I am provisioning RHEL 9 machines via an Ansible playbook that contains this task: - name: Set DNS server community.general.nmcli: conn_name: "{{ conn_name | default('ens192') }}" type: "{{ connection_type | default('ethernet') }}" dns4: - "{{ dns_1_ip }}" - "{{ dns_2_ip }}" state: present Up to RHEL 9.3 this playbook worked well. However, on a new RHEL 9.6 server (that I shall call myhost) Ansible returns the error > Error: Connection activation failed: IP configuration could not be reserved (no available address, timeout, etc.) On the server, the command journalctl -xe NM_CONNECTION=c337c0ba-ab72-4510-9015-2c42caccb9b5 + NM_DEVICE=ens192 returns: Jun 17 15:03:33 myhost NetworkManager: [1750165413.4029] device (ens192): disconnecting for new activation request. Jun 17 15:03:33 myhost NetworkManager: [1750165413.4029] device (ens192): state change: activated -> deactivating (reason 'new-activation', managed-type: 'full') Jun 17 15:03:33 myhost NetworkManager: [1750165413.4376] device (ens192): state change: deactivating -> disconnected (reason 'new-activation', managed-type: 'full') Jun 17 15:03:33 myhost NetworkManager: [1750165413.4494] device (ens192): Activation: starting connection 'ens192' (c337c0ba-ab72-4510-9015-2c42caccb9b5) Jun 17 15:03:33 myhost NetworkManager: [1750165413.4510] device (ens192): state change: disconnected -> prepare (reason 'none', managed-type: 'full') Jun 17 15:03:33 myhost NetworkManager: [1750165413.4513] device (ens192): state change: prepare -> config (reason 'none', managed-type: 'full') Jun 17 15:03:33 myhost NetworkManager: [1750165413.4785] device (ens192): state change: config -> ip-config (reason 'none', managed-type: 'full') Jun 17 15:03:33 myhost NetworkManager: [1750165413.4809] dhcp4 (ens192): activation: beginning transaction (timeout in 45 seconds) Jun 17 15:04:19 myhost NetworkManager: [1750165459.1052] device (ens192): state change: ip-config -> failed (reason 'ip-config-unavailable', managed-type: 'full') Jun 17 15:04:19 myhost NetworkManager: [1750165459.1065] device (ens192): Activation: failed for connection 'ens192' Jun 17 15:04:19 myhost NetworkManager: [1750165459.1068] device (ens192): state change: failed -> disconnected (reason 'none', managed-type: 'full') Jun 17 15:04:19 myhost NetworkManager: [1750165459.1159] dhcp4 (ens192): canceled DHCP transaction Jun 17 15:04:19 myhost NetworkManager: [1750165459.1160] dhcp4 (ens192): activation: beginning transaction (timeout in 45 seconds) Jun 17 15:04:19 myhost NetworkManager: [1750165459.1160] dhcp4 (ens192): state changed no lease Jun 17 15:04:19 myhost NetworkManager: [1750165459.1252] device (ens192): Activation: starting connection 'VMware customization ens192' (fdc16ed3-da99-41e1-9938-cdbb2c82f1dd) Jun 17 15:04:19 myhost NetworkManager: [1750165459.1254] device (ens192): state change: disconnected -> prepare (reason 'none', managed-type: 'full') Jun 17 15:04:19 myhost NetworkManager: [1750165459.1269] device (ens192): state change: prepare -> config (reason 'none', managed-type: 'full') Jun 17 15:04:19 myhost NetworkManager: [1750165459.1451] device (ens192): state change: config -> ip-config (reason 'none', managed-type: 'full') Jun 17 15:04:19 myhost NetworkManager: [1750165459.1511] device (ens192): state change: ip-config -> ip-check (reason 'none', managed-type: 'full') Jun 17 15:04:19 myhost NetworkManager: [1750165459.1761] device (ens192): state change: ip-check -> secondaries (reason 'none', managed-type: 'full') Jun 17 15:04:19 myhost NetworkManager: [1750165459.1762] device (ens192): state change: secondaries -> activated (reason 'none', managed-type: 'full') Jun 17 15:04:19 myhost NetworkManager: [1750165459.1766] device (ens192): Activation: successful, device activated. The server's IP address is set statically (no DHCP). The command ip addr returns: 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens192: mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:50:56:a3:26:a3 brd ff:ff:ff:ff:ff:ff altname enp11s0 inet 10.140.33.51/24 brd 10.140.33.255 scope global noprefixroute ens192 valid_lft forever preferred_lft forever inet6 fe80::250:56ff:fea3:26a3/64 scope link noprefixroute valid_lft forever preferred_lft forever Output of nmcli connection show: NAME UUID TYPE DEVICE VMware customization ens192 fdc16ed3-da99-41e1-9938-cdbb2c82f1dd ethernet ens192 lo 20226404-dda1-4e98-8bcd-3cc922f7decb loopback lo ens192 c337c0ba-ab72-4510-9015-2c42caccb9b5 ethernet -- What can I further research to troubleshoot why this Ansible playbook fails?

The Mandatory Access Controls or MAC labels are different for NFS which are different for httpd, and different yet again for SaMBa. What is the proper way nowadays to label a SINGLE shared filesystem hierarchy on the server such that it is properly re-labelled by restorecon, can be accessed successfully server-side by all three services, and survives system updates? In other words, when the server side fs hierarchy is labelled for sharing over NFS, then that breaks access by httpd and smb daemons on the same server. If labelled for httpd, then NFS and SMB services stop sharing because the files are labelled httpd only, so are denied rw. And finally, SMB Labels break both NFS and httpd services. Is their a modern devops approach to this such as an Ansible playlist? I had made custom labels before but having to remake them after system updates caused too much friction. Wondering if custom labels are still the way, but now with automation?

