Ansible Support in SUDO

Red Hat Ansible Red Hat Ansible

I’m building new servers for Unix Tutorial VPS pool and for some functions within my Tech Stack Solutions consultancy, and one show stopper for Ansible onboarding is this: default sudoers settings do not support remote sessions generated by Ansible. Here’s how to address this.

The issue with Ansible and sudoers

Many modern distros have the following default variable in main SUDO config file, /etc/sudoers:

Defaults    requiretty

In very basic terms, this setting means only interactive users of your system (local terminal sessions or Terminal app started from graphics desktop or even SSH sessions). But for non-interactive use like scripts and Ansible automation this doesn’t work.

When trying Ansible playbook against such a system, you’ll get an error about “sudo: sorry, you must have a tty to run sudo”:

Disable requrietty Option Per User

While it’s possible to just disable this default option altogether:

Defaults    !requiretty

I strongly recommend you *NOT do this – it’s a security setting that one day will result in an issue.

That’s why I suggest the next best thing: let’s disable this setting for just the users for Ansible automation. In my case, this is the default user created on each newly installed/deployed server – that’s usually my user greys.

So we add the following line to /etc/sudoers:

Defaults:greys    !requiretty

What this does is perfect: it disables requiretty just for the user I need it for, without compromising overall sudoers setup more than required.

See Also

Contact Me

Follow me on Facebook, Twitter or Telegram:
I learn with Educative: Educative
IT Consultancy
I'm a principal consultant with Tech Stack Solutions. I help with cloud architectrure, AWS deployments and automated management of Unix/Linux infrastructure. Get in touch!

Recent Tweets