shell command hangs only when using ansible.

[anandkumarpatel]

I am having issues while trying to run a script inside ansible. when this script is run ansible just hang running the command.

script run

#!/bin/bash
set -x
uuid=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)

Running from terminal gives me this

/home/Rapidash# /tmp/test.sh
+ /tmp/test.sh
++ head -n 1
++ fold -w 32
++ tr -dc a-zA-Z0-9
++ cat /dev/urandom
+ uuid=yGvfDIq29xsTXzpQEKWD2ffhR4pqimuI

however running from ansible results in this:

++ head -n 1
++ cat /dev/urandom
++ fold -w 32
++ tr -dc a-zA-Z0-9

and hangs at that line

here is my task:

- name: bug
  sudo: yes
  command: sudo /tmp/test.sh > /home/ubuntu/log 2>&1

system info

uname -a
Linux Rapidash 3.13.0-48-generic #80-Ubuntu SMP Thu Mar 12 11:16:15 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

ansible debug log

TASK: [bug | Configure] *********************************************
<Rapidash> ESTABLISH CONNECTION FOR USER: trainer
<Rapidash> REMOTE_MODULE command sudo /tmp/test.sh > /home/Rapidash/trainer.test 2>&1
<Rapidash> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/Users/trainer/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o IdentityFile="/Users/trainer/.ssh/oregon.pem" -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 Rapidash /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1442880813.42-48675057599793 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1442880813.42-48675057599793 && echo $HOME/.ansible/tmp/ansible-tmp-1442880813.42-48675057599793'
<Rapidash> PUT /var/folders/n2/ztdyqbt54vq_57y5hq1gt69r0000gn/T/tmp45DP0H TO /home/Rapidash/.ansible/tmp/ansible-tmp-1442880813.42-48675057599793/command
<Rapidash> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/Users/trainer/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o IdentityFile="/Users/trainer/.ssh/oregon.pem" -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 Rapidash /bin/sh -c 'sudo -k && sudo -H -S -p "[sudo via ansible, key=rodwpulbcbfpnygslzdtwxykpfsmexan] password: " -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-rodwpulbcbfpnygslzdtwxykpfsmexan; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/Rapidash/.ansible/tmp/ansible-tmp-1442880813.42-48675057599793/command; rm -rf /home/Rapidash/.ansible/tmp/ansible-tmp-1442880813.42-48675057599793/ >/dev/null 2>&1'"'"''

Not sure what is going on, Let me know if there is a way I can collect more information.

[jimi-c]

Hi @anandkumarpatel, you should not be using sudo in the command, but instead should be enabling sudo via the keyword. Please see the documentation here: http://docs.ansible.com/ansible/become.html

If you continue having problems with this, I'd recommend asking your question on the mailing list:

• https://groups.google.com/forum/#!forum/ansible-project - for user questions, tips, and tricks

Because this project is very active, we're unlikely to see comments made on closed tickets, but the mailing list is a great way to ask questions, or post if you don't think this particular issue is resolved.

Thank you!

[jasondewitt]

anandkumarparel

Did you find a solution to this? I am having exact same problem when running a shell script that is chatting /dev/urandom

This is the only ansible related Google result and searching the Google group like suggested above does turn up anything

[ghost]

I've had the same issue as the OP. In my case, I was generating passwords with:

passwd=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w ${1:-20} | head -n 1)

Running that over ssh or normal shell was not an issue, however ansible would be stuck on the cat process.

Using:

passwd=$(tr -d -c "a-zA-Z0-9" < /dev/urandom | head -c 20)

gives almost the same(if not the same) result and ansible had no issues moving on with life.

I don't know what caused ansible to be stuck, but I've solved my issue with the work-around line above.

[kurahaupo]

My guess is that /dev/urandom is behaving like /dev/random under Ansible, and waiting for secure entropy to be available.

In which case it's not hung, it's just slow. If you wait long enough (possibly days) it will continue.

This looks at first glance like "useless use of cat", but in this case that's actually wrong: it's harmful use of cat, because cat will attempt to read in chunks of maybe 32kB, and just the first one of those is way bigger than the entire entropy pool. Then all that gets processed, and eventually almost all of it get discarded.

This is actually a bad idea even if you're not using Ansible, as it depletes the secure entropy pool;

Replace this with
uuid=$( head -c24 < /dev/urandom | base64 -w0 )

If you don't want + and / symbols, just replace them:
uuid=${uuid//+/X}
uuid=${uuid////Y}
(which admittedly will introduce a small bias, but if one was worried about that, one wouldn't be using an entropy-spilling approach to begin with, and at least it's obvious how it's biased)