I am having an error where the fields of my variable are not being detected when trying to build a configuration using a jinja2 template. This is to sync Linux repositories to yum and apt based systems from a golden source using ansible. Each repository configuration would go into a different file and the task updated with the variable name. Base system configs should be able to be put in one file using multiple uses of "-" then a list of attributes. I have reviewed: https://unix.stackexchange.com/questions/425824/for-loop-in-jinja2?newreg=93efdc763c9b4ce3b64c379efd46b9cd https://omarkhawaja.com/accessing-ansible-variables-with-jinja2-loops/ https://stackoverflow.com/questions/25418158/templating-multiple-yum-repo-files-with-ansible-template-module as well as others that are less relevant to what I am doing. var file: --- repo: - name: google_chrome async: 1 url: http://dl.google.com/linux/chrome/rpm/stable/x86_6 ... include var task: - name: Include var into the 'chrome' variable. include_vars: file: google_chrome_repo.yaml name: chrome task to use template module: - name: generate config for Centos template: src: yum_template.j2 dest: "/etc/yum.repos.d/{{ item }}.repo" backup: yes with_items: - chrome when: - ansible_distribution == 'CentOS' template: {% for i in item %} [ {{ i.name }} ] async = {{ i.async }} baseurl = {{ i.url }} enabled = {{ i.repo_enable }} enablegroups = {{ i.pkggrp_enable }} failovermethod = {{ i.ha_method }} gpgkey = {{ i.gpgkey_url }} http_caching = {{ i.http_caching }} keepcache = {{ i.keepcache }} metadata_expire = {{ i.metadata_expire }} mirrorlist = {{ i.mirrorlist }} mirrorlist_expire = {{ i.mirrorlist_expire }} name = {{ i.descrip }} protect = {{ i.protect }} proxy = {{ i.proxy_config }} proxy_password = {{ i.proxy_username }} proxy_username = {{ i.proxy_password }} repo_gpgcheck = {{ i.repo_gpgcheck }} retries = {{ i.repo_retry_count }} s3_enabled = {{ i.s3_enabled }} sslverify = {{ i.ssl_verify }} timeout = {{ i.timeout }} {% endfor %} error: failed: [192.168.33.31] (item=chrome) => {"changed": false, "item": "chrome", "msg": "AnsibleUndefinedVariable: 'unicode object' has no attribute 'name'"} whichever attribute in role is first called by the jinja2 template will fail in this way. If I change the following so name isn't referenced and "i.name" becomes just "chrome" it will fail on async I can see the variable is imported ok: [192.168.33.31] => {"ansible_facts": {"chrome": {"repo": [{"async": 1, "descrip": "Google Chrome Repository", "gpgkey_url": "https://dl.google.com/linux/linux_signing_key.pub ", "ha_method": "roundrobin", "http_caching": 1, "keepcache": 1, "metadata_expire": 21600, "mirrorlist": null, "mirrorlist_expire": 21600, "name": "google_chrome", "pkggrp_enable": 1, "protect": 0, "proxy_config": "__None__", "proxy_password": null, "proxy_username": null, "repo_enable": 1, "repo_gpgcheck": 1, "repo_retry_count": 10, "s3_enabled": 0, "ssl_verify": 1, "timeout": 1, "url": "http://dl.google.com/linux/chrome/rpm/stable/x86_6 "}]}}, "ansible_included_var_files": ["/var/lib/awx/projects/_6__trowe/playbooks/roles/Manage_Linux_Repos/vars/google_chrome_repo.yaml"], "changed": false} I do see it says "unicode" variable where I would expect it to be a dict. I have also tried with_dict and the error says that the variable is not a dictionary. However if I structure the variable file without "repo:", it will error saying it was not passed a dictionary object...

I'm quite new to Ansible. Using Ansible 2.10 on my laptop (ansible master), and I'm trying to copy some files and directories from a remote serverA to a remote serverB. In serverA I created an SSH key (id_rsa) using the sudo user, and copied the public key into serverB (into authorized_keys file of the same sudo user). Hosts file

[servers]
prod_server ansible_host=IP_prod
new_server ansible_host=IP_new

[servers:vars]
ansible_user=sudo_user
ansible_sudo_pass=password
ansible_ssh_private_key_file=~/.ssh/id_rsa

Playbook

- name: Transfer files from prod to new server
  hosts: new_server
  gather_facts: false
  become: true
  roles:
  - rsync

Role

- name: Copy files to new server
  synchronize:
    src: /etc/letsencrypt/live/domain/fullchain.pem
    dest: /opt
  delegate_to: prod_server

Running the playbook an error shows up:

fatal: [new_server -> IP_new]: FAILED! => {"changed": false, "cmd": "/usr/bin/rsync --delay-updates
-F --compress --archive --rsh=/usr/bin/ssh -S none -i /root/.ssh/id_rsa -o StrictHostKeyChecking=no
-o UserKnownHostsFile=/dev/null --rsync-path=sudo rsync --out-format=>%i %n%L 
/etc/letsencrypt/live/domain/fullchain.pem sudo_user@IP_new:/opt", "msg": "Warning: Identity 
file /root/.ssh/id_rsa not accessible: No such file or directory.\nWarning: Permanently added
'IP_new' (ECDSA) to the list of known hosts.\r\nsudo_user@IP_new: Permission denied (publickey).....

Any help would be much appreciated. Regards

I try this - name: Install required packages shell: "apt-get instal linux-headers-{{ ansible_kernel }}" However getting this instead {"msg": "The task includes an option with an undefined variable. The error was: 'ansible_kernel' is undefined\ I can can see this variable via ansible -i myinventoryfile myhost -m setup | grep kernel and also ansible -i myinventoryfile myhost -m shell -a "uname -r" how can I get this working ?

When mount point /dev/backboot is >70%, set to "High", and if < 70%, set to "Normal", and if there is no such mount point at all, then set to "not available". The example below works fine with two options, but I need three. Can you suggest?

- name: get usage
  command: df -k | grep -i /dev/backboot | awk '{print $5}'
  register: usage

Here, the output of registered value usage.stdout is 67% as an example:

- name: Set the value
  set_fact:
     mspace: "{{ (usage.stdout | int < 80) | ternary('Normal','High') }}"

I'm using to fetch the status of the few services using ansible and generating the HTML output using ansible jinja template, I'm getting variable undefined or some other error, Here I'm storing the values in the register module and then fetching those values in template, but it's not working Jinja Template:

{% for network_switch in ['client'] %}
        
            {{ hostvars[network_switch]['ansible_hostname'] }}
            {{ hostvars[network_switch]['kernel.stdout'] }}
            {{ hostvars[network_switch]['httpd.stdout'] }}
        
{% endfor %}

Playbook Details:

- name: Getting the OS Information
      command: 'uname -r'
      register: kernel

    - name: Getting the OS Information
      shell: "systemctl status sshd | grep -i active | awk '{print$3}'"
      register: httpd

