Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Shell module breaks when becoming a user whose configured shell is /usr/sbin/nologin #26741

Closed
Kniyl opened this issue Jul 13, 2017 · 9 comments · Fixed by #31361
Closed

Shell module breaks when becoming a user whose configured shell is /usr/sbin/nologin #26741

Kniyl opened this issue Jul 13, 2017 · 9 comments · Fixed by #31361
Labels
affects_2.4 This issue/PR affects Ansible v2.4 bug This issue/PR relates to a bug. module This issue/PR relates to a module. support:core This issue/PR relates to code supported by the Ansible Engineering Team.

Comments

@Kniyl
Copy link

Kniyl commented Jul 13, 2017
edited
Loading

ISSUE TYPE
  • Bug Report
COMPONENT NAME

shell

ANSIBLE VERSION
ansible-playbook 2.4.0 (devel 4006b5d18f) last updated 2017/07/12 09:54:52 (GMT +200)
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/kniyl/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/kniyl/ansible-devel/lib/ansible
  executable location = /home/kniyl/ansible-devel/bin/ansible-playbook
  python version = 3.6.1 (default, Mar 27 2017, 00:27:06) [GCC 6.3.1 20170306]
CONFIGURATION

Default

OS / ENVIRONMENT

Host: Ubuntu 16.04

SUMMARY

When using the shell module with become_user configured to a user whose default shell is /usr/sbin/nologin, the task fails with the message "This account is currently not available.". Setting become_flags: '-s /bin/bash' doesn't help either.

STEPS TO REPRODUCE
---

- hosts: all
  tasks:
    - name: Install Java 8
      apt: name=openjdk-8-jdk
      become: yes

    - name: Download logstash
      get_url: dest=/tmp/logstash.deb url=https://artifacts.elastic.co/downloads/logstash/logstash-5.4.3.deb

    - name: Install Logstash
      apt: deb=/tmp/logstash.deb
      become: yes

    - name: Write a file
      copy: content="Hello, world!" dest=/usr/share/logstash/test.txt
      become: yes
      become_user: logstash

    - name: Install logstash-output-influxdb
      shell: bin/logstash-plugin install logstash-output-influxdb chdir=/usr/share/logstash
      args:
        creates: /usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-influxdb-5.0.1
      become: yes
      become_user: logstash
EXPECTED RESULTS

The play succeed on the current 2.3 release:

$ ansible-playbook --version
ansible-playbook 2.3.1.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = Default w/o overrides
  python version = 2.7.13 (default, Feb 11 2017, 12:22:40) [GCC 6.3.1 20170109]

$ ansible-playbook -i 172.20.34.42, -u user -k -K debug.yml 
SSH password: 
SUDO password[defaults to SSH password]: 

PLAY [all] ********************************************************************

TASK [Gathering Facts] ********************************************************
ok: [172.20.34.42]

TASK [Install Java 8] *********************************************************
ok: [172.20.34.42]

TASK [Download logstash] ******************************************************
changed: [172.20.34.42]

TASK [Install Logstash] *******************************************************
changed: [172.20.34.42]

TASK [Write a file] ***********************************************************
changed: [172.20.34.42]

TASK [Install logstash-output-influxdb] ***************************************
changed: [172.20.34.42]

PLAY RECAP ********************************************************************
172.20.34.42               : ok=6    changed=4    unreachable=0    failed=0
ACTUAL RESULTS
$ ansible-playbook -i 172.20.34.42, -u user -k -K debug.yml 
SSH password: 
SUDO password[defaults to SSH password]: 

PLAY [all] *********************************************************************

TASK [Gathering Facts] *********************************************************
ok: [172.20.34.42]

TASK [Install Java 8] **********************************************************
changed: [172.20.34.42]

TASK [Download logstash] *******************************************************
changed: [172.20.34.42]

TASK [Install Logstash] ********************************************************
changed: [172.20.34.42]

TASK [Write a file] ************************************************************
changed: [172.20.34.42]

TASK [Install logstash-output-influxdb] ****************************************
fatal: [172.20.34.42]: FAILED! => {"changed": true, "cmd": "bin/logstash-plugin install logstash-output-influxdb", "delta": "0:00:00.009788", "end": "2017-07-13 08:57:50.495123", "failed": true, "msg": "non-zero return code", "rc": 1, "start": "2017-07-13 08:57:50.485335", "stderr": "", "stderr_lines": [], "stdout": "This account is currently not available.", "stdout_lines": ["This account is currently not available."]}
	to retry, use: --limit @/home/kniyl/debug.retry

