search

pigmonkey / spark

Arch Linux Provisioning with Ansible
The Unlicense
387 stars 114 forks source link

Proposed fingerprint reader setup brakes Ansible #106

Closed petRUShka closed 12 months ago

petRUShka commented 1 year ago

If I have

fingerprint: True

in group_vars/all and setup fprintd and try to run ansible-playbook -i localhost playbook.yml --ask-become-pass I catch the error:

<localhost> EXEC /bin/sh -c 'rm -f -r /home/user/.ansible/tmp/ansible-tmp-1680455171.562048-412582-219023120032225/ > /dev/null 2>&1 && sleep 0'
fatal: [localhost]: FAILED! => {
    "msg": "timeout waiting for privilege escalation password prompt:\n"
}

Workaround

Install and setup pam_fprintd_grosshack as suggested in Arch wiki:

If you want to prompt for fingerprint and password input at the same time, you can use pam-fprint-grosshack. This may be needed for some graphical programs which do not allow blank password input, such as Gnome's built-in polkit agent. 

auth        sufficient      pam_fprintd_grosshack.so
auth        sufficient      pam_unix.so try_first_pass nullok
...

P.S. Also fprintd with pam_fprintd.so brakes yay AUR helper. And pam_fprintd_grosshack fixes it.

pigmonkey commented 1 year ago

I don't have a fingerprint reader on my current laptop, so I don't use that option anymore.

Before patching PAM with an AUR package, I'd try setting pam_unix.so try_first_pass likeauth nullok as the wiki suggests. That looks like it'd let you first auth with a password and fall back to the fingerprint reader, which I imagine may avoid whatever is causing Ansible to hang.

petRUShka commented 1 year ago

Looks like solution from Arch Wiki that you have quoted works good enough. I'll test in couple of weeks.