    - name: create HTML report
      template:
        src: report.j2
        dest: "{{ file_path }}"
      delegate_to: localhost
      run_once: true

Error: > FAILED! => {"changed": false, "msg": "AnsibleUndefinedVariable: \"hostvars['client']\" is undefined"}

I apologize in advance if this is documented somewhere or on the site - I could not find a solution and so I'm asking here. I'm trying to use Ansible's synchronize module to pull files from a remote host, like so:

- hosts: Server.A
  gather_facts: no
  tasks:
    synchronize:
      mode: pull
      src: "file/to/pull"
      dest: "path/to/destination"
    delegate_to: NAS

That is, I want the NAS host to SSH into Server.A and pull the files I'd like to upload. The problem is, the NAS has a non-default user (admin). I set the NAS's admin user via the inventory file, and I can communicate with the NAS ok. However, when I run the

task, it attempts to login to the source server (Server.A) with the admin user, which does not exist, and fails. I've tried changing the

,

the module's

settings, in the playbook, the hosts file and the host_vars, but I can't get it to work and find it very confusing. How would I go about running the

command as a different remote user instead of the local one? Thanks!

To get today's date, I'm using this variable in a Jinja template: {{ now() | ansible.builtin.strftime('%d/%m/%Y') }} However, it fails with an error > ansible.errors.AnsibleFilterError: Invalid value for epoch value (%d/%m/%Y) Why is that?

I'm aware of the ignore_errors: yes flag, to ignore failures during the playbook run, but I wish to know if there is anything in Ansible that I can set, that is not a 'ignore behavior' but still runs the playbook until it ends. That's because I want to have better report control. To illustrate, currently this is my 'RUN-RECAP': PLAY RECAP ******************************************************************************************************************************************************************************************* : ok=195 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 **ignored=10** The "ignored=10" is actually "failed checks" What I need would be a PLAY RECAP like this: PLAY RECAP ******************************************************************************************************************************************************************************************* : ok=195 changed=0 unreachable=0 **failed=10** skipped=0 rescued=0 ignored=0

So, I have a Java program that runs Ansible. I'd like to run this program as a service. I've written a service script in /etc/init.d that uses start-stop-daemon to run/stop the Java program. I've run into a problem where Ansible fails with this error:

GATHERING FACTS *************************************************************** 
fatal: [i-0f55b6a4] => Could not make dir /$HOME/.ansible/cp: [Errno 13] Permission denied: '/$HOME'

Ansible is trying to create a temporary work directory under /$HOME but for some reason, $HOME does not evaluate to /home/ubuntu (even though I used --user ubuntu --chuid ubuntu when starting the service), so it looks like Ansible tries to create a directory with the literal name /$HOME. And then it fails, because it lacks the permission to do this. This is not a configurable option, so I did some digging and I *think* I found exactly where Ansible is trying to do this: https://github.com/ansible/ansible/blob/5ce3988d8693357f671f3fbec43b2d3b862db5f6/v1/ansible/runner/connection_plugins/ssh.py#L56 The python snippet, in case that link ever goes bad is: def __init__(self, runner, host, port, user, password, private_key_file, *args, **kwargs): ... fcntl.lockf(self.runner.process_lockfile, fcntl.LOCK_EX) self.cp_dir = utils.prepare_writeable_dir('$HOME/.ansible/cp',mode=0700) fcntl.lockf(self.runner.process_lockfile, fcntl.LOCK_UN) I've tried a couple of things to resolve this, but so far nothing has worked. Some of the things I've tried include: Using /usr/bin/env to set HOME (since my version of start-stop-daemon does not appear to support --env): CMD="/usr/bin/java" CMD_ARGS=#...not really relevant here case "$1" in start) start-stop-daemon --start -b -m --no-close --pidfile $PID_FILE --user ubuntu --chuid ubuntu --exec /usr/bin/env HOME=/home/ubuntu -- $CMD $CMD_ARGS >> $LOG_FILE 2>&1 Alas, this did not work. I tried generating a wrapper script that will set the variable and then execute the main program: case "$1" in start) sudo cat /tmp/runMyProcess.sh #! /bin/bash HOME=/home/ubuntu env $CMD $CMD_ARGS >> $LOG_FILE 2>&1 PROCESS_RUNNER sudo chmod a+x /tmp/runMyProcess.sh start-stop-daemon --start -b -m --no-close --pidfile $PID_FILE --user ubuntu --chuid ubuntu --exec /tmp/runMyProcess.sh The wrapper script looks like this: #! /bin/bash HOME=/home/ubuntu env /usr/bin/java -cp /home/ubuntu/arch3/pancancer.jar com.mypackage.MyClass --some --arguments >> /var/log/myApplication/MyClass.log 2>&1 This also did not work. When the Java program is called directly from the command line, everything works fine. Ansible is being called from a Java program that is being called from start-stop-daemon that is being called from service. I'm not sure how I can propagate an environment variable named $HOME to ansible, and I'm kinda stumped right now.