PLAY RECAP *********************************************************************
172.20.34.42               : ok=5    changed=4    unreachable=0    failed=1

Extra verbosity

TASK [Install logstash-output-influxdb] ****************************************
task path: /home/kniyl/debug.yml:21
Using module_utils file /home/kniyl/ansible-devel/lib/ansible/module_utils/six/__init__.py
Using module_utils file /home/kniyl/ansible-devel/lib/ansible/module_utils/basic.py
Using module_utils file /home/kniyl/ansible-devel/lib/ansible/module_utils/six/_six.py
Using module_utils file /home/kniyl/ansible-devel/lib/ansible/module_utils/_text.py
Using module_utils file /home/kniyl/ansible-devel/lib/ansible/module_utils/pycompat24.py
Using module file /home/kniyl/ansible-devel/lib/ansible/modules/commands/command.py
<172.20.34.42> ESTABLISH SSH CONNECTION FOR USER: user
<172.20.34.42> SSH: EXEC sshpass -d12 ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o User=user -o ConnectTimeout=10 -o ControlPath=/home/kniyl/.ansible/cp/c01e80a299 172.20.34.42 '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
<172.20.34.42> (0, b'/home/user\n', b'OpenSSH_7.5p1, OpenSSL 1.1.0f  25 May 2017\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 2474\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
<172.20.34.42> ESTABLISH SSH CONNECTION FOR USER: user
<172.20.34.42> SSH: EXEC sshpass -d12 ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o User=user -o ConnectTimeout=10 -o ControlPath=/home/kniyl/.ansible/cp/c01e80a299 172.20.34.42 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /tmp/ansible-tmp-1500280772.9529517-219384633578547 `" && echo ansible-tmp-1500280772.9529517-219384633578547="` echo /tmp/ansible-tmp-1500280772.9529517-219384633578547 `" ) && sleep 0'"'"''
<172.20.34.42> (0, b'ansible-tmp-1500280772.9529517-219384633578547=/tmp/ansible-tmp-1500280772.9529517-219384633578547\n', b'OpenSSH_7.5p1, OpenSSL 1.1.0f  25 May 2017\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 2474\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
<172.20.34.42> PUT /tmp/tmpnujt_jp1 TO /tmp/ansible-tmp-1500280772.9529517-219384633578547/command.py
<172.20.34.42> SSH: EXEC sshpass -d12 sftp -o BatchMode=no -b - -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o User=user -o ConnectTimeout=10 -o ControlPath=/home/kniyl/.ansible/cp/c01e80a299 '[172.20.34.42]'
<172.20.34.42> (0, b'sftp> put /tmp/tmpnujt_jp1 /tmp/ansible-tmp-1500280772.9529517-219384633578547/command.py\n', b'OpenSSH_7.5p1, OpenSSL 1.1.0f  25 May 2017\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 2474\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug2: Remote version: 3\r\ndebug2: Server supports extension "posix-rename@openssh.com" revision 1\r\ndebug2: Server supports extension "statvfs@openssh.com" revision 2\r\ndebug2: Server supports extension "fstatvfs@openssh.com" revision 2\r\ndebug2: Server supports extension "hardlink@openssh.com" revision 1\r\ndebug2: Server supports extension "fsync@openssh.com" revision 1\r\ndebug3: Sent message fd 3 T:16 I:1\r\ndebug3: SSH_FXP_REALPATH . -> /home/user size 0\r\ndebug3: Looking up /tmp/tmpnujt_jp1\r\ndebug3: Sent message fd 3 T:17 I:2\r\ndebug3: Received stat reply T:101 I:2\r\ndebug1: Couldn\'t stat remote file: No such file or directory\r\ndebug3: Sent message SSH2_FXP_OPEN I:3 P:/tmp/ansible-tmp-1500280772.9529517-219384633578547/command.py\r\ndebug3: Sent message SSH2_FXP_WRITE I:4 O:0 S:32768\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop, ack for 4 32768 bytes at 0\r\ndebug3: Sent message SSH2_FXP_WRITE I:5 O:32768 S:32768\r\ndebug3: Sent message SSH2_FXP_WRITE I:6 O:65536 S:826\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop, ack for 5 32768 bytes at 32768\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop, ack for 6 826 bytes at 65536\r\ndebug3: Sent message SSH2_FXP_CLOSE I:4\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
