Closed phahulin closed 6 years ago
Hi, @micwebnet
The error message looks more like the script tried to execute sudo
to stop the service but didn't succeed waiting for sudo password to be provided interactively. Without correct keys it should have stopped earlier trying to connect to the server.
The hf-spec-change
assumes that ssh keys you use correspond to root
user on the server. Probably that assumption is wrong in this case (azure?). If you are connecting as another user (e.g. ubuntu
), please change this line in site.yml
...
- hosts: hf-spec-change
vars:
date: "{{ lookup('pipe', 'date -u +%Y%m%d-%H%M%S') }}"
home: "/home/{{ poa_role }}"
user: root # <----------------- change this to ubuntu or another name
become: true
become_user: root
roles:
- hf-spec-change
tags: hf-spec
It will connect as ubuntu
and then try to switch to root
. If ubuntu
does not have passwordless sudo access, you should add --ask-sudo-pass
flag when starting playbook:
ansible-playbook -i hosts site.yml --ask-sudo-pass
Please try to rerun the playbook following these remarks. If it succeeds, let me know here and I'll update the instruction.
If it doesn't succeed and you still get errors, please run playbook with very very verbose logging flag -vvv
:
ansible-playbook -i hosts site.yml -vvv --ask-sudo-pass
and attach the output.
Thanks
Hi, @micwebnet
did you get a chance to test it during recent hard-forks? Is this issue still relevant?
Haven't had this issue after deploying a new after HF. The ansible playbook script just asked me for sudo password when it needed it.
Great, I'll close this issue then
Originally by @micwebnet in https://github.com/poanetwork/deployment-playbooks/issues/44
If the SSH keys are password protected, ansible-playbook fails with
TASK [hf-spec-change : Shutdown poa-netstats service] ***** fatal: [52.191.165.235]: FAILED! => {"changed": false, "msg": "Unable to stop service poa-netstats: Failed to stop poa-netstats.service: Interactive authentication required.\nSee system logs and 'systemctl status poa-netstats.service' for details.\n"} to retry, use: --limit @/home/mm/poa-devops/site.retry
The workaround is to use non-password-protected ssh keys, but that's a security vulnerability if the control system is compromised. Suggest looking into allowing interactive auth during deployment.
Best, MM