Using the geerlingguy.postgresql Ansible role and can't get past the following error:
TASK [geerlingguy.postgresql : Ensure PostgreSQL databases are present.] ******* failed: [database_host] (item={u'name': u'database_name'}) => {"failed": true, "item": {"name": "database_name"}, "module_stderr": "sudo: a password is required\n", "module_stdout": "", "msg": "MODULE FAILURE"}
The task looks like so:
- name: Ensure PostgreSQL database is initialized.
command: "{{ postgresql_bin_path }}/initdb -D {{ postgresql_data_dir }}"
when: not pgdata_dir_version.stat.exists
become: yes
become_user: "{{ postgresql_user }}"
# See: https://github.com/ansible/ansible/issues/16048#issuecomment-229012509
vars:
ansible_ssh_pipelining: true
The value for postgresql_user is the OS default of postgres which is a valid user. The remote_user I'm connecting with has full sudo with nopasswd and all other tasks before this (playbook runs with become: true) run fine. I'm guessing this has something to do with switching to a non-privileged user but I can't seem to figure it out. Any ideas?
Use the following setting in /etc/sudoers:
devops ALL=(ALL) NOPASSWD: ALL
from comments:
The
remote_userI'm connecting with has full sudo with nopasswdPlease show the settings from
/etc/sudoersinstead of describing their supposed effects.devops ALL=NOPASSWD: ALL
No, it doesn't have "full sudo" (whatever it means). You are allowing the devops user to run commands only as root, not as another user which you set in {{ postgresql_user }}.