<172.20.34.42> ESTABLISH SSH CONNECTION FOR USER: user
<172.20.34.42> SSH: EXEC sshpass -d12 ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o User=user -o ConnectTimeout=10 -o ControlPath=/home/kniyl/.ansible/cp/c01e80a299 172.20.34.42 '/bin/sh -c '"'"'setfacl -m u:logstash:r-x /tmp/ansible-tmp-1500280772.9529517-219384633578547/ /tmp/ansible-tmp-1500280772.9529517-219384633578547/command.py && sleep 0'"'"''
<172.20.34.42> (0, b'', b'OpenSSH_7.5p1, OpenSSL 1.1.0f  25 May 2017\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 2474\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
<172.20.34.42> ESTABLISH SSH CONNECTION FOR USER: user
<172.20.34.42> SSH: EXEC sshpass -d12 ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o User=user -o ConnectTimeout=10 -o ControlPath=/home/kniyl/.ansible/cp/c01e80a299 -tt 172.20.34.42 '/bin/sh -c '"'"'sudo -H -S  -p "[sudo via ansible, key=hlijgjsmtavxnhbeublpsmavwkixouhm] password: " -u logstash /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-hlijgjsmtavxnhbeublpsmavwkixouhm; /usr/bin/python /tmp/ansible-tmp-1500280772.9529517-219384633578547/command.py'"'"'"'"'"'"'"'"' && sleep 0'"'"''
<172.20.34.42> (1, b'\r\n\r\n\r\n{"changed": true, "end": "2017-07-17 08:38:31.332541", "stdout": "This account is currently not available.", "cmd": "bin/logstash-plugin install logstash-output-influxdb", "failed": true, "delta": "0:00:00.007424", "stderr": "", "rc": 1, "invocation": {"module_args": {"warn": true, "executable": null, "chdir": "/usr/share/logstash", "_raw_params": "bin/logstash-plugin install logstash-output-influxdb", "removes": null, "creates": "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-influxdb-5.0.0", "_uses_shell": true}}, "start": "2017-07-17 08:38:31.325117", "msg": "non-zero return code"}\r\n', b'OpenSSH_7.5p1, OpenSSL 1.1.0f  25 May 2017\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 2474\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 1\r\nShared connection to 172.20.34.42 closed.\r\n')
<172.20.34.42> ESTABLISH SSH CONNECTION FOR USER: user
<172.20.34.42> SSH: EXEC sshpass -d12 ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o User=user -o ConnectTimeout=10 -o ControlPath=/home/kniyl/.ansible/cp/c01e80a299 172.20.34.42 '/bin/sh -c '"'"'rm -f -r /tmp/ansible-tmp-1500280772.9529517-219384633578547/ > /dev/null 2>&1 && sleep 0'"'"''
<172.20.34.42> (0, b'', b'OpenSSH_7.5p1, OpenSSL 1.1.0f  25 May 2017\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 2474\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
fatal: [172.20.34.42]: FAILED! => {
    "changed": true,
    "cmd": "bin/logstash-plugin install logstash-output-influxdb",
    "delta": "0:00:00.007424",
    "end": "2017-07-17 08:38:31.332541",
    "failed": true,
    "invocation": {
        "module_args": {
            "_raw_params": "bin/logstash-plugin install logstash-output-influxdb",
            "_uses_shell": true,
            "chdir": "/usr/share/logstash",
            "creates": "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-influxdb-5.0.1",
            "executable": null,
            "removes": null,
            "warn": true
        }
    },
    "msg": "non-zero return code",
    "rc": 1,
    "start": "2017-07-17 08:38:31.325117",
    "stderr": "",
    "stderr_lines": [],
    "stdout": "This account is currently not available.",
    "stdout_lines": [
        "This account is currently not available."
    ]
}