On several of my RHEL 9 machines managed by Ansible, the java-1.8.0-openjdk package is versionlocked: - name: java-1.8.0-openjdk-1:1.8.0.402.b06-2.el9 state: present However, Ansible tries to update it anyway, and this causes the Ansible Tower job to fail. Below are the corresponding commands when run via Bash shell. [myhost root ~]# dnf versionlock Updating Subscription Management repositories. rhel9flexnet 105 kB/s | 2.0 kB 00:00 rhel9checkmkagent 113 kB/s | 2.0 kB 00:00 rhel9elk8 97 kB/s | 1.7 kB 00:00 rhel9epel 127 kB/s | 2.3 kB 00:00 java-1.8.0-openjdk-1:1.8.0.402.b06-2.el9.* [myhost root ~]# dnf update Updating Subscription Management repositories. rhel9flexnet 112 kB/s | 2.0 kB 00:00 rhel9checkmkagent 122 kB/s | 2.0 kB 00:00 rhel9elk8 108 kB/s | 1.7 kB 00:00 rhel9epel 133 kB/s | 2.3 kB 00:00 Error: Problem: package java-1.8.0-openjdk-1:1.8.0.402.b06-2.el9.x86_64 from @System requires java-1.8.0-openjdk-headless(x86-64) = 1:1.8.0.402.b06-2.el9, but none of the providers can be installed - cannot install both java-1.8.0-openjdk-headless-1:1.8.0.442.b06-2.el9.x86_64 from rhel-9-for-x86_64-appstream-rpms and java-1.8.0-openjdk-headless-1:1.8.0.402.b06-2.el9.x86_64 from @System - cannot install both java-1.8.0-openjdk-headless-1:1.8.0.442.b06-2.el9.x86_64 from rhel-9-for-x86_64-appstream-rpms and java-1.8.0-openjdk-headless-1:1.8.0.402.b06-2.el9.x86_64 from rhel-9-for-x86_64-appstream-rpms - cannot install the best update candidate for package java-1.8.0-openjdk-headless-1:1.8.0.402.b06-2.el9.x86_64 - cannot install the best update candidate for package java-1.8.0-openjdk-1:1.8.0.402.b06-2.el9.x86_64 (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages) [myhost root ~]# dnf list installed java-1.8.0-* Updating Subscription Management repositories. Installed Packages java-1.8.0-openjdk.x86_64 1:1.8.0.402.b06-2.el9 @rhel-9-for-x86_64-appstream-rpms java-1.8.0-openjdk-headless.x86_64 1:1.8.0.402.b06-2.el9 @rhel-9-for-x86_64-appstream-rpms [myhost root ~]# dnf list available java-1.8.0-* Updating Subscription Management repositories. rhel9flexnet 111 kB/s | 2.0 kB 00:00 rhel9checkmkagent 122 kB/s | 2.0 kB 00:00 rhel9elk8 99 kB/s | 1.7 kB 00:00 rhel9epel 130 kB/s | 2.3 kB 00:00 Available Packages java-1.8.0-openjdk.x86_64 1:1.8.0.442.b06-2.el9 rhel-9-for-x86_64-appstream-rpms java-1.8.0-openjdk-demo.x86_64 1:1.8.0.442.b06-2.el9 rhel-9-for-x86_64-appstream-rpms java-1.8.0-openjdk-devel.x86_64 1:1.8.0.442.b06-2.el9 rhel-9-for-x86_64-appstream-rpms java-1.8.0-openjdk-headless.x86_64 1:1.8.0.442.b06-2.el9 rhel-9-for-x86_64-appstream-rpms java-1.8.0-openjdk-javadoc.noarch 1:1.8.0.442.b06-2.el9 rhel-9-for-x86_64-appstream-rpms java-1.8.0-openjdk-javadoc-zip.noarch 1:1.8.0.442.b06-2.el9 rhel-9-for-x86_64-appstream-rpms java-1.8.0-openjdk-src.x86_64 1:1.8.0.442.b06-2.el9 rhel-9-for-x86_64-appstream-rpms On a shell I would just run dnf update --exclude=java-1.8.0-* to bypass the problem and get a successful update. However, this needs to be done via Ansible playbooks. I am interested to know how would one do that via Ansible (workaround), and especially **why dnf tries to update versionlocked packages** (main issue). ---- EDIT 1 I've modified our update playbook: - name: Update packages yum: name: "{{ packages_name }}" state: latest exclude: "{{ (packages_donotupdate | default([])) | join(',') }}" so to exclude from the update the packages listed in the variable "packages_donotupdate" (if defined), but it does not work -- it does not update any package on the server. (Note: we use the "yum" Ansible module for backward compatibility reasons.)

I'm using ansible to scan hosts with clam antivirus and I'm receiving reports via email. Reports contain everything and I want only to receive stdout lines. Is there any way to accomplish this? I wrote email template according to https://gist.github.com/halberom/0aea275632d2b47af0536e5def01d4d2 although only thing that is not the same is that I've piped to nice json: The {{ host }} says {{ hostvars[host]['result']['stdout'] | to_nice_json }} The error I get is: > Unable to convert data using to_nice_json, falling back to to_json: 'dict object' has no attribute 'stdout'. the task includes an option with an undefined variable the error was ansible no_log:false If I remove

['stdout']

then email report looks like this: ClamAV scan was performed on host_server { "changed": true, "msg": "All items completed", "results": [ { "ansible_loop_var": "item", "changed": true, "cmd": [ "clamscan", "-r", "-i", "/usr/bin" ], "delta": "0:00:37.293719", "end": "2021-09-09 18:47:55.626094", "failed": false, "invocation": { "module_args": { "_raw_params": "clamscan -r -i /usr/bin", "_uses_shell": false, "argv": null, "chdir": null, "creates": null, "executable": null, "removes": null, "stdin": null, "stdin_add_newline": true, "strip_empty_ends": true, "warn": true } }, "item": "/usr/bin", "rc": 0, "start": "2021-09-09 18:47:18.332375", "stderr": "", "stderr_lines": [], "stdout": "\n----------- SCAN SUMMARY -----------\nKnown viruses: 8563204\nEngine version: 0.103.2\nScanned directories: 1\nScanned files: 701\nInfected files: 0\nData scanned: 110.08 MB\nData read: 109.50 MB (ratio 1.01:1)\nTime: 37.113 sec (0 m 37 s)\nStart Date: 2021:09:09 18:47:18\nEnd Date: 2021:09:09 18:47:55", "stdout_lines": [ "", "----------- SCAN SUMMARY -----------", "Known viruses: 8563204", "Engine version: 0.103.2", "Scanned directories: 1", "Scanned files: 701", "Infected files: 0", "Data scanned: 110.08 MB", "Data read: 109.50 MB (ratio 1.01:1)", "Time: 37.113 sec (0 m 37 s)", "Start Date: 2021:09:09 18:47:18", "End Date: 2021:09:09 18:47:55 " ] } ] } Is there a way to accomplish getting only stdout_lines in my report? I tried with grep in the shell command but failed

I am trying to run a playbook on a selective host after it has been provisioned using earlier set of tasks I am able to ping the host and the same is available in the /etc/ansible/hosts file however the play says skipping: no hosts matched and does not run. Ansible hosts file looks like below vm1 ansible_host=192.168.200.52 I have tried mentioning the inventory file using -i with no success, what could be wrong here ? **UPDATE**: Added the /etc/ansible/hosts as default inventory however the playbook still says its not able to see the VM

How do admins typically distribute Ansible .pub keys to clients in an early environment? Do they just script that can run ssh-copy-id to multiple machines? I've looked at other forums and users said to use Ansible to distribute keys, but how can you distribute keys if there's not already one on the client? (I'm not that deep into Ansible, I'm just trying to connect the dots) EDIT: I created a inventory file for my lab environment called "inv.ini". Running the command ansible -i inv.ini clients -m ping shot back "Permission Denied" errors for each client within the group. I used ssh-keygen to generate a RSA key for my admin account, and copied them to each client (manually). After this, the above command worked.

