running tasks on localhost requires sudo permissions

[codezninja]

Hi,

New to ansible and was trying to use this role. When I set promtail_version: latest in my vars the role errors out with the following.

Now in another run, I set ANSIBLE_DEBUG=true since it seemed like thats how I can enable no_log=false but I can't really make heads or tail what the error is in the very verbose output.
But ff I set that var to a number it works fine since it uses another task step to download the binary.

So my question is, any guidance on how to debug this better so I can fix the problem?

[patrickjahns]

@codezninja

From your description, the problem does not seem to be related directly to the role and more of an environment issue.
Right now it's hard to provide any guidance - as a lot of information is missing. Especially having the full text output of a run with ANSIBLE_DEBUG=true.

If you are failing with setting ANSIBLE_DEBUG=true might I suggest that you just edit the role locally and set no_log=false manually on the task?

[codezninja]

I'll try and get some more debug information.

[codezninja]

This is the output from that task when no_log=false

[codezninja]

So it seems like the delegate_to: localhost was the issue that I was having when using version 1.21.0. When I comment that part out. It works as expected.

I see 1.22.0 that part was changed. So I'll test that out and report back

EDITIED: The latest version causes another issue

Seems like delegate_to doesn't work will with become: true with the module.

[patrickjahns]

@codezninja

This seems still to be more of an issue with your environment / playbook. The role will not per-default elevate the privileges for the preflight tasks - please see: https://github.com/patrickjahns/ansible-role-promtail/blob/master/tasks/main.yml#L1-L22

Please share your playbook and the way you are executing your playbook - the core cause for this is most likely there

Can I also ask you, to share any issues as plaintext instead of screenshots. Screenshots are hard to read when it's text, as it is cropped to fit into size and makes it very uncomfortable to read. Thank you

[codezninja]

Can I also ask you, to share any issues as plaintext instead of screenshots. Screenshots are hard to read when it's text, as it is cropped to fit into size and makes it very uncomfortable to read. Thank you

Sorry about that. Will do plaintext going forth.

Please share your playbook and the way you are executing your playbook - the core cause for this is most likely there

So the playbook is pretty simple. I'm just running this with packer with the ansible provider. When the provider ssh into the system. It is as a non-root user, since root user ssh is locked down. I use ansible become to allow that user to become root before it executes the playbook. It's able to do that since that ssh user is allowed sudo privs

The problem I think is happening is that since part of the task in the role is delegated to localhost. Ansible is trying to run sudo on my local machine which it can't so it fails to run the task. I opened a PR that fixed my problem by not escalating the user for that task but I can just leave it in my fork if it's not what you desired.

Playbook

---
- name: Setup promtail
  hosts: all
  become: true
  vars_files:
    - ./vars/default.yml
  roles:
    - { role: promtail,  tags: promtail }

default.yml

promtail_version: latest
promtail_log_level: debug
promtail_loki_server_url: https://my.domainname.com
promtail_config_scrape_configs:
- job_name: system
  static_configs:
  - targets:
      - localhost
    labels:
      job: varlogs
      host: "{{ ansible_hostname }}"
      __path__: /var/log/*log

packer config

  provisioner "ansible" {
    playbook_file        = "./ansible/site.yml"
    user                 = "provisioner"
    roles_path           = "./ansible/roles"
    galaxy_file          = "./ansible/requirements.yml"
    galaxy_force_install = true
    use_proxy            = false
  }

EDITIED:

• added packer config and link to packer ansible docs

[patrickjahns]

Thank you for all the information ❤️

As I've suspected, you are forcing become: true on all tasks with your current playbook. As the role already takes care of requesting elevated privileges only for tasks it requires sudo rights, it wouldn't be required to set this on the playbook level.

Can you try running the playbook without it:

---
- name: Setup promtail
  hosts: all
  vars_files:
    - ./vars/default.yml
  roles:
    - { role: promtail,  tags: promtail }

[codezninja]

thats good to know. Some roles required me to elevate to root before running. Running this role without root worked. So I'll just separate out those roles into another step.

Thanks for the help.

[patrickjahns]

Happy to hear that it's now working for you as intended 👍 . Thank you very much for the open communication and collaboration on this issue

[codezninja]

thank you for a great role.