Extra verbosity with become_flags: '-s /bin/bash'

TASK [Install logstash-output-influxdb] ****************************************
task path: /home/kniyl/debug.yml:21
Using module_utils file /home/kniyl/ansible-devel/lib/ansible/module_utils/six/__init__.py
Using module_utils file /home/kniyl/ansible-devel/lib/ansible/module_utils/basic.py
Using module_utils file /home/kniyl/ansible-devel/lib/ansible/module_utils/six/_six.py
Using module_utils file /home/kniyl/ansible-devel/lib/ansible/module_utils/pycompat24.py
Using module_utils file /home/kniyl/ansible-devel/lib/ansible/module_utils/_text.py
Using module file /home/kniyl/ansible-devel/lib/ansible/modules/commands/command.py
<172.20.34.42> ESTABLISH SSH CONNECTION FOR USER: user
<172.20.34.42> SSH: EXEC sshpass -d12 ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o User=user -o ConnectTimeout=10 -o ControlPath=/home/kniyl/.ansible/cp/c01e80a299 172.20.34.42 '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
<172.20.34.42> (0, b'/home/user\n', b'OpenSSH_7.5p1, OpenSSL 1.1.0f  25 May 2017\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 2474\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
<172.20.34.42> ESTABLISH SSH CONNECTION FOR USER: user
<172.20.34.42> SSH: EXEC sshpass -d12 ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o User=user -o ConnectTimeout=10 -o ControlPath=/home/kniyl/.ansible/cp/c01e80a299 172.20.34.42 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /tmp/ansible-tmp-1500280829.0935967-187112947287565 `" && echo ansible-tmp-1500280829.0935967-187112947287565="` echo /tmp/ansible-tmp-1500280829.0935967-187112947287565 `" ) && sleep 0'"'"''
<172.20.34.42> (0, b'ansible-tmp-1500280829.0935967-187112947287565=/tmp/ansible-tmp-1500280829.0935967-187112947287565\n', b'OpenSSH_7.5p1, OpenSSL 1.1.0f  25 May 2017\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 2474\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
<172.20.34.42> PUT /tmp/tmp4jqas6p8 TO /tmp/ansible-tmp-1500280829.0935967-187112947287565/command.py
<172.20.34.42> SSH: EXEC sshpass -d12 sftp -o BatchMode=no -b - -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o User=user -o ConnectTimeout=10 -o ControlPath=/home/kniyl/.ansible/cp/c01e80a299 '[172.20.34.42]'
<172.20.34.42> (0, b'sftp> put /tmp/tmp4jqas6p8 /tmp/ansible-tmp-1500280829.0935967-187112947287565/command.py\n', b'OpenSSH_7.5p1, OpenSSL 1.1.0f  25 May 2017\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 2474\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug2: Remote version: 3\r\ndebug2: Server supports extension "posix-rename@openssh.com" revision 1\r\ndebug2: Server supports extension "statvfs@openssh.com" revision 2\r\ndebug2: Server supports extension "fstatvfs@openssh.com" revision 2\r\ndebug2: Server supports extension "hardlink@openssh.com" revision 1\r\ndebug2: Server supports extension "fsync@openssh.com" revision 1\r\ndebug3: Sent message fd 3 T:16 I:1\r\ndebug3: SSH_FXP_REALPATH . -> /home/user size 0\r\ndebug3: Looking up /tmp/tmp4jqas6p8\r\ndebug3: Sent message fd 3 T:17 I:2\r\ndebug3: Received stat reply T:101 I:2\r\ndebug1: Couldn\'t stat remote file: No such file or directory\r\ndebug3: Sent message SSH2_FXP_OPEN I:3 P:/tmp/ansible-tmp-1500280829.0935967-187112947287565/command.py\r\ndebug3: Sent message SSH2_FXP_WRITE I:4 O:0 S:32768\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop, ack for 4 32768 bytes at 0\r\ndebug3: Sent message SSH2_FXP_WRITE I:5 O:32768 S:32768\r\ndebug3: Sent message SSH2_FXP_WRITE I:6 O:65536 S:826\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop, ack for 5 32768 bytes at 32768\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop, ack for 6 826 bytes at 65536\r\ndebug3: Sent message SSH2_FXP_CLOSE I:4\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
<172.20.34.42> ESTABLISH SSH CONNECTION FOR USER: user
<172.20.34.42> SSH: EXEC sshpass -d12 ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o User=user -o ConnectTimeout=10 -o ControlPath=/home/kniyl/.ansible/cp/c01e80a299 172.20.34.42 '/bin/sh -c '"'"'setfacl -m u:logstash:r-x /tmp/ansible-tmp-1500280829.0935967-187112947287565/ /tmp/ansible-tmp-1500280829.0935967-187112947287565/command.py && sleep 0'"'"''
<172.20.34.42> (0, b'', b'OpenSSH_7.5p1, OpenSSL 1.1.0f  25 May 2017\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 2474\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
<172.20.34.42> ESTABLISH SSH CONNECTION FOR USER: user
<172.20.34.42> SSH: EXEC sshpass -d12 ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o User=user -o ConnectTimeout=10 -o ControlPath=/home/kniyl/.ansible/cp/c01e80a299 -tt 172.20.34.42 '/bin/sh -c '"'"'sudo -s /bin/bash -p "[sudo via ansible, key=fkrpfveknkxqazprnmwgvgfzagehwniv] password: " -u logstash /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-fkrpfveknkxqazprnmwgvgfzagehwniv; /usr/bin/python /tmp/ansible-tmp-1500280829.0935967-187112947287565/command.py'"'"'"'"'"'"'"'"' && sleep 0'"'"''
fatal: [172.20.34.42]: FAILED! => {
    "failed": true,
    "msg": "Timeout (12s) waiting for privilege escalation prompt: "
}