I tried many ways to fix the below problem, but I was not lucky enough. I have the below inventories; #cat inventory/common/group_vars/all/inventory_pwd.yml remote1_user: "devops" #cat inventory/nonprod/fdc/group_vars/all/inventory.txt [remote] x.x.x.x ansible_ssh_user="{{ remote1_user }}" ansible_port=22 ansible_password="test@12" And I am running this below playbook to copy files from control machine to a remote machine; pb.yml

---
- name: "Copy test"
  hosts: remote
  become: true
  tasks:

    - name: Copying content to the remote vm
      synchronize:
        src: /ansible/playbooks/Hello
        dest: /home/devops/
      delegate_to: localhost

In the controller machine I logged as root user, and the user to connect with remote server is devops. But, after executing the playbook I am getting the below error; ansible-playbook -vvv -i inventory/common -i inventory/nonprod/fdc/group_vars/all/inventory.txt pb.yml

TASK [Copying content to the remote vm] *********************************************************************************************task path: /ansible/playbooks/pb.yml:9
fatal: [x.x.x.x -> localhost]: FAILED! => {
    "changed": false,
    "cmd": "sshpass -d3 /usr/bin/rsync --delay-updates -F --compress --archive --rsh=/usr/bin/ssh -S none -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null --rsync-path=sudo rsync --out-format=>%i %n%L /ansible/playbooks/Hello {{remote1_user}}@x.x.x.x:/home/devops/",
    "invocation": {
        "module_args": {
            "_local_rsync_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "_local_rsync_path": "rsync",
            "_substitute_controller": false,
            "archive": true,
            "checksum": false,
            "compress": true,
            "copy_links": false,
            "delete": false,
            "dest": "{{remote1_user}}@x.x.x.x:/home/devops/",
            "dest_port": null,
            "dirs": false,
            "existing_only": false,
            "group": null,
            "link_dest": null,
            "links": null,
            "mode": "push",
            "owner": null,
            "partial": false,
            "perms": null,
            "private_key": null,
            "recursive": null,
            "rsync_opts": [],
            "rsync_path": "sudo rsync",
            "rsync_timeout": 0,
            "set_remote_user": true,
            "src": "/ansible/playbooks/Hello",
            "ssh_args": null,
            "times": null,
            "verify_host": false
        }
    },
    "msg": "remote username contains invalid characters\r\nrsync: connection unexpectedly closed (0 bytes received so far) [sender]\nrsync error: unexplained error (code 255) at io.c(235) [sender=3.1.3]\n",
    "rc": 255
}

Here the '"dest": "{{ remote1_user }}@x.x.x.x:/home/devops/"' should be like 'devops@x.x.x.x:/home/devops/'. However, it is not replacing 'remote1_user' with 'devops'. Can anyone please help me on this?

This is my ansible-playbook:

---
  - name: "Setup local Fedora 41 system (root) Base"
    hosts: localhost
    connection: local
    become: yes
    tasks:

