Kubespray: Kubespray Azure CentOS failing
Using latest Kubespray for setting up a cluster in Azure. By default Kubespray provisioning CentOS VMs for cluster nodes. while executing ansible playbook to deploy the kubernetes, I am getting "sudo: sorry, you must have a tty to run sudo" error. This is some problem with the image it seems. Struggling to find a work around. As a last work around i wanted to change it to Ubuntu. Dont know which file i have to touch upon. Kindly help me. Dont have any problems with centos or ubuntu. Attached the console log.
ansibleerror.txt
sunilkcs
All 8 comments
Seems to be https://bugzilla.redhat.com/show_bug.cgi?id=1020147
requiretty in the sudoers config should be removed since March 2014 according to this, so it maybe hasn't made it into CentOS yet?
Ansible had a fix upstream, but it was removed again: https://github.com/ansible/ansible/pull/13200
I installed the current sudo package (sudo-1.8.23-3.el7.x86_64.rpm) in a CentOS7 container and it didn't set requiretty. Either Microsoft sets this for you or you set this yourself. Please don't do that and get in touch with Azure to have them update their VM templates with sane configuration files.
If you need to fix this, there are documented steps to take, e.g. you could run
- lineinfile:
dest: /etc/sudoers
line: 'Defaults requiretty'
state: absent
sudo_user: root
vars:
ansible_ssh_pipelining: no
MarkusTeufelberger
on 2 May 2019
I checked the VM provisioned in azure. It had requiretty enabled. I disabled it and it worked. But it will take good amount of time to follow up with azure. So I wanted to know how can I fix this from kubspray code. Can you please tell me how many files I have to modify for this ? It would be a great help if you can point me the file path in the code . Thank you for the replay.
sunilkcs
on 2 May 2019
Will confirm whether this fix work by tomorrow. Is it possible to change it from centos to Ubuntu ? Which config file I need to modify for this ?
sunilkcs
on 2 May 2019
I'm not familiar with Azure, sorry.
This only seems to affect CentOS on Azure, please do get in contact with Microsoft about this - you can also reference https://access.redhat.com/errata/RHSA-2016:2593.
The file to modify if you want to add the task is https://github.com/kubernetes-sigs/kubespray/blob/master/roles/bootstrap-os/tasks/bootstrap-centos.yml, you'd need to add this task in there before become: true is used on another task. It would be really unfortunate if everyone on CentOS would need to run this extra task just because a single cloud provider has outdated defaults in their VMs.
MarkusTeufelberger
on 2 May 2019
https://github.com/kubernetes-sigs/kubespray/issues/4694#issuecomment-488780701 . Evan after adding "lineinfile" task in '/roles/bootstrap-os/tasks/bootstrap-centos.yml' as first one, still getting the same "sudo: sorry, you must have a tty to run sudo" error.
sunilkcs
on 6 May 2019
Did you report this misconfiguration at Microsoft yet?
MarkusTeufelberger
on 6 May 2019
I did not do that yet Markus. I will do it today.
sunilkcs
on 6 May 2019
I followed up this with Microsoft yesterday. But I could fix this by changing the value of centos imageReference sku value from '7.2' to '7.5' in 'kubespray/contrib/azurerm/roles/generate-templates/defaults/main.yml' file. Thank you Markus for your help. Closing this ticket
sunilkcs
on 7 May 2019
Related issues
sermilrod
路
4Comments
jonathan-kosgei
路
4Comments
supabibz
路
3Comments
TurboTim
路
4Comments
servo1x
路
4Comments