k3s-ansible icon indicating copy to clipboard operation
k3s-ansible copied to clipboard

Published 20 hours ago verified publisher icon k3s-io

Can only get playbook to work with --ask-become-pass

Open tylerlittlefield opened this issue 4 years ago • 1 comments

I've copied my SSH key using:

ssh-copy-id -i ~/.ssh/id_rsa.pub <user>@<ip>

I then attempt to login to the machine with:

ssh <user>@<ip>

And I successfully login, no password needed. However, if I run:

ansible-playbook site.yml -i inventory/hosts.ini

I get:

PLAY [k3s_cluster] **********************************************************************************************************************************************************************

TASK [Gathering Facts] ******************************************************************************************************************************************************************
Saturday 12 December 2020  15:23:51 -0800 (0:00:00.019)       0:00:00.019 *****
fatal: [192.168.1.139]: FAILED! => {"msg": "Missing sudo password"}
fatal: [192.168.1.249]: FAILED! => {"msg": "Missing sudo password"}

PLAY RECAP ******************************************************************************************************************************************************************************
192.168.1.139              : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0
192.168.1.249              : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

I can get the playbook to succeed with:

ansible-playbook site.yml -i inventory/hosts.ini --ask-become-pass

Is this okay? Or am I at risk of things not working properly? Any tips or ideas to point me in the right direction would be appreciated!

tylerlittlefield avatar Dec 12 '20 23:12 tylerlittlefield

Hoping you figured this one out by now, but I stumbled upon it.... Look into sudo configuration and NOPASSWD.

gottsman avatar Jan 09 '21 04:01 gottsman

+1 to what gottsman said. Also look into using visudo to verify changes because its very easy to accidentally mess up the sudoers file which could lock you out of your server.

dtaivpp avatar Feb 06 '23 22:02 dtaivpp

You need 2 things for this playbook to work by default

  1. Passwordless SSH access to all targets
  2. Access to root/sudo user on all targets

You can get around this with what is discussed above.

This has now been highlighted in the readme.

dereknola avatar Nov 10 '23 02:11 dereknola