You performing a fresh installation or upgrade of the Topology service. The installation process fails at the specific task titled "Copy v3 extensions file." Even when you provide the become password using the -K flag, the authentication failure persists on the local Ansible control node.

You see the following error in the installation logs: fatal: [####]: FAILED! => {"msg": "Incorrect su password"}

• DX NetOps Performance Management
• Topology Service

Ansible attempts privilege escalation using the su method to switch from the topology service account to the neo4j operating system user. The su command requires the target account's (neo4j) own password. If the password supplied to the playbook does not match the actual neo4j account password on the target system, or if the account is locked, the task fails.

You resolve this by switching the privilege escalation method from su to sudo and configuring the necessary permissions.

1. You log in to the target host as the root user.
2. You create or edit the sudoers configuration file for the topology user: vi /etc/sudoers.d/topology
3. You add the following rule to allow the topology user to run commands as neo4j without a password prompt: topology ALL=(neo4j) NOPASSWD: ALL
4. You navigate to the Topology installation directory on your Ansible control node.
5. You locate the graphdb_neo4j role task file, typically named graphdb_neo4j_install.yaml.
6. You find the task configuration and change the become_method from su to sudo.
7. You save the file and restart the installation playbook.

Expected Outcome: The installation progresses past the "Copy v3 extensions file" task as Ansible now uses sudo to escalate privileges without requiring the neo4j user's password.

For additional information see these documentation topics.

• Install Topology
• Grant Sudo Privileges to the New User on all Nodes