Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

doas become-method hangs forever #13449

Closed
8191 opened this issue Dec 5, 2015 · 5 comments
Closed

doas become-method hangs forever #13449

8191 opened this issue Dec 5, 2015 · 5 comments
Labels
bug This issue/PR relates to a bug.
Milestone
2.0

Comments

@8191
Copy link
Contributor

8191 commented Dec 5, 2015

When executing commands using the doas become method, the execution seems to hang forever.

---
- hosts: all
  gather_facts: False
  tasks:
    - command: /usr/bin/whoami
      become: True
% ansible-playbook -i test.inv -vvv --become-method=doas --ask-become-pass test.yml
No config file found; using defaults
DOAS password:
1 plays in test.yml

PLAY ***************************************************************************

TASK [command] *****************************************************************
task path: /home/mf/cm/test/test.yml:5
<hanoi> ESTABLISH SSH CONNECTION FOR USER: None
<hanoi> SSH: EXEC ssh -C -q -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/mf/.ansible/cp/ansible-ssh-%h-%p-%r -tt hanoi ( umask 22 && mkdir -p "$( echo $HOME/.ansible/tmp/ansible-tmp-1449355062.25-183864280109478 )" && echo "$( echo $HOME/.ansible/tmp/ansible-tmp-1449355062.25-183864280109478 )" )
<hanoi> PUT /tmp/tmpylGAdK TO /home/mf/.ansible/tmp/ansible-tmp-1449355062.25-183864280109478/command
<hanoi> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/mf/.ansible/cp/ansible-ssh-%h-%p-%r [hanoi]
<hanoi> ESTABLISH SSH CONNECTION FOR USER: None
<hanoi> SSH: EXEC ssh -C -q -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/mf/.ansible/cp/ansible-ssh-%h-%p-%r -tt hanoi /bin/sh -c 'doas  -u root  echo BECOME-SUCCESS-lelyicqshqztskrukvdaqmskgruxowwj && doas  -u root  env ANSIBLE=true LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 LC_MESSAGES=en_US.UTF-8 /usr/local/bin/python2.7 /home/mf/.ansible/tmp/ansible-tmp-1449355062.25-183864280109478/command; rm -rf "/home/mf/.ansible/tmp/ansible-tmp-1449355062.25-183864280109478/" > /dev/null 2>&1'

How to debug this the best way?

My /etc/doas.conf:

permit keepenv { PKG_PATH ENV PS1 SSH_AUTH_SOCK } :wheel
permit nopass keepenv { PKG_PATH ENV PS1 SSH_AUTH_SOCK } root

Using ansible 9557102
@bcoca bcoca added this to the v2 milestone Dec 6, 2015
@bcoca
Copy link
Member

bcoca commented Dec 6, 2015

I reproduced, but it only seems to be an issue when passwords are required

@bcoca
Copy link
Member

bcoca commented Dec 6, 2015

so the issue is that we execute doas twice, which prompts for passwords twice, but we only supply one

bcoca added a commit to bcoca/ansible that referenced this issue Dec 6, 2015
@bcoca
fixed doas from getting stuck when needing passwords
0533e0b 
Also adjusted test to match new doas become output
fixes ansible#13449
@bcoca bcoca mentioned this issue Dec 6, 2015
Merged
@bcoca
Copy link
Member

bcoca commented Dec 6, 2015

can you verify that the PR above fixes your issue?

@8191
Copy link
Contributor Author

8191 commented Dec 6, 2015

Yes, works for me.

@bcoca
Copy link
Member

bcoca commented Dec 8, 2015

closing via merged #13451

@bcoca bcoca closed this as completed Dec 8, 2015
@ansibot ansibot added bug This issue/PR relates to a bug. and removed bug_report labels Mar 7, 2018
@ansible ansible locked and limited conversation to collaborators Apr 25, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug This issue/PR relates to a bug.
Projects
None yet
Milestone
2.0
Development

No branches or pull requests
3 participants
@bcoca @8191 @ansibot