User configuration on the remote machine:

$ tail -1 /etc/passwd
logstash:x:999:999:LogStash Service User:/usr/share/logstash:/usr/sbin/nologin

Extra verbosity when the play suceed using ansible 2.3.1.0:

TASK [Install logstash-output-influxdb] ****************************************
task path: /home/kniyl/debug.yml:21
Using module file /usr/lib/python2.7/site-packages/ansible/modules/commands/command.py
<172.20.34.42> ESTABLISH SSH CONNECTION FOR USER: user
<172.20.34.42> SSH: EXEC sshpass -d12 ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o User=user -o ConnectTimeout=10 -o ControlPath=/home/kniyl/.ansible/cp/c01e80a299 172.20.34.42 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /tmp/ansible-tmp-1500279160.43-131555598281831 `" && echo ansible-tmp-1500279160.43-131555598281831="` echo /tmp/ansible-tmp-1500279160.43-131555598281831 `" ) && sleep 0'"'"''
<172.20.34.42> (0, 'ansible-tmp-1500279160.43-131555598281831=/tmp/ansible-tmp-1500279160.43-131555598281831\n', 'OpenSSH_7.5p1, OpenSSL 1.1.0f  25 May 2017\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 1711\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
<172.20.34.42> PUT /tmp/tmpKKjW2p TO /tmp/ansible-tmp-1500279160.43-131555598281831/command.py
<172.20.34.42> SSH: EXEC sshpass -d12 sftp -o BatchMode=no -b - -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o User=user -o ConnectTimeout=10 -o ControlPath=/home/kniyl/.ansible/cp/c01e80a299 '[172.20.34.42]'
<172.20.34.42> (0, 'sftp> put /tmp/tmpKKjW2p /tmp/ansible-tmp-1500279160.43-131555598281831/command.py\n', 'OpenSSH_7.5p1, OpenSSL 1.1.0f  25 May 2017\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 1711\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug2: Remote version: 3\r\ndebug2: Server supports extension "posix-rename@openssh.com" revision 1\r\ndebug2: Server supports extension "statvfs@openssh.com" revision 2\r\ndebug2: Server supports extension "fstatvfs@openssh.com" revision 2\r\ndebug2: Server supports extension "hardlink@openssh.com" revision 1\r\ndebug2: Server supports extension "fsync@openssh.com" revision 1\r\ndebug3: Sent message fd 5 T:16 I:1\r\ndebug3: SSH_FXP_REALPATH . -> /home/user size 0\r\ndebug3: Looking up /tmp/tmpKKjW2p\r\ndebug3: Sent message fd 5 T:17 I:2\r\ndebug3: Received stat reply T:101 I:2\r\ndebug1: Couldn\'t stat remote file: No such file or directory\r\ndebug3: Sent message SSH2_FXP_OPEN I:3 P:/tmp/ansible-tmp-1500279160.43-131555598281831/command.py\r\ndebug3: Sent message SSH2_FXP_WRITE I:4 O:0 S:32768\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop, ack for 4 32768 bytes at 0\r\ndebug3: Sent message SSH2_FXP_WRITE I:5 O:32768 S:25707\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop, ack for 5 25707 bytes at 32768\r\ndebug3: Sent message SSH2_FXP_CLOSE I:4\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
<172.20.34.42> ESTABLISH SSH CONNECTION FOR USER: user
<172.20.34.42> SSH: EXEC sshpass -d12 ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o User=user -o ConnectTimeout=10 -o ControlPath=/home/kniyl/.ansible/cp/c01e80a299 172.20.34.42 '/bin/sh -c '"'"'setfacl -m u:logstash:r-x /tmp/ansible-tmp-1500279160.43-131555598281831/ /tmp/ansible-tmp-1500279160.43-131555598281831/command.py && sleep 0'"'"''
<172.20.34.42> (0, '', 'OpenSSH_7.5p1, OpenSSL 1.1.0f  25 May 2017\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 1711\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
