Cannot restart sshd-service due to lack of privileges

[kivilahtio]

Environment:
Raspbian Jessie on Raspberry PI 3+

When invoking this role with:

• hosts: toveri_JOE_ENO
  roles:
  #Configured in group_vars/all/ssh.yml
  • role: dev-sec.ssh-hardening
    become: yes
    tags: ['ssh']

Got this error when running handler "restart sshd":

Unable to restart service ssh: Failed to restart ssh.service: Access denied

This patch fixes this.

[kivilahtio]

I also realized I get this same behaviour on LXC-containers running Ubuntu 16.04, the error is a bit different:

failure 1 running systemctl show for 'ssh': Failed to connect to bus: No such file or directory

This fixes this issue:

become: yes

I don't know why the privilege escalation doesn't bubble up to the handler.

[rndmh3ro]

Hey @kivilahtio, what ansible version are you running?

This seems to be an Ansible bug: ansible/ansible#17490

I tested it in Debian 8 with Ansible 2.2.0.0 and its working for me.
I don't know if I want to add a workaround for a problem in Ansible, since its likely to be forgotten.

[kivilahtio]

Sorry. Should have mentioned it:

ansible@hephaestus:~/KSAnsible$ ansible --version
ansible 2.2.0.0
config file = /etc/ansible/ansible.cfg
configured module search path = Default w/o overrides

I wouldn't be surprised there is a Ansible bug.
There seems to be a lot of regression in Ansible.
There seems to be a lot of features too :)

Thanks for commenting!
I am fine with not pushing.

[rndmh3ro]

Thanks again. I added a section to the README, in case anyone else runs into this bug.

[rdonkin]

This is supposed to be fixed in Ansible 2.2.1.0 (ansible/ansible#17490) but I ran into it just now on that version... the workaround was to put become: yes on the play or the handler.

I've logged a new issue for the regression in 2.2.1.0: ansible/ansible#21139

Thanks for the README update on this @rndmh3ro, that was very useful!