    - name: Install packages 
      ansible.builtin.dnf:
        name:
            - 'aajohan-comfortaa-fonts'
            - 'ack'
            - 'aide'
            - 'alacarte'
            - 'asciidoc-latex'
#            - 'asciinema'
            - 'autoconf'
            - 'automake'
#            - 'balena-etcher-electron'
            - 'bat'
            - 'blivet-gui'
            - 'boost'
            - 'bottom'
            - 'bpytop'
            - 'brasero'
#            - 'brave-browser'
            - 'breezy'
            - 'btrbk'
            - 'buildah'
            - 'bodhi-client'
            - 'btop'
            - 'cargo'
            - 'ccze'
            - 'celluloid'
            - 'choose'
            - 'cinelerra-gg'
            - 'clang'
            - 'cmake'
            - 'cmake-gui'
            - 'codeblocks'
            - 'codeblocks-contrib'
            - 'copr-cli'
            - 'conky'
            - 'cpulimit'
#            - 'curlie'
            - 'clean-rpm-gpg-pubkey'
            - 'dconf-editor'
            - 'ddclient'
            - 'dnf-utils'
            - 'dracut-live'
            - 'duf'
            - 'duply'
            - 'duf'
            - 'dynamips'
            - 'dkms'
            - 'difftastic'
            - 'easyeffects'
            - 'exa'
            - 'eza'
            - 'fd-find'
            - 'fedora-easy-karma'
            - 'fedpkg'
            - 'fontawesome5-fonts-all'
            - 'ffmpeg'
            - 'filezilla'
            - 'firewall-config'
            - 'foliate'
            - 'fontawesome-fonts'
            - 'gcc-c++'
            - 'gh'
            - 'gimp'
            - 'git-delta'
            - 'git-lfs'
            - 'git-cola'
            - 'gnome-builder'
            - 'gnome-extensions-app'
            - 'gnome-pomodoro'
            - 'gnome-shell-extension-appindicator'
            - 'gnome-shell-extension-dash-to-dock'
#            - 'gnome-shell-extension-emoji-selector'
            - 'gnome-shell-extension-gpaste'
            - 'gnome-shell-extension-openweather'
            - 'gnome-text-editor'
            - 'gnome-todo'
            - 'gnome-tweaks'
            - 'gnote'
            - 'gns3-gui'
            - 'gns3-server'
            - 'golang'
            - 'gparted'
            - 'gping'
            - 'hashcat'
            - 'haskell-platform'
            - 'hexchat'
            - 'htop'
            - 'httpie'
            - 'hunspell-es'
            - 'hyperfine'
            - 'hyphen-es'
            - 'inxi'
#            - 'ipscan'
            - 'imhex'
            - 'jq'
            - 'julia'
#            - 'keybase'
            - 'lame'
            - 'langpacks-core-es'
            - 'langpacks-core-font-es'
            - 'langpacks-en'
            - 'langpacks-es'
            - 'lazydocker'
            - 'lbzip2'
            - 'libvirt'
            - 'lnav'
            - 'lsd'
            - 'lshw'
            - 'lynis'
            - 'ftp'
            - 'lftp'
            - 'man-pages-es'
            - 'mediawriter'
            - 'meld'
            - 'most'
            - 'mplayer'
#            - 'mplayer-gui'
            - 'mpv'
            - 'mythes-es'
            - 'ncdu'
            - 'fastfetch'
            - 'onefetch'
            - 'neovim'
            - 'nm-connection-editor-desktop'
            - 'nmap'
            - 'nmstate'
            - 'nmstate-plugin-ovsdb'
            - 'nnn'
            - 'nodejs'
            - 'nvtop'
            - 'papirus-icon-theme'
            - 'pass'
            - 'pavucontrol'
            - 'pcsc-tools' 
            - 'perl'
            - 'pitivi'
            - 'poetry'
            - 'powerline-fonts'
            - 'procs'
#            - 'protonmail-bridge'
#            - 'protonvpn-cli'
#            - 'protonvpn-gui'
#            - 'protonvpn-stable-release'
            - 'python3-dnf-plugin-snapper'
            - 'python3-dnf-plugin-versionlock'
#            - 'python3-pipreqs'
            - 'python3-pygments-markdown-lexer'
            - 'python3-rich'
            - 'python3-spyder'
            - 'python3-virtualenvwrapper'
            - 'python3-idle'
            - 'python3-selenium'
            - 'qbittorrent'
            - 'qemu'
            - 'qt6-assistant'
            - 'qt6-designer'
            - 'qt6-qtbase'
            - 'qt6-qttools'
            - 'qutebrowser'
            - 'rcm'
            - 'readline-devel'
            - 'rednotebook'
            - 'ripgrep'
            - 'ugrep'
            - 'rpmconf'
#           - 'rstudio'
#           - 'rstudio-desktop'
            - 'rr'
            - 'ruby'
            - 'ruby-devel'
            - 'rubygem-asciidoctor-pdf'
            - 'rubygems-devel'
            - 'rust'
            - 'ruff'
            - 'sd'
            - 'scala'
            - 'seahorse'
            - 'seahorse-nautilus'
            - 'setools-console'
            - 'setroubleshoot'
            - 'simplescreenrecorder'
            - 'skopeo'
            - 'snapper'
#            - 'snort'
            - 'sox'
            - 'sqlitebrowser'
            - 'sscg'
            - 'stack'
            - 'starship'
            - 'strawberry'
            - 'task'
#            - 'teamviewer'
            - 'texlive-academicons'
            - 'texlive-babel-spanish'
            - 'texlive-fontawesome5'
            - 'texlive-imakeidx'
            - 'texlive-minted'
            - 'texlive-minted-doc'
            - 'texlive-pygmentex'
            - 'texlive-scheme-basic'
            - 'texstudio'
            - 'texlive-texdoc'
            - 'texlive-geometry-doc'
            - 'texlive-pgf-doc'
            - 'texlive-pgf-pie'
            - 'texlive-academicons-doc'
            - 'texlive-biblatex-doc'
            - 'texlive-amsmath-doc'
            - 'texlive-babel-spanish'
            - 'texlive-blindtext'
            - 'texlive-blindtext-doc'
            - 'texlive-fancyhdr-doc'
            - 'texlive-bigfoot-doc'
            - 'texlive-endnotes'
            - 'texlive-endnotes-doc'
            - 'texlive-footmisc-doc'
            - 'texlive-lipsum-doc'
            - 'texlive-ncctools-doc'
            - 'texlive-tools-doc'
            - 'texlive-ntheorem-doc'
            - 'texlive-mathtools-doc'
            - 'texlive-charissil'
            - 'texlive-doulossil'
            - 'the_silver_searcher'
            - 'tig'
            - 'tilix'
            - 'tilix-nautilus'
            - 'timeshift'
            - 'timew'
            - 'toolbox'
            - 'torbrowser-launcher'
            - 'transmission'
            - 'thonny'
            - 'udica'
            - 'ulauncher'
            - 'unrar'
            - 'vagrant'
            - 'virt-manager'
            - 'virt-viewer'
#            - 'vivaldi-stable'
            - 'vlc'
            - 'wavemon'
            - 'wine'
            - 'winetricks'
            - 'wireshark'
            - 'xinput'
            - 'xkill'
            - 'xset'
            - 'yaru-theme'
#            - 'zoom'
            - 'zoxide'
            - 'zsh'
            - 'swtpm-tools'
            - 'edk2-ovmf'
            - 'zeal'
            - 'remove-retired-packages'
            - 'gnome-console'                                           
#            - 'gnome-console-nautilus'
            - 'helm'
            - 'spice-webdavd'
            - 'v4l2loopback' 
            - 'kmod-v4l2loopback'
            - 'obs-studio'
            - 'geany'
            - 'geany-plugins-addons'
            - 'geany-plugins-latex'
            - 'geany-plugins-markdown'
            - 'geany-plugins-git-changebar'
            - 'geany-plugins-geanypg'
            - 'geany-plugins-debugger'
            - 'geany-plugins-sendmail'
            - 'geany-plugins-scope'
            - 'kubernetes-client'
            - 'yamllint'
            - 'inotify-tools'
            - 'emoji-picker'
            - 'google-noto-emoji-fonts'
            - 'tito'
            - 'python3-PyMuPDF'
            - 'clang-tools-extra'
            - 'remmina'
            - 'v4l-utils'
            - 'guvcview'
            - 'piper'
            - 'flameshot'
            - 'peek'
            - 'iperf'
            - 'gnome-shell-extension-pop-shell'
            - 'xprop'
            - 'vokoscreenNG'
# ansible
            - 'ansible'
            - 'ansible-collection-community-general'
            - 'ansible-collection-community-docker'
            - 'ansible-collection-community-kubernetes' 
            - 'ansible-collection-containers-podman' 
            - 'ansible-packaging' 
            - 'ansible-srpm-macros' 
            - 'ansible-collection-community-libvirt'
# AWS
            - 'awscli2'
# java and testing framework
            - 'junit5' 
            - 'jmock-junit5'
            - 'jmock'
            - 'java-11-openjdk-devel' 
            - 'java-17-openjdk-devel'
            - 'java-21-openjdk-devel'
            - 'java-latest-openjdk-devel'
            - 'java-latest-openjdk'
            - 'openjfx'
# Programs for Data Science
            - 'python3-notebook'
            - 'mathjax'
            - 'sscg'
            - 'python3-seaborn' 
            - 'python3-lxml '
            - 'python3-basemap' 
            - 'python3-scikit-image' 
            - 'python3-scikit-learn'
            - 'python3-sympy'
            - 'python3-dask+dataframe' 
            - 'python3-nltk'
            - 'google-noto-sans-jp-fonts'
            - 'diff-so-fancy'
            - 'python3-torch'
# kerberos
            - 'python3-requests-kerberos'
            - 'fedora-packager'
# Pythom PEP8
            - 'python3-flake8\*'
            - 'python3-pytest-flake8-path'
            - 'python3-pep8-naming'
#            - 'pipenv'
        state: present

