`delegate_to: localhost` can break with `become: yes`

Question

`delegate_to: localhost` can break with `become: yes`

Closed this issue 3 years ago · 1 comments

When I run the roles to install step CA on my infrastructure i'm hitting an error where it is telling me i'm using the wrong sudo password.

Here's the stack trace

TASK [maxhoesel.smallstep.step_cli : Get latest step-cli release information] *****************************************************************************************************************
fatal: [testnode1]: FAILED! => {
    "changed": false,
    "rc": 1
}

MSG:

MODULE FAILURE
See stdout/stderr for the exact error


MODULE_STDERR:


Sorry, try again.
[sudo via ansible, key=*****] password:
sudo: timed out reading password
sudo: 1 incorrect password attempt

The reason this is happening is i am running the role from my local machine. Since I have a different sudo password locally than what exists on the infrastructure, the task with delegate_to: localhost is failing.

Answer 1 · 2021-05-19T21:01:29.000Z

Good catch! When I first wrote those roles i had become: yes enabled on a per-task level, before later moving to blanket privilege escalation for the entire role. When I did so, I just forgot to excluse these local tasks from running as root. Thank you for reporting it!