<172.20.34.42> ESTABLISH SSH CONNECTION FOR USER: user
<172.20.34.42> SSH: EXEC sshpass -d12 ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o User=user -o ConnectTimeout=10 -o ControlPath=/home/kniyl/.ansible/cp/c01e80a299 -tt 172.20.34.42 '/bin/sh -c '"'"'sudo -H -S  -p "[sudo via ansible, key=kakvwvsorqsmpksszhwnfgsrvkzhqcrs] password: " -u logstash /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-kakvwvsorqsmpksszhwnfgsrvkzhqcrs; /usr/bin/python /tmp/ansible-tmp-1500279160.43-131555598281831/command.py'"'"'"'"'"'"'"'"' && sleep 0'"'"''
<172.20.34.42> (0, '\r\n\r\n\r\n{"changed": true, "end": "2017-07-17 08:12:20.974695", "stdout": "Validating logstash-output-influxdb\\nInstalling logstash-output-influxdb\\nInstallation successful", "cmd": "bin/logstash-plugin install logstash-output-influxdb", "rc": 0, "start": "2017-07-17 08:11:38.771714", "stderr": "", "delta": "0:00:42.202981", "invocation": {"module_args": {"creates": "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-influxdb-5.0.0", "executable": null, "chdir": "/usr/share/logstash", "_raw_params": "bin/logstash-plugin install logstash-output-influxdb", "removes": null, "warn": true, "_uses_shell": true}}, "warnings": []}\r\n', 'OpenSSH_7.5p1, OpenSSL 1.1.0f  25 May 2017\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 1711\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\nShared connection to 172.20.34.42 closed.\r\n')
<172.20.34.42> ESTABLISH SSH CONNECTION FOR USER: user
<172.20.34.42> SSH: EXEC sshpass -d12 ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o User=user -o ConnectTimeout=10 -o ControlPath=/home/kniyl/.ansible/cp/c01e80a299 172.20.34.42 '/bin/sh -c '"'"'rm -f -r /tmp/ansible-tmp-1500279160.43-131555598281831/ > /dev/null 2>&1 && sleep 0'"'"''
<172.20.34.42> (0, '', 'OpenSSH_7.5p1, OpenSSL 1.1.0f  25 May 2017\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 1711\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
changed: [172.20.34.42] => {
    "changed": true, 
    "cmd": "bin/logstash-plugin install logstash-output-influxdb", 
    "delta": "0:00:42.202981", 
    "end": "2017-07-17 08:12:20.974695", 
    "invocation": {
        "module_args": {
            "_raw_params": "bin/logstash-plugin install logstash-output-influxdb", 
            "_uses_shell": true, 
            "chdir": "/usr/share/logstash", 
            "creates": "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-influxdb-5.0.1", 
            "executable": null, 
            "removes": null, 
            "warn": true
        }
    }, 
    "rc": 0, 
    "start": "2017-07-17 08:11:38.771714", 
    "stderr": "", 
    "stderr_lines": [], 
    "stdout": "Validating logstash-output-influxdb\nInstalling logstash-output-influxdb\nInstallation successful", 
    "stdout_lines": [
        "Validating logstash-output-influxdb", 
        "Installing logstash-output-influxdb", 
        "Installation successful"
    ]
}
@ansibot ansibot added affects_2.4 This issue/PR affects Ansible v2.4 bug_report module This issue/PR relates to a module. needs_triage Needs a first human triage before being processed. support:core This issue/PR relates to code supported by the Ansible Engineering Team. labels Jul 13, 2017
@calfonso calfonso removed the needs_triage Needs a first human triage before being processed. label Jul 13, 2017
@calfonso
Copy link
Contributor

