noidi
commented
8 years ago Have you tried invoking ansible-playbook with --ask-become-pass?
Open mikkosuonio opened 8 years ago
noidi
commented
8 years ago Have you tried invoking ansible-playbook with --ask-become-pass?
mikkosuonio
commented
8 years ago I did invoke it with --ask-become-pass, but this does not help. I still get it hanging when targetting a CI server.
When I require password for the user in vagrant, --ask-become-pass seems to help. Without it I get a clear error message showing that the sudo command fails (and proceeding as anonymous).
Maybe there is another difference in my vagrant and CI server installation. But I can proceed with the nopasswd set for the user now.
noidi
commented
8 years ago This is indeed an issue. Currently this role runs the Jenkins CLI as the jenkins user by calling sudo in a shell command. Here Ansible has no chance to provide the sudo password.
The better way to do this would be to use become_user on the shell tasks that invoke the Jenkins CLI. Unfortunately, as of Ansible 2.1, become_user does not work without special configuration on either the remote host or the Ansible control host.
There seems to be some light at the end of the tunnel, though. Apparently pipelining can be enabled per task and not just in ansible.cfg. I'd be willing to merge a pull request that replaces sudo with become_user and per-task pipelining.
The user on the target machine needs to have a right to run commands using sudo without password. Otherwise, tasks like adding Jenkins users hang silently when prompting the password in the background.
The vagrant test installation allows sudo without password, so this cannot be seen in the tests.