Molecule: [question] sudo required when using delegate_to

Created on 29 Nov 2016  路  3Comments  路  Source: ansible-community/molecule

Issue Type

  • Bug report

Desired Behaviour

When using delegate_to: 127.0.0.1on a task in a role, molecule errors, requiring password for sudo. In this instance I am not running the Ansible playbook command with sudo rights, neither have I asked it too via become.

This is the exact error I am getting:

fatal: [molecule-test -> 127.0.0.1]: FAILED! => {"changed": false, "failed": true, "module_stderr": "sudo: a password is required\n", "module_stdout": "", "msg": "MODULE FAILURE"}

Here is a simple tasks/main.yml to recreate the issue:

- name: A simple test for delegate_to
  shell: echo "test"
  delegate_to: 127.0.0.1

Here is the molecule file:

dependency:
  name: galaxy
driver:
  name: docker
docker:
  containers:
    - name: molecule-test
      image: ubuntu
      image_version: latest
      ansible_groups:
        - group1
verifier:
  name: testinfra

Here is the playbook file:

- hosts: all
  roles:
    - role: molecule-test

I am running:
Docker for Mac 1.12.3
molecule version is: 1.15.0
ansible version is: 2.2.0.0

I'm not sure this is a bug, but probably a side case of using Docker, but I'm not sure how get past it.

picture srizzling

Most helpful comment

I managed to change my molecule file to be sudo: False instead. Probably personal preference, I prefer to write tasks with least privilege, but I understand the reasoning behind it.

Thanks,
Sriram

picture srizzling on 29 Nov 2016
👍3

All 3 comments

Oh I see, after running --debug with molecule.

I see its appending --sudo automatically

/Library/Frameworks/Python.framework/Versions/2.7/bin/ansible-playbook playbook.yml --inventory-file=.molecule/ansible_inventory --vault-password-file=vault_password_file --sudo --connection=docker --limit=all --user=root --timeout=30 --diff

Any reason why?

srizzling picture srizzling on 29 Nov 2016

sudo is always added to the ansible-playbook command. We do not rely on become or sudo in the tasks. Just add sudo: False to molecule.yml.

retr0h picture retr0h on 29 Nov 2016

I managed to change my molecule file to be sudo: False instead. Probably personal preference, I prefer to write tasks with least privilege, but I understand the reasoning behind it.

Thanks,
Sriram

srizzling picture srizzling on 29 Nov 2016
👍3
Was this page helpful?
0 / 5 - 0 ratings

Related issues

ssbarnea picture ssbarnea  路  4Comments
beenje picture beenje  路  4Comments
nkakouros picture nkakouros  路  4Comments
Moep90 picture Moep90  路  5Comments
decentral1se picture decentral1se  路  3Comments