Hi!

Thanks very much for your interest in Ansible. It sincerely means a lot to us.

This appears to be a user question, and we'd like to direct these kinds of things to either the mailing list or the IRC channel.

IRC: #ansible on irc.freenode.net
mailing list: https://groups.google.com/forum/#!forum/ansible-project
If you can stop by there, we'd appreciate it. This allows us to keep the issue tracker for bugs, pull requests, RFEs and the like.

Thank you once again and we look forward to seeing you on the list or IRC. Thanks!

@Kniyl
Copy link
Author

Kniyl commented Jul 13, 2017

Hi @calfonso

I don't get how I made it to appear like a user request but anyway.. I'm not asking how to make the playbook work. It does work. Using ansible 2.3.1.0 it produces the expected output.

However, after

source ~/ansible-devel/hacking/env-setup

the same playbook fails with the provided error.

@Kniyl
Copy link
Author

Kniyl commented Jul 17, 2017

Issue updated to include -vvvv execution of the play on ansible 2.3.1.0 & fixed my /etc/hosts which made sudo print a (seemingly confusing) warning message.

@gcs-github
Copy link

This seems like a legitimate regression... which I've just hit. Please consider reopening as a bug.

@mkilmanas
Copy link

+1 over here. I've run into this issue today when my Ubuntu received a 2.4.0.0 update, suddenly old tasks started failing. After some digging and a downgrade to 2.3.2 I've verified that this is definitely an issue with ansible version.

When you word out the issue, it kinda makes sense - asking to use shell for a user that is not supposed to have shell, is somewhat backwards (even if it used to work, not necessarily it should).

Workaround: shell: sudo -u {{ your_user }} ... without any become does the trick

@mkilmanas
Copy link

@calfonso would you mind reopening this issue, as it appears as a valid regression, or please provide an explanation of why this is not going to be changed? Cheers!

@sastrytumuluri sastrytumuluri mentioned this issue Sep 20, 2017
Closed
@jrandall
Copy link
Contributor

jrandall commented Sep 20, 2017
edited
Loading

I believe the problem here is with the shell module documentation (https://docs.ansible.com/ansible/latest/shell_module.html), which says: It is almost exactly like the command module but runs the command through a shell (/bin/sh) on the remote node.
That is problematic because in no place in the current 2.4+ ansible code base is /bin/sh referenced. What the shell module actually does is to invoke the shell specified by the user's $SHELL environment variable, unless the module argument executable is provided, in which case that shell is invoked instead.

Given that, I think the correct way to handle the OP example would be:

    - name: Install logstash-output-influxdb
      shell: bin/logstash-plugin install logstash-output-influxdb chdir=/usr/share/logstash
      args:
        creates: /usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-influxdb-5.0.1
        executable: /bin/sh
      become: yes
      become_user: logstash

I think this is a documentation bug.

The shell module documentation should be updated to make it clear that the user's $SHELL is invoked by default if executable is not specified, and ideally there would also be a usage note added regarding the need to specify an appropriate value for executable (such as executable: /bin/sh ) if a user does not have a functioning login shell (possibly mentioning /usr/sbin/nologin and /bin/false as examples).

karenc added a commit to openstax/cnx-deploy that referenced this issue Oct 3, 2017
@karenc
Add executable to shell command in tasks
a4d4efe 
Ansible v2.4.0 uses the `become_user` default shell or `$SHELL`
environment variable which is a problem if the `become_user` has
`/usr/sbin/nologin` or `/bin/false` as their default shell.  (The
default shell can be found in `/etc/passwd`)

The error when running the main playbook:

```
TASK [zope_common : run bootstrap]
*******************************************************************************************************************************************
fatal: [staging04.cnx.org]: FAILED! => {"changed": true, "cmd": "/var/cnx/venvs/cnx-buildout/bin/python bootstrap.py", "delta": "0:00:00.013276", "end": "2017-10-03 08:35:30.042500", "failed": true, "msg": "non-zero return code", "rc": 1, "start": "2017-10-03 08:35:30.029224", "stderr": "", "stderr_lines": [], "stdout": "This account is currently not available.", "stdout_lines": ["This account is currently not available."]}
fatal: [staging05.cnx.org]: FAILED! => {"changed": true, "cmd": "/var/cnx/venvs/cnx-buildout/bin/python bootstrap.py", "delta": "0:00:00.007503", "end": "2017-10-03 08:35:30.049117", "failed": true, "msg": "non-zero return code", "rc": 1, "start": "2017-10-03 08:35:30.041614", "stderr": "", "stderr_lines": [], "stdout": "This account is currently not available.", "stdout_lines": ["This account is currently not available."]}
fatal: [staging06.cnx.org]: FAILED! => {"changed": true, "cmd": "/var/cnx/venvs/cnx-buildout/bin/python bootstrap.py", "delta": "0:00:00.020954", "end": "2017-10-03 08:35:30.074102", "failed": true, "msg": "non-zero return code", "rc": 1, "start": "2017-10-03 08:35:30.053148", "stderr": "", "stderr_lines": [], "stdout": "This account is currently not available.", "stdout_lines": ["This account is currently not available."]}
```

Also see ansible/ansible#26741

Change zope_common run bootstrap task to include `executable` in the
shell command with `www-data` as the user.
@karenc karenc mentioned this issue Oct 3, 2017
Merged
mmulich pushed a commit to openstax/cnx-deploy that referenced this issue Oct 4, 2017
@karenc
Add executable to shell command in tasks
a55abeb 
Ansible v2.4.0 uses the `become_user` default shell or `$SHELL`
environment variable which is a problem if the `become_user` has
`/usr/sbin/nologin` or `/bin/false` as their default shell.  (The
default shell can be found in `/etc/passwd`)

