Ansible FAILED! => {"msg": "Missing sudo password"}

book

Article ID: 193351

calendar_today

Updated On:

Products

CA API Gateway API SECURITY CA API Gateway Precision API Monitoring Module for API Gateway (Layer 7) CA API Gateway Enterprise Service Manager (Layer 7) STARTER PACK-7 CA Microgateway

Issue/Introduction

We're trying to upgrade our dev gateway clusters currently in 9.4 to the new version 10.

We're following the documentation https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-api-management/api-gateway/10-0/install-configure-upgrade/upgrade-the-gateway/upgrade-an-appliance-gateway/automated-expedited-upgrade/automating-with-ansible.html
and following the approach Create New and Migrate .We have configured all the necessary pre-requites mentioned in https://github.com/CAAPIM/gateway-ansible-playbook .

We ran the gateway_preupgrade_analyzer  and it ran without giving any error, the report is attached here with the case and the next playbook gateway_export_database .

However when we're trying to the next playbook mentioned in the documentation we are getting an error:

[[email protected] gateway-ansible-playbook]# ansible-playbook -i inventories/dev/hosts.yml playbooks/gateway-basic-backup.yml --vault-password-file vault_pass

 

PLAY [run gateway backup against provided list of gateways] *************************************************************************************************

 

TASK [gateway_basic_backup : Check requirement node.properties exists.] *************************************************************************************

fatal: [gwserv13-d.am.edited.com]: FAILED! => {"msg": "Missing sudo password"}

 

PLAY RECAP **************************************************************************************************************************************************

gwserv13-d.am.edited.com    : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

We're running the ansible playbooks as root, and we've correctly updated all the relevant passwords in the vault file.Could you let us know what we might be missing here , and why it is complaining of missing sudo password?


Cause

Known Ansible procedure but does not appears on playbook documentation.

Environment

Release : 9.4

Component : API GATEWAY

Resolution

1. On this case it was necessary to revert a workaround that customer did on /inventories/dev/group_vars/all/vars file to avoid the original "Missing sudo password"
he added the following :
ansible_become: yes
ansible_become_user: root
ansible_become_password: "{{vault_gateway_root_password}}"
ansible_become_method : enable

they resolved "Missing sudo password" error, but new error appeared when run the command from home directory :

[[email protected] gateway-ansible-playbook]# ansible-playbook -i inventories/dev/hosts.yml playbooks/gateway-basic-backup.yml

but got a new Error :

TASK [gateway_basic_backup : check requirement node.properties exists.]*********************************************************

FAILED!==> {”msg”: “The conditional check ‘not file_status.stat.exists’ failed. The error was:

Error while evaluating conditional [not file_status.stat.exists): ‘dict object’ has no attribute ‘stat’”}

2. To Resolve , reverted back the initial workaround, leaving this way on /inventories/dev/group_vars/all/vars file

#ansible_become: yes
#ansible_become_user: root
#ansible_become_password: "{{vault_gateway_root_password}}"
#ansible_become_method : enable

3. edited from target node (gw10) the /etc/sudoers file and add the following in ssgconfig section bottom the file.

ssgconfig ALL=(ALL) NOPASSWD:ALL

save and run the script again with success.

4. Please delete the added line in /etc/sudoers when finished all upgrade process. 

 

 

Additional Information

https://github.com/CAAPIM/gateway-ansible-playbook

Create New and Migrate Procedure