I'm running with :

ANSIBLE_DEBUG=true ansible-playbook -K f41-setup-programs.yaml -vvvv

How to know, What package is the missing package? tought? any trace? Trace

fatal: [127.0.0.1]: FAILED! => {
    "changed": false,
    "failures": [
        "No package choose available."
    ],
    "invocation": {
        "module_args": {
            "allow_downgrade": false,
            "allowerasing": false,
            "auto_install_module_deps": true,
            "autoremove": false,
            "bugfix": false,
            "cacheonly": false,
            "conf_file": null,
            "disable_excludes": null,
            "disable_gpg_check": false,
            "disable_plugin": [],
            "disablerepo": [],
            "download_dir": null,
            "download_only": false,
            "enable_plugin": [],
            "enablerepo": [],
            "exclude": [],
            "install_repoquery": true,
            "install_weak_deps": true,
            "installroot": "/",
            "list": null,
            "lock_timeout": 30,
            "name": [
                "aajohan-comfortaa-fonts",
                "ack",
                "aide",
                "alacarte",
                "asciidoc-latex",
                "autoconf",
                "automake",
                "bat",
                "blivet-gui",
                "boost",
                "bottom",
                "bpytop",
                "brasero",
                "breezy",
                "btrbk",
                "buildah",
                "bodhi-client",
                "btop",
                "cargo",
                "ccze",
                "celluloid",
                "choose",
                "cinelerra-gg",
                "clang",
                "cmake",
                "cmake-gui",
                "codeblocks",
                "codeblocks-contrib",
                "copr-cli",
                "conky",
                "cpulimit",
                "clean-rpm-gpg-pubkey",
                "dconf-editor",
                "ddclient",
                "dnf-utils",
                "dracut-live",
                "duf",
                "duply",
                "duf",
                "dynamips",
                "dkms",
                "difftastic",
                "easyeffects",
                "exa",
                "eza",
                "fd-find",
                "fedora-easy-karma",
                "fedpkg",
                "fontawesome5-fonts-all",
                "ffmpeg",
                "filezilla",
                "firewall-config",
                "foliate",
                "fontawesome-fonts",
                "gcc-c++",
                "gh",
                "gimp",
                "git-delta",
                "git-lfs",
                "git-cola",
                "gnome-builder",
                "gnome-extensions-app",
                "gnome-pomodoro",
                "gnome-shell-extension-appindicator",
                "gnome-shell-extension-dash-to-dock",
                "gnome-shell-extension-gpaste",
                "gnome-shell-extension-openweather",
                "gnome-text-editor",
                "gnome-todo",
                "gnome-tweaks",
                "gnote",
                "gns3-gui",
                "gns3-server",
                "golang",
                "gparted",
                "gping",
                "hashcat",
                "haskell-platform",
                "hexchat",
                "htop",
                "httpie",
                "hunspell-es",
                "hyperfine",
                "hyphen-es",
                "inxi",
                "imhex",
                "jq",
                "julia",
                "lame",
                "langpacks-core-es",
                "langpacks-core-font-es",
                "langpacks-en",
                "langpacks-es",
                "lazydocker",
                "lbzip2",
                "libvirt",
                "lnav",
                "lsd",
                "lshw",
                "lynis",
                "ftp",
                "lftp",
                "man-pages-es",
                "mediawriter",
                "meld",
                "most",
                "mplayer",
                "mpv",
                "mythes-es",
                "ncdu",
                "fastfetch",
                "onefetch",
                "neovim",
                "nm-connection-editor-desktop",
                "nmap",
                "nmstate",
                "nmstate-plugin-ovsdb",
                "nnn",
                "nodejs",
                "nvtop",
                "papirus-icon-theme",
                "pass",
                "pavucontrol",
                "pcsc-tools",
                "perl",
                "pitivi",
                "poetry",
                "powerline-fonts",
                "procs",
                "python3-dnf-plugin-snapper",
                "python3-dnf-plugin-versionlock",
                "python3-pygments-markdown-lexer",
                "python3-rich",
                "python3-spyder",
                "python3-virtualenvwrapper",
                "python3-idle",
                "python3-selenium",
                "qbittorrent",
                "qemu",
                "qt6-assistant",
                "qt6-designer",
                "qt6-qtbase",
                "qt6-qttools",
                "qutebrowser",
                "rcm",
                "readline-devel",
                "rednotebook",
                "ripgrep",
                "ugrep",
                "rpmconf",
                "rr",
                "ruby",
                "ruby-devel",
                "rubygem-asciidoctor-pdf",
                "rubygems-devel",
                "rust",
                "ruff",
                "sd",
                "scala",
                "seahorse",
                "seahorse-nautilus",
                "setools-console",
                "setroubleshoot",
                "simplescreenrecorder",
                "skopeo",
                "snapper",
                "sox",
                "sqlitebrowser",
                "sscg",
                "stack",
                "starship",
                "strawberry",
                "task",
                "texlive-academicons",
                "texlive-babel-spanish",
                "texlive-fontawesome5",
                "texlive-imakeidx",
                "texlive-minted",
                "texlive-minted-doc",
                "texlive-pygmentex",
                "texlive-scheme-basic",
                "texstudio",
                "texlive-texdoc",
                "texlive-geometry-doc",
                "texlive-pgf-doc",
                "texlive-pgf-pie",
                "texlive-academicons-doc",
                "texlive-biblatex-doc",
                "texlive-amsmath-doc",
                "texlive-babel-spanish",
                "texlive-blindtext",
                "texlive-blindtext-doc",
                "texlive-fancyhdr-doc",
                "texlive-bigfoot-doc",
                "texlive-endnotes",
                "texlive-endnotes-doc",
                "texlive-footmisc-doc",
                "texlive-lipsum-doc",
                "texlive-ncctools-doc",
                "texlive-tools-doc",
                "texlive-ntheorem-doc",
                "texlive-mathtools-doc",
                "texlive-charissil",
                "texlive-doulossil",
                "the_silver_searcher",
                "tig",
                "tilix",
                "tilix-nautilus",
                "timeshift",
                "timew",
                "toolbox",
                "torbrowser-launcher",
                "transmission",
                "thonny",
                "udica",
                "ulauncher",
                "unrar",
                "vagrant",
                "virt-manager",
                "virt-viewer",
                "vlc",
                "wavemon",
                "wine",
                "winetricks",
                "wireshark",
                "xinput",
                "xkill",
                "xset",
                "yaru-theme",
                "zoxide",
                "zsh",
                "swtpm-tools",
                "edk2-ovmf",
                "zeal",
                "remove-retired-packages",
                "gnome-console",
                "helm",
                "spice-webdavd",
                "v4l2loopback",
                "kmod-v4l2loopback",
                "obs-studio",
                "geany",
                "geany-plugins-addons",
                "geany-plugins-latex",
                "geany-plugins-markdown",
                "geany-plugins-git-changebar",
                "geany-plugins-geanypg",
                "geany-plugins-debugger",
                "geany-plugins-sendmail",
                "geany-plugins-scope",
                "kubernetes-client",
                "yamllint",
                "inotify-tools",
                "emoji-picker",
                "google-noto-emoji-fonts",
                "tito",
                "python3-PyMuPDF",
                "clang-tools-extra",
                "remmina",
                "v4l-utils",
                "guvcview",
                "piper",
                "flameshot",
                "peek",
                "iperf",
                "gnome-shell-extension-pop-shell",
                "xprop",
                "vokoscreenNG",
                "ansible",
                "ansible-collection-community-general",
                "ansible-collection-community-docker",
                "ansible-collection-community-kubernetes",
                "ansible-collection-containers-podman",
                "ansible-packaging",
                "ansible-srpm-macros",
                "ansible-collection-community-libvirt",
                "awscli2",
                "junit5",
                "jmock-junit5",
                "jmock",
                "java-11-openjdk-devel",
                "java-17-openjdk-devel",
                "java-21-openjdk-devel",
                "java-latest-openjdk-devel",
                "java-latest-openjdk",
                "openjfx",
                "python3-notebook",
                "mathjax",
                "sscg",
                "python3-seaborn",
                "python3-lxml ",
                "python3-basemap",
                "python3-scikit-image",
                "python3-scikit-learn",
                "python3-sympy",
                "python3-dask+dataframe",
                "python3-nltk",
                "google-noto-sans-jp-fonts",
                "diff-so-fancy",
                "python3-torch",
                "python3-requests-kerberos",
                "fedora-packager",
                "python3-flake8\*",
                "python3-pytest-flake8-path",
                "python3-pep8-naming"
            ],
            "nobest": false,
            "releasever": null,
            "security": false,
            "skip_broken": true,
            "sslverify": true,
            "state": "present",
            "update_cache": false,
            "update_only": false,
            "validate_certs": true
        }
    },
    "msg": "Failed to install some of the specified packages",
    "rc": 1
}