The error when running the main playbook:

```
TASK [zope_common : run bootstrap]
*******************************************************************************************************************************************
fatal: [staging04.cnx.org]: FAILED! => {"changed": true, "cmd": "/var/cnx/venvs/cnx-buildout/bin/python bootstrap.py", "delta": "0:00:00.013276", "end": "2017-10-03 08:35:30.042500", "failed": true, "msg": "non-zero return code", "rc": 1, "start": "2017-10-03 08:35:30.029224", "stderr": "", "stderr_lines": [], "stdout": "This account is currently not available.", "stdout_lines": ["This account is currently not available."]}
fatal: [staging05.cnx.org]: FAILED! => {"changed": true, "cmd": "/var/cnx/venvs/cnx-buildout/bin/python bootstrap.py", "delta": "0:00:00.007503", "end": "2017-10-03 08:35:30.049117", "failed": true, "msg": "non-zero return code", "rc": 1, "start": "2017-10-03 08:35:30.041614", "stderr": "", "stderr_lines": [], "stdout": "This account is currently not available.", "stdout_lines": ["This account is currently not available."]}
fatal: [staging06.cnx.org]: FAILED! => {"changed": true, "cmd": "/var/cnx/venvs/cnx-buildout/bin/python bootstrap.py", "delta": "0:00:00.020954", "end": "2017-10-03 08:35:30.074102", "failed": true, "msg": "non-zero return code", "rc": 1, "start": "2017-10-03 08:35:30.053148", "stderr": "", "stderr_lines": [], "stdout": "This account is currently not available.", "stdout_lines": ["This account is currently not available."]}
```

Also see ansible/ansible#26741

Change zope_common run bootstrap task to include `executable` in the
shell command with `www-data` as the user.
@Kniyl
Copy link
Author

Kniyl commented Oct 5, 2017

Thank you @jrandall this is exactly the piece of documentation that I overlooked. I was focusing too much on the become part without checking on the shell end.

@bcoca bcoca mentioned this issue Oct 5, 2017
Merged
xenithorb added a commit to RocketChat/Rocket.Chat.Ansible that referenced this issue Oct 20, 2017
@xenithorb
Workaround: Fix mongodb user on centos with /sbin/nologin - new bug i…
5741265 
…n 2.4.0

Needs executable on users with /sbin/nologin or /sbin/false because
it uses $SHELL:

ansible/ansible#26741 (comment)
@xenithorb xenithorb mentioned this issue Oct 20, 2017
Merged
xenithorb added a commit to RocketChat/Rocket.Chat.Ansible that referenced this issue Oct 20, 2017
@xenithorb
Workaround: Fix mongodb user on centos with /sbin/nologin - new bug i…
367359e 
…n 2.4.0

Needs executable on users with /sbin/nologin or /sbin/false because
it uses $SHELL:

ansible/ansible#26741 (comment)
drybjed added a commit to drybjed/debops that referenced this issue Nov 23, 2017
@drybjed
[debops.mailman] Fix command/shell task execution
5ae38d2 
Ansible 2.4 changed the behaviour of the 'shell' and 'command' modules
when used with the 'become' execution method. Now, the modules use the
default shell of the account being switched into, instead of the
remote user shell.

Because the 'list' account (created at Debian installation) uses the
'/usr/sbin/nologin' command as the default shell, the tasks that operate
under that account need to have an alternative shell specified
explicitly.

More details: ansible/ansible#26741
@drybjed drybjed mentioned this issue Feb 8, 2018
Merged
@ansibot ansibot added bug This issue/PR relates to a bug. and removed bug_report labels Mar 7, 2018
@YuraGB
Copy link

YuraGB commented Jun 4, 2018

me helped => sudo pip unistall ansible== 2.4.0 => sudo pip install ansible==2.4.4

@ansible ansible locked and limited conversation to collaborators Apr 26, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
affects_2.4 This issue/PR affects Ansible v2.4 bug This issue/PR relates to a bug. module This issue/PR relates to a module. support:core This issue/PR relates to code supported by the Ansible Engineering Team.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

correctly use configured ansible_shell_executable bcoca/ansible
7 participants
@calfonso @gcs-github @mkilmanas @jrandall @Kniyl @ansibot @YuraGB