Packer Ansible provisioner sudo password missing

Hi, i’m trying to apply a CIS hardening ansible role for the RHEL 8 AMI i’m building. Packer spins up an ec2 instance does the provisioning but i’m consistently hit with the error regarding sudo password missing while applying the CIS role. How do i handle this as i don’t have control over the ec2 instance packer is spinning up. Please suggest.

Hi @kondasankeerthreddy,

Welcome to the HashiCorp Forums!

Did you get this sorted? I would recommend you share more details so that someone can help (eg: share the packer file, the ansible role used etc).

Hi, below is the ansible role i’m trying to apply

My current packer config with Ansible provisioner looks like this:

  • hosts: default
    - vars/main.yml
    - vars/{{ cloud }}.yml
    - config
    - role: galaxy-ansible-role-lockdown-rhel8-cis
    become: yes
    ignore_errors: true

Ignore_errors flag here would skip the tasks which would require sudo password but i don’t want that to happen. I’d want the whole CIS role running successfully without having to ignore errors. Please suggest.


HI @kondasankeerthreddy,

Thank you for providing the details. This seems to be something that should be handled in Ansible and not in Packer.

I tried this Ansible role and I could get it working using the following playbook.

- hosts: default
    - name: create a random password
        password: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_lowercase', 'digits'], length=8) }}"
   - name: Set password for {{ ansible_env.SUDO_USER }}
        name: "ec2-user"
        password: "{{ password | password_hash('sha512') }}"
      become: yes

- hosts: default
    - role: RHEL8-CIS
    - name: Remove password for {{ ansible_env.SUDO_USER }}
        name: "ec2-user"
        password: "!"
  become: yes
    ansible_become_password: "{{ password }}"

This is one way to get this working. Also, note that I am removing the password in the last step. If you find this okay from a security point of view, feel free to try this out.