Regards.,

Search keyword in "host_fqdn" variable. If the value has "lab.com" keyword in it, it should directly store the value to "host_fqdn" again or else it should add "lab.com" keyword to the value and store it to "host_fqdn" variable. vars: host_fqdn: server host_fqdn: | {% if 'lab.com' in {{ host_fqdn }} %} {% host_fqdn = "{{ host_fqdn }}" %} {% else %} {% host_fqdn = "{{ host_fqdn }}.lab.com" %} {% endif %}

I have an Ansible playbook that writes to /etc/sssd/sssd.conf this Jinja template (variables are defined somewhere else): # This line is just to check that the file is written correctly [sssd] domains = {{ domain }} config_file_version = 2 services = nss, pam [domain/{{ domain }}] id_provider = ad auth_provider = ad ad_domain = {{ domain }} ad_server = {{ ad_server }} krb5_realm = {{ domain | upper }} cache_credentials = true krb5_store_password_if_offline = true default_shell = /bin/bash ldap_id_mapping = true use_fully_qualified_names = false fallback_homedir = /home/EXAMPLE/%u access_provider = simple simple_allow_groups = {{ simple_allow_groups }} simple_allow_users = {{ simple_allow_users }} ignore_group_members = true enumerate = False ldap_purge_cache_timeout = 0 subdomain_inherit = ignore_group_members, ldap_purge_cache_timeout Then the playbook restarts sssd, and does some realm leave and realm join operations. After running the playbook, this is the content of /etc/sssd/sssd.conf on the server: # This line is just to check that the file is written correctly [sssd] domains = example.abc config_file_version = 2 services = nss, pam [domain/example.abc] default_shell = /bin/bash krb5_store_password_if_offline = True cache_credentials = True krb5_realm = EXAMPLE.ABC realmd_tags = manages-system joined-with-adcli id_provider = ad fallback_homedir = /home/%u@%d ad_domain = example.abc use_fully_qualified_names = True ldap_id_mapping = True access_provider = ad What is changing /etc/sssd/sssd.conf, and how?

I have made a playbook which does something like this: shell: source ~/.bashrc && some_command |awk something more become: yes become user: a_user become_method: sudo My Ansible_user that connects to the target host should not be able to sudo -i on target host, nor should it have 'Ansible_user (ALL)=ALL NOPASSWD: ALL' entry in the /etc/sudoers. I want it to be able to execute some commands as a_user (including bash builtins like source). I found in the documentation that Ansible will try to execute something like this: 1. log on as Ansible_user 2. Execute $Ansible_user sudo -u commands_from_playbook Yet, when I try to run the playbook all I get is: module_stderr: Shared connection to host_ip_here closed msg: MODULE FAILURE See stderr for the exact error No stderr is presented despite the job running as 'verbosity 3' When user is granted sudo -i and/or ALL in sudoers, the script runs as expected... What should be the /etc/sudoers entry? Probably I should use something like Ansible_user ALL = (a_user) NOPASSWD: and_something_here (/bin/bash for builtins?) Any hints?