无法使用Vagrant上的Ansible框启动Docker服务

Question

---
- hosts: vagrant
  remote_user: root
  become_method: sudo
  tasks:
        - name: Start service docker, if not running
          service:
               name: docker
               state: started

ERROR: fatal: [192.168.1.16]: FAILED! => {"changed": false, "msg": "Unable to start service docker: Failed to start docker.service: Interactive authentication required.\\nSee system logs and 'systemctl status docker.service' for details.\\n"}

I want to start Docker using Ansible to other host (Vagrant). I could ping with Ansible to two hosts. But it won't work with Vagrant host.

Have any idea how to fix this?

Answer 1

Root cause

The remote_user setting in playbook ( remote_user: root in the question) is ignored when using Ansible provisioner in Vagrant with default settings.

Explanation

There is an important difference between "regular" variables and connection variables in Ansible with regard to precedence:

Another important thing to consider (for all versions) is that connection variables override config, command line and play/role/task specific options and directives. For example:

 ansible -u lola myhost 

This will still connect as ramon because ansible_ssh_user is set to ramon in inventory for myhost. For plays/tasks this is also true for remote_user:

 - hosts: myhost tasks: - command: i'll connect as ramon still remote_user: lola 

This is done so host-specific settings can override the general settings.

Since you are using Vagrant, it creates an inventory file in under directory .vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory and by default (depends also on box's defults) specifies ansible_user='vagrant' inside, which means the remote_user: root is overridden by that default setting.

This is mentioned in Vagrant docs as well:

force_remote_user (boolean) - require Vagrant to set the ansible_ssh_user setting in the generated inventory, or as an extra variable when a static inventory is used. All the Ansible remote_user parameters will then be overridden by the value of config.ssh.username of the Vagrant SSH Settings.

If this option is set to false Vagrant will set the Vagrant SSH username as a default Ansible remote user, but remote_user parameters of your Ansible plays or tasks will still be taken into account and thus override the Vagrant configuration.

The default value is true .

Solutions

You can:

• modify your play by adding become: true to either whole play, or a single task;

• set force_remote_user to false in the Vagrantfile;

• set config.ssh.username to root in the Vagrantfile.

The first one being the preferable way.

Answer 2

Interactive authentication required Seems like the user running the sudo command remotely requires a password for the sudo action and as there no terminal to provide it, it fails.

Try to use a remote user having the right to run sudo command without the need to authenticate.

You could also use "ansible_sudo_pass" to specify the password to provide remotely.