r\ndebug2: Remote version: 3\r\ndebug2: Server supports extension "posix-rename@openssh.com" revision 1\r\ndebug2: Server supports extension "statvfs@openssh.com" revision 2\r\ndebug2: Server supports extension "fstatvfs@openssh.com" revision 2\r\ndebug2: Server supports extension "hardlink@openssh.com" revision 1\r\ndebug2: Server supports extension "fsync@openssh.com" revision 1\r\ndebug2: Server supports extension "lsetstat@openssh.com" revision 1\r\ndebug3: Sent message fd 3 T:16 I:1\r\ndebug3: SSH_FXP_REALPATH . -> /home/centos size 0\r\ndebug3: Looking up /home/ubuntu/.ansible/tmp/ansible-local-3587209y185bfjx/tmpkvqixbs6\r\ndebug3: Sent message fd 3 T:17 I:2\r\ndebug3: Received stat reply T:101 I:2\r\ndebug1: Couldn\'t stat remote file: No such file or directory\r\ndebug3: Sent message SSH2_FXP_OPEN I:3 P:/home/centos/.ansible/tmp/ansible-tmp-1614797461.5190372-3587270-231380546327789/AnsiballZ_pamd.py\r\ndebug3: Sent message SSH2_FXP_WRITE I:4 O:0 S:32768\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop, ack for 4 32768 bytes at 0\r\ndebug3: Sent message SSH2_FXP_WRITE I:5 O:32768 S:32768\r\ndebug3: Sent message SSH2_FXP_WRITE I:6 O:65536 S:32768\r\ndebug3: Sent message SSH2_FXP_WRITE I:7 O:98304 S:25584\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop, ack for 5 32768 bytes at 32768\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop, ack for 6 32768 bytes at 65536\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop, ack for 7 25584 bytes at 98304\r\ndebug3: Sent message SSH2_FXP_CLOSE I:4\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
<3.94.101.241> ESTABLISH SSH CONNECTION FOR USER: centos
<3.94.101.241> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/home/ubuntu/.ssh/pfuntner-aws.pem"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/8a80c85447 3.94.101.241 '/bin/sh -c '"'"'chmod u+x /home/centos/.ansible/tmp/ansible-tmp-1614797461.5190372-3587270-231380546327789/ /home/centos/.ansible/tmp/ansible-tmp-1614797461.5190372-3587270-231380546327789/AnsiballZ_pamd.py && sleep 0'"'"''
<3.94.101.241> (0, b'', b'OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020\r\ndebug1: Reading configuration data /home/ubuntu/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug2: resolve_canonicalize: hostname 3.94.101.241 is address\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 3587221\r\ndebug3: mux_client_request_session: session request sent\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
<3.94.101.241> ESTABLISH SSH CONNECTION FOR USER: centos
<3.94.101.241> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/home/ubuntu/.ssh/pfuntner-aws.pem"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/8a80c85447 -tt 3.94.101.241 '/bin/sh -c '"'"'sudo -H -S -n  -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-kklfwqitvxchtneusbvqfztfenspqvje ; /usr/libexec/platform-python /home/centos/.ansible/tmp/ansible-tmp-1614797461.5190372-3587270-231380546327789/AnsiballZ_pamd.py'"'"'"'"'"'"'"'"' && sleep 0'"'"''
Escalation succeeded
<3.94.101.241> (1, b'Traceback (most recent call last):\r\n  File "/home/centos/.ansible/tmp/ansible-tmp-1614797461.5190372-3587270-231380546327789/AnsiballZ_pamd.py", line 102, in <module>\r\n    _ansiballz_main()\r\n  File "/home/centos/.ansible/tmp/ansible-tmp-1614797461.5190372-3587270-231380546327789/AnsiballZ_pamd.py", line 94, in _ansiballz_main\r\n    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\r\n  File "/home/centos/.ansible/tmp/ansible-tmp-1614797461.5190372-3587270-231380546327789/AnsiballZ_pamd.py", line 40, in invoke_module\r\n    runpy.run_module(mod_name=\'ansible_collections.community.general.plugins.modules.pamd\', init_globals=None, run_name=\'__main__\', alter_sys=True)\r\n  File "/usr/lib64/python3.6/runpy.py", line 205, in run_module\r\n    return _run_module_code(code, init_globals, run_name, mod_spec)\r\n  File "/usr/lib64/python3.6/runpy.py", line 96, in _run_module_code\r\n    mod_name, mod_spec, pkg_name, script_name)\r\n  File "/usr/lib64/python3.6/runpy.py", line 85, in _run_code\r\n    exec(code, run_globals)\r\n  File "/tmp/ansible_pamd_payload_gv7x7jmn/ansible_pamd_payload.zip/ansible_collections/community/general/plugins/modules/pamd.py", line 866, in <module>\r\n  File "/tmp/ansible_pamd_payload_gv7x7jmn/ansible_pamd_payload.zip/ansible_collections/community/general/plugins/modules/pamd.py", line 803, in main\r\n  File "/tmp/ansible_pamd_payload_gv7x7jmn/ansible_pamd_payload.zip/ansible_collections/community/general/plugins/modules/pamd.py", line 455, in __init__\r\n  File "/tmp/ansible_pamd_payload_gv7x7jmn/ansible_pamd_payload.zip/ansible_collections/community/general/plugins/modules/pamd.py", line 368, in rule_from_string\r\nAttributeError: \'NoneType\' object has no attribute \'group\'\r\n', b'OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020\r\ndebug1: Reading configuration data /home/ubuntu/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug2: resolve_canonicalize: hostname 3.94.101.241 is address\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 3587221\r\ndebug3: mux_client_request_session: session request sent\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 1\r\nShared connection to 3.94.101.241 closed.\r\n')
<3.94.101.241> Failed to connect to the host via ssh: OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020
debug1: Reading configuration data /home/ubuntu/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolve_canonicalize: hostname 3.94.101.241 is address
