Ansible 2.6.2 remote user working but become is not. Config issue?

When attempting to run an ansible module on a destination server (via become) the ssh connection does not appear to be doing a “sudo” to become the application-owner user. The correct remote user is being used but the remote user is not doing “sudo” to become the app-owner account. The config used and command run are described below.

I am expecting to be able to run adhoc ansible commands and playbooks on the destination server.

The destination server has 2 users. User “myapp” that owns the directories and the daemons of the application we’re attempting to control. The user “inuser” has /usr/bin/sudo setup in their nologin permitted functions and has /bin/nologin as their shell in /etc/passwd. The “inuser” user has NO OTHER commands/functions in their nologin permitted functions (and it will be difficult to get any additional commands into nologin).

On the controller server, we’re running ansible as user called “build”. The /home/build/.ansible.cfg file looks like this:

[build@ecombuild01 ~]$   echo ""; grep -v "#" ~/.ansible.cfg  | grep -v "^$  "  [defaults] inventory      = /sites/utils/local/ansible/hosts library        = /sites/utils/local/ansible/modules/ module_utils   = /sites/utils/local/ansible/module_utils/ remote_tmp     = /sites/utils/tmp/ansible local_tmp      = /sites/utils/tmp/ansible forks          = 50 poll_interval  = 3 transport      = smart module_lang    = C gathering = explicit gather_subset = virtual gather_timeout = 4 roles_path    = /sites/utils/local/ansible/roles host_key_checking = False timeout = 4 remote_user = inuser log_path = /sites/utils/local/var/log/ansible.log private_key_file = /home/build/.ssh/rsa_sudo display_skipped_hosts = False deprecation_warnings = False bin_ansible_callbacks = True nocows = 1 retry_files_enabled = False allow_world_readable_tmpfiles = True [privilege_escalation] become=True become_method=sudo become_user=myapp become_ask_pass=False [paramiko_connection] pty=False [ssh_connection] ssh_args = -q -C -o ControlMaster=auto -o ControlPersist=60s control_path_dir = /sites/utils/tmp/.ansible/sockets scp_if_ssh = smart sftp_batch_mode = True [accelerate] [selinux] [colors] [diff] context = 3 

When I attempt to run a module, I am seeing the following output:

[build@buildserver:/home/build]  ansible -m attApache ecomtest03 -a "action=status" -b --become-method=sudo --become-user=atg -vvv  ansible 2.6.2   config file = /home/build/.ansible.cfg   configured module search path = [u'/sites/utils/local/ansible/modules']   ansible python module location = /sites/utils/Python-2.7.15/lib/python2.7/site-packages/ansible   executable location = /sites/utils/bin/ansible   python version = 2.7.15 (default, Aug 14 2018, 11:48:06) [GCC 4.4.7 20120313 (Red Hat 4.4.7-18)] Using /home/build/.ansible.cfg as config file Parsed /sites/utils/local/ansible/hosts inventory source with script plugin META: ran handlers <ecomtest03> ESTABLISH SSH CONNECTION FOR USER: inuser <ecomtest03> SSH: EXEC ssh -q -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile="/home/build/.ssh/rsa_sudo"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=m06721 -o ConnectTimeout=4 -o ControlPath=/sites/utils/tmp/.ansible/sockets/0b70ddf0be ecomtest03 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /var/tmp/ansible-tmp-1554317228.92-158661897220269 `" && echo ansible-tmp-1554317228.92-158661897220269="` echo /var/tmp/ansible-tmp-1554317228.92-158661897220269 `" ) && sleep 0'"'"'' <ecomtest03> (255, '', '') ecomtest03 | UNREACHABLE! => {     "changed": false,      "msg": "Failed to connect to the host via ssh: ",      "unreachable": true }