search

ansible / ansible

Ansible is a radically simple IT automation platform that makes your applications and systems easier to deploy and maintain. Automate everything from code deployment to network configuration to cloud management, in a language that approaches plain English, using SSH, with no agents to install on remote systems. https://docs.ansible.com.
https://www.ansible.com/
GNU General Public License v3.0
62.42k stars 23.81k forks source link

ansible hangs waiting for/to send doas password #18721

Closed jforman closed 6 years ago

jforman commented 7 years ago
ISSUE TYPE
COMPONENT NAME

TASK [setup]

ANSIBLE VERSION

jforman@stonecrab:/tank/git/ansible-configs$ /tmp/ansible/bin/ansible --version ansible 2.2.0.0 config file = /tank/git/ansible-configs/ansible.cfg configured module search path = Default w/o overrides

OS / ENVIRONMENT

Origin OS: Ubuntu Desktop 16.10 Destination OS: OpenBSD 6.0

SUMMARY

Suddenly (I can't remember when I last had issues with this) any Ansible operation on the OpenBSD machine hangs at the 'task setup' state.

STEPS TO REPRODUCE

Works as expected: /tmp/ansible/bin/ansible -vvvv --become-method doas -i hosts -k $openbsdhost -m setup

Hangs: /tmp/ansible/bin/ansible --ask-become-pass -b -vvvv --become-method doas -i hosts -k $openbsdhost -m setup Using /tank/git/ansible-configs/ansible.cfg as config file SSH password: DOAS password[defaults to SSH password]: ....... <$openbsdhost> SSH: EXEC sshpass -d12 ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile="/home/jforman/.ssh/id_rsa"' -o User=ansibler -o ConnectTimeout=10 -o ControlPath=/home/jforman/.ansible/cp/%h-%p-%r -tt $openbsdhost '/bin/sh -c '"'"'doas -u root echo BECOME-SUCCESS-jehbbhnejigevhrwtomnvrghnfnumhpj && doas -u root env ANSIBLE=true /usr/local/bin/python /home/ansibler/.ansible/tmp/ansible-tmp-1480716111.08-113929165791759/setup.py; rm -rf "/home/ansibler/.ansible/tmp/ansible-tmp-1480716111.08-113929165791759/" > /dev/null 2>&1 && sleep 0'"'"''

EXPECTED RESULTS

Expected setup json output.

ACTUAL RESULTS

The second command execution above hangs

ansibot commented 7 years ago

@jforman, we need more information to resolve this issue. For that reason, we put this Issue into the 'needs_info' state.

Here are the required items we could not find in your description:

When you have filled in the missing data, we will notify the module maintainer for further action. click here for bot help

jforman commented 7 years ago
ISSUE TYPE
jforman commented 7 years ago

The magic of ANSIBLE_DEBUG=true.

Output: https://gist.github.com/jforman/39025388d9f0a1260104669830cdc722

The last bit of output: 9883 1480728150.72411: become_success: (source=stdout, state=awaiting_escalation): 'BECOME-SUCCESS-sdqpvwtelfvmtjmgycktemaudxixafsk' 9883 1480728150.72418: Escalation succeeded 9883 1480728150.73395: stdout chunk (state=3): doas (ansibler@openbsdhost) password: <<<

tolbrino commented 7 years ago

I've run into the same issue with the same debug output. The only way out was switching to using sudo instead of doas.

jforman commented 6 years ago

Could I get an update on fixing this? It's been over a year and I'm still seeing the same hanging behavior on version 2.4:

jforman@desktop1:/tank/git/ansible-configs$ ansible-playbook --version 12656 1513170264.63183: starting run ansible-playbook 2.4.1.0 config file = /tank/git/ansible-configs/ansible.cfg configured module search path = [u'/home/jforman/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/dist-packages/ansible executable location = /usr/bin/ansible-playbook python version = 2.7.13 (default, Jan 19 2017, 14:48:08) [GCC 6.3.0 20170118]

jforman@desktop1:/tank/git/ansible-configs$ ansible-playbook --become-method=doas -l 'openbsdmachine' site.yml ...... 12622 1513170211.78632: become_success: (source=stdout, state=awaiting_escalation): 'BECOME-SUCCESS-ycrbjzpsreqoxxyxggardmdhjkfhocny' 12622 1513170211.78638: Escalation succeeded 12622 1513170211.79651: stdout chunk (state=3): doas (ansibler@openbsdmachine) password: <<<

(hang)

afh commented 6 years ago

I'm seeing the issue as well with Ansible version 2.4.2.0.

Any updates or hints what could be the cause of this?

afh commented 6 years ago

The merged PR #13451 fixes the issue, yet it seems the changes only made it to the stable-2.0 branch, but not into other branches relevant for the current releases.

@bcoca as the author and merger of PR #13451, would mind having another look? I'd also be interested in an explanation of what the issue is here :)

@jforman, @tolbrino, FWIW I was able to hotfix the issue by changing the appropriate doas-line in playbook/play_context.py in my Ansible installation to becomecmd = '%s %s %s -c %s' % (exe, flags, executable, success_cmd)

jforman commented 6 years ago

@afh The need to hotpatch my local checkout of Ansible is not a solution I'm willing to accept. I'm hoping @bcoca can provide some insight here into what it would take to get this into more recent (and future) ansible versions.

afh commented 6 years ago

@jforman You are right, a hotfix is unacceptable and I find that having the changes in one of the next releases is important. For me the hotfix meant being able to finish writing my orchestration, tough :)