debug1: auto-mux: Trying existing master
debug2: fd 3 setting O_NONBLOCK
debug2: mux_client_hello_exchange: master version 4
debug3: mux_client_forwards: request forwardings: 0 local, 0 remote
debug3: mux_client_request_session: entering
debug3: mux_client_request_alive: entering
debug3: mux_client_request_alive: done pid = 3587221
debug3: mux_client_request_session: session request sent
debug3: mux_client_read_packet: read header failed: Broken pipe
debug2: Received exit status from master 1
Shared connection to 3.94.101.241 closed.
<3.94.101.241> ESTABLISH SSH CONNECTION FOR USER: centos
<3.94.101.241> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/home/ubuntu/.ssh/pfuntner-aws.pem"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o ControlPath=/home/ubuntu/.ansible/cp/8a80c85447 3.94.101.241 '/bin/sh -c '"'"'rm -f -r /home/centos/.ansible/tmp/ansible-tmp-1614797461.5190372-3587270-231380546327789/ > /dev/null 2>&1 && sleep 0'"'"''
<3.94.101.241> (0, b'', b'OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020\r\ndebug1: Reading configuration data /home/ubuntu/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug2: resolve_canonicalize: hostname 3.94.101.241 is address\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 3587221\r\ndebug3: mux_client_request_session: session request sent\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
The full traceback is:
Traceback (most recent call last):
  File "/home/centos/.ansible/tmp/ansible-tmp-1614797461.5190372-3587270-231380546327789/AnsiballZ_pamd.py", line 102, in <module>
    _ansiballz_main()
  File "/home/centos/.ansible/tmp/ansible-tmp-1614797461.5190372-3587270-231380546327789/AnsiballZ_pamd.py", line 94, in _ansiballz_main
    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
  File "/home/centos/.ansible/tmp/ansible-tmp-1614797461.5190372-3587270-231380546327789/AnsiballZ_pamd.py", line 40, in invoke_module
    runpy.run_module(mod_name='ansible_collections.community.general.plugins.modules.pamd', init_globals=None, run_name='__main__', alter_sys=True)
  File "/usr/lib64/python3.6/runpy.py", line 205, in run_module
    return _run_module_code(code, init_globals, run_name, mod_spec)
  File "/usr/lib64/python3.6/runpy.py", line 96, in _run_module_code
    mod_name, mod_spec, pkg_name, script_name)
  File "/usr/lib64/python3.6/runpy.py", line 85, in _run_code
    exec(code, run_globals)
  File "/tmp/ansible_pamd_payload_gv7x7jmn/ansible_pamd_payload.zip/ansible_collections/community/general/plugins/modules/pamd.py", line 866, in <module>
  File "/tmp/ansible_pamd_payload_gv7x7jmn/ansible_pamd_payload.zip/ansible_collections/community/general/plugins/modules/pamd.py", line 803, in main
  File "/tmp/ansible_pamd_payload_gv7x7jmn/ansible_pamd_payload.zip/ansible_collections/community/general/plugins/modules/pamd.py", line 455, in __init__
  File "/tmp/ansible_pamd_payload_gv7x7jmn/ansible_pamd_payload.zip/ansible_collections/community/general/plugins/modules/pamd.py", line 368, in rule_from_string
AttributeError: 'NoneType' object has no attribute 'group'
fatal: [aws-centos8]: FAILED! => {
    "changed": false,
    "module_stderr": "OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020\r\ndebug1: Reading configuration data /home/ubuntu/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug2: resolve_canonicalize: hostname 3.94.101.241 is address\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 3587221\r\ndebug3: mux_client_request_session: session request sent\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 1\r\nShared connection to 3.94.101.241 closed.\r\n",
    "module_stdout": "Traceback (most recent call last):\r\n  File \"/home/centos/.ansible/tmp/ansible-tmp-1614797461.5190372-3587270-231380546327789/AnsiballZ_pamd.py\", line 102, in <module>\r\n    _ansiballz_main()\r\n  File \"/home/centos/.ansible/tmp/ansible-tmp-1614797461.5190372-3587270-231380546327789/AnsiballZ_pamd.py\", line 94, in _ansiballz_main\r\n    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\r\n  File \"/home/centos/.ansible/tmp/ansible-tmp-1614797461.5190372-3587270-231380546327789/AnsiballZ_pamd.py\", line 40, in invoke_module\r\n    runpy.run_module(mod_name='ansible_collections.community.general.plugins.modules.pamd', init_globals=None, run_name='__main__', alter_sys=True)\r\n  File \"/usr/lib64/python3.6/runpy.py\", line 205, in run_module\r\n    return _run_module_code(code, init_globals, run_name, mod_spec)\r\n  File \"/usr/lib64/python3.6/runpy.py\", line 96, in _run_module_code\r\n    mod_name, mod_spec, pkg_name, script_name)\r\n  File \"/usr/lib64/python3.6/runpy.py\", line 85, in _run_code\r\n    exec(code, run_globals)\r\n  File \"/tmp/ansible_pamd_payload_gv7x7jmn/ansible_pamd_payload.zip/ansible_collections/community/general/plugins/modules/pamd.py\", line 866, in <module>\r\n  File \"/tmp/ansible_pamd_payload_gv7x7jmn/ansible_pamd_payload.zip/ansible_collections/community/general/plugins/modules/pamd.py\", line 803, in main\r\n  File \"/tmp/ansible_pamd_payload_gv7x7jmn/ansible_pamd_payload.zip/ansible_collections/community/general/plugins/modules/pamd.py\", line 455, in __init__\r\n  File \"/tmp/ansible_pamd_payload_gv7x7jmn/ansible_pamd_payload.zip/ansible_collections/community/general/plugins/modules/pamd.py\", line 368, in rule_from_string\r\nAttributeError: 'NoneType' object has no attribute 'group'\r\n",
    "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
    "rc": 1
}

