Ansible troubleshooting - missing sudo password and incorrect sudo password

Name: Ansible Automation Platform By Example
Author: Luca Berton

Explore troubleshooting for missing and incorrect sudo passwords in Ansible playbooks through practical Playbooknstrations.

Ansible troubleshooting - missing sudo password and incorrect sudo password

November 8, 2021
Posted by Luca Berton
ansible, troubleshooting, missing, sudo, error, fatal

Introduction

Today we’re going to talk about Ansible troubleshooting, specifically about missing sudo password and incorrect sudo password. I’m Luca Berton and welcome to today’s episode of Ansible Pilot.

Join 50+ hours of courses in our exclusive community

Playbook

The best way of talking about Ansible troubleshooting is to jump in a live Playbook to show you practically the missing sudo password and incorrect sudo password and how to solve it!

error code

missingsudopassword_error.yml

---
- name: debug module Playbook
  hosts: all
  become: true
  tasks:
    - name: root test
      ansible.builtin.debug:
        msg: "privilege escalation successful"

error execution


$ ansible-playbook -i Playbook/inventory troubleshooting/missingsudopassword_error.yml

PLAY [debug module Playbook] *********************************************************************************

TASK [Gathering Facts] ***********************************************************************************
fatal: [demo.example.com]: FAILED! => {"msg": "Missing sudo password"}

PLAY RECAP ***********************************************************************************************
demo.example.com           : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

troubleshoot

$ ansible-playbook --help
usage: ansible-playbook [-h] [--version] [-v] [-k] [--private-key PRIVATE_KEY_FILE] [-u REMOTE_USER]
[...]
Privilege Escalation Options:
control how and which user you become as on target hosts

--become-method BECOME_METHOD
privilege escalation method to use (default=sudo), use `ansible-doc -t become
-l` to list valid choices.
--become-user BECOME_USER
run operations as this user (default=root)
-K, --ask-become-pass
ask for privilege escalation password
-b, --become          run operations with become (does not imply password prompting)
ansible-pilot $ ansible-playbook -i Playbook/inventory troubleshooting/missingsudopassword_error.yml -bK
BECOME password:

PLAY [debug module Playbook] *********************************************************************************

TASK [Gathering Facts] ***********************************************************************************
fatal: [demo.example.com]: FAILED! => {"msg": "Incorrect sudo password"}

PLAY RECAP ***********************************************************************************************
demo.example.com           : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

verification

$ ssh [email protected]
Last login: Mon Nov  8 10:24:10 2021 from 192.168.43.5
[devops@demo ~]$ sudo su

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.

[sudo] password for devops:
Sorry, try again.
[sudo] password for devops:
Sorry, try again.
[sudo] password for devops:
sudo: 2 incorrect password attempts
[devops@demo ~]$ su -
Password:
Last login: Mon Nov  8 09:44:37 UTC 2021 on pts/0
[root@demo ~]# ls -al /etc/sudo
sudo.conf       sudoers         sudoers.d/      sudo-ldap.conf
[root@demo ~]# ls -al /etc/sudoers.d/
total 16
drwxr-x---.  2 root root   21 Nov  8 09:06 .
drwxr-xr-x. 87 root root 8192 Nov  8 09:14 ..
-r--r-----.  1 root root   45 Sep  1 00:19 vagrant
[root@demo ~]# vim /etc/sudoers.d/devops
[root@demo ~]# cat /etc/sudoers.d/devops
devops ALL=(ALL) NOPASSWD: ALL
[root@demo ~]# exit
logout
[devops@demo ~]$ whoami
devops
[devops@demo ~]$ sudo su
[root@demo devops]# whoami
root
[root@demo devops]# exit
exit
[devops@demo ~]$ exit
logout
Connection to demo.example.com closed.

fix

/etc/sudoers.d/devops

devops ALL=(ALL) NOPASSWD: ALL

fix execution


$ ansible-playbook -i Playbook/inventory troubleshooting/missingsudopassword_error.yml

PLAY [debug module Playbook] *********************************************************************************

TASK [Gathering Facts] ***********************************************************************************
ok: [demo.example.com]

TASK [root test] *****************************************************************************************
ok: [demo.example.com] => {
"msg": "privilege escalation successful"
}

PLAY RECAP ***********************************************************************************************
demo.example.com           : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

code with ❤️ in GitHub

Conclusion

Now you know how to troubleshoot themissing sudo password and incorrect sudo password fatal errors. Subscribe to the YouTube channel, Medium, and Website, X (formerly Twitter) to not miss the next episode of the Ansible Pilot.

Academy

Learn the Ansible automation technology with some real-life examples in my Udemy 300+ Lessons Video Course.

BUY the Complete Udemy 300+ Lessons Video Course

My book Ansible By Examples: 200+ Automation Examples For Linux and Windows System Administrator and DevOps

BUY the Complete PDF BOOK to easily Copy and Paste the 250+ Ansible code

Donate

Want to keep this project going? Please donate

Patreon Buy me a Pizza