Red Hat Ansible
I’m building new servers for Unix Tutorial VPS pool and for some functions within my Tech Stack Solutions consultancy, and one show stopper for Ansible onboarding is this: default sudoers settings do not support remote sessions generated by Ansible. Here’s how to address this.
Many modern distros have the following default variable in main SUDO config file,
In very basic terms, this setting means only interactive users of your system (local terminal sessions or Terminal app started from graphics desktop or even SSH sessions). But for non-interactive use like scripts and
Ansible automation this doesn’t work.
Ansible playbook against such a system, you’ll get an error about “sudo: sorry, you must have a tty to run sudo”:
While it’s possible to just disable this default option altogether:
I strongly recommend you *NOT do this – it’s a security setting that one day will result in an issue.
That’s why I suggest the next best thing: let’s disable this setting for just the users for
Ansible automation. In my case, this is the default user created on each newly installed/deployed server – that’s usually my user greys.
So we add the following line to
What this does is perfect: it disables
requiretty just for the user I need it for, without compromising overall
sudoers setup more than required.