PLAY RECAP *********************************************************************
aws-centos8                : ok=7    changed=3    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0   

Wednesday 03 March 2021  13:51:02 -0500 (0:00:00.747)       0:00:05.639 ******* 
=============================================================================== 
Gathering Facts --------------------------------------------------------- 2.80s
/home/ubuntu/sto/issues/CCC-1527/ansible-issue/pamd-and-authselect.yml:1 ------
Get authselect information ---------------------------------------------- 0.76s
/home/ubuntu/sto/issues/CCC-1527/ansible-issue/pamd-and-authselect.yml:5 ------
Invoke pamd module to assure "auth required pam_env.so" rule is present --- 0.75s
/home/ubuntu/sto/issues/CCC-1527/ansible-issue/pamd-and-authselect.yml:29 -----
Get contents of /etc/pam.d/system-auth ---------------------------------- 0.61s
/home/ubuntu/sto/issues/CCC-1527/ansible-issue/pamd-and-authselect.yml:13 -----
Get contents of /usr/share/authselect/default/sssd/system-auth ---------- 0.60s
/home/ubuntu/sto/issues/CCC-1527/ansible-issue/pamd-and-authselect.yml:21 -----
Display authselect information ------------------------------------------ 0.04s
/home/ubuntu/sto/issues/CCC-1527/ansible-issue/pamd-and-authselect.yml:9 ------
Display contents of /usr/share/authselect/default/sssd/system-auth ------ 0.04s
/home/ubuntu/sto/issues/CCC-1527/ansible-issue/pamd-and-authselect.yml:25 -----
Display contents of /etc/pam.d/system-auth ------------------------------ 0.04s
/home/ubuntu/sto/issues/CCC-1527/ansible-issue/pamd-and-authselect.yml:17 -----
Playbook run took 0 days, 0 hours, 0 minutes, 5 seconds

[ansibullbot]

Files identified in the description: None

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

[ansibullbot]

Files identified in the description:

• plugins/modules/system/pamd.py

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

[ansibullbot]

cc @kevensen click here for bot help

[Akasurde]

@pfuntner Thanks for reporting this issue. pamd module does not handle authselect template files. You need to modify /etc/pam.d/system-auth after you do theauthselect select sssd command.

I will update the docs stating this explicitly.

[Akasurde]

resolved_by_pr https://github.com/ansible-collections/community.general/pull/2815